def create_user_activation(request, headers, first, last, email, temp_password): # Send the email url = "https://sharedridevans.flysfo.com/company/" if settings.BUILD_ENV == "LOCAL": url = "127.0.0.1:8000/company/" elif settings.BUILD_ENV == "DEV": url = "dev-srv.flysfo.com/company/" elif settings.BUILD_ENV == "QA": url = "https://qa-srv.flysfo.com/company/" elif settings.BUILD_ENV == "STG": url = "https://stg-sharedridevans.flysfo.com/company/" email_data = {"from": "*****@*****.**"} email_data['to'] = email.lower() email_data['isHtml'] = True email_data['subject'] = "Shared Ride Vans - Account Activation" email_raw = loader.render_to_string('admin_portal/account/email.html', { "name": first + " " + last, "temporary_pass": temp_password, "url": url }) email_data['message'] = email_raw response = requests.post("{}/email".format(settings.EMAIL_WS_URL), files=(('test', 'email'), ('test2', 'email2')), data=email_data, headers=headers) validate_api_call(response, [])
def get_all_users(request, provider_id, headers): if request.method == "GET": if request.GET.get("type") == "superuser": # Get the ID corresponding to 'superuser' response = requests.get("{}/reference/role".format( settings.ADMIN_WS_URL), headers=headers) validate_api_call(response, []) all_roles = json.loads(response.text)['roles'] super_user_role_id = -1 for role in all_roles: if role['role_name'] == "superuser": super_user_role_id = role['role_id'] break # Get All Provider Users # TO-DO Specify role_name in parameters parameters = { "role_id": super_user_role_id, "company_id": provider_id } response = requests.get("{}/user".format(settings.ADMIN_WS_URL), params=parameters, headers=headers) validate_api_call(response, []) data = json.loads(response.text)['users'] return JsonResponse(data, safe=False) elif request.GET.get("type") == "driver": return NotImplemented else: return HttpResponseNotAllowed(['GET'])
def get_all_company_destinations(headers, provider_id): response = requests.get("{}/company/{}/company_destination".format( settings.ADMIN_WS_URL, provider_id), params={"include_deleted": True}, headers=headers) validate_api_call(response, []) return json.loads(response.text)['company_destinations']
def get_user_role_id(headers, user_role_name): response = requests.get("{}/reference/role".format(settings.ADMIN_WS_URL), headers=headers) validate_api_call(response, []) all_roles = json.loads(response.text)['roles'] for role in all_roles: if role['role_name'] == user_role_name: return role['role_id']
def provider_audit_trail(request, provider_id, headers): if request.method == "GET": response = requests.get("{}/company/{}".format(settings.ADMIN_WS_URL, provider_id), headers=headers) validate_api_call(response, []) provider = json.loads(response.text)['companies'][0] return render(request, "admin_portal/main/audit_provider.html", {"provider": provider}) else: return HttpResponseNotAllowed(['GET'])
def get_action_id(headers, action_name): response = requests.get("{}/reference/action".format( settings.ADMIN_WS_URL), headers=headers) validate_api_call(response, []) for action in json.loads(response.text)['actions']: if action['action_name'] == action_name: return action['action_id']
def get_all_provider_activity(request, headers): if request.method == "GET": params = {"action_by_user_role_id": get_user_role_id(headers, "superuser")} response = requests.get("{}/audit".format(settings.ADMIN_WS_URL), params=params, headers=headers) validate_api_call(response, []) audits = json.loads(response.text)['audit_entries'] return JsonResponse(audits, safe=False) else: return HttpResponseNotAllowed(['GET'])
def get_user(request, provider_id, user_id, headers): if request.method == "GET": response = requests.get("{}/user/{}".format(settings.ADMIN_WS_URL, user_id), headers=headers) validate_api_call(response, []) data = json.loads(response.text)['users'][0] return JsonResponse(data, safe=False) else: return HttpResponseNotAllowed(['GET'])
def edit_user(request, provider_id, user_id, headers): if request.method == 'POST': # Get the new user from the form post new_user = json.loads(json.dumps(request.POST)) # Get the old user from the database response = requests.get("{}/user/{}".format(settings.ADMIN_WS_URL, user_id), headers=headers) validate_api_call(response, []) old_user = json.loads(response.text)['users'][0] data = {"user_id": user_id} data['first_name'] = new_user['first_name'] data['last_name'] = new_user['last_name'] data['email'] = new_user['email'].lower() data['phone_number'] = new_user['phone'] data['enabled'] = old_user['enabled'] data['deleted'] = old_user['deleted'] data['activated'] = old_user['activated'] data['reset_password'] = old_user['reset_password'] data['updated_by'] = request.session['username'] data['company_id'] = old_user['company_id'] data['role_id'] = old_user['role']['role_id'] response = requests.put("{}/user/{}".format(settings.ADMIN_WS_URL, user_id), data=data, headers=headers) validate_api_call(response, [409]) if response.status_code == 409: logger.warning( "status_code={} message=Failed to edit user {} because email-company-id pattern exists." .format(409, data['first_name'] + " " + data['last_name'])) return HttpResponse(status=409) create_audit( request, headers, None, "USERS", "Edited provider user '{} {}'".format(data['first_name'], data['last_name']), "UPDATE", provider_id, data['email'].lower()) messages.success(request, "User Updated") return redirect('edit_provider', provider_id) else: return HttpResponseNotAllowed(['POST'])
def create_audit(request, headers, action_reason, resource_name, action_description, action_name, company_id, action_on_user): data = {"action_id": get_action_id(headers, action_name)} data['company_id'] = company_id data['action_description'] = action_description data['action_by_user_role_id'] = request.session['role_id'] data['action_by_user'] = request.session['username'] data['resource_name'] = resource_name data['action_reason'] = action_reason data['action_on_user'] = action_on_user response = requests.post("{}/audit".format(settings.COORDINATOR_WS_URL), data=data, headers=headers) validate_api_call(response, [])
def view_provider(request, provider_id, headers): if request.method == "GET": # Get a list of all active providers response = requests.get("{}/company".format(settings.ADMIN_WS_URL), headers=headers) validate_api_call(response, []) all_companies = json.loads(response.text)['companies'] can_restore = False if len(all_companies) < MAX_COMPANIES_ALLOWED: can_restore = True # Get Provider Information parameters = { "company_contact_info": "true", "curbside_check_in_info": "true", "company_destination_info": "true" } response = requests.get("{}/company/{}".format(settings.ADMIN_WS_URL, provider_id), params=parameters, headers=headers) validate_api_call(response, []) data = json.loads(response.text)['companies'][0] # Extract contact information to the first level phone_numbers = [] for contact_method in data['company_contacts']: # Website contact object is brought up to the key "company_website" if contact_method['contact_type'] == "website": data['company_website'] = contact_method # All phone number objects are brought up to the list "company_phone_numbers" elif contact_method['contact_type'] == "phone_number": phone_numbers.append(contact_method) phone_numbers = json.dumps(phone_numbers) return render( request, "admin_portal/provider/view_provider.html", { "provider": data, "company_phone_numbers": phone_numbers, "can_restore": can_restore }) else: return redirect(reverse('admin_login'))
def get_coordinator_activity(request, headers): if request.method == "GET": # First get the audits (logins/logouts) for all the coordinator users params = {"action_by_user_role_id": get_user_role_id(headers, "coordinator_user")} response = requests.get("{}/audit".format(settings.ADMIN_WS_URL), params=params, headers=headers) validate_api_call(response, []) user_audits = json.loads(response.text)['audit_entries'] # Next get the audits (logins/logouts) for all the admins params = {"action_by_user_role_id": get_user_role_id(headers, "coordinator_admin")} response = requests.get("{}/audit".format(settings.ADMIN_WS_URL), params=params, headers=headers) validate_api_call(response, []) admin_audits = json.loads(response.text)['audit_entries'] return JsonResponse(user_audits+admin_audits, safe=False) else: return HttpResponseNotAllowed(['GET'])
def get_all_providers(request, headers): if request.method == "GET": # Get All Provider Information parameters = {"company_contact_info": "true"} if request.GET.get("type") == "all": parameters['include_deleted'] = "true" response = requests.get("{}/company".format(settings.ADMIN_WS_URL), params=parameters, headers=headers) validate_api_call(response, []) data = json.loads(response.text) return JsonResponse(data, safe=False) return HttpResponseNotAllowed(['GET'])
def lock_provider(request, provider_id, headers): if request.method == 'POST': reason = request.POST.get("reason") lock_type = request.POST.get("type") # Get the original provider response = requests.get("{}/company/{}".format(settings.ADMIN_WS_URL, provider_id), headers=headers) validate_api_call(response, []) provider_response = json.loads(response.text)['companies'][0] data = {'company_id': provider_id} data['company_name'] = provider_response['company_name'] data['wheelchair'] = provider_response['wheelchair'] data['display_name'] = provider_response['display_name'] # Lock or Unlock the provider depending on the lock type if lock_type == 'lock': data['enabled'] = False data['audit_action_reason'] = reason else: data['enabled'] = True data['deleted'] = False data['updated_by'] = request.session['username'] response = requests.put("{}/company/{}".format(settings.ADMIN_WS_URL, provider_id), data=data, headers=headers) validate_api_call(response, []) # Make the audit call after the lock/unlock call succeeds if lock_type == "lock": create_audit(request, headers, reason, "COMPANY", "Locked provider '{}'".format(data['company_name']), "UPDATE", provider_id, None) else: create_audit(request, headers, None, "COMPANY", "Unlocked provider '{}'".format(data['company_name']), "UPDATE", provider_id, None) # Let the display know we locked/unlocked the account display_response = requests.get("{}/display/company/{}".format( settings.COORDINATOR_WS_URL, provider_id)) # Validate the call but don't stop execution if it fails validate_api_call(display_response, [400, 404, 500, 403, 409]) messages.success(request, "Successfully locked account.") return redirect('edit_provider', provider_id) else: return redirect('edit_provider', provider_id)
def resend_user_activation(request, provider_id, user_id, headers): if request.method == 'POST': # Get the user by their id response = requests.get("{}/user/{}".format(settings.ADMIN_WS_URL, user_id), headers=headers) validate_api_call(response, []) user_data = json.loads(response.text)['users'][0] # First generate a new password temp_password = password_generator() data = {"password": hashlib.sha256(temp_password).hexdigest()} data['updated_by'] = request.session['username'] # Update the temp password response = requests.put("{}/user/{}/password".format( settings.ADMIN_WS_URL, user_id), data=data, headers=headers) validate_api_call(response, []) # Send the new email url = "https://sharedridevans.flysfo.com/company/" if settings.BUILD_ENV == "LOCAL": url = "127.0.0.1:8000/company/" elif settings.BUILD_ENV == "DEV": url = "dev-srv.flysfo.com/company/" elif settings.BUILD_ENV == "QA": url = "https://qa-srv.flysfo.com/company/" elif settings.BUILD_ENV == "STG": url = "https://stg-sharedridevans.flysfo.com/company/" email_data = {"from": "*****@*****.**"} email_data['to'] = user_data['email'].lower() email_data['isHtml'] = True email_data['subject'] = "Shared Ride Vans - Account Activation" email_raw = loader.render_to_string( 'admin_portal/account/email.html', { "name": user_data['first_name'] + " " + user_data['last_name'], "temporary_pass": temp_password, "url": url }) email_data['message'] = email_raw response = requests.post("{}/email".format(settings.EMAIL_WS_URL), files=(('test', 'email'), ('test2', 'email2')), data=email_data, headers=headers) validate_api_call(response, []) messages.success(request, "Account activation email resent!") return redirect('edit_provider', provider_id) else: return HttpResponseNotAllowed(['POST'])
def restore_provider(request, provider_id, headers): if request.method == "POST": # Ensure there are less than the MAX_COMPANIES_ALLOWED response = requests.get("{}/company".format(settings.ADMIN_WS_URL), headers=headers) validate_api_call(response, []) all_companies = json.loads(response.text)['companies'] if len(all_companies) < MAX_COMPANIES_ALLOWED: # Get all the delete provider information response = requests.get("{}/company/{}".format( settings.ADMIN_WS_URL, provider_id), headers=headers) validate_api_call(response, []) deleted_provider = json.loads(response.text)['companies'][0] data = {'company_name': deleted_provider['company_name']} data['enabled'] = deleted_provider['enabled'] data['deleted'] = False data['updated_by'] = request.session['username'] data['display_name'] = deleted_provider['display_name'] data['wheelchair'] = deleted_provider['wheelchair'] response = requests.put("{}/company/{}".format( settings.ADMIN_WS_URL, provider_id), data=data, headers=headers) validate_api_call(response, []) create_audit(request, headers, None, "COMPANY", "Restored provider '{}'".format(data['company_name']), "UPDATE", provider_id, None) # Let the display know we restored a company display_response = requests.get("{}/display/company/{}".format( settings.COORDINATOR_WS_URL, provider_id)) # Validate the call but don't stop execution if it fails validate_api_call(display_response, [400, 404, 500, 403, 409]) return redirect('view_provider', provider_id) else: return redirect('edit_provider', provider_id)
def lock_user(request, provider_id, user_id, headers): if request.method == 'POST': # Get the new user from the form post lock_form = json.loads(json.dumps(request.POST)) # Get the user and their company response = requests.get("{}/user/{}".format(settings.ADMIN_WS_URL, user_id), headers=headers) validate_api_call(response, []) user = json.loads(response.text)['users'][0] response = requests.get("{}/company/{}".format(settings.ADMIN_WS_URL, provider_id), headers=headers) validate_api_call(response, []) company = json.loads(response.text)['companies'][0] data = {'user_id': user_id} if lock_form['lock_type'] == "lock": data['enabled'] = False else: data['enabled'] = True data['updated_by'] = request.session['username'] response = requests.put("{}/user/{}/lock".format( settings.ADMIN_WS_URL, user_id), data=data, headers=headers) validate_api_call(response, []) # Make audit call after lock/unlock was successful if lock_form['lock_type'] == "lock": create_audit( request, headers, None, "USERS", "Locked provider user '{} {}' under provider '{}'".format( user['first_name'], user['last_name'], company['company_name']), "UPDATE", provider_id, None) else: create_audit( request, headers, None, "USERS", "Unlocked provider user '{} {}' under provider '{}'".format( user['first_name'], user['last_name'], company['company_name']), "UPDATE", provider_id, None) return redirect('edit_provider', provider_id) else: return HttpResponseNotAllowed(['POST'])
def delete_provider(request, provider_id, headers): if request.method == 'POST': reason = request.POST.get("reason") # Get the original provider response = requests.get("{}/company/{}".format(settings.ADMIN_WS_URL, provider_id), headers=headers) validate_api_call(response, []) provider_response = json.loads(response.text)['companies'][0] data = {'company_id': provider_id} data['company_name'] = provider_response['company_name'] data['display_name'] = provider_response['display_name'] data['wheelchair'] = provider_response['wheelchair'] data['enabled'] = True data['deleted'] = True data['audit_action_reason'] = reason data['updated_by'] = request.session['username'] response = requests.put("{}/company/{}".format(settings.ADMIN_WS_URL, provider_id), data=data, headers=headers) validate_api_call(response, []) create_audit(request, headers, reason, "COMPANY", "Deleted provider '{}'".format(data['company_name']), "DELETE", provider_id, None) # Let the display know we deleted a company display_response = requests.get("{}/display/company/{}".format( settings.COORDINATOR_WS_URL, provider_id)) # Validate the call but don't stop execution if it fails validate_api_call(display_response, [400, 404, 500, 403, 409]) messages.success(request, "Successfully deleted account.") return redirect('view_provider', provider_id) else: return redirect('edit_provider', provider_id)
def delete_user(request, provider_id, user_id, headers): if request.method == 'POST': # Get the delete form from the POST request delete_form = json.loads(json.dumps(request.POST)) # Get the user and their company response = requests.get("{}/user/{}".format(settings.ADMIN_WS_URL, user_id), headers=headers) validate_api_call(response, []) user = json.loads(response.text)['users'][0] response = requests.get("{}/company/{}".format(settings.ADMIN_WS_URL, provider_id), headers=headers) validate_api_call(response, []) company = json.loads(response.text)['companies'][0] data = {'user_id': user_id} data['updated_by'] = request.session['username'] response = requests.delete("{}/user/{}".format(settings.ADMIN_WS_URL, user_id), data=data, headers=headers) validate_api_call(response, []) create_audit( request, headers, None, "USERS", "Deleted provider user '{} {}' under provider '{}'".format( user['first_name'], user['last_name'], company['company_name']), "DELETE", provider_id, None) messages.success(request, "User Deleted") return redirect('edit_provider', provider_id) else: return HttpResponseNotAllowed(['POST'])
def configuration(request, headers): # GET the Settings page if request.method == "GET": # Get a list of all destinations response = requests.get("{}/config".format(settings.ADMIN_WS_URL), headers=headers) validate_api_call(response, []) config = json.loads(response.text)['configs'] configs = {} for item in config: if item['property'] == "display_message": configs['empty_message'] = item['value'] elif item['property'] == "display_contact_message": configs['contact_message'] = item['value'] elif item['property'] == "display_reset_time": reset_time = datetime.strptime(item['value'], "%H:%M") configs['reset_time_h'] = reset_time.strftime("%I") configs['reset_time_m'] = reset_time.strftime("%M") configs['reset_time_ampm'] = reset_time.strftime("%p") elif item['property'] == "display_start_time": start_time = datetime.strptime(item['value'], "%H:%M") configs['start_time_h'] = start_time.strftime("%I") configs['start_time_m'] = start_time.strftime("%M") configs['start_time_ampm'] = start_time.strftime("%p") elif item['property'] == "display_refresh_interval": configs['refresh_interval'] = item['value'] elif item['property'] == "display_checkout_interval": configs['checkout_interval'] = item['value'] return render(request, "admin_portal/main/settings.html", {"config": configs}) elif request.method == "POST": data = json.loads(json.dumps(request.POST)) # Get the old data response = requests.get("{}/config".format(settings.ADMIN_WS_URL), headers=headers) validate_api_call(response, []) config = json.loads(response.text)['configs'] for item in config: # Update config items only if the data has changed # Display Message if item['property'] == "display_message": if item['value'] != data['display_message']: response = requests.put( "{}/config/property/{}".format(settings.ADMIN_WS_URL, "display_message"), data={"value": data['display_message']}, headers=headers) validate_api_call(response, []) # Display Contact Message elif item['property'] == "display_contact_message": if item['value'] != data['display_contact_message']: response = requests.put( "{}/config/property/{}".format( settings.ADMIN_WS_URL, "display_contact_message"), data={"value": data['display_contact_message']}, headers=headers) validate_api_call(response, []) # Display Refresh Interval elif item['property'] == "display_refresh_interval": if item['value'] != data['display_refresh_interval']: response = requests.put( "{}/config/property/{}".format( settings.ADMIN_WS_URL, "display_refresh_interval"), data={"value": data['display_refresh_interval']}, headers=headers) validate_api_call(response, []) # Display Checkout Interval elif item['property'] == "display_checkout_interval": if item['value'] != data['display_checkout_interval']: response = requests.put( "{}/config/property/{}".format( settings.ADMIN_WS_URL, "display_checkout_interval"), data={"value": data['display_checkout_interval']}, headers=headers) validate_api_call(response, []) # Display Reset Time elif item['property'] == "display_reset_time": reset_time_12_hour = data['display_reset_time_h'] + ":" + data[ 'display_reset_time_m'] + " " + data[ 'display_reset_time_ampm'] reset_time_12_hour = datetime.strptime(reset_time_12_hour, "%I:%M %p") if item['value'] != reset_time_12_hour: response = requests.put( "{}/config/property/{}".format(settings.ADMIN_WS_URL, "display_reset_time"), data={"value": reset_time_12_hour.strftime("%H:%M")}, headers=headers) validate_api_call(response, []) # Display Start Time elif item['property'] == "display_start_time": start_time_12_hour = data['display_start_time_h'] + ":" + data[ 'display_start_time_m'] + " " + data[ 'display_start_time_ampm'] start_time_12_hour = datetime.strptime(start_time_12_hour, "%I:%M %p") if item['value'] != start_time_12_hour: response = requests.put( "{}/config/property/{}".format(settings.ADMIN_WS_URL, "display_start_time"), data={"value": start_time_12_hour.strftime("%H:%M")}, headers=headers) validate_api_call(response, []) # Let the display know that the config was updated response = requests.get("{}/display/config".format( settings.COORDINATOR_WS_URL)) validate_api_call(response, []) create_audit(request, headers, None, "CONFIG", "Edited Monitor Display Settings", "UPDATE", None, None) messages.success(request, "Successfully updated display monitor settings!") return redirect(reverse('settings')) # Otherwise redirect to home page else: return redirect(reverse('admin_login'))
def login(request): try: # Redirect to Home if session is already valid if request.session.session_key and 'role' in request.session and 'auth' in request.session: if request.GET.get('next'): return redirect(request.GET.get('next')) return render(request, "admin_portal/main/home.html", "") # Login POST elif request.method == 'POST': form = LoginForm(request.POST) # Ensure login form parameters are valid if form.is_valid(): username = request.POST.get('username') password = request.POST.get('password') # Authentication API Call response = requests.post("{}/ad/auth".format( settings.AD_WS_URL), data={ "username": username, "password": password, "attributes": True }) validate_api_call(response, []) response_data = json.loads(response.text)["response"] # If SFO AD returns a valid set of credentials if response_data["validPassword"] is True: # And if the credentials have a Landside OU if response_data["dn"].find("OU=Trans Op") != -1: # Fill session metadata request.session["logged_in"] = True request.session["first_name"] = response_data[ "firstName"].title() request.session["last_name"] = response_data[ "lastName"].title() request.session["username"] = username request.session["id"] = response_data["id"] request.session["role"] = 'Admin' request.session["auth"] = "Basic {}".format( base64.urlsafe_b64encode("{}:{}".format( username, password))) # Get the role_id for a landside admin response = requests.get( "{}/reference/role".format(settings.ADMIN_WS_URL), headers={"authorization": request.session['auth']}) role_list = json.loads(response.text)['roles'] for role in role_list: if role['role_name'] == "landside_admin": request.session["role_id"] = role['role_id'] break # Redirect to next/home page if request.GET.get('next'): return redirect(request.GET.get('next')) return redirect(reverse('admin_login')) # Otherwise no Landside OU or incorrect OU implies unauthorized access else: logger.warning( "status_code={} message=Unauthorized user {} attempted to login." .format(403, username)) messages.error( request, "You do not have authorization to access this system.", extra_tags="danger") return redirect(reverse('admin_login')) # Otherwise the user entered bad credentials else: messages.error(request, 'Wrong username or password.', extra_tags="danger") return render(request, "admin_portal/account/login.html", "") # Otherwise alert the user that they're form submission couldn't be validated else: messages.error( request, 'Your login information could not be validated. Please try again or contact SFO Helpdesk.', extra_tags="danger") return render(request, "admin_portal/account/login.html", "") else: return render(request, "admin_portal/account/login.html", "") except KeyError: django_logout(request) return redirect(reverse('admin_login'))
def create_provider(request, headers): try: # GET the create a provider page if request.method == "GET": # Get a list of all Shared Ride Van companies response = requests.get("{}/company".format(settings.ADMIN_WS_URL), params={"include_deleted": True}, headers=headers) validate_api_call(response, []) shared_ride_companies = json.loads(response.text) # Determine the amount of active providers active_companies = 0 for company in shared_ride_companies['companies']: if not company['deleted']: active_companies += 1 # As long as there are fewer than MAX_COMPANIES_ALLOWED if active_companies < MAX_COMPANIES_ALLOWED: # Get a list of all destinations response = requests.get("{}/reference/destination".format( settings.ADMIN_WS_URL), headers=headers) validate_api_call(response, []) all_destinations = json.loads(response.text) # Get a list of all GTMS companies response = requests.get("{}/gtms/company".format( settings.ADMIN_WS_URL), headers=headers) validate_api_call(response, []) gtms_companies = json.loads(response.text) # Extract the company ids out of every Shared Ride Company for comparison on the template side shared_ride_company_ids = [] for company in shared_ride_companies['companies']: shared_ride_company_ids.append(company['company_id']) return render( request, "admin_portal/provider/create_provider.html", { "gtms_companies": gtms_companies['gtms_companies'], "shared_ride_company_ids": shared_ride_company_ids, "all_destinations": all_destinations['destinations'] }) else: messages.error( request, "Shared Ride Vans may only support {} active providers. To add a new provider, please delete an existing active provider. " .format(MAX_COMPANIES_ALLOWED), extra_tags="danger") logger.error( "Validation Error: User attempted to add more than allowed providers; user agent: {}" .format(request.META['HTTP_USER_AGENT'])) return redirect(reverse('admin_login')) # POST a new provider elif request.method == 'POST': # Get all the required information from the request.POST data = json.loads(json.dumps(request.POST)) data['curbside_terminals'] = request.POST.getlist("curbside") data['destination_ids'] = request.POST.getlist("destinations") data['company_id'] = data['company_id_name'].split(',', 1)[0] data['company_name'] = data['company_id_name'].split(',', 1)[1] # Create the provider (without audit_action_reason) create_provider_data = {'company_id': data['company_id']} create_provider_data['company_name'] = data['company_name'] create_provider_data['display_name'] = data['display'] create_provider_data['wheelchair'] = (data['wheelchair'] == "Yes") create_provider_data['enabled'] = True create_provider_data['deleted'] = False create_provider_data['created_by'] = request.session['username'] response = requests.post("{}/company".format( settings.ADMIN_WS_URL), data=create_provider_data, headers=headers) validate_api_call(response, []) # Create the provider's contact information # Website website_data = {'company_id': data['company_id']} website_data['contact_info'] = data['website'] website_data['contact_type'] = 'website' website_data['enabled'] = True website_data['created_by'] = request.session['username'] response = requests.post("{}/company/{}/contact".format( settings.ADMIN_WS_URL, data['company_id']), data=website_data, headers=headers) validate_api_call(response, []) # Phone Number phone_data = {'company_id': data['company_id']} phone_data['contact_info'] = data['phone'] phone_data['contact_type'] = 'phone_number' phone_data['enabled'] = True phone_data['created_by'] = request.session['username'] response = requests.post("{}/company/{}/contact".format( settings.ADMIN_WS_URL, data['company_id']), data=phone_data, headers=headers) validate_api_call(response, []) # Create the provider destinations destination_data = {'company_id': data['company_id']} destination_data['created_by'] = request.session['username'] for destination in data['destination_ids']: destination_data['destination_id'] = destination response = requests.post( "{}/company/{}/company_destination".format( settings.ADMIN_WS_URL, data['company_id']), data=destination_data, headers=headers) validate_api_call(response, []) # Create the provider curbside check-ins curbside_data = {'company_id': data['company_id']} curbside_data['enabled'] = True curbside_data['created_by'] = request.session['username'] for terminal in data['curbside_terminals']: curbside_data['terminal'] = terminal response = requests.post("{}/company/{}/curbside".format( settings.ADMIN_WS_URL, data['company_id']), data=curbside_data, headers=headers) validate_api_call(response, []) # Create audit entry of company creation create_audit(request, headers, None, "COMPANY", "Created provider '{}'".format(data['company_name']), "ADD", data['company_id'], None) # Create the first superuser (if all fields were entered) if data['su_first'] and data['su_last'] and data[ 'su_email'] and data['su_phone']: # First get the correct role ID from the reference table for superuser response = requests.get("{}/reference/role".format( settings.ADMIN_WS_URL), headers=headers) validate_api_call(response, []) all_roles = json.loads(response.text)['roles'] super_user_role_id = 0 for role in all_roles: if role['role_name'] == "superuser": super_user_role_id = role['role_id'] break # Assert super_user_role_id is NOT 0 # Then construct the super user object for posting temp_password = password_generator() su_data = {'first_name': data['su_first']} su_data['last_name'] = data['su_last'] su_data['email'] = data['su_email'].lower() su_data['password'] = hashlib.sha256(temp_password).hexdigest() su_data['phone_number'] = data['su_phone'] su_data['enabled'] = True su_data['deleted'] = False su_data['activated'] = False su_data['reset_password'] = True su_data['created_by'] = request.session['username'] su_data['company_id'] = data['company_id'] su_data['role_id'] = super_user_role_id response = requests.post("{}/user".format( settings.ADMIN_WS_URL), data=su_data, headers=headers) validate_api_call(response, []) # Send the account activation email url = "https://sharedridevans.flysfo.com/company/" if settings.BUILD_ENV == "LOCAL": url = "127.0.0.1:8000/company/" elif settings.BUILD_ENV == "DEV": url = "dev-srv.flysfo.com/company/" elif settings.BUILD_ENV == "QA": url = "https://qa-srv.flysfo.com/company/" elif settings.BUILD_ENV == "STG": url = "https://stg-sharedridevans.flysfo.com/company/" email_data = {"from": "*****@*****.**"} email_data['to'] = data['su_email'].lower() email_data['isHtml'] = True email_data['subject'] = "Shared Ride Vans - Account Activation" email_raw = loader.render_to_string( 'admin_portal/account/email.html', { "name": data['su_first'] + " " + data['su_last'], "temporary_pass": temp_password, "url": url }) email_data['message'] = email_raw response = requests.post( "{}/email".format(settings.EMAIL_WS_URL), files=(('test', 'email'), ('test2', 'email2')), data=email_data, headers=headers) validate_api_call(response, []) # Create audit entry of super user creation create_audit( request, headers, None, "USERS", "Created provider user '{} {}' under provider '{}'".format( data['su_first'], data['su_last'], data['company_name']), "ADD", data['company_id'], data['su_email'].lower()) # Let the display know we created a company display_response = requests.get("{}/display/company/{}".format( settings.COORDINATOR_WS_URL, data['company_id'])) # Validate the call but don't stop execution if it fails validate_api_call(display_response, [400, 404, 500, 403, 409]) messages.success(request, "Successfully created provider!") return redirect(reverse('admin_login')) # Otherwise redirect to home page else: return redirect(reverse('admin_login')) except KeyError: return redirect(reverse('admin_login'))
def create_user(request, provider_id, headers): if request.method == 'POST': # Get the new user from the form post new_user = json.loads(json.dumps(request.POST)) # Get the Super User Role response = requests.get("{}/reference/role".format( settings.ADMIN_WS_URL), headers=headers) validate_api_call(response, []) all_roles = json.loads(response.text)['roles'] super_user_role_id = 0 for role in all_roles: if role['role_name'] == "superuser": super_user_role_id = role['role_id'] break # Get the Company Name response = requests.get("{}/company/{}".format(settings.ADMIN_WS_URL, provider_id), headers=headers) validate_api_call(response, []) company = json.loads(response.text)['companies'][0] # Assert super_user_role_id is NOT 0 # Then construct the super user object for posting temp_password = password_generator() data = {'first_name': new_user['first_name']} data['last_name'] = new_user['last_name'] data['email'] = new_user['email'].lower() data['password'] = hashlib.sha256(temp_password).hexdigest() data['phone_number'] = new_user['phone'] data['enabled'] = True data['deleted'] = False data['activated'] = False data['reset_password'] = True data['created_by'] = request.session['username'] data['company_id'] = provider_id data['role_id'] = super_user_role_id response = requests.post("{}/user".format(settings.ADMIN_WS_URL), data=data, headers=headers) validate_api_call(response, [409]) # If the user already exists, then get the user id of the failed user and PUT the new data if user is deleted if response.status_code == 409: response = requests.get("{}/user".format(settings.ADMIN_WS_URL), params={ "email": data['email'], "company_id": provider_id, "include_deleted": True }, headers=headers) validate_api_call(response, []) conflicting_user = json.loads(response.text)['users'][0] if conflicting_user['deleted']: new_user_id = conflicting_user['user_id'] updated_data = data updated_data['updated_by'] = request.session['username'] updated_data['role_id'] = super_user_role_id response = requests.put("{}/user/{}".format( settings.ADMIN_WS_URL, new_user_id), data=updated_data, headers=headers) validate_api_call(response, []) create_audit( request, headers, None, "USERS", "Created provider user '{} {}' under provider '{}'".format( data['first_name'], data['last_name'], company['company_name']), "ADD", provider_id, data['email'].lower()) return resend_user_activation(request, provider_id, conflicting_user['user_id']) else: logger.warning( "status_code={} message=Failed to create user {} because active email-company-id pattern exists." .format(409, data['first_name'] + " " + data['last_name'])) return HttpResponse(status=409) else: create_audit( request, headers, None, "USERS", "Created provider user '{} {}' under provider '{}'".format( data['first_name'], data['last_name'], company['company_name']), "ADD", provider_id, data['email'].lower()) create_user_activation(request, headers, new_user['first_name'], new_user['last_name'], new_user['email'].lower(), temp_password) messages.success(request, "User Created") return redirect('edit_provider', provider_id) else: return HttpResponseNotAllowed(['POST'])
def edit_provider(request, provider_id, headers): if request.method == "GET": # Get Provider Information parameters = { "company_contact_info": "true", "curbside_check_in_info": "true", "company_destination_info": "true" } response = requests.get("{}/company/{}".format(settings.ADMIN_WS_URL, provider_id), params=parameters, headers=headers) validate_api_call(response, []) data = json.loads(response.text)['companies'][0] if not data['deleted']: # Get all the destinations response = requests.get("{}/reference/destination".format( settings.ADMIN_WS_URL), headers=headers) validate_api_call(response, []) all_destinations = json.loads(response.text)['destinations'] # Extract destinations to the first level company_destination_ids = [] for company_destination in data['company_destinations']: company_destination_ids.append( company_destination['destination']['destination_id']) # Extract curbside check-ins to the first level all_curbside_checkins = [ "Terminal 1", "Terminal 2", "Terminal 3", "Int'l Terminal" ] company_curbside_checkins = [] for checkin in all_curbside_checkins: found = False for company_checkin in data['curbside_check_ins']: if checkin == company_checkin['terminal']: company_curbside_checkins.append({ 'terminal': checkin, 'selected': True, "id": company_checkin['curbside_check_in_id'] }) found = True break if not found: company_curbside_checkins.append({ 'terminal': checkin, 'selected': False, "id": -1 }) # Extract contact information to the first level phone_numbers = [] for contact_method in data['company_contacts']: # Website contact object is brought up to the key "company_website" if contact_method['contact_type'] == "website": data['company_website'] = contact_method # All phone number objects are brought up to the list "company_phone_numbers" elif contact_method['contact_type'] == "phone_number": phone_numbers.append(contact_method) phone_numbers = json.dumps(phone_numbers) return render( request, "admin_portal/provider/edit_provider.html", { "provider": data, "company_phone_numbers": phone_numbers, "all_destinations": all_destinations, "company_destination_ids": company_destination_ids, "company_curbside_checkins": company_curbside_checkins }) else: messages.error(request, "You cannot edit a deleted provider.", extra_tags="danger") logger.error( "User Error: User attempted to edit a deleted provider under user agent: {}" .format(request.META['HTTP_USER_AGENT'])) return redirect('view_provider', data['company_id']) elif request.method == "POST": # Get all the form information from the POST new_provider = json.loads(json.dumps(request.POST)) new_provider['curbside_terminals'] = request.POST.getlist("curbside") new_provider['destination_location'] = request.POST.getlist( "destination") new_provider['phone_inputs'] = json.loads( request.POST.get("phone_input")) # Get all the old provider information parameters = { "company_contact_info": "true", "curbside_check_in_info": "true", "company_destination_info": "true" } response = requests.get("{}/company/{}".format(settings.ADMIN_WS_URL, provider_id), params=parameters, headers=headers) validate_api_call(response, []) old_provider = json.loads(response.text)['companies'][0] data = {'company_name': old_provider['company_name']} data['enabled'] = old_provider['enabled'] data['deleted'] = old_provider['deleted'] data['updated_by'] = request.session['username'] data['display_name'] = old_provider['display_name'] data['wheelchair'] = old_provider['wheelchair'] changed_wheelchair = False changed_display_name = False # Update wheelchair if it changed if old_provider['wheelchair'] != (new_provider['wheelchair'] in [ 'true' ]): # Hack to alias booleans as strings data['wheelchair'] = not (old_provider['wheelchair']) changed_wheelchair = True if old_provider['display_name'] != new_provider['display']: data['display_name'] = new_provider['display'] changed_display_name = True response = requests.put("{}/company/{}".format(settings.ADMIN_WS_URL, provider_id), data=data, headers=headers) validate_api_call(response, []) # Only make an audit call for wheelchair/display name if the call was successful if changed_wheelchair: create_audit( request, headers, None, "COMPANY", "Updated provider '{}' wheelchair accessibility to '{}'". format(old_provider['company_name'], str(data['wheelchair'])), "UPDATE", provider_id, None) if changed_display_name: create_audit( request, headers, None, "COMPANY", "Updated provider '{}' display name to '{}'".format( old_provider['company_name'], data['display_name']), "UPDATE", provider_id, None) # Let the display know we did an update to the company information display_response = requests.get("{}/display/company/{}".format( settings.COORDINATOR_WS_URL, provider_id)) # Validate the call but don't stop execution if it fails validate_api_call(display_response, [400, 404, 500, 403, 409]) # Update website if it changed for contact in old_provider['company_contacts']: if contact['contact_type'] == "website" and contact[ 'contact_info'] != new_provider['website']: data = {'contact_info': new_provider['website']} data['contact_type'] = contact['contact_type'] data['enabled'] = contact['enabled'] data['updated_by'] = request.session['username'] response = requests.put("{}/company/{}/contact/{}".format( settings.ADMIN_WS_URL, provider_id, contact['company_contact_id']), data=data, headers=headers) validate_api_call(response, []) create_audit( request, headers, None, "COMPANY_CONTACT", "Updated provider '{}' website to '{}'".format( old_provider['company_name'], data['contact_info']), "UPDATE", provider_id, None) # Add New Phone Numbers for new_number in new_provider['phone_inputs']: if new_number['id'] == -1: data = {'contact_info': new_number['text']} data['contact_type'] = "phone_number" data['enabled'] = False data['created_by'] = request.session['username'] response = requests.post("{}/company/{}/contact".format( settings.ADMIN_WS_URL, provider_id), data=data, headers=headers) validate_api_call(response, []) create_audit( request, headers, None, "COMPANY_CONTACT", "Added new contact phone number '{}' under provider '{}'". format(data['contact_info'], old_provider['company_name']), "ADD", provider_id, None) # Delete Old Phone Numbers for old_number in old_provider['company_contacts']: found = False for new_number in new_provider['phone_inputs']: if old_number['company_contact_id'] == new_number['id']: found = True break if not found and old_number['contact_type'] == 'phone_number': data = {"updated_by": request.session['username']} response = requests.delete("{}/company/{}/contact/{}".format( settings.ADMIN_WS_URL, provider_id, old_number['company_contact_id']), data=data, headers=headers) validate_api_call(response, []) create_audit( request, headers, None, "COMPANY_CONTACT", "Deleted contact phone number '{}' under provider '{}'". format(old_number['contact_info'], old_provider['company_name']), "DELETE", provider_id, None) # Add New Destinations for new_dest in new_provider['destination_location']: found = False for old_dest in old_provider['company_destinations']: if int(new_dest) == old_dest['destination']['destination_id']: found = True break if not found: data = {'destination_id': int(new_dest)} data['created_by'] = request.session['username'] response = requests.post( "{}/company/{}/company_destination".format( settings.ADMIN_WS_URL, provider_id), data=data, headers=headers) validate_api_call(response, [409]) # If there is a conflict, find the id of the conflicting resource and put it to be enabled if response.status_code == 409: all_destinations = get_all_company_destinations( headers, provider_id) for company_destination in all_destinations: if company_destination['destination'][ 'destination_id'] == int(new_dest): updated_destination = {'enabled': True} updated_destination['deleted'] = False updated_destination['destination_id'] = int( new_dest) updated_destination[ 'updated_by'] = request.session['username'] response = requests.put( "{}/company/{}/company_destination/{}".format( settings.ADMIN_WS_URL, provider_id, company_destination[ 'company_destination_id']), data=updated_destination, headers=headers) validate_api_call(response, []) create_audit( request, headers, None, "COMPANY_DESTINATION", "Added new destination under provider '{}'".format( old_provider['company_name']), "ADD", provider_id, None) # Delete Old Destinations for old_dest in old_provider['company_destinations']: found = False for new_dest in new_provider['destination_location']: if old_dest['destination']['destination_id'] == int(new_dest): found = True break if not found: data = {"updated_by": request.session['username']} response = requests.delete( "{}/company/{}/company_destination/{}".format( settings.ADMIN_WS_URL, provider_id, old_dest['company_destination_id']), data=data, headers=headers) validate_api_call(response, []) create_audit( request, headers, None, "COMPANY_DESTINATION", "Deleted destination under provider '{}'".format( old_provider['company_name']), "DELETE", provider_id, None) # Add New Curbsides for new_curb in new_provider['curbside_terminals']: found = False for old_curb in old_provider['curbside_check_ins']: if new_curb == old_curb['terminal']: found = True break if not found: data = {'terminal': new_curb} data['enabled'] = False data['created_by'] = request.session['username'] response = requests.post("{}/company/{}/curbside".format( settings.ADMIN_WS_URL, provider_id), data=data, headers=headers) validate_api_call(response, []) create_audit( request, headers, None, "CURBSIDE_CHECKIN", "Added curbside checkin '{}' under provider '{}'".format( new_curb, old_provider['company_name']), "ADD", provider_id, None) # Delete Old Curbsides # for old_curb in old_provider['curbside_check_ins']: found = False for new_curb in new_provider['curbside_terminals']: if old_curb['terminal'] == new_curb: found = True break if not found: data = {"updated_by": request.session['username']} response = requests.delete("{}/company/{}/curbside/{}".format( settings.ADMIN_WS_URL, provider_id, old_curb['curbside_check_in_id']), data=data, headers=headers) validate_api_call(response, []) create_audit( request, headers, None, "CURBSIDE_CHECKIN", "Deleted curbside checkin under provider '{}'".format( old_provider['company_name']), "DELETE", provider_id, None) # Let the display know we did an edit params = {"company_id": provider_id} display_response = requests.get("{}/display/company_contacts".format( settings.COORDINATOR_WS_URL), params=params) validate_api_call(display_response, [400, 404, 500, 403, 409]) messages.success(request, "Saved") return redirect('edit_provider', provider_id) else: return redirect(reverse('admin_login'))