def post(self, request):
"""
Create employee details view. Method=post. ALl form post method should be csrf token.
:param request: request object
:return: redirect to profile/<id> page
"""
context = {
"type": "profile",
"user": request.user,
"is_superuser": request.user.is_superuser,
"role": request.user.role,
"files": request.FILES
}
extra_vars = dict()
data_dict = u.convert_request_data_to_dict(request.POST)
extra_vars['errors'] = dict()
try:
auth.employee_create(context)
model_helper.clean_data_dict_for_api_calls(data_dict)
create_data = api_action.post_actions("create_employee", context,
data_dict)
except err.ValidationError as e:
extra_vars['errors'].update(e.args[0])
u.prepare_error_data(extra_vars['errors'])
log.error(e)
messages.error(
request, "<br>".join([
"{}: {}".format(key, value)
for key, value in extra_vars['errors'].items()
]))
return self.get(request,
errors=extra_vars['errors'],
data=data_dict)
except err.NotAuthorizedError:
messages.error(request,
'You are not authorized to perform this action')
log.info("Logged in user not authorized to edit view")
return abort(
request,
code=401,
error_message="You are not authorized to see this page",
error_title="Not Authorized")
except (err.UserNotFound, err.NotFoundError) as e:
log.info(e)
return abort(request,
code=404,
error_message="User Not found.",
error_title="Not Found")
except Exception as e:
log.error(e)
return server_error(request,
code=500,
error_message="Server Error. Something wrong")
return redirect('profile', profile_id=create_data["id"])
def get(self, request):
"""
see the api search_employee_object for query fields and details
:param request: django request object
:return: render search results
"""
data_dict = dict()
for _key in request.GET:
data_dict[_key] = request.GET[_key]
page = data_dict.get('page', 1)
context = {
"type": "search",
"user": request.user,
"is_superuser": request.user.is_superuser,
"role": request.user.role
}
extra_vars = dict()
try:
search_result = search_employee_object(context, data_dict)
paginator = Paginator(search_result, self._items_per_page)
try:
results = paginator.page(page)
except PageNotAnInteger:
results = paginator.page(1)
except EmptyPage:
results = paginator.page(paginator.num_pages)
extra_vars['total_pages'] = paginator.num_pages
extra_vars['q'] = data_dict.get('q')
extra_vars['search_results'] = results
extra_vars['profile'] = request.user
extra_vars['result_count'] = search_result.count()
extra_vars['employee_count'] = utilities.get_total_employee_count()
except err.NotAuthorizedError:
log.info("Logged in user not authorized to see the page")
return abort(
request,
code=401,
error_message="You are not authorized to see this page")
except (err.UserNotFound, err.NotFoundError) as e:
log.info(e)
return abort(request, code=404, error_message="User Not found.")
except Exception as e:
log.error(e)
return server_error(request,
code=500,
error_message="Server Error. Something wrong")
return render(request, 'profile/search.html', extra_vars)
def get(self, request, errors=None, data=None):
"""
View to show user profile. If profile_id=None, then the profile page for logged in user
:param request: django request object
:param errors: errors dict if any
:param data: data dict if any
:return: render edit page
"""
context = {
"type": "profile",
"user": request.user,
"is_superuser": request.user.is_superuser,
"role": request.user.role
}
extra_vars = dict()
extra_vars["errors"] = errors if errors else dict()
try:
# check create access
auth.employee_create(context)
extra_vars['profile'] = data if data else dict(
) # if data some validation error
extra_vars["schema"] = schemas.get_schema("employee_schema")
extra_vars["action"] = "create"
except err.NotAuthorizedError:
messages.error(request,
'You are not authorized to perform this action')
log.info("Logged in user not authorized to see the page")
return abort(
request,
code=401,
error_message="You are not authorized to see this page",
error_title="Not Authorized")
except (err.UserNotFound, err.NotFoundError) as e:
log.info(e)
return abort(request,
code=404,
error_message="User Not found.",
error_title="Not Found")
except Exception as e:
log.error(e)
return server_error(request,
code=500,
error_message="Server Error. Something wrong")
return render(request, 'profile/edit.html', extra_vars)
def get(self, request, profile_id=None):
"""
View to show user profile. If profile_id=None, then the profile page for logged in user
:return: render page
"""
if profile_id == request.user.id:
return redirect('profile')
context = {
"type": "profile",
"user": request.user,
"is_superuser": request.user.is_superuser,
"role": request.user.role
}
extra_vars = dict()
try:
user_data = api_action.get_actions(
"show_employee", context,
{"id": profile_id or request.user.username})
extra_vars['profile'] = user_data
extra_vars["schema"] = schemas.get_schema("employee_schema")
except err.NotAuthorizedError:
messages.error(request,
'You are not authorized to perform this action')
log.info("Logged in user not authorized to see the page")
return abort(
request,
code=401,
error_message="You are not authorized to see this page",
error_title="Not Authorized")
except (err.UserNotFound, err.NotFoundError) as e:
messages.error(request, 'Requested user not available')
log.info(e)
return abort(request,
code=404,
error_message="User Not found.",
error_title="Not Found")
except Exception as e:
log.error(e)
return server_error(request,
code=500,
error_message="Server Error. Something wrong")
return render(request, 'profile/read.html', extra_vars)
def get(self, request, profile_id=None, errors=None, data=None):
"""
This will fetch employee edit form
:return: render page
"""
if profile_id == request.user.id:
return redirect('profile_edit')
context = {
"type": "profile",
"user": request.user,
"is_superuser": request.user.is_superuser,
"role": request.user.role
}
extra_vars = dict()
extra_vars["errors"] = errors if errors else dict()
try:
if profile_id:
# Trying to edit some others profile
_employee = models.Employee.get_employee_by_id(profile_id)
else:
# Edit by logged user
_employee = request.user
context['employee'] = _employee
# Check authorization
auth.employee_update(context)
# if data means some validation errors
if not data:
user_data = api_action.get_actions(
"show_employee", context,
{"id": profile_id or request.user.username})
else:
data['id'] = profile_id or request.user.id
user_data = data
extra_vars['profile'] = user_data
extra_vars["schema"] = schemas.get_schema("employee_schema")
extra_vars["action"] = "edit"
except err.NotAuthorizedError:
messages.error(request,
'You are not authorized to perform this action')
log.info("Logged in user not authorized to see the page")
return abort(
request,
code=401,
error_message="You are not authorized to see this page",
error_title="Not Authorized")
except (err.UserNotFound, err.NotFoundError) as e:
log.info(e)
return abort(request,
code=404,
error_message="User Not found.",
error_title="Not Found")
except Exception as e:
log.error(e)
return server_error(request,
code=500,
error_message="Server Error. Something wrong")
return render(request, 'profile/edit.html', extra_vars)
def post(self, request, profile_id=None):
"""
:param request:
:param profile_id:
:return:
"""
if profile_id == request.user.id or not profile_id:
raise err.ValidationError({
"profile":
"You cannot delete your own profile. Please contact HR or Admin"
})
context = {
"type": "profile",
"user": request.user,
"is_superuser": request.user.is_superuser,
"role": request.user.role
}
extra_vars = dict()
extra_vars['errors'] = dict()
try:
auth.employee_create(context)
api_action.post_actions("delete_employee", context,
{"id": profile_id})
except err.ValidationError as e:
extra_vars['errors'].update(e.args[0])
u.prepare_error_data(extra_vars['errors'])
log.error(e)
messages.error(
request, "<br>".join([
"{}: {}".format(key, value)
for key, value in extra_vars['errors'].items()
]))
if profile_id:
return redirect('other_profile', profile_id=profile_id)
else:
return redirect('profile')
except err.NotAuthorizedError:
messages.error(request,
'You are not authorized to perform this action')
log.info("Logged in user not authorized to edit view")
return abort(
request,
code=401,
error_message="You are not authorized to see this page",
error_title="Not Authorized")
except (err.UserNotFound, err.NotFoundError) as e:
log.info(e)
return abort(request,
code=404,
error_message="User Not found.",
error_title="Not Found")
except Exception as e:
log.error(e)
return server_error(request,
code=500,
error_message="Server Error. Something wrong")
return redirect('profile_search')
def post(self, request, profile_id=None):
"""
Edit employee details view. Method=post. ALl form post method should be csrf token.
:param request: request object
:param profile_id: str
:return: redurect to profile/<id> page
"""
context = {
"type": "profile",
"user": request.user,
"is_superuser": request.user.is_superuser,
"role": request.user.role,
"files": request.FILES
}
extra_vars = dict()
is_delete_avatar = True if 'delete_avatar' in request.POST else False
data_dict = u.convert_request_data_to_dict(request.POST)
extra_vars['errors'] = dict()
try:
if is_delete_avatar:
context['files'] = {'upload_avatar': ''}
if profile_id:
# Trying to edit some others profile
_employee = models.Employee.get_employee_by_id(profile_id)
else:
# Edit by logged user
_employee = request.user
# Check authorization
context['employee'] = _employee
auth.employee_update(context)
model_helper.clean_data_dict_for_api_calls(
data_dict, params_to_delete=("upload_avatar", "delete_avatar"))
data_dict["id"] = profile_id or request.user.id
api_action.post_actions("update_employee", context, data_dict)
except err.ValidationError as e:
extra_vars['errors'].update(e.args[0])
u.prepare_error_data(extra_vars['errors'])
log.error(e)
messages.error(
request, "<br>".join([
"{}: {}".format(key, value)
for key, value in extra_vars['errors'].items()
]))
if profile_id:
return self.get(request,
profile_id=profile_id,
errors=extra_vars['errors'],
data=data_dict)
else:
return self.get(request,
errors=extra_vars['errors'],
data=data_dict)
except err.NotAuthorizedError:
messages.error(request,
'You are not authorized to perform this action')
log.info("Logged in user not authorized to edit view")
return abort(
request,
code=401,
error_message="You are not authorized to see this page",
error_title="Not Authorized")
except (err.UserNotFound, err.NotFoundError) as e:
log.info(e)
return abort(request,
code=404,
error_message="User Not found.",
error_title="Not Found")
except Exception as e:
log.error(e)
return server_error(request,
code=500,
error_message="Server Error. Something wrong")
if profile_id:
return redirect('profile', profile_id=profile_id)
else:
return redirect('profile')