2024-03-07 19:46:46 +01:00
|
|
|
"""Client serializers for the impress core app."""
|
2024-08-20 16:42:27 +02:00
|
|
|
|
2024-08-19 22:35:48 +02:00
|
|
|
import mimetypes
|
|
|
|
|
|
|
|
|
|
from django.conf import settings
|
2024-03-03 08:49:27 +01:00
|
|
|
from django.db.models import Q
|
2024-02-09 19:32:12 +01:00
|
|
|
from django.utils.translation import gettext_lazy as _
|
|
|
|
|
|
2024-10-07 20:10:42 +02:00
|
|
|
import magic
|
2024-01-09 15:30:36 +01:00
|
|
|
from rest_framework import exceptions, serializers
|
|
|
|
|
|
2024-09-20 22:42:46 +02:00
|
|
|
from core import enums, models
|
|
|
|
|
from core.services.ai_services import AI_ACTIONS
|
2024-01-09 15:30:36 +01:00
|
|
|
|
|
|
|
|
|
|
|
|
|
class UserSerializer(serializers.ModelSerializer):
|
|
|
|
|
"""Serialize users."""
|
|
|
|
|
|
|
|
|
|
class Meta:
|
|
|
|
|
model = models.User
|
2024-09-30 15:13:42 +02:00
|
|
|
fields = ["id", "email", "full_name", "short_name"]
|
|
|
|
|
read_only_fields = ["id", "email", "full_name", "short_name"]
|
2024-01-09 15:30:36 +01:00
|
|
|
|
2024-02-09 19:32:12 +01:00
|
|
|
|
2024-04-03 18:50:28 +02:00
|
|
|
class BaseAccessSerializer(serializers.ModelSerializer):
|
2024-02-09 19:32:12 +01:00
|
|
|
"""Serialize template accesses."""
|
2024-01-09 15:30:36 +01:00
|
|
|
|
|
|
|
|
abilities = serializers.SerializerMethodField(read_only=True)
|
|
|
|
|
|
|
|
|
|
def update(self, instance, validated_data):
|
|
|
|
|
"""Make "user" field is readonly but only on update."""
|
|
|
|
|
validated_data.pop("user", None)
|
|
|
|
|
return super().update(instance, validated_data)
|
|
|
|
|
|
|
|
|
|
def get_abilities(self, access) -> dict:
|
|
|
|
|
"""Return abilities of the logged-in user on the instance."""
|
|
|
|
|
request = self.context.get("request")
|
|
|
|
|
if request:
|
|
|
|
|
return access.get_abilities(request.user)
|
|
|
|
|
return {}
|
|
|
|
|
|
|
|
|
|
def validate(self, attrs):
|
|
|
|
|
"""
|
|
|
|
|
Check access rights specific to writing (create/update)
|
|
|
|
|
"""
|
|
|
|
|
request = self.context.get("request")
|
|
|
|
|
user = getattr(request, "user", None)
|
|
|
|
|
role = attrs.get("role")
|
|
|
|
|
|
|
|
|
|
# Update
|
|
|
|
|
if self.instance:
|
|
|
|
|
can_set_role_to = self.instance.get_abilities(user)["set_role_to"]
|
|
|
|
|
|
|
|
|
|
if role and role not in can_set_role_to:
|
|
|
|
|
message = (
|
|
|
|
|
f"You are only allowed to set role to {', '.join(can_set_role_to)}"
|
|
|
|
|
if can_set_role_to
|
2024-02-09 19:32:12 +01:00
|
|
|
else "You are not allowed to set this role for this template."
|
2024-01-09 15:30:36 +01:00
|
|
|
)
|
|
|
|
|
raise exceptions.PermissionDenied(message)
|
|
|
|
|
|
|
|
|
|
# Create
|
|
|
|
|
else:
|
|
|
|
|
try:
|
2024-04-03 18:50:28 +02:00
|
|
|
resource_id = self.context["resource_id"]
|
2024-01-09 15:30:36 +01:00
|
|
|
except KeyError as exc:
|
|
|
|
|
raise exceptions.ValidationError(
|
2024-04-03 18:50:28 +02:00
|
|
|
"You must set a resource ID in kwargs to create a new access."
|
2024-01-09 15:30:36 +01:00
|
|
|
) from exc
|
|
|
|
|
|
2024-04-03 18:50:28 +02:00
|
|
|
if not self.Meta.model.objects.filter( # pylint: disable=no-member
|
2024-09-06 16:12:02 +02:00
|
|
|
Q(user=user) | Q(team__in=user.teams),
|
2024-01-09 15:30:36 +01:00
|
|
|
role__in=[models.RoleChoices.OWNER, models.RoleChoices.ADMIN],
|
2024-10-11 20:42:16 +02:00
|
|
|
**{self.Meta.resource_field_name: resource_id}, # pylint: disable=no-member
|
2024-01-09 15:30:36 +01:00
|
|
|
).exists():
|
|
|
|
|
raise exceptions.PermissionDenied(
|
2024-04-03 18:50:28 +02:00
|
|
|
"You are not allowed to manage accesses for this resource."
|
2024-01-09 15:30:36 +01:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
if (
|
|
|
|
|
role == models.RoleChoices.OWNER
|
2024-04-03 18:50:28 +02:00
|
|
|
and not self.Meta.model.objects.filter( # pylint: disable=no-member
|
2024-09-06 16:12:02 +02:00
|
|
|
Q(user=user) | Q(team__in=user.teams),
|
2024-01-09 15:30:36 +01:00
|
|
|
role=models.RoleChoices.OWNER,
|
2024-04-03 18:50:28 +02:00
|
|
|
**{self.Meta.resource_field_name: resource_id}, # pylint: disable=no-member
|
2024-01-09 15:30:36 +01:00
|
|
|
).exists()
|
|
|
|
|
):
|
|
|
|
|
raise exceptions.PermissionDenied(
|
2024-04-03 18:50:28 +02:00
|
|
|
"Only owners of a resource can assign other users as owners."
|
2024-01-09 15:30:36 +01:00
|
|
|
)
|
|
|
|
|
|
2024-04-03 18:50:28 +02:00
|
|
|
# pylint: disable=no-member
|
|
|
|
|
attrs[f"{self.Meta.resource_field_name}_id"] = self.context["resource_id"]
|
2024-01-09 15:30:36 +01:00
|
|
|
return attrs
|
|
|
|
|
|
|
|
|
|
|
2024-04-03 18:50:28 +02:00
|
|
|
class DocumentAccessSerializer(BaseAccessSerializer):
|
|
|
|
|
"""Serialize document accesses."""
|
|
|
|
|
|
2024-05-31 17:06:39 +02:00
|
|
|
user_id = serializers.PrimaryKeyRelatedField(
|
|
|
|
|
queryset=models.User.objects.all(),
|
|
|
|
|
write_only=True,
|
|
|
|
|
source="user",
|
|
|
|
|
required=False,
|
|
|
|
|
allow_null=True,
|
|
|
|
|
)
|
|
|
|
|
user = UserSerializer(read_only=True)
|
|
|
|
|
|
2024-04-03 18:50:28 +02:00
|
|
|
class Meta:
|
|
|
|
|
model = models.DocumentAccess
|
|
|
|
|
resource_field_name = "document"
|
2024-05-31 17:06:39 +02:00
|
|
|
fields = ["id", "user", "user_id", "team", "role", "abilities"]
|
2024-04-03 18:50:28 +02:00
|
|
|
read_only_fields = ["id", "abilities"]
|
2024-01-09 15:30:36 +01:00
|
|
|
|
2024-04-03 18:50:28 +02:00
|
|
|
|
|
|
|
|
class TemplateAccessSerializer(BaseAccessSerializer):
|
|
|
|
|
"""Serialize template accesses."""
|
2024-01-09 15:30:36 +01:00
|
|
|
|
|
|
|
|
class Meta:
|
2024-04-03 18:50:28 +02:00
|
|
|
model = models.TemplateAccess
|
|
|
|
|
resource_field_name = "template"
|
|
|
|
|
fields = ["id", "user", "team", "role", "abilities"]
|
|
|
|
|
read_only_fields = ["id", "abilities"]
|
2024-01-09 15:30:36 +01:00
|
|
|
|
2024-04-03 18:50:28 +02:00
|
|
|
|
|
|
|
|
class BaseResourceSerializer(serializers.ModelSerializer):
|
|
|
|
|
"""Serialize documents."""
|
|
|
|
|
|
|
|
|
|
abilities = serializers.SerializerMethodField(read_only=True)
|
|
|
|
|
accesses = TemplateAccessSerializer(many=True, read_only=True)
|
|
|
|
|
|
|
|
|
|
def get_abilities(self, document) -> dict:
|
2024-01-09 15:30:36 +01:00
|
|
|
"""Return abilities of the logged-in user on the instance."""
|
|
|
|
|
request = self.context.get("request")
|
|
|
|
|
if request:
|
2024-04-03 18:50:28 +02:00
|
|
|
return document.get_abilities(request.user)
|
2024-01-09 15:30:36 +01:00
|
|
|
return {}
|
2024-02-09 19:32:12 +01:00
|
|
|
|
|
|
|
|
|
2024-11-09 10:27:21 +01:00
|
|
|
class ListDocumentSerializer(BaseResourceSerializer):
|
|
|
|
|
"""Serialize documents with limited fields for display in lists."""
|
2024-04-03 18:50:28 +02:00
|
|
|
|
2024-04-06 09:09:46 +02:00
|
|
|
|
2024-04-03 18:50:28 +02:00
|
|
|
class Meta:
|
|
|
|
|
model = models.Document
|
2024-07-02 12:47:22 +02:00
|
|
|
fields = [
|
|
|
|
|
"id",
|
2024-11-09 10:27:21 +01:00
|
|
|
"abilities",
|
2024-07-02 12:47:22 +02:00
|
|
|
"content",
|
2024-11-09 10:27:21 +01:00
|
|
|
"created_at",
|
|
|
|
|
"link_role",
|
|
|
|
|
"link_reach",
|
2024-07-02 12:47:22 +02:00
|
|
|
"title",
|
2024-11-09 10:27:21 +01:00
|
|
|
"updated_at",
|
|
|
|
|
]
|
|
|
|
|
read_only_fields = [
|
|
|
|
|
"id",
|
2024-07-02 12:47:22 +02:00
|
|
|
"abilities",
|
2024-11-09 10:27:21 +01:00
|
|
|
"created_at",
|
2024-09-08 23:37:49 +02:00
|
|
|
"link_role",
|
|
|
|
|
"link_reach",
|
2024-11-09 10:27:21 +01:00
|
|
|
"updated_at",
|
|
|
|
|
]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class DocumentSerializer(ListDocumentSerializer):
|
|
|
|
|
"""Serialize documents with all fields for display in detail views."""
|
|
|
|
|
|
|
|
|
|
content = serializers.CharField(required=False)
|
|
|
|
|
|
|
|
|
|
class Meta:
|
|
|
|
|
model = models.Document
|
|
|
|
|
fields = [
|
|
|
|
|
"id",
|
|
|
|
|
"abilities",
|
|
|
|
|
"content",
|
2024-09-08 23:37:49 +02:00
|
|
|
"created_at",
|
2024-11-09 10:27:21 +01:00
|
|
|
"link_role",
|
|
|
|
|
"link_reach",
|
|
|
|
|
"title",
|
2024-09-08 23:37:49 +02:00
|
|
|
"updated_at",
|
|
|
|
|
]
|
|
|
|
|
read_only_fields = [
|
|
|
|
|
"id",
|
|
|
|
|
"abilities",
|
2024-11-09 10:27:21 +01:00
|
|
|
"created_at",
|
2024-09-08 23:37:49 +02:00
|
|
|
"link_role",
|
|
|
|
|
"link_reach",
|
2024-07-02 12:47:22 +02:00
|
|
|
"updated_at",
|
|
|
|
|
]
|
2024-04-03 18:50:28 +02:00
|
|
|
|
2024-09-09 19:31:26 +02:00
|
|
|
def get_fields(self):
|
|
|
|
|
"""Dynamically make `id` read-only on PUT requests but writable on POST requests."""
|
|
|
|
|
fields = super().get_fields()
|
|
|
|
|
|
|
|
|
|
request = self.context.get("request")
|
|
|
|
|
if request and request.method == "POST":
|
|
|
|
|
fields["id"].read_only = False
|
|
|
|
|
|
|
|
|
|
return fields
|
|
|
|
|
|
|
|
|
|
def validate_id(self, value):
|
|
|
|
|
"""Ensure the provided ID does not already exist when creating a new document."""
|
|
|
|
|
request = self.context.get("request")
|
|
|
|
|
|
|
|
|
|
# Only check this on POST (creation)
|
|
|
|
|
if request and request.method == "POST":
|
|
|
|
|
if models.Document.objects.filter(id=value).exists():
|
|
|
|
|
raise serializers.ValidationError(
|
|
|
|
|
"A document with this ID already exists. You cannot override it."
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
return value
|
|
|
|
|
|
2024-04-03 18:50:28 +02:00
|
|
|
|
2024-09-08 23:07:47 +02:00
|
|
|
class LinkDocumentSerializer(BaseResourceSerializer):
|
|
|
|
|
"""
|
|
|
|
|
Serialize link configuration for documents.
|
|
|
|
|
We expose it separately from document in order to simplify and secure access control.
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
|
|
class Meta:
|
|
|
|
|
model = models.Document
|
|
|
|
|
fields = [
|
|
|
|
|
"link_role",
|
|
|
|
|
"link_reach",
|
|
|
|
|
]
|
|
|
|
|
|
|
|
|
|
|
2024-08-19 22:35:48 +02:00
|
|
|
# Suppress the warning about not implementing `create` and `update` methods
|
|
|
|
|
# since we don't use a model and only rely on the serializer for validation
|
|
|
|
|
# pylint: disable=abstract-method
|
|
|
|
|
class FileUploadSerializer(serializers.Serializer):
|
|
|
|
|
"""Receive file upload requests."""
|
|
|
|
|
|
|
|
|
|
file = serializers.FileField()
|
|
|
|
|
|
|
|
|
|
def validate_file(self, file):
|
|
|
|
|
"""Add file size and type constraints as defined in settings."""
|
|
|
|
|
# Validate file size
|
|
|
|
|
if file.size > settings.DOCUMENT_IMAGE_MAX_SIZE:
|
|
|
|
|
max_size = settings.DOCUMENT_IMAGE_MAX_SIZE // (1024 * 1024)
|
|
|
|
|
raise serializers.ValidationError(
|
|
|
|
|
f"File size exceeds the maximum limit of {max_size:d} MB."
|
|
|
|
|
)
|
|
|
|
|
|
2024-10-07 20:10:42 +02:00
|
|
|
extension = file.name.rpartition(".")[-1] if "." in file.name else None
|
|
|
|
|
|
|
|
|
|
# Read the first few bytes to determine the MIME type accurately
|
|
|
|
|
mime = magic.Magic(mime=True)
|
|
|
|
|
magic_mime_type = mime.from_buffer(file.read(1024))
|
|
|
|
|
file.seek(0) # Reset file pointer to the beginning after reading
|
|
|
|
|
|
|
|
|
|
self.context["is_unsafe"] = (
|
|
|
|
|
magic_mime_type in settings.DOCUMENT_UNSAFE_MIME_TYPES
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
extension_mime_type, _ = mimetypes.guess_type(file.name)
|
|
|
|
|
|
|
|
|
|
# Try guessing a coherent extension from the mimetype
|
|
|
|
|
if extension_mime_type != magic_mime_type:
|
|
|
|
|
self.context["is_unsafe"] = True
|
|
|
|
|
|
|
|
|
|
guessed_ext = mimetypes.guess_extension(magic_mime_type)
|
|
|
|
|
# Missing extensions or extensions longer than 5 characters (it's as long as an extension
|
|
|
|
|
# can be) are replaced by the extension we eventually guessed from mimetype.
|
|
|
|
|
if (extension is None or len(extension) > 5) and guessed_ext:
|
|
|
|
|
extension = guessed_ext[1:]
|
|
|
|
|
|
|
|
|
|
if extension is None:
|
|
|
|
|
raise serializers.ValidationError("Could not determine file extension.")
|
|
|
|
|
|
|
|
|
|
self.context["expected_extension"] = extension
|
2024-08-19 22:35:48 +02:00
|
|
|
|
|
|
|
|
return file
|
|
|
|
|
|
2024-10-07 20:10:42 +02:00
|
|
|
def validate(self, attrs):
|
|
|
|
|
"""Override validate to add the computed extension to validated_data."""
|
|
|
|
|
attrs["expected_extension"] = self.context["expected_extension"]
|
|
|
|
|
attrs["is_unsafe"] = self.context["is_unsafe"]
|
|
|
|
|
return attrs
|
|
|
|
|
|
2024-08-19 22:35:48 +02:00
|
|
|
|
2024-04-03 18:50:28 +02:00
|
|
|
class TemplateSerializer(BaseResourceSerializer):
|
|
|
|
|
"""Serialize templates."""
|
|
|
|
|
|
|
|
|
|
class Meta:
|
|
|
|
|
model = models.Template
|
2024-04-17 17:11:31 +02:00
|
|
|
fields = [
|
|
|
|
|
"id",
|
|
|
|
|
"title",
|
|
|
|
|
"accesses",
|
|
|
|
|
"abilities",
|
|
|
|
|
"css",
|
|
|
|
|
"code",
|
|
|
|
|
"is_public",
|
|
|
|
|
]
|
2024-04-03 18:50:28 +02:00
|
|
|
read_only_fields = ["id", "accesses", "abilities"]
|
|
|
|
|
|
|
|
|
|
|
2024-02-09 19:32:12 +01:00
|
|
|
# pylint: disable=abstract-method
|
|
|
|
|
class DocumentGenerationSerializer(serializers.Serializer):
|
|
|
|
|
"""Serializer to receive a request to generate a document on a template."""
|
|
|
|
|
|
2024-04-16 10:30:10 +02:00
|
|
|
body = serializers.CharField(label=_("Body"))
|
|
|
|
|
body_type = serializers.ChoiceField(
|
|
|
|
|
choices=["html", "markdown"],
|
|
|
|
|
label=_("Body type"),
|
|
|
|
|
required=False,
|
|
|
|
|
default="html",
|
|
|
|
|
)
|
2024-08-07 14:44:18 +02:00
|
|
|
format = serializers.ChoiceField(
|
|
|
|
|
choices=["pdf", "docx"],
|
|
|
|
|
label=_("Format"),
|
|
|
|
|
required=False,
|
|
|
|
|
default="pdf",
|
|
|
|
|
)
|
2024-05-13 23:31:00 +02:00
|
|
|
|
|
|
|
|
|
|
|
|
|
class InvitationSerializer(serializers.ModelSerializer):
|
|
|
|
|
"""Serialize invitations."""
|
|
|
|
|
|
|
|
|
|
abilities = serializers.SerializerMethodField(read_only=True)
|
|
|
|
|
|
|
|
|
|
class Meta:
|
|
|
|
|
model = models.Invitation
|
|
|
|
|
fields = [
|
|
|
|
|
"id",
|
|
|
|
|
"abilities",
|
|
|
|
|
"created_at",
|
|
|
|
|
"email",
|
|
|
|
|
"document",
|
|
|
|
|
"role",
|
|
|
|
|
"issuer",
|
|
|
|
|
"is_expired",
|
|
|
|
|
]
|
|
|
|
|
read_only_fields = [
|
|
|
|
|
"id",
|
|
|
|
|
"abilities",
|
|
|
|
|
"created_at",
|
|
|
|
|
"document",
|
|
|
|
|
"issuer",
|
|
|
|
|
"is_expired",
|
|
|
|
|
]
|
|
|
|
|
|
|
|
|
|
def get_abilities(self, invitation) -> dict:
|
|
|
|
|
"""Return abilities of the logged-in user on the instance."""
|
|
|
|
|
request = self.context.get("request")
|
|
|
|
|
if request:
|
|
|
|
|
return invitation.get_abilities(request.user)
|
|
|
|
|
return {}
|
|
|
|
|
|
|
|
|
|
def validate(self, attrs):
|
2024-10-22 00:28:16 +02:00
|
|
|
"""Validate invitation data."""
|
2024-05-13 23:31:00 +02:00
|
|
|
request = self.context.get("request")
|
|
|
|
|
user = getattr(request, "user", None)
|
|
|
|
|
|
2024-10-22 00:28:16 +02:00
|
|
|
attrs["document_id"] = self.context["resource_id"]
|
2024-05-13 23:31:00 +02:00
|
|
|
|
2024-10-22 00:28:16 +02:00
|
|
|
# Only set the issuer if the instance is being created
|
|
|
|
|
if self.instance is None:
|
|
|
|
|
attrs["issuer"] = user
|
2024-05-13 23:31:00 +02:00
|
|
|
|
2024-10-22 00:28:16 +02:00
|
|
|
return attrs
|
2024-05-13 23:31:00 +02:00
|
|
|
|
2024-10-22 00:28:16 +02:00
|
|
|
def validate_role(self, role):
|
|
|
|
|
"""Custom validation for the role field."""
|
|
|
|
|
request = self.context.get("request")
|
|
|
|
|
user = getattr(request, "user", None)
|
|
|
|
|
document_id = self.context["resource_id"]
|
|
|
|
|
|
|
|
|
|
# If the role is OWNER, check if the user has OWNER access
|
|
|
|
|
if role == models.RoleChoices.OWNER:
|
|
|
|
|
if not models.DocumentAccess.objects.filter(
|
2024-09-06 16:12:02 +02:00
|
|
|
Q(user=user) | Q(team__in=user.teams),
|
2024-05-13 23:31:00 +02:00
|
|
|
document=document_id,
|
|
|
|
|
role=models.RoleChoices.OWNER,
|
2024-10-22 00:28:16 +02:00
|
|
|
).exists():
|
|
|
|
|
raise serializers.ValidationError(
|
|
|
|
|
"Only owners of a document can invite other users as owners."
|
|
|
|
|
)
|
2024-05-13 23:31:00 +02:00
|
|
|
|
2024-10-22 00:28:16 +02:00
|
|
|
return role
|
2024-07-17 09:10:05 +02:00
|
|
|
|
|
|
|
|
|
2024-09-16 19:27:48 +02:00
|
|
|
class VersionFilterSerializer(serializers.Serializer):
|
|
|
|
|
"""Validate version filters applied to the list endpoint."""
|
2024-07-17 09:10:05 +02:00
|
|
|
|
2024-09-16 19:27:48 +02:00
|
|
|
version_id = serializers.CharField(required=False, allow_blank=True)
|
|
|
|
|
page_size = serializers.IntegerField(
|
|
|
|
|
required=False, min_value=1, max_value=50, default=20
|
|
|
|
|
)
|
2024-09-20 22:42:46 +02:00
|
|
|
|
|
|
|
|
|
|
|
|
|
class AITransformSerializer(serializers.Serializer):
|
|
|
|
|
"""Serializer for AI transform requests."""
|
|
|
|
|
|
|
|
|
|
action = serializers.ChoiceField(choices=AI_ACTIONS, required=True)
|
|
|
|
|
text = serializers.CharField(required=True)
|
|
|
|
|
|
|
|
|
|
def validate_text(self, value):
|
|
|
|
|
"""Ensure the text field is not empty."""
|
|
|
|
|
|
|
|
|
|
if len(value.strip()) == 0:
|
|
|
|
|
raise serializers.ValidationError("Text field cannot be empty.")
|
|
|
|
|
return value
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class AITranslateSerializer(serializers.Serializer):
|
|
|
|
|
"""Serializer for AI translate requests."""
|
|
|
|
|
|
|
|
|
|
language = serializers.ChoiceField(
|
|
|
|
|
choices=tuple(enums.ALL_LANGUAGES.items()), required=True
|
|
|
|
|
)
|
|
|
|
|
text = serializers.CharField(required=True)
|
|
|
|
|
|
|
|
|
|
def validate_text(self, value):
|
|
|
|
|
"""Ensure the text field is not empty."""
|
|
|
|
|
|
|
|
|
|
if len(value.strip()) == 0:
|
|
|
|
|
raise serializers.ValidationError("Text field cannot be empty.")
|
|
|
|
|
return value
|
