def create_user_activation(request, headers, first, last, email,
temp_password):
# Send the email
url = "https://sharedridevans.flysfo.com/company/"
if settings.BUILD_ENV == "LOCAL":
url = "127.0.0.1:8000/company/"
elif settings.BUILD_ENV == "DEV":
url = "dev-srv.flysfo.com/company/"
elif settings.BUILD_ENV == "QA":
url = "https://qa-srv.flysfo.com/company/"
elif settings.BUILD_ENV == "STG":
url = "https://stg-sharedridevans.flysfo.com/company/"
email_data = {"from": "*****@*****.**"}
email_data['to'] = email.lower()
email_data['isHtml'] = True
email_data['subject'] = "Shared Ride Vans - Account Activation"
email_raw = loader.render_to_string('admin_portal/account/email.html', {
"name": first + " " + last,
"temporary_pass": temp_password,
"url": url
})
email_data['message'] = email_raw
response = requests.post("{}/email".format(settings.EMAIL_WS_URL),
files=(('test', 'email'), ('test2', 'email2')),
data=email_data,
headers=headers)
validate_api_call(response, [])
def get_all_users(request, provider_id, headers):
if request.method == "GET":
if request.GET.get("type") == "superuser":
# Get the ID corresponding to 'superuser'
response = requests.get("{}/reference/role".format(
settings.ADMIN_WS_URL),
headers=headers)
validate_api_call(response, [])
all_roles = json.loads(response.text)['roles']
super_user_role_id = -1
for role in all_roles:
if role['role_name'] == "superuser":
super_user_role_id = role['role_id']
break
# Get All Provider Users
# TO-DO Specify role_name in parameters
parameters = {
"role_id": super_user_role_id,
"company_id": provider_id
}
response = requests.get("{}/user".format(settings.ADMIN_WS_URL),
params=parameters,
headers=headers)
validate_api_call(response, [])
data = json.loads(response.text)['users']
return JsonResponse(data, safe=False)
elif request.GET.get("type") == "driver":
return NotImplemented
else:
return HttpResponseNotAllowed(['GET'])
def get_all_company_destinations(headers, provider_id):
response = requests.get("{}/company/{}/company_destination".format(
settings.ADMIN_WS_URL, provider_id),
params={"include_deleted": True},
headers=headers)
validate_api_call(response, [])
return json.loads(response.text)['company_destinations']
def get_user_role_id(headers, user_role_name):
response = requests.get("{}/reference/role".format(settings.ADMIN_WS_URL),
headers=headers)
validate_api_call(response, [])
all_roles = json.loads(response.text)['roles']
for role in all_roles:
if role['role_name'] == user_role_name:
return role['role_id']
def provider_audit_trail(request, provider_id, headers):
if request.method == "GET":
response = requests.get("{}/company/{}".format(settings.ADMIN_WS_URL, provider_id), headers=headers)
validate_api_call(response, [])
provider = json.loads(response.text)['companies'][0]
return render(request, "admin_portal/main/audit_provider.html", {"provider": provider})
else:
return HttpResponseNotAllowed(['GET'])
def get_action_id(headers, action_name):
response = requests.get("{}/reference/action".format(
settings.ADMIN_WS_URL),
headers=headers)
validate_api_call(response, [])
for action in json.loads(response.text)['actions']:
if action['action_name'] == action_name:
return action['action_id']
def get_all_provider_activity(request, headers):
if request.method == "GET":
params = {"action_by_user_role_id": get_user_role_id(headers, "superuser")}
response = requests.get("{}/audit".format(settings.ADMIN_WS_URL), params=params, headers=headers)
validate_api_call(response, [])
audits = json.loads(response.text)['audit_entries']
return JsonResponse(audits, safe=False)
else:
return HttpResponseNotAllowed(['GET'])
def get_user(request, provider_id, user_id, headers):
if request.method == "GET":
response = requests.get("{}/user/{}".format(settings.ADMIN_WS_URL,
user_id),
headers=headers)
validate_api_call(response, [])
data = json.loads(response.text)['users'][0]
return JsonResponse(data, safe=False)
else:
return HttpResponseNotAllowed(['GET'])
def edit_user(request, provider_id, user_id, headers):
if request.method == 'POST':
# Get the new user from the form post
new_user = json.loads(json.dumps(request.POST))
# Get the old user from the database
response = requests.get("{}/user/{}".format(settings.ADMIN_WS_URL,
user_id),
headers=headers)
validate_api_call(response, [])
old_user = json.loads(response.text)['users'][0]
data = {"user_id": user_id}
data['first_name'] = new_user['first_name']
data['last_name'] = new_user['last_name']
data['email'] = new_user['email'].lower()
data['phone_number'] = new_user['phone']
data['enabled'] = old_user['enabled']
data['deleted'] = old_user['deleted']
data['activated'] = old_user['activated']
data['reset_password'] = old_user['reset_password']
data['updated_by'] = request.session['username']
data['company_id'] = old_user['company_id']
data['role_id'] = old_user['role']['role_id']
response = requests.put("{}/user/{}".format(settings.ADMIN_WS_URL,
user_id),
data=data,
headers=headers)
validate_api_call(response, [409])
if response.status_code == 409:
logger.warning(
"status_code={} message=Failed to edit user {} because email-company-id pattern exists."
.format(409, data['first_name'] + " " + data['last_name']))
return HttpResponse(status=409)
create_audit(
request, headers, None, "USERS",
"Edited provider user '{} {}'".format(data['first_name'],
data['last_name']), "UPDATE",
provider_id, data['email'].lower())
messages.success(request, "User Updated")
return redirect('edit_provider', provider_id)
else:
return HttpResponseNotAllowed(['POST'])
def create_audit(request, headers, action_reason, resource_name,
action_description, action_name, company_id, action_on_user):
data = {"action_id": get_action_id(headers, action_name)}
data['company_id'] = company_id
data['action_description'] = action_description
data['action_by_user_role_id'] = request.session['role_id']
data['action_by_user'] = request.session['username']
data['resource_name'] = resource_name
data['action_reason'] = action_reason
data['action_on_user'] = action_on_user
response = requests.post("{}/audit".format(settings.COORDINATOR_WS_URL),
data=data,
headers=headers)
validate_api_call(response, [])
def view_provider(request, provider_id, headers):
if request.method == "GET":
# Get a list of all active providers
response = requests.get("{}/company".format(settings.ADMIN_WS_URL),
headers=headers)
validate_api_call(response, [])
all_companies = json.loads(response.text)['companies']
can_restore = False
if len(all_companies) < MAX_COMPANIES_ALLOWED:
can_restore = True
# Get Provider Information
parameters = {
"company_contact_info": "true",
"curbside_check_in_info": "true",
"company_destination_info": "true"
}
response = requests.get("{}/company/{}".format(settings.ADMIN_WS_URL,
provider_id),
params=parameters,
headers=headers)
validate_api_call(response, [])
data = json.loads(response.text)['companies'][0]
# Extract contact information to the first level
phone_numbers = []
for contact_method in data['company_contacts']:
# Website contact object is brought up to the key "company_website"
if contact_method['contact_type'] == "website":
data['company_website'] = contact_method
# All phone number objects are brought up to the list "company_phone_numbers"
elif contact_method['contact_type'] == "phone_number":
phone_numbers.append(contact_method)
phone_numbers = json.dumps(phone_numbers)
return render(
request, "admin_portal/provider/view_provider.html", {
"provider": data,
"company_phone_numbers": phone_numbers,
"can_restore": can_restore
})
else:
return redirect(reverse('admin_login'))
def get_coordinator_activity(request, headers):
if request.method == "GET":
# First get the audits (logins/logouts) for all the coordinator users
params = {"action_by_user_role_id": get_user_role_id(headers, "coordinator_user")}
response = requests.get("{}/audit".format(settings.ADMIN_WS_URL), params=params, headers=headers)
validate_api_call(response, [])
user_audits = json.loads(response.text)['audit_entries']
# Next get the audits (logins/logouts) for all the admins
params = {"action_by_user_role_id": get_user_role_id(headers, "coordinator_admin")}
response = requests.get("{}/audit".format(settings.ADMIN_WS_URL), params=params, headers=headers)
validate_api_call(response, [])
admin_audits = json.loads(response.text)['audit_entries']
return JsonResponse(user_audits+admin_audits, safe=False)
else:
return HttpResponseNotAllowed(['GET'])
def get_all_providers(request, headers):
if request.method == "GET":
# Get All Provider Information
parameters = {"company_contact_info": "true"}
if request.GET.get("type") == "all":
parameters['include_deleted'] = "true"
response = requests.get("{}/company".format(settings.ADMIN_WS_URL),
params=parameters,
headers=headers)
validate_api_call(response, [])
data = json.loads(response.text)
return JsonResponse(data, safe=False)
return HttpResponseNotAllowed(['GET'])
def lock_provider(request, provider_id, headers):
if request.method == 'POST':
reason = request.POST.get("reason")
lock_type = request.POST.get("type")
# Get the original provider
response = requests.get("{}/company/{}".format(settings.ADMIN_WS_URL,
provider_id),
headers=headers)
validate_api_call(response, [])
provider_response = json.loads(response.text)['companies'][0]
data = {'company_id': provider_id}
data['company_name'] = provider_response['company_name']
data['wheelchair'] = provider_response['wheelchair']
data['display_name'] = provider_response['display_name']
# Lock or Unlock the provider depending on the lock type
if lock_type == 'lock':
data['enabled'] = False
data['audit_action_reason'] = reason
else:
data['enabled'] = True
data['deleted'] = False
data['updated_by'] = request.session['username']
response = requests.put("{}/company/{}".format(settings.ADMIN_WS_URL,
provider_id),
data=data,
headers=headers)
validate_api_call(response, [])
# Make the audit call after the lock/unlock call succeeds
if lock_type == "lock":
create_audit(request, headers, reason, "COMPANY",
"Locked provider '{}'".format(data['company_name']),
"UPDATE", provider_id, None)
else:
create_audit(request, headers, None, "COMPANY",
"Unlocked provider '{}'".format(data['company_name']),
"UPDATE", provider_id, None)
# Let the display know we locked/unlocked the account
display_response = requests.get("{}/display/company/{}".format(
settings.COORDINATOR_WS_URL, provider_id))
# Validate the call but don't stop execution if it fails
validate_api_call(display_response, [400, 404, 500, 403, 409])
messages.success(request, "Successfully locked account.")
return redirect('edit_provider', provider_id)
else:
return redirect('edit_provider', provider_id)
def resend_user_activation(request, provider_id, user_id, headers):
if request.method == 'POST':
# Get the user by their id
response = requests.get("{}/user/{}".format(settings.ADMIN_WS_URL,
user_id),
headers=headers)
validate_api_call(response, [])
user_data = json.loads(response.text)['users'][0]
# First generate a new password
temp_password = password_generator()
data = {"password": hashlib.sha256(temp_password).hexdigest()}
data['updated_by'] = request.session['username']
# Update the temp password
response = requests.put("{}/user/{}/password".format(
settings.ADMIN_WS_URL, user_id),
data=data,
headers=headers)
validate_api_call(response, [])
# Send the new email
url = "https://sharedridevans.flysfo.com/company/"
if settings.BUILD_ENV == "LOCAL":
url = "127.0.0.1:8000/company/"
elif settings.BUILD_ENV == "DEV":
url = "dev-srv.flysfo.com/company/"
elif settings.BUILD_ENV == "QA":
url = "https://qa-srv.flysfo.com/company/"
elif settings.BUILD_ENV == "STG":
url = "https://stg-sharedridevans.flysfo.com/company/"
email_data = {"from": "*****@*****.**"}
email_data['to'] = user_data['email'].lower()
email_data['isHtml'] = True
email_data['subject'] = "Shared Ride Vans - Account Activation"
email_raw = loader.render_to_string(
'admin_portal/account/email.html', {
"name": user_data['first_name'] + " " + user_data['last_name'],
"temporary_pass": temp_password,
"url": url
})
email_data['message'] = email_raw
response = requests.post("{}/email".format(settings.EMAIL_WS_URL),
files=(('test', 'email'), ('test2',
'email2')),
data=email_data,
headers=headers)
validate_api_call(response, [])
messages.success(request, "Account activation email resent!")
return redirect('edit_provider', provider_id)
else:
return HttpResponseNotAllowed(['POST'])
def restore_provider(request, provider_id, headers):
if request.method == "POST":
# Ensure there are less than the MAX_COMPANIES_ALLOWED
response = requests.get("{}/company".format(settings.ADMIN_WS_URL),
headers=headers)
validate_api_call(response, [])
all_companies = json.loads(response.text)['companies']
if len(all_companies) < MAX_COMPANIES_ALLOWED:
# Get all the delete provider information
response = requests.get("{}/company/{}".format(
settings.ADMIN_WS_URL, provider_id),
headers=headers)
validate_api_call(response, [])
deleted_provider = json.loads(response.text)['companies'][0]
data = {'company_name': deleted_provider['company_name']}
data['enabled'] = deleted_provider['enabled']
data['deleted'] = False
data['updated_by'] = request.session['username']
data['display_name'] = deleted_provider['display_name']
data['wheelchair'] = deleted_provider['wheelchair']
response = requests.put("{}/company/{}".format(
settings.ADMIN_WS_URL, provider_id),
data=data,
headers=headers)
validate_api_call(response, [])
create_audit(request, headers, None, "COMPANY",
"Restored provider '{}'".format(data['company_name']),
"UPDATE", provider_id, None)
# Let the display know we restored a company
display_response = requests.get("{}/display/company/{}".format(
settings.COORDINATOR_WS_URL, provider_id))
# Validate the call but don't stop execution if it fails
validate_api_call(display_response, [400, 404, 500, 403, 409])
return redirect('view_provider', provider_id)
else:
return redirect('edit_provider', provider_id)
def lock_user(request, provider_id, user_id, headers):
if request.method == 'POST':
# Get the new user from the form post
lock_form = json.loads(json.dumps(request.POST))
# Get the user and their company
response = requests.get("{}/user/{}".format(settings.ADMIN_WS_URL,
user_id),
headers=headers)
validate_api_call(response, [])
user = json.loads(response.text)['users'][0]
response = requests.get("{}/company/{}".format(settings.ADMIN_WS_URL,
provider_id),
headers=headers)
validate_api_call(response, [])
company = json.loads(response.text)['companies'][0]
data = {'user_id': user_id}
if lock_form['lock_type'] == "lock":
data['enabled'] = False
else:
data['enabled'] = True
data['updated_by'] = request.session['username']
response = requests.put("{}/user/{}/lock".format(
settings.ADMIN_WS_URL, user_id),
data=data,
headers=headers)
validate_api_call(response, [])
# Make audit call after lock/unlock was successful
if lock_form['lock_type'] == "lock":
create_audit(
request, headers, None, "USERS",
"Locked provider user '{} {}' under provider '{}'".format(
user['first_name'], user['last_name'],
company['company_name']), "UPDATE", provider_id, None)
else:
create_audit(
request, headers, None, "USERS",
"Unlocked provider user '{} {}' under provider '{}'".format(
user['first_name'], user['last_name'],
company['company_name']), "UPDATE", provider_id, None)
return redirect('edit_provider', provider_id)
else:
return HttpResponseNotAllowed(['POST'])
def delete_provider(request, provider_id, headers):
if request.method == 'POST':
reason = request.POST.get("reason")
# Get the original provider
response = requests.get("{}/company/{}".format(settings.ADMIN_WS_URL,
provider_id),
headers=headers)
validate_api_call(response, [])
provider_response = json.loads(response.text)['companies'][0]
data = {'company_id': provider_id}
data['company_name'] = provider_response['company_name']
data['display_name'] = provider_response['display_name']
data['wheelchair'] = provider_response['wheelchair']
data['enabled'] = True
data['deleted'] = True
data['audit_action_reason'] = reason
data['updated_by'] = request.session['username']
response = requests.put("{}/company/{}".format(settings.ADMIN_WS_URL,
provider_id),
data=data,
headers=headers)
validate_api_call(response, [])
create_audit(request, headers, reason, "COMPANY",
"Deleted provider '{}'".format(data['company_name']),
"DELETE", provider_id, None)
# Let the display know we deleted a company
display_response = requests.get("{}/display/company/{}".format(
settings.COORDINATOR_WS_URL, provider_id))
# Validate the call but don't stop execution if it fails
validate_api_call(display_response, [400, 404, 500, 403, 409])
messages.success(request, "Successfully deleted account.")
return redirect('view_provider', provider_id)
else:
return redirect('edit_provider', provider_id)
def delete_user(request, provider_id, user_id, headers):
if request.method == 'POST':
# Get the delete form from the POST request
delete_form = json.loads(json.dumps(request.POST))
# Get the user and their company
response = requests.get("{}/user/{}".format(settings.ADMIN_WS_URL,
user_id),
headers=headers)
validate_api_call(response, [])
user = json.loads(response.text)['users'][0]
response = requests.get("{}/company/{}".format(settings.ADMIN_WS_URL,
provider_id),
headers=headers)
validate_api_call(response, [])
company = json.loads(response.text)['companies'][0]
data = {'user_id': user_id}
data['updated_by'] = request.session['username']
response = requests.delete("{}/user/{}".format(settings.ADMIN_WS_URL,
user_id),
data=data,
headers=headers)
validate_api_call(response, [])
create_audit(
request, headers, None, "USERS",
"Deleted provider user '{} {}' under provider '{}'".format(
user['first_name'], user['last_name'],
company['company_name']), "DELETE", provider_id, None)
messages.success(request, "User Deleted")
return redirect('edit_provider', provider_id)
else:
return HttpResponseNotAllowed(['POST'])
def configuration(request, headers):
# GET the Settings page
if request.method == "GET":
# Get a list of all destinations
response = requests.get("{}/config".format(settings.ADMIN_WS_URL),
headers=headers)
validate_api_call(response, [])
config = json.loads(response.text)['configs']
configs = {}
for item in config:
if item['property'] == "display_message":
configs['empty_message'] = item['value']
elif item['property'] == "display_contact_message":
configs['contact_message'] = item['value']
elif item['property'] == "display_reset_time":
reset_time = datetime.strptime(item['value'], "%H:%M")
configs['reset_time_h'] = reset_time.strftime("%I")
configs['reset_time_m'] = reset_time.strftime("%M")
configs['reset_time_ampm'] = reset_time.strftime("%p")
elif item['property'] == "display_start_time":
start_time = datetime.strptime(item['value'], "%H:%M")
configs['start_time_h'] = start_time.strftime("%I")
configs['start_time_m'] = start_time.strftime("%M")
configs['start_time_ampm'] = start_time.strftime("%p")
elif item['property'] == "display_refresh_interval":
configs['refresh_interval'] = item['value']
elif item['property'] == "display_checkout_interval":
configs['checkout_interval'] = item['value']
return render(request, "admin_portal/main/settings.html",
{"config": configs})
elif request.method == "POST":
data = json.loads(json.dumps(request.POST))
# Get the old data
response = requests.get("{}/config".format(settings.ADMIN_WS_URL),
headers=headers)
validate_api_call(response, [])
config = json.loads(response.text)['configs']
for item in config:
# Update config items only if the data has changed
# Display Message
if item['property'] == "display_message":
if item['value'] != data['display_message']:
response = requests.put(
"{}/config/property/{}".format(settings.ADMIN_WS_URL,
"display_message"),
data={"value": data['display_message']},
headers=headers)
validate_api_call(response, [])
# Display Contact Message
elif item['property'] == "display_contact_message":
if item['value'] != data['display_contact_message']:
response = requests.put(
"{}/config/property/{}".format(
settings.ADMIN_WS_URL, "display_contact_message"),
data={"value": data['display_contact_message']},
headers=headers)
validate_api_call(response, [])
# Display Refresh Interval
elif item['property'] == "display_refresh_interval":
if item['value'] != data['display_refresh_interval']:
response = requests.put(
"{}/config/property/{}".format(
settings.ADMIN_WS_URL, "display_refresh_interval"),
data={"value": data['display_refresh_interval']},
headers=headers)
validate_api_call(response, [])
# Display Checkout Interval
elif item['property'] == "display_checkout_interval":
if item['value'] != data['display_checkout_interval']:
response = requests.put(
"{}/config/property/{}".format(
settings.ADMIN_WS_URL,
"display_checkout_interval"),
data={"value": data['display_checkout_interval']},
headers=headers)
validate_api_call(response, [])
# Display Reset Time
elif item['property'] == "display_reset_time":
reset_time_12_hour = data['display_reset_time_h'] + ":" + data[
'display_reset_time_m'] + " " + data[
'display_reset_time_ampm']
reset_time_12_hour = datetime.strptime(reset_time_12_hour,
"%I:%M %p")
if item['value'] != reset_time_12_hour:
response = requests.put(
"{}/config/property/{}".format(settings.ADMIN_WS_URL,
"display_reset_time"),
data={"value": reset_time_12_hour.strftime("%H:%M")},
headers=headers)
validate_api_call(response, [])
# Display Start Time
elif item['property'] == "display_start_time":
start_time_12_hour = data['display_start_time_h'] + ":" + data[
'display_start_time_m'] + " " + data[
'display_start_time_ampm']
start_time_12_hour = datetime.strptime(start_time_12_hour,
"%I:%M %p")
if item['value'] != start_time_12_hour:
response = requests.put(
"{}/config/property/{}".format(settings.ADMIN_WS_URL,
"display_start_time"),
data={"value": start_time_12_hour.strftime("%H:%M")},
headers=headers)
validate_api_call(response, [])
# Let the display know that the config was updated
response = requests.get("{}/display/config".format(
settings.COORDINATOR_WS_URL))
validate_api_call(response, [])
create_audit(request, headers, None, "CONFIG",
"Edited Monitor Display Settings", "UPDATE", None, None)
messages.success(request,
"Successfully updated display monitor settings!")
return redirect(reverse('settings'))
# Otherwise redirect to home page
else:
return redirect(reverse('admin_login'))
def login(request):
try:
# Redirect to Home if session is already valid
if request.session.session_key and 'role' in request.session and 'auth' in request.session:
if request.GET.get('next'):
return redirect(request.GET.get('next'))
return render(request, "admin_portal/main/home.html", "")
# Login POST
elif request.method == 'POST':
form = LoginForm(request.POST)
# Ensure login form parameters are valid
if form.is_valid():
username = request.POST.get('username')
password = request.POST.get('password')
# Authentication API Call
response = requests.post("{}/ad/auth".format(
settings.AD_WS_URL),
data={
"username": username,
"password": password,
"attributes": True
})
validate_api_call(response, [])
response_data = json.loads(response.text)["response"]
# If SFO AD returns a valid set of credentials
if response_data["validPassword"] is True:
# And if the credentials have a Landside OU
if response_data["dn"].find("OU=Trans Op") != -1:
# Fill session metadata
request.session["logged_in"] = True
request.session["first_name"] = response_data[
"firstName"].title()
request.session["last_name"] = response_data[
"lastName"].title()
request.session["username"] = username
request.session["id"] = response_data["id"]
request.session["role"] = 'Admin'
request.session["auth"] = "Basic {}".format(
base64.urlsafe_b64encode("{}:{}".format(
username, password)))
# Get the role_id for a landside admin
response = requests.get(
"{}/reference/role".format(settings.ADMIN_WS_URL),
headers={"authorization": request.session['auth']})
role_list = json.loads(response.text)['roles']
for role in role_list:
if role['role_name'] == "landside_admin":
request.session["role_id"] = role['role_id']
break
# Redirect to next/home page
if request.GET.get('next'):
return redirect(request.GET.get('next'))
return redirect(reverse('admin_login'))
# Otherwise no Landside OU or incorrect OU implies unauthorized access
else:
logger.warning(
"status_code={} message=Unauthorized user {} attempted to login."
.format(403, username))
messages.error(
request,
"You do not have authorization to access this system.",
extra_tags="danger")
return redirect(reverse('admin_login'))
# Otherwise the user entered bad credentials
else:
messages.error(request,
'Wrong username or password.',
extra_tags="danger")
return render(request, "admin_portal/account/login.html",
"")
# Otherwise alert the user that they're form submission couldn't be validated
else:
messages.error(
request,
'Your login information could not be validated. Please try again or contact SFO Helpdesk.',
extra_tags="danger")
return render(request, "admin_portal/account/login.html", "")
else:
return render(request, "admin_portal/account/login.html", "")
except KeyError:
django_logout(request)
return redirect(reverse('admin_login'))
def create_provider(request, headers):
try:
# GET the create a provider page
if request.method == "GET":
# Get a list of all Shared Ride Van companies
response = requests.get("{}/company".format(settings.ADMIN_WS_URL),
params={"include_deleted": True},
headers=headers)
validate_api_call(response, [])
shared_ride_companies = json.loads(response.text)
# Determine the amount of active providers
active_companies = 0
for company in shared_ride_companies['companies']:
if not company['deleted']:
active_companies += 1
# As long as there are fewer than MAX_COMPANIES_ALLOWED
if active_companies < MAX_COMPANIES_ALLOWED:
# Get a list of all destinations
response = requests.get("{}/reference/destination".format(
settings.ADMIN_WS_URL),
headers=headers)
validate_api_call(response, [])
all_destinations = json.loads(response.text)
# Get a list of all GTMS companies
response = requests.get("{}/gtms/company".format(
settings.ADMIN_WS_URL),
headers=headers)
validate_api_call(response, [])
gtms_companies = json.loads(response.text)
# Extract the company ids out of every Shared Ride Company for comparison on the template side
shared_ride_company_ids = []
for company in shared_ride_companies['companies']:
shared_ride_company_ids.append(company['company_id'])
return render(
request, "admin_portal/provider/create_provider.html", {
"gtms_companies": gtms_companies['gtms_companies'],
"shared_ride_company_ids": shared_ride_company_ids,
"all_destinations": all_destinations['destinations']
})
else:
messages.error(
request,
"Shared Ride Vans may only support {} active providers. To add a new provider, please delete an existing active provider. "
.format(MAX_COMPANIES_ALLOWED),
extra_tags="danger")
logger.error(
"Validation Error: User attempted to add more than allowed providers; user agent: {}"
.format(request.META['HTTP_USER_AGENT']))
return redirect(reverse('admin_login'))
# POST a new provider
elif request.method == 'POST':
# Get all the required information from the request.POST
data = json.loads(json.dumps(request.POST))
data['curbside_terminals'] = request.POST.getlist("curbside")
data['destination_ids'] = request.POST.getlist("destinations")
data['company_id'] = data['company_id_name'].split(',', 1)[0]
data['company_name'] = data['company_id_name'].split(',', 1)[1]
# Create the provider (without audit_action_reason)
create_provider_data = {'company_id': data['company_id']}
create_provider_data['company_name'] = data['company_name']
create_provider_data['display_name'] = data['display']
create_provider_data['wheelchair'] = (data['wheelchair'] == "Yes")
create_provider_data['enabled'] = True
create_provider_data['deleted'] = False
create_provider_data['created_by'] = request.session['username']
response = requests.post("{}/company".format(
settings.ADMIN_WS_URL),
data=create_provider_data,
headers=headers)
validate_api_call(response, [])
# Create the provider's contact information
# Website
website_data = {'company_id': data['company_id']}
website_data['contact_info'] = data['website']
website_data['contact_type'] = 'website'
website_data['enabled'] = True
website_data['created_by'] = request.session['username']
response = requests.post("{}/company/{}/contact".format(
settings.ADMIN_WS_URL, data['company_id']),
data=website_data,
headers=headers)
validate_api_call(response, [])
# Phone Number
phone_data = {'company_id': data['company_id']}
phone_data['contact_info'] = data['phone']
phone_data['contact_type'] = 'phone_number'
phone_data['enabled'] = True
phone_data['created_by'] = request.session['username']
response = requests.post("{}/company/{}/contact".format(
settings.ADMIN_WS_URL, data['company_id']),
data=phone_data,
headers=headers)
validate_api_call(response, [])
# Create the provider destinations
destination_data = {'company_id': data['company_id']}
destination_data['created_by'] = request.session['username']
for destination in data['destination_ids']:
destination_data['destination_id'] = destination
response = requests.post(
"{}/company/{}/company_destination".format(
settings.ADMIN_WS_URL, data['company_id']),
data=destination_data,
headers=headers)
validate_api_call(response, [])
# Create the provider curbside check-ins
curbside_data = {'company_id': data['company_id']}
curbside_data['enabled'] = True
curbside_data['created_by'] = request.session['username']
for terminal in data['curbside_terminals']:
curbside_data['terminal'] = terminal
response = requests.post("{}/company/{}/curbside".format(
settings.ADMIN_WS_URL, data['company_id']),
data=curbside_data,
headers=headers)
validate_api_call(response, [])
# Create audit entry of company creation
create_audit(request, headers, None, "COMPANY",
"Created provider '{}'".format(data['company_name']),
"ADD", data['company_id'], None)
# Create the first superuser (if all fields were entered)
if data['su_first'] and data['su_last'] and data[
'su_email'] and data['su_phone']:
# First get the correct role ID from the reference table for superuser
response = requests.get("{}/reference/role".format(
settings.ADMIN_WS_URL),
headers=headers)
validate_api_call(response, [])
all_roles = json.loads(response.text)['roles']
super_user_role_id = 0
for role in all_roles:
if role['role_name'] == "superuser":
super_user_role_id = role['role_id']
break
# Assert super_user_role_id is NOT 0
# Then construct the super user object for posting
temp_password = password_generator()
su_data = {'first_name': data['su_first']}
su_data['last_name'] = data['su_last']
su_data['email'] = data['su_email'].lower()
su_data['password'] = hashlib.sha256(temp_password).hexdigest()
su_data['phone_number'] = data['su_phone']
su_data['enabled'] = True
su_data['deleted'] = False
su_data['activated'] = False
su_data['reset_password'] = True
su_data['created_by'] = request.session['username']
su_data['company_id'] = data['company_id']
su_data['role_id'] = super_user_role_id
response = requests.post("{}/user".format(
settings.ADMIN_WS_URL),
data=su_data,
headers=headers)
validate_api_call(response, [])
# Send the account activation email
url = "https://sharedridevans.flysfo.com/company/"
if settings.BUILD_ENV == "LOCAL":
url = "127.0.0.1:8000/company/"
elif settings.BUILD_ENV == "DEV":
url = "dev-srv.flysfo.com/company/"
elif settings.BUILD_ENV == "QA":
url = "https://qa-srv.flysfo.com/company/"
elif settings.BUILD_ENV == "STG":
url = "https://stg-sharedridevans.flysfo.com/company/"
email_data = {"from": "*****@*****.**"}
email_data['to'] = data['su_email'].lower()
email_data['isHtml'] = True
email_data['subject'] = "Shared Ride Vans - Account Activation"
email_raw = loader.render_to_string(
'admin_portal/account/email.html', {
"name": data['su_first'] + " " + data['su_last'],
"temporary_pass": temp_password,
"url": url
})
email_data['message'] = email_raw
response = requests.post(
"{}/email".format(settings.EMAIL_WS_URL),
files=(('test', 'email'), ('test2', 'email2')),
data=email_data,
headers=headers)
validate_api_call(response, [])
# Create audit entry of super user creation
create_audit(
request, headers, None, "USERS",
"Created provider user '{} {}' under provider '{}'".format(
data['su_first'], data['su_last'],
data['company_name']), "ADD", data['company_id'],
data['su_email'].lower())
# Let the display know we created a company
display_response = requests.get("{}/display/company/{}".format(
settings.COORDINATOR_WS_URL, data['company_id']))
# Validate the call but don't stop execution if it fails
validate_api_call(display_response, [400, 404, 500, 403, 409])
messages.success(request, "Successfully created provider!")
return redirect(reverse('admin_login'))
# Otherwise redirect to home page
else:
return redirect(reverse('admin_login'))
except KeyError:
return redirect(reverse('admin_login'))
def create_user(request, provider_id, headers):
if request.method == 'POST':
# Get the new user from the form post
new_user = json.loads(json.dumps(request.POST))
# Get the Super User Role
response = requests.get("{}/reference/role".format(
settings.ADMIN_WS_URL),
headers=headers)
validate_api_call(response, [])
all_roles = json.loads(response.text)['roles']
super_user_role_id = 0
for role in all_roles:
if role['role_name'] == "superuser":
super_user_role_id = role['role_id']
break
# Get the Company Name
response = requests.get("{}/company/{}".format(settings.ADMIN_WS_URL,
provider_id),
headers=headers)
validate_api_call(response, [])
company = json.loads(response.text)['companies'][0]
# Assert super_user_role_id is NOT 0
# Then construct the super user object for posting
temp_password = password_generator()
data = {'first_name': new_user['first_name']}
data['last_name'] = new_user['last_name']
data['email'] = new_user['email'].lower()
data['password'] = hashlib.sha256(temp_password).hexdigest()
data['phone_number'] = new_user['phone']
data['enabled'] = True
data['deleted'] = False
data['activated'] = False
data['reset_password'] = True
data['created_by'] = request.session['username']
data['company_id'] = provider_id
data['role_id'] = super_user_role_id
response = requests.post("{}/user".format(settings.ADMIN_WS_URL),
data=data,
headers=headers)
validate_api_call(response, [409])
# If the user already exists, then get the user id of the failed user and PUT the new data if user is deleted
if response.status_code == 409:
response = requests.get("{}/user".format(settings.ADMIN_WS_URL),
params={
"email": data['email'],
"company_id": provider_id,
"include_deleted": True
},
headers=headers)
validate_api_call(response, [])
conflicting_user = json.loads(response.text)['users'][0]
if conflicting_user['deleted']:
new_user_id = conflicting_user['user_id']
updated_data = data
updated_data['updated_by'] = request.session['username']
updated_data['role_id'] = super_user_role_id
response = requests.put("{}/user/{}".format(
settings.ADMIN_WS_URL, new_user_id),
data=updated_data,
headers=headers)
validate_api_call(response, [])
create_audit(
request, headers, None, "USERS",
"Created provider user '{} {}' under provider '{}'".format(
data['first_name'], data['last_name'],
company['company_name']), "ADD", provider_id,
data['email'].lower())
return resend_user_activation(request, provider_id,
conflicting_user['user_id'])
else:
logger.warning(
"status_code={} message=Failed to create user {} because active email-company-id pattern exists."
.format(409, data['first_name'] + " " + data['last_name']))
return HttpResponse(status=409)
else:
create_audit(
request, headers, None, "USERS",
"Created provider user '{} {}' under provider '{}'".format(
data['first_name'], data['last_name'],
company['company_name']), "ADD", provider_id,
data['email'].lower())
create_user_activation(request, headers, new_user['first_name'],
new_user['last_name'],
new_user['email'].lower(), temp_password)
messages.success(request, "User Created")
return redirect('edit_provider', provider_id)
else:
return HttpResponseNotAllowed(['POST'])
def edit_provider(request, provider_id, headers):
if request.method == "GET":
# Get Provider Information
parameters = {
"company_contact_info": "true",
"curbside_check_in_info": "true",
"company_destination_info": "true"
}
response = requests.get("{}/company/{}".format(settings.ADMIN_WS_URL,
provider_id),
params=parameters,
headers=headers)
validate_api_call(response, [])
data = json.loads(response.text)['companies'][0]
if not data['deleted']:
# Get all the destinations
response = requests.get("{}/reference/destination".format(
settings.ADMIN_WS_URL),
headers=headers)
validate_api_call(response, [])
all_destinations = json.loads(response.text)['destinations']
# Extract destinations to the first level
company_destination_ids = []
for company_destination in data['company_destinations']:
company_destination_ids.append(
company_destination['destination']['destination_id'])
# Extract curbside check-ins to the first level
all_curbside_checkins = [
"Terminal 1", "Terminal 2", "Terminal 3", "Int'l Terminal"
]
company_curbside_checkins = []
for checkin in all_curbside_checkins:
found = False
for company_checkin in data['curbside_check_ins']:
if checkin == company_checkin['terminal']:
company_curbside_checkins.append({
'terminal':
checkin,
'selected':
True,
"id":
company_checkin['curbside_check_in_id']
})
found = True
break
if not found:
company_curbside_checkins.append({
'terminal': checkin,
'selected': False,
"id": -1
})
# Extract contact information to the first level
phone_numbers = []
for contact_method in data['company_contacts']:
# Website contact object is brought up to the key "company_website"
if contact_method['contact_type'] == "website":
data['company_website'] = contact_method
# All phone number objects are brought up to the list "company_phone_numbers"
elif contact_method['contact_type'] == "phone_number":
phone_numbers.append(contact_method)
phone_numbers = json.dumps(phone_numbers)
return render(
request, "admin_portal/provider/edit_provider.html", {
"provider": data,
"company_phone_numbers": phone_numbers,
"all_destinations": all_destinations,
"company_destination_ids": company_destination_ids,
"company_curbside_checkins": company_curbside_checkins
})
else:
messages.error(request,
"You cannot edit a deleted provider.",
extra_tags="danger")
logger.error(
"User Error: User attempted to edit a deleted provider under user agent: {}"
.format(request.META['HTTP_USER_AGENT']))
return redirect('view_provider', data['company_id'])
elif request.method == "POST":
# Get all the form information from the POST
new_provider = json.loads(json.dumps(request.POST))
new_provider['curbside_terminals'] = request.POST.getlist("curbside")
new_provider['destination_location'] = request.POST.getlist(
"destination")
new_provider['phone_inputs'] = json.loads(
request.POST.get("phone_input"))
# Get all the old provider information
parameters = {
"company_contact_info": "true",
"curbside_check_in_info": "true",
"company_destination_info": "true"
}
response = requests.get("{}/company/{}".format(settings.ADMIN_WS_URL,
provider_id),
params=parameters,
headers=headers)
validate_api_call(response, [])
old_provider = json.loads(response.text)['companies'][0]
data = {'company_name': old_provider['company_name']}
data['enabled'] = old_provider['enabled']
data['deleted'] = old_provider['deleted']
data['updated_by'] = request.session['username']
data['display_name'] = old_provider['display_name']
data['wheelchair'] = old_provider['wheelchair']
changed_wheelchair = False
changed_display_name = False
# Update wheelchair if it changed
if old_provider['wheelchair'] != (new_provider['wheelchair'] in [
'true'
]): # Hack to alias booleans as strings
data['wheelchair'] = not (old_provider['wheelchair'])
changed_wheelchair = True
if old_provider['display_name'] != new_provider['display']:
data['display_name'] = new_provider['display']
changed_display_name = True
response = requests.put("{}/company/{}".format(settings.ADMIN_WS_URL,
provider_id),
data=data,
headers=headers)
validate_api_call(response, [])
# Only make an audit call for wheelchair/display name if the call was successful
if changed_wheelchair:
create_audit(
request, headers, None, "COMPANY",
"Updated provider '{}' wheelchair accessibility to '{}'".
format(old_provider['company_name'],
str(data['wheelchair'])), "UPDATE", provider_id, None)
if changed_display_name:
create_audit(
request, headers, None, "COMPANY",
"Updated provider '{}' display name to '{}'".format(
old_provider['company_name'],
data['display_name']), "UPDATE", provider_id, None)
# Let the display know we did an update to the company information
display_response = requests.get("{}/display/company/{}".format(
settings.COORDINATOR_WS_URL, provider_id))
# Validate the call but don't stop execution if it fails
validate_api_call(display_response, [400, 404, 500, 403, 409])
# Update website if it changed
for contact in old_provider['company_contacts']:
if contact['contact_type'] == "website" and contact[
'contact_info'] != new_provider['website']:
data = {'contact_info': new_provider['website']}
data['contact_type'] = contact['contact_type']
data['enabled'] = contact['enabled']
data['updated_by'] = request.session['username']
response = requests.put("{}/company/{}/contact/{}".format(
settings.ADMIN_WS_URL, provider_id,
contact['company_contact_id']),
data=data,
headers=headers)
validate_api_call(response, [])
create_audit(
request, headers, None, "COMPANY_CONTACT",
"Updated provider '{}' website to '{}'".format(
old_provider['company_name'],
data['contact_info']), "UPDATE", provider_id, None)
# Add New Phone Numbers
for new_number in new_provider['phone_inputs']:
if new_number['id'] == -1:
data = {'contact_info': new_number['text']}
data['contact_type'] = "phone_number"
data['enabled'] = False
data['created_by'] = request.session['username']
response = requests.post("{}/company/{}/contact".format(
settings.ADMIN_WS_URL, provider_id),
data=data,
headers=headers)
validate_api_call(response, [])
create_audit(
request, headers, None, "COMPANY_CONTACT",
"Added new contact phone number '{}' under provider '{}'".
format(data['contact_info'], old_provider['company_name']),
"ADD", provider_id, None)
# Delete Old Phone Numbers
for old_number in old_provider['company_contacts']:
found = False
for new_number in new_provider['phone_inputs']:
if old_number['company_contact_id'] == new_number['id']:
found = True
break
if not found and old_number['contact_type'] == 'phone_number':
data = {"updated_by": request.session['username']}
response = requests.delete("{}/company/{}/contact/{}".format(
settings.ADMIN_WS_URL, provider_id,
old_number['company_contact_id']),
data=data,
headers=headers)
validate_api_call(response, [])
create_audit(
request, headers, None, "COMPANY_CONTACT",
"Deleted contact phone number '{}' under provider '{}'".
format(old_number['contact_info'],
old_provider['company_name']), "DELETE",
provider_id, None)
# Add New Destinations
for new_dest in new_provider['destination_location']:
found = False
for old_dest in old_provider['company_destinations']:
if int(new_dest) == old_dest['destination']['destination_id']:
found = True
break
if not found:
data = {'destination_id': int(new_dest)}
data['created_by'] = request.session['username']
response = requests.post(
"{}/company/{}/company_destination".format(
settings.ADMIN_WS_URL, provider_id),
data=data,
headers=headers)
validate_api_call(response, [409])
# If there is a conflict, find the id of the conflicting resource and put it to be enabled
if response.status_code == 409:
all_destinations = get_all_company_destinations(
headers, provider_id)
for company_destination in all_destinations:
if company_destination['destination'][
'destination_id'] == int(new_dest):
updated_destination = {'enabled': True}
updated_destination['deleted'] = False
updated_destination['destination_id'] = int(
new_dest)
updated_destination[
'updated_by'] = request.session['username']
response = requests.put(
"{}/company/{}/company_destination/{}".format(
settings.ADMIN_WS_URL, provider_id,
company_destination[
'company_destination_id']),
data=updated_destination,
headers=headers)
validate_api_call(response, [])
create_audit(
request, headers, None, "COMPANY_DESTINATION",
"Added new destination under provider '{}'".format(
old_provider['company_name']), "ADD", provider_id,
None)
# Delete Old Destinations
for old_dest in old_provider['company_destinations']:
found = False
for new_dest in new_provider['destination_location']:
if old_dest['destination']['destination_id'] == int(new_dest):
found = True
break
if not found:
data = {"updated_by": request.session['username']}
response = requests.delete(
"{}/company/{}/company_destination/{}".format(
settings.ADMIN_WS_URL, provider_id,
old_dest['company_destination_id']),
data=data,
headers=headers)
validate_api_call(response, [])
create_audit(
request, headers, None, "COMPANY_DESTINATION",
"Deleted destination under provider '{}'".format(
old_provider['company_name']), "DELETE", provider_id,
None)
# Add New Curbsides
for new_curb in new_provider['curbside_terminals']:
found = False
for old_curb in old_provider['curbside_check_ins']:
if new_curb == old_curb['terminal']:
found = True
break
if not found:
data = {'terminal': new_curb}
data['enabled'] = False
data['created_by'] = request.session['username']
response = requests.post("{}/company/{}/curbside".format(
settings.ADMIN_WS_URL, provider_id),
data=data,
headers=headers)
validate_api_call(response, [])
create_audit(
request, headers, None, "CURBSIDE_CHECKIN",
"Added curbside checkin '{}' under provider '{}'".format(
new_curb, old_provider['company_name']), "ADD",
provider_id, None)
# Delete Old Curbsides #
for old_curb in old_provider['curbside_check_ins']:
found = False
for new_curb in new_provider['curbside_terminals']:
if old_curb['terminal'] == new_curb:
found = True
break
if not found:
data = {"updated_by": request.session['username']}
response = requests.delete("{}/company/{}/curbside/{}".format(
settings.ADMIN_WS_URL, provider_id,
old_curb['curbside_check_in_id']),
data=data,
headers=headers)
validate_api_call(response, [])
create_audit(
request, headers, None, "CURBSIDE_CHECKIN",
"Deleted curbside checkin under provider '{}'".format(
old_provider['company_name']), "DELETE", provider_id,
None)
# Let the display know we did an edit
params = {"company_id": provider_id}
display_response = requests.get("{}/display/company_contacts".format(
settings.COORDINATOR_WS_URL),
params=params)
validate_api_call(display_response, [400, 404, 500, 403, 409])
messages.success(request, "Saved")
return redirect('edit_provider', provider_id)
else:
return redirect(reverse('admin_login'))
