def get_user(self): cached_data = get_cached_user(self.cleaned_data.get('token')) user = Customer.customers.get_auth_customer( cached_data['username']) or None if not cached_data or not user: raise forms.ValidationError('Unauthorized User !') return user
def update_customer_upg(self): cached_data = get_cached_user(self.cleaned_data.get('token')) customer = self.get_customer(cached_data) university = get_object_or_404( University, slug_name=self.cleaned_data.get('university_slug')) if cached_data['university_id'] != university.pk: raise forms.ValidationError('User has no permission !', code=FORM_ERROR_CODE_MAP[4]) permission_group = self.cleaned_data.get('permission_group') is_approved = self.cleaned_data.get('is_approved') admin_comment = self.cleaned_data.get('admin_comment') grant_level = self.cleaned_data.get('grant_level') or None customer_in_university = CustomerUPG.customer_upg.all().filter( customer=customer.pk, university=university) or None if not permission_group or not is_approved or not admin_comment or not customer: raise forms.ValidationError( 'Required Field [customer, permission_group, is_approved, admin_comment, ] !', code=FORM_ERROR_CODE_MAP[2]) if customer_in_university is None or customer_in_university.count( ) > 1: raise forms.ValidationError( 'Update CustomerUPG Exception: should be unique!' + str(customer_in_university), code=FORM_ERROR_CODE_MAP[1]) elif customer_in_university.count() == 1: customer_upg = customer_in_university[0] customer_upg.permission_group = permission_group customer_upg.grant_level = grant_level or permission_group.user_level customer_upg.is_approved = is_approved customer_upg.admin_comment = admin_comment customer_upg.save() return customer_upg
def validate_permission(self): cached_data = get_cached_user(self.cleaned_data.get('token')) university = get_object_or_404(University, slug_name=self.cleaned_data.get('slug')) if check_request_user_role(cached_data, ['president', 'admin']) and cached_data['university_id'] == \ university.pk: return True raise forms.ValidationError('User has no permission !', code=FORM_ERROR_CODE_MAP[4])
def set_password(self): old_password = self.cleaned_data.get('old_password') cached_data = get_cached_user(self.cleaned_data.get('token')) if not cached_data: raise forms.ValidationError( 'Unauthorized User ! User may already logout, no token found !' ) user = UserChangePasswordForm.get_user(cached_data) password = self.clean_password2() if UserChangePasswordForm.authenticate(user, old_password) and password: user.set_password(password) user.save() return user return None
def create_customer_upg(self): cached_data = get_cached_user(self.cleaned_data.get('token')) customer = self.get_customer(cached_data) university = get_object_or_404( University, slug_name=self.cleaned_data.get('university_slug')) if self.validate_existing(customer, university): raise forms.ValidationError('Already exist !', code=FORM_ERROR_CODE_MAP[1]) customer_comment = self.cleaned_data.get('customer_comment') feature = self.cleaned_data.get('apply_from_feature') apply_level = self.cleaned_data.get('apply_level') or 0 customer_upg = CustomerUPG(customer=customer, university=university, customer_comment=customer_comment, apply_from_feature=feature, apply_level=apply_level) customer_upg.save() return customer_upg
def get_customer_upg_by_university(request): if request.method == 'GET': response_data = list() token = request.GET['token'] university = get_object_or_404( University, slug_name=request.GET['university_slug']) or None cached_data = get_cached_user(token) if not check_request_user_role(cached_data, ['admin', 'president', ]) or int(cached_data['university_id']) != \ university.pk: return Response(data=response_message(code=401), status=status.HTTP_401_UNAUTHORIZED) if not university: return Response(data=response_message(message='Invalid parameter'), status=status.HTTP_400_BAD_REQUEST) university_upg = CustomerUPG.customer_upg.get_org_deserved_customer_upg( university) for upg in university_upg: response_data.append(model_to_dict(upg)) return Response(data={'result': response_data}, status=status.HTTP_200_OK) return Response(data=response_message(code=405), status=status.HTTP_405_METHOD_NOT_ALLOWED)