def generate_presigned_post(file_name, file_type, file_dir=''):
"""
generates a presigned post for a given file so you can upload it directly
:param file_name: string, the file name
:param file_type: string, the type of the file
:param file_dir: string, the directory where the file should be
:return:
"""
if file_name == '':
raise CustomError(ERROR__RECORD__UPLOAD__NO_FILE_NAME)
if file_type == '':
raise CustomError(ERROR__RECORD__UPLOAD__NO_FILE_TYPE)
s3_bucket = settings.AWS_S3_BUCKET_NAME
if file_dir != '' and not file_dir.endswith('/'):
file_dir = file_dir + "/"
session = boto3.session.Session(region_name=settings.AWS_S3_REGION_NAME)
s3 = session.client('s3',
aws_access_key_id=settings.AWS_ACCESS_KEY_ID,
aws_secret_access_key=settings.AWS_SECRET_ACCESS_KEY)
presigned_post = s3.generate_presigned_post(Bucket=s3_bucket,
Key=file_dir + file_name,
Fields={
"acl": "private",
"Content-Type": file_type
},
ExpiresIn=3600)
return {
'data': presigned_post,
'url': 'https://%s.s3.amazonaws.com/%s' % (s3_bucket, file_name)
}
def update(self, request, *args, **kwargs):
try:
user_id = kwargs['pk']
user = UserProfile.objects.get(pk=user_id)
except:
raise CustomError(ERROR__API__ID_NOT_FOUND)
if request.user != user and not request.user.is_superuser:
raise CustomError(ERROR__API__PERMISSION__INSUFFICIENT)
data = request.data
if 'birthday' in data:
user.birthday = parse_date(data['birthday'])
if 'postal_code' in data:
user.postal_code = data['postal_code']
if 'street' in data:
user.street = data['street']
if 'city' in data:
user.city = data['city']
if 'phone_number' in data:
user.phone_number = data['phone_number']
if 'user_state' in data:
user.user_state = data['user_state']
if 'user_record_state' in data:
user.user_record_state = data['user_record_state']
if request.user.is_superuser and 'email' in data:
user.email = data['email']
user.save()
return Response(UserProfileSerializer(user).data)
def post(self, request, id):
filename = request.data['filename']
try:
record = models.Record.objects.get(pk=id)
except Exception as e:
raise CustomError(error_codes.ERROR__RECORD__RECORD__NOT_EXISTING)
if not record.user_has_permission(request.user):
raise CustomError(error_codes.ERROR__API__PERMISSION__INSUFFICIENT)
directory = storage_folders.get_storage_folder_record_document(record.from_rlc_id, record.id)
information = storage_generator.check_file_and_get_information(directory, filename)
if 'error' in information:
return Response(information)
already_existing = models.RecordDocument.objects.filter(name=information['key']).first()
if already_existing is not None:
already_existing.file_size = information['size']
already_existing.last_edited = datetime.now()
already_existing.save()
serializer = serializers.RecordDocumentSerializer(already_existing)
return Response(serializer.data)
else:
name = information['key'].split('/')[-1]
new_document = models.RecordDocument(record=record, name=name, creator=request.user,
file_size=information['size'])
new_document.save()
serializer = serializers.RecordDocumentSerializer(new_document)
return Response(serializer.data)
def post(self, request, id):
try:
document = models.RecordDocument.objects.get(pk=id)
except Exception as e:
raise CustomError(error_codes.ERROR__RECORD__DOCUMENT__NOT_FOUND)
if not document.record:
raise CustomError(
error_codes.ERROR__RECORD__DOCUMENT__NO_LINKED_RECORD)
if not document.record.user_has_permission(request.user):
raise CustomError(error_codes.ERROR__API__PERMISSION__INSUFFICIENT)
if 'tag_ids' not in request.data:
raise CustomError(
error_codes.ERROR__RECORD__DOCUMENT__NO_TAG_PROVIDED)
tags = []
for tag in request.data['tag_ids']:
try:
real_tag = models.RecordDocumentTag.objects.get(
pk=tag['id']) # tag_ids
except Exception as e:
raise CustomError(
error_codes.ERROR__RECORD__DOCUMENT__TAG_NOT_EXISTING)
tags.append(real_tag)
document.tagged.clear()
for tag in tags:
document.tagged.add(tag)
document.save()
serializer = serializers.RecordDocumentSerializer(document)
return Response(serializer.data)
def post(self, request):
if 'email' in request.data:
email = request.data['email']
else:
raise CustomError(ERROR__API__EMAIL__NO_EMAIL_PROVIDED)
try:
user = UserProfile.objects.get(email=email)
except:
raise CustomError(ERROR__API__EMAIL__NO_EMAIL_PROVIDED)
link_already = ForgotPasswordLinks.objects.filter(user=user).__len__()
if link_already >= 1:
raise CustomError(ERROR__API__USER__ALREADY_FORGOT_PASSWORD)
user.is_active = False
user.save()
ip = get_client_ip(request)
forgot_password_link = ForgotPasswordLinks(user=user, ip_address=ip)
forgot_password_link.save()
url = get_website_base_url(
) + "api/reset-password/" + forgot_password_link.link
EmailSender.send_email_notification(
[user.email], "Password reset",
"Your password was resetted click here: " + url)
return Response()
def post(self, request, id):
if not request.user.has_permission(
permissions.PERMISSION_VIEW_RECORDS_RLC,
for_rlc=request.user.rlc):
raise CustomError(error_codes.ERROR__API__PERMISSION__INSUFFICIENT)
try:
record = models.Record.objects.get(pk=id)
except Exception as e:
raise CustomError(error_codes.ERROR__RECORD__RECORD__NOT_EXISTING)
if record.user_has_permission(request.user):
raise CustomError(
error_codes.ERROR__RECORD__PERMISSION__ALREADY_WORKING_ON)
if models.RecordPermission.objects.filter(record=record,
request_from=request.user,
state='re').count() >= 1:
raise CustomError(
error_codes.ERROR__RECORD__PERMISSION__ALREADY_REQUESTED)
can_edit = False
if 'can_edit' in request.data:
can_edit = request.data['can_edit']
permission = models.RecordPermission(request_from=request.user,
record=record,
can_edit=can_edit)
permission.save()
return Response(
serializers.RecordPermissionSerializer(permission).data)
def post(self, request):
if not request.user.has_permission(
permissions.PERMISSION_CAN_ADD_RECORD_RLC,
for_rlc=request.user.rlc):
raise CustomError(error_codes.ERROR__API__PERMISSION__INSUFFICIENT)
data = request.data
rlc = request.user.rlc
if 'client_id' in data:
try:
client = models.Client.objects.get(pk=data['client_id'])
except:
raise CustomError(
error_codes.ERROR__RECORD__CLIENT__NOT_EXISTING)
client.note = data['client_note']
client.phone_number = data['client_phone_number']
client.save()
else:
client = models.Client(name=data['client_name'],
phone_number=data['client_phone_number'],
birthday=data['client_birthday'],
note=data['client_note'],
from_rlc=rlc)
client.save()
try:
origin = models.OriginCountry.objects.get(
pk=data['origin_country'])
except:
raise CustomError(
error_codes.ERROR__RECORD__ORIGIN_COUNTRY__NOT_FOUND)
client.origin_country = origin
client.save()
record = models.Record(client_id=client.id,
first_contact_date=data['first_contact_date'],
last_contact_date=data['first_contact_date'],
record_token=data['record_token'],
note=data['record_note'],
creator_id=request.user.id,
from_rlc_id=rlc.id,
state="op",
official_note=data['official_note'])
record.save()
for tag_id in data['tags']:
record.tagged.add(models.RecordTag.objects.get(pk=tag_id))
for user_id in data['consultants']:
record.working_on_record.add(UserProfile.objects.get(pk=user_id))
record.save()
for user_id in data['consultants']:
actual_consultant = UserProfile.objects.get(pk=user_id)
url = FrontendLinks.get_record_link(record)
EmailSender.send_email_notification(
[actual_consultant.email], "New Record",
"RLC Intranet Notification - Your were assigned as a consultant for a new record. Look here:"
+ url)
return Response(serializers.RecordFullDetailSerializer(record).data)
def check_if_user_active(user_email):
"""
checks if user exists and if user is active
:param user_email: string, email of user
:return:
"""
try:
user = UserProfile.objects.get(email=user_email)
except:
raise CustomError(ERROR__API__USER__NOT_FOUND)
if not user.is_active:
raise CustomError(ERROR__API__USER__INACTIVE)
def get(self, request, pk):
try:
group = models.Group.objects.get(pk=pk)
except:
raise CustomError(error_codes.ERROR__API__GROUP__GROUP_NOT_FOUND)
if not request.user.has_permission(PERMISSION_VIEW_PERMISSIONS_RLC, for_rlc=request.user.rlc):
raise CustomError(error_codes.ERROR__API__PERMISSION__INSUFFICIENT)
data = [model_to_dict(has_permission) for has_permission in
models.HasPermission.objects.filter(group_has_permission=group)]
return Response(data)
def destroy(self, request, *args, **kwargs):
if 'pk' not in kwargs:
raise CustomError(error_codes.ERROR__API__HAS_PERMISSION__NO_ID_PROVIDED)
try:
hasPermission = HasPermission.objects.get(pk=kwargs['pk'])
except:
raise CustomError(error_codes.ERROR__API__HAS_PERMISSION__NOT_FOUND)
user = request.user
if not user.has_permission(PERMISSION_MANAGE_PERMISSIONS_RLC, for_rlc=user.rlc):
return CustomError(error_codes.ERROR__API__PERMISSION__INSUFFICIENT)
hasPermission.delete()
return Response({'status': 'success'})
def post(self, request, id):
try:
link = ForgotPasswordLinks.objects.get(link=id)
except:
raise CustomError(
ERROR__API__USER__PASSWORD_RESET_LINK_DOES_NOT_EXIST)
if 'new_password' not in request.data:
raise CustomError(ERROR__API__USER__NEW_PASSWORD_NOT_PROVIDED)
new_password = request.data['new_password']
link.user.set_password(new_password)
link.user.is_active = True
link.user.save()
link.delete()
return Response()
def post(self, request):
if not request.user.has_permission(
permissions.PERMISSION_ACTIVATE_INACTIVE_USERS_RLC,
for_rlc=request.user.rlc):
raise CustomError(ERROR__API__PERMISSION__INSUFFICIENT)
# method and user_id
if request.data['method'] == 'activate':
try:
user = UserProfile.objects.get(pk=request.data['user_id'])
except:
raise CustomError(ERROR__API__USER__NOT_FOUND)
user.is_active = True
user.save()
return Response(UserProfileSerializer(user).data)
raise CustomError(ERROR__API__ACTION_NOT_VALID)
def create(self, request, *args, **kwargs):
if not request.user.is_superuser and not request.user.has_permission(PERMISSION_MANAGE_PERMISSIONS_RLC,
for_rlc=request.user.rlc):
raise CustomError(error_codes.ERROR__API__PERMISSION__INSUFFICIENT)
# if request.data['rlc_has_permission'] and request.user.rlc.id != request.data['rlc_has_permission'] or \
# request.data['permission_for_rlc'] and request.user.rlc.id != request.data['permission_for_rlc']:
# raise CustomError(error_codes.ERROR__API__HAS_PERMISSION__CAN_NOT_CREATE)
if HasPermission.already_existing(request.data):
raise CustomError(error_codes.ERROR__API__HAS_PERMISSION__ALREADY_EXISTING)
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
self.perform_create(serializer)
headers = self.get_success_headers(serializer.data)
return Response(serializer.data, status=status.HTTP_201_CREATED, headers=headers)
def retrieve(self, request, pk=None):
# TODO: deprecated?
try:
record = models.Record.objects.get(pk=pk) # changed
except Exception as e:
raise CustomError(error_codes.ERROR__RECORD__DOCUMENT__NOT_FOUND)
if request.user.rlc != record.from_rlc:
raise CustomError(
error_codes.ERROR__RECORD__RETRIEVE_RECORD__WRONG_RLC)
if record.user_has_permission(request.user):
serializer = serializers.RecordFullDetailSerializer(record)
else:
serializer = serializers.RecordNoDetailSerializer(record)
return Response(serializer.data)
def get(self, request):
file_key = request.query_params.get('file', '')
file_dir = file_key[:file_key.rfind('/')]
if not user_has_permission(file_dir, request.user):
raise CustomError(ERROR__API__PERMISSION__INSUFFICIENT)
return Response(generate_presigned_url(file_key))
def get(self, request, id):
try:
record = models.Record.objects.get(pk=id)
except Exception as e:
raise CustomError(error_codes.ERROR__RECORD__RECORD__NOT_EXISTING)
if not record.user_has_permission(request.user):
raise CustomError(error_codes.ERROR__API__PERMISSION__INSUFFICIENT)
docs = list(models.RecordDocument.objects.filter(record=record))
filenames = []
for doc in docs:
storage_generator.download_file(doc.get_filekey(), doc.name)
filenames.append(doc.name)
return storage_generator.zip_files_and_create_response(filenames, 'record.zip')
def list(self, request, *args, **kwargs):
if not request.user.has_permission(PERMISSION_ACCEPT_NEW_USERS_RLC,
for_rlc=request.user.rlc):
raise CustomError(error_codes.ERROR__API__PERMISSION__INSUFFICIENT)
queryset = NewUserRequest.objects.filter(
request_from__rlc=request.user.rlc)
return Response(NewUserRequestSerializer(queryset, many=True).data)
def create(self, request):
"""
use the obtainauthToken APIView to validate and create a token
additionally add all important information for app usage
like static possible states, possible permissions and so on
Args:
request: the request with data: 'username' and 'password"
Returns:
token, information and permissions of user
all possible permissions, country states, countries, clients, record states, consultants
"""
data = {
'password': request.data['password'],
'username': request.data['username'].lower()
}
serializer = self.serializer_class(data=data)
LoginViewSet.check_if_user_active(data['username'])
if serializer.is_valid():
token, created = Token.objects.get_or_create(
user=serializer.validated_data['user'])
Token.objects.filter(user=token.user).exclude(
key=token.key).delete()
if not created:
# update the created time of the token to keep it valid
token.created = datetime.utcnow().replace(tzinfo=pytz.utc)
token.save()
return Response(LoginViewSet.get_login_data(token.key))
raise CustomError(ERROR__API__LOGIN__INVALID_CREDENTIALS)
def has_permission(self,
permission,
for_user=None,
for_group=None,
for_rlc=None):
"""
Args:
permission: (int) permission_id or (str) exact name of permission
for_user: (int) user_id for which the permission is
for_group: (int) group_id for which the permission is
for_rlc: (int) rlc_id for which the permission is
Returns:
True if the user has the given permission for the given group or user
False if the user doesnt have the permission
"""
if isinstance(permission, str):
try:
permission = Permission.objects.get(name=permission).id
except Exception as e:
raise CustomError(ERROR__API__PERMISSION__NOT_FOUND)
if for_user is not None and for_group is not None and for_rlc is not None:
raise AttributeError()
return self.__has_as_user_permission(permission, for_user, for_group, for_rlc) or \
self.__has_as_group_member_permission(permission, for_user, for_group, for_rlc) or \
self.__has_as_rlc_member_permission(permission, for_user, for_group, for_rlc) or \
self.is_superuser
def get(self, request):
if not request.user.has_permission(
permissions.PERMISSION_ACTIVATE_INACTIVE_USERS_RLC,
for_rlc=request.user.rlc):
raise CustomError(ERROR__API__PERMISSION__INSUFFICIENT)
inactive_users = UserProfile.objects.filter(rlc=request.user.rlc,
is_active=False)
return Response(UserProfileSerializer(inactive_users, many=True).data)
def post(self, request):
if 'email' in request.data:
email = request.data['email']
else:
raise CustomError(ERROR__API__EMAIL__NO_EMAIL_PROVIDED)
# EmailSender.send_email_notification([email], 'SYSTEM NOTIFICATION', 'There was a change')
EmailSender.test_send(email)
return Response()
def create(self, request, *args, **kwargs):
if not request.user.has_permission(
permissions.PERMISSION_MANAGE_GROUPS_RLC,
for_rlc=request.user.rlc) and not request.user.has_permission(
permissions.PERMISSION_ADD_GROUP_RLC,
for_rlc=request.user.rlc):
raise CustomError(error_codes.ERROR__API__PERMISSION__INSUFFICIENT)
if 'name' not in request.data or 'visible' not in request.data:
raise CustomError(error_codes.ERROR__API__GROUP__CAN_NOT_CREATE)
group = models.Group(name=request.data['name'],
visible=request.data['visible'],
creator=request.user,
from_rlc=request.user.rlc)
group.save()
return Response(serializers.GroupNameSerializer(group).data)
def post(self, request, id):
try:
user_activation = UserActivationLink.objects.get(link=id)
except:
raise CustomError(error_codes.ERROR__API__USER_ACTIVATION__LINK_NOT_FOUND)
try:
new_user_request = NewUserRequest.objects.get(request_from=user_activation.user)
except:
raise CustomError(error_codes.ERROR__API__NEW_USER_REQUEST__REQUEST_NOT_FOUND)
user_activation.activated = True
user_activation.save()
if new_user_request.state == 'gr':
user_activation.user.is_active = True
user_activation.user.save()
return Response({"success": True})
def list(self, request):
"""
:param request:
:return:
"""
parts = request.query_params.get('search', '').split(' ')
user = request.user
if user.is_superuser:
entries = models.Record.objects.all()
for part in parts:
consultants = UserProfile.objects.filter(name__icontains=part)
entries = entries.filter(
Q(tagged__name__icontains=part) | Q(note__icontains=part)
| Q(working_on_record__in=consultants)
| Q(record_token__icontains=part)).distinct()
serializer = serializers.RecordFullDetailSerializer(entries,
many=True)
return Response(serializer.data)
if not user.has_permission(
permissions.PERMISSION_VIEW_RECORDS_RLC,
for_rlc=user.rlc) and not user.has_permission(
permissions.PERMISSION_VIEW_RECORDS_FULL_DETAIL_RLC,
for_rlc=user.rlc):
raise CustomError(error_codes.ERROR__API__PERMISSION__INSUFFICIENT)
# entries = models.Record.objects.filter(from_rlc=user.rlc)
entries = models.Record.objects.filter_by_rlc(user.rlc)
for part in parts:
consultants = UserProfile.objects.filter(name__icontains=part)
entries = entries.filter(
Q(tagged__name__icontains=part) | Q(note__icontains=part)
| Q(working_on_record__in=consultants)
| Q(record_token__icontains=part)).distinct()
records = []
if user.has_permission(
permissions.PERMISSION_VIEW_RECORDS_FULL_DETAIL_RLC,
for_rlc=user.rlc):
queryset = entries
serializer = serializers.RecordFullDetailSerializer(queryset,
many=True)
records += serializer.data
else:
queryset = entries.get_full_access_records(user).distinct()
serializer = serializers.RecordFullDetailSerializer(queryset,
many=True)
records += serializer.data
queryset = entries.get_no_access_records(user)
serializer = serializers.RecordNoDetailSerializer(queryset,
many=True)
records += serializer.data
return Response(records)
def get(self, request, id):
"""
used to generate a presigned post, with that you can successfully upload a file to storage
:param request:
:param id:
:return:
"""
record = models.Record.objects.get(pk=id)
if record is None:
raise CustomError(error_codes.ERROR__RECORD__RECORD__NOT_EXISTING)
if not record.user_has_permission(request.user):
raise CustomError(error_codes.ERROR__API__PERMISSION__INSUFFICIENT)
file_dir = storage_folders.get_storage_folder_record_document(record.from_rlc_id, record.id)
file_name = request.query_params.get('file_name', '')
file_type = request.query_params.get('file_type', '')
return storage_generator.generate_presigned_post(file_name, file_type, file_dir)
def create(self, request):
if type(request.data) is QueryDict:
data = request.data.dict()
else:
data = dict(request.data)
if 'rlc' in data:
del data['rlc']
# Check if email already in use
if UserProfile.objects.filter(email=request.data['email']).count() > 0:
raise CustomError(ERROR__API__EMAIL__ALREADY_IN_USE)
data['email'] = data['email'].lower()
serializer = self.get_serializer(data=data)
serializer.is_valid(raise_exception=True)
self.perform_create(serializer)
user = UserProfile.objects.get(email=request.data['email'].lower())
if 'rlc' not in request.data:
raise CustomError(ERROR__API__REGISTER__NO_RLC_PROVIDED)
user.rlc = Rlc.objects.get(pk=request.data['rlc'])
if 'birthday' in request.data:
user.birthday = request.data['birthday']
user.is_active = False
user.save()
# new user request
from backend.api.models import NewUserRequest
new_user_request = NewUserRequest(request_from=user)
new_user_request.save()
# new user activation link
from backend.api.models import UserActivationLink
user_activation_link = UserActivationLink(user=user)
user_activation_link.save()
EmailSender.send_user_activation_email(
user, FrontendLinks.get_user_activation_link(user_activation_link))
headers = self.get_success_headers(serializer.data)
return Response(serializer.data,
status=status.HTTP_201_CREATED,
headers=headers)
def retrieve(self, request, pk=None, **kwargs):
if pk is None:
raise CustomError(ERROR__API__USER__ID_NOT_PROVIDED)
try:
user = UserProfile.objects.get(pk=pk)
except Exception as e:
raise CustomError(ERROR__API__USER__NOT_FOUND)
if request.user.rlc != user.rlc:
if request.user.is_superuser or request.user.has_permission(
permissions.PERMISSION_VIEW_FULL_USER_DETAIL_OVERALL):
serializer = UserProfileSerializer(user)
else:
raise CustomError(ERROR__API__USER__NOT_SAME_RLC)
else:
if request.user.has_permission(
permissions.PERMISSION_VIEW_FULL_USER_DETAIL_RLC):
serializer = UserProfileSerializer(user)
else:
serializer = UserProfileForeignSerializer(user)
return Response(serializer.data)
def get(self, request, id):
try:
record = models.Record.objects.get(pk=id)
except:
raise CustomError(error_codes.ERROR__RECORD__RECORD__NOT_EXISTING)
user = request.user
if user.rlc != record.from_rlc and not user.is_superuser:
raise CustomError(
error_codes.ERROR__RECORD__RETRIEVE_RECORD__WRONG_RLC)
if record.user_has_permission(user):
record_serializer = serializers.RecordFullDetailSerializer(record)
client_serializer = serializers.ClientSerializer(record.client)
origin_country = serializers.OriginCountrySerializer(
record.client.origin_country)
documents = serializers.RecordDocumentSerializer(
record.record_documents, many=True)
messages = serializers.RecordMessageSerializer(
record.record_messages, many=True)
return Response({
'record': record_serializer.data,
'client': client_serializer.data,
'origin_country': origin_country.data,
'record_documents': documents.data,
'record_messages': messages.data
})
else:
serializer = serializers.RecordNoDetailSerializer(record)
permission_request = models.RecordPermission.objects.filter(
record=record, request_from=user, state='re').first()
if not permission_request:
state = 'nr'
else:
state = permission_request.state
return Response({
'record': serializer.data,
'request_state': state
})
def post(self, request, id):
# request = self.request
if 'message' not in request.data or request.data['message'] == '':
raise CustomError(
error_codes.ERROR__RECORD__MESSAGE__NO_MESSAGE_PROVIDED)
message = request.data['message']
try:
record = models.Record.objects.get(pk=id)
except Exception as e:
raise CustomError(error_codes.ERROR__RECORD__RECORD__NOT_EXISTING)
if not record.user_has_permission(request.user):
raise CustomError(error_codes.ERROR__API__PERMISSION__INSUFFICIENT)
record_message = models.RecordMessage(sender=request.user,
message=message,
record=record)
record_message.save()
EmailSender.send_record_new_message_notification_email(record)
return Response(
serializers.RecordMessageSerializer(record_message).data)
def post(self, request):
"""
used to admit or decline a given permission request
:param request:
:return:
"""
user = request.user
if not user.has_permission(
permissions.PERMISSION_PERMIT_RECORD_PERMISSION_REQUESTS_RLC,
for_rlc=user.rlc):
raise CustomError(error_codes.ERROR__API__PERMISSION__INSUFFICIENT)
if 'id' not in request.data:
raise CustomError(
error_codes.ERROR__RECORD__PERMISSION__ID_NOT_PROVIDED)
try:
permission_request = models.RecordPermission.objects.get(
pk=request.data['id'])
except Exception as e:
raise CustomError(
error_codes.ERROR__RECORD__PERMISSION__ID_NOT_FOUND)
if 'action' not in request.data:
raise CustomError(error_codes.ERROR__API__NO_ACTION_PROVIDED)
action = request.data['action']
if action != 'accept' and action != 'decline':
raise CustomError(
error_codes.ERROR__RECORD__PERMISSION__NO_VALID_ACTION_PROVIDED
)
permission_request.request_processed = user
permission_request.processed_on = datetime.utcnow().replace(
tzinfo=pytz.utc)
if action == 'accept':
permission_request.state = 'gr'
else:
permission_request.state = 'de'
permission_request.save()
return Response(
serializers.RecordPermissionSerializer(permission_request).data)
