def create_checkin(request, company_id, headers): if request.method == "POST": check_in_data = json.loads(request.body) check_in_data_send = [("vehicle_number", check_in_data['vehicle_number']), ("checkin_by", request.session['username'])] for destination in check_in_data['destination_list']: check_in_data_send.append(("destination_ids", destination['destination']['destination_id'])) response = requests.post("{}/company/{}/checkedin_destinations".format(settings.COORDINATOR_WS_URL, company_id), data=check_in_data_send) validate_api_call(response, []) data = {"status_code": response.status_code} # Let the display know we did a checkin params = {"company_id": company_id} display_response = requests.get("{}/display/company_destinations".format(settings.COORDINATOR_WS_URL), params=params) validate_api_call(display_response, []) json_data = json.dumps(data) return JsonResponse(json_data, safe=False) else: return Http404
def get_checkin_detail(request, company_id, vehicle_number, headers): params = {"vehicle_number": vehicle_number} response = requests.get("{}/company/{}/vehicle_destinations".format(settings.COORDINATOR_WS_URL, company_id), params=params, headers=headers) validate_api_call(response, []) data = json.loads(response.text) return JsonResponse(data, safe=False)
def get_company(request, company_id, headers): parameters = {"company_contact_info": "true", "curbside_check_in_info": "true", "company_destination_info": "true"} response = requests.get("{}/company/{}".format(settings.ADMIN_WS_URL, company_id), params=parameters, headers=headers) validate_api_call(response, []) data = json.loads(response.text)['companies'][0] return JsonResponse(data, safe=False)
def get_action_id(headers, action_name): response = requests.get("{}/reference/action".format( settings.ADMIN_WS_URL), headers=headers) validate_api_call(response, []) for action in json.loads(response.text)['actions']: if action['action_name'] == action_name: return action['action_id']
def get_all_checkins(request, headers): response = requests.get("{}/company/checkedin_vehicles".format(settings.COORDINATOR_WS_URL), headers=headers) validate_api_call(response, [404]) if response.status_code == 204 or response.status_code == 404: data = {"data" : []} else: data = json.loads(response.text) return JsonResponse(data, safe=False)
def create_audit(request, headers, action_reason, resource_name, action_description, action_name, company_id, action_on_user): data = {"action_id": get_action_id(headers, action_name)} data['company_id'] = company_id data['action_description'] = action_description data['action_by_user_role_id'] = request.session['role_id'] data['action_by_user'] = request.session['username'] data['resource_name'] = resource_name data['action_reason'] = action_reason data['action_on_user'] = action_on_user response = requests.post("{}/audit".format(settings.COORDINATOR_WS_URL), data=data, headers=headers) validate_api_call(response, [])
def delete_checkin(request, company_id, headers): if request.method == "POST": form_data = json.loads(request.body) delete_data = {"vehicle_number": form_data['vehicle_number']} delete_data['checkout_by'] = request.session['username'] response = requests.delete("{}/company/{}/checkedin_destinations".format(settings.COORDINATOR_WS_URL, company_id), data=delete_data) validate_api_call(response, []) data = {"status_code": response.status_code} # Let the display know we did a delete params = {"company_id": company_id} display_response = requests.get("{}/display/company_destinations".format(settings.COORDINATOR_WS_URL), params=params) validate_api_call(display_response, []) json_data = json.dumps(data) return JsonResponse(json_data, safe=False) else: return Http404
def get_company_destinations(request, company_id, headers): response = requests.get("{}/company/{}/company_destination".format(settings.ADMIN_WS_URL, company_id), headers=headers) validate_api_call(response, []) data = json.loads(response.text) return JsonResponse(data, safe=False)
def get_vehicle(request, company_id, vehicle_id, headers): response = requests.get("{}/gtms/vehicle/{}/".format(settings.ADMIN_WS_URL, vehicle_id), headers=headers) validate_api_call(response, []) data = json.loads(response.text) return JsonResponse(data, safe=False)
def get_all_companies(request, headers): response = requests.get("{}/company".format(settings.ADMIN_WS_URL), headers=headers) validate_api_call(response, []) data = json.loads(response.text) return JsonResponse(data, safe=False)
def login(request): try: # GET requests to the page return the page itself if request.session.session_key and 'role' in request.session: if request.GET.get('next'): return redirect(request.GET.get('next')) return render(request, "coordinator_portal/app.html") # POST request to the page attempt to validate the credentials and log-in the user elif request.method == 'POST': form = LoginForm(request.POST) if form.is_valid(): username = request.POST.get('username') password = request.POST.get('password') # Authentication API Call response = requests.post("{}/ad/auth".format( settings.AD_WS_URL), data={ "username": username, "password": password, "attributes": True }) validate_api_call(response, []) response_data = json.loads(response.text)["response"] # If SFO AD returns a valid set of credentials if response_data["validPassword"] is True: # And if the credentials are in the Five Star OU if response_data["dn"].find("OU=FSP PPM") != -1: headers = { "authorization": "Basic {}".format( base64.urlsafe_b64encode("{}:{}".format( response_data['email'], password))) } response = requests.get( "{}/user".format(settings.ADMIN_WS_URL), params={"email": response_data['email'].lower()}, headers=headers) validate_api_call(response, [404]) # And the user is in the coordinator user table if response.status_code == 200: # Iterate over all users with this email for response_coordinator_data in json.loads( response.text)['users']: # If a coordinator is found and they're not deleted, immediately log them in if not response_coordinator_data[ 'deleted'] and ( response_coordinator_data['role'] ['role_name'] == "coordinator_admin" or response_coordinator_data['role'] ['role_name'] == "coordinator_user"): request.session["logged_in"] = True request.session[ "first_name"] = response_coordinator_data[ "first_name"].title() request.session[ "last_name"] = response_coordinator_data[ "last_name"].title() request.session[ "username"] = response_coordinator_data[ "email"] request.session[ "user_id"] = response_coordinator_data[ "user_id"] request.session[ "role"] = response_coordinator_data[ 'role']['role_name'] request.session[ "role_id"] = response_coordinator_data[ 'role']['role_id'] request.session["auth"] = headers[ 'authorization'] request.session[ "company_id"] = response_coordinator_data[ "company_id"] # Log that the user logged in. create_audit( request, headers, None, "USERS", "Logged in", "LOGIN", None, response_coordinator_data['email']) return render( request, "coordinator_portal/app.html", "") # Otherwise alert them that they don't have authorization to use the app messages.error( request, 'Only authorized coordinators may use this system.', extra_tags="danger") return redirect(reverse('coordinator_login')) # If there is no matching email, alert the user they're not authorized to use the app messages.error( request, 'Only authorized coordinators may use this system.', extra_tags="danger") return redirect(reverse('coordinator_login')) # Otherwise alert the user they're a coordinator but not authorized to use the system elif response.status_code == 404: messages.error( request, 'Only authorized coordinators may use this system.', extra_tags="danger") return redirect(reverse('coordinator_login')) # Otherwise alert the user they're not authorized to use the system else: messages.error( request, 'You do not have authorization to use this application.', extra_tags="danger") return redirect(reverse('coordinator_login')) # Otherwise alert the user they've entered and incorrect username/password combination. else: messages.error(request, 'Incorrect username or password.', extra_tags="danger") return redirect(reverse('coordinator_login')) # Otherwise alert the user that form validation failed else: messages.error( request, 'An error occurred when attempting to validate your login credentials. Please try again or contact SFO Helpdesk.', extra_tags="danger") return redirect(reverse('coordinator_login')) else: return render(request, "coordinator_portal/login.html", "") except KeyError: django_logout(request) return redirect((reverse('coordinator_login')))