def permissions(self, user): if user.is_superuser: perms = { 'view': True, 'team': True, 'manager': True, 'admin': True } else: perms = { 'view': False, 'team': False, 'manager': False, 'admin': False } group = in_group(user, settings.CSS_GROUP) if group: perms['manager'] = True perms['team'] = True perms['view'] = True perms['admin'] = True for member in self.team.all(): if user == member.user and member.status: perms['view'] = True if member.status: perms['team'] = True if member.user.profile.case_manager: perms['manager'] = True if self.created_by == user: perms['view'] = True perms['update'] = True return perms
def openxml(request, mod): if in_group(request.user, settings.HR_GROUP): wb = Workbook() ws = wb.get_active_sheet() model = str_to_class( 'djpersonnel.{0}.models'.format(mod), 'Operation', ) data = serializers.serialize('python', model.objects.all() ) head = False headers = [] for d in data: row = [] for n,v in d['fields'].items(): headers.append(model._meta.get_field(n).verbose_name.title()) row.append(v) if not head: ws.append(headers) head = True ws.append(row) response = HttpResponse( save_virtual_workbook(wb), content_type='application/ms-excel' ) response['Content-Disposition'] = 'attachment;filename={}.xlsx'.format( mod ) else: response = HttpResponseRedirect(reverse_lazy('access_denied')) return response
def home(request): """Dashboard home page view.""" deans = get_deans() user = request.user hr = in_group(user, settings.HR_GROUP) # HR or VPFA can access all objects if hr or user.id == LEVEL2.id: requisitions = Requisition.objects.all().order_by('-created_at')[:30] transactions = Transaction.objects.all().order_by('-created_at')[:30] elif user.id == PROVOST.id: # PRF reqs1 = Requisition.objects.filter(level3_approver__pk__in=deans) reqs2 = Requisition.objects.filter(level3_approver__pk=PROVOST.id) reqs = reqs1 | reqs2 requisitions = reqs.order_by('-created_at')[:30] # PAF trans1 = Transaction.objects.filter(level3_approver__pk__in=deans) trans2 = Transaction.objects.filter(level3_approver__pk=PROVOST.id) trans = trans1 | trans2 transactions = trans.order_by('-created_at')[:30] else: requisitions = Requisition.objects.filter( Q(created_by=user) | Q(level3_approver=user) ).order_by('-created_at')[:30] transactions = Transaction.objects.filter( Q(created_by=user) | Q(level3_approver=user) ).order_by('-created_at')[:30] return render( request, 'home.html', {'hr': hr, 'requisitions': requisitions, 'transactions': transactions}, )
def get_permissions(obj, user): """Establish permissions for a user on the object.""" perms = {'view': False, 'approver': False, 'provost': False, 'level': []} # in_group includes an exception for superusers group = in_group(user, settings.HR_GROUP) # Level 3 approver might also be in the HR group, in which case # she will approve at level 3 first, then VPFA approves, then she will # approve once again as HR, unless the request does not involve the # VPFA (no budget impact), then she will approve level3 and level1 # all in one go. if group and obj.level3_approver == user and not obj.level3: perms['view'] = True perms['approver'] = True perms['level'].append('level3') if not obj.notify_level2(): perms['level'].append('level1') # the rest of HR elif group: perms['view'] = True perms['approver'] = True perms['level'].append('level1') # Provost: # 1) approves PAF for faculty submissions only (not PRF...for now) # 2) will be an approver for level3 or provost but not both # 3) provost level is between levels 3 and 2 elif user.id == PROVOST.id: perms['view'] = True if obj._meta.verbose_name.title() == "Transaction": perms['approver'] = True perms['provost'] = True perms['level'].append('provost') # provost can also be a level3 approver on both # Transaction and Requisition if obj.level3_approver == user: perms['approver'] = True perms['level'].append('level3') # VPFA might also be a level 3 approver, but does not approve submissions # that do not impact the budget elif user.id == LEVEL2.id: perms['view'] = True if obj.level3_approver == user: perms['level'].append('level3') # money involved if obj.notify_level2(): perms['approver'] = True perms['level'].append('level2') # VP/Dean approver elif obj.level3_approver == user: perms['view'] = True perms['approver'] = True perms['level'].append('level3') elif obj.created_by == user: perms['view'] = True return perms
def main(): """ main method """ users = User.objects.all() g = Group.objects.get(name=group) for user in users: if in_group(user, group): print user.username, user.id if remove: g.user_set.remove(user)
def save(self, data=None, *args, **kwargs): self.title.encode('latin1') self.summary.encode('latin1') self.description.encode('latin1') #self.title = convert_smart_quotes(self.title) #self.summary = convert_smart_quotes(self.summary) #self.description = convert_smart_quotes(self.description) if data: u = data["user"] # date munging if data['start_time']: self.date_dt = datetime.datetime.combine(data['start_date'],data['start_time']) else: self.date_dt = data['start_date'] if data['end_time']: self.date2_dt = datetime.datetime.combine(data['end_date'],data['end_time']) else: self.date2_dt = data['end_date'] # set contact info from request.user self.contact_info = '<p>By: <a href="mailto:%s">%s %s</a></p>' % ( u.email, u.first_name, u.last_name ) if in_group(u, "Staff", "Faculty"): self.status = 1 else: # student self.status = 0 # save super(LivewhaleEvents, self).save(*args, **kwargs) """ We have to resort to raw sql since Django does not support composite Foreign Keys """ if data: # tag sql = """ INSERT INTO livewhale_tags2any (id1, id2, type) VALUES ('%s', '%s', 'events') """ % (data["category"],self.id) cursor = connections['livewhale'].cursor() cursor.execute(sql) # category sql = """ INSERT INTO livewhale_events_categories2any (id1, id2, type) VALUES ('%s', '%s', 'events') """ % (30,self.id) cursor.execute(sql)
def _wrap(request, *args, **kwargs): """Wrapper for the decorator.""" cia = in_group(request.user, settings.CIA_GROUP) if settings.ACADEMIC_YEAR_LIMBO and not cia: return render(request, 'limbo.html') elif request.user.id and get_student(request.user.id): return view_func(request, *args, **kwargs) elif settings.DEBUG: return view_func(request, *args, **kwargs) else: response = render(request, 'denied.html') if cia: response = HttpResponseRedirect(reverse_lazy('dashboard_home')) return response
def test_home(self): hr = in_group(user, settings.HR_GROUP) # HR or VPFA can access all objects if hr or user.id == LEVEL2.id: requisitions = Requisition.objects.all() transactions = Transaction.objects.all() else: requisitions = Requisition.objects.filter( Q(created_by=user) | Q(level3_approver=user)) transactions = Transaction.objects.filter( Q(created_by=user) | Q(level3_approver=user)) self.assertGreaterEqual(requisitions.count(), 1) self.assertGreaterEqual(transactions.count(), 1)
def detail(request, rid): """Display the detailed data set for this requisition.""" data = get_object_or_404(Operation, pk=rid) user = request.user perms = data.permissions(user) if not perms['view']: raise Http404 hr = in_group(user, settings.HR_GROUP) return render( request, 'requisition/detail.html', { 'hr': hr, 'data': data, 'perms': perms }, )
def detail(request, tid): """Display a PAF.""" paf = get_object_or_404(Operation, pk=tid) user = request.user perms = paf.permissions(user) if not perms['view']: raise Http404 hr = in_group(user, settings.HR_GROUP) return render( request, 'transaction/detail.html', { 'hr': hr, 'data': paf, 'perms': perms }, )
def list(request, mod): """Display a complete list of all objects.""" deans = get_deans() user = request.user hr = in_group(user, settings.HR_GROUP) # HR or VPFA can access all objects if hr or user.id == LEVEL2.id: if mod == 'requisition': objects = Requisition.objects.all() elif mod == 'transaction': objects = Transaction.objects.all() else: objects = None # Provost can view all objects created by Deans elif user.id == PROVOST.id: if mod == 'requisition': reqs1 = Requisition.objects.filter(level3_approver__pk__in=deans) reqs2 = Requisition.objects.filter(level3_approver__pk=PROVOST.id) reqs = reqs1 | reqs2 objects = reqs.order_by('-created_at') elif mod == 'transaction': trans1 = Transaction.objects.filter(level3_approver__pk__in=deans) trans2 = Transaction.objects.filter(level3_approver__pk=PROVOST.id) trans = trans1 | trans2 objects = trans.order_by('-created_at') else: objects = None else: if mod == 'requisition': objects = Requisition.objects.filter( Q(created_by=user) | Q(level3_approver=user) ) elif mod == 'transaction': objects = Transaction.objects.filter( Q(created_by=user) | Q(level3_approver=user) ) else: objects = None return render( request, 'list.html', {'hr': hr, 'objects': objects, 'mod': mod}, )
def home(request): ''' dashboard home page view ''' user = request.user group = in_group(user, OSP_GROUP) if user.is_authenticated: proposals = get_proposals(user) return render( request, 'home.html', { 'proposals':proposals['objects'], 'dean_chair':proposals['dean_chair'], 'group':group,'dc':proposals['dc'],'depts':proposals['depts'], 'div':proposals['div'],'approver':proposals['approver'] } ) else: return HttpResponseRedirect(reverse_lazy('auth_login'))
def get_proposals(user): approver = False depts = False div = False dc = None dean_chair = department_division_chairs( '(DTID.id={} or DVID.id={})'.format(user.id, user.id) ) group = in_group(user, settings.OSP_GROUP) if group: objects = Proposal.objects.all().order_by('-grant_deadline_date') elif dean_chair: chair_depts = chair_departments(user.id) dc = chair_depts[1] div = chair_depts[2] depts = chair_depts[0]['depts'] objects = Proposal.objects.filter( department__in=[ key for key,val in depts.iteritems() ] ).order_by('-grant_deadline_date') else: objects = Proposal.objects.filter( Q(user=user) | Q(approvers__user=user) ).order_by( '-grant_deadline_date' ) # check if user is an approver for p in objects: for a in p.approvers.all(): if a.user == user: approver = True break return { 'objects':objects, 'dean_chair':dean_chair, 'dc':dc, 'div':div, 'depts':depts, 'approver':approver }
def form_home(request, rid=None): user = request.user obj = None if rid: obj = get_object_or_404(Operation, pk=rid) # only HR folks can update PRF at the moment if not in_group(user, settings.HR_GROUP): return HttpResponseRedirect(reverse_lazy('access_denied')) if request.method == 'POST': form = OperationForm( data=request.POST, instance=obj, files=request.FILES, label_suffix='', use_required_attribute=False, ) if form.is_valid(): data = form.save(commit=False) data.created_by = user data.updated_by = user data.save() # send email to creator and approver or display it for dev, # and do not send it if we are updating the object template = 'requisition/email/approver.html' if not settings.DEBUG and not obj: # send confirmation email to user who submitted the form to_list = [data.created_by.email] bcc = [settings.ADMINS[0][1], settings.HR_EMAIL] # subject subject = "[PRF Submission] {0}, {1}".format( data.created_by.last_name, data.created_by.first_name, ) template = 'requisition/email/created_by.html' send_mail( request, to_list, subject, settings.HR_EMAIL, template, data, bcc, ) # send email to level3 approver and Provost, if need be # (the latter of whom just needs notification and # does not approve anything template = 'requisition/email/approver.html' to_list = [data.level3_approver.email] if data.notify_provost(): to_list.append(PROVOST.email) send_mail( request, to_list, subject, data.created_by.email, template, data, bcc, ) return HttpResponseRedirect( reverse_lazy('requisition_form_success'), ) else: # display the email template return render( request, template, { 'data': data, 'form': form }, ) else: form = OperationForm( instance=obj, label_suffix='', use_required_attribute=False, ) hr = in_group(user, settings.HR_GROUP) return render(request, 'requisition/form.html', {'hr': hr, 'form': form})
def proposal_form(request, pid=None): ''' Proposal Form Part A view ''' institu = None investi = None proposal = None perms = None user = request.user if pid: proposal = get_object_or_404(Proposal, id=pid) perms = proposal.permissions(user) group = in_group(user, OSP_GROUP) # we do not allow anyone but the PI to update a proposal if proposal.user != user and not group: return HttpResponseRedirect( reverse_lazy('home') ) # we do not allow PIs to update their proposals after save-submit # but OSP can do so elif proposal.save_submit and not group: return HttpResponseRedirect( reverse_lazy('home') ) elif not proposal.level3 and not proposal.opened: return HttpResponseRedirect( reverse_lazy('home') ) elif proposal.decline or proposal.closed: return HttpResponseRedirect( reverse_lazy('home') ) else: investigators = proposal.proposal_contact.filter( tags__name='Co-Principal Investigators' ) institutions = proposal.proposal_contact.filter( tags__name='Other Institution' ) depts = person_departments(user.id) if request.method=='POST': form = ProposalForm( depts, request.POST, instance=proposal ) form_institu = InstitutionsForm( request.POST, prefix='institu' ) form_investi = InvestigatorsForm( request.POST, prefix='investi' ) if form.is_valid(): data = form.save(commit=False) # we don't want to change ownership if someone else with # permission is updating the proposal if not proposal: data.user = user data.save() form_institu.is_valid() form_investi.is_valid() # delete the old objects because it's just easier this way if proposal: if investigators: investigators.delete() if institutions: institutions.delete() # obtain our new set of contacts institutions = form_institu.cleaned_data investigators = form_investi.cleaned_data for i in list(range(1,6)): institute = ProposalContact( proposal=data, institution=institutions['institution_{}'.format(i)] ) institute.save() institute.tags.add('Other Institution') investigator = ProposalContact( proposal=data, name=investigators['name_{}'.format(i)], institution=investigators['institution_{}'.format(i)], ) investigator.save() investigator.tags.add('Co-Principal Investigators') # send emails only if we have a new proposal or a revised proposal if not proposal or data.opened: where = 'PT.pcn_03 = "{}"'.format(data.department) chairs = department_division_chairs(where) to_list = [] # add approvers to distribution list for a in data.approvers.all(): to_list.append(a.user.email) if len(chairs) > 0: # we need department full name in email data.department_name = chairs[0][0] # Division dean's email to_list.append(chairs[0][8]) if DEBUG: data.to_list = to_list to_list = [MANAGER] else: # staff do not have a dean so we send the email # to OSP folks to_list.append(PROPOSAL_EMAIL_LIST) if DEBUG: data.to_list = to_list to_list = [MANAGER] # for display purposes only in the email data.department_name = depts[0][1] # if proposal has been reopened, we set opened to False # so that proposal now is considered a new attempt at approval data.opened = False data.save() # send the email to Dean or OSP subject = u'Review and Authorization Required for Part A: \ Your Approval Needed for "{}" by {}, {}'.format( data.title, data.user.last_name, data.user.first_name ) # OSP can update proposals after save/submit if not data.save_submit: send_mail( request, to_list, subject, PROPOSAL_EMAIL_LIST[0], 'proposal/email_approve.html', data, BCC ) # send confirmation to the Primary Investigator (PI) # who submitted the form subject = u"Part A Submission Received: {}".format(data.title) if DEBUG: to_list = [MANAGER] data.to_list = data.user.email else: to_list = [data.user.email] # OSP can update proposals after save/submit if not data.save_submit: send_mail( request, to_list, subject, PROPOSAL_EMAIL_LIST[0], 'proposal/email_confirmation.html', data, BCC ) return HttpResponseRedirect( reverse_lazy('proposal_success') ) else: # set the data saved message # and redirect to proposal form messages.add_message( request, messages.SUCCESS, ''' Your proposal data have been saved. ''', extra_tags='success' ) return HttpResponseRedirect( reverse_lazy('proposal_update', kwargs={'pid':proposal.id}) ) else: form = ProposalForm(depts, instance=proposal) if proposal: investi = {} x = 1 for i in investigators: investi['institution_'+ str(x)] = i.institution investi['name_'+ str(x)] = i.name x += 1 institu = {} x = 1 for i in institutions: institu['institution_'+ str(x)] = i.institution x += 1 form_institu = InstitutionsForm(initial=institu, prefix='institu') form_investi = InvestigatorsForm(initial=investi, prefix='investi') return render( request, 'proposal/form.html', { 'form': form, 'perms': perms, 'form_institu': form_institu, 'form_investi': form_investi } )
def permissions(self, user): ''' what can the user access in terms of the proposal and viewing it and the approval process ''' OSP_GROUP = settings.OSP_GROUP VEEP = get_position(settings.VEEP_TPOS) PROVOST = get_position(settings.PROV_TPOS) PRESIDENT = get_position(settings.PREZ_TPOS) perms = { 'view':False,'approve':False,'decline':False, 'close':False,'open':False,'needswork':False, 'superuser': False, 'approver': False, 'level3': False, 'level2': False, 'level1': False } # in_group includes an exception for superusers group = in_group(user, OSP_GROUP) chair_depts = chair_departments(user.id) # dean or chair? dc = chair_depts[1] # Dean? if dc == 'dean': perms['view'] = True perms['level3'] = True perms['open'] = True perms['needswork'] = True perms['decline'] = True perms['approve'] = 'level3' # VP for Business? elif user.id == VEEP.id: perms['view'] = True perms['level2'] = True perms['needswork'] = True perms['decline'] = True perms['approve'] = 'level2' # Provost? elif user.id == PROVOST.id: perms['view'] = True perms['level1'] = True perms['needswork'] = True perms['decline'] = True perms['approve'] = 'level1' # Superuser? elif group: perms['view'] = True perms['open'] = True perms['close'] = True perms['superuser'] = True perms['needswork'] = True perms['decline'] = True perms['approve'] = 'superuser' elif self.user == user: perms['view'] = True perms['open'] = True # Ad-hoc approver? else: for a in self.approvers.all(): if a.user == user: perms['view'] = True perms['approver'] = True perms['needswork'] = True perms['decline'] = True perms['approve'] = 'approver' break return perms
def home(request): if settings.ACADEMIC_YEAR_LIMBO: return render( request, 'closed.html', ) # for when faculty/staff sign in here or not student found data = {} # create database session session = get_session(EARL) user = request.user # fetch college id from user object cid = user.id # retrieve student manager (or create a new one if none exists) manager = get_manager(session, cid) # intialise some things my_sports = '' student = None adult = False # get academic term term = get_term() # get student sql = ''' {} WHERE id_rec.id = "{}" AND stu_serv_rec.yr = "{}" AND UPPER(stu_serv_rec.sess) = "{}" AND cc_student_medical_manager.created_at > "{}" '''.format( STUDENT_VITALS, cid, term['yr'], term['sess'], settings.START_DATE ) engine = get_engine(EARL) obj = engine.execute(sql) student = obj.fetchone() if student: # save some things to Django session: request.session['gender'] = student.sex # sports needs a python list if manager.sports: my_sports = manager.sports.split(',') # adult or minor? if we do not have a DOB, default to minor if student.birth_date: age = calculate_age(student.birth_date) if age >= 18: adult = True # show the corresponding list of sports if student.sex == 'F': sports = SPORTS_WOMEN else: sports = SPORTS_MEN # quick switch for minor age students if request.GET.get('minor'): adult = False # context dict data = { 'switch_earl': reverse_lazy('set_val'), 'student':student, 'manager':manager, 'sports':sports, 'my_sports':my_sports, 'adult':adult,'sql':sql } # emergency contact modal form sql = 'SELECT * FROM aa_rec WHERE aa in {} AND id="{}"'.format( ENS_CODES, cid ) objs = session.execute(sql) for o in objs: row = {} for field in ENS_FIELDS: try: value = getattr(o, field).decode('cp1252').encode('utf-8') except: value = getattr(o, field) row[field] = value data[o.aa] = row data['mobile_carrier'] = MOBILE_CARRIER data['relationship'] = RELATIONSHIP data['solo'] = True else: if not in_group(user, 'carthageStaffStatus') and \ not in_group(user, 'carthageFacultyStatus'): # could not find student by college_id data = { 'student':student,'sports':SPORTS,'solo':True,'adult':adult } # notify managers send_mail( request, settings.HOUSING_EMAIL_LIST, u'[Lost] Student: {} {} ({})'.format( user.first_name, user.last_name, cid ), user.email, 'alert_email.html', request, [settings.MANAGERS[0][1],] ) session.close() return render(request, 'home.html', data)
def form_home(request): """Submit a PAF.""" user = request.user if request.method == 'POST': p = request.POST form = OperationForm(request.POST, label_suffix='') if form.is_valid(): paf = form.save(commit=False) # deal with level 3 approver level3 = User.objects.get(username=form.cleaned_data['approver']) paf.created_by = user paf.updated_by = user paf.level3_approver = level3 paf.save() # send email or display it for dev if not settings.DEBUG: # email distribution list and bcc parameters bcc = [settings.ADMINS[0][1], settings.HR_EMAIL] # send confirmation email to user who submitted the form to_list = [paf.created_by.email] template = 'transaction/email/created_by.html' # subject subject = "[PAF Submission] {0}, {1}".format( paf.created_by.last_name, paf.created_by.first_name, ) send_mail( request, to_list, subject, settings.HR_EMAIL, template, paf, bcc, ) # send email to level3 approver template = 'transaction/email/approver.html' to_list = [level3.email] send_mail( request, to_list, subject, paf.created_by.email, template, paf, bcc, ) return HttpResponseRedirect( reverse_lazy('transaction_form_success'), ) else: # display the email template template = 'transaction/email/approver.html' return render(request, template, {'paf': paf, 'form': form}) else: form = OperationForm(label_suffix='') hr = in_group(user, settings.HR_GROUP) return render(request, 'transaction/form.html', {'form': form, 'hr': hr})
def wrapper(request, *args, **kwargs): resolved_redirect_url = force_str( resolve_url(redirect_url or reverse_lazy("auth_login")) ) if not request.session.get(session_var): if not request.user.is_authenticated: # we want to redirect back to current view URL refer = request.get_full_path() redirect = '{}?next={}'.format( reverse_lazy("auth_login"), refer ) # UserID value from the portal guid = request.GET.get('uid') if guid: if encryption: test = 1 guid = decrypt(guid) uid = get_userid(guid) if uid: uid = int(uid) try: user = User.objects.get(pk=uid) except: try: # create a new django user l = LDAPManager() luser = l.search(uid) data = luser[0][1] password = User.objects.make_random_password( length=32 ) user = User.objects.create( pk=uid, username=data['cn'][0], email=data['mail'][0], last_login=NOW ) user.set_password(password) user.first_name = data['givenName'][0] user.last_name = data['sn'][0] user.save() # add to groups try: for key, val in settings.LDAP_GROUPS.items(): grp = data.get(key) if grp and grp[0] == 'A': g = Group.objects.get(name__iexact=key) g.user_set.add(user) except: pass except: return HttpResponseRedirect(redirect) else: # we could not find a user from portal's UID return HttpResponseRedirect(redirect) else: return HttpResponseRedirect(redirect) else: user = request.user if group: if not in_group(user, group) and not user.is_superuser: return HttpResponseRedirect(resolved_redirect_url) # sign in the user manually user.backend = 'django.contrib.auth.backends.ModelBackend' login(request, user) request.session[session_var] = True return view_func(request, *args, **kwargs)
def create(request): ''' create a change major request ''' # faculty and staff can submit the form for a student facstaff = in_group( request.user,'carthageStaffStatus','carthageFacultyStatus' ) sid = None sql = None search = False if request.POST: form = ChangeForm(request.POST) if form.is_valid(): data = form.save() # redirect to form home url = "{}?uid={}".format( reverse_lazy('change_major_success'), data.student_id ) return HttpResponseRedirect(url) else: uid = request.GET.get('uid') form = ChangeForm() if uid: try: sid = int(uid) search = True # prevent unauthorized users from using this form if not facstaff: return render(request, 'changemajor/no_access.html') except: sid = get_userid(uid) if not sid: if not facstaff: return render(request, 'changemajor/no_access.html') else: # selects student's id, name, and current majors/minors sql = ''' SELECT IDrec.id, IDrec.fullname AS fullname, major1.major AS major1code, TRIM(major1.txt) AS major1, major2.major AS major2code, TRIM(NVL(major2.txt,"")) AS major2, major3.major AS major3code, TRIM(NVL(major3.txt,"")) AS major3, minor1.minor AS minor1code, TRIM(minor1.txt) AS minor1, minor2.minor AS minor2code, TRIM(NVL(minor2.txt,"")) AS minor2, minor3.minor AS minor3code, TRIM(NVL(minor3.txt,"")) AS minor3 FROM id_rec IDrec INNER JOIN prog_enr_rec PROGrec ON IDrec.id = PROGrec.id LEFT JOIN major_table major1 ON PROGrec.major1 = major1.major LEFT JOIN major_table major2 ON PROGrec.major2 = major2.major LEFT JOIN major_table major3 ON PROGrec.major3 = major3.major LEFT JOIN minor_table minor1 ON PROGrec.minor1 = minor1.minor LEFT JOIN minor_table minor2 ON PROGrec.minor2 = minor2.minor LEFT JOIN minor_table minor3 ON PROGrec.minor3 = minor3.minor WHERE IDrec.id = {} '''.format(int(sid)) student = do_sql(sql, key=DEBUG, earl=EARL).fetchall() if student: # set initial data based on student for row in student: form.fields['student_id'].initial = row['id'] form.fields['name'].initial = row['fullname'].decode( 'ISO-8859-2' ).encode('utf-8') if row['major2'] == '' and row['major3'] == '': form.fields['majorlist'].initial = (row['major1']) elif row['major3'] == '': form.fields['majorlist'].initial = "{} and {}".format( row['major1'], row['major2'] ) else: form.fields['majorlist'].initial = "{}, {}, and {}".format( row['major1'], row['major2'], row['major3'] ) if row['minor2'] == '' and row['minor3'] == '': form.fields['minorlist'].initial = (row['minor1']) elif row['minor3'] == '': form.fields['minorlist'].initial = "{} and {}".format( row['minor1'], row['minor2'] ) else: form.fields['minorlist'].initial = "{}, {}, and {}".format( row['minor1'], row['minor2'], row['minor3'] ) form.fields['major1'].initial = row['major1code'] form.fields['major2'].initial = row['major2code'] form.fields['major3'].initial = row['major3code'] form.fields['minor1'].initial = row['minor1code'] form.fields['minor2'].initial = row['minor2code'] form.fields['minor3'].initial = row['minor3code'] else: sid = None else: if not facstaff: return render(request, 'changemajor/no_access.html') # set up the advisor autocomplete field advisor_list = None if sid: form.fields['student_id'].widget = forms.HiddenInput() form.fields['name'].widget = forms.HiddenInput() form.fields['majorlist'].widget = forms.HiddenInput() form.fields['minorlist'].widget = forms.HiddenInput() # get list of valid advisors for jquery autocomplete advisorSQL = ''' SELECT id_rec.id, TRIM(id_rec.firstname) AS firstname, TRIM(id_rec.lastname) AS lastname FROM job_rec INNER JOIN id_rec ON job_rec.id = id_rec.id WHERE hrstat = 'FT' AND TODAY BETWEEN job_rec.beg_date AND NVL(job_rec.end_date, TODAY) GROUP BY id_rec.id, firstname, lastname ORDER BY lastname, firstname ''' advisor_list = do_sql( advisorSQL, key=DEBUG, earl=EARL ) return render(request, 'changemajor/form.html', { 'form':form, 'facstaff':facstaff, 'sql':sql, 'advisor_list':advisor_list, 'student_id':sid,'search':search })
def get_students(request): """ GET or POST: returns a list of students """ trees=sport=None term = get_term() staff = in_group(request.user, STAFF) coach = in_group(request.user, COACH) if request.POST: post = request.POST if staff or coach: # simple protection against sql injection try: sport = int(post.get('sport')) except: sport = 0 trees = post.get('print') if sport and sport !=0 and staff and trees: # print all athletes from any given sport sql = ''' {} WHERE stu_serv_rec.yr = "{}" AND stu_serv_rec.sess = "{}" AND cc_student_medical_manager.created_at > "{}" AND cc_student_medical_manager.sports like "%{}%" ORDER BY lastname '''.format( STUDENT_VITALS, term['yr'], term['sess'], settings.START_DATE, str(sport) ) template = 'dashboard/athletes_print.html' else: sql = ''' {} AND stu_serv_rec.yr = "{}" AND stu_serv_rec.sess = "{}" '''.format( STUDENTS_ALPHA, term['yr'], term['sess'] ) c = post.get('class') if c in ['0','1','2','3','4']: if c == '1': sql += 'AND cc_student_medical_manager.sitrep = 1' elif c == '0': sql += 'AND cc_student_medical_manager.sitrep = 0' elif c == '3': sql += 'AND cc_student_medical_manager.athlete = 1' elif c == '4': sql += 'AND cc_student_health_insurance.primary_policy_type="Gov"' else: sql += 'AND cc_student_medical_manager.id IS NULL' else: sql += 'AND prog_enr_rec.cl IN ({})'.format(c) if sport and sport != 0: sql += ''' AND cc_student_medical_manager.sports like "%{}%" '''.format(str(sport)) sql += ' ORDER BY lastname' template = 'dashboard/students_data.inc.html' else: return HttpResponse("error", content_type="text/plain; charset=utf-8") else: template = 'dashboard/home.html' sql = ''' {} AND stu_serv_rec.yr = "{}" AND stu_serv_rec.sess = "{}" AND prog_enr_rec.cl IN ("FN","FF","FR","UT","PF","PN") ORDER BY lastname '''.format( STUDENTS_ALPHA, term['yr'], term['sess'] ) objs = do_esql( sql, key=settings.INFORMIX_DEBUG, earl=EARL ) students = None if objs: session = get_session(EARL) students = [dict(row) for row in objs.fetchall()] for s in students: adult = 'minor' if s['birth_date']: age = calculate_age(s['birth_date']) if age > 17: adult = 'adult' s['adult'] = adult if trees: manager = get_manager(session, s['id']) # emergency notification system s['ens'] = session.query(AARec).filter_by(id=s['id']).\ filter(AARec.aa.in_(ENS_CODES)).all() # health insurance s['shi'] = panels( request, session, StudentHealthInsurance, manager ) return render( request, template, { 'students':students,'sports':SPORTS,'sport':sport,'staff':staff, 'coach':coach } )
def set_val(request): """ Ajax POST for to set a single name/value pair, used mostly for jquery xeditable and ajax updates for student medical manager. Requires via POST: college_id name (database field) value pk (primary key of object to be updated) table """ staff = in_group(request.user, settings.STAFF_GROUP) # we need a table name table = request.POST.get('table') if not table: return HttpResponse("Error: no table name") # we need a college ID to insure no funny stuff cid = request.POST.get('college_id') if not cid: return HttpResponse("Error: no college ID") elif not staff and int(cid) != request.user.id: return HttpResponse("Not staff") else: # name/value pair name = request.POST.get('name') # sports field is a list if name == 'sports': value = ','.join(request.POST.getlist('value[]')) else: value = request.POST.get('value') # primary key pk = request.POST.get('pk') # create our dictionary to hold name/value pairs dic = { name: value } if table == 'cc_athlete_sicklecell_waiver': # set value = 1 if field name = 'waive'or # if it = 'results' since that value is # either Positive or Negative if name == 'results': dic['proof'] = 1 dic['waive'] = 0 value = 1 elif name == 'waive': dic['proof'] = 0 dic['waive'] = value dic['results'] = '' elif name == 'proof': dic['results'] = '' # create database session session = get_session(EARL) # retrieve student manager man = get_manager(session, cid) if WAIVERS.get(table) and not pk: # create new waiver dic['college_id'] = cid dic['manager_id'] = man.id obj = WAIVERS[table](**dic) session.add(obj) # update the manager setattr(man, table, value) session.flush() else: model = BASES[table] obj = session.query(model).\ filter_by(id=pk).first() if not obj: return HttpResponse( "No object found associated with ID: {}".format(pk), content_type='text/plain; charset=utf-8' ) else: if name == 'athlete' and str(value) == '0': dic['sports'] = '' # green check mark for athletes if name == 'sitrep' and str(value) == '1': if obj.medical_consent_agreement: dic['medical_consent_agreement_status'] = 1 if obj.physical_evaluation_1: dic['physical_evaluation_status_1'] = 1 if obj.physical_evaluation_2: dic['physical_evaluation_status_2'] = 1 # update existing object for key, value in dic.iteritems(): setattr(obj, key, value) session.flush() # if waiver, update manager table if WAIVERS.get(table): setattr(man, table, value) # update the log entry for staff modifications if staff: message = '' for n,v in dic.items(): message += u'{} = {}\n'.format(n,v) log = { 'college_id': request.user.id, 'content_type_id': get_content_type(session, table).id, 'object_id': obj.id, 'object_repr': '{}'.format(obj), 'action_flag': CHANGE, 'action_message': message } log_entry = StudentMedicalLogEntry(**log) session.add(log_entry) session.commit() session.close() return HttpResponse( "success", content_type='text/plain; charset=utf-8' )
def css(self): return in_group(self.user, settings.CSS_GROUP)
def proposal_approver(request, pid=0): ''' Add an approver to a proposal. OJO: we still need to validate that a Dean can add an approver to the proposal but we can trust deans for now. ''' user = request.user group = in_group(user, OSP_GROUP, DEANS_GROUP) if not group: return HttpResponseRedirect( reverse_lazy('home') ) else: proposal = None proposal = get_object_or_404(Proposal, id=pid) if request.method=='POST': form = ProposalApproverForm(request.POST, user=user) if form.is_valid(): cd = form.cleaned_data cid = cd['user'] try: user = User.objects.get(id=cid) except: # create a new user l = LDAPManager() luser = l.search(cid) data = luser[0][1] password = User.objects.make_random_password(length=24) user = User.objects.create( pk=cid, username=data['cn'][0], email=data['mail'][0], last_login=NOW ) user.set_password(password) user.first_name = data['givenName'][0] user.last_name = data['sn'][0] user.save() approver = ProposalApprover( user=user, proposal=proposal ) where = 'PT.pcn_03 = "{}"'.format(proposal.department) chairs = department_division_chairs(where) # in the future, users might be able to select the role # that an approver might replace but for now we handle it # here and by default in the model, which is 'level3', # and if a dean is adding an approver there is no replace if len(chairs) > 0: approver.replace = None approver.save() # send an email to approver prefix = 'Your Review and Authorization Required' subject = u'{}: "{}" by {}, {}'.format( prefix, proposal.title, proposal.user.last_name, proposal.user.first_name ) if DEBUG: to_list = [MANAGER] proposal.to_list = [ proposal.user.email, approver.user.email ] else: to_list = [approver.user.email] send_mail( request, to_list, subject, PROPOSAL_EMAIL_LIST[0], 'approver/email.html', {'proposal':proposal,}, BCC ) return HttpResponseRedirect( reverse_lazy('proposal_approver_success') ) else: form = ProposalApproverForm(initial={'proposal': pid}, user=user) template = 'approver/form.html' context = {'proposal':proposal, 'form':form} return render( request, template, context )
def impact_form(request, pid): ''' Proposal Form Part B view ''' proposal = get_object_or_404(Proposal, id=pid) user = request.user perms = proposal.permissions(user) # we do not allow PIs to update their proposals after save-submit # but OSP can do so group = in_group(user, OSP_GROUP) if (user != proposal.user and not group) or \ (proposal.save_submit and user == proposal.user) or \ (proposal.decline and user == proposal.user) or \ (proposal.closed and user == proposal.user) or \ (proposal.closed or proposal.decline and group): return HttpResponseRedirect(reverse_lazy('home')) # budget and impact try: impact = proposal.proposal_impact budget = proposal.proposal_budget except: impact = budget = None # documents docs = [None,None,None] for c, d in enumerate(proposal.proposal_documents.all()): docs[c] = d if request.method=='POST': form_impact = ImpactForm( request.POST, instance=impact, label_suffix='', use_required_attribute = REQUIRED_ATTRIBUTE ) form_budget = BudgetForm( request.POST, request.FILES, instance=budget, prefix='budget', label_suffix='', use_required_attribute = REQUIRED_ATTRIBUTE ) form_comments = CommentsForm( request.POST, prefix='comments', label_suffix='', use_required_attribute = REQUIRED_ATTRIBUTE ) form_doc1 = DocumentForm( request.POST, request.FILES, instance=docs[0], prefix='doc1', label_suffix='', use_required_attribute = REQUIRED_ATTRIBUTE ) form_doc2 = DocumentForm( request.POST, request.FILES, instance=docs[1], prefix='doc2', label_suffix='', use_required_attribute = REQUIRED_ATTRIBUTE ) form_doc3 = DocumentForm( request.POST, request.FILES, instance=docs[2], prefix='doc3', label_suffix='', use_required_attribute = REQUIRED_ATTRIBUTE ) if form_impact.is_valid() and form_budget.is_valid() and \ form_doc1.is_valid() and form_doc2.is_valid() and \ form_doc3.is_valid(): # proposal impact impact = form_impact.save(commit=False) impact.proposal = proposal impact.save() # set proposal opened to False if it was True if proposal.opened: proposal.opened = False proposal.save() # proposal budget budget = form_budget.save(commit=False) budget.proposal = proposal budget.save() # proposal comments (not a ModelForm) if request.POST.get('comments-comments'): form_comments.is_valid() comments = form_comments.cleaned_data proposal.comments = comments['comments'] proposal.save() # document 1 doc1 = form_doc1.save(commit=False) doc1.proposal = proposal doc1.save() # document 2 doc2 = form_doc2.save(commit=False) doc2.proposal = proposal doc2.save() # document 3 doc3 = form_doc3.save(commit=False) doc3.proposal = proposal doc3.save() # Send email to Approvers and Division Dean if the PI is finished # with the proposal # (i.e. hits 'submit-save' rather than 'save and continue') post = request.POST if post.get('save_submit') and not proposal.save_submit: # set the save submit flag so PI cannot update proposal.save_submit = True proposal.save() # email approvers subject = ( u'Routing & Authorization Form Part B: ' 'Your Approval Needed for "{}" by {}, {}' ).format( proposal.title, proposal.user.last_name, proposal.user.first_name ) to_list = [] for a in proposal.approvers.all(): to_list.append(a.user.email) if DEBUG: proposal.to_list = to_list to_list = [MANAGER] if to_list: # send the email to Approvers send_mail( request, to_list, subject, proposal.user.email, 'impact/email_approve_approvers.html', proposal, BCC ) # email Division Dean (level3) where = 'PT.pcn_03 = "{}"'.format(proposal.department) chairs = department_division_chairs(where) # staff do not have deans so len will be 0 in that case if len(chairs) > 0: subject = ( u'Review and Provide Final Authorization for PART B: ' '"{}" by {}, {}' ).format( proposal.title, proposal.user.last_name, proposal.user.first_name ) # we need department full name in email proposal.department_name = chairs[0][0] # Division dean's email to_list = [chairs[0][8]] if DEBUG: proposal.to_list = to_list to_list = [MANAGER] # send the email send_mail( request, to_list, subject, proposal.user.email, 'impact/email_approve_level3.html', proposal, BCC ) # send confirmation to the Primary Investigator (PI) # who submitted the form subject = u"[Part B] Submission Received: {}".format( proposal.title ) to_list = [proposal.user.email] if DEBUG: proposal.to_list = to_list to_list = [MANAGER] # send the email send_mail( request, to_list, subject, PROPOSAL_EMAIL_LIST[0], 'impact/email_confirmation.html', proposal, BCC ) return HttpResponseRedirect( reverse_lazy('impact_success') ) else: messages.add_message( request, messages.SUCCESS, ''' Your proposal data have been saved. ''', extra_tags='success' ) return HttpResponseRedirect( reverse_lazy('impact_form', kwargs={'pid': proposal.id}) ) else: form_impact = ImpactForm( instance=impact, label_suffix='', use_required_attribute = REQUIRED_ATTRIBUTE ) form_budget = BudgetForm( instance=budget, prefix='budget', label_suffix='', use_required_attribute = REQUIRED_ATTRIBUTE ) form_comments = CommentsForm( initial={'comments':proposal.comments}, prefix='comments', label_suffix='', use_required_attribute = REQUIRED_ATTRIBUTE ) form_doc1 = DocumentForm( instance=docs[0], prefix='doc1', label_suffix='', use_required_attribute = REQUIRED_ATTRIBUTE ) form_doc2 = DocumentForm( instance=docs[1], prefix='doc2', label_suffix='', use_required_attribute = REQUIRED_ATTRIBUTE ) form_doc3 = DocumentForm( instance=docs[2], prefix='doc3', label_suffix='', use_required_attribute = REQUIRED_ATTRIBUTE ) return render( request, 'impact/form.html', { 'form_budget': form_budget, 'form_comments': form_comments, 'form_impact': form_impact, 'form_doc1': form_doc1, 'form_doc2': form_doc2, 'form_doc3': form_doc3, 'perms': perms } )
def form(request, stype, cid=None): medical_staff=False staff = in_group(request.user, settings.STAFF_GROUP) if not cid: cid = request.user.id else: if not staff: return HttpResponseRedirect( reverse_lazy('home') ) else: medical_staff=True # get academic term term = get_term() # get student sql = ''' {} WHERE id_rec.id = "{}" AND stu_serv_rec.yr = "{}" AND stu_serv_rec.sess = "{}" '''.format( STUDENT_VITALS, cid, term['yr'], term['sess'] ) engine = get_engine(EARL) obj = engine.execute(sql) student = obj.fetchone() if not student: if medical_staff: return HttpResponseRedirect( reverse_lazy('dashboard_home') ) else: return HttpResponseRedirect( reverse_lazy('home') ) # create database session session = get_session(settings.INFORMIX_EARL) # obtain our student medical manager manager = get_manager(session, cid) # obtain our health insturance object insurance = session.query(StudentHealthInsurance).\ filter_by(college_id=cid).\ filter(StudentHealthInsurance.current(settings.START_DATE)).first() update = None data = row2dict(insurance) if data: update = cid # opt out oo = data.get('opt_out') # UI display for 1st, 2nd, and 3rd forms primary = data.get('primary_dob') secondary = data.get('secondary_dob') tertiary = data.get('tertiary_dob') # form name fname = '{}Form'.format(stype.capitalize()) # form class form = str_to_class('djsani.insurance.forms', fname)( initial=data, manager=manager, insurance=insurance ) if request.method=='POST': update = request.POST.get('update') form = str_to_class( 'djsani.insurance.forms', fname )(request.POST, request.FILES, manager=manager, insurance=insurance) if form.is_valid(): form = form.cleaned_data # update the manager manager.cc_student_health_insurance=True # commit, because the above has not been saving properly # for some reason when opt-out session.commit() # opt out of insurance oo = form.get('opt_out') if oo: if manager.athlete: if not medical_staff: # alert email to staff if settings.DEBUG: TO_LIST = [settings.SERVER_EMAIL,] else: TO_LIST = settings.INSURANCE_RECIPIENTS send_mail( request, TO_LIST, u"[Health Insurance] Opt Out: {} {} ({})".format( request.user.first_name,request.user.last_name,cid ), request.user.email, 'alert_email.html', request, settings.MANAGERS ) else: # empty table form = STUDENT_HEALTH_INSURANCE else: # deal with file uploads if request.FILES: folder = 'insurance/{}/{}'.format( cid, manager.created_at.strftime('%Y%m%d%H%M%S%f') ) p = join(settings.UPLOADS_DIR, folder) if request.FILES.get('primary_card_front'): front = handle_uploaded_file( request.FILES['primary_card_front'], p ) form['primary_card_front'] = '{}/{}'.format( folder, front ) else: form.pop('primary_card_front', None) if request.FILES.get('primary_card_back'): back = handle_uploaded_file( request.FILES['primary_card_back'], p ) form['primary_card_back'] = '{}/{}'.format( folder, back ) else: form.pop('primary_card_back', None) else: form.pop('primary_card_front', None) form.pop('primary_card_back', None) # student did not opt out form['opt_out'] = False # insert else update if not update: # insert form['college_id'] = cid form['manager_id'] = manager.id s = StudentHealthInsurance(**form) session.add(s) else: # fetch our insurance object obj = session.query(StudentHealthInsurance).\ filter_by(college_id=cid).\ filter(StudentHealthInsurance.current(settings.START_DATE)).\ first() # update it with form values for key, value in form.iteritems(): setattr(obj, key, value) # lastly, commit and redirect session.commit() if staff: redirect = reverse_lazy('student_detail', args=[cid]) else: redirect = reverse_lazy('insurance_success') return HttpResponseRedirect(redirect) else: primary = data.get('primary_dob') secondary = request.POST.get('secondary_dob') tertiary = request.POST.get('tertiary_dob') # close database session session.close() return render( request, 'insurance/form.html', { 'form':form,'update':update,'oo':oo,'student':student, 'medical_staff':medical_staff, 'manager':manager, 'primary':primary,'secondary':secondary,'tertiary':tertiary } )
def student_detail(request, cid=None, medium=None, content=None): """ main method for displaying student data """ if in_group(request.user, STAFF): term = get_term() template = 'dashboard/student_detail.html' if content: template = 'dashboard/student_{}_{}.html'.format( medium, content ) my_sports = None manager = None session = get_session(EARL) # search form, grab only numbers from string if not cid: cid = filter(str.isdigit, str(request.POST.get('cid'))) # get all managers for switch select options managers = session.query(StudentMedicalManager).\ filter_by(college_id=cid).all() # we do not want to display faculty/staff details # nor do we want to create a manager for them if cid and not faculty_staff(cid): # manager ID comes from profile switcher POST from form manid = request.POST.get('manid') # or from URL with GET variable if not manid: manid = request.GET.get('manid') # get student if manid: sql = ''' {} WHERE cc_student_medical_manager.id = {} ORDER by stu_serv_rec.stusv_no DESC '''.format(STUDENT_VITALS, manid) else: sql = ''' {} WHERE id_rec.id = "{}" ORDER BY cc_student_medical_manager.created_at DESC '''.format(STUDENT_VITALS, cid) obj = do_esql(sql, key=settings.INFORMIX_DEBUG, earl=EARL) if obj: student = obj.fetchone() if student: if manid: manager = session.query(StudentMedicalManager).\ filter_by(id=manid).one() if not manager: manager = get_manager(session, cid) # execute student vitals sql again in case we just created # a new manager obj = do_esql(sql, key=settings.INFORMIX_DEBUG, earl=EARL) student = obj.fetchone() # calculate student's age try: age = calculate_age(student.birth_date) except: age = None # emergency notification system ens = session.query(AARec).filter_by(id=cid).\ filter(AARec.aa.in_(ENS_CODES)).all() # health insurance shi = panels( request,session,StudentHealthInsurance,manager,content ) # student medical history smh = panels( request,session,StudentMedicalHistory,manager,content, student.sex ) # athlete medical history amh = panels( request,session,AthleteMedicalHistory,manager,content, student.sex ) # used for staff who update info on the dashboard stype = 'student' if student.athlete: stype = 'athlete' if student.sports: my_sports = student.sports.split(',') if student.sex == 'F': sports = SPORTS_WOMEN else: sports = SPORTS_MEN try: student_user = User.objects.get(pk=cid) except: student_user = None else: age=ens=shi=smh=amh=student=sports=stype=student_user=manager=None return render( request, template, { 'student':student,'student_user':student_user,'age':age, 'ens':ens, 'shi':shi,'amh':amh,'smh':smh,'cid':cid, 'switch_earl':reverse_lazy('set_val'), 'sports':sports,'my_sports':my_sports, 'next_year':NEXT_YEAR,'stype':stype,'managers':managers, 'manager':manager,'MedicalStaff':True } ) else: raise Http404 else: raise Http404 else: return HttpResponseRedirect(reverse_lazy('access_denied'))
def approver_manager(request): """Add a level 3 approver.""" user = None level3_group = settings.LEVEL3_GROUP message = None banner = messages.SUCCESS tag = 'alert-success' if request.method == 'POST': form = ApproverForm( request.POST, use_required_attribute=settings.REQUIRED_ATTRIBUTE, ) if form.is_valid(): user_data = form.cleaned_data username = user_data['email'].split('@')[0] # fetch user or create one if they do not exist try: user = User.objects.get(username=username) except User.DoesNotExist: # create a new user eldap = LDAPManager() result_data = eldap.search(username, field='cn') if result_data: groups = eldap.get_groups(result_data) user = eldap.dj_create(result_data, groups=groups) else: form.add_error( 'email', "There is no user with that email address", ) message = "There is no user with that email address" banner = messages.ERROR tag = 'alert-danger' if user: group = Group.objects.get(name=level3_group) # if we have a college ID, then we remove the user from # the approver group if request.POST.get('cid'): group.user_set.remove(user) elif in_group(user, level3_group): form.add_error( 'email', "{0}, {1} is already in the Approvers group".format( user.last_name, user.first_name, ), ) message = "User is already in the Approvers group" banner = messages.ERROR tag = 'alert-danger' else: group.user_set.add(user) message = "{0}, {1} added to the Approvers group".format( user.last_name, user.first_name, ) form = ApproverForm( use_required_attribute=settings.REQUIRED_ATTRIBUTE, ) group.save() if message: messages.add_message( request, banner, message, extra_tags=tag ) else: form = ApproverForm(use_required_attribute=settings.REQUIRED_ATTRIBUTE) if request.POST.get('cid'): response = HttpResponse('Success', content_type="text/plain; charset=utf-8") else: objects = User.objects.filter(groups__name=level3_group).order_by('last_name') hr = in_group(request.user, settings.HR_GROUP) response = render( request, 'approver.html', {'hr': hr, 'form':form, 'objects':objects}, ) return response