def create_user(self, form_values): logged_in_employee = Subscriber.objects.get(user=self.user) if not UserGroupManager.is_company_admin(self.user): return self.respond(is_saved=False, auth_errors='Permission Denied') user_form = UserCreationForm(form_values) subscriber_form = SubscriberCreationForm(form_values) subscriber_form.is_company_admin = UserGroupManager.is_company_admin(self.user) subscriber_form.logged_in_employee = logged_in_employee if user_form.is_valid() and subscriber_form.is_valid(): user = user_form.save(commit=False) user.email = subscriber_form.cleaned_data['email'] user.first_name = subscriber_form.cleaned_data['first_name'] user.last_name = subscriber_form.cleaned_data['last_name'] user.is_active = True user.is_staff = False user.save() user_groups = [Group.objects.get(pk=subscriber_form.cleaned_data['role'])] user.groups.add(*user_groups) subscriber = Subscriber( user=user, client=logged_in_employee.client ) subscriber.save() return self.respond(is_saved=True, subscriber=subscriber.serialize()) return self.respond( is_saved=False, user_form_errors=user_form.errors, subscriber_form_errors=subscriber_form.errors )
def get(self, request):
auth_group = UserGroupManager.check_user_group(request.user)
if not UserGroupManager.is_company_admin(request.user):
return http.HttpResponseRedirect(reverse('home_page'))
logged_in_employee = Subscriber.objects.get(user=request.user)
context = {
'auth_group' : auth_group,
'logged_in_employee' : logged_in_employee,
}
return render(request, 'subscriber/subscribers.html', context)
def get_subscriber_leave_requests(self, user_id, page_no=INITIAL_PAGE_NO, no_of_records=NUMBER_OF_RECORDS_PER_PAGE, show_all=False, **kwargs):
auth_group = UserGroupManager.check_user_group(self.user)
logged_in_employee = Subscriber.objects.get(user=self.user)
subscriber_to_get = Subscriber.objects.get(user__id__exact=user_id)
is_company_admin = UserGroupManager.is_company_admin(self.user)
if not logged_in_employee.id == subscriber_to_get.id:
if not is_company_admin:
return self.respond(is_saved=False, auth_errors='Permission Denied')
leaves = self._prepare_search(Leave.objects.filter(requester=subscriber_to_get).order_by('-created_on'), **kwargs)
show_all = bool(int(show_all))
prevPageNo = 0
nextPageNo = 0
current_page_number = 0
num_of_pages = leaves.count()
if not show_all:
paginator = Paginator(leaves, no_of_records)
try:
leaves = paginator.page(page_no)
except PageNotAnInteger:
# If page is not an integer, deliver first page.
leaves = paginator.page(1)
except EmptyPage:
# If page is out of range (e.g. 9999), deliver last page of results.
leaves = paginator.page(paginator.num_pages)
try:
prevPageNo = leaves.previous_page_number()
except InvalidPage as e:
prevPageNo = page_no
try:
nextPageNo = leaves.next_page_number()
except InvalidPage as e:
nextPageNo = page_no
current_page_number = leaves.number
num_of_pages = leaves.paginator.num_pages
serializedObjects = []
for leave in leaves:
serializedObjects.append(leave.serialize(maxDepth=1))
return self.respond(
leaves=serializedObjects,
previous_page_number=prevPageNo,
next_page_number=nextPageNo,
current_page_number=current_page_number,
num_of_pages=num_of_pages,
no_of_records=no_of_records,
subscriber=subscriber_to_get.serialize(maxDepth=1)
)
def delete(self, holiday_id):
if not UserGroupManager.is_company_admin(self.user):
raise UnauthorizedException('Access Violation')
logged_in_employee = Subscriber.objects.get(user=self.user)
Holiday.objects.get(pk=holiday_id).delete()
return self.respond(is_saved=True)
def get_all(self, page_no=1, no_of_records=NUMBER_OF_VALUES_PER_PAGE, show_all=True):
auth_group = UserGroupManager.check_user_group(self.user)
if not UserGroupManager.is_company_admin(self.user):
return self.respond(is_saved=False, auth_errors='Permission Denied', subscribers=[])
logged_in_employee = Subscriber.objects.get(user=self.user)
subscribers = Subscriber.objects.filter(client__id__exact=logged_in_employee.client.id).order_by('-created_on')
show_all = bool(int(show_all))
prevPageNo = 0
nextPageNo = 0
current_page_number = 0
num_of_pages = subscribers.count()
if not show_all:
paginator = Paginator(subscribers, no_of_records)
try:
subscribers = paginator.page(page_no)
except PageNotAnInteger:
# If page is not an integer, deliver first page.
subscribers = paginator.page(1)
except EmptyPage:
# If page is out of range (e.g. 9999), deliver last page of results.
subscribers = paginator.page(paginator.num_pages)
try:
prevPageNo = subscribers.previous_page_number()
except InvalidPage as e:
prevPageNo = page_no
try:
nextPageNo = subscribers.next_page_number()
except InvalidPage as e:
nextPageNo = page_no
current_page_number = subscribers.number
num_of_pages = subscribers.paginator.num_pages
serializedObjects = []
for subscriber in subscribers:
serializedObjects.append(subscriber.serialize(maxDepth=1))
return self.respond(
is_saved=True,
subscribers=serializedObjects,
previous_page_number=prevPageNo,
next_page_number=nextPageNo,
current_page_number=current_page_number,
num_of_pages=num_of_pages,
no_of_records=no_of_records
)
def get_user(self, user_id):
logged_in_employee = Subscriber.objects.get(user=self.user)
subscriber_to_get = Subscriber.objects.get(user__id__exact=int(user_id))
is_company_admin = UserGroupManager.is_company_admin(self.user)
if logged_in_employee.id != subscriber_to_get.id:
if not is_company_admin:
return self.respond(is_saved=False, auth_errors='Permission Denied', subscriber={})
return self.respond(is_saved=True, subscriber=subscriber_to_get.serialize())
def get(self, request):
auth_group = UserGroupManager.check_user_group(request.user)
logged_in_employee = Subscriber.objects.get(user=request.user)
context = {
'auth_group' : auth_group,
'leave_form' : LeaveForm(logged_in_employee)
}
return render(request, 'ola/home.html', context)
def get_all(self):
logged_in_employee = Subscriber.objects.get(user=self.user)
if not UserGroupManager.is_company_admin(self.user):
raise UnauthorizedException('Access Violation')
leave_types = LeaveType.objects.filter(client=logged_in_employee.client).order_by('created_on')
serialized_objects = []
for leave_type in leave_types:
serialized_objects.append(leave_type.serialize())
return self.respond(leave_types=serialized_objects)
def delete(self, ids_to_delete):
logged_in_employee = Subscriber.objects.get(user=self.user)
if not UserGroupManager.is_company_admin(self.user):
raise UnauthorizedException('Access Violation')
if Leave.objects.filter(type_of_leave__id__in=ids_to_delete).count() > 0:
return self.respond(is_saved=False, errors='There are leaves bound to the leave type.')
# if there aren't any leaves associated with the type, then
# clear the subscribers' leave bucket and then
# delete the type.
LeaveBucket.objects.filter(type_of_leave__id__in=ids_to_delete).delete()
LeaveType.objects.filter(id__in=ids_to_delete).delete()
return self.respond(is_saved=True)
def save(self, form_values):
if not UserGroupManager.is_company_admin(self.user):
raise UnauthorizedException('Access Violation')
logged_in_employee = Subscriber.objects.get(user=self.user)
form = HolidayForm(form_values, instance=Holiday.objects.filter(pk=form_values.get('id')).first())
if form.is_valid():
holiday = form.save(commit=False)
holiday.client = logged_in_employee.client
holiday.created_by = logged_in_employee
holiday.save()
return self.respond(is_saved=True, holiday=holiday.serialize())
return self.respond(is_saved=False, errors=form.errors)
def get(self, request):
auth_group = UserGroupManager.check_user_group(request.user)
logged_in_employee = Subscriber.objects.get(user=request.user)
context = {
'auth_group' : auth_group,
'subscriber_create_form' : SubscriberCreationForm(
initial={
'role' : Group.objects.get(name__exact=GROUP_NAME_MAP['LEAVE_APPROVER']).id
}
),
'user_creation_form' : UserCreationForm(),
'logged_in_employee' : logged_in_employee,
}
return render(request, 'subscriber/account_create.html', context)
def get(self, request, user_id):
auth_group = UserGroupManager.check_user_group(request.user)
user = User.objects.get(pk=int(user_id))
subscriber = Subscriber.objects.get(user__id__exact=int(user_id))
logged_in_employee = Subscriber.objects.get(user=request.user)
if logged_in_employee.id != subscriber.id:
if not UserGroupManager.is_company_admin(request.user):
return http.HttpResponseRedirect(reverse('home_page'))
password_change_form = PasswordChangeForm(user=request.user)
if UserGroupManager.is_company_admin(request.user):
password_change_form = AdminPasswordChangeForm(user=user)
context = {
'auth_group' : auth_group,
'password_change_form' : password_change_form,
'subscriber_change_form' : SubscriberCreationForm(),
'user_change_form' : UserChangeForm(instance=subscriber.user),
'logged_in_employee' : logged_in_employee,
'user' : user,
'subscriber' : subscriber,
'user_id' : user_id
}
return render(request, 'subscriber/account_settings.html', context)
def mark_read(self, user_id): logged_in_employee = Subscriber.objects.get(user=self.user) subscriber_to_get = Subscriber.objects.get(user__id__exact=int(user_id)) is_company_admin = UserGroupManager.is_company_admin(self.user) if logged_in_employee.id != subscriber_to_get.id: if not is_company_admin: return self.respond(is_saved=False, auth_errors='Permission Denied') SubscriberNotification.objects.filter( recipient=subscriber_to_get, has_read__exact=False ).update( has_read=True ) return self.respond(is_saved=True)
def change_password(self, form_values, user_id): logged_in_employee = Subscriber.objects.get(user=self.user) subscriber_to_save = Subscriber.objects.get(user__id__exact=int(user_id)) is_company_admin = UserGroupManager.is_company_admin(self.user) if logged_in_employee.id != subscriber_to_save.id: if not is_company_admin: return self.respond(is_saved=False, auth_errors='Permission Denied') form = PasswordChangeForm(user=subscriber_to_save.user, data=form_values) if logged_in_employee.id != subscriber_to_save.id and is_company_admin: form = AdminPasswordChangeForm(user=subscriber_to_save.user, data=form_values) if form.is_valid(): form.save() return self.respond(is_saved=True) return self.respond(is_saved=False, errors=form.errors)
def save(self, form_values):
logged_in_employee = Subscriber.objects.get(user=self.user)
if not UserGroupManager.is_company_admin(self.user):
raise UnauthorizedException('Access Violation')
leave_type = LeaveType.objects.filter(pk=form_values.get('hidden_type_id')).first()
old_leave_type = copy.copy(leave_type)
form = LeaveTypeForm(form_values, instance=leave_type)
if form.is_valid():
leave_type = form.save(commit=False)
leave_type.client = logged_in_employee.client
leave_type.created_by = logged_in_employee
leave_type.save()
# we need to update leave bucket of each subscriber
update_trigger = threading.Thread(target=self.leave_bucket_update_trigger, args=(leave_type, old_leave_type, logged_in_employee))
update_trigger.start()
return self.respond(is_saved=True, leave_type=leave_type.serialize())
return self.respond(is_saved=False)
def get_unread(self, user_id):
logged_in_employee = Subscriber.objects.get(user=self.user)
subscriber_to_get = Subscriber.objects.get(user__id__exact=int(user_id))
is_company_admin = UserGroupManager.is_company_admin(self.user)
if logged_in_employee.id != subscriber_to_get.id:
if not is_company_admin:
return self.respond(is_saved=False, auth_errors='Permission Denied', notifications=[])
notifications = SubscriberNotification.objects.filter(
recipient=subscriber_to_get,
has_read__exact=False
).order_by('-created_on')
unread_count = notifications.count()
serialized_objects = []
for notification in notifications[:5]:
serialized_objects.append(notification.serialize())
return self.respond(
is_saved=True,
notifications=serialized_objects,
unread_count=unread_count,
notification_action_label=NOTIFICATION_ACTION_LABEL
)
def get_all(self, start, end):
if not UserGroupManager.is_company_admin(self.user):
raise UnauthorizedException('Access Violation')
logged_in_employee = Subscriber.objects.get(user=self.user)
if not start:
start = datetime.datetime.today().replace(day=1).date()
else:
start = datetime.datetime.strptime(start, DATE_INPUT_FORMATS[0]).date()
if not end:
end = datetime.datetime.today().replace(day=get_month_end()).date()
else:
end = datetime.datetime.strptime(end, DATE_INPUT_FORMATS[0]).date()
holidays = Holiday.objects.filter(
client=logged_in_employee.client,
start__gte=start,
start__lte=end
).order_by('start')
serialized_objects = []
for holiday in holidays:
serialized_objects.append(holiday.serialize())
return self.respond(holidays=serialized_objects)
def user_edit(self, form_values, user_id): logged_in_employee = Subscriber.objects.get(user=self.user) subscriber_to_save = Subscriber.objects.get(user__id__exact=int(user_id)) is_company_admin = UserGroupManager.is_company_admin(self.user) if logged_in_employee.id != subscriber_to_save.id: if not is_company_admin: return self.respond(is_saved=False, auth_errors='Permission Denied') subscriber_form = SubscriberCreationForm(data=form_values) subscriber_form.is_company_admin = is_company_admin subscriber_form.logged_in_employee = logged_in_employee subscriber_form.user_changed = subscriber_to_save.user # all fields in User model are required for UserChangeForm. Hence the addition. form_values['date_joined'] = subscriber_to_save.user.date_joined form_values['last_login'] = subscriber_to_save.user.last_login user_form = UserChangeForm( form_values, instance=subscriber_to_save.user ) if subscriber_form.is_valid() and user_form.is_valid(): # the m2m fields will be cleared if we save using model form. Hence the hack. user_group = copy.copy(subscriber_to_save.user.groups.all()) user_form.save() if is_company_admin: subscriber_to_save.save() subscriber_to_save.user.groups.clear() user_group = [Group.objects.get(pk=subscriber_form.cleaned_data['role'])] subscriber_to_save.user.groups.add(*user_group) return self.respond( is_saved=True, subscriber=subscriber_to_save.serialize() ) return self.respond( is_saved=False, subscriber_form_errors=subscriber_form.errors, user_form_errors=user_form.errors )
def get_pending_approvals_for_subscriber(self, user_id, page_no=INITIAL_PAGE_NO, no_of_records=NUMBER_OF_RECORDS_PER_PAGE, show_all=False, **kwargs):
auth_group = UserGroupManager.check_user_group(self.user)
logged_in_employee = Subscriber.objects.get(user=self.user)
subscriber_to_get = Subscriber.objects.get(user__id__exact=user_id)
is_company_admin = UserGroupManager.is_company_admin(self.user)
if not (logged_in_employee.id == subscriber_to_get.id and UserGroupManager.can_approve_leave(self.user)):
if not is_company_admin:
return self.respond(is_saved=False, auth_errors='Permission Denied')
if is_company_admin:
leaves = Leave.objects.filter(status__exact=LeaveStatus.PENDING)
else:
leaves = Leave.objects.filter(
approver=subscriber_to_get,
status__exact=LeaveStatus.PENDING
)
pending_approvals = self._prepare_search(leaves.order_by('-created_on'), **kwargs)
show_all = bool(int(show_all))
prevPageNo = 0
nextPageNo = 0
current_page_number = 0
num_of_pages = pending_approvals.count()
if not show_all:
paginator = Paginator(pending_approvals, no_of_records)
try:
pending_approvals = paginator.page(page_no)
except PageNotAnInteger:
# If page is not an integer, deliver first page.
pending_approvals = paginator.page(1)
except EmptyPage:
# If page is out of range (e.g. 9999), deliver last page of results.
pending_approvals = paginator.page(paginator.num_pages)
try:
prevPageNo = pending_approvals.previous_page_number()
except InvalidPage as e:
prevPageNo = page_no
try:
nextPageNo = pending_approvals.next_page_number()
except InvalidPage as e:
nextPageNo = page_no
current_page_number = pending_approvals.number
num_of_pages = pending_approvals.paginator.num_pages
serialized_objects = self.get(serializers.serialize(
'json',
pending_approvals,
indent=4,
extras=['period'],
relations=['requester', 'approver', 'type_of_leave']
))
print serialized_objects
return self.respond(
pending_approvals=serialized_objects,
previous_page_number=prevPageNo,
next_page_number=nextPageNo,
current_page_number=current_page_number,
num_of_pages=num_of_pages,
no_of_records=no_of_records,
subscriber=subscriber_to_get.serialize(maxDepth=1)
)