def post(self, request): user = request.user target_user = MyUser.objects.filter(id=user.id, user_type=MyUser.MERCHANT, is_active=True).exclude(username=MyUser.ANON).first() if not target_user: return render(request, "error.html", { 'err': "You cannot add client accounts" }) form = PaymentAccountsForm(request.POST) if form.is_valid(): acc_number = form.cleaned_data['account_number'] account = get_account_from_number(acc_number) if check_same_user_account(target_user.id, acc_number): return render(request, 'error.html', { 'err': 'Please don\'t enter your own accounts.', }) if check_duplicate(target_user.id, acc_number): return render(request, 'error.html', { 'err': 'Account exists in your list', }) form = CreateRequestForm(data={ 'request_type': UserRequest.CREATE, 'model_type': UserRequest.ACCOUNT, }) if form.is_valid(): user_request = form.save(commit=False) user_request.from_user = target_user user_request.to_user = account.user user_request.account_obj = account if CommonHelpers.is_request_duplicate(user_request): messages.warning(request, 'Request Already Sent') return HttpResponseRedirect(reverse('app:HomeView')) user_request.save() messages.success(request, 'Request Sent To %s' % user_request.to_user) logger.info("Request for new adding client account %s sent by %s", str(account.user.username), str(target_user.username)) return HttpResponseRedirect(reverse('app:HomeView')) else: return render(request, "error.html", { 'err': "Request could not be sent" }) return render(request, 'form_template.html', { 'title': 'User Accounts', 'form': form, })
def post(self, request, user_id): user = request.user target_user = MyUser.objects.filter( id=user_id, is_active=True).exclude(username=MyUser.ANON).exclude( user_type=MyUser.ADMIN).first() if not target_user: return render(request, 'error.html', { 'err': 'You do not have permissions to view this', }) if user.is_internal_user() and not user.is_admin(): send_request_to = user.assigned_to form = RequestForm( data={ 'to_user': send_request_to.id, 'request_type': UserRequest.READ, 'model_type': UserRequest.USER, 'for_url': request.build_absolute_uri(), }) if form.is_valid(): user_request = form.save(commit=False) user_request.from_user = user user_request.user_obj = target_user if CommonHelpers.is_request_duplicate(user_request): messages.warning(request, 'Request Already Sent') return HttpResponseRedirect(reverse('app:HomeView')) user_request.save() messages.success(request, 'Request Sent To %s' % user_request.to_user) logger.info("User Profile View Request sent by %s for %s", str(user.username), str(target_user.username)) return HttpResponseRedirect(reverse('app:HomeView')) return render(request, 'form_template.html', { 'title': 'Request For Access', 'form': form, 'readonly': True, }) else: return render(request, 'error.html', { 'err': 'You do not have permissions for this', })
def post(self, request, user_id): user = request.user if CommonHelpers.is_int_equal(user.id, user_id) and not user.is_internal_user(): form = CreateRequestForm( data={ 'request_type': UserRequest.CREATE, 'model_type': UserRequest.ACCOUNT, }) if form.is_valid(): user_request = form.save(commit=False) user_request.from_user = user user_request.to_user = user.assigned_to if CommonHelpers.is_request_duplicate(user_request): messages.warning(request, 'Request Already Sent') return HttpResponseRedirect(reverse('app:HomeView')) user_request.save() messages.success(request, 'Request Sent To %s' % user_request.to_user) logger.info("Request for new account sent by %s", str(user.username)) return HttpResponseRedirect(reverse('app:HomeView')) return render(request, 'form_template.html', { 'title': 'Add Account', 'form': form, 'readonly': True, }) else: return render(request, 'error.html', { 'err': 'You do not have permissions to view this', })
def post(self, request): user = request.user if user.is_admin(): form = UserDeleteForm(request.POST) if form.is_valid(): target_user = form.cleaned_data['user'] if UserHelpers.safely_delete_user(target_user): messages.success(request, 'User Deleted') logger.info('User %s deleted by %s', str(target_user.username), str(user.username)) return HttpResponseRedirect(reverse('app:HomeView')) else: return render(request, 'error.html', { 'err': 'User could not be deleted', }) return render(request, 'form_template.html', { 'title': 'Delete User', 'form': form, }) elif not user.is_internal_user(): form = VerifyOTPForm(request, data=request.POST) if form.is_valid(): send_request_to = user.assigned_to form = RequestForm( data={ 'to_user': send_request_to.id, 'request_type': UserRequest.DELETE, 'model_type': UserRequest.USER, }) if form.is_valid(): user_request = form.save(commit=False) user_request.from_user = user user_request.user_obj = user if CommonHelpers.is_request_duplicate(user_request): messages.warning(request, 'Request Already Sent') return HttpResponseRedirect(reverse('app:HomeView')) user_request.save() messages.success( request, 'Request Sent To %s' % user_request.to_user) logger.info("User Delete Request sent by %s for %s to %s", str(user.username), str(user.username), str(user_request.to_user)) return HttpResponseRedirect(reverse('app:HomeView')) else: return render(request, 'error.html', { 'err': 'User could not be deleted', }) else: messages.error(request, 'Incorrect OTP') return HttpResponseRedirect(reverse('app:HomeView')) else: return render(request, 'error.html', { 'err': 'You do not have permissions for this.', })
def post(self, request, user_id): user = request.user target_user = MyUser.objects.filter( id=user_id, is_active=True).exclude(username=MyUser.ANON).exclude( user_type=MyUser.ADMIN).first() if not target_user: return render(request, 'error.html', { 'err': 'You do not have permissions to view this', }) if user.is_admin(): form = EditUserProfileForm(data=request.POST, user_id=user_id) if form.is_valid(): edit_user = form.save(commit=False) edit_user.user = target_user edit_user.save() UserHelpers.update_user_from_edited_version(edit_user) messages.success(request, 'User Successfully Updated') logger.info("User Profile Edited by %s for %s", str(user.username), str(target_user.username)) return HttpResponseRedirect(reverse('app:HomeView')) return render(request, 'form_template.html', { 'title': 'Edit User Profile', 'form': form, }) elif user.has_perm('edit_user', target_user) or CommonHelpers.is_int_equal( user_id, user.id): remove_perm('edit_user', user, target_user) form = EditUserProfileForm(data=request.POST, user_id=user_id) if form.is_valid(): edit_user = form.save(commit=False) edit_user.user = target_user edit_user.save() send_request_to = user.get_assigned_admin() form = RequestForm( data={ 'to_user': send_request_to.id, 'request_type': UserRequest.COMPLETE_UPDATE, 'model_type': UserRequest.USER, 'for_url': request.build_absolute_uri(), }) if form.is_valid(): user_request = form.save(commit=False) user_request.from_user = user user_request.user_obj = target_user if CommonHelpers.is_request_duplicate(user_request): messages.warning(request, 'Request Already Sent') return HttpResponseRedirect(reverse('app:HomeView')) user_request.save() messages.success( request, 'Request Sent To %s' % user_request.to_user) logger.info( "User Profile Edit Request sent by %s for %s to %s", str(user.username), str(target_user.username), str(user_request.to_user)) return HttpResponseRedirect(reverse('app:HomeView')) return render(request, 'form_template.html', { 'title': 'Edit User Profile', 'form': form, }) elif user.is_internal_user() and not target_user.is_internal_user(): send_request_to = user.assigned_to form = RequestForm( data={ 'to_user': send_request_to.id, 'request_type': UserRequest.UPDATE, 'model_type': UserRequest.USER, 'for_url': request.build_absolute_uri(), }) if form.is_valid(): user_request = form.save(commit=False) user_request.from_user = user user_request.user_obj = target_user if CommonHelpers.is_request_duplicate(user_request): messages.warning(request, 'Request Already Sent') return HttpResponseRedirect(reverse('app:HomeView')) user_request.save() messages.success(request, 'Request Sent To %s' % user_request.to_user) logger.info( "User Profile Edit Access Request sent by %s for %s to %s", str(user.username), str(target_user.username), str(user_request.to_user)) return HttpResponseRedirect(reverse('app:HomeView')) return render(request, 'form_template.html', { 'title': 'Request For Access', 'form': form, 'readonly': True, }) else: return render(request, 'error.html', { 'err': 'You do not have permissions to view this', })
def post(self, request, transaction_id): user = request.user if user.is_internal_user(): transaction = Transaction.objects.filter(id=transaction_id, is_approved=False).select_for_update().first() if 'Approve' in request.POST: approve_transaction = True elif 'Decline' in request.POST: approve_transaction = False else: transaction = Transaction.objects.filter(id=transaction_id).first() if transaction is None: return render(request, 'error.html', { 'err': 'Transaction does not exist.', }) request_admin = False if 'Request Admin' in request.POST: request_admin = True send_request_to = transaction.created_by if request_admin and not user.is_admin(): send_request_to = user.get_assigned_admin() form = RequestForm(data={ 'to_user': send_request_to.id, 'request_type': UserRequest.READ, 'model_type': UserRequest.TRANSACTION, 'for_url': request.build_absolute_uri(), }) if form.is_valid(): user_request = form.save(commit=False) user_request.from_user = user user_request.transaction_obj = transaction if CommonHelpers.is_request_duplicate(user_request): messages.warning(request, 'Request Already Sent') return HttpResponseRedirect(reverse('app:HomeView')) user_request.save() messages.success(request, 'Request Sent To %s' % user_request.to_user) logger.info("Request to view transaction created by %s", str(user.username)) return HttpResponseRedirect(reverse('app:HomeView')) return render(request, 'form_template.html', { 'title': 'Request For Access', 'form': form, 'readonly': True, 'extra_btn_title': 'Request Admin', }) if transaction is None: return render(request, 'error.html', { 'err': 'Transaction already resolved.' }) verified_to_transact = False if transaction.is_risky(): if transaction.created_by.get_assigned_manager() == user or user.is_admin(): verified_to_transact = True else: if transaction.created_by.assigned_to == user or user.is_admin(): verified_to_transact = True elif transaction.created_by.get_assigned_manager() == user and user.has_perm('read_transaction', transaction): remove_perm('read_transaction', user, transaction) verified_to_transact = True if verified_to_transact: # PKI Verify pki_token = request.POST.get('pki_token', None) internal_pki_token = request.session.get(self.INTERNAL_PKI_TOKEN, None) if pki_token is None or internal_pki_token is None: return render(request, 'error.html', { 'err': 'PKI Verification Failed. Try to reset your PKI and try again.' }) if PKIHelpers.verify_pki(pki_token, internal_pki_token): print('PKI Verified') else: return render(request, 'error.html', { 'err': 'PKI Verification Failed. Try to reset your PKI and try again.' }) extra_form = TransactionForms.VerifyOTPForm(request, data=request.POST) if extra_form.is_valid(): pass else: messages.error(request, 'Incorrect OTP') return HttpResponseRedirect(reverse('app:TransactionPending')) if approve_transaction: # Perform Transaction if TransactionHelpers.perform_transaction(transaction): with db_transaction.atomic(): transaction = Transaction.objects.filter(id=transaction.id, is_approved=False).select_for_update().first() if transaction: transaction.approve(user) transaction.complete() else: return render(request, 'error.html', { 'err': 'Action could not be completed', }) # Remove view permissions from manager when not approved by them if transaction.created_by.get_assigned_manager().has_perm('read_transaction', transaction): remove_perm('read_transaction', transaction.created_by.get_assigned_manager(), transaction) CommonHelpers.send_transaction_complete_mail(transaction) messages.success(request, 'Transaction Approved') logger.info("Transaction %s from %s to %s for amount %s approved by %s", str(transaction.id), str(transaction.from_account), str(transaction.to_account), str(transaction.amount), str(user.username)) return HttpResponseRedirect(reverse('app:TransactionPending')) else: return render(request, 'error.html', { 'err': 'This transaction cannot be completed because of low balance or is already completed.', }) else: # Decline Transaction if not transaction.is_approved: if TransactionHelpers.delete_transaction(transaction): CommonHelpers.send_transaction_declined_mail(transaction) messages.success(request, 'Transaction Declined') logger.info("Transaction %s declined by : %s", str(transaction.id), str(user.username)) return HttpResponseRedirect(reverse('app:TransactionPending')) return render(request, 'error.html', { 'err': 'Transaction cannot be declined because it is already approved.', }) return render(request, 'error.html', { 'err': 'You do not have permission for this.', })