Beispiel #1
0
def remove_item_from_shop(request):
    if request.method == 'POST':
        login = request.COOKIES.get('login_hash')
        username = None
        if login is not None:
            username = Consumer.loggedInUsers.get(login)
            if username is None:
                return HttpResponse('fail')

        item_id = request.POST.get('item_id')

        item = ItemsLogic.get_item(item_id)
        if item is False:
            return HttpResponse('fail')
        if not UsersLogic.is_owner_of_shop(username, item.shop_name):
            if UsersLogic.is_manager_of_shop(username, item.shop_name):
                manager = UsersLogic.get_manager(username, item.shop_name)
                if manager.permission_remove_item is not 1:  # no permission
                    return HttpResponse('no permission to remove item')
            else:
                return HttpResponse('fail')  # not manager not owner

        status = ItemsLogic.remove_item_from_shop(item_id, username)
        if status is False:
            return HttpResponse('fail')
        return HttpResponse('success')
Beispiel #2
0
 def setUp(self):
     init_database('db.sqlite3')
     register(RegisteredUser('YoniYoni', '1234567878'))
     register(RegisteredUser('StoreManager1', '1234567878'))
     shop = Shop('My Shop', 'Active')
     ShopLogic.create_shop(shop, 'YoniYoni')
     UsersLogic.add_manager('YoniYoni', StoreManager('StoreManager1', 'My Shop', 1, 1, 1, 1, 1, 1, 1, 1))
Beispiel #3
0
 def test_add_login(self):
     UsersLogic.register(RegisteredUser("user1user1", "13245678"))
     self.assertTrue(LoggerLogic.add_login_log("user1user1"))
     logs = Logger.get_all_login_logs()
     self.assertTrue(len(logs) == 1)
     login_log = logs[0]
     self.assertEqual(login_log.username, "user1user1")
Beispiel #4
0
def add_discount_page(request):
    if request.method == 'GET':
        shop_name = request.GET.get('shop_name')
        login = request.COOKIES.get('login_hash')
        guest = request.COOKIES.get('guest_hash')
        if login is not None:
            username = Consumer.loggedInUsers.get(login)
            if username is None:
                return HttpResponse(error_login_owner)
        else:
            return HttpResponse(error_login_owner)
        if not UsersLogic.is_owner_of_shop(username, shop_name):
            if UsersLogic.is_manager_of_shop(username, shop_name):
                manager = UsersLogic.get_manager(username, shop_name)
                if manager.discount_permission is not 1:  # no permission
                    return HttpResponse('no permission to add discount')
            else:
                return HttpResponse('fail')  # not manager not owner
        every_html = {
            'top_bar': Topbar_Navbar.get_top_bar(login),
            'nav_bar': Topbar_Navbar.get_nav_bar(login, guest)
        }
        return render(request,
                      'shop_add_discount.html',
                      context={
                          'every_html': every_html,
                          'shop_name': shop_name
                      })
Beispiel #5
0
def edit_password(request):
    if request.method == 'POST':
        current_password = request.POST.get('current_password')
        new_password = request.POST.get('new_password')

        event = "EDIT PASSWORD"
        suspect_sql_injection = False
        suspect_sql_injection = LoggerLogic.identify_sql_injection(
            current_password, event)
        suspect_sql_injection = LoggerLogic.identify_sql_injection(
            new_password, event)

        if suspect_sql_injection:
            return HttpResponse(LoggerLogic.MESSAGE_SQL_INJECTION)

        login = request.COOKIES.get('login_hash')
        if login is not None:
            username = Consumer.loggedInUsers.get(login)

            if UsersLogic.login(RegisteredUser(username, current_password)):
                return HttpResponse(
                    UsersLogic.edit_password(
                        RegisteredUser(username, new_password)))

        return HttpResponse('FAILED: You are not logged in.')
Beispiel #6
0
def get_system_users(request):
    if request.method == 'GET':
        login = request.COOKIES.get('login_hash')
        if login is not None:
            username = Consumer.loggedInUsers.get(login)
            if username is not None:
                if UsersLogic.is_system_manager(username):
                    users_html = ""
                    users = UsersLogic.get_all_users()
                    for user in users:
                        shops_own = len(
                            UsersLogic.get_owned_shops(user.username))
                        shop_manage = len(
                            UsersLogic.get_managed_shops(user.username))

                        users_html += loader.render_to_string(
                            'components/user.html',
                            context={
                                'username': user.username,
                                'shop_own_count': shops_own,
                                'shop_manage_count': shop_manage,
                            })
                    context = {
                        'topbar': Topbar_Navbar.get_top_bar(login),
                        'navbar': Topbar_Navbar.get_nav_bar(login, None)
                    }
                    context.update({'users': users_html})
                    return render(request,
                                  'system-users.html',
                                  context=context)
        return HttpResponse("You don't have the privilege to be here")
Beispiel #7
0
def get_account(request):
    if request.method == 'GET':
        login = request.COOKIES.get('login_hash')
        if login is None:
            login = request.GET.get('login_hash')
        if login is not None:
            username = Consumer.loggedInUsers.get(login)
            if username is not None:
                # html of a logged in user
                system_hidden = "hidden"
                if UsersLogic.is_system_manager(username):
                    system_hidden = ""
                    details = {'state': "AFG", 'age': "AFG", 'sex': "AFG"}
                else:
                    details = UsersLogic.get_user_details(username)
                context = {
                    'topbar': Topbar_Navbar.get_top_bar(login),
                    'navbar': Topbar_Navbar.get_nav_bar(login, None)
                }
                context.update({
                    'system_hidden': system_hidden,
                    'state': details.get('state'),
                    'age': details.get('age'),
                    'sex': details.get('sex')
                })
                return render(request,
                              'customer-account.html',
                              context=context)

        return HttpResponse('You are not logged in!')
Beispiel #8
0
 def test_add_manager(self):
     ShopLogic.create_shop(SHOP, USERNAME)
     UsersLogic.register(OTHER_USER)
     manager = StoreManager(OTHER_USERNAME, SHOP_NAME, PERMISSIONS[0], PERMISSIONS[1],
                            PERMISSIONS[2], PERMISSIONS[3], PERMISSIONS[4], PERMISSIONS[5], PERMISSIONS[6],
                            PERMISSIONS[7])
     is_added = UsersLogic.add_manager(USERNAME, manager)
     self.assertTrue(is_added)
Beispiel #9
0
    def test_modify_notifications(self):
        ShopLogic.create_shop(SHOP, USERNAME)
        UsersLogic.modify_notifications(USERNAME, 0, SHOP.name)
        owner = Owners.get_owner(USERNAME, SHOP_NAME)
        self.assertEqual(0, owner.should_notify)

        UsersLogic.modify_notifications(USERNAME, 1, SHOP.name)
        owner = Owners.get_owner(USERNAME, SHOP_NAME)
        self.assertEqual(1, owner.should_notify)
Beispiel #10
0
def get_messages(request):
    if request.method == 'GET':
        login = request.COOKIES.get('login_hash')
        content = request.GET.get('content')
        if login is not None:
            username = Consumer.loggedInUsers.get(login)
            if username is not None:
                # html of a logged in user
                messages_html = ""
                if content == 'received':
                    if UsersLogic.is_system_manager(username):
                        messages = MessagingLogic.get_received_system_messages(
                        )
                    else:
                        messages = MessagingLogic.get_all_messages(username)
                    for message in messages:
                        messages_html += loader.render_to_string(
                            'components/Message.html',
                            context={
                                'id': message.message_id,
                                'from': message.from_username,
                                'to': message.to_username,
                                'content': message.content
                            })
                    received_on = "class=active"
                    sent_on = ""
                elif content == 'sent':
                    if UsersLogic.is_system_manager(username):
                        messages = MessagingLogic.get_sent_system_messages()
                    else:
                        messages = MessagingLogic.get_all_sent_messages(
                            username)
                    for message in messages:
                        messages_html += loader.render_to_string(
                            'components/Message.html',
                            context={
                                'id': message.message_id,
                                'from': message.from_username,
                                'to': message.to_username,
                                'content': message.content
                            })
                    received_on = ""
                    sent_on = "class=active"
                else:
                    return HttpResponse('You are not logged in!')
                context = {
                    'topbar': Topbar_Navbar.get_top_bar(login),
                    'navbar': Topbar_Navbar.get_nav_bar(login, None)
                }
                context.update({
                    'messages': messages_html,
                    'received_on': received_on,
                    'sent_on': sent_on
                })
                return render(request, 'messages.html', context=context)

        return HttpResponse('You are not logged in!')
Beispiel #11
0
 def test_send_message_and_get_messages_of_users(self):
     UsersLogic.register(RegisteredUser('TomerTomer', '1234567878'))
     UsersLogic.register(RegisteredUser('ShaharShahar', '1234567878'))
     MessagingLogic.send_message(Message(1, 'TomerTomer', 'ShaharShahar', 'Hello 1'))
     MessagingLogic.send_message(Message(2, 'ShaharShahar', 'TomerTomer', 'Hello 2'))
     messages1 = MessagingLogic.get_all_messages('TomerTomer')
     messages2 = MessagingLogic.get_all_messages('ShaharShahar')
     self.assertTrue(messages1[0].content == 'Hello 2')
     self.assertTrue(messages2[0].content == 'Hello 1')
Beispiel #12
0
    def test_torture1(self):
        # Adding Users
        status = UsersLogic.register(RegisteredUser('user1user1', 'asdas12da'))
        self.assertTrue(status)
        status = UsersLogic.register(RegisteredUser('user2user2', 'cse12fdsf'))
        self.assertTrue(status)
        status = UsersLogic.register(RegisteredUser('user3user3', '12312124'))
        self.assertTrue(status)
        status = UsersLogic.register(RegisteredUser('user4user4',
                                                    '1344321324'))
        self.assertTrue(status)
        status = UsersLogic.register(RegisteredUser('user5user5',
                                                    '1c24c143c1'))
        self.assertTrue(status)

        # Adding System Managers
        status = UsersLogic.add_system_manager(
            SystemManager('sys1sys1', 'POWER123'))
        self.assertTrue(status)

        status = UsersLogic.edit_password(
            RegisteredUser('user5user5', '12312456'))
        self.assertTrue(status)

        user = RegisteredUsers.get_user('user5user5')

        UsersLogic.remove_user('sys1sys1', user)
        status = RegisteredUsers.get_user('user5user5')
        self.assertFalse(status)
Beispiel #13
0
def edit_shop_item(request):
    if request.method == 'POST':
        login = request.COOKIES.get('login_hash')
        username = None
        if login is not None:
            username = Consumer.loggedInUsers.get(login)
            if username is None:
                return HttpResponse('fail')
        item_id = request.POST.get('item_id')

        fields = ['quantity', 'category', 'keywords', 'price', 'url']
        new_values = [
            request.POST.get('item_quantity'),
            request.POST.get('item_category'),
            request.POST.get('item_keywords'),
            request.POST.get('item_price'),
            request.POST.get('item_url')
        ]

        event = "EDIT ITEM"
        suspect_sql_injection = False
        suspect_sql_injection = LoggerLogic.identify_sql_injection(
            new_values[0], event) or suspect_sql_injection
        suspect_sql_injection = LoggerLogic.identify_sql_injection(
            new_values[1], event) or suspect_sql_injection
        suspect_sql_injection = LoggerLogic.identify_sql_injection(
            new_values[2], event) or suspect_sql_injection
        suspect_sql_injection = LoggerLogic.identify_sql_injection(
            new_values[3], event) or suspect_sql_injection
        suspect_sql_injection = LoggerLogic.identify_sql_injection(
            new_values[4], event) or suspect_sql_injection
        if suspect_sql_injection:
            return HttpResponse(MESSAGE_SQL_INJECTION)

        item = ItemsLogic.get_item(item_id)
        if item is False:
            return HttpResponse('fail')
        if not UsersLogic.is_owner_of_shop(username, item.shop_name):
            if UsersLogic.is_manager_of_shop(username, item.shop_name):
                manager = UsersLogic.get_manager(username, item.shop_name)
                if manager.permission_edit_item is not 1:  # no permission
                    return HttpResponse('no permission to edit item')
            else:
                return HttpResponse('fail')  # not manager not owner

        for i in range(0, len(fields)):
            status = ItemsLogic.edit_shop_item(username, item_id, fields[i],
                                               new_values[i])
            if status is False:
                return HttpResponse('fail')
        return HttpResponse('success')
Beispiel #14
0
 def test_add_invisible_discount_bad(self):
     register(RegisteredUser('YoniYoni', '1234567878'))
     register(RegisteredUser('StoreManager1', '1234567878'))
     shop = Shop('My Shop', 'Active')
     ShopLogic.create_shop(shop, 'YoniYoni')
     UsersLogic.add_manager(
         'YoniYoni',
         StoreManager('StoreManager1', 'My Shop', 1, 1, 1, 1, 1, 1, 1, 1))
     item1 = Item(1, 'My Shop', 'milk', 'diary', 'good', 12, 100, 'regular',
                  None, 0, 0, 0)
     ItemsLogic.add_item_to_shop(item1, 'StoreManager1')
     invdisc = InvisibleDiscount('ABCDEFGHIJKLMNO', item1.id, shop.name, -1,
                                 '2018-12-01', '2019-12-01')
     self.assertFalse(add_invisible_discount(invdisc, 'YoniYoni'))
Beispiel #15
0
 def test_bad_no_get_all_premss_send_message_and_get_messages_of_shops(self):
     register(RegisteredUser('TomerTomer1', '1234567878'))
     shop1 = Shop('My Shop1', 'Active')
     ShopLogic.create_shop(shop1, 'TomerTomer1')
     register(RegisteredUser('TomerTomer2', '1234567878'))
     shop2 = Shop('My Shop2', 'Active')
     ShopLogic.create_shop(shop2, 'TomerTomer2')
     UsersLogic.add_manager('TomerTomer1', StoreManager('TomerTomer2', 'My Shop1', 1, 1, 1, 1, 0, 1, 1, 1))
     UsersLogic.add_manager('TomerTomer2', StoreManager('TomerTomer1', 'My Shop2', 1, 1, 1, 1, 0, 1, 1, 1))
     MessagingLogic.send_message_from_shop('TomerTomer2', Message(1, 'My Shop1', 'My Shop2', 'Hello 1'))
     MessagingLogic.send_message_from_shop('TomerTomer1', Message(2, 'My Shop2', 'My Shop1', 'Hello 2'))
     messages1 = MessagingLogic.get_all_shop_messages('TomerTomer2', 'My Shop1')
     messages2 = MessagingLogic.get_all_shop_messages('TomerTomer1', 'My Shop2')
     self.assertFalse(messages1)
     self.assertFalse(messages2)
Beispiel #16
0
 def test_bad_no_permssion_send_message_and_get_messages_of_shops(self):
     register(RegisteredUser('TomerTomer1', '1234567878'))
     shop1 = Shop('My Shop1', 'Active')
     ShopLogic.create_shop(shop1, 'TomerTomer1')
     register(RegisteredUser('TomerTomer2', '1234567878'))
     shop2 = Shop('My Shop2', 'Active')
     ShopLogic.create_shop(shop2, 'TomerTomer2')
     UsersLogic.add_manager('TomerTomer1', StoreManager('TomerTomer2', 'My Shop1', 1, 1, 1, 0, 1, 1, 1, 1))
     UsersLogic.add_manager('TomerTomer2', StoreManager('TomerTomer1', 'My Shop2', 1, 1, 1, 0, 1, 1, 1, 1))
     self.assertEqual(MessagingLogic.send_message_from_shop('TomerTomer2',
                                                            Message(1, 'My Shop1', 'My Shop2', 'Hello 1'))
                      , "FAILED: You don't have the permissions")
     self.assertEqual(MessagingLogic.send_message_from_shop('TomerTomer1',
                                                            Message(2, 'My Shop2', 'My Shop1', 'Hello 2'))
                      , "FAILED: You don't have the permissions")
Beispiel #17
0
def get_system_shops(request):
    if request.method == 'GET':
        login = request.COOKIES.get('login_hash')

        if login is not None:
            username = Consumer.loggedInUsers.get(login)
            if username is not None:
                if UsersLogic.is_system_manager(username):
                    orders_html = ""
                    shops_html = ""
                    shops = ShopLogic.get_all_shops()
                    for shop in shops:
                        shops_html += loader.render_to_string(
                            'components/shop.html',
                            context={
                                'shop_name': shop.name,
                                'status': shop.status
                            })

                    context = {
                        'topbar': Topbar_Navbar.get_top_bar(login),
                        'navbar': Topbar_Navbar.get_nav_bar(login, None)
                    }
                    context.update({'shops': shops_html})
                    return render(request,
                                  'system-shops.html',
                                  context=context)
        return HttpResponse("You don't have the privilege to be here")
Beispiel #18
0
def login(request):
    if request.method == 'POST':
        username = request.POST.get('username')
        password = request.POST.get('password')

        event = "LOGIN"
        suspect_sql_injection = False
        suspect_sql_injection = LoggerLogic.identify_sql_injection(
            username, event) or suspect_sql_injection
        suspect_sql_injection = LoggerLogic.identify_sql_injection(
            password, event) or suspect_sql_injection

        if suspect_sql_injection:
            return HttpResponse(LoggerLogic.MESSAGE_SQL_INJECTION)

        user = RegisteredUser(username, password)
        result = UsersLogic.login(user)
        if result[:7] == 'SUCCESS':
            access_token = hashlib.md5(username.encode()).hexdigest()
            Consumer.loggedInUsers[access_token] = username
            Consumer.loggedInUsersShoppingCart[
                access_token] = ShoppingLogic.get_cart_items(username)
            return HttpResponse(access_token)
        else:
            return HttpResponse(result)
Beispiel #19
0
 def test_add_manager_bad_username(self):
     manager = StoreManager(OTHER_USERNAME, SHOP_NAME, PERMISSIONS[0], PERMISSIONS[1],
                            PERMISSIONS[2], PERMISSIONS[3], PERMISSIONS[4], PERMISSIONS[5], PERMISSIONS[6], PERMISSIONS[7],)
     manager = StoreManager(OTHER_USERNAME, SHOP_NAME, PERMISSIONS[0], PERMISSIONS[1],
                            PERMISSIONS[2], PERMISSIONS[3], PERMISSIONS[4], PERMISSIONS[5], PERMISSIONS[6], PERMISSIONS[7],)
     is_added = UsersLogic.add_manager(USERNAME, manager)
     self.assertNotEqual(is_added, 'SUCCESS')
Beispiel #20
0
def update_permissions(request):
    if request.method == 'POST':
        shop_name = request.POST.get('shop_name')
        target_id = request.POST.get('target_id')

        event = "UPDATE PERMISSIONS"
        suspect_sql_injection = False
        suspect_sql_injection = LoggerLogic.identify_sql_injection(
            shop_name, event) or suspect_sql_injection
        suspect_sql_injection = LoggerLogic.identify_sql_injection(
            target_id, event) or suspect_sql_injection

        if suspect_sql_injection:
            return HttpResponse(LoggerLogic.MESSAGE_SQL_INJECTION)

        login = request.COOKIES.get('login_hash')
        if login is not None:
            username = Consumer.loggedInUsers.get(login)

            store_manager = StoreManager(
                target_id, shop_name, request.POST.get('add_item_permission'),
                request.POST.get('remove_item_permission'),
                request.POST.get('edit_item_permission'),
                request.POST.get('reply_message_permission'),
                request.POST.get('get_all_message_permission'),
                request.POST.get('get_purchase_history_permission'),
                request.POST.get('get_discount_permission'),
                request.POST.get('set_policy_permission'))

            if UsersLogic.update_permissions(username, store_manager):
                return HttpResponse('success')
        return HttpResponse('fail')
Beispiel #21
0
def get_system_log(request):
    if request.method == 'GET':
        login = request.COOKIES.get('login_hash')

        if login is not None:
            username = Consumer.loggedInUsers.get(login)
            if username is not None:
                if UsersLogic.is_system_manager(username):
                    logs_html = ""
                    log_items = LoggerLogic.get_all_event_logs()
                    for log_item in log_items:
                        logs_html += loader.render_to_string(
                            'components/log_table_event.html',
                            context={
                                'username': log_item.username,
                                'time': log_item.time,
                                'event': log_item.event
                            })

                    context = {
                        'topbar': Topbar_Navbar.get_top_bar(login),
                        'navbar': Topbar_Navbar.get_nav_bar(login, None)
                    }
                    return render(request,
                                  'system-logger.html',
                                  context=context)
        return HttpResponse("You don't have the privilege to be here")
Beispiel #22
0
def add_manager(request):
    if request.method == 'POST':
        shop_name = request.POST.get('shop_name')
        target_id = request.POST.get('target_id')

        event = "ADD MANAGER"
        suspect_sql_injection = False
        suspect_sql_injection = LoggerLogic.identify_sql_injection(
            shop_name, event) or suspect_sql_injection
        suspect_sql_injection = LoggerLogic.identify_sql_injection(
            target_id, event) or suspect_sql_injection

        if suspect_sql_injection:
            return HttpResponse(LoggerLogic.MESSAGE_SQL_INJECTION)

        login = request.COOKIES.get('login_hash')
        if login is not None:
            username = Consumer.loggedInUsers.get(login)

            store_manager = StoreManager(
                target_id, shop_name, request.POST.get('add_item_permission'),
                request.POST.get('remove_item_permission'),
                request.POST.get('edit_item_permission'),
                request.POST.get('reply_message_permission'),
                request.POST.get('get_all_message_permission'),
                request.POST.get('get_purchase_history_permission'),
                request.POST.get('get_discount_permission'),
                request.POST.get('set_policy_permission'))

            if username is not None:
                return HttpResponse(
                    UsersLogic.add_manager(username, store_manager))
        return HttpResponse('FAILED: You are not logged in')
Beispiel #23
0
def register(request):
    if request.method == 'POST':
        username = request.POST.get('username')
        password = request.POST.get('password')
        state = request.POST.get('state')
        age = request.POST.get('age')
        sex = request.POST.get('sex')

        event = "REGISTER"
        suspect_sql_injection = False
        suspect_sql_injection = LoggerLogic.identify_sql_injection(
            username, event)
        suspect_sql_injection = LoggerLogic.identify_sql_injection(
            password, event)
        suspect_sql_injection = LoggerLogic.identify_sql_injection(
            state, event)
        suspect_sql_injection = LoggerLogic.identify_sql_injection(age, event)
        suspect_sql_injection = LoggerLogic.identify_sql_injection(sex, event)

        if suspect_sql_injection:
            return HttpResponse(LoggerLogic.MESSAGE_SQL_INJECTION)

        return HttpResponse(
            UsersLogic.register_with_user_detail(
                RegisteredUser(username, password), state, age, sex))
Beispiel #24
0
def update_details(request):
    if request.method == 'POST':
        state = request.POST.get('state')
        age = request.POST.get('age')
        sex = request.POST.get('sex')

        event = "UPDATE USER DETAILS"
        suspect_sql_injection = False
        suspect_sql_injection = LoggerLogic.identify_sql_injection(
            state, event) or suspect_sql_injection
        suspect_sql_injection = LoggerLogic.identify_sql_injection(
            age, event) or suspect_sql_injection
        suspect_sql_injection = LoggerLogic.identify_sql_injection(
            sex, event) or suspect_sql_injection

        if suspect_sql_injection:
            return HttpResponse(LoggerLogic.MESSAGE_SQL_INJECTION)

        login = request.COOKIES.get('login_hash')
        if login is not None:
            username = Consumer.loggedInUsers.get(login)
            return HttpResponse(
                UsersLogic.update_details(username, state, age, sex))

        return HttpResponse('FAILED: You are not logged in.')
Beispiel #25
0
 def test_get_visible_discount_bad_item(self):
     register(RegisteredUser('YoniYoni', '1234567878'))
     register(RegisteredUser('StoreManager1', '1234567878'))
     shop = Shop('My Shop', 'Active')
     ShopLogic.create_shop(shop, 'YoniYoni')
     UsersLogic.add_manager(
         'YoniYoni',
         StoreManager('StoreManager1', 'My Shop', 1, 1, 1, 1, 1, 1, 1, 1))
     item1 = Item(1, 'My Shop', 'milk', 'diary', 'good', 12, 100, 'regular',
                  None, 0, 0, 0)
     item2 = Item(2, 'My Shop', 'milk1', 'diary1', 'good', 12, 100,
                  'regular', None, 0, 0, 0)
     ItemsLogic.add_item_to_shop(item1, 'StoreManager1')
     disc = VisibleDiscount(item1.id, shop.name, 50, '2018-12-01',
                            '2019-12-01')
     self.assertTrue(add_visible_discount(disc, 'YoniYoni'))
     self.assertFalse(get_visible_discount(item2.id, shop.name))
Beispiel #26
0
def re_open_shop(request):
    if request.method == 'POST':
        shop_name = request.POST.get('shop_name')
        login = request.COOKIES.get('login_hash')
        if login is not None:
            username = Consumer.loggedInUsers.get(login)
            if UsersLogic.re_open_shop(username, shop_name):
                return HttpResponse('success')
        return HttpResponse('fail')
Beispiel #27
0
 def test_get_visible_discount(self):
     register(RegisteredUser('YoniYoni', '1234567878'))
     register(RegisteredUser('StoreManager1', '1234567878'))
     shop = Shop('My Shop', 'Active')
     ShopLogic.create_shop(shop, 'YoniYoni')
     UsersLogic.add_manager(
         'YoniYoni',
         StoreManager('StoreManager1', 'My Shop', 1, 1, 1, 1, 1, 1, 1, 1))
     item1 = Item(1, 'My Shop', 'milk', 'diary', 'good', 12, 100, 'regular',
                  None, 0, 0, 0)
     ItemsLogic.add_item_to_shop(item1, 'StoreManager1')
     disc = VisibleDiscount(item1.id, shop.name, 50, '2018-12-01',
                            '2019-12-01')
     self.assertTrue(add_visible_discount(disc, 'YoniYoni'))
     getted = get_visible_discount(item1.id, shop.name)
     self.assertEqual(getted.item_id, disc.item_id)
     self.assertEqual(getted.shop_name, disc.shop_name)
     self.assertEqual(getted.percentage, disc.percentage)
Beispiel #28
0
def login_gap(request):
    if request.method == 'GET':
        login = request.COOKIES.get('login_hash')
        if login is not None:
            username = Consumer.loggedInUsers.get(login)
            if username is not None:
                if UsersLogic.is_system_manager(username):
                    return HttpResponse(len(Consumer.loggedInUsers))
        return HttpResponse("You don't have the privilege to be here")
Beispiel #29
0
def watch_purchase_history(request):
    if request.method == 'GET':
        shop_name = request.GET.get('shop_name')
        login = request.COOKIES.get('login_hash')
        guest = request.COOKIES.get('guest_hash')
        if login is not None:
            username = Consumer.loggedInUsers.get(login)
            if username is None:
                return HttpResponse(error_login_owner)
        else:
            return HttpResponse(error_login_owner)

        if not UsersLogic.is_owner_of_shop(username, shop_name):
            if UsersLogic.is_manager_of_shop(username, shop_name):
                manager = UsersLogic.get_manager(username, shop_name)
                if manager.permission_get_purchased_history is not 1:  # no permission
                    return HttpResponse(
                        'no permission to watch purchase history')
            else:
                return HttpResponse('fail')  # not manager not owner

        every_html = {
            'top_bar': Topbar_Navbar.get_top_bar(login),
            'nav_bar': Topbar_Navbar.get_nav_bar(login, guest)
        }
        shop_items = ShopLogic.get_shop_purchase_history(username, shop_name)
        string_items = ""
        for item in shop_items:
            string_items += loader.render_to_string(
                'components/purchase_item_owner.html', {
                    'purchase_id': item.purchase_id,
                    'item_id': item.item_id,
                    'quantity': item.quantity,
                    'price': item.price
                })
        return render(request,
                      'shop_view_purchase_history.html',
                      context={
                          'every_html': every_html,
                          'items': string_items,
                          'shop_name': shop_name
                      })
    return HttpResponse(not_get_request)
Beispiel #30
0
def modify_notifications(request):
    if request.method == 'POST':
        should_notify = request.POST.get('modify_notifications')
        shop_name = request.POST.get('shop_name')

        login = request.COOKIES.get('login_hash')
        if login is not None:
            username = Consumer.loggedInUsers.get(login)
            if UsersLogic.modify_notifications(username, should_notify,
                                               shop_name):
                return HttpResponse('success')
        return HttpResponse('fail')