def test_policies_torture(self):
UsersLogic.register(RegisteredUser('ShaharBenS', "SsS0897SsS"))
UsersLogic.update_details('ShaharBenS', 'AFG', 20, 'Male')
UsersLogic.register(RegisteredUser('ShaharBenS2', "SsS0897SsS"))
ShopLogic.create_shop(Shop('eBay', "Active"), 'ShaharBenS2')
ShopLogic.create_shop(Shop('Amazon', "Active"), 'ShaharBenS2')
item1 = Item(1, 'eBay', 'apple', 'vegas', 'good', 10, 500, 'regular',
None, 0, 0, 0)
item2 = Item(2, 'Amazon', 'apple', 'fruits', 'good', 10, 500,
'regular', None, 0, 0, 0)
ItemsLogic.add_item_to_shop(item1, 'ShaharBenS2')
ItemsLogic.add_item_to_shop(item2, 'ShaharBenS2')
ShoppingPolicyLogic.add_shopping_policy_on_shop(
'ShaharBenS2', 'eBay', "age = ''20''", "AL", 3)
ShoppingPolicyLogic.add_shopping_policy_on_shop(
'ShaharBenS2', 'Amazon', "age > ''15''", "UT", 5)
ShoppingPolicyLogic.add_shopping_policy_on_identity(
'Ultimate_ShaharShahar', "sex = ''Male''", "AL", 9)
ShoppingPolicyLogic.add_shopping_policy_on_category(
'Ultimate_ShaharShahar', "vegas", "state = ''AFG''", "UT", 5)
ShoppingPolicyLogic.add_shopping_policy_on_items(
'Ultimate_ShaharShahar', "apple", "state != ''AFG''", "E", 2)
access_token = hashlib.md5('ShaharBenS'.encode()).hexdigest()
Consumer.loggedInUsers[access_token] = 'ShaharBenS'
Consumer.loggedInUsersShoppingCart[access_token] = []
UserShoppingCartLogic.add_item_shopping_cart(
access_token, ShoppingCartItem('ShaharBenS', 2, 3, None))
UserShoppingCartLogic.add_item_shopping_cart(
access_token, ShoppingCartItem('ShaharBenS', 1, 7, None))
status = UserShoppingCartLogic.pay_all(access_token)
self.assertFalse(StoB(status))
def test_supply_system(self):
UsersLogic.register(RegisteredUser('ShaharBenS', "SsS0897SsS"))
UsersLogic.update_details('ShaharBenS', 'AFG', 20, 'Male')
UsersLogic.register(RegisteredUser('ShaharBenS2', "SsS0897SsS"))
ShopLogic.create_shop(Shop('eBay', "Active"), 'ShaharBenS2')
ShopLogic.create_shop(Shop('Amazon', "Active"), 'ShaharBenS2')
item1 = Item(1, 'eBay', 'apple', 'vegas', 'good', 10, 500, 'regular',
None, 0, 0, 0)
item2 = Item(2, 'Amazon', 'apple', 'fruits', 'good', 10, 500,
'regular', None, 0, 0, 0)
ItemsLogic.add_item_to_shop(item1, 'ShaharBenS2')
ItemsLogic.add_item_to_shop(item2, 'ShaharBenS2')
access_token = hashlib.md5('ShaharBenS'.encode()).hexdigest()
Consumer.loggedInUsers[access_token] = 'ShaharBenS'
Consumer.loggedInUsersShoppingCart[access_token] = []
UserShoppingCartLogic.add_item_shopping_cart(
access_token, ShoppingCartItem('ShaharBenS', 2, 3, None))
UserShoppingCartLogic.add_item_shopping_cart(
access_token, ShoppingCartItem('ShaharBenS', 1, 7, None))
ExternalSystems.supply = ProxySupplySystem.ProxySupplySystem()
status = UserShoppingCartLogic.pay_all(access_token)
if isinstance(status, list) is not True:
status = False
self.assertFalse(status)
ExternalSystems.supply = SupplySystem.SupplySystem()
status = UserShoppingCartLogic.pay_all(access_token)
if isinstance(status, list):
status = True
self.assertTrue(status)
def add_review_on_shop(request):
if request.method == 'POST':
shop_name = request.POST.get('shop_name')
description = request.POST.get('description')
rank = int(request.POST.get('rank'))
event = "ADD REVIEW ON SHOP"
suspect_sql_injection = False
suspect_sql_injection = LoggerLogic.identify_sql_injection(
shop_name, event) or suspect_sql_injection
suspect_sql_injection = LoggerLogic.identify_sql_injection(
description, event) or suspect_sql_injection
if suspect_sql_injection:
return HttpResponse(LoggerLogic.MESSAGE_SQL_INJECTION)
login = request.COOKIES.get('login_hash')
if login is not None:
writer_id = Consumer.loggedInUsers.get(login)
shop_review = ShopReview(writer_id, description, rank, shop_name)
old_review = ShopLogic.get_shop_review_with_writer(
shop_name, writer_id)
if old_review is not False:
return HttpResponse('has reviews')
if ShopLogic.add_review_on_shop(shop_review):
return HttpResponse('success')
return HttpResponse('fail')
def setUp(self):
init_database('db.sqlite3')
register(RegisteredUser('YoniYoni', '1234567878'))
register(RegisteredUser('StoreManager1', '1234567878'))
shop = Shop('My Shop', 'Active')
ShopLogic.create_shop(shop, 'YoniYoni')
UsersLogic.add_manager('YoniYoni', StoreManager('StoreManager1', 'My Shop', 1, 1, 1, 1, 1, 1, 1, 1))
def get_reviews(request):
if request.method == 'GET':
login = request.COOKIES.get('login_hash')
guest = request.COOKIES.get('guest_hash')
context = {
'topbar': Topbar_Navbar.get_top_bar(login),
'navbar': Topbar_Navbar.get_nav_bar(login, guest)
}
shop_name = request.GET.get('shop_name')
shop = ShopLogic.search_shop(shop_name)
if shop is not False:
reviews = ShopLogic.get_shop_reviews(shop_name)
string_reviews = ""
for review in reviews:
string_reviews += loader.render_to_string(
'components/review.html', {
'writer_name': review.writerId,
'rank': review.rank,
'description': review.description
}, None, None)
context.update({
'shop_name': shop_name,
'reviews': string_reviews
})
return render(request, 'shop_reviews.html', context=context)
return HttpResponse(shop_not_exist)
return HttpResponse(not_get_request)
def test_permissions(self):
UsersLogic.register(RegisteredUser('ShaharShahar', '1212345678'))
UsersLogic.register(RegisteredUser('TomerTomerLev', '65412321'))
shop = Shop('myShop', 'Active')
ShopLogic.create_shop(shop, 'ShaharShahar')
UsersLogic.add_manager(
'ShaharShahar',
StoreManager('TomerTomerLev', 'myShop', 1, 1, 1, 1, 1, 1, 1, 1))
ItemsLogic.add_item_to_shop(
Item(None, 'myShop', 'doll', 'toys', 'toys:kids', 20, 300,
'regular', None, 0, 0, 0), 'TomerTomerLev')
item = Items.get_item(1)
self.assertEqual(item.shop_name, 'myShop')
self.assertEqual(item.price, 20)
self.assertEqual(item.quantity, 300)
status = ItemsLogic.edit_shop_item('TomerTomerLev', 1, 'price', 40)
self.assertTrue(status)
status = ItemsLogic.edit_shop_item('TomerTomerLev', 1, 'name',
'doll_new')
self.assertTrue(status)
status = ItemsLogic.edit_shop_item('TomerTomerLev', 1, 'quantity', 40)
self.assertTrue(status)
item = Items.get_item(1)
self.assertEqual(item.name, 'doll_new')
self.assertEqual(item.quantity, 40)
self.assertEqual(item.keyWords, 'toys:kids')
status = ItemsLogic.remove_item_from_shop(1, 'TomerTomerLev')
self.assertTrue(status)
def test_bad_create_shop(self):
register(RegisteredUser('TomerTomer', '1234567878'))
shop = Shop('My Shop', 'Active')
ShopLogic.create_shop(shop, 'TomerTomer')
shop_founded = Shops.search_shop('My Shop')
self.assertTrue(shop_founded.name == 'My Shop')
status = ShopLogic.create_shop(shop, 'TomerTomer')
self.assertEqual(status, 'FAILED: Shop name is taken')
def test_add_manager(self):
ShopLogic.create_shop(SHOP, USERNAME)
UsersLogic.register(OTHER_USER)
manager = StoreManager(OTHER_USERNAME, SHOP_NAME, PERMISSIONS[0], PERMISSIONS[1],
PERMISSIONS[2], PERMISSIONS[3], PERMISSIONS[4], PERMISSIONS[5], PERMISSIONS[6],
PERMISSIONS[7])
is_added = UsersLogic.add_manager(USERNAME, manager)
self.assertTrue(is_added)
def test_bad_sys_man_close_shop_permanently(self):
register(RegisteredUser('YoniYoni', '12121122'))
register(RegisteredUser('ToniToni', '12121122'))
remover = get_user('YoniYoni')
owner = get_user('ToniToni')
shop = Shop('My Shop', 'Active')
ShopLogic.create_shop(shop, owner.username)
status = close_shop_permanently(remover.username, 'My Shop')
self.assertFalse(status)
def test_modify_notifications(self):
ShopLogic.create_shop(SHOP, USERNAME)
UsersLogic.modify_notifications(USERNAME, 0, SHOP.name)
owner = Owners.get_owner(USERNAME, SHOP_NAME)
self.assertEqual(0, owner.should_notify)
UsersLogic.modify_notifications(USERNAME, 1, SHOP.name)
owner = Owners.get_owner(USERNAME, SHOP_NAME)
self.assertEqual(1, owner.should_notify)
def setUp(self):
init_database('db.sqlite3')
UsersLogic.register(RegisteredUser('ShaharBenS', "SsS0897SsS"))
UsersLogic.update_details('ShaharBenS', 'AFG', 20, 'Male')
UsersLogic.register(RegisteredUser('ShaharBenS2', "SsS0897SsS"))
ShopLogic.create_shop(Shop('eBay', "Active"), 'ShaharBenS2')
item1 = Item(1, 'eBay', 'banana', 'vegas', 'good', 10, 500, 'regular', None, 0, 0, 0)
ItemsLogic.add_item_to_shop(item1, 'ShaharBenS2')
def test_close_shop_permanently(self):
register(RegisteredUser('YoniYoni', '12121212'))
register(RegisteredUser('ToniToniToniToni', '12112212'))
remover = get_user('YoniYoni')
owner = get_user('ToniToniToniToni')
shop = Shop('My Shop', 'Active')
ShopLogic.create_shop(shop, owner.username)
add_system_manager(SystemManager(remover.username, remover.password))
status = close_shop_permanently(remover.username, shop.name)
self.assertTrue(status)
def test_add_store_manager(self):
UsersLogic.register(RegisteredUser('ShaharShahar', '12345126'))
UsersLogic.register(RegisteredUser('TomerTomerLev', '65412321'))
shop = Shop('myShop', 'Active')
ShopLogic.create_shop(shop, 'ShaharShahar')
UsersLogic.add_manager(
'ShaharShahar',
StoreManager('TomerTomerLev', 'myShop', 1, 1, 1, 1, 1, 1, 1, 1))
manager = StoreManagers.get_store_manager('TomerTomerLev', 'myShop')
self.assertTrue(manager.permission_add_item > 0)
self.assertTrue(manager.permission_remove_item > 0)
self.assertTrue(manager.permission_edit_item > 0)
self.assertEqual(manager.store_name, 'myShop')
self.assertEqual(manager.username, 'TomerTomerLev')
def test_add_invisible_discount_bad(self):
register(RegisteredUser('YoniYoni', '1234567878'))
register(RegisteredUser('StoreManager1', '1234567878'))
shop = Shop('My Shop', 'Active')
ShopLogic.create_shop(shop, 'YoniYoni')
UsersLogic.add_manager(
'YoniYoni',
StoreManager('StoreManager1', 'My Shop', 1, 1, 1, 1, 1, 1, 1, 1))
item1 = Item(1, 'My Shop', 'milk', 'diary', 'good', 12, 100, 'regular',
None, 0, 0, 0)
ItemsLogic.add_item_to_shop(item1, 'StoreManager1')
invdisc = InvisibleDiscount('ABCDEFGHIJKLMNO', item1.id, shop.name, -1,
'2018-12-01', '2019-12-01')
self.assertFalse(add_invisible_discount(invdisc, 'YoniYoni'))
def test_review_on_shop(self):
register(RegisteredUser('TomerTomer', '1234567878'))
user = get_user('TomerTomer')
shop = Shop('My Shop', 'Active')
ShopLogic.create_shop(shop, 'TomerTomer')
ItemsLogic.add_item_to_shop(Item(1, 'My Shop', 'milk', 'diary', 'good', 12, 100, 'regular', None, 0, 0, 0),
'TomerTomer')
purchase_id = add_purchase_and_return_id(datetime.now(), 'TomerTomer', 0)
status = PurchasedItems.add_purchased_item(purchase_id, 1, 10, 10)
shop_review = ShopReview('TomerTomer', 'Best', 10, 'My Shop')
status = ShopLogic.add_review_on_shop(shop_review)
reviews = get_all_reviews_on_shop('My Shop')
answer = len(reviews) == 1
self.assertTrue(answer)
def setUp(self):
init_database('db.sqlite3')
username = '******'
shop_name = 'My New Shop'
register(RegisteredUser(username, '12341256')) # register user
ShopLogic.create_shop(Shop.Shop(shop_name, 'Active'),
username) # add shop
ItemsLogic.add_item_to_shop(
Item.Item(1, shop_name, 'milk', 'milk', 'keywords', 12, 100,
'regular', None, 0, 0, 0), username)
ItemsLogic.add_item_to_shop(
Item.Item(2, shop_name, 'glue', 'glue', 'keywords', 12, 100,
'regular', None, 0, 0, 0), username)
def test_bad_no_get_all_premss_send_message_and_get_messages_of_shops(self):
register(RegisteredUser('TomerTomer1', '1234567878'))
shop1 = Shop('My Shop1', 'Active')
ShopLogic.create_shop(shop1, 'TomerTomer1')
register(RegisteredUser('TomerTomer2', '1234567878'))
shop2 = Shop('My Shop2', 'Active')
ShopLogic.create_shop(shop2, 'TomerTomer2')
UsersLogic.add_manager('TomerTomer1', StoreManager('TomerTomer2', 'My Shop1', 1, 1, 1, 1, 0, 1, 1, 1))
UsersLogic.add_manager('TomerTomer2', StoreManager('TomerTomer1', 'My Shop2', 1, 1, 1, 1, 0, 1, 1, 1))
MessagingLogic.send_message_from_shop('TomerTomer2', Message(1, 'My Shop1', 'My Shop2', 'Hello 1'))
MessagingLogic.send_message_from_shop('TomerTomer1', Message(2, 'My Shop2', 'My Shop1', 'Hello 2'))
messages1 = MessagingLogic.get_all_shop_messages('TomerTomer2', 'My Shop1')
messages2 = MessagingLogic.get_all_shop_messages('TomerTomer1', 'My Shop2')
self.assertFalse(messages1)
self.assertFalse(messages2)
def test_bad_no_permssion_send_message_and_get_messages_of_shops(self):
register(RegisteredUser('TomerTomer1', '1234567878'))
shop1 = Shop('My Shop1', 'Active')
ShopLogic.create_shop(shop1, 'TomerTomer1')
register(RegisteredUser('TomerTomer2', '1234567878'))
shop2 = Shop('My Shop2', 'Active')
ShopLogic.create_shop(shop2, 'TomerTomer2')
UsersLogic.add_manager('TomerTomer1', StoreManager('TomerTomer2', 'My Shop1', 1, 1, 1, 0, 1, 1, 1, 1))
UsersLogic.add_manager('TomerTomer2', StoreManager('TomerTomer1', 'My Shop2', 1, 1, 1, 0, 1, 1, 1, 1))
self.assertEqual(MessagingLogic.send_message_from_shop('TomerTomer2',
Message(1, 'My Shop1', 'My Shop2', 'Hello 1'))
, "FAILED: You don't have the permissions")
self.assertEqual(MessagingLogic.send_message_from_shop('TomerTomer1',
Message(2, 'My Shop2', 'My Shop1', 'Hello 2'))
, "FAILED: You don't have the permissions")
def create_shop(request):
if request.method == 'POST':
# return HttpResponse('item added')
shop_name = request.POST.get('name')
shop_status = request.POST.get('status')
event = "ADD SHOP"
suspect_sql_injection = False
suspect_sql_injection = LoggerLogic.identify_sql_injection(
shop_name, event) or suspect_sql_injection
suspect_sql_injection = LoggerLogic.identify_sql_injection(
shop_status, event) or suspect_sql_injection
if suspect_sql_injection or shop_name == '':
return HttpResponse(LoggerLogic.MESSAGE_SQL_INJECTION)
login = request.COOKIES.get('login_hash')
if login is None:
login = request.POST.get('login_hash')
if login is None:
return HttpResponse('FAILED: You are not logged in')
username = Consumer.loggedInUsers.get(login)
if username is None:
return HttpResponse('FAILED: You are not logged in')
shop = Shop(shop_name, shop_status)
return HttpResponse(ShopLogic.create_shop(shop, username))
def get_system_shops(request):
if request.method == 'GET':
login = request.COOKIES.get('login_hash')
if login is not None:
username = Consumer.loggedInUsers.get(login)
if username is not None:
if UsersLogic.is_system_manager(username):
orders_html = ""
shops_html = ""
shops = ShopLogic.get_all_shops()
for shop in shops:
shops_html += loader.render_to_string(
'components/shop.html',
context={
'shop_name': shop.name,
'status': shop.status
})
context = {
'topbar': Topbar_Navbar.get_top_bar(login),
'navbar': Topbar_Navbar.get_nav_bar(login, None)
}
context.update({'shops': shops_html})
return render(request,
'system-shops.html',
context=context)
return HttpResponse("You don't have the privilege to be here")
def test_no_permission(self):
UsersLogic.register(RegisteredUser('ShaharShahar', '12312456'))
UsersLogic.register(RegisteredUser('TomerTomerLev', '65431221'))
shop = Shop('myShop', 'Active')
ShopLogic.create_shop(shop, 'ShaharShahar')
UsersLogic.add_manager(
'ShaharShahar',
StoreManager('TomerTomerLev', 'myShop', 0, 0, 0, 0, 0, 0, 0, 0))
status = ItemsLogic.add_item_to_shop(
Item(None, 'myShop', 'doll', 'toys', 'toys;kids', 20, 300,
'regular', None, 0, 0, 0), 'TomerTomerLev')
self.assertFalse(status)
message = Message(None, 'myShop', 'ShaharShahar', 'Hi There')
status = MessagingLogic.send_message_from_shop('TomerTomerLev',
message)
self.assertFalse(returnStringToBoolean(status))
def setUp(self):
init_database('db.sqlite3')
register(RegisteredUser('TomerTomer', '1234567878'))
shop = Shop('My Shop', 'Active')
ShopLogic.create_shop(shop, 'TomerTomer')
ItemsLogic.add_item_to_shop(
Item(1, 'My Shop', 'milk', 'diary', 'good', 12, 100, 'regular',
None, 0, 0, 0), 'TomerTomer')
ItemsLogic.add_item_to_shop(
Item(2, 'My Shop', 'steak', 'meat', 'bad', 12, 100, 'regular',
None, 0, 0, 0), 'TomerTomer')
ItemsLogic.add_item_to_shop(
Item(3, 'My Shop', 'banana', 'fruit', 'best', 12, 100, 'regular',
None, 0, 0, 0), 'TomerTomer')
ItemsLogic.add_item_to_shop(
Item(4, 'My Shop', 'water', 'drinks', 'one two', 12, 100,
'regular', None, 0, 0, 0), 'TomerTomer')
def test_get_visible_discount_bad_item(self):
register(RegisteredUser('YoniYoni', '1234567878'))
register(RegisteredUser('StoreManager1', '1234567878'))
shop = Shop('My Shop', 'Active')
ShopLogic.create_shop(shop, 'YoniYoni')
UsersLogic.add_manager(
'YoniYoni',
StoreManager('StoreManager1', 'My Shop', 1, 1, 1, 1, 1, 1, 1, 1))
item1 = Item(1, 'My Shop', 'milk', 'diary', 'good', 12, 100, 'regular',
None, 0, 0, 0)
item2 = Item(2, 'My Shop', 'milk1', 'diary1', 'good', 12, 100,
'regular', None, 0, 0, 0)
ItemsLogic.add_item_to_shop(item1, 'StoreManager1')
disc = VisibleDiscount(item1.id, shop.name, 50, '2018-12-01',
'2019-12-01')
self.assertTrue(add_visible_discount(disc, 'YoniYoni'))
self.assertFalse(get_visible_discount(item2.id, shop.name))
def close_shop_permanently(request):
if request.method == 'POST':
shop_name = request.POST.get('shop_name')
login = request.COOKIES.get('login_hash')
if login is not None:
username = Consumer.loggedInUsers.get(login)
if ShopLogic.close_shop_permanently(username, shop_name):
return HttpResponse('success')
return HttpResponse('fail')
def test_get_visible_discount(self):
register(RegisteredUser('YoniYoni', '1234567878'))
register(RegisteredUser('StoreManager1', '1234567878'))
shop = Shop('My Shop', 'Active')
ShopLogic.create_shop(shop, 'YoniYoni')
UsersLogic.add_manager(
'YoniYoni',
StoreManager('StoreManager1', 'My Shop', 1, 1, 1, 1, 1, 1, 1, 1))
item1 = Item(1, 'My Shop', 'milk', 'diary', 'good', 12, 100, 'regular',
None, 0, 0, 0)
ItemsLogic.add_item_to_shop(item1, 'StoreManager1')
disc = VisibleDiscount(item1.id, shop.name, 50, '2018-12-01',
'2019-12-01')
self.assertTrue(add_visible_discount(disc, 'YoniYoni'))
getted = get_visible_discount(item1.id, shop.name)
self.assertEqual(getted.item_id, disc.item_id)
self.assertEqual(getted.shop_name, disc.shop_name)
self.assertEqual(getted.percentage, disc.percentage)
def get_shop_owner(request):
if request.method == 'GET':
shop_name = request.GET.get('shop_name')
login = request.COOKIES.get('login_hash')
if login is not None:
username = Consumer.loggedInUsers.get(login)
if username is not None:
if UsersLogic.is_system_manager(username):
shops = ShopLogic.get_store_owners(shop_name)
shops_string = ""
for shop in shops:
shops_string += shop.username + "\n"
return HttpResponse(shops_string)
return HttpResponse('fail')
def watch_purchase_history(request):
if request.method == 'GET':
shop_name = request.GET.get('shop_name')
login = request.COOKIES.get('login_hash')
guest = request.COOKIES.get('guest_hash')
if login is not None:
username = Consumer.loggedInUsers.get(login)
if username is None:
return HttpResponse(error_login_owner)
else:
return HttpResponse(error_login_owner)
if not UsersLogic.is_owner_of_shop(username, shop_name):
if UsersLogic.is_manager_of_shop(username, shop_name):
manager = UsersLogic.get_manager(username, shop_name)
if manager.permission_get_purchased_history is not 1: # no permission
return HttpResponse(
'no permission to watch purchase history')
else:
return HttpResponse('fail') # not manager not owner
every_html = {
'top_bar': Topbar_Navbar.get_top_bar(login),
'nav_bar': Topbar_Navbar.get_nav_bar(login, guest)
}
shop_items = ShopLogic.get_shop_purchase_history(username, shop_name)
string_items = ""
for item in shop_items:
string_items += loader.render_to_string(
'components/purchase_item_owner.html', {
'purchase_id': item.purchase_id,
'item_id': item.item_id,
'quantity': item.quantity,
'price': item.price
})
return render(request,
'shop_view_purchase_history.html',
context={
'every_html': every_html,
'items': string_items,
'shop_name': shop_name
})
return HttpResponse(not_get_request)
def get_managers(request):
if request.method == 'GET':
login = request.COOKIES.get('login_hash')
shop_name = request.GET.get('shop_name')
if login is not None:
username = Consumer.loggedInUsers.get(login)
if username is not None:
if UsersLogic.is_owner_on_shop(username,
shop_name) is not False:
managers_html = ""
managers = ShopLogic.get_store_managers(shop_name)
for manager in managers:
check_array = ["", "checked"]
managers_html += loader.render_to_string(
'components/ManagersOnShop.html',
context={
'manager_name':
manager.username,
'checked_AIP':
check_array[manager.permission_add_item],
'checked_RIP':
check_array[manager.permission_remove_item],
'checked_EIP':
check_array[manager.permission_edit_item],
'checked_RMP':
check_array[manager.permission_reply_messages],
'checked_GAP':
check_array[
manager.permission_get_all_messages],
'checked_GPHP':
check_array[
manager.permission_get_purchased_history],
'checked_DP':
check_array[manager.discount_permission],
'checked_SP':
check_array[manager.permission_set_policy],
})
return HttpResponse(managers_html)
return HttpResponse('fail')
def get_shop_to_owner(request):
if request.method == 'GET':
shop_name = request.GET.get('shop_name')
login = request.COOKIES.get('login_hash')
guest = request.COOKIES.get('guest_hash')
context = {
'topbar': Topbar_Navbar.get_top_bar(login),
'navbar': Topbar_Navbar.get_nav_bar(login, guest)
}
if login is not None:
username = Consumer.loggedInUsers.get(login)
if username is None:
return HttpResponse(error_login_owner)
else:
return HttpResponse(error_login_owner)
if UsersLogic.is_owner_of_shop(username, shop_name) is not False:
shop_items = ShopLogic.get_shop_items(shop_name)
string_items = ""
for item in shop_items:
string_items += loader.render_to_string(
'components/item_owner.html', {
'item_name': item.name,
'item_quantity': item.quantity,
'item_category': item.category,
'item_keywords': item.keyWords,
'item_price': item.price,
'item_url': item.url,
'item_id': item.id,
'shop_name': item.shop_name
})
context.update({'items': string_items, 'shop_name': shop_name})
return render(request,
'shop_items_management.html',
context=context)
else:
return HttpResponse(shop_not_exist + " with username=" + username)
return HttpResponse(not_get_request)
def add_discount(request):
global result
if request.method == 'POST':
shop_name = request.POST.get('shop_name')
percent = int(request.POST.get('percent'))
kind = request.POST.get('kind')
event = "ADD DISCOUNT"
suspect_sql_injection = False
suspect_sql_injection = LoggerLogic.identify_sql_injection(
shop_name, event) or suspect_sql_injection
suspect_sql_injection = LoggerLogic.identify_sql_injection(
kind, event) or suspect_sql_injection
if suspect_sql_injection:
return HttpResponse(LoggerLogic.MESSAGE_SQL_INJECTION)
start_date = request.POST.get('start_date')
end_date = request.POST.get('duration')
end_date = end_date.split('-')
end_date = end_date[0] + '-' + end_date[2] + '-' + end_date[1]
start_date = start_date.split('-')
start_date = start_date[0] + '-' + start_date[2] + '-' + start_date[1]
if shop_name is None or ShopLogic.search_shop(shop_name) is False:
return HttpResponse('invalid shop')
login = request.COOKIES.get('login_hash')
username = None
if login is not None:
username = Consumer.loggedInUsers.get(login)
if username is None:
return HttpResponse('user not logged in')
if not UsersLogic.is_owner_of_shop(username, shop_name):
if UsersLogic.is_manager_of_shop(username, shop_name):
manager = UsersLogic.get_manager(username, shop_name)
if manager.discount_permission is not 1: # no permission
return HttpResponse('no permission to add discount')
else:
return HttpResponse('not owner or manager in this shop'
) # not manager not owner
if kind == "visible_item":
item_id = request.POST.get('item_id')
if LoggerLogic.identify_sql_injection(item_id, event):
return HttpResponse(LoggerLogic.MESSAGE_SQL_INJECTION)
item = ItemsLogic.get_item_without_lottery(item_id)
if item is False or item.shop_name != shop_name:
return HttpResponse("item with id=" + item_id +
" doesnt exist in this shop or a ticket")
discount = VisibleDiscount(item_id, shop_name, percent, start_date,
end_date)
result = DiscountLogic.add_visible_discount(discount, username)
elif kind == "invisible_item":
item_id = request.POST.get('item_id')
code = request.POST.get('code')
suspect_sql_injection = False
suspect_sql_injection = LoggerLogic.identify_sql_injection(
item_id, event) or suspect_sql_injection
suspect_sql_injection = LoggerLogic.identify_sql_injection(
code, event) or suspect_sql_injection
if suspect_sql_injection:
return HttpResponse(LoggerLogic.MESSAGE_SQL_INJECTION)
item = ItemsLogic.get_item_without_lottery(item_id)
if item is False or item.shop_name != shop_name:
return HttpResponse("item with id=" + item_id +
" doesnt exist in this shop or a ticket")
discount = InvisibleDiscount(code, item_id, shop_name, percent,
start_date, end_date)
result = DiscountLogic.add_invisible_discount(discount, username)
elif kind == "visible_category":
category = request.POST.get('category')
if LoggerLogic.identify_sql_injection(category, event):
return HttpResponse(LoggerLogic.MESSAGE_SQL_INJECTION)
discount = VisibleDiscountCategory(category, shop_name, percent,
start_date, end_date)
result = DiscountLogic.add_visible_discount_category(
discount, username)
elif kind == "invisible_category":
category = request.POST.get('category')
code = request.POST.get('code')
suspect_sql_injection = False
suspect_sql_injection = LoggerLogic.identify_sql_injection(
category, event) or suspect_sql_injection
suspect_sql_injection = LoggerLogic.identify_sql_injection(
code, event) or suspect_sql_injection
if suspect_sql_injection:
return HttpResponse(LoggerLogic.MESSAGE_SQL_INJECTION)
discount = InvisibleDiscountCategory(code, category, shop_name,
percent, start_date, end_date)
result = DiscountLogic.add_invisible_discount_category(
discount, username)
if result:
return HttpResponse('success')
else:
return HttpResponse(
'discount already exist for this item/category!')
else:
return HttpResponse('FAIL: not post request')