def get_queryset(self): """ List all organisations. """ if (hasattr(self.request.user, "exporteruser") and get_request_user_organisation( self.request).type != OrganisationType.HMRC): raise PermissionError( "Exporters aren't allowed to view other organisations") organisations = Organisation.objects.all() org_types = self.request.query_params.getlist("org_type", []) search_term = self.request.query_params.get("search_term") status = self.request.query_params.get("status") if org_types: organisations = organisations.filter(type__in=org_types) if search_term: organisations = organisations.filter( Q(name__icontains=search_term) | Q(registration_number__icontains=search_term)) if status: organisations = organisations.filter(status=status) return organisations
def get_queryset(self): organisation = get_request_user_organisation(self.request) documents = GeneratedCaseDocument.objects.select_related( "case").filter(advice_type=AdviceType.NO_LICENCE_REQUIRED, case__organisation=organisation) reference = self.request.GET.get("reference") clc = self.request.GET.get("clc") country = self.request.GET.get("country") end_user = self.request.GET.get("end_user") if reference: documents = documents.filter( case__reference_code__contains=reference) if clc: documents = documents.filter( case__advice__good__control_list_entries__rating=clc, case__advice__level=AdviceLevel.FINAL, case__advice__type=AdviceType.NO_LICENCE_REQUIRED, ) if country: documents = documents.filter( case__baseapplication__parties__party__country=country) if end_user: documents = documents.filter( case__baseapplication__parties__party__name__contains=end_user) return documents.distinct()
def put(self, request, pk): """ Update an application instance with route of goods data. """ application = get_application(pk) serializer = get_application_update_serializer(application) case = application.get_case() data = request.data.copy() serializer = serializer(application, data=data, context=get_request_user_organisation(request), partial=True) if not serializer.is_valid(): return JsonResponse(data={"errors": serializer.errors}, status=status.HTTP_400_BAD_REQUEST) previous_answer = application.is_shipped_waybill_or_lading new_answer = str_to_bool(data.get("is_shipped_waybill_or_lading")) if previous_answer != new_answer: self.add_audit_entry(request, case, "is shipped waybill or lading", previous_answer, new_answer) if not new_answer: previous_details = application.non_waybill_or_lading_route_details new_details = data.get("non_waybill_or_lading_route_details") if previous_details != new_details: self.add_audit_entry(request, case, "non_waybill_or_lading_route_details", previous_details, new_details) serializer.save() return JsonResponse(data={}, status=status.HTTP_200_OK)
def get(self, request): """ Count the number of application, eua_query and goods_query exporter user notifications """ organisation = get_request_user_organisation(request) notifications_list = list( self.queryset.filter( user_id=request.user.pk, organisation_id=organisation.id).prefetch_related( "case__case_type", "case__compliancesitecase").values( "case__case_type__sub_type", "case__case_type__type", "case__compliancesitecase__site_id", "case__compliancevisitcase__site_case__site_id", )) case_types = [ notification["case__case_type__type"] for notification in notifications_list ] case_sub_types = [ notification["case__case_type__sub_type"] for notification in notifications_list ] notifications = { CaseTypeTypeEnum.APPLICATION: case_types.count(CaseTypeTypeEnum.APPLICATION), CaseTypeSubTypeEnum.EUA: case_sub_types.count(CaseTypeSubTypeEnum.EUA), CaseTypeSubTypeEnum.GOODS: case_sub_types.count(CaseTypeSubTypeEnum.GOODS), } # Compliance can_administer_sites = check_user_has_permission( self.request.user.exporteruser, ExporterPermissions.ADMINISTER_SITES, organisation) request_user_sites = (list( Site.objects.get_by_user_and_organisation( request.user.exporteruser, organisation).values_list( "id", flat=True)) if not can_administer_sites else []) notifications[CaseTypeTypeEnum.COMPLIANCE] = len([ notification for notification in notifications_list if (notification["case__compliancesitecase__site_id"] and can_administer_sites) or (notification["case__compliancevisitcase__site_case__site_id"] and can_administer_sites) or notification["case__compliancesitecase__site_id"] in request_user_sites or notification["case__compliancevisitcase__site_case__site_id"] in request_user_sites ]) return JsonResponse(data={"notifications": notifications}, status=status.HTTP_200_OK)
def get_serializer_context(self): user = self.request.user if user.type == UserType.EXPORTER: organisation = get_request_user_organisation(self.request) sites = Site.objects.get_by_user_and_organisation(self.request.user.exporteruser, organisation) cases = ( OpenGeneralLicenceCase.objects.filter(site__in=sites) .select_related("status", "site", "site__address") .annotate(records_located_at_name=F("site__site_records_located_at__name")) ) return {"user": user, "organisation": organisation, "cases": cases}
def get(self, request): organisation = get_request_user_organisation(request) if organisation.type == "hmrc": has_queries = HmrcQuery.objects.submitted( hmrc_organisation=organisation).exists() return JsonResponse(data={"queries": has_queries}) else: has_applications = BaseApplication.objects.filter( organisation=organisation).exists() return JsonResponse(data={ "applications": has_applications, })
def get_exporter_visible_compliance_site_cases(request, organisation: Optional[Organisation]): if not organisation: organisation = get_request_user_organisation(request) qs = ComplianceSiteCase.objects.select_related("site", "site__address").filter(organisation_id=organisation.id) # if user does not have permission to manage all sites, filter by sites accessible if not check_user_has_permission(request.user.exporteruser, ExporterPermissions.ADMINISTER_SITES, organisation): sites = Site.objects.get_by_user_and_organisation(request.user.exporteruser, organisation).values_list( "id", flat=True ) qs = qs.filter(site__in=sites) return qs
def post(self, request, *args, **kwargs): organisation = get_request_user_organisation(request) open_general_licence = get_open_general_licence( request.data.get("open_general_licence")) open_general_licence_id, registrations = organisation.register_open_general_licence( open_general_licence, request.user.exporteruser) return JsonResponse( data={ "open_general_licence": open_general_licence_id, "registrations": registrations }, status=status.HTTP_201_CREATED, )
def get(self, request, pk): """ Get user from pk """ user = get_user_by_pk(pk) organisation = get_request_user_organisation(request) if request.user.pk != pk: assert_user_has_permission(request.user.exporteruser, ExporterPermissions.ADMINISTER_USERS, organisation) relationship = get_user_organisation_relationship(user, organisation) serializer = ExporterUserViewSerializer(user, context=relationship) return JsonResponse(data={"user": serializer.data})
def post(self, request, pk): application = get_application(pk) data = request.data location_ids = data.get("external_locations") errors = self._validate_request(application, location_ids) if errors: return JsonResponse(data={"errors": errors}, status=status.HTTP_400_BAD_REQUEST) previous_locations = ExternalLocationOnApplication.objects.filter( application=application) previous_location_ids = [ str(previous_location_id) for previous_location_id in previous_locations.values_list("external_location__id", flat=True) ] new_locations, errors = self._get_new_locations( application, get_request_user_organisation(request), location_ids, previous_locations, previous_location_ids) if errors: return JsonResponse(data={"errors": errors}, status=status.HTTP_400_BAD_REQUEST) # Update activity application.activity = self.BROKERING application.save() external_locations, errors = self._set_locations_and_sites( data.get("method"), previous_location_ids, location_ids, previous_locations, new_locations, application, request.user, ) if errors: return JsonResponse(data={"errors": errors}, status=status.HTTP_400_BAD_REQUEST) return JsonResponse(data={"external_locations": external_locations}, status=status.HTTP_201_CREATED)
def get_queryset(self): """ Filter applications on submitted """ try: submitted = optional_str_to_bool(self.request.GET.get("submitted")) except ValueError as e: return JsonResponse(data={"errors": str(e)}, status=status.HTTP_400_BAD_REQUEST) organisation = get_request_user_organisation(self.request) if organisation.type == OrganisationType.HMRC: if submitted is None: applications = HmrcQuery.objects.filter( hmrc_organisation=organisation) elif submitted: applications = HmrcQuery.objects.submitted( hmrc_organisation=organisation) else: applications = HmrcQuery.objects.drafts( hmrc_organisation=organisation) else: if submitted is None: applications = BaseApplication.objects.filter( organisation=organisation) elif submitted: applications = BaseApplication.objects.submitted(organisation) else: applications = BaseApplication.objects.drafts(organisation) users_sites = Site.objects.get_by_user_and_organisation( self.request.user.exporteruser, organisation) disallowed_applications = SiteOnApplication.objects.exclude( site__id__in=users_sites).values_list("application", flat=True) applications = applications.exclude( id__in=disallowed_applications).exclude( case_type_id=CaseTypeEnum.HMRC.id) return applications.prefetch_related("status", "case_type").select_subclasses()
def post(self, request, **kwargs): """ Create a new application """ data = request.data if not data.get("application_type"): raise ValidationError({ "application_type": [strings.Applications.Generic.SELECT_AN_APPLICATION_TYPE] }) case_type = data.pop("application_type", None) serializer = get_application_create_serializer(case_type) serializer = serializer( data=data, case_type_id=CaseTypeEnum.reference_to_id(case_type), context=get_request_user_organisation(request), ) if serializer.is_valid(raise_exception=True): application = serializer.save() return JsonResponse(data={"id": application.id}, status=status.HTTP_201_CREATED)
def get_serializer_context(self): user = self.request.user if hasattr(user, "exporteruser"): organisation = get_request_user_organisation(self.request) sites = Site.objects.get_by_user_and_organisation(self.request.user.exporteruser, organisation) cases = ( OpenGeneralLicenceCase.objects.filter(site__in=sites) .select_related("status", "site", "site__address") .annotate(records_located_at_name=F("site__site_records_located_at__name")) ) if str_to_bool(self.request.GET.get("active_only")): cases = cases.filter( status__status__in=[ CaseStatusEnum.FINALISED, CaseStatusEnum.REGISTERED, CaseStatusEnum.UNDER_ECJU_REVIEW, ] ) return {"user": user, "organisation": organisation, "cases": cases}
def filter_queryset(self, queryset): filter_data = self.request.GET if self.request.user.type == UserType.INTERNAL: assert_user_has_permission(self.request.user.govuser, constants.GovPermissions.MAINTAIN_OGL) elif self.request.user.type == UserType.EXPORTER: if filter_data.get("site"): queryset = queryset.filter(cases__site_id=filter_data.get("site")) if str_to_bool(filter_data.get("active_only")): queryset = queryset.filter( cases__status__status__in=[ CaseStatusEnum.FINALISED, CaseStatusEnum.REGISTERED, CaseStatusEnum.UNDER_ECJU_REVIEW, ] ) if str_to_bool(filter_data.get("registered")): organisation = get_request_user_organisation(self.request) sites = Site.objects.get_by_user_and_organisation(self.request.user.exporteruser, organisation) queryset = queryset.filter(cases__site__in=sites).distinct() if filter_data.get("name"): queryset = queryset.filter(name__icontains=filter_data.get("name")) if filter_data.get("case_type"): queryset = queryset.filter(case_type_id=filter_data.get("case_type")) if filter_data.get("control_list_entry"): queryset = queryset.filter(control_list_entries__rating=filter_data.get("control_list_entry")) if filter_data.get("country"): queryset = queryset.filter(countries__id__contains=filter_data.get("country")) if filter_data.get("status"): queryset = queryset.filter(status=filter_data.get("status")) return queryset
def put(self, request, *args, **kwargs): # Ensure that the request user isn't the same as the user being acted upon if str(request.user.pk) == str(kwargs["pk"]): raise PermissionDenied() sites = request.data.get("sites", []) organisation = get_request_user_organisation(request) request_user_relationship = get_user_organisation_relationship( request.user.exporteruser, organisation) user_organisation_relationship = get_user_organisation_relationship( kwargs["pk"], organisation) # Get a list of all the sites that the request user has access to! request_user_sites = list( Site.objects.get_by_user_organisation_relationship( request_user_relationship)) user_sites = list( Site.objects.get_by_user_organisation_relationship( user_organisation_relationship)) diff_sites = [x for x in user_sites if x not in request_user_sites] combined_sites = diff_sites + sites # If (after the PUT) the user isn't assigned to any sites, raise an error if not combined_sites: raise serializers.ValidationError( {"sites": [Users.SELECT_AT_LEAST_ONE_SITE_ERROR]}) # Ensure user has access to the sites they're trying to assign the user to for site in sites: site = get_site(site, organisation) if site not in request_user_sites: raise NotFoundError( "You don't have access to the sites you're trying to assign the user to." ) user_organisation_relationship.sites.set(combined_sites) return JsonResponse(data={"status": "success"})
def get_queryset(self): self.organisation = get_request_user_organisation(self.request) return get_exporter_visible_compliance_site_cases( self.request, self.organisation)
def put(self, request, pk): """ Update an application instance """ application = get_application(pk) serializer = get_application_update_serializer(application) case = application.get_case() data = request.data.copy() serializer = serializer(application, data=data, context=get_request_user_organisation(request), partial=True) # Prevent minor edits of the clearance level if not application.is_major_editable() and request.data.get( "clearance_level"): return JsonResponse( data={ "errors": { "clearance_level": [ strings.Applications.Generic. NOT_POSSIBLE_ON_MINOR_EDIT ] } }, status=status.HTTP_400_BAD_REQUEST, ) # Prevent minor edits of the f680 clearance types if not application.is_major_editable() and request.data.get("types"): return JsonResponse( data={ "errors": { "types": [ strings.Applications.Generic. NOT_POSSIBLE_ON_MINOR_EDIT ] } }, status=status.HTTP_400_BAD_REQUEST, ) # Prevent minor edits of additional_information if not application.is_major_editable() and any([ request.data.get(field) for field in constants.F680.ADDITIONAL_INFORMATION_FIELDS ]): return JsonResponse( data={ "errors": { "Additional details": [ strings.Applications.Generic. NOT_POSSIBLE_ON_MINOR_EDIT ] } }, status=status.HTTP_400_BAD_REQUEST, ) if not serializer.is_valid(): return JsonResponse(data={"errors": serializer.errors}, status=status.HTTP_400_BAD_REQUEST) if application.case_type.sub_type == CaseTypeSubTypeEnum.HMRC: serializer.save() return JsonResponse(data={}, status=status.HTTP_200_OK) # Audit block if request.data.get("name"): old_name = application.name serializer.save() audit_trail_service.create( actor=request.user.exporteruser, verb=AuditType.UPDATED_APPLICATION_NAME, target=case, payload={ "old_name": old_name, "new_name": serializer.data.get("name") }, ) return JsonResponse(data={}, status=status.HTTP_200_OK) if request.data.get("clearance_level"): serializer.save() return JsonResponse(data={}, status=status.HTTP_200_OK) # Audit block if application.case_type.sub_type == CaseTypeSubTypeEnum.F680: if request.data.get("types"): old_types = [ F680ClearanceTypeEnum.get_text(type) for type in application.types.values_list("name", flat=True) ] new_types = [ F680ClearanceTypeEnum.get_text(type) for type in request.data.get("types") ] serializer.save() if set(old_types) != set(new_types): audit_trail_service.create( actor=request.user, verb=AuditType.UPDATE_APPLICATION_F680_CLEARANCE_TYPES, target=case, payload={ "old_types": old_types, "new_types": new_types }, ) return JsonResponse(data={}, status=status.HTTP_200_OK) else: serializer.save() if application.case_type.sub_type == CaseTypeSubTypeEnum.STANDARD: save_and_audit_have_you_been_informed_ref(request, application, serializer) return JsonResponse(data={}, status=status.HTTP_200_OK)