def get_queryset(self):
query_params = {key: value or None for key, value in self.request.GET.items()}
user_group = self.request.user.group.name
if user_group in getattr(settings, 'DISTRICT_GROUPS', []):
target_locations = get_user_district_locations(self.request.user)
query_params.update({'location__in': target_locations})
if 'ordering' in query_params:
ordering_params = query_params['ordering']
del query_params['ordering']
query_set = UserProfile.objects(**query_params).order_by('%s' % ordering_params)
else:
query_set = UserProfile.objects(**query_params).order_by('-created_at')
return query_set
def validate_email(self, attrs, source):
email = attrs.get(source)
updated_value = email != getattr(self.object, 'email', '')
if not email:
return attrs
self.__check_uniqueness(attrs, 'email', UserProfile.objects(email=email), updated_value)
return attrs
def setUp(self):
date_time = datetime.datetime(2014, 9, 17, 16, 0, 49, 807000)
phone_number = "256775019449"
self.district = Location(
**dict(name='Kampala', parent=None, type='district')).save()
self.village = Location(**dict(
name='Bukoto', parent=self.district, type='village')).save()
self.mobile_user = UserProfile(**dict(name='timothy',
phone=phone_number,
location=self.village,
email=None)).save()
self.poll_attr = dict(name="Disaster",
question="How many disasters are in your area?",
keyword="some_word",
target_locations=[str(self.village.id)])
self.poll = Poll(**self.poll_attr).save()
self.text_format = "NECOCPoll %s there are 4 or 5"
text = self.text_format % self.poll_attr['keyword']
self.poll_response = dict(phone_no=phone_number,
text=text,
received_at=date_time,
relayer_id=234,
run_id=23243)
self.serialized_data = dict(phone=phone_number,
time=date_time,
relayer=234,
run=23243,
text=text)
def test_reseting_password_sends_email(self, mock_send_email):
profile = UserProfile(**self.mobile_user_attr).save()
response = self.client.post(self.API_ENDPOINT + str(profile.id) +
'/password_reset/')
self.assertEqual(200, response.status_code)
mock_send_email.assert_called_with('NECOC Password Reset', mock.ANY,
settings.DEFAULT_FROM_EMAIL,
[profile.email])
def test_reset_password_for_non_web_user_raises_404(self):
attr = self.mobile_user_attr.copy()
del attr['user']
profile = UserProfile(**attr).save()
response = self.client.post(self.API_ENDPOINT + str(profile.id) +
'/password_reset/')
self.assertEqual(404, response.status_code)
self.assertEqual({"detail": "Not found"}, response.data)
def test_cant_post_reset_password_without_manage_user_permission(self):
profile = UserProfile(**self.mobile_user_attr).save()
self.assert_permission_required_for_get(self.API_ENDPOINT +
str(profile.id) +
'/password_reset/')
self.assert_permission_required_for_post(self.API_ENDPOINT +
str(profile.id) +
'/password_reset/')
def test_should_reset_password_of_user(self):
profile = UserProfile(**self.mobile_user_attr).save()
response = self.client.post(self.API_ENDPOINT + str(profile.id) +
'/password_reset/')
self.assertEqual(200, response.status_code)
self.assertEqual({}, response.data)
self.assertFalse(
(User.objects(username=self.user.username)).first().check_password(
self.initial_password))
def test_should_update_password_of_user(self):
profile = UserProfile(**self.mobile_user_attr).save()
response = self.client.post(
self.API_ENDPOINT + str(profile.id) + '/password/',
self.password_data)
profiles = UserProfile.objects()
users = User.objects(username=self.user.username)
self.assertEqual(200, response.status_code)
self.assertEqual({}, response.data)
self.assertEqual(1, profiles.count())
self.assertEqual(1, users.count())
self.assertTrue(users.first().check_password(
self.password_data['new_password']))
response = self.client.login(
username=self.user.username,
password=self.password_data['new_password'])
self.assertTrue(response)
def test_user_can_only_change_their_password(self):
attr = self.mobile_user_attr.copy()
del attr['user']
profile = UserProfile(**attr).save()
response = self.client.post(
self.API_ENDPOINT + str(profile.id) + '/password/',
self.password_data)
users = User.objects(username=self.user.username)
self.assertEqual(403, response.status_code)
self.assertTrue(users.first().check_password(
self.password_data['old_password']))
def test_user_must_be_logged_in_to_change_their_password(self):
profile = UserProfile(**(self.mobile_user_attr.copy())).save()
self.client.logout()
response = self.client.post(
self.API_ENDPOINT + str(profile.id) + '/password/',
self.password_data)
users = User.objects(username=self.user.username)
self.assertEqual(403, response.status_code)
self.assertTrue(users.first().check_password(
self.password_data['old_password']))
def test_should_update_password_of_user(self):
profile = UserProfile(**self.mobile_user_attr).save()
response = self.client.post(self.API_ENDPOINT + str(profile.id) + '/password/', self.password_data)
profiles = UserProfile.objects()
users = User.objects(username=self.user.username)
self.assertEqual(200, response.status_code)
self.assertEqual({}, response.data)
self.assertEqual(1, profiles.count())
self.assertEqual(1, users.count())
self.assertTrue(users.first().check_password(self.password_data['new_password']))
response = self.client.login(username=self.user.username, password=self.password_data['new_password'])
self.assertTrue(response)
class PasswordChangeView(UpdateAPIView):
serializer_class = UserPasswordChangeSerializer
queryset = UserProfile.objects()
model = UserProfile
permission_classes = [And(LoggedIn, UrlMatchesCurrentUser)]
def get_object(self, queryset=None):
profile = super(PasswordChangeView, self).get_object()
return profile.user
def pre_save(self, obj):
profile = super(PasswordChangeView, self).get_object()
UserProfileService(profile).notify_password_change()
def post(self, request, *args, **kwargs):
return self.patch(request, *args, **kwargs)
def setUp(self):
date_time = datetime.datetime(2014, 9, 17, 16, 0, 49, 807000)
phone_number = "256775019449"
self.district = Location(
**dict(name='Kampala', parent=None, type='district')).save()
self.village = Location(**dict(
name='Bukoto', parent=self.district, type='village')).save()
self.mobile_user = UserProfile(**dict(name='timothy',
phone=phone_number,
location=self.village,
email=None)).save()
self.message = dict(phone_no=phone_number,
text="NECOC There is a fire",
received_at=date_time,
relayer_id=234,
run_id=23243)
class PasswordResetView(UpdateAPIView):
serializer_class = UserPasswordResetSerializer
queryset = UserProfile.objects()
model = UserProfile
permission_classes = (build_permission_class('dms.can_manage_users'), )
def get_object(self, queryset=None):
profile = super(PasswordResetView, self).get_object()
if not profile.user:
from django.http import Http404
raise Http404('%s is not a web user.' % profile.name)
return profile.user
def pre_save(self, obj):
profile = super(PasswordResetView, self).get_object()
UserProfileService(profile).reset_password()
def post(self, request, *args, **kwargs):
return self.patch(request, *args, **kwargs)
class UserProfileListCreateView(ListCreateAPIView):
serializer_class = UserProfileSerializer
queryset = UserProfile.objects()
model = UserProfile
permission_classes = (build_permission_class('dms.can_manage_users'),)
def get_queryset(self):
query_params = {key: value or None for key, value in self.request.GET.items()}
user_group = self.request.user.group.name
if user_group in getattr(settings, 'DISTRICT_GROUPS', []):
target_locations = get_user_district_locations(self.request.user)
query_params.update({'location__in': target_locations})
if 'ordering' in query_params:
ordering_params = query_params['ordering']
del query_params['ordering']
query_set = UserProfile.objects(**query_params).order_by('%s' % ordering_params)
else:
query_set = UserProfile.objects(**query_params).order_by('-created_at')
return query_set
def pre_save(self, obj):
username = self.request.DATA.get('username', None)
group_id = self.request.DATA.get('group', None)
if username:
user = UserProfileService(obj).setup_new_user(username, group_id)
obj.user = user
def save_new_image(self, obj):
try:
if self.request.FILES.get('file'):
image = image_resizer.ImageResizer(self.request.FILES.get('file')).generate().read()
content_type = self.request.FILES.get('file').content_type
obj.photo.put(image, content_type=content_type)
obj.save()
except:
obj.photo.delete()
obj.save()
def post_save(self, obj, created=False):
self.save_new_image(obj)
def setUp(self):
self.date_time = datetime.datetime(2014, 9, 17, 16, 0, 49, 807000)
phone_number = "+256775019449"
self.district = Location(
**dict(name='Kampala', parent=None, type='district')).save()
self.village = Location(**dict(
name='Bukoto', parent=self.district, type='village')).save()
self.mobile_user = UserProfile(**dict(name='timothy',
phone=phone_number,
location=self.village,
email=None)).save()
text = "NECOC.%s. There is a fire" % self.village.name
self.message = dict(phone_no=phone_number,
text=text,
received_at=self.date_time,
relayer_id=234,
run_id=23243)
self.serialized_data = dict(phone=phone_number,
time=self.date_time,
relayer=234,
run=23243,
text=text)
AdminSetting(**dict(name='enable_volunteer_profiles')).save()
def list(self, request, *args, **kwargs):
user_profile = UserProfile.objects(id=kwargs['id']).first()
serializer = UserProfileSerializer(user_profile)
return Response(serializer.data)
def validate_phone(self, attrs, source):
phone = attrs.get(source)
updated_value = phone != getattr(self.object, 'phone', '')
self.__check_uniqueness(attrs, 'phone', UserProfile.objects(phone=phone), updated_value)
return attrs
def get_queryset(self):
return UserProfile.objects()
