2023-08-02 12:26:45 +01:00
|
|
|
import datetime
|
2022-06-03 08:09:47 -06:00
|
|
|
import logging
|
Improve user permissions query (#3291)
The query for checking a user permission (used to get users from a Slack
usergroup, for example) is timing out (and generating retries, besides
affecting some use cases:
[logs](https://ops.grafana-ops.net/explore?panes=%7B%22FCQ%22:%7B%22datasource%22:%22c-R8UWvVk%22,%22queries%22:%5B%7B%22refId%22:%22A%22,%22expr%22:%22%7Bnamespace%3D%5C%22amixr-prod%5C%22,%20cluster%3D%5C%22prod-us-central-0%5C%22%7D%20%7C%3D%20%5C%22Timeout%20exceeded%20in%20regular%20expression%20match.%5C%22%22,%22queryType%22:%22range%22,%22datasource%22:%7B%22type%22:%22loki%22,%22uid%22:%22c-R8UWvVk%22%7D,%22editorMode%22:%22code%22%7D%5D,%22range%22:%7B%22from%22:%22now-6h%22,%22to%22:%22now%22%7D%7D%7D&schemaVersion=1&orgId=1)):
`django.db.utils.OperationalError: (3699, 'Timeout exceeded in regular
expression match.')`
Change to a `contains` query except for SQLite (not supported), where a
simplified version of the original regex query is used.
2023-11-07 13:58:16 -03:00
|
|
|
import re
|
2022-11-29 09:41:56 +01:00
|
|
|
import typing
|
2022-11-28 15:52:31 +00:00
|
|
|
from urllib.parse import urljoin
|
2022-06-03 08:09:47 -06:00
|
|
|
|
2023-08-02 12:26:45 +01:00
|
|
|
import pytz
|
2022-06-03 08:09:47 -06:00
|
|
|
from django.conf import settings
|
2024-04-02 14:59:03 -04:00
|
|
|
from django.core.exceptions import ObjectDoesNotExist
|
2022-06-03 08:09:47 -06:00
|
|
|
from django.core.validators import MinLengthValidator
|
2024-07-05 15:08:17 -04:00
|
|
|
from django.db import models
|
2023-03-22 00:57:20 +08:00
|
|
|
from django.db.models import Q
|
2022-06-03 08:09:47 -06:00
|
|
|
from django.db.models.signals import post_save
|
|
|
|
|
from django.dispatch import receiver
|
|
|
|
|
from emoji import demojize
|
|
|
|
|
|
2022-11-29 09:41:56 +01:00
|
|
|
from apps.api.permissions import (
|
2024-10-10 15:02:21 -04:00
|
|
|
GrafanaAPIPermissions,
|
2022-11-29 09:41:56 +01:00
|
|
|
LegacyAccessControlCompatiblePermission,
|
|
|
|
|
LegacyAccessControlRole,
|
|
|
|
|
RBACPermission,
|
2024-10-10 15:02:21 -04:00
|
|
|
convert_oncall_permission_to_irm,
|
2022-11-29 09:41:56 +01:00
|
|
|
user_is_authorized,
|
|
|
|
|
)
|
2024-08-14 18:02:34 -04:00
|
|
|
from apps.google import utils as google_utils
|
2024-04-02 14:59:03 -04:00
|
|
|
from apps.google.models import GoogleOAuth2User
|
2022-06-03 08:09:47 -06:00
|
|
|
from apps.schedules.tasks import drop_cached_ical_for_custom_events_for_organization
|
2024-04-02 14:59:03 -04:00
|
|
|
from apps.user_management.types import AlertGroupTableColumn, GoogleCalendarSettings
|
2022-06-03 08:09:47 -06:00
|
|
|
from common.public_primary_keys import generate_public_primary_key, increase_public_primary_key_length
|
|
|
|
|
|
2023-06-29 16:01:52 +02:00
|
|
|
if typing.TYPE_CHECKING:
|
|
|
|
|
from django.db.models.manager import RelatedManager
|
|
|
|
|
|
2023-07-28 17:11:38 +02:00
|
|
|
from apps.alerts.models import AlertGroup, EscalationPolicy
|
2023-06-29 16:01:52 +02:00
|
|
|
from apps.auth_token.models import ApiAuthToken, ScheduleExportAuthToken, UserScheduleExportAuthToken
|
2024-07-09 11:23:53 -04:00
|
|
|
from apps.base.models import UserNotificationPolicy, UserNotificationPolicyLogRecord
|
2023-07-28 17:11:38 +02:00
|
|
|
from apps.slack.models import SlackUserIdentity
|
2024-04-02 14:59:03 -04:00
|
|
|
from apps.social_auth.types import GoogleOauth2Response
|
2023-07-28 17:11:38 +02:00
|
|
|
from apps.user_management.models import Organization, Team
|
2023-06-29 16:01:52 +02:00
|
|
|
|
2022-06-03 08:09:47 -06:00
|
|
|
logger = logging.getLogger(__name__)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def generate_public_primary_key_for_user():
|
|
|
|
|
prefix = "U"
|
|
|
|
|
new_public_primary_key = generate_public_primary_key(prefix)
|
|
|
|
|
|
|
|
|
|
failure_counter = 0
|
|
|
|
|
while User.objects.filter(public_primary_key=new_public_primary_key).exists():
|
|
|
|
|
new_public_primary_key = increase_public_primary_key_length(
|
|
|
|
|
failure_counter=failure_counter, prefix=prefix, model_name="User"
|
|
|
|
|
)
|
|
|
|
|
failure_counter += 1
|
|
|
|
|
|
|
|
|
|
return new_public_primary_key
|
|
|
|
|
|
|
|
|
|
|
2022-07-11 13:16:56 +01:00
|
|
|
def default_working_hours():
|
|
|
|
|
weekdays = ["monday", "tuesday", "wednesday", "thursday", "friday"]
|
|
|
|
|
weekends = ["saturday", "sunday"]
|
|
|
|
|
|
|
|
|
|
working_hours = {day: [{"start": "09:00:00", "end": "17:00:00"}] for day in weekdays}
|
|
|
|
|
working_hours |= {day: [] for day in weekends}
|
|
|
|
|
|
|
|
|
|
return working_hours
|
|
|
|
|
|
|
|
|
|
|
2023-08-03 11:43:03 +02:00
|
|
|
class UserManager(models.Manager["User"]):
|
2024-07-31 13:12:56 -03:00
|
|
|
pass
|
2022-06-03 08:09:47 -06:00
|
|
|
|
|
|
|
|
|
|
|
|
|
class UserQuerySet(models.QuerySet):
|
|
|
|
|
def filter(self, *args, **kwargs):
|
|
|
|
|
return super().filter(*args, **kwargs, is_active=True)
|
|
|
|
|
|
|
|
|
|
def filter_with_deleted(self, *args, **kwargs):
|
|
|
|
|
return super().filter(*args, **kwargs)
|
|
|
|
|
|
2024-10-10 15:02:21 -04:00
|
|
|
def filter_by_permission(
|
|
|
|
|
self, permission: LegacyAccessControlCompatiblePermission, organization: "Organization", *args, **kwargs
|
|
|
|
|
):
|
|
|
|
|
"""
|
|
|
|
|
This method builds a filter query that is compatible with RBAC as well as legacy "basic" role based
|
|
|
|
|
authorization. If a permission is provided we simply do a regex search where the permission column
|
|
|
|
|
contains the permission value (need to use regex because the JSON contains method is not supported by sqlite).
|
|
|
|
|
|
|
|
|
|
Additionally, if `organization.is_grafana_irm_enabled` is True, we convert the permission to the IRM version
|
|
|
|
|
when filtering.
|
|
|
|
|
|
|
|
|
|
Lastly, if RBAC is not supported for the org, we make the assumption that we are looking for any users with AT
|
|
|
|
|
LEAST the fallback role. Ex: if the fallback role were editor than we would get editors and admins.
|
|
|
|
|
"""
|
|
|
|
|
if organization.is_rbac_permissions_enabled:
|
|
|
|
|
permission_value = (
|
|
|
|
|
convert_oncall_permission_to_irm(permission)
|
|
|
|
|
if organization.is_grafana_irm_enabled
|
|
|
|
|
else permission.value
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
# https://stackoverflow.com/a/50251879
|
|
|
|
|
if settings.DATABASE_TYPE == settings.DATABASE_TYPES.SQLITE3:
|
|
|
|
|
# contains is not supported on sqlite
|
|
|
|
|
# https://docs.djangoproject.com/en/4.2/topics/db/queries/#contains
|
|
|
|
|
query = Q(permissions__regex=re.escape(permission_value))
|
|
|
|
|
else:
|
|
|
|
|
query = Q(permissions__contains=GrafanaAPIPermissions.construct_permissions([permission_value]))
|
|
|
|
|
else:
|
|
|
|
|
query = Q(role__lte=permission.fallback_role.value)
|
|
|
|
|
|
|
|
|
|
return self.filter(
|
|
|
|
|
query,
|
|
|
|
|
*args,
|
|
|
|
|
**kwargs,
|
|
|
|
|
organization=organization,
|
|
|
|
|
)
|
|
|
|
|
|
2022-06-03 08:09:47 -06:00
|
|
|
def delete(self):
|
|
|
|
|
# is_active = None is used to be able to have multiple deleted users with the same user_id
|
|
|
|
|
return super().update(is_active=None)
|
|
|
|
|
|
|
|
|
|
def hard_delete(self):
|
|
|
|
|
return super().delete()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class User(models.Model):
|
2023-07-28 17:11:38 +02:00
|
|
|
acknowledged_alert_groups: "RelatedManager['AlertGroup']"
|
2023-06-29 16:01:52 +02:00
|
|
|
auth_tokens: "RelatedManager['ApiAuthToken']"
|
2023-07-28 17:11:38 +02:00
|
|
|
current_team: typing.Optional["Team"]
|
2023-06-29 16:01:52 +02:00
|
|
|
escalation_policy_notify_queues: "RelatedManager['EscalationPolicy']"
|
2024-04-02 14:59:03 -04:00
|
|
|
google_oauth2_user: typing.Optional[GoogleOAuth2User]
|
2023-06-29 16:01:52 +02:00
|
|
|
last_notified_in_escalation_policies: "RelatedManager['EscalationPolicy']"
|
2023-07-28 17:11:38 +02:00
|
|
|
notification_policies: "RelatedManager['UserNotificationPolicy']"
|
|
|
|
|
organization: "Organization"
|
2024-07-09 11:23:53 -04:00
|
|
|
personal_log_records: "RelatedManager['UserNotificationPolicyLogRecord']"
|
2023-07-28 17:11:38 +02:00
|
|
|
resolved_alert_groups: "RelatedManager['AlertGroup']"
|
2023-06-29 16:01:52 +02:00
|
|
|
schedule_export_token: "RelatedManager['ScheduleExportAuthToken']"
|
2023-07-28 17:11:38 +02:00
|
|
|
silenced_alert_groups: "RelatedManager['AlertGroup']"
|
|
|
|
|
slack_user_identity: typing.Optional["SlackUserIdentity"]
|
Add responders improvements (#3128)
# What this PR does
https://www.loom.com/share/c5e10b5ec51343d0954c6f41cfd6a5fb
## Summary of backend changes
- Add `AlertReceiveChannel.get_orgs_direct_paging_integrations` method
and `AlertReceiveChannel.is_contactable` property. These are needed to
be able to (optionally) filter down teams, in the `GET /teams` internal
API endpoint
([here](https://github.com/grafana/oncall/pull/3128/files#diff-a4bd76e557f7e11dafb28a52c1034c075028c693b3c12d702d53c07fc6f24c05R55-R63)),
to just teams that have a "contactable" Direct Paging integration
- `engine/apps/alerts/paging.py`
- update these functions to support new UX. In short `direct_paging` no
longer takes a list of `ScheduleNotifications` or an `EscalationChain`
object
- add `user_is_oncall` helper function
- add `_construct_title` helper function. In short if no `title` is
provided, which is the case for Direct Pages originating from OnCall
(either UI or Slack), then the format is `f"{from_user.username} is
paging <team.name (if team is specified> <comma separated list of
user.usernames> to join escalation"`
- `engine/apps/api/serializers/team.py` - add
`number_of_users_currently_oncall` attribute to response schema
([code](https://github.com/grafana/oncall/pull/3128/files#diff-26af48f796c9e987a76447586dd0f92349783d6ea6a0b6039a2f0f28bd58c2ebR45-R52))
- `engine/apps/api/serializers/user.py` - add `is_currently_oncall`
attribute to response schema
([code](https://github.com/grafana/oncall/pull/3128/files#diff-6744b5544ebb120437af98a996da5ad7d48ee1139a6112c7e3904010ab98f232R157-R162))
- `engine/apps/api/views/team.py` - add support for two new optional
query params `only_include_notifiable_teams` and `include_no_team`
([code](https://github.com/grafana/oncall/pull/3128/files#diff-a4bd76e557f7e11dafb28a52c1034c075028c693b3c12d702d53c07fc6f24c05R55-R70))
- `engine/apps/api/views/user.py`
- in the `GET /users` internal API endpoint, when specifying the
`search` query param now also search on `teams__name`
([code](https://github.com/grafana/oncall/pull/3128/files#diff-30309629484ad28e6fe09816e1bd226226d652ea977b6f3b6775976c729bf4b5R223);
this is a new UX requirement)
- add support for a new optional query param, `is_currently_oncall`, to
allow filtering users based on.. whether they are currently on call or
not
([code](https://github.com/grafana/oncall/pull/3128/files#diff-30309629484ad28e6fe09816e1bd226226d652ea977b6f3b6775976c729bf4b5R272-R282))
- remove `check_availability` endpoint (no longer used with new UX; also
removed references in frontend code)
- `engine/apps/slack/scenarios/paging.py` and
`engine/apps/slack/scenarios/manage_responders.py` - update Slack
workflows to support new UX. Schedules are no longer a concept here.
When creating a new alert group via `/escalate` the user either
specifies a team and/or user(s) (they must specify at least one of the
two and validation is done here to check this). When adding responders
to an existing alert group it's simply a list of users that they can
add, no more schedules.
- add `Organization.slack_is_configured` and
`Organization.telegram_is_configured` properties. These are needed to
support [this new functionality
](https://github.com/grafana/oncall/pull/3128/files#diff-9d96504027309f2bd1e95352bac1433b09b60eb4fafb611b52a6c15ed16cbc48R271-R272)
in the `AlertReceiveChannel` model.
## Summary of frontend changes
- Refactor/rename `EscalationVariants` component to `AddResponders` +
remove `grafana-plugin/src/containers/UserWarningModal` (no longer
needed with new UX)
- Remove `grafana-plugin/src/models/user.ts` as it seemed to be a
duplicate of `grafana-plugin/src/models/user/user.types.ts`
Related to https://github.com/grafana/incident/issues/4278
- Closes #3115
- Closes #3116
- Closes #3117
- Closes #3118
- Closes #3177
## TODO
- [x] make frontend changes
- [x] update Slack backend functionality
- [x] update public documentation
- [x] add/update e2e tests
## Post-deploy To-dos
- [ ] update dev/ops/production Slack bots to update `/escalate` command
description (should now say "Direct page a team or user(s)")
## Checklist
- [x] Unit, integration, and e2e (if applicable) tests updated
- [x] Documentation added (or `pr:no public docs` PR label added if not
required)
- [x] `CHANGELOG.md` updated (or `pr:no changelog` PR label added if not
required)
2023-10-27 12:12:07 -04:00
|
|
|
teams: "RelatedManager['Team']"
|
2023-06-29 16:01:52 +02:00
|
|
|
user_schedule_export_token: "RelatedManager['UserScheduleExportAuthToken']"
|
2023-07-28 17:11:38 +02:00
|
|
|
wiped_alert_groups: "RelatedManager['AlertGroup']"
|
2023-06-29 16:01:52 +02:00
|
|
|
|
2024-11-04 13:34:06 -05:00
|
|
|
# mypy/django-stubs support isn't 100% there for this.. however, manually typing this (to what it actually is)
|
|
|
|
|
# works for now. See this issue for more details
|
|
|
|
|
# https://github.com/typeddjango/django-stubs/issues/353#issuecomment-1095656633
|
|
|
|
|
objects: UserQuerySet = UserManager.from_queryset(UserQuerySet)()
|
2022-06-03 08:09:47 -06:00
|
|
|
|
|
|
|
|
class Meta:
|
|
|
|
|
# For some reason there are cases when Grafana user gets deleted,
|
|
|
|
|
# and then new Grafana user is created with the same user_id
|
|
|
|
|
# Including is_active to unique_together and setting is_active to None allows to
|
|
|
|
|
# have multiple deleted users with the same user_id, but user_id is unique among active users
|
|
|
|
|
unique_together = ("user_id", "organization", "is_active")
|
2023-09-27 09:35:52 -03:00
|
|
|
indexes = [
|
|
|
|
|
models.Index(fields=["is_active", "organization", "username"]),
|
|
|
|
|
models.Index(fields=["is_active", "organization", "email"]),
|
|
|
|
|
]
|
2022-06-03 08:09:47 -06:00
|
|
|
|
|
|
|
|
public_primary_key = models.CharField(
|
|
|
|
|
max_length=20,
|
|
|
|
|
validators=[MinLengthValidator(settings.PUBLIC_PRIMARY_KEY_MIN_LENGTH + 1)],
|
|
|
|
|
unique=True,
|
|
|
|
|
default=generate_public_primary_key_for_user,
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
user_id = models.PositiveIntegerField()
|
|
|
|
|
organization = models.ForeignKey(to="user_management.Organization", on_delete=models.CASCADE, related_name="users")
|
2023-07-28 17:11:38 +02:00
|
|
|
current_team = models.ForeignKey(
|
|
|
|
|
to="user_management.Team", null=True, default=None, on_delete=models.SET_NULL, related_name="current_team_users"
|
|
|
|
|
)
|
2022-06-03 08:09:47 -06:00
|
|
|
|
|
|
|
|
email = models.EmailField()
|
|
|
|
|
name = models.CharField(max_length=300)
|
|
|
|
|
username = models.CharField(max_length=300)
|
2022-11-29 09:41:56 +01:00
|
|
|
role = models.PositiveSmallIntegerField(choices=LegacyAccessControlRole.choices())
|
2022-06-03 08:09:47 -06:00
|
|
|
avatar_url = models.URLField()
|
|
|
|
|
|
2022-07-11 13:16:56 +01:00
|
|
|
# don't use "_timezone" directly, use the "timezone" property since it can be populated via slack user identity
|
|
|
|
|
_timezone = models.CharField(max_length=50, null=True, default=None)
|
|
|
|
|
working_hours = models.JSONField(null=True, default=default_working_hours)
|
|
|
|
|
|
2023-07-28 17:11:38 +02:00
|
|
|
notification = models.ManyToManyField(
|
|
|
|
|
"alerts.AlertGroup", through="alerts.UserHasNotification", related_name="users"
|
|
|
|
|
)
|
2022-06-03 08:09:47 -06:00
|
|
|
|
|
|
|
|
unverified_phone_number = models.CharField(max_length=20, null=True, default=None)
|
|
|
|
|
_verified_phone_number = models.CharField(max_length=20, null=True, default=None)
|
2022-09-09 12:42:40 +05:00
|
|
|
hide_phone_number = models.BooleanField(default=False)
|
2022-06-03 08:09:47 -06:00
|
|
|
|
|
|
|
|
slack_user_identity = models.ForeignKey(
|
|
|
|
|
"slack.SlackUserIdentity", on_delete=models.PROTECT, null=True, default=None, related_name="users"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
# is_active = None is used to be able to have multiple deleted users with the same user_id
|
|
|
|
|
is_active = models.BooleanField(null=True, default=True)
|
2022-11-29 09:41:56 +01:00
|
|
|
permissions = models.JSONField(null=False, default=list)
|
2022-06-03 08:09:47 -06:00
|
|
|
|
2023-11-29 14:11:31 +02:00
|
|
|
alert_group_table_selected_columns: list[AlertGroupTableColumn] | None = models.JSONField(default=None, null=True)
|
|
|
|
|
|
2024-04-02 14:59:03 -04:00
|
|
|
google_calendar_settings: GoogleCalendarSettings | None = models.JSONField(default=None, null=True)
|
|
|
|
|
|
2022-06-03 08:09:47 -06:00
|
|
|
def __str__(self):
|
|
|
|
|
return f"{self.pk}: {self.username}"
|
|
|
|
|
|
2023-03-22 00:57:20 +08:00
|
|
|
@property
|
2024-09-26 12:40:07 -04:00
|
|
|
def is_admin(self) -> bool:
|
|
|
|
|
return user_is_authorized(self, [RBACPermission.Permissions.ADMIN])
|
|
|
|
|
|
|
|
|
|
@property
|
|
|
|
|
def available_teams(self) -> "RelatedManager['Team']":
|
|
|
|
|
if self.is_admin:
|
2023-03-22 00:57:20 +08:00
|
|
|
return self.organization.teams.all()
|
2023-03-22 14:38:31 +08:00
|
|
|
return self.organization.teams.filter(Q(is_sharing_resources_to_all=True) | Q(users=self)).distinct()
|
2023-03-22 00:57:20 +08:00
|
|
|
|
2024-09-26 12:40:07 -04:00
|
|
|
@property
|
|
|
|
|
def is_notification_allowed(self) -> bool:
|
|
|
|
|
return user_is_authorized(self, [RBACPermission.Permissions.NOTIFICATIONS_READ])
|
|
|
|
|
|
2022-06-03 08:09:47 -06:00
|
|
|
@property
|
|
|
|
|
def is_authenticated(self):
|
|
|
|
|
return True
|
|
|
|
|
|
2024-12-12 19:11:59 -03:00
|
|
|
@property
|
|
|
|
|
def is_service_account(self) -> bool:
|
|
|
|
|
return False
|
|
|
|
|
|
2024-04-02 14:59:03 -04:00
|
|
|
@property
|
|
|
|
|
def has_google_oauth2_connected(self) -> bool:
|
|
|
|
|
try:
|
|
|
|
|
# https://stackoverflow.com/a/35005034/3902555
|
|
|
|
|
return self.google_oauth2_user is not None
|
|
|
|
|
except ObjectDoesNotExist:
|
|
|
|
|
return False
|
|
|
|
|
|
2024-08-14 18:02:34 -04:00
|
|
|
@property
|
|
|
|
|
def google_oauth2_token_is_missing_scopes(self) -> bool:
|
|
|
|
|
if not self.has_google_oauth2_connected:
|
|
|
|
|
return False
|
|
|
|
|
return not google_utils.user_granted_all_required_scopes(self.google_oauth2_user.oauth_scope)
|
|
|
|
|
|
2024-08-15 16:20:55 +02:00
|
|
|
def avatar_full_url(self, organization: "Organization"):
|
|
|
|
|
"""
|
|
|
|
|
Use arg `organization` instead of `self.organization` to avoid multiple requests to db when getting avatar for
|
|
|
|
|
users list
|
|
|
|
|
"""
|
|
|
|
|
return urljoin(organization.grafana_url, self.avatar_url)
|
2022-11-28 15:52:31 +00:00
|
|
|
|
2022-06-03 08:09:47 -06:00
|
|
|
@property
|
2024-01-12 15:11:22 +00:00
|
|
|
def verified_phone_number(self) -> str | None:
|
2022-06-03 08:09:47 -06:00
|
|
|
"""
|
|
|
|
|
Use property to highlight that _verified_phone_number should not be modified directly
|
|
|
|
|
"""
|
|
|
|
|
return self._verified_phone_number
|
|
|
|
|
|
|
|
|
|
def save_verified_phone_number(self, phone_number: str) -> None:
|
|
|
|
|
self._verified_phone_number = phone_number
|
|
|
|
|
self.save(update_fields=["_verified_phone_number"])
|
|
|
|
|
|
|
|
|
|
def clear_phone_numbers(self) -> None:
|
|
|
|
|
self.unverified_phone_number = None
|
|
|
|
|
self._verified_phone_number = None
|
|
|
|
|
self.save(update_fields=["unverified_phone_number", "_verified_phone_number"])
|
|
|
|
|
|
|
|
|
|
# TODO: move to telegram app
|
2024-01-31 15:23:11 +01:00
|
|
|
@property
|
2022-06-03 08:09:47 -06:00
|
|
|
def is_telegram_connected(self):
|
|
|
|
|
return hasattr(self, "telegram_connection")
|
|
|
|
|
|
2024-09-26 12:40:07 -04:00
|
|
|
def self_or_has_user_settings_admin_permission(self, user_to_check: "User", organization: "Organization") -> bool:
|
|
|
|
|
has_permission = user_is_authorized(user_to_check, [RBACPermission.Permissions.USER_SETTINGS_ADMIN])
|
|
|
|
|
return user_to_check.pk == self.pk or (has_permission and organization.pk == user_to_check.organization_id)
|
2022-06-03 08:09:47 -06:00
|
|
|
|
2023-09-07 16:59:54 +02:00
|
|
|
def get_username_with_slack_verbal(self, mention=False) -> str:
|
2022-06-03 08:09:47 -06:00
|
|
|
slack_verbal = None
|
|
|
|
|
|
|
|
|
|
if self.slack_user_identity:
|
|
|
|
|
slack_verbal = (
|
|
|
|
|
f"<@{self.slack_user_identity.slack_id}>"
|
|
|
|
|
if mention
|
|
|
|
|
else f"@{self.slack_user_identity.profile_display_name or self.slack_user_identity.slack_verbal}"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
if slack_verbal:
|
2023-03-07 18:09:37 +08:00
|
|
|
return f"{self.username} ({slack_verbal})"
|
2022-06-03 08:09:47 -06:00
|
|
|
|
2023-03-07 18:09:37 +08:00
|
|
|
return self.username
|
2022-06-03 08:09:47 -06:00
|
|
|
|
|
|
|
|
@property
|
2023-06-27 07:59:54 +02:00
|
|
|
def timezone(self) -> typing.Optional[str]:
|
2022-07-11 13:16:56 +01:00
|
|
|
if self._timezone:
|
|
|
|
|
return self._timezone
|
|
|
|
|
|
|
|
|
|
if self.slack_user_identity:
|
|
|
|
|
return self.slack_user_identity.timezone
|
|
|
|
|
|
|
|
|
|
return None
|
|
|
|
|
|
|
|
|
|
@timezone.setter
|
|
|
|
|
def timezone(self, value):
|
|
|
|
|
self._timezone = value
|
2022-06-03 08:09:47 -06:00
|
|
|
|
2023-08-02 12:26:45 +01:00
|
|
|
def is_in_working_hours(self, dt: datetime.datetime, tz: typing.Optional[str] = None) -> bool:
|
2023-10-27 15:45:00 -03:00
|
|
|
assert dt.tzinfo == datetime.timezone.utc, "dt must be in UTC"
|
2023-08-02 12:26:45 +01:00
|
|
|
|
|
|
|
|
# Default to user's timezone
|
|
|
|
|
if not tz:
|
|
|
|
|
tz = self.timezone
|
|
|
|
|
|
|
|
|
|
# If user has no timezone set, any time is considered non-working hours
|
|
|
|
|
if not tz:
|
|
|
|
|
return False
|
|
|
|
|
|
|
|
|
|
# Convert to user's timezone and get day name (e.g. monday)
|
|
|
|
|
dt = dt.astimezone(pytz.timezone(tz))
|
|
|
|
|
day_name = dt.date().strftime("%A").lower()
|
|
|
|
|
|
|
|
|
|
# If no working hours for the day, return False
|
|
|
|
|
if day_name not in self.working_hours or not self.working_hours[day_name]:
|
|
|
|
|
return False
|
|
|
|
|
|
|
|
|
|
# Extract start and end time for the day from working hours
|
|
|
|
|
day_start_time_str = self.working_hours[day_name][0]["start"]
|
|
|
|
|
day_start_time = datetime.time.fromisoformat(day_start_time_str)
|
|
|
|
|
|
|
|
|
|
day_end_time_str = self.working_hours[day_name][0]["end"]
|
|
|
|
|
day_end_time = datetime.time.fromisoformat(day_end_time_str)
|
|
|
|
|
|
|
|
|
|
# Calculate day start and end datetime
|
|
|
|
|
day_start = dt.replace(
|
|
|
|
|
hour=day_start_time.hour, minute=day_start_time.minute, second=day_start_time.second, microsecond=0
|
|
|
|
|
)
|
|
|
|
|
day_end = dt.replace(
|
|
|
|
|
hour=day_end_time.hour, minute=day_end_time.minute, second=day_end_time.second, microsecond=0
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
return day_start <= dt <= day_end
|
|
|
|
|
|
2024-08-15 16:20:55 +02:00
|
|
|
def short(self, organization):
|
2023-06-30 14:45:40 +01:00
|
|
|
return {
|
|
|
|
|
"username": self.username,
|
|
|
|
|
"pk": self.public_primary_key,
|
|
|
|
|
"avatar": self.avatar_url,
|
2024-08-15 16:20:55 +02:00
|
|
|
"avatar_full": self.avatar_full_url(organization),
|
2023-06-30 14:45:40 +01:00
|
|
|
}
|
2022-06-03 08:09:47 -06:00
|
|
|
|
2022-08-24 12:04:44 +05:00
|
|
|
# Insight logs
|
|
|
|
|
@property
|
|
|
|
|
def insight_logs_type_verbal(self):
|
|
|
|
|
return "user"
|
|
|
|
|
|
|
|
|
|
@property
|
|
|
|
|
def insight_logs_verbal(self):
|
|
|
|
|
return self.username
|
|
|
|
|
|
|
|
|
|
@property
|
|
|
|
|
def insight_logs_serialized(self):
|
2023-07-25 10:43:23 +01:00
|
|
|
from apps.base.models import UserNotificationPolicy
|
|
|
|
|
|
2022-08-24 12:04:44 +05:00
|
|
|
default, important = UserNotificationPolicy.get_short_verbals_for_user(user=self)
|
|
|
|
|
notification_policies_verbal = f"default: {' - '.join(default)}, important: {' - '.join(important)}"
|
|
|
|
|
notification_policies_verbal = demojize(notification_policies_verbal)
|
|
|
|
|
|
|
|
|
|
result = {
|
|
|
|
|
"username": self.username,
|
2022-11-29 09:41:56 +01:00
|
|
|
# LEGACY.. role should get removed eventually.. it's probably safe to remove it now?
|
2022-08-24 12:04:44 +05:00
|
|
|
"role": self.get_role_display(),
|
|
|
|
|
"notification_policies": notification_policies_verbal,
|
|
|
|
|
}
|
|
|
|
|
if self.verified_phone_number:
|
|
|
|
|
result["verified_phone_number"] = self.unverified_phone_number
|
|
|
|
|
if self.unverified_phone_number:
|
|
|
|
|
result["unverified_phone_number"] = self.unverified_phone_number
|
|
|
|
|
return result
|
|
|
|
|
|
|
|
|
|
@property
|
|
|
|
|
def insight_logs_metadata(self):
|
|
|
|
|
return {}
|
|
|
|
|
|
2024-07-09 11:23:53 -04:00
|
|
|
def get_default_fallback_notification_policy(self) -> "UserNotificationPolicy":
|
|
|
|
|
from apps.base.models import UserNotificationPolicy
|
|
|
|
|
|
|
|
|
|
return UserNotificationPolicy.get_default_fallback_policy(self)
|
|
|
|
|
|
2024-07-05 15:08:17 -04:00
|
|
|
def get_notification_policies_or_use_default_fallback(
|
|
|
|
|
self, important=False
|
2024-07-08 13:04:16 -04:00
|
|
|
) -> typing.Tuple[bool, typing.List["UserNotificationPolicy"]]:
|
2024-07-05 15:08:17 -04:00
|
|
|
"""
|
|
|
|
|
If the user has no notification policies defined, fallback to using e-mail as the notification channel.
|
2024-07-09 11:23:53 -04:00
|
|
|
|
|
|
|
|
The 1st tuple element is a boolean indicating if we are falling back to using a "fallback"/default
|
|
|
|
|
notification policy step (which occurs when the user has no notification policies defined).
|
2024-07-05 15:08:17 -04:00
|
|
|
"""
|
2024-07-09 11:23:53 -04:00
|
|
|
notification_polices = self.notification_policies.filter(important=important)
|
2023-09-28 11:57:49 +08:00
|
|
|
|
2024-07-09 11:23:53 -04:00
|
|
|
if not notification_polices.exists():
|
2024-07-08 13:04:16 -04:00
|
|
|
return (
|
|
|
|
|
True,
|
2024-07-09 11:23:53 -04:00
|
|
|
[self.get_default_fallback_notification_policy()],
|
2024-07-08 13:04:16 -04:00
|
|
|
)
|
|
|
|
|
return (
|
|
|
|
|
False,
|
2024-07-09 11:23:53 -04:00
|
|
|
list(notification_polices.all()),
|
2024-07-08 13:04:16 -04:00
|
|
|
)
|
2023-09-28 11:57:49 +08:00
|
|
|
|
2023-11-29 14:11:31 +02:00
|
|
|
def update_alert_group_table_selected_columns(self, columns: typing.List[AlertGroupTableColumn]) -> None:
|
|
|
|
|
if self.alert_group_table_selected_columns != columns:
|
|
|
|
|
self.alert_group_table_selected_columns = columns
|
|
|
|
|
self.save(update_fields=["alert_group_table_selected_columns"])
|
|
|
|
|
|
2024-08-09 10:51:20 -04:00
|
|
|
def save_google_oauth2_settings(self, google_oauth2_response: "GoogleOauth2Response") -> None:
|
|
|
|
|
logger.info(
|
|
|
|
|
f"Saving Google OAuth2 settings for user {self.pk} "
|
|
|
|
|
f"sub={google_oauth2_response.get('sub')} "
|
2024-08-14 18:02:34 -04:00
|
|
|
f"oauth_scope={google_oauth2_response.get('scope')}"
|
2024-08-09 10:51:20 -04:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
_, created = GoogleOAuth2User.objects.update_or_create(
|
2024-04-02 14:59:03 -04:00
|
|
|
user=self,
|
|
|
|
|
defaults={
|
|
|
|
|
"google_user_id": google_oauth2_response.get("sub"),
|
|
|
|
|
"access_token": google_oauth2_response.get("access_token"),
|
|
|
|
|
"refresh_token": google_oauth2_response.get("refresh_token"),
|
|
|
|
|
"oauth_scope": google_oauth2_response.get("scope"),
|
|
|
|
|
},
|
|
|
|
|
)
|
|
|
|
|
if created:
|
|
|
|
|
self.google_calendar_settings = {
|
|
|
|
|
"oncall_schedules_to_consider_for_shift_swaps": [],
|
|
|
|
|
}
|
|
|
|
|
self.save(update_fields=["google_calendar_settings"])
|
|
|
|
|
|
2024-08-09 10:51:20 -04:00
|
|
|
def reset_google_oauth2_settings(self) -> None:
|
|
|
|
|
logger.info(f"Resetting Google OAuth2 settings for user {self.pk}")
|
|
|
|
|
|
2024-04-02 14:59:03 -04:00
|
|
|
GoogleOAuth2User.objects.filter(user=self).delete()
|
|
|
|
|
|
|
|
|
|
self.google_calendar_settings = None
|
|
|
|
|
self.save(update_fields=["google_calendar_settings"])
|
|
|
|
|
|
2022-06-03 08:09:47 -06:00
|
|
|
|
|
|
|
|
# TODO: check whether this signal can be moved to save method of the model
|
|
|
|
|
@receiver(post_save, sender=User)
|
2023-06-27 12:23:08 +02:00
|
|
|
def listen_for_user_model_save(sender: User, instance: User, created: bool, *args, **kwargs) -> None:
|
2022-06-03 08:09:47 -06:00
|
|
|
drop_cached_ical_for_custom_events_for_organization.apply_async(
|
|
|
|
|
(instance.organization_id,),
|
|
|
|
|
)
|