def fitbit(request): user = SupportRequest.target_user(request) code = request.GET.get('code', None) status = False if code is not None: status = healthdevice.fitbit_connect(user.client, code) context = { 'provider': HealthDevice.ProviderType.FITBIT.value, 'status': status } return render(request, 'healthdevices/oauth2.html', context)
def dispatch(self, request, *args, **kwargs): try: user = SupportRequest.target_user(request) sit = BulkInvestorTransfer.objects.exclude(approved=True).get( from_advisor=user.advisor) return HttpResponseRedirect( "/advisor/support/forms/transfer/bulk/update/{0}".format( sit.pk)) except ObjectDoesNotExist: return super(AdvisorBulkInvestorTransferView, self).dispatch(request, *args, **kwargs)
def under_armour(request): user = SupportRequest.target_user(request) code = request.GET.get('code', None) status = False if code is not None: status = healthdevice.underarmour_connect(user.client, code) context = { 'provider': HealthDevice.ProviderType.UNDERARMOUR.value, 'status': status } return render(request, 'healthdevices/oauth2.html', context)
def microsoft_health(request): user = SupportRequest.target_user(request) code = request.GET.get('code', None) status = False if code is not None: status = healthdevice.microsofthealth_connect(user.client, code) context = { 'provider': HealthDevice.ProviderType.MICROSOFT_HEALTH.value, 'status': status } return render(request, 'healthdevices/oauth2.html', context)
def post(self, request): user = SupportRequest.target_user(self.request) if user.is_client: serializer = self.serializer_class(data=request.data) serializer.is_valid(raise_exception=True) request_advisor_support( user, serializer.validated_data['url'], serializer.validated_data.get('text', None)) return Response('ok', status=status.HTTP_200_OK) else: return Response('User is not a client', status=status.HTTP_401_UNAUTHORIZED)
def selected_settings(self, request, pk=None, **kwargs): goal = self.get_object() if request.method == 'GET': serializer = serializers.GoalSettingSerializer( goal.selected_settings) return Response(serializer.data) with transaction.atomic(): # So both the log and change get committed. sr_id = SupportRequest.get_current(request) if request.method == 'POST': check_state(Goal.State(goal.state), Goal.State.ACTIVE) serializer = serializers.GoalSettingWritableSerializer( data=request.data) serializer.is_valid(raise_exception=True) event = Event.SET_SELECTED_SETTINGS.log( '{} {}'.format(self.request.method, self.request.path), request.data, user=request.user, obj=goal, support_request_id=sr_id) # Write any event memo for the event. All the details are wrapped by the serializer. serializer.write_memo(event) settings = serializer.save(goal=goal) # We use the read-only serializer to send the settings object, not the update serializer. serializer = serializers.GoalSettingSerializer(settings) headers = self.get_success_headers(serializer.data) return Response(serializer.data, status=status.HTTP_200_OK, headers=headers) elif request.method == 'PUT': check_state(Goal.State(goal.state), Goal.State.ACTIVE) settings = goal.selected_settings event = Event.UPDATE_SELECTED_SETTINGS.log( '{} {}'.format(self.request.method, self.request.path), request.data, user=request.user, obj=goal, support_request_id=sr_id) serializer = serializers.GoalSettingWritableSerializer( settings, data=request.data, partial=True) serializer.is_valid(raise_exception=True) # Write any event memo for the event. All the details are wrapped by the serializer. serializer.write_memo(event) settings = serializer.save(goal=goal) # We use the read-only serializer to send the settings object, not the update serializer. serializer = serializers.GoalSettingSerializer(settings) headers = self.get_success_headers(serializer.data) return Response(serializer.data, status=status.HTTP_200_OK, headers=headers)
def create_new_account(self, request): client = SupportRequest.target_user(self.request).client serializer = serializers.new_account_fabric(request.data) if serializer.is_valid(): try: account = serializer.save(request, client) except ValidationError as e: return Response({'error': e.detail}, status=status.HTTP_400_BAD_REQUEST) return Response( self.serializer_response_class(instance=account).data) return Response({'error': serializer.errors}, status=status.HTTP_400_BAD_REQUEST)
def dispatch(self, request, *args, **kwargs): user = SupportRequest.target_user(request) try: self.client = user.client except AttributeError: raise PermissionDenied() self.is_advisor = self.request.session.get("is_advisor", False) if request.method == "POST": if not self.client.is_accepted: raise PermissionDenied() return super(ClientView, self).dispatch(request, *args, **kwargs)
def dispatch(self, request, *args, **kwargs): client_pk = kwargs["pk"] user = SupportRequest.target_user(request) advisor = user.advisor try: client = advisor.clients.get(pk=client_pk) except ObjectDoesNotExist: raise PermissionDenied() self.client = client return super(AdvisorCreateNewAccountForExistingClientSelectAccountType, self).dispatch(request, *args, **kwargs)
def perform_create(self, serializer): """ We don't allow users to create retirement plans for others... So we set the client from the URL and validate the user has access to it. :param serializer: :return: """ user = SupportRequest.target_user(self.request) client = Client.objects.filter_by_user(user).get(id=int(self.get_parents_query_dict()['client'])) if 'client' in serializer.validated_data: if 'civil_status' in serializer.validated_data['client']: client.civil_status = serializer.validated_data['client']['civil_status'] if 'smoker' in serializer.validated_data['client']: client.smoker = serializer.validated_data['client']['smoker'] if 'drinks' in serializer.validated_data['client']: client.drinks = serializer.validated_data['client']['drinks'] if 'height' in serializer.validated_data['client']: client.height = serializer.validated_data['client']['height'] if 'weight' in serializer.validated_data['client']: client.weight = serializer.validated_data['client']['weight'] if 'daily_exercise' in serializer.validated_data['client']: client.daily_exercise = serializer.validated_data['client']['daily_exercise'] if 'home_value' in serializer.validated_data['client']: client.home_value = serializer.validated_data['client']['home_value'] if 'home_growth' in serializer.validated_data['client']: client.home_growth = serializer.validated_data['client']['home_growth'] if 'ss_fra_todays' in serializer.validated_data['client']: client.ss_fra_todays = serializer.validated_data['client']['ss_fra_todays'] if 'ss_fra_retirement' in serializer.validated_data['client']: client.ss_fra_retirement = serializer.validated_data['client']['ss_fra_retirement'] if 'state_tax_after_credits' in serializer.validated_data['client']: client.state_tax_after_credits = serializer.validated_data['client']['state_tax_after_credits'] if 'state_tax_effrate' in serializer.validated_data['client']: client.state_tax_effrate = serializer.validated_data['client']['state_tax_effrate'] if 'pension_name' in serializer.validated_data['client']: client.pension_name = serializer.validated_data['client']['pension_name'] if 'pension_amount' in serializer.validated_data['client']: client.pension_amount = serializer.validated_data['client']['pension_amount'] if 'pension_start_date' in serializer.validated_data['client']: client.pension_start_date = serializer.validated_data['client']['pension_start_date'] if 'employee_contributions_last_year' in serializer.validated_data['client']: client.employee_contributions_last_year = serializer.validated_data['client']['employee_contributions_last_year'] if 'employer_contributions_last_year' in serializer.validated_data['client']: client.employer_contributions_last_year = serializer.validated_data['client']['employer_contributions_last_year'] if 'total_contributions_last_year' in serializer.validated_data['client']: client.total_contributions_last_year = serializer.validated_data['client']['total_contributions_last_year'] client.save() return serializer.save(client=client)
def withings(request): user = SupportRequest.target_user(request) oauth_verifier = request.GET.get('oauth_verifier', None) status = False if 'withings_oauth_token' in request.session and oauth_verifier is not None: oauth_token = request.session.pop('withings_oauth_token') oauth_secret = request.session.pop('withings_oauth_secret') status = healthdevice.withings_connect(user.client, oauth_verifier, oauth_token, oauth_secret) context = { 'provider': HealthDevice.ProviderType.WITHINGS.value, 'status': status } return render(request, 'healthdevices/oauth2.html', context)
def put(self, request): """ --- # Swagger request_serializer: serializers.UserUpdateSerializer response_serializer: serializers.UserSerializer """ user = SupportRequest.target_user(request) if user.is_support_staff: sr = SupportRequest.get_current(self.request, as_obj=True) user = sr.user serializer = serializers.UserUpdateSerializer(user, data=request.data, partial=True, context={ 'request': request, }) serializer.is_valid(raise_exception=True) user = serializer.save() data = self.serializer_class(user).data if user.is_advisor: role = 'advisor' data['advisor'] = AdvisorSerializer(user.advisor).data elif user.is_client: role = 'client' # If the user wants to update client details, they do it through the specific client endpoint. data['client'] = ClientFieldSerializer(user.client).data else: raise PermissionDenied("User is not in the client or " "advisor groups.") data.update({'role': role}) return Response(data)
def get_queryset(self): """ Because this viewset can have a primary owner and signatories, we don't use the queryset parsing features from NestedViewSetMixin as it only allows looking at one field for the parent. :return: """ qs = super(AccountBeneficiaryViewSet, self).get_queryset() # show "permissioned" records only user = SupportRequest.target_user(self.request) qs.filter( Q(account__primary_owner__user=user) | Q(account__primary_owner__advisor__user=user)) return qs
def get(self, request): user = SupportRequest.target_user(request) serializer = None if user.is_advisor: serializer = self.serializer_class(user.advisor.firm) elif user.is_authorised_representative: serializer = self.serializer_class(user.authorised_representative.firm) elif user.is_supervisor: serializer = self.serializer_class(user.supervisor.firm) elif user.is_client: serializer = self.serializer_class(user.client.advisor.firm) if serializer: return Response(serializer.data) else: return self.permission_denied(request)
def joint_resend_email(self, request): client = SupportRequest.target_user(self.request).client account = ClientAccount.objects.get( primary_owner=client, account_type=constants.ACCOUNT_TYPE_JOINT) print(client.id, account.signatories.first()) cosignee = account.signatories.first() jacm = JointAccountConfirmationModel.objects.get(account=account) context = RequestContext(request, { 'confirmation': jacm, }) render = curry(render_to_string, context=context) cosignee.user.email_user( render('email/client/joint-confirm/subject.txt').strip(), message=render('email/client/joint-confirm/message.txt'), html_message=render('email/client/joint-confirm/message.html'), ) return Response('ok', status=status.HTTP_200_OK)
def deposit(self, request, pk=None, **kwargs): goal = self.get_object() check_state(Goal.State(goal.state), Goal.State.ACTIVE) sr_id = SupportRequest.get_current(request) Event.GOAL_DEPOSIT.log('{} {}'.format(request.method, request.path), request.data, user=request.user, obj=goal, support_request_id=sr_id) serializer = serializers.TransactionCreateSerializer(data=request.data) serializer.is_valid(raise_exception=True) serializer.save(to_goal=goal, reason=Transaction.REASON_DEPOSIT) headers = self.get_success_headers(serializer.data) return Response(serializer.data, status=status.HTTP_201_CREATED, headers=headers)
def dispatch(self, request, *args, **kwargs): user = SupportRequest.target_user(request) try: self.firm = user.authorised_representative.firm except AttributeError: raise PermissionDenied() if request.method == "POST": if not user.authorised_representative.is_accepted: raise PermissionDenied() response = super(LegalView, self).dispatch(request, *args, **kwargs) if hasattr(response, 'context_data'): response.context_data["profile"] = user.authorised_representative response.context_data["firm"] = user.authorised_representative.firm response.context_data["is_legal_view"] = True return response
def create(self, validated_data): request = self.context.get('request') sr = SupportRequest.get_current(request, as_obj=True) user, sr_id = (sr.user, sr.id) if sr else (request.user, None) roa = super(RecordOfAdviceSerializer, self).create(validated_data) Event.ROA_GENERATED.log('Record of Advice Generated', user=request.user, obj=roa, support_request_id=sr_id) goal = validated_data['goal'] client = goal.account.primary_owner Notify.ADVISOR_CREATE_ROA.send(actor=user, recipient=client.user, action_object=roa, target=goal) return roa
def archive(self, request, pk=None, **kwargs): """ Override this method as we don't want to actually delete the goal, just disable it. :param instance: The goal to disable :return: None """ goal = self.get_object() # If I'm an advisor or the goal is unsupervised, # archive the goal immediately. sr = SupportRequest.get_current(request, as_obj=True) # check helped user instead if support request is active user, sr_id = (sr.user, sr.id) if sr else (request.user, None) if not goal.account.supervised or user.is_advisor: check_state(Goal.State(goal.state), [ Goal.State.ACTIVE, Goal.State.ARCHIVE_REQUESTED, Goal.State.INACTIVE ]) Event.ARCHIVE_GOAL.log('{} {}'.format(request.method, request.path), user=request.user, obj=goal, support_request_id=sr_id) # Set the state to archive requested, # as the call to archive() requires it. goal.state = Goal.State.ARCHIVE_REQUESTED.value goal.archive() else: # I'm a client with a supervised goal, just change the status to # ARCHIVE_REQUESTED, and add a notification check_state(Goal.State(goal.state), [Goal.State.ACTIVE, Goal.State.INACTIVE]) Event.ARCHIVE_GOAL_REQUESTED.log('{} {}'.format( request.method, request.path), user=request.user, obj=goal, support_request_id=sr_id) # Flag the goal as archive requested. goal.state = Goal.State.ARCHIVE_REQUESTED.value # TODO: Add a notification to the advisor that the goal is archive requested. goal.save() return Response(serializers.GoalSerializer(goal).data)
def revert_selected(self, request, pk=None, **kwargs): """ Called to revert the current selected-settings to the approved-settings Returns a validation error if there is no approved-settings. """ goal = self.get_object() check_state(Goal.State(goal.state), Goal.State.ACTIVE) if not goal.approved_settings: raise ValidationError("No settings have yet been approved for " "this Goal, cannot revert to last approved.") sr_id = SupportRequest.get_current(request) Event.REVERT_SELECTED_SETTINGS.log('{} {}'.format( request.method, request.path), user=request.user, obj=goal, support_request_id=sr_id) goal.revert_selected() serializer = serializers.GoalSettingSerializer(goal.selected_settings) return Response(serializer.data)
def get_queryset(self): qs = super(GoalViewSet, self).get_queryset() # hide "slow" fields for list view if self.action == 'list': qs = qs.prefetch_related() qs = qs.select_related('selected_settings') qs = qs.exclude(state=Goal.State.ARCHIVED.value) # show "permissioned" records only user = SupportRequest.target_user(self.request) if user.is_advisor: qs = qs.filter_by_advisor(user.advisor) elif user.is_client: qs = qs.filter_by_client(user.client) else: raise PermissionDenied('Only Advisors or Clients are allowed ' 'to access goals.') return qs
def get_queryset(self): """ Because this viewset can have a primary owner and signatories, we don't use the queryset parsing features from NestedViewSetMixin as it only allows looking at one field for the parent. :return: """ qs = super(AccountViewSet, self).get_queryset() # show "permissioned" records only user = SupportRequest.target_user(self.request) if user.is_advisor: qs = qs.filter_by_advisor(user.advisor) elif user.is_client: qs = qs.filter_by_client(user.client) else: raise PermissionDenied('Only Advisors or Clients ' 'are allowed to access goals.') return qs
def render(self, data, media_type=None, renderer_context=None): """ NB. be sure that settings.REST_FRAMEWORK contains: 'EXCEPTION_HANDLER': '...api_exception_handler', """ logger = logging.getLogger(__name__) wrapper = { 'version': '2', 'data': {}, 'meta': {}, } # move error to the root level if hasattr(data, 'get') and data.get('error'): wrapper['error'] = data['error'] del data['error'] if data is not None: wrapper['data'] = data try: response = renderer_context['response'] request = renderer_context['request'] if 200 <= response.status_code < 400: meta = {} session_expire = SessionExpire(request) meta['session_expires_on'] = session_expire.expire_time() sr = SupportRequest.get_current(request, as_obj=True) if sr: meta['support_request'] = { 'ticket': sr.ticket, 'user': UserSerializer(instance=sr.user).data, } wrapper['meta'] = meta except (TypeError, KeyError) as e: logger.error("Missing parameteres (%s)", e) return super(ApiRenderer, self).render(wrapper, media_type, renderer_context)
def get(self, request, pk): user = SupportRequest.target_user(request) serializer = None if user.is_advisor: if user.advisor.firm.pk == int(pk): serializer = self.serializer_class(user.advisor.firm) elif user.is_authorised_representative: if user.authorised_representative.firm.pk == int(pk): serializer = self.serializer_class( user.authorised_representative.firm) elif user.is_supervisor: if user.supervisor.firm.pk == int(pk): serializer = self.serializer_class(user.supervisor.firm) elif user.is_client: # make sure user is a client of the requested firm if user.client.advisor.firm.pk == int(pk): serializer = self.serializer_class(user.client.advisor.firm) if serializer: return Response(serializer.data) return self.permission_denied(request)
def dispatch(self, request, *args, **kwargs): client_pk = kwargs["pk"] account_class = request.POST.get("account_type", request.GET.get("account_type", None)) if account_class is None: account_class = request.POST.get("account_class", request.GET.get("account_class", None)) if account_class not in ["joint_account", "trust_account"]: raise http.Http404() user = SupportRequest.target_user(request) advisor = user.advisor try: client = advisor.clients.get(pk=client_pk) except ObjectDoesNotExist: raise PermissionDenied() self.client = client self.account_class = account_class return super(AdvisorCreateNewAccountForExistingClient, self).dispatch(request, *args, **kwargs)
def __init__(self, *args, **kwargs): super(GoalCreateSerializer, self).__init__(*args, **kwargs) # request-based validation request = self.context.get('request') if not request: return # for swagger's dummy calls only user = SupportRequest.target_user(request) # experimental / for advisors if user.is_advisor: self.fields['account'].queryset = \ self.fields['account'].queryset.filter_by_advisor(user.advisor) # experimental / for clients # TEMP set default account if user.is_client: self.fields['account'].required = False self.fields['account'].default = user.client.accounts.all().first() self.fields['account'].queryset = \ self.fields['account'].queryset.filter_by_client(user.client)
def approve_selected(self, request, pk=None, **kwargs): """ Called to make the currently selected settings approved by the advisor, ready to be activated next time the account is processed (rebalance). """ sr = SupportRequest.get_current(request, as_obj=True) # check helped user instead if support request is active user, sr_id = (sr.user, sr.id) if sr else (request.user, None) if not user.is_advisor: raise PermissionDenied('Only an advisor can approve selections.') goal = self.get_object() check_state(Goal.State(goal.state), Goal.State.ACTIVE) Event.APPROVE_SELECTED_SETTINGS.log('{} {}'.format( request.method, request.path), user=request.user, obj=goal, support_request_id=sr_id) goal.approve_selected() serializer = serializers.GoalSettingSerializer(goal.approved_settings) return Response(serializer.data)
def withdraw(self, request, pk=None, **kwargs): goal = self.get_object() check_state(Goal.State(goal.state), Goal.State.ACTIVE) sr_id = SupportRequest.get_current(request) Event.GOAL_WITHDRAWAL.log('{} {}'.format(request.method, request.path), request.data, user=request.user, obj=goal, support_request_id=sr_id) serializer = serializers.TransactionCreateSerializer(data=request.data) serializer.is_valid(raise_exception=True) # Make sure the total amount for the goal is larger than the pending withdrawal amount. if goal.current_balance + 0.0000001 < serializer.validated_data[ 'amount']: emsg = "Goal's current balance: {} is less than the desired withdrawal amount: {}" raise SystemConstraintError( emsg.format(goal.current_balance, serializer.validated_data['amount'])) serializer.save(from_goal=goal, reason=Transaction.REASON_WITHDRAWAL) headers = self.get_success_headers(serializer.data) return Response(serializer.data, status=status.HTTP_201_CREATED, headers=headers)
def get_queryset(self): qs = super(ExternalAssetViewSet, self).get_queryset() # Only return assets which the user has access to. user = SupportRequest.target_user(self.request) return qs.filter_by_user(user)
def get_queryset(self): qs = super(ClientViewSet, self).get_queryset() # Only return Clients the user has access to. user = SupportRequest.target_user(self.request) return qs.filter_by_user(user)