oncall-engine/engine/apps/api/views/telegram_channels.py

from rest_framework import mixins, status, viewsets
from rest_framework.decorators import action
from rest_framework.permissions import IsAuthenticated
from rest_framework.response import Response

from apps.api.permissions import RBACPermission
from apps.api.serializers.telegram import TelegramToOrganizationConnectorSerializer
from apps.auth_token.auth import PluginAuthentication
from common.api_helpers.mixins import PublicPrimaryKeyMixin
from common.insight_log.chatops_insight_logs import ChatOpsEvent, ChatOpsTypePlug, write_chatops_insight_log


class TelegramChannelViewSet(
    PublicPrimaryKeyMixin,
    mixins.RetrieveModelMixin,
    mixins.DestroyModelMixin,
    mixins.ListModelMixin,
    viewsets.GenericViewSet,
):
    authentication_classes = (PluginAuthentication,)
    permission_classes = (IsAuthenticated, RBACPermission)

    rbac_permissions = {
        "metadata": [RBACPermission.Permissions.CHATOPS_READ],
        "list": [RBACPermission.Permissions.CHATOPS_READ],
        "retrieve": [RBACPermission.Permissions.CHATOPS_READ],
        "destroy": [RBACPermission.Permissions.CHATOPS_UPDATE_SETTINGS],
        "set_default": [RBACPermission.Permissions.CHATOPS_UPDATE_SETTINGS],
    }

    serializer_class = TelegramToOrganizationConnectorSerializer

    def get_queryset(self):
        from apps.telegram.models import TelegramToOrganizationConnector

        return TelegramToOrganizationConnector.objects.filter(organization=self.request.user.organization)

    @action(detail=True, methods=["post"])
    def set_default(self, request, pk):
        telegram_channel = self.get_object()
        telegram_channel.make_channel_default(request.user)

        return Response(status=status.HTTP_200_OK)

    def perform_destroy(self, instance):
        user = self.request.user
        write_chatops_insight_log(
            author=user,
            event_name=ChatOpsEvent.CHANNEL_DISCONNECTED,
            chatops_type=ChatOpsTypePlug.TELEGRAM.value,
            channel_name=instance.channel_name,
        )
        instance.delete()
World, meet OnCall! Co-authored-by: Eve832 <eve.meelan@grafana.com> Co-authored-by: Francisco Montes de Oca <nevermind89x@gmail.com> Co-authored-by: Ildar Iskhakov <ildar.iskhakov@grafana.com> Co-authored-by: Innokentii Konstantinov <innokenty.konstantinov@grafana.com> Co-authored-by: Julia <ferril.darkdiver@gmail.com> Co-authored-by: maskin25 <kengurek@gmail.com> Co-authored-by: Matias Bordese <mbordese@gmail.com> Co-authored-by: Matvey Kukuy <motakuk@gmail.com> Co-authored-by: Michael Derynck <michael.derynck@grafana.com> Co-authored-by: Richard Hartmann <richih@richih.org> Co-authored-by: Robby Milo <robbymilo@fastmail.com> Co-authored-by: Timur Olzhabayev <timur.olzhabayev@grafana.com> Co-authored-by: Vadim Stepanov <vadimkerr@gmail.com> Co-authored-by: Yulia Shanyrova <yulia.shanyrova@grafana.com> 2022-06-03 08:09:47 -06:00			`from rest_framework import mixins, status, viewsets`
			`from rest_framework.decorators import action`
			`from rest_framework.permissions import IsAuthenticated`
			`from rest_framework.response import Response`

Add RBAC Support (#777) * Modify plugin.json to support RBAC role registration * defines 26 new custom roles in plugin.json. The main roles are: - Admin: read/write access to everything in OnCall - Reader: read access to everything in OnCall - OnCaller : read access to everything in OnCall + edit access to Alert Groups and Schedules - <object-type> Editor: read/write access to everything related to <object-type> - <object-type> Reader: read access for <object-type> - User Settings Admin: read/write access to all user's settings, not just own settings. This is in comparison to User Settings Editor which can only read/write own settings * update changelog and documentation (#686) * implement RBAC for OnCall backend This commit refactors backend authorization. It trys to use RBAC authorization if the org's grafana instance supports it, otherwise it falls back to basic role authorization. * update RBAC backend tests * add tests for RBAC changes - run backend tests as matrix where RBAC is enabled/disabled. When RBAC is enabled, the permissions granted are read from the role grants in the frontend's plugin.json file (instead of relying what we specify in RBACPermission.Permissions) - remove --reuse-db --nomigrations flags from engine/tox.ini - minor autoformatting changes to docker-compose-developer.yml * remove --ds=settings.ci-test from pytest CI command DJANGO_SETTINGS_MODULE is already specified as an env var so this is just unecessary duplication * update gitignore * update github action job name for "test" * RBAC frontend changes * refactors the use of basic roles (ex. Viewer, Editor, Admin) use RBAC permissions (when supported), or falling back to basic roles when RBAC is not supported. - updates the UserAction enum in grafana-plugin/src/state/userAction.ts. Previously this was hardcoded to a list of strings that were being returned by the OnCall API. Now the values here correspond to the permissions in plugin.json (plus a fallback role) * changes per Gabriel's comments: - get rid of group attribute in rbac roles - remove displayName role attribute - remove hidden role attribute - add back role to includes section * don't try to update user timezone if they don't have permission 2022-11-29 09:41:56 +01:00			`from apps.api.permissions import RBACPermission`
World, meet OnCall! Co-authored-by: Eve832 <eve.meelan@grafana.com> Co-authored-by: Francisco Montes de Oca <nevermind89x@gmail.com> Co-authored-by: Ildar Iskhakov <ildar.iskhakov@grafana.com> Co-authored-by: Innokentii Konstantinov <innokenty.konstantinov@grafana.com> Co-authored-by: Julia <ferril.darkdiver@gmail.com> Co-authored-by: maskin25 <kengurek@gmail.com> Co-authored-by: Matias Bordese <mbordese@gmail.com> Co-authored-by: Matvey Kukuy <motakuk@gmail.com> Co-authored-by: Michael Derynck <michael.derynck@grafana.com> Co-authored-by: Richard Hartmann <richih@richih.org> Co-authored-by: Robby Milo <robbymilo@fastmail.com> Co-authored-by: Timur Olzhabayev <timur.olzhabayev@grafana.com> Co-authored-by: Vadim Stepanov <vadimkerr@gmail.com> Co-authored-by: Yulia Shanyrova <yulia.shanyrova@grafana.com> 2022-06-03 08:09:47 -06:00			`from apps.api.serializers.telegram import TelegramToOrganizationConnectorSerializer`
			`from apps.auth_token.auth import PluginAuthentication`
			`from common.api_helpers.mixins import PublicPrimaryKeyMixin`
Fix insight_logs exceptions (#1757) Most of the PR is just renaming ChatOpsType to ChatOpsPlug, core changes are linked below: - Fix insight_logs error writing unlink_backend error https://github.com/grafana/oncall/pull/1757/files#diff-7ae187be84e55ebac962bad0984f7569186cdc83c896132b2ebcbcbb31bbf5dd - Fix insight_logs error writing updated schedule with installed slack integration (https://github.com/grafana/oncall/pull/1757/files#diff-4037b7bbef9fc16d9b541beb3ed46f760916d7cd720847c3123adf7afb5ab4b4L690) 2023-04-17 15:16:18 +08:00			`from common.insight_log.chatops_insight_logs import ChatOpsEvent, ChatOpsTypePlug, write_chatops_insight_log`
World, meet OnCall! Co-authored-by: Eve832 <eve.meelan@grafana.com> Co-authored-by: Francisco Montes de Oca <nevermind89x@gmail.com> Co-authored-by: Ildar Iskhakov <ildar.iskhakov@grafana.com> Co-authored-by: Innokentii Konstantinov <innokenty.konstantinov@grafana.com> Co-authored-by: Julia <ferril.darkdiver@gmail.com> Co-authored-by: maskin25 <kengurek@gmail.com> Co-authored-by: Matias Bordese <mbordese@gmail.com> Co-authored-by: Matvey Kukuy <motakuk@gmail.com> Co-authored-by: Michael Derynck <michael.derynck@grafana.com> Co-authored-by: Richard Hartmann <richih@richih.org> Co-authored-by: Robby Milo <robbymilo@fastmail.com> Co-authored-by: Timur Olzhabayev <timur.olzhabayev@grafana.com> Co-authored-by: Vadim Stepanov <vadimkerr@gmail.com> Co-authored-by: Yulia Shanyrova <yulia.shanyrova@grafana.com> 2022-06-03 08:09:47 -06:00

			`class TelegramChannelViewSet(`
			`PublicPrimaryKeyMixin,`
			`mixins.RetrieveModelMixin,`
			`mixins.DestroyModelMixin,`
			`mixins.ListModelMixin,`
			`viewsets.GenericViewSet,`
			`):`
			`authentication_classes = (PluginAuthentication,)`
Add RBAC Support (#777) * Modify plugin.json to support RBAC role registration * defines 26 new custom roles in plugin.json. The main roles are: - Admin: read/write access to everything in OnCall - Reader: read access to everything in OnCall - OnCaller : read access to everything in OnCall + edit access to Alert Groups and Schedules - <object-type> Editor: read/write access to everything related to <object-type> - <object-type> Reader: read access for <object-type> - User Settings Admin: read/write access to all user's settings, not just own settings. This is in comparison to User Settings Editor which can only read/write own settings * update changelog and documentation (#686) * implement RBAC for OnCall backend This commit refactors backend authorization. It trys to use RBAC authorization if the org's grafana instance supports it, otherwise it falls back to basic role authorization. * update RBAC backend tests * add tests for RBAC changes - run backend tests as matrix where RBAC is enabled/disabled. When RBAC is enabled, the permissions granted are read from the role grants in the frontend's plugin.json file (instead of relying what we specify in RBACPermission.Permissions) - remove --reuse-db --nomigrations flags from engine/tox.ini - minor autoformatting changes to docker-compose-developer.yml * remove --ds=settings.ci-test from pytest CI command DJANGO_SETTINGS_MODULE is already specified as an env var so this is just unecessary duplication * update gitignore * update github action job name for "test" * RBAC frontend changes * refactors the use of basic roles (ex. Viewer, Editor, Admin) use RBAC permissions (when supported), or falling back to basic roles when RBAC is not supported. - updates the UserAction enum in grafana-plugin/src/state/userAction.ts. Previously this was hardcoded to a list of strings that were being returned by the OnCall API. Now the values here correspond to the permissions in plugin.json (plus a fallback role) * changes per Gabriel's comments: - get rid of group attribute in rbac roles - remove displayName role attribute - remove hidden role attribute - add back role to includes section * don't try to update user timezone if they don't have permission 2022-11-29 09:41:56 +01:00			`permission_classes = (IsAuthenticated, RBACPermission)`

			`rbac_permissions = {`
			`"metadata": [RBACPermission.Permissions.CHATOPS_READ],`
			`"list": [RBACPermission.Permissions.CHATOPS_READ],`
			`"retrieve": [RBACPermission.Permissions.CHATOPS_READ],`
			`"destroy": [RBACPermission.Permissions.CHATOPS_UPDATE_SETTINGS],`
			`"set_default": [RBACPermission.Permissions.CHATOPS_UPDATE_SETTINGS],`
World, meet OnCall! Co-authored-by: Eve832 <eve.meelan@grafana.com> Co-authored-by: Francisco Montes de Oca <nevermind89x@gmail.com> Co-authored-by: Ildar Iskhakov <ildar.iskhakov@grafana.com> Co-authored-by: Innokentii Konstantinov <innokenty.konstantinov@grafana.com> Co-authored-by: Julia <ferril.darkdiver@gmail.com> Co-authored-by: maskin25 <kengurek@gmail.com> Co-authored-by: Matias Bordese <mbordese@gmail.com> Co-authored-by: Matvey Kukuy <motakuk@gmail.com> Co-authored-by: Michael Derynck <michael.derynck@grafana.com> Co-authored-by: Richard Hartmann <richih@richih.org> Co-authored-by: Robby Milo <robbymilo@fastmail.com> Co-authored-by: Timur Olzhabayev <timur.olzhabayev@grafana.com> Co-authored-by: Vadim Stepanov <vadimkerr@gmail.com> Co-authored-by: Yulia Shanyrova <yulia.shanyrova@grafana.com> 2022-06-03 08:09:47 -06:00			`}`

			`serializer_class = TelegramToOrganizationConnectorSerializer`

			`def get_queryset(self):`
`apps.get_model` -> `import` (#2619) # What this PR does Remove [`apps.get_model`](https://docs.djangoproject.com/en/3.2/ref/applications/#django.apps.apps.get_model) invocations and use inline `import` statements in places where models are imported within functions/methods to avoid circular imports. I believe `import` statements are more appropriate for most use cases as they allow for better static code analysis & formatting, and solve the issue of circular imports without being unnecessarily dynamic as `apps.get_model`. With `import` statements, it's possible to: - Jump to model definitions in most IDEs - Automatically sort inline imports with `isort` - Find import errors faster/easier (most IDEs highlight broken imports) - Have more consistency across regular & inline imports when importing models This PR also adds a flake8 rule to ban imports of `django.apps.apps`, so it's harder to use `apps.get_model` by mistake (it's possible to ignore this rule by using `# noqa: I251`). The rule is not enforced on directories with migration files, because `apps.get_model` is often used to get a historical state of a model, which is useful when writing migrations ([see this SO answer for more details](https://stackoverflow.com/a/37769213)). So `apps.get_model` is considered OK in migrations (even necessary in some cases). ## Checklist - [x] Unit, integration, and e2e (if applicable) tests updated - [x] Documentation added (or `pr:no public docs` PR label added if not required) - [x] `CHANGELOG.md` updated (or `pr:no changelog` PR label added if not required) 2023-07-25 10:43:23 +01:00			`from apps.telegram.models import TelegramToOrganizationConnector`

World, meet OnCall! Co-authored-by: Eve832 <eve.meelan@grafana.com> Co-authored-by: Francisco Montes de Oca <nevermind89x@gmail.com> Co-authored-by: Ildar Iskhakov <ildar.iskhakov@grafana.com> Co-authored-by: Innokentii Konstantinov <innokenty.konstantinov@grafana.com> Co-authored-by: Julia <ferril.darkdiver@gmail.com> Co-authored-by: maskin25 <kengurek@gmail.com> Co-authored-by: Matias Bordese <mbordese@gmail.com> Co-authored-by: Matvey Kukuy <motakuk@gmail.com> Co-authored-by: Michael Derynck <michael.derynck@grafana.com> Co-authored-by: Richard Hartmann <richih@richih.org> Co-authored-by: Robby Milo <robbymilo@fastmail.com> Co-authored-by: Timur Olzhabayev <timur.olzhabayev@grafana.com> Co-authored-by: Vadim Stepanov <vadimkerr@gmail.com> Co-authored-by: Yulia Shanyrova <yulia.shanyrova@grafana.com> 2022-06-03 08:09:47 -06:00			`return TelegramToOrganizationConnector.objects.filter(organization=self.request.user.organization)`

			`@action(detail=True, methods=["post"])`
			`def set_default(self, request, pk):`
			`telegram_channel = self.get_object()`
			`telegram_channel.make_channel_default(request.user)`

			`return Response(status=status.HTTP_200_OK)`

			`def perform_destroy(self, instance):`
			`user = self.request.user`
Insight logs (#348) * Entity events insight logs * Insight logging * Fix event for updating templates * Format fixes * Remove organization_log_type.py * Simplify signature of chatops_insight_log * insight logs formatting * Add possibility to enable all insight logging via DynamicSetting * Fixes * Style fixes * Add migration * Fix migration 2022-08-24 12:04:44 +05:00			`write_chatops_insight_log(`
			`author=user,`
			`event_name=ChatOpsEvent.CHANNEL_DISCONNECTED,`
Fix insight_logs exceptions (#1757) Most of the PR is just renaming ChatOpsType to ChatOpsPlug, core changes are linked below: - Fix insight_logs error writing unlink_backend error https://github.com/grafana/oncall/pull/1757/files#diff-7ae187be84e55ebac962bad0984f7569186cdc83c896132b2ebcbcbb31bbf5dd - Fix insight_logs error writing updated schedule with installed slack integration (https://github.com/grafana/oncall/pull/1757/files#diff-4037b7bbef9fc16d9b541beb3ed46f760916d7cd720847c3123adf7afb5ab4b4L690) 2023-04-17 15:16:18 +08:00			`chatops_type=ChatOpsTypePlug.TELEGRAM.value,`
Insight logs (#348) * Entity events insight logs * Insight logging * Fix event for updating templates * Format fixes * Remove organization_log_type.py * Simplify signature of chatops_insight_log * insight logs formatting * Add possibility to enable all insight logging via DynamicSetting * Fixes * Style fixes * Add migration * Fix migration 2022-08-24 12:04:44 +05:00			`channel_name=instance.channel_name,`
			`)`
World, meet OnCall! Co-authored-by: Eve832 <eve.meelan@grafana.com> Co-authored-by: Francisco Montes de Oca <nevermind89x@gmail.com> Co-authored-by: Ildar Iskhakov <ildar.iskhakov@grafana.com> Co-authored-by: Innokentii Konstantinov <innokenty.konstantinov@grafana.com> Co-authored-by: Julia <ferril.darkdiver@gmail.com> Co-authored-by: maskin25 <kengurek@gmail.com> Co-authored-by: Matias Bordese <mbordese@gmail.com> Co-authored-by: Matvey Kukuy <motakuk@gmail.com> Co-authored-by: Michael Derynck <michael.derynck@grafana.com> Co-authored-by: Richard Hartmann <richih@richih.org> Co-authored-by: Robby Milo <robbymilo@fastmail.com> Co-authored-by: Timur Olzhabayev <timur.olzhabayev@grafana.com> Co-authored-by: Vadim Stepanov <vadimkerr@gmail.com> Co-authored-by: Yulia Shanyrova <yulia.shanyrova@grafana.com> 2022-06-03 08:09:47 -06:00			`instance.delete()`