def retrieve(self, request, pk=None):
from apps.custom_user.utils import get_user_resort_status
try:
user = get_user_model().objects.get(user_id=pk)
except:
return Response({_("detail"): _("User does not exists")},
status=400)
resort = get_resort_for_user(user)
if (user_has_permission(request.user, resort, 3)
or user_has_permission(request.user, resort, 2)
) or request.user == user or request.user.is_admin:
if not user.is_active:
return Response({_("detail"): _("User inactive or deleted.")},
status=403)
response_data = get_user_resort_combo(
user.user_pk,
('resort_id', 'resort_name', 'map_kml', 'map_type',
'report_form', 'unit_format', 'timezone', 'map_lat',
'map_lng', 'resort_logo', 'datetime_format',
'resort_controlled_substances', 'resort_asset_management'))
response_data.update(
{"user_status": get_user_resort_status(user, resort)})
return Response(response_data, status=200)
else:
return Response(
{_("detail"): _("You dont have permission to retrieve user")},
status=403)
def devices(self, request, pk=None):
user = request.user
resort = get_resort_for_user(user)
response_data = {}
if user_has_permission(
request.user, resort,
3) or request.user == user or request.user.is_admin:
user = get_user_model().objects.filter(user_id=pk).first()
if user is not None:
if not user.is_active:
return Response(
{_("detail"): _("User inactive or deleted.")},
status=403)
device_data = get_devices_user(user)
response_data['device_count'] = len(device_data)
response_data['user_id'] = user.user_id
response_data['devices'] = device_data
return Response(response_data, status=200)
else:
return Response({_('detail'): _('user does not exists')},
status=400)
else:
return Response(
{
_("detail"):
_("You dont have permission to retrieve user device")
},
status=403)
def status(self, request, pk=None):
status_type = request.query_params.get('type', 'activate')
resort_id = request.query_params.get('resort_id', '')
try:
status_user = get_user_model().objects.get(user_id=pk)
except:
return Response({_("detail"): _("User does not exists")},
status=400)
request_user = request.user
status_user_resort = get_resort_for_user(status_user)
request_user_resort = get_resort_for_user(request_user)
if (status_user_resort != request_user_resort) or str(
status_user_resort.resort_id) != resort_id:
raise exceptions.PermissionDenied
if user_has_permission(request_user, request_user_resort,
3) or request.user.is_admin:
status_user_resort_map = get_user_resort_map(
status_user, status_user_resort)
status_user_resort_map.user_status = ARCHIVED if status_type == 'archived' else ACTIVE
status_user_resort_map.save()
return Response({_("detail"): _("user status updated")},
status=200)
else:
raise exceptions.PermissionDenied
def list(self, request, *args, **kwargs):
user = self.request.user
search = request.query_params.get('search', '')
order_by = request.query_params.get('order_by', 'user__name')
order_by_direction = request.query_params.get('order_by_direction',
'desc')
user_resort = UserResortMap.objects.filter(user=user).first()
if order_by_direction == 'desc':
order = '-' + order_by
elif order_by_direction == 'asc':
order = order_by
if user_has_permission(request.user, user_resort.resort,
3) or request.user.is_admin:
user_id = []
query = None
if user.is_admin:
query = UserResortMap.objects.filter(
Q(user__email__icontains=search)
| Q(user__name__icontains=search),
user__is_active=True).order_by(order)
else:
query = UserResortMap.objects.filter(
Q(user__email__icontains=search)
| Q(user__name__icontains=search),
resort=user_resort.resort,
user__is_active=True,
user__user_connected=user.user_connected).order_by(order)
queryset = self.filter_queryset(query)
page = self.paginate_queryset(queryset)
if page is not None:
serializer = UserResortSerializer(page, many=True)
return self.get_paginated_response(serializer.data)
serializer = self.get_serializer(queryset, many=True)
return Response(serializer.data)
else:
return Response(
{_("detail"): _("You dont have permission to list user")},
status=403)
def destroy(self, request, pk=None):
try:
user = get_user_model().objects.get(user_id=pk)
except:
return Response({_("detail"): _("User does not exists")},
status=400)
resort = get_resort_for_user(user)
response_data = {}
if user_has_permission(request.user, resort,
3) or request.user.is_admin:
user_resort_map_combo = get_user_resort_map(user, resort)
user_resort_map_combo.user_status = USER_DELETED
user_resort_map_combo.save()
if not user.is_active:
return Response({_("detail"): _("User inactive or deleted.")},
status=403)
user.is_active = False
user.save()
response_data['user_id'] = user.user_id
response_data['status'] = 'deleted'
# Deletes all the device associated with user
Devices.objects.filter(device_user=user).delete()
inject_patroller(resort, user, 'remove')
return Response(response_data, status=200)
else:
return Response(
{_("detail"): _("You dont have permission to delete user")},
status=403)
def post(self, request, *args, **kwargs):
user = request.user
resort = get_resort_for_user(user)
# Check if the user requesting the impersonate is manager (or) not.
if not user_has_permission(user, resort, 3):
return Response(
{
_('detail'):
_('you do not have permission to impersonate this user')
},
status=400)
# check for validity of the UUID of the user
if not uuid(kwargs['user_id']):
return Response({_('detail'): _('not a valid UUID')}, status=400)
device_id = request.query_params.get('device_id')
if device_id is None:
return Response({_('detail'): _('device_id not provided')},
status=400)
try:
impersonate_user = get_user_model().objects.get(
user_id=kwargs['user_id'])
impersonate_user_resort = get_resort_for_user(impersonate_user)
if impersonate_user_resort != resort:
return Response(
{_('detail'): _('user is not allowed to impersonate')},
status=400)
except:
return Response({_('detail'): _('user not found')}, status=400)
try:
device = Devices.objects.get(device_id=device_id)
except:
return Response(
{
_('detail'):
_('device with provided device_id does not exists')
},
status=400)
try:
Heartbeat.objects.get(user=impersonate_user, device=device)
except:
heartbeat = Heartbeat(user=impersonate_user, device=device)
heartbeat.save()
response_data = {}
resort_data = get_user_resort_combo(
impersonate_user.user_pk,
('resort_id', 'resort_name', 'map_kml', 'map_type', 'report_form',
'unit_format', 'timezone', 'map_lat', 'map_lng',
'datetime_format', 'season_start_date', 'dispatch_field_choice'),
('user_id', 'name', 'email', 'phone'))
response_data.update(resort_data)
response_data.update({'devices': get_devices_user(impersonate_user)})
response_data.update({'token': get_token(impersonate_user)})
return Response(response_data, status=200)
def update(self, request, pk=None):
try:
user = get_user_model().objects.get(user_id=pk)
except:
return Response({_("detail"): _("User does not exists")},
status=400)
resort = get_resort_for_user(user)
if user_has_permission(
request.user, resort,
3) or request.user == user or request.user.is_admin:
if not user.is_active:
return Response({_("detail"): _("User inactive or deleted.")},
status=403)
user_data = UserSerializer(user, data=request.data, partial=True)
if user_data.is_valid():
routing_user = RoutingUser.objects.filter(
email=user_data.validated_data['email']).first()
if routing_user is not None:
if user_data.validated_data['email'] != user.email:
return Response(
{
_("detail"):
_('the email address is already in use')
},
status=403)
else:
# Remove previous user information from discovery table across all region
remove_user_discovery(user, resort.domain_id, request)
user = user_data.save()
if user.user_connected == 1:
inject_patroller(resort, user, 'add')
else:
inject_patroller(resort, user, 'remove')
role = request.data.get('role_id')
if role is not None and role:
user_resort = UserResortMap.objects.filter(
user=user, resort=resort).first()
if user_resort is not None:
role = UserRoles.objects.filter(role_id=role).first()
if role is not None:
user_resort.role = role
user_resort.save()
else:
return Response(
{
_("detail"):
_("specified role does not exists")
},
status=400)
if routing_user is None:
# Update user email and Name across all the region
update_user_discovery(user, resort.domain_id, request)
# Update mailchimp with new user
if settings.RUN_ENV == 'master':
register_user_mailchimp('c08200b7c1', user.email,
resort.resort_name, user.name,
"", ['11182343c6'])
else:
register_user_mailchimp('c08200b7c1', user.email,
resort.resort_name, user.name,
"", ['0005c6dcdf'])
else:
return Response(user_data.errors, status=400)
else:
return Response(
{_("detail"): _("You don't have permission to update user")},
status=403)
response_data = get_user_resort_combo(
user.user_pk,
('resort_id', 'resort_name', 'map_kml', 'map_type', 'report_form',
'unit_format', 'timezone', 'map_lat', 'map_lng', 'resort_logo',
'datetime_format', 'resort_controlled_substances',
'resort_asset_management'))
return Response(response_data, status=200)
def create(self, request):
resort_id = request.data.get('resort_id')
resort = get_resort_by_resort_id(resort_id)
role_id = request.data.get('role_id')
# If role_id not provided (or) empty then use default role_id as 1 (patroller)
if (role_id is None) and (not role_id):
role_id = 1
elif not (0 < role_id < 4):
return Response({_('detail'): _("invalid role_id provided")},
status=400)
if resort is not None:
if resort.licenses is not None:
if UserResortMap.objects.filter(
resort=resort,
user__is_active=True,
user__user_connected=1).count() >= resort.licenses:
return Response({_('detail'): _('no more licenses')},
status=400)
if user_has_permission(request.user, resort,
3) or request.user.is_admin:
try:
user = get_user_model().objects.get(
email__iexact=request.data.get('email').lower())
return Response(
{
_('detail'):
_('the email address is already in use')
},
status=403)
# user_data = UserSerializer(user, data=request.data, partial=True)
except:
user_data = UserSerializer(data=request.data,
fields=('email', 'phone',
'name', 'password'))
if user_data.is_valid():
user = user_data.save(user_connected=1, is_active=True)
if settings.RUN_ENV == 'master':
register_user_mailchimp('c08200b7c1', user.email,
resort.resort_name, user.name,
"", ['11182343c6'])
else:
register_user_mailchimp('c08200b7c1', user.email,
resort.resort_name, user.name,
"", ['0005c6dcdf'])
else:
return Response(user_data.errors, status=400)
inject_patroller(resort, user, 'add')
else:
return Response(
{
_('detail'):
_("You dont have have permission to add user")
},
status=403)
else:
return Response(
{
_("detail"):
_("Resort with provided resort_id does not exists")
},
status=400)
update_user_discovery(user, resort.domain_id, request)
user_resort_map(user, resort, role_id)
response_data = get_user_resort_combo(
user.user_pk,
('resort_id', 'resort_name', 'map_kml', 'map_type', 'report_form',
'unit_format', 'timezone', 'map_lat', 'map_lng', 'resort_logo',
'datetime_format', 'resort_controlled_substances',
'resort_asset_management'))
return Response(response_data, status=200)