import shlex import uuid from django.db import connection from django.db.models import Count from django.db.models.expressions import RawSQL from django.http import HttpResponseNotFound from django_filters.rest_framework import DjangoFilterBackend from rest_framework import exceptions, mixins, views, viewsets from rest_framework.decorators import action from rest_framework.exceptions import NotFound from rest_framework.filters import OrderingFilter from rest_framework.response import Response from events.models import Event from .filters import IssueFilter from .models import Comment, EventStatus, Issue from .permissions import EventPermission, IssuePermission from .serializers import ( CommentSerializer, EventDetailSerializer, EventSerializer, IssueSerializer, ) class IssueViewSet( mixins.ListModelMixin, mixins.RetrieveModelMixin, mixins.UpdateModelMixin, mixins.DestroyModelMixin, viewsets.GenericViewSet, ): """ View and bulk update issues. # Bulk updates Submit PUT request to bulk update Issue statuses ## Query Parameters - id (int) — a list of IDs of the issues to be removed. This parameter shall be repeated for each issue. - query (string) — querystring for structured search. Example: "is:unresolved" searches for status=unresolved. """ queryset = Issue.objects.all() serializer_class = IssueSerializer filterset_class = IssueFilter filter_backends = [DjangoFilterBackend, OrderingFilter] permission_classes = [IssuePermission] ordering = ["-last_seen"] ordering_fields = ["last_seen", "created", "count", "priority"] page_size_query_param = "limit" def _get_queryset_base(self): if not self.request.user.is_authenticated: return self.queryset.none() qs = ( super() .get_queryset() .filter(project__organization__users=self.request.user) ) if "organization_slug" in self.kwargs: qs = qs.filter( project__organization__slug=self.kwargs["organization_slug"], ) if "project_slug" in self.kwargs: qs = qs.filter( project__slug=self.kwargs["project_slug"], ) return qs def list(self, request, *args, **kwargs): try: event_id = uuid.UUID(self.request.GET.get("query", "")) except ValueError: event_id = None if event_id and self.request.user.is_authenticated: issues = list(self._get_queryset_base().filter(event__event_id=event_id)) if issues: serializer = IssueSerializer( issues, many=True, context={"matching_event_id": event_id.hex} ) return Response(serializer.data, headers={"X-Sentry-Direct-Hit": "1"}) return super().list(request, *args, **kwargs) def get_queryset(self): qs = self._get_queryset_base() queries = shlex.split(self.request.GET.get("query", "")) # First look for structured queries for i, query in enumerate(queries): query_part = query.split(":", 1) if len(query_part) == 2: query_name, query_value = query_part query_value = query_value.strip('"') if query_name == "is": qs = qs.filter(status=EventStatus.from_string(query_value)) elif query_name == "has": qs = qs.filter(tags__has_key=query_value) else: qs = qs.filter(tags__contains={query_name: [query_value]}) if len(query_part) == 1: search_query = " ".join(queries[i:]) qs = qs.filter(search_vector=search_query) # Search queries must be at end of query string, finished when parsing break if str(self.request.query_params.get("sort")).endswith("priority"): # Raw SQL must be added when sorting by priority # Inspired by https://stackoverflow.com/a/43788975/443457 qs = qs.annotate( priority=RawSQL( "LOG10(count) + EXTRACT(EPOCH FROM last_seen)/300000", () ) ) qs = qs.select_related("project").defer("search_vector", "tags") if self.action in ["retrieve"]: qs = qs.annotate( num_comments=Count("comment"), user_report_count=(Count("userreport")) ) return qs def bulk_update(self, request, *args, **kwargs): """Limited to pagination page count limit""" queryset = self.filter_queryset(self.get_queryset()) ids = request.GET.getlist("id") if ids: queryset = queryset.filter(id__in=ids) status = EventStatus.from_string(request.data.get("status")) self.queryset.filter(pk__in=queryset[: self.pagination_class.max_hits]).update( status=status ) return Response({"status": status.label}) def bulk_delete(self, request, *args, **kwargs): """Limited to pagination page count limit""" queryset = self.filter_queryset(self.get_queryset()) ids = request.GET.getlist("id") if len(ids) > 0: queryset = queryset.filter(id__in=ids) count = self.queryset.filter( pk__in=queryset[: self.pagination_class.max_hits] ).delete() return Response(status=204) def serialize_tags(self, rows): return [ { "topValues": [ {"name": row[1], "value": row[1], "count": row[2], "key": key} for row in rows if row[0] == key ], "uniqueValues": len([row[2] for row in rows if row[0] == key]), "name": key, "key": key, "totalValues": sum([row[2] for row in rows if row[0] == key]), } for key in {tup[0] for tup in rows} ] @action(detail=True, methods=["get"]) def tags(self, request, pk=None): """ Get statistics about tags Filter with query param key= """ instance = self.get_object() keys = request.GET.getlist("key") with connection.cursor() as cursor: if keys: # The limit 2000000 prevents excessive load times query = """ SELECT key, value, count(*) FROM ( SELECT (each(tags)).* FROM events_event WHERE issue_id=%s LIMIT 2000000 ) AS stat(key, value) WHERE key = ANY(%s) GROUP BY key, value ORDER BY count DESC, value limit 100; """ cursor.execute(query, [instance.pk, keys]) else: query = """ SELECT key, value, count(*) FROM ( SELECT (each(tags)).* FROM events_event WHERE issue_id=%s LIMIT 2000000 ) AS stat(key, value) GROUP BY key, value ORDER BY count DESC, value limit 100; """ cursor.execute(query, [instance.pk]) rows = cursor.fetchall() tags = self.serialize_tags(rows) return Response(tags) @action(detail=True, methods=["get"], url_path=r"tags/(?P[-\w]+)") def tag_detail(self, request, pk=None, tag=None): """ Get statistics about specified tag """ instance = self.get_object() with connection.cursor() as cursor: query = """ SELECT key, value, count(*) FROM ( SELECT (each(tags)).key, (each(tags)).value FROM events_event WHERE issue_id=%s ) AS stat WHERE key=%s GROUP BY key, value ORDER BY count DESC, value; """ cursor.execute(query, [instance.pk, tag]) rows = cursor.fetchall() tags = self.serialize_tags(rows) if not tags: raise NotFound() return Response(tags[0]) class EventViewSet(viewsets.ReadOnlyModelViewSet): queryset = Event.objects.filter(issue__isnull=False) serializer_class = EventSerializer permission_classes = [EventPermission] def get_serializer_class(self): if self.action in ["retrieve", "latest"]: return EventDetailSerializer return super().get_serializer_class() def get_queryset(self): if not self.request.user.is_authenticated: return self.queryset.none() qs = ( super() .get_queryset() .filter(issue__project__organization__users=self.request.user) ) if "issue_pk" in self.kwargs: qs = qs.filter(issue=self.kwargs["issue_pk"]) if "organization_slug" in self.kwargs: qs = qs.filter( issue__project__organization__slug=self.kwargs["organization_slug"], ) if "project_slug" in self.kwargs: qs = qs.filter( issue__project__slug=self.kwargs["project_slug"], ) qs = ( qs.select_related("issue__project__organization") .prefetch_related("tags__key") .defer("issue__tags", "issue__search_vector") ) return qs @action(detail=False, methods=["get"]) def latest(self, request, *args, **kwargs): instance = self.get_queryset().first() serializer = self.get_serializer(instance) return Response(serializer.data) class EventJsonView(views.APIView): """ Represents a "raw" view of the event Not significantly different from event API view in usage but format is very different. Exists mainly for Sentry API compatibility """ permission_classes = [EventPermission] def get(self, request, org, issue, event, format=None): try: event = ( Event.objects.filter( pk=event, issue__project__organization__slug=org, issue__project__organization__users=self.request.user, ) .distinct() .get() ) except Event.DoesNotExist: return HttpResponseNotFound() return Response(event.event_json()) class CommentViewSet( mixins.CreateModelMixin, mixins.ListModelMixin, mixins.UpdateModelMixin, mixins.DestroyModelMixin, viewsets.GenericViewSet, ): queryset = Comment.objects.all() serializer_class = CommentSerializer permission_classes = [EventPermission] def get_queryset(self): if not self.request.user.is_authenticated: return self.queryset.none() queryset = ( super() .get_queryset() .filter(issue__project__organization__users=self.request.user) ) issue_id = self.kwargs.get("issue_pk") if issue_id: queryset = queryset.filter(issue_id=issue_id) return queryset def perform_create(self, serializer): try: issue = Issue.objects.get( id=self.kwargs.get("issue_pk"), project__organization__users=self.request.user, ) except Issue.DoesNotExist: raise exceptions.ValidationError("Issue does not exist") serializer.save(issue=issue, user=self.request.user)