def get_queryset(self):
""" List all organisations. """
if (hasattr(self.request.user, "exporteruser")
and get_request_user_organisation(
self.request).type != OrganisationType.HMRC):
raise PermissionError(
"Exporters aren't allowed to view other organisations")
organisations = Organisation.objects.all()
org_types = self.request.query_params.getlist("org_type", [])
search_term = self.request.query_params.get("search_term")
status = self.request.query_params.get("status")
if org_types:
organisations = organisations.filter(type__in=org_types)
if search_term:
organisations = organisations.filter(
Q(name__icontains=search_term)
| Q(registration_number__icontains=search_term))
if status:
organisations = organisations.filter(status=status)
return organisations
def get_queryset(self):
organisation = get_request_user_organisation(self.request)
documents = GeneratedCaseDocument.objects.select_related(
"case").filter(advice_type=AdviceType.NO_LICENCE_REQUIRED,
case__organisation=organisation)
reference = self.request.GET.get("reference")
clc = self.request.GET.get("clc")
country = self.request.GET.get("country")
end_user = self.request.GET.get("end_user")
if reference:
documents = documents.filter(
case__reference_code__contains=reference)
if clc:
documents = documents.filter(
case__advice__good__control_list_entries__rating=clc,
case__advice__level=AdviceLevel.FINAL,
case__advice__type=AdviceType.NO_LICENCE_REQUIRED,
)
if country:
documents = documents.filter(
case__baseapplication__parties__party__country=country)
if end_user:
documents = documents.filter(
case__baseapplication__parties__party__name__contains=end_user)
return documents.distinct()
def put(self, request, pk):
""" Update an application instance with route of goods data. """
application = get_application(pk)
serializer = get_application_update_serializer(application)
case = application.get_case()
data = request.data.copy()
serializer = serializer(application,
data=data,
context=get_request_user_organisation(request),
partial=True)
if not serializer.is_valid():
return JsonResponse(data={"errors": serializer.errors},
status=status.HTTP_400_BAD_REQUEST)
previous_answer = application.is_shipped_waybill_or_lading
new_answer = str_to_bool(data.get("is_shipped_waybill_or_lading"))
if previous_answer != new_answer:
self.add_audit_entry(request, case, "is shipped waybill or lading",
previous_answer, new_answer)
if not new_answer:
previous_details = application.non_waybill_or_lading_route_details
new_details = data.get("non_waybill_or_lading_route_details")
if previous_details != new_details:
self.add_audit_entry(request, case,
"non_waybill_or_lading_route_details",
previous_details, new_details)
serializer.save()
return JsonResponse(data={}, status=status.HTTP_200_OK)
def get(self, request):
"""
Count the number of application, eua_query and goods_query exporter user notifications
"""
organisation = get_request_user_organisation(request)
notifications_list = list(
self.queryset.filter(
user_id=request.user.pk,
organisation_id=organisation.id).prefetch_related(
"case__case_type", "case__compliancesitecase").values(
"case__case_type__sub_type",
"case__case_type__type",
"case__compliancesitecase__site_id",
"case__compliancevisitcase__site_case__site_id",
))
case_types = [
notification["case__case_type__type"]
for notification in notifications_list
]
case_sub_types = [
notification["case__case_type__sub_type"]
for notification in notifications_list
]
notifications = {
CaseTypeTypeEnum.APPLICATION:
case_types.count(CaseTypeTypeEnum.APPLICATION),
CaseTypeSubTypeEnum.EUA:
case_sub_types.count(CaseTypeSubTypeEnum.EUA),
CaseTypeSubTypeEnum.GOODS:
case_sub_types.count(CaseTypeSubTypeEnum.GOODS),
}
# Compliance
can_administer_sites = check_user_has_permission(
self.request.user.exporteruser,
ExporterPermissions.ADMINISTER_SITES, organisation)
request_user_sites = (list(
Site.objects.get_by_user_and_organisation(
request.user.exporteruser, organisation).values_list(
"id", flat=True)) if not can_administer_sites else [])
notifications[CaseTypeTypeEnum.COMPLIANCE] = len([
notification for notification in notifications_list
if (notification["case__compliancesitecase__site_id"]
and can_administer_sites) or
(notification["case__compliancevisitcase__site_case__site_id"]
and can_administer_sites)
or notification["case__compliancesitecase__site_id"] in
request_user_sites
or notification["case__compliancevisitcase__site_case__site_id"] in
request_user_sites
])
return JsonResponse(data={"notifications": notifications},
status=status.HTTP_200_OK)
def get_serializer_context(self):
user = self.request.user
if user.type == UserType.EXPORTER:
organisation = get_request_user_organisation(self.request)
sites = Site.objects.get_by_user_and_organisation(self.request.user.exporteruser, organisation)
cases = (
OpenGeneralLicenceCase.objects.filter(site__in=sites)
.select_related("status", "site", "site__address")
.annotate(records_located_at_name=F("site__site_records_located_at__name"))
)
return {"user": user, "organisation": organisation, "cases": cases}
def get(self, request):
organisation = get_request_user_organisation(request)
if organisation.type == "hmrc":
has_queries = HmrcQuery.objects.submitted(
hmrc_organisation=organisation).exists()
return JsonResponse(data={"queries": has_queries})
else:
has_applications = BaseApplication.objects.filter(
organisation=organisation).exists()
return JsonResponse(data={
"applications": has_applications,
})
def get_exporter_visible_compliance_site_cases(request, organisation: Optional[Organisation]):
if not organisation:
organisation = get_request_user_organisation(request)
qs = ComplianceSiteCase.objects.select_related("site", "site__address").filter(organisation_id=organisation.id)
# if user does not have permission to manage all sites, filter by sites accessible
if not check_user_has_permission(request.user.exporteruser, ExporterPermissions.ADMINISTER_SITES, organisation):
sites = Site.objects.get_by_user_and_organisation(request.user.exporteruser, organisation).values_list(
"id", flat=True
)
qs = qs.filter(site__in=sites)
return qs
def post(self, request, *args, **kwargs):
organisation = get_request_user_organisation(request)
open_general_licence = get_open_general_licence(
request.data.get("open_general_licence"))
open_general_licence_id, registrations = organisation.register_open_general_licence(
open_general_licence, request.user.exporteruser)
return JsonResponse(
data={
"open_general_licence": open_general_licence_id,
"registrations": registrations
},
status=status.HTTP_201_CREATED,
)
def get(self, request, pk):
"""
Get user from pk
"""
user = get_user_by_pk(pk)
organisation = get_request_user_organisation(request)
if request.user.pk != pk:
assert_user_has_permission(request.user.exporteruser,
ExporterPermissions.ADMINISTER_USERS,
organisation)
relationship = get_user_organisation_relationship(user, organisation)
serializer = ExporterUserViewSerializer(user, context=relationship)
return JsonResponse(data={"user": serializer.data})
def post(self, request, pk):
application = get_application(pk)
data = request.data
location_ids = data.get("external_locations")
errors = self._validate_request(application, location_ids)
if errors:
return JsonResponse(data={"errors": errors},
status=status.HTTP_400_BAD_REQUEST)
previous_locations = ExternalLocationOnApplication.objects.filter(
application=application)
previous_location_ids = [
str(previous_location_id) for previous_location_id in
previous_locations.values_list("external_location__id", flat=True)
]
new_locations, errors = self._get_new_locations(
application, get_request_user_organisation(request), location_ids,
previous_locations, previous_location_ids)
if errors:
return JsonResponse(data={"errors": errors},
status=status.HTTP_400_BAD_REQUEST)
# Update activity
application.activity = self.BROKERING
application.save()
external_locations, errors = self._set_locations_and_sites(
data.get("method"),
previous_location_ids,
location_ids,
previous_locations,
new_locations,
application,
request.user,
)
if errors:
return JsonResponse(data={"errors": errors},
status=status.HTTP_400_BAD_REQUEST)
return JsonResponse(data={"external_locations": external_locations},
status=status.HTTP_201_CREATED)
def get_queryset(self):
"""
Filter applications on submitted
"""
try:
submitted = optional_str_to_bool(self.request.GET.get("submitted"))
except ValueError as e:
return JsonResponse(data={"errors": str(e)},
status=status.HTTP_400_BAD_REQUEST)
organisation = get_request_user_organisation(self.request)
if organisation.type == OrganisationType.HMRC:
if submitted is None:
applications = HmrcQuery.objects.filter(
hmrc_organisation=organisation)
elif submitted:
applications = HmrcQuery.objects.submitted(
hmrc_organisation=organisation)
else:
applications = HmrcQuery.objects.drafts(
hmrc_organisation=organisation)
else:
if submitted is None:
applications = BaseApplication.objects.filter(
organisation=organisation)
elif submitted:
applications = BaseApplication.objects.submitted(organisation)
else:
applications = BaseApplication.objects.drafts(organisation)
users_sites = Site.objects.get_by_user_and_organisation(
self.request.user.exporteruser, organisation)
disallowed_applications = SiteOnApplication.objects.exclude(
site__id__in=users_sites).values_list("application", flat=True)
applications = applications.exclude(
id__in=disallowed_applications).exclude(
case_type_id=CaseTypeEnum.HMRC.id)
return applications.prefetch_related("status",
"case_type").select_subclasses()
def post(self, request, **kwargs):
"""
Create a new application
"""
data = request.data
if not data.get("application_type"):
raise ValidationError({
"application_type":
[strings.Applications.Generic.SELECT_AN_APPLICATION_TYPE]
})
case_type = data.pop("application_type", None)
serializer = get_application_create_serializer(case_type)
serializer = serializer(
data=data,
case_type_id=CaseTypeEnum.reference_to_id(case_type),
context=get_request_user_organisation(request),
)
if serializer.is_valid(raise_exception=True):
application = serializer.save()
return JsonResponse(data={"id": application.id},
status=status.HTTP_201_CREATED)
def get_serializer_context(self):
user = self.request.user
if hasattr(user, "exporteruser"):
organisation = get_request_user_organisation(self.request)
sites = Site.objects.get_by_user_and_organisation(self.request.user.exporteruser, organisation)
cases = (
OpenGeneralLicenceCase.objects.filter(site__in=sites)
.select_related("status", "site", "site__address")
.annotate(records_located_at_name=F("site__site_records_located_at__name"))
)
if str_to_bool(self.request.GET.get("active_only")):
cases = cases.filter(
status__status__in=[
CaseStatusEnum.FINALISED,
CaseStatusEnum.REGISTERED,
CaseStatusEnum.UNDER_ECJU_REVIEW,
]
)
return {"user": user, "organisation": organisation, "cases": cases}
def filter_queryset(self, queryset):
filter_data = self.request.GET
if self.request.user.type == UserType.INTERNAL:
assert_user_has_permission(self.request.user.govuser, constants.GovPermissions.MAINTAIN_OGL)
elif self.request.user.type == UserType.EXPORTER:
if filter_data.get("site"):
queryset = queryset.filter(cases__site_id=filter_data.get("site"))
if str_to_bool(filter_data.get("active_only")):
queryset = queryset.filter(
cases__status__status__in=[
CaseStatusEnum.FINALISED,
CaseStatusEnum.REGISTERED,
CaseStatusEnum.UNDER_ECJU_REVIEW,
]
)
if str_to_bool(filter_data.get("registered")):
organisation = get_request_user_organisation(self.request)
sites = Site.objects.get_by_user_and_organisation(self.request.user.exporteruser, organisation)
queryset = queryset.filter(cases__site__in=sites).distinct()
if filter_data.get("name"):
queryset = queryset.filter(name__icontains=filter_data.get("name"))
if filter_data.get("case_type"):
queryset = queryset.filter(case_type_id=filter_data.get("case_type"))
if filter_data.get("control_list_entry"):
queryset = queryset.filter(control_list_entries__rating=filter_data.get("control_list_entry"))
if filter_data.get("country"):
queryset = queryset.filter(countries__id__contains=filter_data.get("country"))
if filter_data.get("status"):
queryset = queryset.filter(status=filter_data.get("status"))
return queryset
def put(self, request, *args, **kwargs):
# Ensure that the request user isn't the same as the user being acted upon
if str(request.user.pk) == str(kwargs["pk"]):
raise PermissionDenied()
sites = request.data.get("sites", [])
organisation = get_request_user_organisation(request)
request_user_relationship = get_user_organisation_relationship(
request.user.exporteruser, organisation)
user_organisation_relationship = get_user_organisation_relationship(
kwargs["pk"], organisation)
# Get a list of all the sites that the request user has access to!
request_user_sites = list(
Site.objects.get_by_user_organisation_relationship(
request_user_relationship))
user_sites = list(
Site.objects.get_by_user_organisation_relationship(
user_organisation_relationship))
diff_sites = [x for x in user_sites if x not in request_user_sites]
combined_sites = diff_sites + sites
# If (after the PUT) the user isn't assigned to any sites, raise an error
if not combined_sites:
raise serializers.ValidationError(
{"sites": [Users.SELECT_AT_LEAST_ONE_SITE_ERROR]})
# Ensure user has access to the sites they're trying to assign the user to
for site in sites:
site = get_site(site, organisation)
if site not in request_user_sites:
raise NotFoundError(
"You don't have access to the sites you're trying to assign the user to."
)
user_organisation_relationship.sites.set(combined_sites)
return JsonResponse(data={"status": "success"})
def get_queryset(self):
self.organisation = get_request_user_organisation(self.request)
return get_exporter_visible_compliance_site_cases(
self.request, self.organisation)
def put(self, request, pk):
"""
Update an application instance
"""
application = get_application(pk)
serializer = get_application_update_serializer(application)
case = application.get_case()
data = request.data.copy()
serializer = serializer(application,
data=data,
context=get_request_user_organisation(request),
partial=True)
# Prevent minor edits of the clearance level
if not application.is_major_editable() and request.data.get(
"clearance_level"):
return JsonResponse(
data={
"errors": {
"clearance_level": [
strings.Applications.Generic.
NOT_POSSIBLE_ON_MINOR_EDIT
]
}
},
status=status.HTTP_400_BAD_REQUEST,
)
# Prevent minor edits of the f680 clearance types
if not application.is_major_editable() and request.data.get("types"):
return JsonResponse(
data={
"errors": {
"types": [
strings.Applications.Generic.
NOT_POSSIBLE_ON_MINOR_EDIT
]
}
},
status=status.HTTP_400_BAD_REQUEST,
)
# Prevent minor edits of additional_information
if not application.is_major_editable() and any([
request.data.get(field)
for field in constants.F680.ADDITIONAL_INFORMATION_FIELDS
]):
return JsonResponse(
data={
"errors": {
"Additional details": [
strings.Applications.Generic.
NOT_POSSIBLE_ON_MINOR_EDIT
]
}
},
status=status.HTTP_400_BAD_REQUEST,
)
if not serializer.is_valid():
return JsonResponse(data={"errors": serializer.errors},
status=status.HTTP_400_BAD_REQUEST)
if application.case_type.sub_type == CaseTypeSubTypeEnum.HMRC:
serializer.save()
return JsonResponse(data={}, status=status.HTTP_200_OK)
# Audit block
if request.data.get("name"):
old_name = application.name
serializer.save()
audit_trail_service.create(
actor=request.user.exporteruser,
verb=AuditType.UPDATED_APPLICATION_NAME,
target=case,
payload={
"old_name": old_name,
"new_name": serializer.data.get("name")
},
)
return JsonResponse(data={}, status=status.HTTP_200_OK)
if request.data.get("clearance_level"):
serializer.save()
return JsonResponse(data={}, status=status.HTTP_200_OK)
# Audit block
if application.case_type.sub_type == CaseTypeSubTypeEnum.F680:
if request.data.get("types"):
old_types = [
F680ClearanceTypeEnum.get_text(type)
for type in application.types.values_list("name",
flat=True)
]
new_types = [
F680ClearanceTypeEnum.get_text(type)
for type in request.data.get("types")
]
serializer.save()
if set(old_types) != set(new_types):
audit_trail_service.create(
actor=request.user,
verb=AuditType.UPDATE_APPLICATION_F680_CLEARANCE_TYPES,
target=case,
payload={
"old_types": old_types,
"new_types": new_types
},
)
return JsonResponse(data={}, status=status.HTTP_200_OK)
else:
serializer.save()
if application.case_type.sub_type == CaseTypeSubTypeEnum.STANDARD:
save_and_audit_have_you_been_informed_ref(request, application,
serializer)
return JsonResponse(data={}, status=status.HTTP_200_OK)
