def lock_user(request, provider_id, user_id, headers):
if request.method == 'POST':
# Get the new user from the form post
lock_form = json.loads(json.dumps(request.POST))
# Get the user and their company
response = requests.get("{}/user/{}".format(settings.ADMIN_WS_URL,
user_id),
headers=headers)
validate_api_call(response, [])
user = json.loads(response.text)['users'][0]
response = requests.get("{}/company/{}".format(settings.ADMIN_WS_URL,
provider_id),
headers=headers)
validate_api_call(response, [])
company = json.loads(response.text)['companies'][0]
data = {'user_id': user_id}
if lock_form['lock_type'] == "lock":
data['enabled'] = False
else:
data['enabled'] = True
data['updated_by'] = request.session['username']
response = requests.put("{}/user/{}/lock".format(
settings.ADMIN_WS_URL, user_id),
data=data,
headers=headers)
validate_api_call(response, [])
# Make audit call after lock/unlock was successful
if lock_form['lock_type'] == "lock":
create_audit(
request, headers, None, "USERS",
"Locked provider user '{} {}' under provider '{}'".format(
user['first_name'], user['last_name'],
company['company_name']), "UPDATE", provider_id, None)
else:
create_audit(
request, headers, None, "USERS",
"Unlocked provider user '{} {}' under provider '{}'".format(
user['first_name'], user['last_name'],
company['company_name']), "UPDATE", provider_id, None)
return redirect('edit_provider', provider_id)
else:
return HttpResponseNotAllowed(['POST'])
def edit_user(request, provider_id, user_id, headers):
if request.method == 'POST':
# Get the new user from the form post
new_user = json.loads(json.dumps(request.POST))
# Get the old user from the database
response = requests.get("{}/user/{}".format(settings.ADMIN_WS_URL,
user_id),
headers=headers)
validate_api_call(response, [])
old_user = json.loads(response.text)['users'][0]
data = {"user_id": user_id}
data['first_name'] = new_user['first_name']
data['last_name'] = new_user['last_name']
data['email'] = new_user['email'].lower()
data['phone_number'] = new_user['phone']
data['enabled'] = old_user['enabled']
data['deleted'] = old_user['deleted']
data['activated'] = old_user['activated']
data['reset_password'] = old_user['reset_password']
data['updated_by'] = request.session['username']
data['company_id'] = old_user['company_id']
data['role_id'] = old_user['role']['role_id']
response = requests.put("{}/user/{}".format(settings.ADMIN_WS_URL,
user_id),
data=data,
headers=headers)
validate_api_call(response, [409])
if response.status_code == 409:
logger.warning(
"status_code={} message=Failed to edit user {} because email-company-id pattern exists."
.format(409, data['first_name'] + " " + data['last_name']))
return HttpResponse(status=409)
create_audit(
request, headers, None, "USERS",
"Edited provider user '{} {}'".format(data['first_name'],
data['last_name']), "UPDATE",
provider_id, data['email'].lower())
messages.success(request, "User Updated")
return redirect('edit_provider', provider_id)
else:
return HttpResponseNotAllowed(['POST'])
def delete_user(request, provider_id, user_id, headers):
if request.method == 'POST':
# Get the delete form from the POST request
delete_form = json.loads(json.dumps(request.POST))
# Get the user and their company
response = requests.get("{}/user/{}".format(settings.ADMIN_WS_URL,
user_id),
headers=headers)
validate_api_call(response, [])
user = json.loads(response.text)['users'][0]
response = requests.get("{}/company/{}".format(settings.ADMIN_WS_URL,
provider_id),
headers=headers)
validate_api_call(response, [])
company = json.loads(response.text)['companies'][0]
data = {'user_id': user_id}
data['updated_by'] = request.session['username']
response = requests.delete("{}/user/{}".format(settings.ADMIN_WS_URL,
user_id),
data=data,
headers=headers)
validate_api_call(response, [])
create_audit(
request, headers, None, "USERS",
"Deleted provider user '{} {}' under provider '{}'".format(
user['first_name'], user['last_name'],
company['company_name']), "DELETE", provider_id, None)
messages.success(request, "User Deleted")
return redirect('edit_provider', provider_id)
else:
return HttpResponseNotAllowed(['POST'])
def configuration(request, headers):
# GET the Settings page
if request.method == "GET":
# Get a list of all destinations
response = requests.get("{}/config".format(settings.ADMIN_WS_URL),
headers=headers)
validate_api_call(response, [])
config = json.loads(response.text)['configs']
configs = {}
for item in config:
if item['property'] == "display_message":
configs['empty_message'] = item['value']
elif item['property'] == "display_contact_message":
configs['contact_message'] = item['value']
elif item['property'] == "display_reset_time":
reset_time = datetime.strptime(item['value'], "%H:%M")
configs['reset_time_h'] = reset_time.strftime("%I")
configs['reset_time_m'] = reset_time.strftime("%M")
configs['reset_time_ampm'] = reset_time.strftime("%p")
elif item['property'] == "display_start_time":
start_time = datetime.strptime(item['value'], "%H:%M")
configs['start_time_h'] = start_time.strftime("%I")
configs['start_time_m'] = start_time.strftime("%M")
configs['start_time_ampm'] = start_time.strftime("%p")
elif item['property'] == "display_refresh_interval":
configs['refresh_interval'] = item['value']
elif item['property'] == "display_checkout_interval":
configs['checkout_interval'] = item['value']
return render(request, "admin_portal/main/settings.html",
{"config": configs})
elif request.method == "POST":
data = json.loads(json.dumps(request.POST))
# Get the old data
response = requests.get("{}/config".format(settings.ADMIN_WS_URL),
headers=headers)
validate_api_call(response, [])
config = json.loads(response.text)['configs']
for item in config:
# Update config items only if the data has changed
# Display Message
if item['property'] == "display_message":
if item['value'] != data['display_message']:
response = requests.put(
"{}/config/property/{}".format(settings.ADMIN_WS_URL,
"display_message"),
data={"value": data['display_message']},
headers=headers)
validate_api_call(response, [])
# Display Contact Message
elif item['property'] == "display_contact_message":
if item['value'] != data['display_contact_message']:
response = requests.put(
"{}/config/property/{}".format(
settings.ADMIN_WS_URL, "display_contact_message"),
data={"value": data['display_contact_message']},
headers=headers)
validate_api_call(response, [])
# Display Refresh Interval
elif item['property'] == "display_refresh_interval":
if item['value'] != data['display_refresh_interval']:
response = requests.put(
"{}/config/property/{}".format(
settings.ADMIN_WS_URL, "display_refresh_interval"),
data={"value": data['display_refresh_interval']},
headers=headers)
validate_api_call(response, [])
# Display Checkout Interval
elif item['property'] == "display_checkout_interval":
if item['value'] != data['display_checkout_interval']:
response = requests.put(
"{}/config/property/{}".format(
settings.ADMIN_WS_URL,
"display_checkout_interval"),
data={"value": data['display_checkout_interval']},
headers=headers)
validate_api_call(response, [])
# Display Reset Time
elif item['property'] == "display_reset_time":
reset_time_12_hour = data['display_reset_time_h'] + ":" + data[
'display_reset_time_m'] + " " + data[
'display_reset_time_ampm']
reset_time_12_hour = datetime.strptime(reset_time_12_hour,
"%I:%M %p")
if item['value'] != reset_time_12_hour:
response = requests.put(
"{}/config/property/{}".format(settings.ADMIN_WS_URL,
"display_reset_time"),
data={"value": reset_time_12_hour.strftime("%H:%M")},
headers=headers)
validate_api_call(response, [])
# Display Start Time
elif item['property'] == "display_start_time":
start_time_12_hour = data['display_start_time_h'] + ":" + data[
'display_start_time_m'] + " " + data[
'display_start_time_ampm']
start_time_12_hour = datetime.strptime(start_time_12_hour,
"%I:%M %p")
if item['value'] != start_time_12_hour:
response = requests.put(
"{}/config/property/{}".format(settings.ADMIN_WS_URL,
"display_start_time"),
data={"value": start_time_12_hour.strftime("%H:%M")},
headers=headers)
validate_api_call(response, [])
# Let the display know that the config was updated
response = requests.get("{}/display/config".format(
settings.COORDINATOR_WS_URL))
validate_api_call(response, [])
create_audit(request, headers, None, "CONFIG",
"Edited Monitor Display Settings", "UPDATE", None, None)
messages.success(request,
"Successfully updated display monitor settings!")
return redirect(reverse('settings'))
# Otherwise redirect to home page
else:
return redirect(reverse('admin_login'))
def create_user(request, provider_id, headers):
if request.method == 'POST':
# Get the new user from the form post
new_user = json.loads(json.dumps(request.POST))
# Get the Super User Role
response = requests.get("{}/reference/role".format(
settings.ADMIN_WS_URL),
headers=headers)
validate_api_call(response, [])
all_roles = json.loads(response.text)['roles']
super_user_role_id = 0
for role in all_roles:
if role['role_name'] == "superuser":
super_user_role_id = role['role_id']
break
# Get the Company Name
response = requests.get("{}/company/{}".format(settings.ADMIN_WS_URL,
provider_id),
headers=headers)
validate_api_call(response, [])
company = json.loads(response.text)['companies'][0]
# Assert super_user_role_id is NOT 0
# Then construct the super user object for posting
temp_password = password_generator()
data = {'first_name': new_user['first_name']}
data['last_name'] = new_user['last_name']
data['email'] = new_user['email'].lower()
data['password'] = hashlib.sha256(temp_password).hexdigest()
data['phone_number'] = new_user['phone']
data['enabled'] = True
data['deleted'] = False
data['activated'] = False
data['reset_password'] = True
data['created_by'] = request.session['username']
data['company_id'] = provider_id
data['role_id'] = super_user_role_id
response = requests.post("{}/user".format(settings.ADMIN_WS_URL),
data=data,
headers=headers)
validate_api_call(response, [409])
# If the user already exists, then get the user id of the failed user and PUT the new data if user is deleted
if response.status_code == 409:
response = requests.get("{}/user".format(settings.ADMIN_WS_URL),
params={
"email": data['email'],
"company_id": provider_id,
"include_deleted": True
},
headers=headers)
validate_api_call(response, [])
conflicting_user = json.loads(response.text)['users'][0]
if conflicting_user['deleted']:
new_user_id = conflicting_user['user_id']
updated_data = data
updated_data['updated_by'] = request.session['username']
updated_data['role_id'] = super_user_role_id
response = requests.put("{}/user/{}".format(
settings.ADMIN_WS_URL, new_user_id),
data=updated_data,
headers=headers)
validate_api_call(response, [])
create_audit(
request, headers, None, "USERS",
"Created provider user '{} {}' under provider '{}'".format(
data['first_name'], data['last_name'],
company['company_name']), "ADD", provider_id,
data['email'].lower())
return resend_user_activation(request, provider_id,
conflicting_user['user_id'])
else:
logger.warning(
"status_code={} message=Failed to create user {} because active email-company-id pattern exists."
.format(409, data['first_name'] + " " + data['last_name']))
return HttpResponse(status=409)
else:
create_audit(
request, headers, None, "USERS",
"Created provider user '{} {}' under provider '{}'".format(
data['first_name'], data['last_name'],
company['company_name']), "ADD", provider_id,
data['email'].lower())
create_user_activation(request, headers, new_user['first_name'],
new_user['last_name'],
new_user['email'].lower(), temp_password)
messages.success(request, "User Created")
return redirect('edit_provider', provider_id)
else:
return HttpResponseNotAllowed(['POST'])