OnlineJudge/account/views/admin.py

import os
import re
import xlsxwriter

from django.db import transaction, IntegrityError
from django.db.models import Q
from django.http import HttpResponse
from django.contrib.auth.hashers import make_password

from submission.models import Submission
from utils.api import APIView, validate_serializer
from utils.shortcuts import rand_str

from ..decorators import super_admin_required
from ..models import AdminType, ProblemPermission, User, UserProfile
from ..serializers import EditUserSerializer, UserAdminSerializer, GenerateUserSerializer
from ..serializers import ImportUserSeralizer


class UserAdminAPI(APIView):
    @validate_serializer(ImportUserSeralizer)
    @super_admin_required
    def post(self, request):
        """
        Import User
        """
        data = request.data["users"]

        user_list = []
        for user_data in data:
            if len(user_data) != 3 or len(user_data[0]) > 32:
                return self.error(f"Error occurred while processing data '{user_data}'")
            user_list.append(User(username=user_data[0], password=make_password(user_data[1]), email=user_data[2]))

        try:
            with transaction.atomic():
                ret = User.objects.bulk_create(user_list)
                UserProfile.objects.bulk_create([UserProfile(user=user) for user in ret])
            return self.success()
        except IntegrityError as e:
            # Extract detail from exception message
            #    duplicate key value violates unique constraint "user_username_key"
            #    DETAIL:  Key (username)=(root11) already exists.
            return self.error(str(e).split("\n")[1])

    @validate_serializer(EditUserSerializer)
    @super_admin_required
    def put(self, request):
        """
        Edit user api
        """
        data = request.data
        try:
            user = User.objects.get(id=data["id"])
        except User.DoesNotExist:
            return self.error("User does not exist")
        if User.objects.filter(username=data["username"]).exclude(id=user.id).exists():
            return self.error("Username already exists")
        if User.objects.filter(email=data["email"].lower()).exclude(id=user.id).exists():
            return self.error("Email already exists")

        pre_username = user.username
        user.username = data["username"]
        user.email = data["email"]
        user.admin_type = data["admin_type"]
        user.is_disabled = data["is_disabled"]

        if data["admin_type"] == AdminType.ADMIN:
            user.problem_permission = data["problem_permission"]
        elif data["admin_type"] == AdminType.SUPER_ADMIN:
            user.problem_permission = ProblemPermission.ALL
        else:
            user.problem_permission = ProblemPermission.NONE

        if data["password"]:
            user.set_password(data["password"])

        if data["open_api"]:
            # Avoid reset user appkey after saving changes
            if not user.open_api:
                user.open_api_appkey = rand_str()
        else:
            user.open_api_appkey = None
        user.open_api = data["open_api"]

        if data["two_factor_auth"]:
            # Avoid reset user tfa_token after saving changes
            if not user.two_factor_auth:
                user.tfa_token = rand_str()
        else:
            user.tfa_token = None

        user.two_factor_auth = data["two_factor_auth"]

        user.save()
        if pre_username != user.username:
            Submission.objects.filter(username=pre_username).update(username=user.username)

        UserProfile.objects.filter(user=user).update(real_name=data["real_name"])
        return self.success(UserAdminSerializer(user).data)

    @super_admin_required
    def get(self, request):
        """
        User list api / Get user by id
        """
        user_id = request.GET.get("id")
        if user_id:
            try:
                user = User.objects.get(id=user_id)
            except User.DoesNotExist:
                return self.error("User does not exist")
            return self.success(UserAdminSerializer(user).data)

        user = User.objects.all().order_by("-create_time")

        keyword = request.GET.get("keyword", None)
        if keyword:
            user = user.filter(Q(username__icontains=keyword) |
                               Q(userprofile__real_name__icontains=keyword) |
                               Q(email__icontains=keyword))
        return self.success(self.paginate_data(request, user, UserAdminSerializer))

    def delete_one(self, user_id):
        try:
            user = User.objects.get(id=user_id)
        except User.DoesNotExist:
            return f"User {user_id} does not exist"
        if Submission.objects.filter(user_id=user_id).exists():
            return f"Can't delete the user {user_id} as he/she has submissions"
        user.delete()

    @super_admin_required
    def delete(self, request):
        id = request.GET.get("id")
        if not id:
            return self.error("Invalid Parameter, id is required")
        for user_id in id.split(","):
            if user_id:
                error = self.delete_one(user_id)
                if error:
                    return self.error(error)
        return self.success()


class GenerateUserAPI(APIView):
    @super_admin_required
    def get(self, request):
        """
        download users excel
        """
        file_id = request.GET.get("file_id")
        if not file_id:
            return self.error("Invalid Parameter, file_id is required")
        if not re.match(r"^[a-zA-Z0-9]+$", file_id):
            return self.error("Illegal file_id")
        file_path = f"/tmp/{file_id}.xlsx"
        if not os.path.isfile(file_path):
            return self.error("File does not exist")
        with open(file_path, "rb") as f:
            raw_data = f.read()
        os.remove(file_path)
        response = HttpResponse(raw_data)
        response["Content-Disposition"] = f"attachment; filename=users.xlsx"
        response["Content-Type"] = "application/xlsx"
        return response

    @validate_serializer(GenerateUserSerializer)
    @super_admin_required
    def post(self, request):
        """
        Generate User
        """
        data = request.data
        number_max_length = max(len(str(data["number_from"])), len(str(data["number_to"])))
        if number_max_length + len(data["prefix"]) + len(data["suffix"]) > 32:
            return self.error("Username should not more than 32 characters")
        if data["number_from"] > data["number_to"]:
            return self.error("Start number must be lower than end number")

        file_id = rand_str(8)
        filename = f"/tmp/{file_id}.xlsx"
        workbook = xlsxwriter.Workbook(filename)
        worksheet = workbook.add_worksheet()
        worksheet.set_column("A:B", 20)
        worksheet.write("A1", "Username")
        worksheet.write("B1", "Password")
        i = 1

        user_list = []
        for number in range(data["number_from"], data["number_to"] + 1):
            raw_password = rand_str(data["password_length"])
            user = User(username=f"{data['prefix']}{number}{data['suffix']}", password=make_password(raw_password))
            user.raw_password = raw_password
            user_list.append(user)

        try:
            with transaction.atomic():

                ret = User.objects.bulk_create(user_list)
                UserProfile.objects.bulk_create([UserProfile(user=user) for user in ret])
                for item in user_list:
                    worksheet.write_string(i, 0, item.username)
                    worksheet.write_string(i, 1, item.raw_password)
                    i += 1
                workbook.close()
                return self.success({"file_id": file_id})
        except IntegrityError as e:
            # Extract detail from exception message
            #    duplicate key value violates unique constraint "user_username_key"
            #    DETAIL:  Key (username)=(root11) already exists.
            return self.error(str(e).split("\n")[1])
add generate user api 2017-11-18 00:07:03 +00:00			`import os`
			`import re`
			`import xlsxwriter`
use bulk_create and transcation for importing user 2017-11-24 14:26:56 +00:00
			`from django.db import transaction, IntegrityError`
重构 2016-09-25 06:07:45 +00:00			`from django.db.models import Q`
add generate user api 2017-11-18 00:07:03 +00:00			`from django.http import HttpResponse`
use bulk_create and transcation for importing user 2017-11-24 14:26:56 +00:00			`from django.contrib.auth.hashers import make_password`
重构 2016-09-25 06:07:45 +00:00
admin修改username后update submissions； problem id refresh api 2017-11-08 13:56:39 +00:00			`from submission.models import Submission`
使用Python3和更科学的API写法 2016-11-19 04:32:23 +00:00			`from utils.api import APIView, validate_serializer`
			`from utils.shortcuts import rand_str`

重构 2016-09-25 06:07:45 +00:00			`from ..decorators import super_admin_required`
add generate user api 2017-11-18 00:07:03 +00:00			`from ..models import AdminType, ProblemPermission, User, UserProfile`
调整UserSerializer 2017-11-30 03:35:48 +00:00			`from ..serializers import EditUserSerializer, UserAdminSerializer, GenerateUserSerializer`
import users api 2017-11-22 12:06:16 +00:00			`from ..serializers import ImportUserSeralizer`
重构 2016-09-25 06:07:45 +00:00

统一APIView的名字 2016-11-19 04:37:27 +00:00			`class UserAdminAPI(APIView):`
import users api 2017-11-22 12:06:16 +00:00			`@validate_serializer(ImportUserSeralizer)`
			`@super_admin_required`
			`def post(self, request):`
use bulk_create and transcation for importing user 2017-11-24 14:26:56 +00:00			`"""`
完善contest和announcement单元测试 2017-11-28 08:20:29 +00:00			`Import User`
use bulk_create and transcation for importing user 2017-11-24 14:26:56 +00:00			`"""`
import users api 2017-11-22 12:06:16 +00:00			`data = request.data["users"]`
use bulk_create and transcation for importing user 2017-11-24 14:26:56 +00:00
			`user_list = []`
import users api 2017-11-22 12:06:16 +00:00			`for user_data in data:`
submission exists api 2017-11-23 11:11:12 +00:00			`if len(user_data) != 3 or len(user_data[0]) > 32:`
use bulk_create and transcation for importing user 2017-11-24 14:26:56 +00:00			`return self.error(f"Error occurred while processing data '{user_data}'")`
			`user_list.append(User(username=user_data[0], password=make_password(user_data[1]), email=user_data[2]))`

			`try:`
			`with transaction.atomic():`
			`ret = User.objects.bulk_create(user_list)`
			`UserProfile.objects.bulk_create([UserProfile(user=user) for user in ret])`
			`return self.success()`
			`except IntegrityError as e:`
			`# Extract detail from exception message`
			`# duplicate key value violates unique constraint "user_username_key"`
			`# DETAIL: Key (username)=(root11) already exists.`
			`return self.error(str(e).split("\n")[1])`
import users api 2017-11-22 12:06:16 +00:00
使用Python3和更科学的API写法 2016-11-19 04:32:23 +00:00			`@validate_serializer(EditUserSerializer)`
重构 2016-09-25 06:07:45 +00:00			`@super_admin_required`
			`def put(self, request):`
			`"""`
			`Edit user api`
			`"""`
使用Python3和更科学的API写法 2016-11-19 04:32:23 +00:00			`data = request.data`
			`try:`
			`user = User.objects.get(id=data["id"])`
			`except User.DoesNotExist:`
remove i18n 2017-04-18 18:03:48 +00:00			`return self.error("User does not exist")`
修复test_case排序问题 2017-11-06 13:45:52 +00:00			`if User.objects.filter(username=data["username"]).exclude(id=user.id).exists():`
			`return self.error("Username already exists")`
			`if User.objects.filter(email=data["email"].lower()).exclude(id=user.id).exists():`
remove i18n 2017-04-18 18:03:48 +00:00			`return self.error("Email already exists")`
重构 2016-09-25 06:07:45 +00:00
admin修改username后update submissions； problem id refresh api 2017-11-08 13:56:39 +00:00			`pre_username = user.username`
使用Python3和更科学的API写法 2016-11-19 04:32:23 +00:00			`user.username = data["username"]`
			`user.email = data["email"]`
			`user.admin_type = data["admin_type"]`
			`user.is_disabled = data["is_disabled"]`
重构 2016-09-25 06:07:45 +00:00
add user problem permission 2017-02-10 02:38:32 +00:00			`if data["admin_type"] == AdminType.ADMIN:`
			`user.problem_permission = data["problem_permission"]`
			`elif data["admin_type"] == AdminType.SUPER_ADMIN:`
			`user.problem_permission = ProblemPermission.ALL`
			`else:`
			`user.problem_permission = ProblemPermission.NONE`

使用Python3和更科学的API写法 2016-11-19 04:32:23 +00:00			`if data["password"]:`
			`user.set_password(data["password"])`
重构 2016-09-25 06:07:45 +00:00
使用Python3和更科学的API写法 2016-11-19 04:32:23 +00:00			`if data["open_api"]:`
			`# Avoid reset user appkey after saving changes`
			`if not user.open_api:`
			`user.open_api_appkey = rand_str()`
			`else:`
			`user.open_api_appkey = None`
			`user.open_api = data["open_api"]`
重构 2016-09-25 06:07:45 +00:00
使用Python3和更科学的API写法 2016-11-19 04:32:23 +00:00			`if data["two_factor_auth"]:`
			`# Avoid reset user tfa_token after saving changes`
			`if not user.two_factor_auth:`
			`user.tfa_token = rand_str()`
重构 2016-09-25 06:07:45 +00:00			`else:`
使用Python3和更科学的API写法 2016-11-19 04:32:23 +00:00			`user.tfa_token = None`
add user problem permission 2017-02-10 02:38:32 +00:00
使用Python3和更科学的API写法 2016-11-19 04:32:23 +00:00			`user.two_factor_auth = data["two_factor_auth"]`

			`user.save()`
admin修改username后update submissions； problem id refresh api 2017-11-08 13:56:39 +00:00			`if pre_username != user.username:`
			`Submission.objects.filter(username=pre_username).update(username=user.username)`
fix admin update user real_name problem 2017-12-10 01:58:08 +00:00
			`UserProfile.objects.filter(user=user).update(real_name=data["real_name"])`
调整UserSerializer 2017-11-30 03:35:48 +00:00			`return self.success(UserAdminSerializer(user).data)`
重构 2016-09-25 06:07:45 +00:00
			`@super_admin_required`
			`def get(self, request):`
			`"""`
			`User list api / Get user by id`
			`"""`
refine var name 2017-01-24 15:56:18 +00:00			`user_id = request.GET.get("id")`
重构 2016-09-25 06:07:45 +00:00			`if user_id:`
			`try:`
			`user = User.objects.get(id=user_id)`
			`except User.DoesNotExist:`
remove i18n 2017-04-18 18:03:48 +00:00			`return self.error("User does not exist")`
调整UserSerializer 2017-11-30 03:35:48 +00:00			`return self.success(UserAdminSerializer(user).data)`
重构 2016-09-25 06:07:45 +00:00
			`user = User.objects.all().order_by("-create_time")`

			`keyword = request.GET.get("keyword", None)`
			`if keyword:`
添加SPJ编译API 2017-11-16 14:12:17 +00:00			`user = user.filter(Q(username__icontains=keyword) \|`
			`Q(userprofile__real_name__icontains=keyword) \|`
			`Q(email__icontains=keyword))`
调整UserSerializer 2017-11-30 03:35:48 +00:00			`return self.success(self.paginate_data(request, user, UserAdminSerializer))`
add generate user api 2017-11-18 00:07:03 +00:00
			`def delete_one(self, user_id):`
			`try:`
			`user = User.objects.get(id=user_id)`
			`except User.DoesNotExist:`
			`return f"User {user_id} does not exist"`
修复误删用户问题 2017-11-23 14:00:58 +00:00			`if Submission.objects.filter(user_id=user_id).exists():`
add generate user api 2017-11-18 00:07:03 +00:00			`return f"Can't delete the user {user_id} as he/she has submissions"`
			`user.delete()`

			`@super_admin_required`
			`def delete(self, request):`
			`id = request.GET.get("id")`
			`if not id:`
补全account测试 2017-11-23 13:12:37 +00:00			`return self.error("Invalid Parameter, id is required")`
add generate user api 2017-11-18 00:07:03 +00:00			`for user_id in id.split(","):`
			`if user_id:`
			`error = self.delete_one(user_id)`
			`if error:`
			`return self.error(error)`
			`return self.success()`


			`class GenerateUserAPI(APIView):`
			`@super_admin_required`
			`def get(self, request):`
			`"""`
			`download users excel`
			`"""`
			`file_id = request.GET.get("file_id")`
			`if not file_id:`
			`return self.error("Invalid Parameter, file_id is required")`
fix directory traversal 2017-11-24 15:29:40 +00:00			`if not re.match(r"^[a-zA-Z0-9]+$", file_id):`
add generate user api 2017-11-18 00:07:03 +00:00			`return self.error("Illegal file_id")`
			`file_path = f"/tmp/{file_id}.xlsx"`
			`if not os.path.isfile(file_path):`
			`return self.error("File does not exist")`
			`with open(file_path, "rb") as f:`
			`raw_data = f.read()`
			`os.remove(file_path)`
			`response = HttpResponse(raw_data)`
			`response["Content-Disposition"] = f"attachment; filename=users.xlsx"`
			`response["Content-Type"] = "application/xlsx"`
			`return response`

			`@validate_serializer(GenerateUserSerializer)`
			`@super_admin_required`
			`def post(self, request):`
完善contest和announcement单元测试 2017-11-28 08:20:29 +00:00			`"""`
			`Generate User`
			`"""`
add generate user api 2017-11-18 00:07:03 +00:00			`data = request.data`
			`number_max_length = max(len(str(data["number_from"])), len(str(data["number_to"])))`
			`if number_max_length + len(data["prefix"]) + len(data["suffix"]) > 32:`
			`return self.error("Username should not more than 32 characters")`
submission exists api 2017-11-23 11:11:12 +00:00			`if data["number_from"] > data["number_to"]:`
add generate user api 2017-11-18 00:07:03 +00:00			`return self.error("Start number must be lower than end number")`

			`file_id = rand_str(8)`
			`filename = f"/tmp/{file_id}.xlsx"`
			`workbook = xlsxwriter.Workbook(filename)`
			`worksheet = workbook.add_worksheet()`
			`worksheet.set_column("A:B", 20)`
			`worksheet.write("A1", "Username")`
			`worksheet.write("B1", "Password")`
			`i = 1`
use bulk_create and transaction for user generator 2017-11-24 15:30:17 +00:00
			`user_list = []`
add generate user api 2017-11-18 00:07:03 +00:00			`for number in range(data["number_from"], data["number_to"] + 1):`
use bulk_create and transaction for user generator 2017-11-24 15:30:17 +00:00			`raw_password = rand_str(data["password_length"])`
			`user = User(username=f"{data['prefix']}{number}{data['suffix']}", password=make_password(raw_password))`
			`user.raw_password = raw_password`
			`user_list.append(user)`

			`try:`
			`with transaction.atomic():`

			`ret = User.objects.bulk_create(user_list)`
			`UserProfile.objects.bulk_create([UserProfile(user=user) for user in ret])`
			`for item in user_list:`
			`worksheet.write_string(i, 0, item.username)`
			`worksheet.write_string(i, 1, item.raw_password)`
			`i += 1`
			`workbook.close()`
			`return self.success({"file_id": file_id})`
			`except IntegrityError as e:`
			`# Extract detail from exception message`
			`# duplicate key value violates unique constraint "user_username_key"`
			`# DETAIL: Key (username)=(root11) already exists.`
			`return self.error(str(e).split("\n")[1])`