def post(self, request):
try:
# get request user profile information from auth token
user = User.objects.filter(auth_token=request.auth).first()
user_profile = UserProfile.objects.filter(user=user).first()
user_type = user_profile.user_type
content = {}
if user_type == 'admin':
organisation = user_profile.organisation
# get all groups for the request user's organisation and add to response data
groups = OrganisationCustomListGroup.objects.filter(organisation=organisation)
return_groups = []
for group in groups:
return_groups.append(group.group_name)
content['groups'] = return_groups
content['user_type'] = user_type
return JsonResponse(content)
except Exception as e:
log_api_error(
error=str(e),
endpoint=self.endpoint_name,
)
content = {
'error': str(e),
'detail': "Something went wrong processing your request."
}
return Response(content, status=status.HTTP_400_BAD_REQUEST)
def post(self, request):
try:
# get request user profile info using auth token
user = User.objects.filter(auth_token=request.auth).first()
user_profile = UserProfile.objects.filter(user=user).first()
user_type = user_profile.user_type
organisation = user_profile.organisation
# initialise respose json
response_content = {
'lists': {}
}
if user_type == 'admin':
# users = list of all users at the requesting admin's organisation
users = []
# get all user objects
user_query = User.objects.all()
for _user in user_query:
# get the user's profile and add them to the users list if their organisation matches the requesting admin's
_user_profile = UserProfile.objects.filter(user=_user).first()
if _user_profile.organisation == organisation:
users.append(_user)
elif user_type == 'user':
# if the requesting user is not 'admin', they are only authorized to view their own information.
users = [user]
for user in users:
username = user.username
user_list_data = []
# get all a user's shopping lists
shopping_lists = ShoppingList.objects.order_by('-time_created').filter(user=user)
for shopping_list in shopping_lists:
# get the list information and append the list dictionary to the user list data list
list_id = shopping_list.id
list_name = str(shopping_list)
list_price = shopping_list.price if shopping_list.price else None
list_status = shopping_list.status if shopping_list.status else None
data = {
'list_id': list_id,
'list_name': list_name,
'list_price': list_price,
'list_status': list_status
}
user_list_data.append(data)
# add the list of user's shopping lists to the response object using their username as a key
response_content['lists'][username] = user_list_data
return JsonResponse(response_content)
except Exception as e:
log_api_error(
error=str(e),
endpoint=self.endpoint_name,
)
content = {
'error': str(e),
'detail': "Something went wrong processing your request."
}
return Response(content, status=status.HTTP_400_BAD_REQUEST)
def post(self, request):
try:
# get registration data from json
username = request.data['username']
email = request.data['email']
password = request.data['password']
admin_id = request.data['admin_id']
user_type = request.data['user_type']
# get the organisation object from the requesting user's admin id
organisation = UserProfile.objects.get(id=admin_id).organisation
# create user object
user = User(
username=username,
email=email
)
user.set_password(password)
# create user profile
user_profile = UserProfile(
user=user,
organisation=organisation,
user_type=user_type
)
# save user and user_profile
user.save()
user_profile.save()
json_response = {
"success": True,
"user": model_to_dict(user_profile)
}
return JsonResponse(json_response)
except IntegrityError as e:
log_api_error(
error=str(e),
endpoint=self.endpoint_name,
)
content = {
"success": False,
"error": str(e),
}
return Response(content, status=status.HTTP_409_CONFLICT)
except Exception as e:
log_api_error(
error=str(e),
endpoint=self.endpoint_name,
)
content = {
"success": False,
"error": str(e)
}
return Response(content, status=status.HTTP_400_BAD_REQUEST)
def post(self, request):
try:
# get user profile information using auth token
user = User.objects.filter(auth_token=request.auth).first()
user_profile = UserProfile.objects.filter(user=user).first()
user_type = user_profile.user_type
organisation = user_profile.organisation
return_data = {}
if user_type == 'admin':
# get all of this user's organisation's custom item groups
groups = OrganisationCustomListGroup.objects.filter(organisation=organisation)
for group in groups:
group_data = []
# get all custom items for this organisation's group and add to return content
items = OrganisationCustomListOption.objects.filter(organisation=organisation, group=group)
for item in items:
data = {
'item_id': item.id,
'item_name': item.item_name,
'price': item.price
}
group_data.append(data)
# add the group and child items to return data
return_data[group.group_name] = group_data
elif user_type == 'user':
# get all this user's custom items and add to return data
items = UserCustomListOption.objects.filter(user=user)
group_data = []
for item in items:
data = {
'item_id': item.id,
'item_name': item.item_name,
'price': item.price
}
group_data.append(data)
return_data['Custom Items'] = group_data
content = {
"groups": return_data
}
return JsonResponse(content)
except Exception as e:
log_api_error(
error=str(e),
endpoint=self.endpoint_name,
)
content = {
'error': str(e),
'detail': "Something went wrong processing your request."
}
return Response(content, status=status.HTTP_400_BAD_REQUEST)
def post(self, request):
try:
# get the item id from the request data
item_id = request.data['item_id']
# get the request user's profile info using auth token
user = User.objects.get(auth_token=request.auth)
user_profile = UserProfile.objects.filter(user=user).first()
user_organisation = user_profile.organisation
user_type = user_profile.user_type
authorised = False # default to false
if user_type == 'admin':
# get the item by item id
item = OrganisationCustomListOption.objects.get(id=item_id)
# verify that the item belongs to the user's organisation
if item.organisation == user_organisation:
authorised = True
else:
# get the item by item id
item = UserCustomListOption.objects.get(id=item_id)
# verify that the item belongs to the user
if item.user == user:
authorised = True
if authorised:
response = {
'item': {
'id': item.id,
'item_name': item.item_name,
'price': item.price
}
}
if user_type == 'admin':
response['item']['group'] = OrganisationCustomListGroup.objects.get(id=item.group.id).group_name,
return JsonResponse(response)
else:
content = {
'detail': "You are not authorised to view this page."
}
return Response(content, status=status.HTTP_401_UNAUTHORIZED)
except Exception as e:
log_api_error(
error=str(e),
endpoint=self.endpoint_name,
)
content = {
'error': str(e),
'detail': "Something went wrong processing your request."
}
return Response(content, status=status.HTTP_400_BAD_REQUEST)
def post(self, request):
try:
# get registartion information from json
username = request.data['username']
email = request.data['email']
password = request.data['password']
organisation_name = request.data['organisation_name']
# create new admin user
user = User(username=username, email=email)
user.set_password(password)
# create new organisation
organisation = Organisation(organisation_name=organisation_name)
# create new user profile
user_profile = UserProfile(user=user, organisation=organisation, user_type='admin')
# check if user or organisation already exist in db
user_exists = len(User.objects.filter(username=username)) > 0
organisation_exists = len(Organisation.objects.filter(organisation_name=organisation_name)) > 0
if user_exists or organisation_exists:
# return 409 if user or organisation already exists
content = {
"success": False,
'user_exists': True if user_exists else False,
'organisation_exists': True if organisation_exists else False,
}
return Response(content, status=status.HTTP_409_CONFLICT)
else:
# save changes and create default organisation settings
user.save()
organisation.save()
user_profile.save()
self.generate_organisation_defaults(organisation)
json_response = {
"success": True,
"user": model_to_dict(user_profile),
"organisation": model_to_dict(organisation)
}
return JsonResponse(json_response)
except Exception as e:
log_api_error(
error=str(e),
endpoint=self.endpoint_name,
)
content = {
"success": False,
"error": str(e)
}
return Response(content, status=status.HTTP_400_BAD_REQUEST)
def post(self, request):
try:
# get the request user's profile info using auth token
admin_user = User.objects.get(auth_token=request.auth)
admin_user_profile = UserProfile.objects.filter(user=admin_user).first()
admin_user_organisation = admin_user_profile.organisation
admin_user_type = admin_user_profile.user_type
# pull form data from the request
user_id = request.data['user_id']
payment = request.data['payment']
# get the user object that the payment should be applied to
list_user = User.objects.get(id=user_ud)
list_user_profile = UserProfile.objects.filter(user=list_user).first()
list_user_organisation = list_user_profile.organisation
if admin_user_type == 'admin' and admin_user_organisation == list_user_organisation:
# only admin users can register transactions
# they can only register transactions against users at their own organisation
# make the transaction
transaction = Transaction(
user=list_user,
transaction_amount=-Decimal(payment),
transaction_datetime=datetime.now(),
detail="Payment made."
)
transaction.save()
response_content = {
}
return JsonResponse(response_content)
else:
content = {
'detail': "You are not authorised to view this page."
}
return Response(content, status=status.HTTP_401_UNAUTHORIZED)
except Exception as e:
log_api_error(
error=str(e),
endpoint=self.endpoint_name,
)
content = {
'error': str(e),
'detail': "Something went wrong processing your request."
}
return Response(content, status=status.HTTP_400_BAD_REQUEST)
def get(self, request):
try:
# get user profile information of the user making the request
request_user = User.objects.filter(auth_token=request.auth).first()
request_user_profile = UserProfile.objects.filter(user=request_user).first()
request_user_type = request_user_profile.user_type
request_user_organisation = request_user_profile.organisation
# only admin users are authourised to view this information
if not request_user_type == 'admin':
response_content = {
'detail': "You are not authorised to view this page."
}
return Response(response_content, status=status.HTTP_401_UNAUTHORIZED)
data = {
"user_profiles": []
}
# get all user profiles
user_profiles = UserProfile.objects.all()
for user_profile in user_profiles:
# filter out users based on the request user's profile organisation
if request_user_organisation == user_profile.organisation:
# get user information and add to return content data
user = User.objects.filter(username=user_profile.user).first()
user_data = {
"auth_info": {
"user_id": user.id,
"username": user.username,
"email": user.email
},
"organisation": str(user_profile.organisation),
"user_type": str(user_profile.user_type)
}
data["user_profiles"].append(user_data)
return JsonResponse(data)
except Exception as e:
log_api_error(
error=str(e),
endpoint=self.endpoint_name,
)
content = {
'error': str(e),
'detail': "Something went wrong processing your request."
}
return Response(content, status=status.HTTP_400_BAD_REQUEST)
def post(self, request):
try:
# get request user profile info using auth token
user = User.objects.filter(auth_token=request.auth).first()
user_profile = UserProfile.objects.filter(user=user).first()
user_organisation = user_profile.organisation
user_type = user_profile.user_type
if user_type != 'admin':
# only admin users are authorised to see this info
response_content = {
'detail': "You are not authorised to view this page."
}
return Response(response_content, status=status.HTTP_401_UNAUTHORIZED)
response_content = {
'list_items': {}
}
# get all lists that are in their initial 'CREATED' state
shopping_lists = ShoppingList.objects.filter(status=ListStatus.objects.get(rank=0).label)
for shopping_list in shopping_lists:
# get the profile of the author of the shopping list
shopping_list_owner = shopping_list.user
shopping_list_owner_profile = UserProfile.objects.filter(user=shopping_list_owner).first()
shopping_list_owner_organisation = shopping_list_owner_profile.organisation
if user_organisation == shopping_list_owner_organisation:
# get list of item names from the shopping list
list_items = [item.item_name for item in ShoppingListItem.objects.filter(shopping_list=shopping_list)]
list_items = list(dict.fromkeys(list_items)) # remove duplicates
for item in list_items:
if item not in response_content['list_items'].keys():
# if the item doesn't exist in the response, initialise it
response_content['list_items'][item] = 0
# increment the item count
response_content['list_items'][item] += 1
return JsonResponse(response_content)
except Exception as e:
log_api_error(
error=str(e),
endpoint=self.endpoint_name,
)
content = {
'error': str(e),
'detail': "Something went wrong processing your request."
}
return Response(content, status=status.HTTP_400_BAD_REQUEST)
def post(self, request):
try:
# get shopping list data from request
form_data = request.data['form_data']
# get request user's profile information using auth token
user = User.objects.filter(auth_token=request.auth).first()
user_profile = UserProfile.objects.filter(user=user).first()
organisation = user_profile.organisation
# create a new shopping list object
shopping_list = ShoppingList(user=user, status=ListStatus.objects.get(rank=0).label, time_created=datetime.now())
# create new objects for each list item
shopping_list_items = []
for group, items in form_data.items():
for item_name in items:
shopping_list_item = ShoppingListItem(shopping_list=shopping_list, item_name=item_name)
shopping_list_items.append(shopping_list_item)
# save shopping list and items
shopping_list.save()
for shopping_list_item in shopping_list_items:
shopping_list_item.save()
response_content = {
"success": True
}
return JsonResponse(response_content)
except Exception as e:
log_api_error(
error=str(e),
endpoint=self.endpoint_name,
)
content = {
'error': str(e),
'detail': "Something went wrong processing your request."
}
return Response(content, status=status.HTTP_400_BAD_REQUEST)
def post(self, request):
try:
# get group name from request data and convert to lowercase
group_name = request.data['group_name'].lower()
# get user profile information using auth token.
user = User.objects.filter(auth_token=request.auth).first()
user_profile = UserProfile.objects.filter(user=user).first()
user_type = user_profile.user_type
organisation = user_profile.organisation
if user_type == 'admin':
# check all organisation custom groups for existing group with the same group name
is_duplicate = len(OrganisationCustomListGroup.objects.filter(group_name=group_name, organisation=organisation)) > 0
# create organisation custom group
group = OrganisationCustomListGroup(group_name=group_name, organisation=organisation)
if is_duplicate:
content = {
"success": False,
"errors": "An group with this name already exists."
}
return Response(content, status=status.HTTP_409_CONFLICT)
group.save()
content = {
"group_name": group_name
}
return JsonResponse(content)
except Exception as e:
log_api_error(
error=str(e),
endpoint=self.endpoint_name,
)
content = {
'error': str(e),
'detail': "Something went wrong processing your request."
}
return Response(content, status=status.HTTP_400_BAD_REQUEST)
def post(self, request):
try:
# get request user's profile from auth token
user = User.objects.filter(auth_token=request.auth).first()
user_profile = UserProfile.objects.filter(user=user).first()
organisation = user_profile.organisation
# initialise response json
content = {}
# get all groups from the request user's organisation
organisation_groups = OrganisationCustomListGroup.objects.filter(organisation=organisation)
for group in organisation_groups:
# get all the custom items for each group and add them to the response content
query = OrganisationCustomListOption.objects.filter(group=group)
group_custom_items = [{'item_name': item.item_name, 'price': item.price} for item in query]
content[group.group_name] = group_custom_items
# get all request user's custom items and add to response content
user_custom_items_query = UserCustomListOption.objects.filter(user=user)
user_custom_items = [{'item_name': item.item_name, 'price': item.price} for item in user_custom_items_query]
content['user custom items'] = user_custom_items
return JsonResponse(content)
except Exception as e:
log_api_error(
error=str(e),
endpoint=self.endpoint_name,
)
content = {
'error': str(e),
'detail': "Something went wrong processing your request."
}
return Response(content, status=status.HTTP_400_BAD_REQUEST)
def post(self, request):
try:
# default to false
content = {
"is_admin": False,
}
# get user and user_profile objects from auth token
user = User.objects.filter(auth_token=request.auth).first()
user_profile = UserProfile.objects.filter(user=user).first()
if user_profile.is_admin():
# if user is an admin user return true
content['is_admin'] = True
return JsonResponse(content)
except Exception as e:
log_api_error(
error=str(e),
endpoint=self.endpoint_name,
)
content = {
'error': str(e),
'detail': "Something went wrong processing your request."
}
return Response(content, status=status.HTTP_400_BAD_REQUEST)
def post(self, request):
try:
# get the request user profile using auth token
user = User.objects.get(auth_token=request.auth)
user_profile = UserProfile.objects.filter(user=user).first()
user_organisation = user_profile.organisation
user_type = user_profile.user_type
# get user id from request data
user_id = request.data['user_id']
# get the user object we want to return
user_detail_user = User.objects.get(id=user_id)
user_detail_profile = UserProfile.objects.get(user=user_detail_user)
user_detail_organisation = user_detail_profile.organisation
authorised = False
if user_type == 'admin' and user_organisation == user_detail_organisation:
# an admin user can only view users at their own organisation
authorised = True
if user_type == 'user' and user_profile == user_detail_profile:
# a user user can only view their own profile
authorised = True
if not authorised:
response_content = {
'detail': "You are not authorised to view this page."
}
return Response(response_content, status=status.HTTP_401_UNAUTHORIZED)
# get user auth info
user_info = {
'user_id': user_detail_user.id,
'username': user_detail_user.username,
'email': user_detail_user.email or "n/a"
}
# get a list of all the user's lists
user_lists = ShoppingList.objects.filter(user=user_detail_user)
# generate a list of list data from all user's lists
list_data = [
{
'list_name': str(user_list),
'list_id': user_list.id,
'status': user_list.status
}
for user_list in user_lists
]
# get all the transactions on the user's account
transactions = Transaction.objects.filter(user=user_detail_user).order_by('-transaction_datetime')
# generate a list of transactions from all transaction models
transaction_history = [
{
'user': transaction.user.username,
'datetime': transaction.transaction_datetime.strftime("%Y-%m-%d %H:%M"),
'amount': transaction.transaction_amount,
'detail': transaction.detail
}
for transaction in transactions
]
# calculate the current user's account balance
balance = 0
for transaction in transactions:
balance += transaction.transaction_amount
user_info['balance'] = balance
response_content = {
'profile': {
'user_info': user_info,
'list_data': list_data,
'transaction_history': transaction_history
}
}
return JsonResponse(response_content)
except Exception as e:
log_api_error(
error=str(e),
endpoint=self.endpoint_name,
)
content = {
'error': str(e),
'detail': "Something went wrong processing your request."
}
return Response(content, status=status.HTTP_400_BAD_REQUEST)
def post(self, request):
try:
# get the request user's profile info using auth token
user = User.objects.filter(auth_token=request.auth).first()
user_profile = UserProfile.objects.filter(user=user).first()
user_type = user_profile.user_type
organisation = user_profile.organisation
# initialise response content json
return_content = {}
# pull info from request data
list_id = request.data['list_id']
price = request.data['price']
list_status = request.data['status']
notes = request.data['notes']
# get the shopping list using list id
shopping_list = ShoppingList.objects.filter(id=list_id).first()
# identify the user that is the author of the list
shopping_list_user = shopping_list.user
shopping_list_user_profile = UserProfile.objects.filter(user=shopping_list_user).first()
shopping_list_user_organisation = shopping_list_user_profile.organisation
if user_type == 'admin' and organisation == shopping_list_user_organisation:
transaction = None
if shopping_list.price == None:
# if the db price value is not set, add a price
transaction = Transaction(
user=shopping_list_user,
transaction_amount=Decimal(price),
transaction_datetime=datetime.now(),
detail="List price added."
)
elif shopping_list.price != Decimal(price):
# if the db list price is different than the form price, register the difference
difference = Decimal(price) - shopping_list.price
transaction = Transaction(
user=shopping_list_user,
transaction_amount=difference,
transaction_datetime=datetime.now(),
detail=f"List price updated. Old price: ${shopping_list.price}, New price: ${Decimal(price)}, Difference: ${difference}"
)
# set the new price data
shopping_list.price = Decimal(price)
shopping_list.notes = notes
# only allow updates in a 'forwards' direction. ie. A COMPLETE list cannot go back to CREATED.
db_rank = ListStatus.objects.get(label=shopping_list.status).rank
list_rank = ListStatus.objects.get(label=list_status).rank
if db_rank < list_rank:
shopping_list.status = list_status
if transaction:
transaction.save()
shopping_list.save()
return JsonResponse(return_content)
else:
response_content = {
'detail': "You are not authorised to view this page."
}
return Response(response_content, status=status.HTTP_401_UNAUTHORIZED)
except Exception as e:
log_api_error(
error=str(e),
endpoint=self.endpoint_name,
)
content = {
'error': str(e),
'detail': "Something went wrong processing your request."
}
return Response(content, status=status.HTTP_400_BAD_REQUEST)
def post(self, request):
try:
# get list id from the request data
list_id = request.data['list_id']
# get the request user's profile info using auth token
user = User.objects.filter(auth_token=request.auth).first()
user_profile = UserProfile.objects.filter(user=user).first()
user_type = user_profile.user_type
organisation = user_profile.organisation
# get the shopping list using the list id
shopping_list = ShoppingList.objects.filter(id=list_id).first()
# identify the user that is the author of the shoppig list
shopping_list_owner = shopping_list.user
# get that user's profile
shopping_list_owner_profile = UserProfile.objects.filter(user=shopping_list_owner).first()
shopping_list_owner_organisation = shopping_list_owner_profile.organisation
authorised = False # default to unauthorised
if user_type == 'admin' and shopping_list_owner_organisation == organisation:
# an admin user is only authorised to see the lists of users at their own organisation
authorised = True
elif user_type == 'user' and shopping_list_owner == user:
# a 'user' user can only view their own list
authorised = True
if authorised:
# get all the items from the shopping list
shopping_list_items = ShoppingListItem.objects.filter(shopping_list=shopping_list)
# get the list data and append it to the response json
list_id = shopping_list.id
list_name = str(shopping_list)
list_price = shopping_list.price if shopping_list.price else None
list_status = shopping_list.status if shopping_list.status else None
list_items = []
for item in shopping_list_items:
list_items.append(item.item_name)
list_notes = shopping_list.notes if shopping_list.notes else None
list_data = {
'list_id': list_id,
'list_name': list_name,
'list_price': list_price,
'list_status': list_status,
'list_items': list_items,
'list_notes': list_notes
}
response_content = {
'list': list_data
}
return JsonResponse(response_content)
else:
response_content = {
'detail': "You are not authorised to view this page."
}
return Response(response_content, status=status.HTTP_401_UNAUTHORIZED)
except Exception as e:
log_api_error(
error=str(e),
endpoint=self.endpoint_name,
)
content = {
'error': str(e),
'detail': "Something went wrong processing your request."
}
return Response(content, status=status.HTTP_400_BAD_REQUEST)