def generate_presigned_post(file_name, file_type, file_dir=''): """ generates a presigned post for a given file so you can upload it directly :param file_name: string, the file name :param file_type: string, the type of the file :param file_dir: string, the directory where the file should be :return: """ if file_name == '': raise CustomError(ERROR__RECORD__UPLOAD__NO_FILE_NAME) if file_type == '': raise CustomError(ERROR__RECORD__UPLOAD__NO_FILE_TYPE) s3_bucket = settings.AWS_S3_BUCKET_NAME if file_dir != '' and not file_dir.endswith('/'): file_dir = file_dir + "/" session = boto3.session.Session(region_name=settings.AWS_S3_REGION_NAME) s3 = session.client('s3', aws_access_key_id=settings.AWS_ACCESS_KEY_ID, aws_secret_access_key=settings.AWS_SECRET_ACCESS_KEY) presigned_post = s3.generate_presigned_post(Bucket=s3_bucket, Key=file_dir + file_name, Fields={ "acl": "private", "Content-Type": file_type }, ExpiresIn=3600) return { 'data': presigned_post, 'url': 'https://%s.s3.amazonaws.com/%s' % (s3_bucket, file_name) }
def update(self, request, *args, **kwargs): try: user_id = kwargs['pk'] user = UserProfile.objects.get(pk=user_id) except: raise CustomError(ERROR__API__ID_NOT_FOUND) if request.user != user and not request.user.is_superuser: raise CustomError(ERROR__API__PERMISSION__INSUFFICIENT) data = request.data if 'birthday' in data: user.birthday = parse_date(data['birthday']) if 'postal_code' in data: user.postal_code = data['postal_code'] if 'street' in data: user.street = data['street'] if 'city' in data: user.city = data['city'] if 'phone_number' in data: user.phone_number = data['phone_number'] if 'user_state' in data: user.user_state = data['user_state'] if 'user_record_state' in data: user.user_record_state = data['user_record_state'] if request.user.is_superuser and 'email' in data: user.email = data['email'] user.save() return Response(UserProfileSerializer(user).data)
def post(self, request, id): filename = request.data['filename'] try: record = models.Record.objects.get(pk=id) except Exception as e: raise CustomError(error_codes.ERROR__RECORD__RECORD__NOT_EXISTING) if not record.user_has_permission(request.user): raise CustomError(error_codes.ERROR__API__PERMISSION__INSUFFICIENT) directory = storage_folders.get_storage_folder_record_document(record.from_rlc_id, record.id) information = storage_generator.check_file_and_get_information(directory, filename) if 'error' in information: return Response(information) already_existing = models.RecordDocument.objects.filter(name=information['key']).first() if already_existing is not None: already_existing.file_size = information['size'] already_existing.last_edited = datetime.now() already_existing.save() serializer = serializers.RecordDocumentSerializer(already_existing) return Response(serializer.data) else: name = information['key'].split('/')[-1] new_document = models.RecordDocument(record=record, name=name, creator=request.user, file_size=information['size']) new_document.save() serializer = serializers.RecordDocumentSerializer(new_document) return Response(serializer.data)
def post(self, request, id): try: document = models.RecordDocument.objects.get(pk=id) except Exception as e: raise CustomError(error_codes.ERROR__RECORD__DOCUMENT__NOT_FOUND) if not document.record: raise CustomError( error_codes.ERROR__RECORD__DOCUMENT__NO_LINKED_RECORD) if not document.record.user_has_permission(request.user): raise CustomError(error_codes.ERROR__API__PERMISSION__INSUFFICIENT) if 'tag_ids' not in request.data: raise CustomError( error_codes.ERROR__RECORD__DOCUMENT__NO_TAG_PROVIDED) tags = [] for tag in request.data['tag_ids']: try: real_tag = models.RecordDocumentTag.objects.get( pk=tag['id']) # tag_ids except Exception as e: raise CustomError( error_codes.ERROR__RECORD__DOCUMENT__TAG_NOT_EXISTING) tags.append(real_tag) document.tagged.clear() for tag in tags: document.tagged.add(tag) document.save() serializer = serializers.RecordDocumentSerializer(document) return Response(serializer.data)
def post(self, request): if 'email' in request.data: email = request.data['email'] else: raise CustomError(ERROR__API__EMAIL__NO_EMAIL_PROVIDED) try: user = UserProfile.objects.get(email=email) except: raise CustomError(ERROR__API__EMAIL__NO_EMAIL_PROVIDED) link_already = ForgotPasswordLinks.objects.filter(user=user).__len__() if link_already >= 1: raise CustomError(ERROR__API__USER__ALREADY_FORGOT_PASSWORD) user.is_active = False user.save() ip = get_client_ip(request) forgot_password_link = ForgotPasswordLinks(user=user, ip_address=ip) forgot_password_link.save() url = get_website_base_url( ) + "api/reset-password/" + forgot_password_link.link EmailSender.send_email_notification( [user.email], "Password reset", "Your password was resetted click here: " + url) return Response()
def post(self, request, id): if not request.user.has_permission( permissions.PERMISSION_VIEW_RECORDS_RLC, for_rlc=request.user.rlc): raise CustomError(error_codes.ERROR__API__PERMISSION__INSUFFICIENT) try: record = models.Record.objects.get(pk=id) except Exception as e: raise CustomError(error_codes.ERROR__RECORD__RECORD__NOT_EXISTING) if record.user_has_permission(request.user): raise CustomError( error_codes.ERROR__RECORD__PERMISSION__ALREADY_WORKING_ON) if models.RecordPermission.objects.filter(record=record, request_from=request.user, state='re').count() >= 1: raise CustomError( error_codes.ERROR__RECORD__PERMISSION__ALREADY_REQUESTED) can_edit = False if 'can_edit' in request.data: can_edit = request.data['can_edit'] permission = models.RecordPermission(request_from=request.user, record=record, can_edit=can_edit) permission.save() return Response( serializers.RecordPermissionSerializer(permission).data)
def post(self, request): if not request.user.has_permission( permissions.PERMISSION_CAN_ADD_RECORD_RLC, for_rlc=request.user.rlc): raise CustomError(error_codes.ERROR__API__PERMISSION__INSUFFICIENT) data = request.data rlc = request.user.rlc if 'client_id' in data: try: client = models.Client.objects.get(pk=data['client_id']) except: raise CustomError( error_codes.ERROR__RECORD__CLIENT__NOT_EXISTING) client.note = data['client_note'] client.phone_number = data['client_phone_number'] client.save() else: client = models.Client(name=data['client_name'], phone_number=data['client_phone_number'], birthday=data['client_birthday'], note=data['client_note'], from_rlc=rlc) client.save() try: origin = models.OriginCountry.objects.get( pk=data['origin_country']) except: raise CustomError( error_codes.ERROR__RECORD__ORIGIN_COUNTRY__NOT_FOUND) client.origin_country = origin client.save() record = models.Record(client_id=client.id, first_contact_date=data['first_contact_date'], last_contact_date=data['first_contact_date'], record_token=data['record_token'], note=data['record_note'], creator_id=request.user.id, from_rlc_id=rlc.id, state="op", official_note=data['official_note']) record.save() for tag_id in data['tags']: record.tagged.add(models.RecordTag.objects.get(pk=tag_id)) for user_id in data['consultants']: record.working_on_record.add(UserProfile.objects.get(pk=user_id)) record.save() for user_id in data['consultants']: actual_consultant = UserProfile.objects.get(pk=user_id) url = FrontendLinks.get_record_link(record) EmailSender.send_email_notification( [actual_consultant.email], "New Record", "RLC Intranet Notification - Your were assigned as a consultant for a new record. Look here:" + url) return Response(serializers.RecordFullDetailSerializer(record).data)
def check_if_user_active(user_email): """ checks if user exists and if user is active :param user_email: string, email of user :return: """ try: user = UserProfile.objects.get(email=user_email) except: raise CustomError(ERROR__API__USER__NOT_FOUND) if not user.is_active: raise CustomError(ERROR__API__USER__INACTIVE)
def get(self, request, pk): try: group = models.Group.objects.get(pk=pk) except: raise CustomError(error_codes.ERROR__API__GROUP__GROUP_NOT_FOUND) if not request.user.has_permission(PERMISSION_VIEW_PERMISSIONS_RLC, for_rlc=request.user.rlc): raise CustomError(error_codes.ERROR__API__PERMISSION__INSUFFICIENT) data = [model_to_dict(has_permission) for has_permission in models.HasPermission.objects.filter(group_has_permission=group)] return Response(data)
def destroy(self, request, *args, **kwargs): if 'pk' not in kwargs: raise CustomError(error_codes.ERROR__API__HAS_PERMISSION__NO_ID_PROVIDED) try: hasPermission = HasPermission.objects.get(pk=kwargs['pk']) except: raise CustomError(error_codes.ERROR__API__HAS_PERMISSION__NOT_FOUND) user = request.user if not user.has_permission(PERMISSION_MANAGE_PERMISSIONS_RLC, for_rlc=user.rlc): return CustomError(error_codes.ERROR__API__PERMISSION__INSUFFICIENT) hasPermission.delete() return Response({'status': 'success'})
def post(self, request, id): try: link = ForgotPasswordLinks.objects.get(link=id) except: raise CustomError( ERROR__API__USER__PASSWORD_RESET_LINK_DOES_NOT_EXIST) if 'new_password' not in request.data: raise CustomError(ERROR__API__USER__NEW_PASSWORD_NOT_PROVIDED) new_password = request.data['new_password'] link.user.set_password(new_password) link.user.is_active = True link.user.save() link.delete() return Response()
def post(self, request): if not request.user.has_permission( permissions.PERMISSION_ACTIVATE_INACTIVE_USERS_RLC, for_rlc=request.user.rlc): raise CustomError(ERROR__API__PERMISSION__INSUFFICIENT) # method and user_id if request.data['method'] == 'activate': try: user = UserProfile.objects.get(pk=request.data['user_id']) except: raise CustomError(ERROR__API__USER__NOT_FOUND) user.is_active = True user.save() return Response(UserProfileSerializer(user).data) raise CustomError(ERROR__API__ACTION_NOT_VALID)
def create(self, request, *args, **kwargs): if not request.user.is_superuser and not request.user.has_permission(PERMISSION_MANAGE_PERMISSIONS_RLC, for_rlc=request.user.rlc): raise CustomError(error_codes.ERROR__API__PERMISSION__INSUFFICIENT) # if request.data['rlc_has_permission'] and request.user.rlc.id != request.data['rlc_has_permission'] or \ # request.data['permission_for_rlc'] and request.user.rlc.id != request.data['permission_for_rlc']: # raise CustomError(error_codes.ERROR__API__HAS_PERMISSION__CAN_NOT_CREATE) if HasPermission.already_existing(request.data): raise CustomError(error_codes.ERROR__API__HAS_PERMISSION__ALREADY_EXISTING) serializer = self.get_serializer(data=request.data) serializer.is_valid(raise_exception=True) self.perform_create(serializer) headers = self.get_success_headers(serializer.data) return Response(serializer.data, status=status.HTTP_201_CREATED, headers=headers)
def retrieve(self, request, pk=None): # TODO: deprecated? try: record = models.Record.objects.get(pk=pk) # changed except Exception as e: raise CustomError(error_codes.ERROR__RECORD__DOCUMENT__NOT_FOUND) if request.user.rlc != record.from_rlc: raise CustomError( error_codes.ERROR__RECORD__RETRIEVE_RECORD__WRONG_RLC) if record.user_has_permission(request.user): serializer = serializers.RecordFullDetailSerializer(record) else: serializer = serializers.RecordNoDetailSerializer(record) return Response(serializer.data)
def get(self, request): file_key = request.query_params.get('file', '') file_dir = file_key[:file_key.rfind('/')] if not user_has_permission(file_dir, request.user): raise CustomError(ERROR__API__PERMISSION__INSUFFICIENT) return Response(generate_presigned_url(file_key))
def get(self, request, id): try: record = models.Record.objects.get(pk=id) except Exception as e: raise CustomError(error_codes.ERROR__RECORD__RECORD__NOT_EXISTING) if not record.user_has_permission(request.user): raise CustomError(error_codes.ERROR__API__PERMISSION__INSUFFICIENT) docs = list(models.RecordDocument.objects.filter(record=record)) filenames = [] for doc in docs: storage_generator.download_file(doc.get_filekey(), doc.name) filenames.append(doc.name) return storage_generator.zip_files_and_create_response(filenames, 'record.zip')
def list(self, request, *args, **kwargs): if not request.user.has_permission(PERMISSION_ACCEPT_NEW_USERS_RLC, for_rlc=request.user.rlc): raise CustomError(error_codes.ERROR__API__PERMISSION__INSUFFICIENT) queryset = NewUserRequest.objects.filter( request_from__rlc=request.user.rlc) return Response(NewUserRequestSerializer(queryset, many=True).data)
def create(self, request): """ use the obtainauthToken APIView to validate and create a token additionally add all important information for app usage like static possible states, possible permissions and so on Args: request: the request with data: 'username' and 'password" Returns: token, information and permissions of user all possible permissions, country states, countries, clients, record states, consultants """ data = { 'password': request.data['password'], 'username': request.data['username'].lower() } serializer = self.serializer_class(data=data) LoginViewSet.check_if_user_active(data['username']) if serializer.is_valid(): token, created = Token.objects.get_or_create( user=serializer.validated_data['user']) Token.objects.filter(user=token.user).exclude( key=token.key).delete() if not created: # update the created time of the token to keep it valid token.created = datetime.utcnow().replace(tzinfo=pytz.utc) token.save() return Response(LoginViewSet.get_login_data(token.key)) raise CustomError(ERROR__API__LOGIN__INVALID_CREDENTIALS)
def has_permission(self, permission, for_user=None, for_group=None, for_rlc=None): """ Args: permission: (int) permission_id or (str) exact name of permission for_user: (int) user_id for which the permission is for_group: (int) group_id for which the permission is for_rlc: (int) rlc_id for which the permission is Returns: True if the user has the given permission for the given group or user False if the user doesnt have the permission """ if isinstance(permission, str): try: permission = Permission.objects.get(name=permission).id except Exception as e: raise CustomError(ERROR__API__PERMISSION__NOT_FOUND) if for_user is not None and for_group is not None and for_rlc is not None: raise AttributeError() return self.__has_as_user_permission(permission, for_user, for_group, for_rlc) or \ self.__has_as_group_member_permission(permission, for_user, for_group, for_rlc) or \ self.__has_as_rlc_member_permission(permission, for_user, for_group, for_rlc) or \ self.is_superuser
def get(self, request): if not request.user.has_permission( permissions.PERMISSION_ACTIVATE_INACTIVE_USERS_RLC, for_rlc=request.user.rlc): raise CustomError(ERROR__API__PERMISSION__INSUFFICIENT) inactive_users = UserProfile.objects.filter(rlc=request.user.rlc, is_active=False) return Response(UserProfileSerializer(inactive_users, many=True).data)
def post(self, request): if 'email' in request.data: email = request.data['email'] else: raise CustomError(ERROR__API__EMAIL__NO_EMAIL_PROVIDED) # EmailSender.send_email_notification([email], 'SYSTEM NOTIFICATION', 'There was a change') EmailSender.test_send(email) return Response()
def create(self, request, *args, **kwargs): if not request.user.has_permission( permissions.PERMISSION_MANAGE_GROUPS_RLC, for_rlc=request.user.rlc) and not request.user.has_permission( permissions.PERMISSION_ADD_GROUP_RLC, for_rlc=request.user.rlc): raise CustomError(error_codes.ERROR__API__PERMISSION__INSUFFICIENT) if 'name' not in request.data or 'visible' not in request.data: raise CustomError(error_codes.ERROR__API__GROUP__CAN_NOT_CREATE) group = models.Group(name=request.data['name'], visible=request.data['visible'], creator=request.user, from_rlc=request.user.rlc) group.save() return Response(serializers.GroupNameSerializer(group).data)
def post(self, request, id): try: user_activation = UserActivationLink.objects.get(link=id) except: raise CustomError(error_codes.ERROR__API__USER_ACTIVATION__LINK_NOT_FOUND) try: new_user_request = NewUserRequest.objects.get(request_from=user_activation.user) except: raise CustomError(error_codes.ERROR__API__NEW_USER_REQUEST__REQUEST_NOT_FOUND) user_activation.activated = True user_activation.save() if new_user_request.state == 'gr': user_activation.user.is_active = True user_activation.user.save() return Response({"success": True})
def list(self, request): """ :param request: :return: """ parts = request.query_params.get('search', '').split(' ') user = request.user if user.is_superuser: entries = models.Record.objects.all() for part in parts: consultants = UserProfile.objects.filter(name__icontains=part) entries = entries.filter( Q(tagged__name__icontains=part) | Q(note__icontains=part) | Q(working_on_record__in=consultants) | Q(record_token__icontains=part)).distinct() serializer = serializers.RecordFullDetailSerializer(entries, many=True) return Response(serializer.data) if not user.has_permission( permissions.PERMISSION_VIEW_RECORDS_RLC, for_rlc=user.rlc) and not user.has_permission( permissions.PERMISSION_VIEW_RECORDS_FULL_DETAIL_RLC, for_rlc=user.rlc): raise CustomError(error_codes.ERROR__API__PERMISSION__INSUFFICIENT) # entries = models.Record.objects.filter(from_rlc=user.rlc) entries = models.Record.objects.filter_by_rlc(user.rlc) for part in parts: consultants = UserProfile.objects.filter(name__icontains=part) entries = entries.filter( Q(tagged__name__icontains=part) | Q(note__icontains=part) | Q(working_on_record__in=consultants) | Q(record_token__icontains=part)).distinct() records = [] if user.has_permission( permissions.PERMISSION_VIEW_RECORDS_FULL_DETAIL_RLC, for_rlc=user.rlc): queryset = entries serializer = serializers.RecordFullDetailSerializer(queryset, many=True) records += serializer.data else: queryset = entries.get_full_access_records(user).distinct() serializer = serializers.RecordFullDetailSerializer(queryset, many=True) records += serializer.data queryset = entries.get_no_access_records(user) serializer = serializers.RecordNoDetailSerializer(queryset, many=True) records += serializer.data return Response(records)
def get(self, request, id): """ used to generate a presigned post, with that you can successfully upload a file to storage :param request: :param id: :return: """ record = models.Record.objects.get(pk=id) if record is None: raise CustomError(error_codes.ERROR__RECORD__RECORD__NOT_EXISTING) if not record.user_has_permission(request.user): raise CustomError(error_codes.ERROR__API__PERMISSION__INSUFFICIENT) file_dir = storage_folders.get_storage_folder_record_document(record.from_rlc_id, record.id) file_name = request.query_params.get('file_name', '') file_type = request.query_params.get('file_type', '') return storage_generator.generate_presigned_post(file_name, file_type, file_dir)
def create(self, request): if type(request.data) is QueryDict: data = request.data.dict() else: data = dict(request.data) if 'rlc' in data: del data['rlc'] # Check if email already in use if UserProfile.objects.filter(email=request.data['email']).count() > 0: raise CustomError(ERROR__API__EMAIL__ALREADY_IN_USE) data['email'] = data['email'].lower() serializer = self.get_serializer(data=data) serializer.is_valid(raise_exception=True) self.perform_create(serializer) user = UserProfile.objects.get(email=request.data['email'].lower()) if 'rlc' not in request.data: raise CustomError(ERROR__API__REGISTER__NO_RLC_PROVIDED) user.rlc = Rlc.objects.get(pk=request.data['rlc']) if 'birthday' in request.data: user.birthday = request.data['birthday'] user.is_active = False user.save() # new user request from backend.api.models import NewUserRequest new_user_request = NewUserRequest(request_from=user) new_user_request.save() # new user activation link from backend.api.models import UserActivationLink user_activation_link = UserActivationLink(user=user) user_activation_link.save() EmailSender.send_user_activation_email( user, FrontendLinks.get_user_activation_link(user_activation_link)) headers = self.get_success_headers(serializer.data) return Response(serializer.data, status=status.HTTP_201_CREATED, headers=headers)
def retrieve(self, request, pk=None, **kwargs): if pk is None: raise CustomError(ERROR__API__USER__ID_NOT_PROVIDED) try: user = UserProfile.objects.get(pk=pk) except Exception as e: raise CustomError(ERROR__API__USER__NOT_FOUND) if request.user.rlc != user.rlc: if request.user.is_superuser or request.user.has_permission( permissions.PERMISSION_VIEW_FULL_USER_DETAIL_OVERALL): serializer = UserProfileSerializer(user) else: raise CustomError(ERROR__API__USER__NOT_SAME_RLC) else: if request.user.has_permission( permissions.PERMISSION_VIEW_FULL_USER_DETAIL_RLC): serializer = UserProfileSerializer(user) else: serializer = UserProfileForeignSerializer(user) return Response(serializer.data)
def get(self, request, id): try: record = models.Record.objects.get(pk=id) except: raise CustomError(error_codes.ERROR__RECORD__RECORD__NOT_EXISTING) user = request.user if user.rlc != record.from_rlc and not user.is_superuser: raise CustomError( error_codes.ERROR__RECORD__RETRIEVE_RECORD__WRONG_RLC) if record.user_has_permission(user): record_serializer = serializers.RecordFullDetailSerializer(record) client_serializer = serializers.ClientSerializer(record.client) origin_country = serializers.OriginCountrySerializer( record.client.origin_country) documents = serializers.RecordDocumentSerializer( record.record_documents, many=True) messages = serializers.RecordMessageSerializer( record.record_messages, many=True) return Response({ 'record': record_serializer.data, 'client': client_serializer.data, 'origin_country': origin_country.data, 'record_documents': documents.data, 'record_messages': messages.data }) else: serializer = serializers.RecordNoDetailSerializer(record) permission_request = models.RecordPermission.objects.filter( record=record, request_from=user, state='re').first() if not permission_request: state = 'nr' else: state = permission_request.state return Response({ 'record': serializer.data, 'request_state': state })
def post(self, request, id): # request = self.request if 'message' not in request.data or request.data['message'] == '': raise CustomError( error_codes.ERROR__RECORD__MESSAGE__NO_MESSAGE_PROVIDED) message = request.data['message'] try: record = models.Record.objects.get(pk=id) except Exception as e: raise CustomError(error_codes.ERROR__RECORD__RECORD__NOT_EXISTING) if not record.user_has_permission(request.user): raise CustomError(error_codes.ERROR__API__PERMISSION__INSUFFICIENT) record_message = models.RecordMessage(sender=request.user, message=message, record=record) record_message.save() EmailSender.send_record_new_message_notification_email(record) return Response( serializers.RecordMessageSerializer(record_message).data)
def post(self, request): """ used to admit or decline a given permission request :param request: :return: """ user = request.user if not user.has_permission( permissions.PERMISSION_PERMIT_RECORD_PERMISSION_REQUESTS_RLC, for_rlc=user.rlc): raise CustomError(error_codes.ERROR__API__PERMISSION__INSUFFICIENT) if 'id' not in request.data: raise CustomError( error_codes.ERROR__RECORD__PERMISSION__ID_NOT_PROVIDED) try: permission_request = models.RecordPermission.objects.get( pk=request.data['id']) except Exception as e: raise CustomError( error_codes.ERROR__RECORD__PERMISSION__ID_NOT_FOUND) if 'action' not in request.data: raise CustomError(error_codes.ERROR__API__NO_ACTION_PROVIDED) action = request.data['action'] if action != 'accept' and action != 'decline': raise CustomError( error_codes.ERROR__RECORD__PERMISSION__NO_VALID_ACTION_PROVIDED ) permission_request.request_processed = user permission_request.processed_on = datetime.utcnow().replace( tzinfo=pytz.utc) if action == 'accept': permission_request.state = 'gr' else: permission_request.state = 'de' permission_request.save() return Response( serializers.RecordPermissionSerializer(permission_request).data)