Move admin views into their own directory

bookwyrm/views/admin/announcements.py

@@ -0,0 +1,98 @@
+""" make announcements """
+from django.contrib.auth.decorators import login_required, permission_required
+from django.core.paginator import Paginator
+from django.shortcuts import get_object_or_404, redirect
+from django.template.response import TemplateResponse
+from django.utils.decorators import method_decorator
+from django.views import View
+
+from bookwyrm import forms, models
+from bookwyrm.settings import PAGE_LENGTH
+
+
+# pylint: disable=no-self-use
+@method_decorator(login_required, name="dispatch")
+@method_decorator(
+    permission_required("bookwyrm.edit_instance_settings", raise_exception=True),
+    name="dispatch",
+)
+class Announcements(View):
+    """tell everyone"""
+
+    def get(self, request):
+        """view and create announcements"""
+        announcements = models.Announcement.objects
+
+        sort = request.GET.get("sort", "-created_date")
+        sort_fields = [
+            "created_date",
+            "preview",
+            "start_date",
+            "end_date",
+            "active",
+        ]
+        if sort in sort_fields + ["-{:s}".format(f) for f in sort_fields]:
+            announcements = announcements.order_by(sort)
+        data = {
+            "announcements": Paginator(announcements, PAGE_LENGTH).get_page(
+                request.GET.get("page")
+            ),
+            "form": forms.AnnouncementForm(),
+            "sort": sort,
+        }
+        return TemplateResponse(request, "settings/announcements.html", data)
+
+    def post(self, request):
+        """edit the site settings"""
+        form = forms.AnnouncementForm(request.POST)
+        if form.is_valid():
+            form.save()
+            # reset the create form
+            form = forms.AnnouncementForm()
+        data = {
+            "announcements": Paginator(
+                models.Announcement.objects.order_by("-created_date"), PAGE_LENGTH
+            ).get_page(request.GET.get("page")),
+            "form": form,
+        }
+        return TemplateResponse(request, "settings/announcements.html", data)
+
+
+@method_decorator(login_required, name="dispatch")
+@method_decorator(
+    permission_required("bookwyrm.edit_instance_settings", raise_exception=True),
+    name="dispatch",
+)
+class Announcement(View):
+    """edit an announcement"""
+
+    def get(self, request, announcement_id):
+        """view announcement"""
+        announcement = get_object_or_404(models.Announcement, id=announcement_id)
+        data = {
+            "announcement": announcement,
+            "form": forms.AnnouncementForm(instance=announcement),
+        }
+        return TemplateResponse(request, "settings/announcement.html", data)
+
+    def post(self, request, announcement_id):
+        """edit announcement"""
+        announcement = get_object_or_404(models.Announcement, id=announcement_id)
+        form = forms.AnnouncementForm(request.POST, instance=announcement)
+        if form.is_valid():
+            announcement = form.save()
+            form = forms.AnnouncementForm(instance=announcement)
+        data = {
+            "announcement": announcement,
+            "form": form,
+        }
+        return TemplateResponse(request, "settings/announcement.html", data)
+
+
+@login_required
+@permission_required("bookwyrm.edit_instance_settings", raise_exception=True)
+def delete_announcement(_, announcement_id):
+    """delete announcement"""
+    announcement = get_object_or_404(models.Announcement, id=announcement_id)
+    announcement.delete()
+    return redirect("settings-announcements")

bookwyrm/views/admin/email_blocklist.py

@@ -0,0 +1,49 @@
+""" moderation via flagged posts and users """
+from django.contrib.auth.decorators import login_required, permission_required
+from django.shortcuts import get_object_or_404, redirect
+from django.template.response import TemplateResponse
+from django.utils.decorators import method_decorator
+from django.views import View
+
+from bookwyrm import forms, models
+
+# pylint: disable=no-self-use
+@method_decorator(login_required, name="dispatch")
+@method_decorator(
+    permission_required("bookwyrm.moderate_user", raise_exception=True),
+    name="dispatch",
+)
+class EmailBlocklist(View):
+    """Block users by email address"""
+
+    def get(self, request):
+        """view and compose blocks"""
+        data = {
+            "domains": models.EmailBlocklist.objects.order_by("-created_date").all(),
+            "form": forms.EmailBlocklistForm(),
+        }
+        return TemplateResponse(request, "settings/email_blocklist.html", data)
+
+    def post(self, request, domain_id=None):
+        """create a new domain block"""
+        if domain_id:
+            return self.delete(request, domain_id)
+
+        form = forms.EmailBlocklistForm(request.POST)
+        data = {
+            "domains": models.EmailBlocklist.objects.order_by("-created_date").all(),
+            "form": form,
+        }
+        if not form.is_valid():
+            return TemplateResponse(request, "settings/email_blocklist.html", data)
+        form.save()
+
+        data["form"] = forms.EmailBlocklistForm()
+        return TemplateResponse(request, "settings/email_blocklist.html", data)
+
+    # pylint: disable=unused-argument
+    def delete(self, request, domain_id):
+        """remove a domain block"""
+        domain = get_object_or_404(models.EmailBlocklist, id=domain_id)
+        domain.delete()
+        return redirect("settings-email-blocks")

bookwyrm/views/admin/federation.py

@@ -0,0 +1,150 @@
+""" manage federated servers """
+import json
+from django.contrib.auth.decorators import login_required, permission_required
+from django.core.paginator import Paginator
+from django.db import transaction
+from django.shortcuts import get_object_or_404, redirect
+from django.template.response import TemplateResponse
+from django.utils.decorators import method_decorator
+from django.views import View
+from django.views.decorators.http import require_POST
+
+from bookwyrm import forms, models
+from bookwyrm.settings import PAGE_LENGTH
+
+
+# pylint: disable= no-self-use
+@method_decorator(login_required, name="dispatch")
+@method_decorator(
+    permission_required("bookwyrm.control_federation", raise_exception=True),
+    name="dispatch",
+)
+class Federation(View):
+    """what servers do we federate with"""
+
+    def get(self, request):
+        """list of servers"""
+        servers = models.FederatedServer.objects
+
+        sort = request.GET.get("sort")
+        sort_fields = ["created_date", "application_type", "server_name"]
+        if not sort in sort_fields + ["-{:s}".format(f) for f in sort_fields]:
+            sort = "created_date"
+        servers = servers.order_by(sort)
+
+        paginated = Paginator(servers, PAGE_LENGTH)
+
+        data = {
+            "servers": paginated.get_page(request.GET.get("page")),
+            "sort": sort,
+            "form": forms.ServerForm(),
+        }
+        return TemplateResponse(request, "settings/federation.html", data)
+
+
+class AddFederatedServer(View):
+    """manually add a server"""
+
+    def get(self, request):
+        """add server form"""
+        data = {"form": forms.ServerForm()}
+        return TemplateResponse(request, "settings/edit_server.html", data)
+
+    def post(self, request):
+        """add a server from the admin panel"""
+        form = forms.ServerForm(request.POST)
+        if not form.is_valid():
+            data = {"form": form}
+            return TemplateResponse(request, "settings/edit_server.html", data)
+        server = form.save()
+        return redirect("settings-federated-server", server.id)
+
+
+@method_decorator(login_required, name="dispatch")
+@method_decorator(
+    permission_required("bookwyrm.control_federation", raise_exception=True),
+    name="dispatch",
+)
+class ImportServerBlocklist(View):
+    """manually add a server"""
+
+    def get(self, request):
+        """add server form"""
+        return TemplateResponse(request, "settings/server_blocklist.html")
+
+    def post(self, request):
+        """add a server from the admin panel"""
+        json_data = json.load(request.FILES["json_file"])
+        failed = []
+        success_count = 0
+        for item in json_data:
+            server_name = item.get("instance")
+            if not server_name:
+                failed.append(item)
+                continue
+            info_link = item.get("url")
+
+            with transaction.atomic():
+                server, _ = models.FederatedServer.objects.get_or_create(
+                    server_name=server_name,
+                )
+                server.notes = info_link
+                server.save()
+                server.block()
+            success_count += 1
+        data = {"failed": failed, "succeeded": success_count}
+        return TemplateResponse(request, "settings/server_blocklist.html", data)
+
+
+@method_decorator(login_required, name="dispatch")
+@method_decorator(
+    permission_required("bookwyrm.control_federation", raise_exception=True),
+    name="dispatch",
+)
+class FederatedServer(View):
+    """views for handling a specific federated server"""
+
+    def get(self, request, server):
+        """load a server"""
+        server = get_object_or_404(models.FederatedServer, id=server)
+        users = server.user_set
+        data = {
+            "server": server,
+            "users": users,
+            "reports": models.Report.objects.filter(user__in=users.all()),
+            "followed_by_us": users.filter(followers__local=True),
+            "followed_by_them": users.filter(following__local=True),
+            "blocked_by_us": models.UserBlocks.objects.filter(
+                user_subject__in=users.all()
+            ),
+        }
+        return TemplateResponse(request, "settings/federated_server.html", data)
+
+    def post(self, request, server):  # pylint: disable=unused-argument
+        """update note"""
+        server = get_object_or_404(models.FederatedServer, id=server)
+        server.notes = request.POST.get("notes")
+        server.save()
+        return redirect("settings-federated-server", server.id)
+
+
+@login_required
+@require_POST
+@permission_required("bookwyrm.control_federation", raise_exception=True)
+# pylint: disable=unused-argument
+def block_server(request, server):
+    """block a server"""
+    server = get_object_or_404(models.FederatedServer, id=server)
+    server.block()
+    return redirect("settings-federated-server", server.id)
+
+
+@login_required
+@require_POST
+@permission_required("bookwyrm.control_federation", raise_exception=True)
+# pylint: disable=unused-argument
+def unblock_server(request, server):
+    """unblock a server"""
+    server = get_object_or_404(models.FederatedServer, id=server)
+    server.unblock()
+    return redirect("settings-federated-server", server.id)

bookwyrm/views/admin/invite.py

@@ -0,0 +1,187 @@
+""" invites when registration is closed """
+from functools import reduce
+import operator
+from urllib.parse import urlencode
+
+from django.contrib.auth.decorators import login_required, permission_required
+from django.core.paginator import Paginator
+from django.db.models import Q
+from django.http import HttpResponseBadRequest
+from django.shortcuts import get_object_or_404, redirect
+from django.template.response import TemplateResponse
+from django.urls import reverse
+from django.utils.decorators import method_decorator
+from django.views import View
+from django.views.decorators.http import require_POST
+
+from bookwyrm import emailing, forms, models
+from bookwyrm.settings import PAGE_LENGTH
+from bookwyrm.views import helpers
+
+
+# pylint: disable= no-self-use
+@method_decorator(login_required, name="dispatch")
+@method_decorator(
+    permission_required("bookwyrm.create_invites", raise_exception=True),
+    name="dispatch",
+)
+class ManageInvites(View):
+    """create invites"""
+
+    def get(self, request):
+        """invite management page"""
+        paginated = Paginator(
+            models.SiteInvite.objects.filter(user=request.user).order_by(
+                "-created_date"
+            ),
+            PAGE_LENGTH,
+        )
+
+        page = paginated.get_page(request.GET.get("page"))
+        data = {
+            "invites": page,
+            "page_range": paginated.get_elided_page_range(
+                page.number, on_each_side=2, on_ends=1
+            ),
+            "form": forms.CreateInviteForm(),
+        }
+        return TemplateResponse(request, "settings/manage_invites.html", data)
+
+    def post(self, request):
+        """creates an invite database entry"""
+        form = forms.CreateInviteForm(request.POST)
+        if not form.is_valid():
+            return HttpResponseBadRequest("ERRORS : %s" % (form.errors,))
+
+        invite = form.save(commit=False)
+        invite.user = request.user
+        invite.save()
+
+        paginated = Paginator(
+            models.SiteInvite.objects.filter(user=request.user).order_by(
+                "-created_date"
+            ),
+            PAGE_LENGTH,
+        )
+        data = {"invites": paginated.page(1), "form": form}
+        return TemplateResponse(request, "settings/manage_invites.html", data)
+
+
+class Invite(View):
+    """use an invite to register"""
+
+    def get(self, request, code):
+        """endpoint for using an invites"""
+        if request.user.is_authenticated:
+            return redirect("/")
+        invite = get_object_or_404(models.SiteInvite, code=code)
+
+        data = {
+            "register_form": forms.RegisterForm(),
+            "invite": invite,
+            "valid": invite.valid() if invite else True,
+        }
+        return TemplateResponse(request, "invite.html", data)
+
+    # post handling is in views.register.Register
+
+
+class ManageInviteRequests(View):
+    """grant invites like the benevolent lord you are"""
+
+    def get(self, request):
+        """view a list of requests"""
+        ignored = request.GET.get("ignored", False)
+        sort = request.GET.get("sort")
+        sort_fields = [
+            "created_date",
+            "invite__times_used",
+            "invite__invitees__created_date",
+        ]
+        if not sort in sort_fields + ["-{:s}".format(f) for f in sort_fields]:
+            sort = "-created_date"
+
+        requests = models.InviteRequest.objects.filter(ignored=ignored).order_by(sort)
+
+        status_filters = [
+            s
+            for s in request.GET.getlist("status")
+            if s in ["requested", "sent", "accepted"]
+        ]
+
+        filters = []
+        if "requested" in status_filters:
+            filters.append({"invite__isnull": True})
+        if "sent" in status_filters:
+            filters.append({"invite__isnull": False, "invite__times_used": 0})
+        if "accepted" in status_filters:
+            filters.append({"invite__isnull": False, "invite__times_used__gte": 1})
+
+        if filters:
+            requests = requests.filter(
+                reduce(operator.or_, (Q(**f) for f in filters))
+            ).distinct()
+
+        paginated = Paginator(requests, PAGE_LENGTH)
+
+        page = paginated.get_page(request.GET.get("page"))
+        data = {
+            "ignored": ignored,
+            "count": paginated.count,
+            "requests": page,
+            "page_range": paginated.get_elided_page_range(
+                page.number, on_each_side=2, on_ends=1
+            ),
+            "sort": sort,
+        }
+        return TemplateResponse(request, "settings/manage_invite_requests.html", data)
+
+    def post(self, request):
+        """send out an invite"""
+        invite_request = get_object_or_404(
+            models.InviteRequest, id=request.POST.get("invite-request")
+        )
+        # only create a new invite if one doesn't exist already (resending)
+        if not invite_request.invite:
+            invite_request.invite = models.SiteInvite.objects.create(
+                use_limit=1,
+                user=request.user,
+            )
+            invite_request.save()
+        emailing.invite_email(invite_request)
+        return redirect(
+            "{:s}?{:s}".format(
+                reverse("settings-invite-requests"), urlencode(request.GET.dict())
+            )
+        )
+
+
+class InviteRequest(View):
+    """prospective users sign up here"""
+
+    def post(self, request):
+        """create a request"""
+        form = forms.InviteRequestForm(request.POST)
+        received = False
+        if form.is_valid():
+            received = True
+            form.save()
+
+        data = {
+            "request_form": form,
+            "request_received": received,
+            "books": helpers.get_landing_books(),
+        }
+        return TemplateResponse(request, "landing/landing.html", data)
+
+
+@require_POST
+def ignore_invite_request(request):
+    """hide an invite request"""
+    invite_request = get_object_or_404(
+        models.InviteRequest, id=request.POST.get("invite-request")
+    )
+
+    invite_request.ignored = not invite_request.ignored
+    invite_request.save()
+    return redirect("settings-invite-requests")

bookwyrm/views/admin/reports.py

@@ -0,0 +1,146 @@
+""" moderation via flagged posts and users """
+from django.contrib.auth.decorators import login_required, permission_required
+from django.core.exceptions import PermissionDenied
+from django.shortcuts import get_object_or_404, redirect
+from django.template.response import TemplateResponse
+from django.utils.decorators import method_decorator
+from django.views import View
+from django.views.decorators.http import require_POST
+
+from bookwyrm import forms, models
+
+
+# pylint: disable=no-self-use
+@method_decorator(login_required, name="dispatch")
+@method_decorator(
+    permission_required("bookwyrm.moderate_user", raise_exception=True),
+    name="dispatch",
+)
+@method_decorator(
+    permission_required("bookwyrm.moderate_post", raise_exception=True),
+    name="dispatch",
+)
+class Reports(View):
+    """list of reports"""
+
+    def get(self, request):
+        """view current reports"""
+        filters = {}
+
+        resolved = request.GET.get("resolved") == "true"
+        server = request.GET.get("server")
+        if server:
+            filters["user__federated_server__server_name"] = server
+        username = request.GET.get("username")
+        if username:
+            filters["user__username__icontains"] = username
+        filters["resolved"] = resolved
+        data = {
+            "resolved": resolved,
+            "server": server,
+            "reports": models.Report.objects.filter(**filters),
+        }
+        return TemplateResponse(request, "moderation/reports.html", data)
+
+
+@method_decorator(login_required, name="dispatch")
+@method_decorator(
+    permission_required("bookwyrm.moderate_user", raise_exception=True),
+    name="dispatch",
+)
+@method_decorator(
+    permission_required("bookwyrm.moderate_post", raise_exception=True),
+    name="dispatch",
+)
+class Report(View):
+    """view a specific report"""
+
+    def get(self, request, report_id):
+        """load a report"""
+        data = {
+            "report": get_object_or_404(models.Report, id=report_id),
+        }
+        return TemplateResponse(request, "moderation/report.html", data)
+
+    def post(self, request, report_id):
+        """comment on a report"""
+        report = get_object_or_404(models.Report, id=report_id)
+        models.ReportComment.objects.create(
+            user=request.user,
+            report=report,
+            note=request.POST.get("note"),
+        )
+        return redirect("settings-report", report.id)
+
+
+@login_required
+@permission_required("bookwyrm_moderate_user")
+def suspend_user(_, user_id):
+    """mark an account as inactive"""
+    user = get_object_or_404(models.User, id=user_id)
+    user.is_active = False
+    user.deactivation_reason = "moderator_suspension"
+    # this isn't a full deletion, so we don't want to tell the world
+    user.save(broadcast=False)
+    return redirect("settings-user", user.id)
+
+
+@login_required
+@permission_required("bookwyrm_moderate_user")
+def unsuspend_user(_, user_id):
+    """mark an account as inactive"""
+    user = get_object_or_404(models.User, id=user_id)
+    user.is_active = True
+    user.deactivation_reason = None
+    # this isn't a full deletion, so we don't want to tell the world
+    user.save(broadcast=False)
+    return redirect("settings-user", user.id)
+
+
+@login_required
+@permission_required("bookwyrm_moderate_user")
+def moderator_delete_user(request, user_id):
+    """permanently delete a user"""
+    user = get_object_or_404(models.User, id=user_id)
+
+    # we can't delete users on other instances
+    if not user.local:
+        raise PermissionDenied
+
+    form = forms.DeleteUserForm(request.POST, instance=user)
+
+    moderator = models.User.objects.get(id=request.user.id)
+    # check the moderator's password
+    if form.is_valid() and moderator.check_password(form.cleaned_data["password"]):
+        user.deactivation_reason = "moderator_deletion"
+        user.delete()
+        return redirect("settings-user", user.id)
+
+    form.errors["password"] = ["Invalid password"]
+
+    data = {"user": user, "group_form": forms.UserGroupForm(), "form": form}
+    return TemplateResponse(request, "user_admin/user.html", data)
+
+
+@login_required
+@permission_required("bookwyrm_moderate_post")
+def resolve_report(_, report_id):
+    """mark a report as (un)resolved"""
+    report = get_object_or_404(models.Report, id=report_id)
+    report.resolved = not report.resolved
+    report.save()
+    if not report.resolved:
+        return redirect("settings-report", report.id)
+    return redirect("settings-reports")
+
+
+@login_required
+@require_POST
+def make_report(request):
+    """a user reports something"""
+    form = forms.ReportForm(request.POST)
+    if not form.is_valid():
+        raise ValueError(form.errors)
+
+    form.save()
+    return redirect(request.headers.get("Referer", "/"))

bookwyrm/views/admin/site.py

@@ -0,0 +1,51 @@
+""" manage site settings """
+from django.contrib.auth.decorators import login_required, permission_required
+from django.shortcuts import redirect
+from django.template.response import TemplateResponse
+from django.utils.decorators import method_decorator
+from django.views import View
+
+from bookwyrm import emailing, forms, models
+
+
+# pylint: disable= no-self-use
+@method_decorator(login_required, name="dispatch")
+@method_decorator(
+    permission_required("bookwyrm.edit_instance_settings", raise_exception=True),
+    name="dispatch",
+)
+class Site(View):
+    """manage things like the instance name"""
+
+    def get(self, request):
+        """edit form"""
+        site = models.SiteSettings.objects.get()
+        data = {"site_form": forms.SiteForm(instance=site)}
+        return TemplateResponse(request, "settings/site.html", data)
+
+    def post(self, request):
+        """edit the site settings"""
+        site = models.SiteSettings.objects.get()
+        form = forms.SiteForm(request.POST, request.FILES, instance=site)
+        if not form.is_valid():
+            data = {"site_form": form}
+            return TemplateResponse(request, "settings/site.html", data)
+        form.save()
+
+        return redirect("settings-site")
+
+
+@login_required
+@permission_required("bookwyrm.edit_instance_settings", raise_exception=True)
+def email_preview(request):
+    """for development, renders and example email template"""
+    template = request.GET.get("email")
+    data = emailing.email_data()
+    data["subject_path"] = "email/{}/subject.html".format(template)
+    data["html_content_path"] = "email/{}/html_content.html".format(template)
+    data["text_content_path"] = "email/{}/text_content.html".format(template)
+    data["reset_link"] = "https://example.com/link"
+    data["invite_link"] = "https://example.com/link"
+    data["confirmation_link"] = "https://example.com/link"
+    data["confirmation_code"] = "AKJHKDGKJSDFG"
+    return TemplateResponse(request, "email/preview.html", data)

bookwyrm/views/admin/user_admin.py

@@ -0,0 +1,83 @@
+""" manage user """
+from django.contrib.auth.decorators import login_required, permission_required
+from django.core.paginator import Paginator
+from django.shortcuts import get_object_or_404
+from django.template.response import TemplateResponse
+from django.utils.decorators import method_decorator
+from django.views import View
+
+from bookwyrm import forms, models
+from bookwyrm.settings import PAGE_LENGTH
+
+
+# pylint: disable= no-self-use
+@method_decorator(login_required, name="dispatch")
+@method_decorator(
+    permission_required("bookwyrm.moderate_user", raise_exception=True),
+    name="dispatch",
+)
+class UserAdminList(View):
+    """admin view of users on this server"""
+
+    def get(self, request):
+        """list of users"""
+        filters = {}
+        server = request.GET.get("server")
+        if server:
+            server = models.FederatedServer.objects.filter(server_name=server).first()
+            filters["federated_server"] = server
+            filters["federated_server__isnull"] = False
+        username = request.GET.get("username")
+        if username:
+            filters["username__icontains"] = username
+        scope = request.GET.get("scope")
+        if scope and scope == "local":
+            filters["local"] = True
+        email = request.GET.get("email")
+        if email:
+            filters["email__endswith"] = email
+
+        users = models.User.objects.filter(**filters)
+
+        sort = request.GET.get("sort", "-created_date")
+        sort_fields = [
+            "created_date",
+            "last_active_date",
+            "username",
+            "federated_server__server_name",
+            "is_active",
+        ]
+        if sort in sort_fields + ["-{:s}".format(f) for f in sort_fields]:
+            users = users.order_by(sort)
+
+        paginated = Paginator(users, PAGE_LENGTH)
+        data = {
+            "users": paginated.get_page(request.GET.get("page")),
+            "sort": sort,
+            "server": server,
+        }
+        return TemplateResponse(request, "user_admin/user_admin.html", data)
+
+
+@method_decorator(login_required, name="dispatch")
+@method_decorator(
+    permission_required("bookwyrm.moderate_users", raise_exception=True),
+    name="dispatch",
+)
+class UserAdmin(View):
+    """moderate an individual user"""
+
+    def get(self, request, user):
+        """user view"""
+        user = get_object_or_404(models.User, id=user)
+        data = {"user": user, "group_form": forms.UserGroupForm()}
+        return TemplateResponse(request, "user_admin/user.html", data)
+
+    def post(self, request, user):
+        """update user group"""
+        user = get_object_or_404(models.User, id=user)
+        form = forms.UserGroupForm(request.POST, instance=user)
+        if form.is_valid():
+            form.save()
+        data = {"user": user, "group_form": form}
+        return TemplateResponse(request, "user_admin/user.html", data)