zulip/zerver/views/message_edit.py

306 lines
12 KiB
Python

import datetime
from typing import Any, Dict, List, Optional, Set
import orjson
from django.db import IntegrityError
from django.http import HttpRequest, HttpResponse
from django.utils.timezone import now as timezone_now
from django.utils.translation import gettext as _
from zerver.decorator import REQ, has_request_variables
from zerver.lib.actions import (
do_delete_messages,
do_update_message,
get_user_info_for_message_updates,
render_incoming_message,
)
from zerver.lib.exceptions import JsonableError
from zerver.lib.html_diff import highlight_html_differences
from zerver.lib.markdown import MentionData
from zerver.lib.message import access_message, normalize_body
from zerver.lib.queue import queue_json_publish
from zerver.lib.response import json_error, json_success
from zerver.lib.streams import access_stream_by_id
from zerver.lib.timestamp import datetime_to_timestamp
from zerver.lib.topic import LEGACY_PREV_TOPIC, REQ_topic
from zerver.lib.validator import check_bool, check_string_in, to_non_negative_int
from zerver.lib.widget import is_widget_message
from zerver.models import Message, Realm, UserProfile
def fill_edit_history_entries(message_history: List[Dict[str, Any]], message: Message) -> None:
"""This fills out the message edit history entries from the database,
which are designed to have the minimum data possible, to instead
have the current topic + content as of that time, plus data on
whatever changed. This makes it much simpler to do future
processing.
Note that this mutates what is passed to it, which is sorta a bad pattern.
"""
prev_content = message.content
prev_rendered_content = message.rendered_content
prev_topic = message.topic_name()
# Make sure that the latest entry in the history corresponds to the
# message's last edit time
if len(message_history) > 0:
assert message.last_edit_time is not None
assert datetime_to_timestamp(message.last_edit_time) == message_history[0]["timestamp"]
for entry in message_history:
entry["topic"] = prev_topic
if LEGACY_PREV_TOPIC in entry:
prev_topic = entry[LEGACY_PREV_TOPIC]
entry["prev_topic"] = prev_topic
del entry[LEGACY_PREV_TOPIC]
entry["content"] = prev_content
entry["rendered_content"] = prev_rendered_content
if "prev_content" in entry:
del entry["prev_rendered_content_version"]
prev_content = entry["prev_content"]
prev_rendered_content = entry["prev_rendered_content"]
assert prev_rendered_content is not None
entry["content_html_diff"] = highlight_html_differences(
prev_rendered_content, entry["rendered_content"], message.id
)
message_history.append(
dict(
topic=prev_topic,
content=prev_content,
rendered_content=prev_rendered_content,
timestamp=datetime_to_timestamp(message.date_sent),
user_id=message.sender_id,
)
)
@has_request_variables
def get_message_edit_history(
request: HttpRequest,
user_profile: UserProfile,
message_id: int = REQ(converter=to_non_negative_int, path_only=True),
) -> HttpResponse:
if not user_profile.realm.allow_edit_history:
return json_error(_("Message edit history is disabled in this organization"))
message, ignored_user_message = access_message(user_profile, message_id)
# Extract the message edit history from the message
if message.edit_history is not None:
message_edit_history = orjson.loads(message.edit_history)
else:
message_edit_history = []
# Fill in all the extra data that will make it usable
fill_edit_history_entries(message_edit_history, message)
return json_success({"message_history": list(reversed(message_edit_history))})
PROPAGATE_MODE_VALUES = ["change_later", "change_one", "change_all"]
@has_request_variables
def update_message_backend(
request: HttpRequest,
user_profile: UserProfile,
message_id: int = REQ(converter=to_non_negative_int, path_only=True),
stream_id: Optional[int] = REQ(converter=to_non_negative_int, default=None),
topic_name: Optional[str] = REQ_topic(),
propagate_mode: Optional[str] = REQ(
default="change_one", str_validator=check_string_in(PROPAGATE_MODE_VALUES)
),
send_notification_to_old_thread: bool = REQ(default=True, json_validator=check_bool),
send_notification_to_new_thread: bool = REQ(default=True, json_validator=check_bool),
content: Optional[str] = REQ(default=None),
) -> HttpResponse:
if not user_profile.realm.allow_message_editing:
raise JsonableError(_("Your organization has turned off message editing"))
if propagate_mode != "change_one" and topic_name is None and stream_id is None:
raise JsonableError(_("Invalid propagate_mode without topic edit"))
message, ignored_user_message = access_message(user_profile, message_id)
is_no_topic_msg = message.topic_name() == "(no topic)"
# You only have permission to edit a message if:
# you change this value also change those two parameters in message_edit.js.
# 1. You sent it, OR:
# 2. This is a topic-only edit for a (no topic) message, OR:
# 3. This is a topic-only edit and you are an admin, OR:
# 4. This is a topic-only edit and your realm allows users to edit topics.
if message.sender == user_profile:
pass
elif (content is None) and (
is_no_topic_msg
or user_profile.is_realm_admin
or user_profile.realm.allow_community_topic_editing
):
pass
else:
raise JsonableError(_("You don't have permission to edit this message"))
# Right now, we prevent users from editing widgets.
if content is not None and is_widget_message(message):
return json_error(_("Widgets cannot be edited."))
# If there is a change to the content, check that it hasn't been too long
# Allow an extra 20 seconds since we potentially allow editing 15 seconds
# past the limit, and in case there are network issues, etc. The 15 comes
# from (min_seconds_to_edit + seconds_left_buffer) in message_edit.js; if
# you change this value also change those two parameters in message_edit.js.
edit_limit_buffer = 20
if content is not None and user_profile.realm.message_content_edit_limit_seconds > 0:
deadline_seconds = user_profile.realm.message_content_edit_limit_seconds + edit_limit_buffer
if (timezone_now() - message.date_sent) > datetime.timedelta(seconds=deadline_seconds):
raise JsonableError(_("The time limit for editing this message has passed"))
# If there is a change to the topic, check that the user is allowed to
# edit it and that it has not been too long. If this is not the user who
# sent the message, they are not the admin, and the time limit for editing
# topics is passed, raise an error.
if (
content is None
and message.sender != user_profile
and not user_profile.is_realm_admin
and not is_no_topic_msg
):
deadline_seconds = Realm.DEFAULT_COMMUNITY_TOPIC_EDITING_LIMIT_SECONDS + edit_limit_buffer
if (timezone_now() - message.date_sent) > datetime.timedelta(seconds=deadline_seconds):
raise JsonableError(_("The time limit for editing this message has passed"))
if topic_name is None and content is None and stream_id is None:
raise JsonableError(_("Nothing to change"))
if topic_name is not None:
topic_name = topic_name.strip()
if topic_name == "":
raise JsonableError(_("Topic can't be empty"))
rendered_content = None
links_for_embed: Set[str] = set()
prior_mention_user_ids: Set[int] = set()
mention_user_ids: Set[int] = set()
mention_data: Optional[MentionData] = None
if content is not None:
if content.rstrip() == "":
content = "(deleted)"
content = normalize_body(content)
mention_data = MentionData(
realm_id=user_profile.realm.id,
content=content,
)
user_info = get_user_info_for_message_updates(message.id)
prior_mention_user_ids = user_info["mention_user_ids"]
# We render the message using the current user's realm; since
# the cross-realm bots never edit messages, this should be
# always correct.
# Note: If rendering fails, the called code will raise a JsonableError.
rendered_content = render_incoming_message(
message,
content,
user_info["message_user_ids"],
user_profile.realm,
mention_data=mention_data,
)
links_for_embed |= message.links_for_preview
mention_user_ids = message.mentions_user_ids
new_stream = None
number_changed = 0
if stream_id is not None:
if not message.is_stream_message():
raise JsonableError(_("Message must be a stream message"))
if not user_profile.is_realm_admin:
raise JsonableError(_("You don't have permission to move this message"))
try:
access_stream_by_id(user_profile, message.recipient.type_id)
except JsonableError:
raise JsonableError(
_(
"You don't have permission to move this message due to missing access to its stream"
)
)
if content is not None:
raise JsonableError(_("Cannot change message content while changing stream"))
new_stream = access_stream_by_id(user_profile, stream_id, require_active=True)[0]
number_changed = do_update_message(
user_profile,
message,
new_stream,
topic_name,
propagate_mode,
send_notification_to_old_thread,
send_notification_to_new_thread,
content,
rendered_content,
prior_mention_user_ids,
mention_user_ids,
mention_data,
)
# Include the number of messages changed in the logs
request._log_data["extra"] = f"[{number_changed}]"
if links_for_embed:
event_data = {
"message_id": message.id,
"message_content": message.content,
# The choice of `user_profile.realm_id` rather than
# `sender.realm_id` must match the decision made in the
# `render_incoming_message` call earlier in this function.
"message_realm_id": user_profile.realm_id,
"urls": list(links_for_embed),
}
queue_json_publish("embed_links", event_data)
return json_success()
def validate_can_delete_message(user_profile: UserProfile, message: Message) -> None:
if user_profile.is_realm_admin:
# Admin can delete any message, any time.
return
if message.sender != user_profile:
# Users can only delete messages sent by them.
raise JsonableError(_("You don't have permission to delete this message"))
if not user_profile.realm.allow_message_deleting:
# User can not delete message, if message deleting is not allowed in realm.
raise JsonableError(_("You don't have permission to delete this message"))
deadline_seconds = user_profile.realm.message_content_delete_limit_seconds
if deadline_seconds == 0:
# 0 for no time limit to delete message
return
if (timezone_now() - message.date_sent) > datetime.timedelta(seconds=deadline_seconds):
# User can not delete message after deadline time of realm
raise JsonableError(_("The time limit for deleting this message has passed"))
return
@has_request_variables
def delete_message_backend(
request: HttpRequest,
user_profile: UserProfile,
message_id: int = REQ(converter=to_non_negative_int, path_only=True),
) -> HttpResponse:
message, ignored_user_message = access_message(user_profile, message_id)
validate_can_delete_message(user_profile, message)
try:
do_delete_messages(user_profile.realm, [message])
except (Message.DoesNotExist, IntegrityError):
raise JsonableError(_("Message already deleted"))
return json_success()
@has_request_variables
def json_fetch_raw_message(
request: HttpRequest,
user_profile: UserProfile,
message_id: int = REQ(converter=to_non_negative_int, path_only=True),
) -> HttpResponse:
(message, user_message) = access_message(user_profile, message_id)
return json_success({"raw_content": message.content})