def create(self, request):
if not request.user.is_staff:
return build_response(request, 403, 'Forbidden')
try:
data = json.loads(request.raw_post_data)
if not len(data['name']) > 4 or not is_valid_id(data['name']):
raise Exception('Invalid name format')
if 'notification_url' in data:
if data['notification_url'] and not is_valid_url(data['notification_url']):
raise Exception('Invalid notification URL format')
else:
data['notification_url'] = ''
tax_address = {}
if 'tax_address' in data:
tax_address = {
'street': data['tax_address']['street'],
'postal': data['tax_address']['postal'],
'city': data['tax_address']['city'],
'country': data['tax_address']['country']
}
payment_info = {}
if 'payment_info' in data:
if not is_valid_credit_card(data['payment_info']['number']):
raise Exception()
payment_info = {
'type': data['payment_info']['type'],
'number': data['payment_info']['number'],
'expire_month': data['payment_info']['expire_month'],
'expire_year': data['payment_info']['expire_year'],
'cvv2': data['payment_info']['cvv2']
}
Organization.objects.create(
name=data['name'],
notification_url=data['notification_url'],
tax_address=tax_address,
payment_info=payment_info,
private=False
)
except Exception as e:
msg = e.message
if not msg.startswith('Invalid'):
msg = 'Invalid content'
return build_response(request, 400, msg)
return build_response(request, 201, 'Created')
def create(self, request):
if not request.user.is_active:
return build_response(request, 403, 'The user has not been activated')
try:
data = json.loads(request.raw_post_data)
if 'name' not in data:
raise Exception('Invalid JSON content')
organization_registered = Organization.objects.filter(name=data['name'])
if len(organization_registered) > 0:
raise Exception('The ' + data['name'] + ' organization is already registered.')
if not len(data['name']) > 4 or not is_valid_id(data['name']):
raise Exception('Enter a valid name.')
if 'notification_url' in data:
if data['notification_url'] and not is_valid_url(data['notification_url']):
raise Exception('Enter a valid URL')
else:
data['notification_url'] = ''
tax_address = {}
if 'tax_address' in data:
tax_address = {
'street': data['tax_address']['street'],
'postal': data['tax_address']['postal'],
'city': data['tax_address']['city'],
'country': data['tax_address']['country']
}
payment_info = {}
if 'payment_info' in data:
if not is_valid_credit_card(data['payment_info']['number']):
raise Exception('Invalid credit card info')
payment_info = {
'type': data['payment_info']['type'],
'number': data['payment_info']['number'],
'expire_month': data['payment_info']['expire_month'],
'expire_year': data['payment_info']['expire_year'],
'cvv2': data['payment_info']['cvv2']
}
Organization.objects.create(
name=data['name'],
notification_url=data['notification_url'],
tax_address=tax_address,
payment_info=payment_info,
private=False
)
user_included = False
if not request.user.is_staff or (request.user.is_staff and 'is_user' in \
data and data['is_user'] == True):
user_included = True
# Include the new user, if the user is not admin include the user
# If the user is an admin, include it depending on if she has created
# the organization as an user
if user_included:
user = request.user
organization = Organization.objects.get(name=data['name'])
user.userprofile.organizations.append({
'organization': organization.pk,
'roles': []
})
user.userprofile.save()
organization.managers.append(user.pk)
organization.save()
except Exception as e:
msg = 'Invalid JSON content'
if e.message:
msg = e.message
return build_response(request, 400, msg)
return build_response(request, 201, 'Created')
def update(self, request, org):
# Get the organization
try:
organization = Organization.objects.get(name=org)
except:
return build_response(request, 404, 'Organization not found')
if not request.user.is_active:
return build_response(request, 403, 'Forbidden')
if not request.user.is_staff and request.user.pk not in organization.managers:
return build_response(request, 403, 'Forbidden')
try:
# Load request data
data = json.loads(request.raw_post_data)
if 'notification_url' in data:
if data['notification_url'] and not is_valid_url(data['notification_url']):
raise Exception('Enter a valid URL')
organization.notification_url = data['notification_url']
# Load the tax address
new_taxaddr = {}
if 'tax_address' in data and data['tax_address'] != {}:
new_taxaddr = {
'street': data['tax_address']['street'],
'postal': data['tax_address']['postal'],
'city': data['tax_address']['city'],
'country': data['tax_address']['country']
}
organization.tax_address = new_taxaddr
# Load the payment info
new_payment = {}
if 'payment_info' in data and data['payment_info'] != {}:
number = data['payment_info']['number']
if not is_valid_credit_card(number):
if 'number' in organization.payment_info and \
is_hidden_credit_card(number, organization.payment_info['number']):
number = organization.payment_info['number']
else:
raise Exception('Invalid credit card number')
new_payment = {
'type': data['payment_info']['type'],
'number': number,
'expire_year': data['payment_info']['expire_year'],
'expire_month': data['payment_info']['expire_month'],
'cvv2': data['payment_info']['cvv2']
}
if 'limits' in data:
limits = _check_limits(data['limits'])
currency = limits['currency']
# Get default RSS
rss = RSS.objects.all()[0]
rss_factory = RSSManagerFactory(rss)
exp_manager = rss_factory.get_expenditure_manager(rss.access_token)
try:
exp_manager.set_actor_limit(limits, organization)
except HTTPError as e:
if e.code == 401:
rss.refresh_token()
exp_manager.set_credentials(rss.access_token)
exp_manager.set_actor_limit(limits, organization)
else:
raise e
# Save limits
limits['currency'] = currency
organization.expenditure_limits = limits
organization.payment_info = new_payment
organization.save()
except Exception as e:
msg = 'Invalid JSON content'
if e.message:
msg = e.message
return build_response(request, 400, msg)
return build_response(request, 200, 'OK')
def update(self, request, username):
if not request.user.is_staff and not request.user.username == username:
return build_response(request, 403, 'Forbidden')
data = json.loads(request.raw_post_data)
# Update the user
try:
user = User.objects.get(username=username)
# Get the user profile
user_profile = UserProfile.objects.get(user=user)
# If WStore is not integrated with the accounts enabler
# update user info and roles
if not settings.OILAUTH:
if request.user.is_staff and 'roles' in data: # The user cannot change its roles
if 'admin' in data['roles'] and request.user.is_staff:
user.is_staff = True
if 'provider' in data['roles']:
# Append the provider role to the user
orgs = []
for o in user_profile.organizations:
if Organization.objects.get(pk=o['organization']).name == user.username \
and 'provider' not in o['roles']:
o['roles'].append('provider')
orgs.append(o)
user_profile.organizations = orgs
elif 'provider' not in data[
'roles'] and 'provider' in user_profile.get_user_roles(
):
# Remove the provider role from the user info
orgs = []
for o in user_profile.organizations:
if Organization.objects.get(
pk=o['organization']
).name == user.username:
o['roles'].remove('provider')
orgs.append(o)
else:
orgs.append(o)
user_profile.organizations = orgs
if 'notification_url' in data and 'provider' in user_profile.get_user_roles(
):
user_org = Organization.objects.get(name=user.username)
user_org.notification_url = data['notification_url']
user_org.save()
if 'password' in data:
user.set_password(data['password'])
if 'first_name' in data and 'last_name' in data:
user.first_name = data['first_name']
user.last_name = data['last_name']
user_profile.complete_name = data[
'first_name'] + ' ' + data['last_name']
elif 'complete_name' in data:
user_profile.complete_name = data['complete_name']
else:
user_org = Organization.objects.get(
actor_id=user.userprofile.actor_id)
if 'notification_url' in data and 'provider' in user_profile.get_user_roles(
):
user_org.notification_url = data['notification_url']
user_org.save()
# Check if expenditure limits are included in the request
if 'limits' in data and data['limits']:
limits = _check_limits(data['limits'])
currency = limits['currency']
# Get default RSS instance
try:
rss_instance = RSS.objects.all()[0]
except:
raise Exception(
'No RSS instance registered: An RSS instance is needed for setting up expenditure limits'
)
# Create limits in the RSS
try:
rss_factory = RSSManagerFactory(rss_instance)
exp_manager = rss_factory.get_expenditure_manager(
rss_instance.access_token)
exp_manager.set_actor_limit(limits, user.userprofile)
except HTTPError as e:
if e.code == 401:
rss_instance.refresh_token()
exp_manager.set_credentials(
rss_instance.access_token)
exp_manager.set_actor_limit(
limits, user.userprofile)
else:
raise e
# Save limits
limits['currency'] = currency
user_org.expenditure_limits = limits
user_org.save()
if 'tax_address' in data:
user_profile.tax_address = {
'street': data['tax_address']['street'],
'postal': data['tax_address']['postal'],
'city': data['tax_address']['city'],
'country': data['tax_address']['country']
}
else:
# the update is absolute so if no tax address provided it is deleted
user_profile.tax_address = {}
if 'payment_info' in data:
number = data['payment_info']['number']
if not is_valid_credit_card(number):
if 'number' in user_profile.payment_info and \
is_hidden_credit_card(number, user_profile.payment_info['number']):
number = user_profile.payment_info['number']
else:
raise Exception('')
user_profile.payment_info = {
'type': data['payment_info']['type'],
'number': number,
'expire_month': data['payment_info']['expire_month'],
'expire_year': data['payment_info']['expire_year'],
'cvv2': data['payment_info']['cvv2']
}
else:
# the update is absolute so if no payment info provided it is deleted
user_profile.payment_info = {}
user.save()
user_profile.save()
except Exception as e:
msg = 'Invalid content'
if e.message:
msg = e.message
return build_response(request, 400, msg)
return build_response(request, 200, 'OK')
def create(self, request):
if settings.OILAUTH:
return build_response(
request, 403,
'It is not possible to create users (use Account enabler instead)'
)
if not request.user.is_staff:
return build_response(request, 403, 'Forbidden')
data = json.loads(request.raw_post_data)
# Validate Info
if (not 'roles' in data) or (not 'username' in data) or (not 'first_name') in data \
or (not 'last_name' in data) or (not 'password' in data):
return build_response(request, 400, 'Missing required field')
# Check username format
if not len(data['username']) > 4 or not is_valid_id(data['username']):
return build_response(request, 400, 'Invalid username format')
# Create the user
try:
user = User.objects.create(username=data['username'],
first_name=data['first_name'],
last_name=data['last_name'])
# Create the password
user.set_password(data['password'])
if 'admin' in data['roles']:
user.is_staff = True
user.save()
# Get the user profile
user_profile = UserProfile.objects.get(user=user)
user_profile.complete_name = data['first_name'] + ' ' + data[
'last_name']
if 'notification_url' in data:
# Check notification URL format
if data['notification_url'] and not is_valid_url(
data['notification_url']):
raise Exception('Invalid notification URL format')
user_profile.current_organization.notification_url = data[
'notification_url']
user_profile.current_organization.save()
if 'provider' in data['roles']:
# Append the provider role to the user organization
# The user profile is just created so only the private organization exists
org = user_profile.organizations[0]
org['roles'].append('provider')
user_profile.save()
user_profile.organizations = [org]
if 'tax_address' in data:
user_profile.tax_address = {
'street': data['tax_address']['street'],
'postal': data['tax_address']['postal'],
'city': data['tax_address']['city'],
'country': data['tax_address']['country']
}
if 'payment_info' in data:
if not is_valid_credit_card(data['payment_info']['number']):
raise Exception()
user_profile.payment_info = {
'type': data['payment_info']['type'],
'number': data['payment_info']['number'],
'expire_month': data['payment_info']['expire_month'],
'expire_year': data['payment_info']['expire_year'],
'cvv2': data['payment_info']['cvv2']
}
user_profile.save()
except Exception as e:
return build_response(request, 400, unicode(e))
return build_response(request, 201, 'Created')
def update(self, request, username):
if not request.user.is_staff and not request.user.username == username:
return build_response(request, 403, 'Forbidden')
data = json.loads(request.raw_post_data)
# Update the user
try:
user = User.objects.get(username=username)
# Get the user profile
user_profile = UserProfile.objects.get(user=user)
# If WStore is not integrated with the accounts enabler
# update user info and roles
if not settings.OILAUTH:
if request.user.is_staff and 'roles' in data: # The user cannot change its roles
if 'admin' in data['roles'] and request.user.is_staff:
user.is_staff = True
if 'provider' in data['roles']:
# Append the provider role to the user
orgs = []
for o in user_profile.organizations:
if Organization.objects.get(pk=o['organization']).name == user.username \
and not 'provider' in o['roles']:
o['roles'].append('provider')
orgs.append(o)
user_profile.organizations = orgs
elif not 'provider' in data['roles'] and 'provider' in user_profile.get_user_roles():
# Remove the provider role from the user info
orgs = []
for o in user_profile.organizations:
if Organization.objects.get(pk=o['organization']).name == user.username:
o['roles'].remove('provider')
orgs.append(o)
else:
orgs.append(o)
user_profile.organizations = orgs
if 'notification_url' in data and 'provider' in user_profile.get_user_roles():
user_org = Organization.objects.get(name=user.username)
user_org.notification_url = data['notification_url']
user_org.save()
if 'password' in data:
user.set_password(data['password'])
if 'first_name' in data and 'last_name' in data:
user.first_name = data['first_name']
user.last_name = data['last_name']
user_profile.complete_name = data['first_name'] + ' ' + data['last_name']
elif 'complete_name' in data:
user_profile.complete_name = data['complete_name']
else:
user_org = Organization.objects.get(actor_id=user.userprofile.actor_id)
if 'notification_url' in data and 'provider' in user_profile.get_user_roles():
user_org.notification_url = data['notification_url']
user_org.save()
# Check if expenditure limits are included in the request
if 'limits' in data and data['limits']:
limits = _check_limits(data['limits'])
currency = limits['currency']
# Get default RSS instance
try:
rss_instance = RSS.objects.all()[0]
except:
raise Exception('No RSS instance registered: An RSS instance is needed for setting up expenditure limits')
# Create limits in the RSS
try:
exp_manager = ExpenditureManager(rss_instance, rss_instance.access_token)
exp_manager.set_actor_limit(limits, user.userprofile)
except HTTPError as e:
if e.code == 401:
rss_instance.refresh_token()
exp_manager.set_credentials(rss_instance.access_token)
exp_manager.set_actor_limit(limits, user.userprofile)
else:
raise e
# Save limits
limits['currency'] = currency
user_org.expenditure_limits = limits
user_org.save()
if 'tax_address' in data:
user_profile.tax_address = {
'street': data['tax_address']['street'],
'postal': data['tax_address']['postal'],
'city': data['tax_address']['city'],
'country': data['tax_address']['country']
}
else:
# the update is absolute so if no tax address provided it is deleted
user_profile.tax_address = {}
if 'payment_info' in data:
number = data['payment_info']['number']
if not is_valid_credit_card(number):
if 'number' in user_profile.payment_info and \
is_hidden_credit_card(number, user_profile.payment_info['number']):
number = user_profile.payment_info['number']
else:
raise Exception('')
user_profile.payment_info = {
'type': data['payment_info']['type'],
'number': number,
'expire_month': data['payment_info']['expire_month'],
'expire_year': data['payment_info']['expire_year'],
'cvv2': data['payment_info']['cvv2']
}
else:
# the update is absolute so if no payment info provided it is deleted
user_profile.payment_info = {}
user.save()
user_profile.save()
except Exception as e:
msg = 'Invalid content'
if e.message:
msg = e.message
return build_response(request, 400, msg)
return build_response(request, 200, 'OK')
def create(self, request):
if settings.OILAUTH:
return build_response(request, 403, 'It is not possible to create users (use Account enabler instead)')
if not request.user.is_staff:
return build_response(request, 403, 'Forbidden')
data = json.loads(request.raw_post_data)
# Validate Info
if (not 'roles' in data) or (not 'username' in data) or (not 'first_name') in data \
or (not 'last_name' in data) or (not 'password' in data):
return build_response(request, 400, 'Missing required field')
# Check username format
if not len(data['username']) > 4 or not is_valid_id(data['username']):
return build_response(request, 400, 'Invalid username format')
# Create the user
try:
user = User.objects.create(username=data['username'], first_name=data['first_name'], last_name=data['last_name'])
# Create the password
user.set_password(data['password'])
if 'admin' in data['roles']:
user.is_staff = True
user.save()
# Get the user profile
user_profile = UserProfile.objects.get(user=user)
user_profile.complete_name = data['first_name'] + ' ' + data['last_name']
if 'notification_url' in data:
# Check notification URL format
if data['notification_url'] and not is_valid_url(data['notification_url']):
raise Exception('Invalid notification URL format')
user_profile.current_organization.notification_url = data['notification_url']
user_profile.current_organization.save()
if 'provider' in data['roles']:
# Append the provider role to the user organization
# The user profile is just created so only the private organization exists
org = user_profile.organizations[0]
org['roles'].append('provider')
user_profile.save()
user_profile.organizations = [org]
if 'tax_address' in data:
user_profile.tax_address = {
'street': data['tax_address']['street'],
'postal': data['tax_address']['postal'],
'city': data['tax_address']['city'],
'country': data['tax_address']['country']
}
if 'payment_info' in data:
if not is_valid_credit_card(data['payment_info']['number']):
raise Exception()
user_profile.payment_info = {
'type': data['payment_info']['type'],
'number': data['payment_info']['number'],
'expire_month': data['payment_info']['expire_month'],
'expire_year': data['payment_info']['expire_year'],
'cvv2': data['payment_info']['cvv2']
}
user_profile.save()
except Exception as e:
return build_response(request, 400, unicode(e))
return build_response(request, 201, 'Created')
def create(self, request):
if not request.user.is_active:
return build_response(request, 403,
'The user has not been activated')
try:
data = json.loads(request.raw_post_data)
if 'name' not in data:
raise Exception('Invalid JSON content')
organization_registered = Organization.objects.filter(
name=data['name'])
if len(organization_registered) > 0:
raise Exception('The ' + data['name'] +
' organization is already registered.')
if not len(data['name']) > 4 or not is_valid_id(data['name']):
raise Exception('Enter a valid name.')
if 'notification_url' in data:
if data['notification_url'] and not is_valid_url(
data['notification_url']):
raise Exception('Enter a valid URL')
else:
data['notification_url'] = ''
tax_address = {}
if 'tax_address' in data:
tax_address = {
'street': data['tax_address']['street'],
'postal': data['tax_address']['postal'],
'city': data['tax_address']['city'],
'country': data['tax_address']['country']
}
payment_info = {}
if 'payment_info' in data:
if not is_valid_credit_card(data['payment_info']['number']):
raise Exception('Invalid credit card info')
payment_info = {
'type': data['payment_info']['type'],
'number': data['payment_info']['number'],
'expire_month': data['payment_info']['expire_month'],
'expire_year': data['payment_info']['expire_year'],
'cvv2': data['payment_info']['cvv2']
}
Organization.objects.create(
name=data['name'],
notification_url=data['notification_url'],
tax_address=tax_address,
payment_info=payment_info,
private=False)
user_included = False
if not request.user.is_staff or (request.user.is_staff and 'is_user' in \
data and data['is_user'] == True):
user_included = True
# Include the new user, if the user is not admin include the user
# If the user is an admin, include it depending on if she has created
# the organization as an user
if user_included:
user = request.user
organization = Organization.objects.get(name=data['name'])
user.userprofile.organizations.append({
'organization':
organization.pk,
'roles': []
})
user.userprofile.save()
organization.managers.append(user.pk)
organization.save()
except Exception as e:
msg = 'Invalid JSON content'
if e.message:
msg = e.message
return build_response(request, 400, msg)
return build_response(request, 201, 'Created')
def update(self, request, org):
# Get the organization
try:
organization = Organization.objects.get(name=org)
except:
return build_response(request, 404, 'Organization not found')
if not request.user.is_active:
return build_response(request, 403, 'Forbidden')
if not request.user.is_staff and request.user.pk not in organization.managers:
return build_response(request, 403, 'Forbidden')
try:
# Load request data
data = json.loads(request.raw_post_data)
if 'notification_url' in data:
if data['notification_url'] and not is_valid_url(
data['notification_url']):
raise Exception('Enter a valid URL')
organization.notification_url = data['notification_url']
# Load the tax address
new_taxaddr = {}
if 'tax_address' in data and data['tax_address'] != {}:
new_taxaddr = {
'street': data['tax_address']['street'],
'postal': data['tax_address']['postal'],
'city': data['tax_address']['city'],
'country': data['tax_address']['country']
}
organization.tax_address = new_taxaddr
# Load the payment info
new_payment = {}
if 'payment_info' in data and data['payment_info'] != {}:
number = data['payment_info']['number']
if not is_valid_credit_card(number):
if 'number' in organization.payment_info and \
is_hidden_credit_card(number, organization.payment_info['number']):
number = organization.payment_info['number']
else:
raise Exception('Invalid credit card number')
new_payment = {
'type': data['payment_info']['type'],
'number': number,
'expire_year': data['payment_info']['expire_year'],
'expire_month': data['payment_info']['expire_month'],
'cvv2': data['payment_info']['cvv2']
}
if 'limits' in data:
limits = _check_limits(data['limits'])
currency = limits['currency']
# Get default RSS
rss = RSS.objects.all()[0]
rss_factory = RSSManagerFactory(rss)
exp_manager = rss_factory.get_expenditure_manager(
rss.access_token)
try:
exp_manager.set_actor_limit(limits, organization)
except HTTPError as e:
if e.code == 401:
rss.refresh_token()
exp_manager.set_credentials(rss.access_token)
exp_manager.set_actor_limit(limits, organization)
else:
raise e
# Save limits
limits['currency'] = currency
organization.expenditure_limits = limits
organization.payment_info = new_payment
organization.save()
except Exception as e:
msg = 'Invalid JSON content'
if e.message:
msg = e.message
return build_response(request, 400, msg)
return build_response(request, 200, 'OK')