def undelete_user(request, username): if request.method == 'POST': try: api_client.get_api_session(request).patch( f'users/{username}/', json={'is_active': True} ) admin_username = request.user.user_data.get('username', 'Unknown') logger.info(f'Admin {admin_username} enabled user {username}', extra={ 'elk_fields': { '@fields.username': admin_username, } }) messages.success(request, _('User account ‘%(username)s’ enabled') % {'username': username}) except HttpClientError as e: api_errors_to_messages(request, e, gettext('This user could not be enabled')) return redirect(reverse('list-users')) context = { 'breadcrumbs': make_breadcrumbs(_('Enable user')), } try: user = api_client.get_api_session(request).get( f'users/{username}/' ).json() context['user'] = user context['page_title'] = _('Enable user') return render(request, 'mtp_common/user_admin/undelete.html', context=context) except HttpNotFoundError: raise Http404
def get_context_data(self, **kwargs): if self.request.user.has_perm('auth.change_user'): response = api_client.get_api_session(self.request).get( 'requests/', params={'page_size': 1}) kwargs['user_request_count'] = response.json().get('count') return super().get_context_data(start_page_url=settings.START_PAGE_URL, **kwargs)
def clean_prisoner_number(self): prisoner_number = self.cleaned_data.get('prisoner_number') if prisoner_number: prisoner_number = prisoner_number.upper() session = get_api_session(self.request) try: prisoner = session.get( '/prisoner_locations/{prisoner_number}/'.format( prisoner_number=quote_plus(prisoner_number) ) ).json() self.cleaned_data['prisoner_name'] = prisoner['prisoner_name'] self.cleaned_data['prisoner_dob'] = prisoner['prisoner_dob'] self.cleaned_data['prison'] = prisoner['prison'] except HttpNotFoundError: raise forms.ValidationError( self.error_messages['not_found'], code='not_found') except Forbidden: raise forms.ValidationError( self.error_messages['wrong_prison'], code='wrong_prison') except (RequestException, ValueError): logger.exception('Could not look up prisoner location') raise forms.ValidationError( self.error_messages['connection'], code='connection') return prisoner_number
def download_adi_journal(request, receipt_date): api_session = get_api_session(request) try: filedata = adi.get_adi_journal_file(api_session, receipt_date, user=request.user) record_download(api_session, ADI_JOURNAL_LABEL, receipt_date) except EmptyFileError as e: record_download(api_session, ADI_JOURNAL_LABEL, receipt_date) raise e filename = settings.ADI_OUTPUT_FILENAME.format( initials=request.user.get_initials(), date=date.today()) response = HttpResponse( filedata, content_type= 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet') response['Content-Disposition'] = 'attachment; filename="%s"' % filename logger.info( 'User "%(username)s" is downloading ADI journal for %(date)s' % { 'username': request.user.username, 'date': date_format(receipt_date, 'Y-m-d'), }) return response
def decline_request(request, account_request): response = api_client.get_api_session(request).delete(f'requests/{account_request}/') if response.status_code == 204: messages.success(request, gettext('New user request was declined')) else: messages.error(request, gettext('New user request could not be declined')) return redirect(AcceptRequestView.success_url)
def download_disbursements(request, receipt_date): api_session = get_api_session(request) try: filedata = disbursements.get_disbursements_file(api_session, receipt_date, mark_sent=True) record_download(api_session, DISBURSEMENTS_LABEL, receipt_date) except EmptyFileError as e: record_download(api_session, DISBURSEMENTS_LABEL, receipt_date) raise e filename = settings.DISBURSEMENT_OUTPUT_FILENAME.format(date=receipt_date) response = HttpResponse( filedata, content_type= 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet') response['Content-Disposition'] = 'attachment; filename="%s"' % filename logger.info( 'User "%(username)s" is downloading Disbursements for %(date)s' % { 'username': request.user.username, 'date': date_format(receipt_date, 'Y-m-d'), }) return response
def get_context_data(self, **kwargs): context = super().get_context_data(**kwargs) preceding_workdays = get_preceding_workday_list(5, offset=1) context['latest_day'], context['preceding_days'] = preceding_workdays[ 0], preceding_workdays[1:] api_session = get_api_session(self.request) workday_list = get_preceding_workday_list(20, offset=2) user = self.request.user if user.has_perm('transaction.view_bank_details_transaction'): context['missed_refunds'] = get_missing_downloads( api_session, ACCESSPAY_LABEL, workday_list) if user.has_perm('credit.view_any_credit'): context['missed_adi_journals'] = get_missing_downloads( api_session, ADI_JOURNAL_LABEL, workday_list) if user.has_perm('transaction.view_transaction'): context['missed_statements'] = get_missing_downloads( api_session, MT940_STMT_LABEL, workday_list) if user.has_perm('disbursement.view_disbursement'): context['missed_disbursements'] = get_missing_downloads( api_session, DISBURSEMENTS_LABEL, workday_list) context['show_access_pay_refunds'] = settings.SHOW_ACCESS_PAY_REFUNDS return context
def get(self, request, *args, **kwargs): session = api_client.get_api_session(self.request) batches = session.get('credits/batches/').json() if batches['count']: last_batch = batches['results'][0] credit_ids = last_batch['credits'] incomplete_credits = session.get( 'credits/', params={'resolution': 'pending', 'pk': credit_ids} ).json() if not last_batch['expired'] and incomplete_credits['count']: return redirect('processing-credits') credited_credits = session.get( 'credits/', params={'resolution': 'credited', 'pk': credit_ids} ).json() kwargs['credited_credits'] = credited_credits['count'] kwargs['failed_credits'] = incomplete_credits['count'] session.delete( 'credits/batches/{batch_id}/'.format(batch_id=last_batch['id']) ) for message in messages.get_messages(request): if message.level == MANUALLY_CREDITED_LOG_LEVEL: kwargs['credited_manual_credits'] = int(message.message) return self.render_to_response(self.get_context_data(**kwargs))
def get_context_data(self, **kwargs): if self.request.user.has_perm('auth.change_user'): response = api_client.get_api_session(self.request).get('requests/', params={'page_size': 1}) kwargs['user_request_count'] = response.json().get('count') return super().get_context_data( start_page_url=settings.START_PAGE_URL, **kwargs )
def get_context_data(self, **kwargs): context = super().get_context_data(**kwargs) if self.request.can_access_security: session = get_api_session(self.request) email_preferences = session.get('/emailpreferences/').json() context['email_notifications'] = email_preferences[ 'frequency'] != EmailNotifications.never return context
def __init__(self, request, ordering='-received_at', *args, **kwargs): super().__init__(*args, **kwargs) self.request = request self.user = request.user self.session = get_api_session(request) self.ordering = ordering self.fields['credit'].choices = self.credit_choices
def save_user_flags(request, flag): api_session = get_api_session(request) api_session.put('/users/%s/flags/%s/' % (request.user.username, flag), json={}) flags = set(request.user.user_data.get('flags') or []) flags.add(flag) flags = list(flags) request.user.user_data['flags'] = flags request.session[USER_DATA_SESSION_KEY] = request.user.user_data
def unlock_user(request, username): try: api_client.get_api_session(request).patch( f'users/{username}/', json={'is_locked_out': False} ) admin_username = request.user.user_data.get('username', 'Unknown') logger.info(f'Admin {admin_username} removed lock-out for user {username}', extra={ 'elk_fields': { '@fields.username': admin_username, } }) messages.success(request, gettext('Unlocked user ‘%(username)s’, they can now log in again') % { 'username': username, }) except HttpClientError as e: api_errors_to_messages(request, e, gettext('This user could not be enabled')) return redirect(reverse('list-users'))
def get_api_session(self, **kwargs): request = self.factory.get( reverse('bank_admin:download_bank_statement'), **kwargs) request.user = MojUser(1, '', { 'first_name': 'John', 'last_name': 'Smith', 'username': '******' }) request.session = mock.MagicMock() return get_api_session(request)
def post(self, *args, **kwargs): if self.request.can_access_security and 'email_notifications' in self.request.POST: session = get_api_session(self.request) if self.request.POST['email_notifications'] == 'True': session.post('/emailpreferences/', json={'frequency': EmailNotifications.daily}) else: session.post('/emailpreferences/', json={'frequency': EmailNotifications.never}) return redirect(reverse_lazy('settings'))
def get_user_request_count(self) -> int: if self.request.user.has_perm('auth.change_user'): try: api_session = get_api_session(self.request) response = api_session.get('requests/', params={'page_size': 1}) return response.json().get('count', 0) except RequestException: logger.exception('Failed to get number of account requests') return 0
def __init__(self, request, *args, **kwargs): super().__init__(*args, **kwargs) self.label_suffix = '' self.request = request self.user = request.user self.session = get_api_session(request) self.pagination = { 'page': 1, 'count': 0, 'page_count': 0, }
def reject(self, request, disbursement_id): api_session = get_api_session(request) api_session.post('disbursements/actions/reject/', json={'disbursement_ids': [disbursement_id]}) reason = self.cleaned_data['reason'] if reason: reasons = [{ 'disbursement': disbursement_id, 'comment': reason, 'category': 'reject', }] api_session.post('/disbursements/comments/', json=reasons)
def form_valid(self, form): if has_provided_job_information(self.request.user): return redirect(self.get_success_url()) session = get_api_session(self.request) session.post('/job-information/', json={ 'title': form.cleaned_data['job_title_or_other'], 'prison_estate': form.cleaned_data['prison_estate'], 'tasks': form.cleaned_data['tasks'] }) save_user_flags(self.request, provided_job_info_flag) return super().form_valid(form)
def reject(self, request, disbursement_id): api_session = get_api_session(request) api_session.post( 'disbursements/actions/reject/', json={'disbursement_ids': [disbursement_id]} ) reason = self.cleaned_data['reason'] if reason: reasons = [{ 'disbursement': disbursement_id, 'comment': reason, 'category': 'reject', }] api_session.post('/disbursements/comments/', json=reasons)
def form_valid(self, form): api_session = get_api_session(self.request) confirmation = form.cleaned_data['confirmation'] if confirmation == 'yes': save_user_flags(self.request, hmpps_employee_flag, api_session) success_url = form.cleaned_data['next'] if success_url and is_safe_url( success_url, allowed_hosts=self.request.get_host()): self.success_url = success_url return super().form_valid(form) else: save_user_flags(self.request, not_hmpps_employee_flag, api_session) api_session.delete('/users/%s/' % self.request.user.username) self.request.session.flush() return redirect(self.not_employee_url)
def get(self, request, *args, **kwargs): context = self.get_context_data(**kwargs) session = api_client.get_api_session(self.request) batches = session.get('credits/batches/').json() if batches['count'] == 0 or batches['results'][0]['expired']: return redirect('new-credits') else: credit_ids = batches['results'][0]['credits'] total = len(credit_ids) incomplete_credits = session.get( 'credits/', params={'resolution': 'pending', 'pk': credit_ids} ).json() done_credit_count = total - incomplete_credits['count'] context['percentage'] = int((done_credit_count / total) * 100) return self.render_to_response(context)
def get_saved_search_cards(self): if not self.request.can_access_security: return [] session = get_api_session(self.request) saved_searches = populate_new_result_counts(session, get_saved_searches(session)) return [ { 'heading': search['description'], 'link': search['site_url'], 'description': ( ngettext('%d new credit', '%d new credits', search['new_result_count']) % search['new_result_count'] if search.get('new_result_count') else '' ) } for search in saved_searches ]
def get_initial(self): username = self.kwargs['username'] try: response = api_client.get_api_session(self.request).get( f'users/{username}/' ).json() initial = { 'username': response.get('username', ''), 'first_name': response.get('first_name', ''), 'last_name': response.get('last_name', ''), 'email': response.get('email', ''), 'user_admin': response.get('user_admin', False), } roles = response.get('roles', []) if len(roles) == 1: initial['role'] = roles[0] else: raise IncompatibleUser return initial except HttpNotFoundError: raise Http404
def notifications_for_request(request, target=None, use_cache=True): # NB: caching can only be used since notifications are not currently set up to be user/request specific cache_key = 'notifications-%s' % target if use_cache: results = cache.get(cache_key) if results: return results try: if request.user.is_authenticated: session = api_client.get_api_session(request) else: session = api_client.get_unauthenticated_session() response = session.get( 'notifications/', params={'target__startswith': target} if target else None) results = response.json()['results'] if use_cache: cache.set(cache_key, results, timeout=60 * 5) return results except (RequestException, ValueError, KeyError): logger.exception('Could not load notifications')
def get_context_data(self, *args, **kwargs): context = super().get_context_data(*args, **kwargs) api_session = get_api_session(self.request) workday_list = get_preceding_workday_list(20, offset=2) user = self.request.user if user.has_perm('transaction.view_bank_details_transaction'): context['missed_refunds'] = get_missing_downloads( api_session, ACCESSPAY_LABEL, workday_list) if user.has_perm('credit.view_any_credit'): context['missed_adi_journals'] = get_missing_downloads( api_session, ADI_JOURNAL_LABEL, workday_list) if user.has_perm('transaction.view_transaction'): context['missed_statements'] = get_missing_downloads( api_session, MT940_STMT_LABEL, workday_list) if user.has_perm('disbursement.view_disbursement'): context['missed_disbursements'] = get_missing_downloads( api_session, DISBURSEMENTS_LABEL, workday_list) return context
def download_refund_file(request, receipt_date): api_session = get_api_session(request) try: csvfile = refund.get_refund_file(api_session, receipt_date, mark_refunded=True) record_download(api_session, ACCESSPAY_LABEL, receipt_date) except EmptyFileError as e: record_download(api_session, ACCESSPAY_LABEL, receipt_date) raise e filename = settings.REFUND_OUTPUT_FILENAME.format(date=date.today()) response = HttpResponse(csvfile, content_type='text/plain') response['Content-Disposition'] = 'attachment; filename="%s"' % filename logger.info( 'User "%(username)s" is downloading AccessPay file for %(date)s' % { 'username': request.user.username, 'date': date_format(receipt_date, 'Y-m-d'), }) return response
def download_bank_statement(request, receipt_date): api_session = get_api_session(request) try: bai2file = statement.get_bank_statement_file(api_session, receipt_date) record_download(api_session, MT940_STMT_LABEL, receipt_date) except EmptyFileError as e: record_download(api_session, MT940_STMT_LABEL, receipt_date) raise e filename = settings.BANK_STMT_OUTPUT_FILENAME.format( account_number=settings.BANK_STMT_ACCOUNT_NUMBER, date=receipt_date) response = HttpResponse(bai2file, content_type='application/octet-stream') response['Content-Disposition'] = 'attachment; filename="%s"' % filename logger.info( 'User "%(username)s" is downloading bank statement file for %(date)s' % { 'username': request.user.username, 'date': date_format(receipt_date, 'Y-m-d'), }) return response
def get_context_data(self, **kwargs): if self.request.user.has_perm('auth.change_user'): response = api_client.get_api_session(self.request).get('requests/', params={'page_size': 1}) kwargs['user_request_count'] = response.json().get('count') cards = [ { 'heading': _('Digital cashbook'), 'link': reverse_lazy('new-credits'), 'description': _('Credit money into a prisoner’s account'), }, { 'heading': _('Digital disbursements'), 'link': reverse_lazy('disbursements:start'), 'description': _('Send money out of a prisoner’s account by bank transfer or cheque'), }, ] kwargs.update( start_page_url=settings.START_PAGE_URL, cards=cards, ) return super().get_context_data(**kwargs)
def clean_prisoner_number(self): prisoner_number = self.cleaned_data.get('prisoner_number') if prisoner_number: prisoner_number = prisoner_number.upper() session = get_api_session(self.request) try: prisoner = session.get( '/prisoner_locations/{prisoner_number}/'.format( prisoner_number=quote_plus(prisoner_number))).json() self.cleaned_data['prisoner_name'] = prisoner['prisoner_name'] self.cleaned_data['prisoner_dob'] = prisoner['prisoner_dob'] self.cleaned_data['prison'] = prisoner['prison'] except HttpNotFoundError: raise forms.ValidationError(self.error_messages['not_found'], code='not_found') except Forbidden: raise forms.ValidationError( self.error_messages['wrong_prison'], code='wrong_prison') except (RequestException, ValueError): logger.exception('Could not look up prisoner location') raise forms.ValidationError(self.error_messages['connection'], code='connection') return prisoner_number
def list_users(request): page_size = 20 try: page = int(request.GET['page']) if page < 1: raise ValueError except (KeyError, ValueError): page = 1 session = api_client.get_api_session(request) response = session.get( 'users/', params={ 'limit': page_size, 'offset': (page - 1) * page_size, } ).json() user_count = response.get('count', 0) users = response.get('results', []) try: account_requests = retrieve_all_pages_for_path(session, 'requests/') for account_request in account_requests: account_request['created'] = parse_datetime(account_request['created']) except HttpClientError: logger.exception(f'User {request.user.username} cannot access account requests') account_requests = [] context = { 'breadcrumbs': make_breadcrumbs(), 'can_delete': request.user.has_perm('auth.delete_user'), 'locked_users_exist': any(user['is_locked_out'] for user in users), 'users': users, 'page': page, 'page_count': int(math.ceil(user_count / page_size)), 'user_count': user_count, 'account_requests': account_requests, } return render(request, 'mtp_common/user_admin/list.html', context=context)
def session(self): return get_api_session(self.request)
def api_session(self): return get_api_session(self.request)
def get_supported_prisons(self): session = get_api_session(self.request) prison_list = PrisonList(session) return set(prison['nomis_id'] for prison in prison_list.prisons)