def undelete_user(request, username):
if request.method == 'POST':
try:
api_client.get_api_session(request).patch(
f'users/{username}/',
json={'is_active': True}
)
admin_username = request.user.user_data.get('username', 'Unknown')
logger.info(f'Admin {admin_username} enabled user {username}', extra={
'elk_fields': {
'@fields.username': admin_username,
}
})
messages.success(request, _('User account ‘%(username)s’ enabled') % {'username': username})
except HttpClientError as e:
api_errors_to_messages(request, e, gettext('This user could not be enabled'))
return redirect(reverse('list-users'))
context = {
'breadcrumbs': make_breadcrumbs(_('Enable user')),
}
try:
user = api_client.get_api_session(request).get(
f'users/{username}/'
).json()
context['user'] = user
context['page_title'] = _('Enable user')
return render(request, 'mtp_common/user_admin/undelete.html', context=context)
except HttpNotFoundError:
raise Http404
def get_context_data(self, **kwargs):
if self.request.user.has_perm('auth.change_user'):
response = api_client.get_api_session(self.request).get(
'requests/', params={'page_size': 1})
kwargs['user_request_count'] = response.json().get('count')
return super().get_context_data(start_page_url=settings.START_PAGE_URL,
**kwargs)
def clean_prisoner_number(self):
prisoner_number = self.cleaned_data.get('prisoner_number')
if prisoner_number:
prisoner_number = prisoner_number.upper()
session = get_api_session(self.request)
try:
prisoner = session.get(
'/prisoner_locations/{prisoner_number}/'.format(
prisoner_number=quote_plus(prisoner_number)
)
).json()
self.cleaned_data['prisoner_name'] = prisoner['prisoner_name']
self.cleaned_data['prisoner_dob'] = prisoner['prisoner_dob']
self.cleaned_data['prison'] = prisoner['prison']
except HttpNotFoundError:
raise forms.ValidationError(
self.error_messages['not_found'], code='not_found')
except Forbidden:
raise forms.ValidationError(
self.error_messages['wrong_prison'], code='wrong_prison')
except (RequestException, ValueError):
logger.exception('Could not look up prisoner location')
raise forms.ValidationError(
self.error_messages['connection'], code='connection')
return prisoner_number
def download_adi_journal(request, receipt_date):
api_session = get_api_session(request)
try:
filedata = adi.get_adi_journal_file(api_session,
receipt_date,
user=request.user)
record_download(api_session, ADI_JOURNAL_LABEL, receipt_date)
except EmptyFileError as e:
record_download(api_session, ADI_JOURNAL_LABEL, receipt_date)
raise e
filename = settings.ADI_OUTPUT_FILENAME.format(
initials=request.user.get_initials(), date=date.today())
response = HttpResponse(
filedata,
content_type=
'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet')
response['Content-Disposition'] = 'attachment; filename="%s"' % filename
logger.info(
'User "%(username)s" is downloading ADI journal for %(date)s' % {
'username': request.user.username,
'date': date_format(receipt_date, 'Y-m-d'),
})
return response
def decline_request(request, account_request):
response = api_client.get_api_session(request).delete(f'requests/{account_request}/')
if response.status_code == 204:
messages.success(request, gettext('New user request was declined'))
else:
messages.error(request, gettext('New user request could not be declined'))
return redirect(AcceptRequestView.success_url)
def download_disbursements(request, receipt_date):
api_session = get_api_session(request)
try:
filedata = disbursements.get_disbursements_file(api_session,
receipt_date,
mark_sent=True)
record_download(api_session, DISBURSEMENTS_LABEL, receipt_date)
except EmptyFileError as e:
record_download(api_session, DISBURSEMENTS_LABEL, receipt_date)
raise e
filename = settings.DISBURSEMENT_OUTPUT_FILENAME.format(date=receipt_date)
response = HttpResponse(
filedata,
content_type=
'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet')
response['Content-Disposition'] = 'attachment; filename="%s"' % filename
logger.info(
'User "%(username)s" is downloading Disbursements for %(date)s' % {
'username': request.user.username,
'date': date_format(receipt_date, 'Y-m-d'),
})
return response
def get_context_data(self, **kwargs):
context = super().get_context_data(**kwargs)
preceding_workdays = get_preceding_workday_list(5, offset=1)
context['latest_day'], context['preceding_days'] = preceding_workdays[
0], preceding_workdays[1:]
api_session = get_api_session(self.request)
workday_list = get_preceding_workday_list(20, offset=2)
user = self.request.user
if user.has_perm('transaction.view_bank_details_transaction'):
context['missed_refunds'] = get_missing_downloads(
api_session, ACCESSPAY_LABEL, workday_list)
if user.has_perm('credit.view_any_credit'):
context['missed_adi_journals'] = get_missing_downloads(
api_session, ADI_JOURNAL_LABEL, workday_list)
if user.has_perm('transaction.view_transaction'):
context['missed_statements'] = get_missing_downloads(
api_session, MT940_STMT_LABEL, workday_list)
if user.has_perm('disbursement.view_disbursement'):
context['missed_disbursements'] = get_missing_downloads(
api_session, DISBURSEMENTS_LABEL, workday_list)
context['show_access_pay_refunds'] = settings.SHOW_ACCESS_PAY_REFUNDS
return context
def get(self, request, *args, **kwargs):
session = api_client.get_api_session(self.request)
batches = session.get('credits/batches/').json()
if batches['count']:
last_batch = batches['results'][0]
credit_ids = last_batch['credits']
incomplete_credits = session.get(
'credits/', params={'resolution': 'pending', 'pk': credit_ids}
).json()
if not last_batch['expired'] and incomplete_credits['count']:
return redirect('processing-credits')
credited_credits = session.get(
'credits/', params={'resolution': 'credited', 'pk': credit_ids}
).json()
kwargs['credited_credits'] = credited_credits['count']
kwargs['failed_credits'] = incomplete_credits['count']
session.delete(
'credits/batches/{batch_id}/'.format(batch_id=last_batch['id'])
)
for message in messages.get_messages(request):
if message.level == MANUALLY_CREDITED_LOG_LEVEL:
kwargs['credited_manual_credits'] = int(message.message)
return self.render_to_response(self.get_context_data(**kwargs))
def get_context_data(self, **kwargs):
if self.request.user.has_perm('auth.change_user'):
response = api_client.get_api_session(self.request).get('requests/', params={'page_size': 1})
kwargs['user_request_count'] = response.json().get('count')
return super().get_context_data(
start_page_url=settings.START_PAGE_URL,
**kwargs
)
def get_context_data(self, **kwargs):
context = super().get_context_data(**kwargs)
if self.request.can_access_security:
session = get_api_session(self.request)
email_preferences = session.get('/emailpreferences/').json()
context['email_notifications'] = email_preferences[
'frequency'] != EmailNotifications.never
return context
def __init__(self, request, ordering='-received_at', *args, **kwargs):
super().__init__(*args, **kwargs)
self.request = request
self.user = request.user
self.session = get_api_session(request)
self.ordering = ordering
self.fields['credit'].choices = self.credit_choices
def save_user_flags(request, flag):
api_session = get_api_session(request)
api_session.put('/users/%s/flags/%s/' % (request.user.username, flag),
json={})
flags = set(request.user.user_data.get('flags') or [])
flags.add(flag)
flags = list(flags)
request.user.user_data['flags'] = flags
request.session[USER_DATA_SESSION_KEY] = request.user.user_data
def unlock_user(request, username):
try:
api_client.get_api_session(request).patch(
f'users/{username}/',
json={'is_locked_out': False}
)
admin_username = request.user.user_data.get('username', 'Unknown')
logger.info(f'Admin {admin_username} removed lock-out for user {username}', extra={
'elk_fields': {
'@fields.username': admin_username,
}
})
messages.success(request, gettext('Unlocked user ‘%(username)s’, they can now log in again') % {
'username': username,
})
except HttpClientError as e:
api_errors_to_messages(request, e, gettext('This user could not be enabled'))
return redirect(reverse('list-users'))
def get_api_session(self, **kwargs):
request = self.factory.get(
reverse('bank_admin:download_bank_statement'), **kwargs)
request.user = MojUser(1, '', {
'first_name': 'John',
'last_name': 'Smith',
'username': '******'
})
request.session = mock.MagicMock()
return get_api_session(request)
def post(self, *args, **kwargs):
if self.request.can_access_security and 'email_notifications' in self.request.POST:
session = get_api_session(self.request)
if self.request.POST['email_notifications'] == 'True':
session.post('/emailpreferences/',
json={'frequency': EmailNotifications.daily})
else:
session.post('/emailpreferences/',
json={'frequency': EmailNotifications.never})
return redirect(reverse_lazy('settings'))
def get_user_request_count(self) -> int:
if self.request.user.has_perm('auth.change_user'):
try:
api_session = get_api_session(self.request)
response = api_session.get('requests/', params={'page_size': 1})
return response.json().get('count', 0)
except RequestException:
logger.exception('Failed to get number of account requests')
return 0
def __init__(self, request, *args, **kwargs):
super().__init__(*args, **kwargs)
self.label_suffix = ''
self.request = request
self.user = request.user
self.session = get_api_session(request)
self.pagination = {
'page': 1,
'count': 0,
'page_count': 0,
}
def reject(self, request, disbursement_id):
api_session = get_api_session(request)
api_session.post('disbursements/actions/reject/',
json={'disbursement_ids': [disbursement_id]})
reason = self.cleaned_data['reason']
if reason:
reasons = [{
'disbursement': disbursement_id,
'comment': reason,
'category': 'reject',
}]
api_session.post('/disbursements/comments/', json=reasons)
def form_valid(self, form):
if has_provided_job_information(self.request.user):
return redirect(self.get_success_url())
session = get_api_session(self.request)
session.post('/job-information/',
json={
'title': form.cleaned_data['job_title_or_other'],
'prison_estate': form.cleaned_data['prison_estate'],
'tasks': form.cleaned_data['tasks']
})
save_user_flags(self.request, provided_job_info_flag)
return super().form_valid(form)
def reject(self, request, disbursement_id):
api_session = get_api_session(request)
api_session.post(
'disbursements/actions/reject/',
json={'disbursement_ids': [disbursement_id]}
)
reason = self.cleaned_data['reason']
if reason:
reasons = [{
'disbursement': disbursement_id,
'comment': reason,
'category': 'reject',
}]
api_session.post('/disbursements/comments/', json=reasons)
def form_valid(self, form):
api_session = get_api_session(self.request)
confirmation = form.cleaned_data['confirmation']
if confirmation == 'yes':
save_user_flags(self.request, hmpps_employee_flag, api_session)
success_url = form.cleaned_data['next']
if success_url and is_safe_url(
success_url, allowed_hosts=self.request.get_host()):
self.success_url = success_url
return super().form_valid(form)
else:
save_user_flags(self.request, not_hmpps_employee_flag, api_session)
api_session.delete('/users/%s/' % self.request.user.username)
self.request.session.flush()
return redirect(self.not_employee_url)
def get(self, request, *args, **kwargs):
context = self.get_context_data(**kwargs)
session = api_client.get_api_session(self.request)
batches = session.get('credits/batches/').json()
if batches['count'] == 0 or batches['results'][0]['expired']:
return redirect('new-credits')
else:
credit_ids = batches['results'][0]['credits']
total = len(credit_ids)
incomplete_credits = session.get(
'credits/', params={'resolution': 'pending', 'pk': credit_ids}
).json()
done_credit_count = total - incomplete_credits['count']
context['percentage'] = int((done_credit_count / total) * 100)
return self.render_to_response(context)
def get_saved_search_cards(self):
if not self.request.can_access_security:
return []
session = get_api_session(self.request)
saved_searches = populate_new_result_counts(session, get_saved_searches(session))
return [
{
'heading': search['description'],
'link': search['site_url'],
'description': (
ngettext('%d new credit', '%d new credits', search['new_result_count']) % search['new_result_count']
if search.get('new_result_count')
else ''
)
}
for search in saved_searches
]
def get_initial(self):
username = self.kwargs['username']
try:
response = api_client.get_api_session(self.request).get(
f'users/{username}/'
).json()
initial = {
'username': response.get('username', ''),
'first_name': response.get('first_name', ''),
'last_name': response.get('last_name', ''),
'email': response.get('email', ''),
'user_admin': response.get('user_admin', False),
}
roles = response.get('roles', [])
if len(roles) == 1:
initial['role'] = roles[0]
else:
raise IncompatibleUser
return initial
except HttpNotFoundError:
raise Http404
def notifications_for_request(request, target=None, use_cache=True):
# NB: caching can only be used since notifications are not currently set up to be user/request specific
cache_key = 'notifications-%s' % target
if use_cache:
results = cache.get(cache_key)
if results:
return results
try:
if request.user.is_authenticated:
session = api_client.get_api_session(request)
else:
session = api_client.get_unauthenticated_session()
response = session.get(
'notifications/',
params={'target__startswith': target} if target else None)
results = response.json()['results']
if use_cache:
cache.set(cache_key, results, timeout=60 * 5)
return results
except (RequestException, ValueError, KeyError):
logger.exception('Could not load notifications')
def get_context_data(self, *args, **kwargs):
context = super().get_context_data(*args, **kwargs)
api_session = get_api_session(self.request)
workday_list = get_preceding_workday_list(20, offset=2)
user = self.request.user
if user.has_perm('transaction.view_bank_details_transaction'):
context['missed_refunds'] = get_missing_downloads(
api_session, ACCESSPAY_LABEL, workday_list)
if user.has_perm('credit.view_any_credit'):
context['missed_adi_journals'] = get_missing_downloads(
api_session, ADI_JOURNAL_LABEL, workday_list)
if user.has_perm('transaction.view_transaction'):
context['missed_statements'] = get_missing_downloads(
api_session, MT940_STMT_LABEL, workday_list)
if user.has_perm('disbursement.view_disbursement'):
context['missed_disbursements'] = get_missing_downloads(
api_session, DISBURSEMENTS_LABEL, workday_list)
return context
def download_refund_file(request, receipt_date):
api_session = get_api_session(request)
try:
csvfile = refund.get_refund_file(api_session,
receipt_date,
mark_refunded=True)
record_download(api_session, ACCESSPAY_LABEL, receipt_date)
except EmptyFileError as e:
record_download(api_session, ACCESSPAY_LABEL, receipt_date)
raise e
filename = settings.REFUND_OUTPUT_FILENAME.format(date=date.today())
response = HttpResponse(csvfile, content_type='text/plain')
response['Content-Disposition'] = 'attachment; filename="%s"' % filename
logger.info(
'User "%(username)s" is downloading AccessPay file for %(date)s' % {
'username': request.user.username,
'date': date_format(receipt_date, 'Y-m-d'),
})
return response
def download_bank_statement(request, receipt_date):
api_session = get_api_session(request)
try:
bai2file = statement.get_bank_statement_file(api_session, receipt_date)
record_download(api_session, MT940_STMT_LABEL, receipt_date)
except EmptyFileError as e:
record_download(api_session, MT940_STMT_LABEL, receipt_date)
raise e
filename = settings.BANK_STMT_OUTPUT_FILENAME.format(
account_number=settings.BANK_STMT_ACCOUNT_NUMBER, date=receipt_date)
response = HttpResponse(bai2file, content_type='application/octet-stream')
response['Content-Disposition'] = 'attachment; filename="%s"' % filename
logger.info(
'User "%(username)s" is downloading bank statement file for %(date)s' %
{
'username': request.user.username,
'date': date_format(receipt_date, 'Y-m-d'),
})
return response
def get_context_data(self, **kwargs):
if self.request.user.has_perm('auth.change_user'):
response = api_client.get_api_session(self.request).get('requests/', params={'page_size': 1})
kwargs['user_request_count'] = response.json().get('count')
cards = [
{
'heading': _('Digital cashbook'),
'link': reverse_lazy('new-credits'),
'description': _('Credit money into a prisoner’s account'),
},
{
'heading': _('Digital disbursements'),
'link': reverse_lazy('disbursements:start'),
'description': _('Send money out of a prisoner’s account by bank transfer or cheque'),
},
]
kwargs.update(
start_page_url=settings.START_PAGE_URL,
cards=cards,
)
return super().get_context_data(**kwargs)
def clean_prisoner_number(self):
prisoner_number = self.cleaned_data.get('prisoner_number')
if prisoner_number:
prisoner_number = prisoner_number.upper()
session = get_api_session(self.request)
try:
prisoner = session.get(
'/prisoner_locations/{prisoner_number}/'.format(
prisoner_number=quote_plus(prisoner_number))).json()
self.cleaned_data['prisoner_name'] = prisoner['prisoner_name']
self.cleaned_data['prisoner_dob'] = prisoner['prisoner_dob']
self.cleaned_data['prison'] = prisoner['prison']
except HttpNotFoundError:
raise forms.ValidationError(self.error_messages['not_found'],
code='not_found')
except Forbidden:
raise forms.ValidationError(
self.error_messages['wrong_prison'], code='wrong_prison')
except (RequestException, ValueError):
logger.exception('Could not look up prisoner location')
raise forms.ValidationError(self.error_messages['connection'],
code='connection')
return prisoner_number
def list_users(request):
page_size = 20
try:
page = int(request.GET['page'])
if page < 1:
raise ValueError
except (KeyError, ValueError):
page = 1
session = api_client.get_api_session(request)
response = session.get(
'users/',
params={
'limit': page_size,
'offset': (page - 1) * page_size,
}
).json()
user_count = response.get('count', 0)
users = response.get('results', [])
try:
account_requests = retrieve_all_pages_for_path(session, 'requests/')
for account_request in account_requests:
account_request['created'] = parse_datetime(account_request['created'])
except HttpClientError:
logger.exception(f'User {request.user.username} cannot access account requests')
account_requests = []
context = {
'breadcrumbs': make_breadcrumbs(),
'can_delete': request.user.has_perm('auth.delete_user'),
'locked_users_exist': any(user['is_locked_out'] for user in users),
'users': users,
'page': page,
'page_count': int(math.ceil(user_count / page_size)),
'user_count': user_count,
'account_requests': account_requests,
}
return render(request, 'mtp_common/user_admin/list.html', context=context)
def session(self):
return get_api_session(self.request)
def api_session(self):
return get_api_session(self.request)
def get_supported_prisons(self):
session = get_api_session(self.request)
prison_list = PrisonList(session)
return set(prison['nomis_id'] for prison in prison_list.prisons)
