Exemplo n.º 1
0
    def post(self, request, uidb1, uidb2, token):
        INTERNAL_RESET_URL_TOKEN = 'approve-request'
        INTERNAL_RESET_SESSION_TOKEN = '_approve_request_token'

        try:
            uid = force_text(urlsafe_base64_decode(uidb1))
            from_user = MyUser.objects.get(pk=uid)
        except (TypeError, ValueError, OverflowError, MyUser.DoesNotExist):
            from_user = None

        try:
            uid = force_text(urlsafe_base64_decode(uidb2))
            target_user = MyUser.objects.get(pk=uid)
        except (TypeError, ValueError, OverflowError, MyUser.DoesNotExist):
            target_user = None

        if from_user is not None and target_user is not None:
            pii_obj = PII.objects.filter(user=target_user).first()

            pii_token_generator = PIITokenGenerator(pii_obj)

            if token == INTERNAL_RESET_URL_TOKEN:
                session_token = self.request.session.get(
                    INTERNAL_RESET_SESSION_TOKEN)

                if pii_token_generator.check_token(from_user, session_token):

                    if pii_obj:
                        user_request = UserRequest(
                            from_user=from_user,
                            request_type=UserRequest.READ,
                            model_type=UserRequest.PII_ACCESS,
                            pii_obj=pii_obj,
                        )
                        if UserHelpers.assign_permissions(user_request):

                            CommonHelpers.send_request_approval_mail(
                                user_request)
                            messages.success(request, 'Request Approved')
                            logger.info(
                                "PII request of %s approved by Government for %s",
                                str(user_request.from_user),
                                str(target_user.username))

                            return HttpResponseRedirect(
                                reverse('app:HomeView'))

                        else:
                            return render(
                                request, 'error.html', {
                                    'err': 'Action could not be completed',
                                })
                    else:
                        return render(request, 'error.html', {
                            'err': 'User has not entered PII.',
                        })

            else:
                if pii_token_generator.check_token(from_user, token):

                    self.request.session[INTERNAL_RESET_SESSION_TOKEN] = token
                    redirect_url = self.request.path.replace(
                        token, INTERNAL_RESET_URL_TOKEN)
                    return HttpResponseRedirect(redirect_url)

        return render(request, 'error.html',
                      {'err': 'Invalid Link. You Hacker.'})
Exemplo n.º 2
0
    def post(self, request, user_request_id):

        user = request.user

        # Takes care of case that user == user_request.to_user
        user_request = UserHelpers.get_user_request_to_user_using_id(
            user_request_id, user)

        if user_request:
            if 'Approve' in request.POST:
                approve_request = True
            elif 'Decline' in request.POST:
                approve_request = False
            else:
                return render(request, 'error.html',
                              {'err': 'You did something wrong, bro.'})

            if user_request.is_approved:
                return render(request, 'error.html', {
                    'err': 'Request Already Approved',
                })

            if approve_request:
                if UserHelpers.assign_permissions(user_request):
                    user_request.approve(user)

                    CommonHelpers.send_request_approval_mail(user_request)

                    messages.success(request, 'Request Approved')

                    # Intermediate Delete Request
                    if user_request.request_type == UserRequest.DELETE and user_request.model_type == UserRequest.USER:
                        messages.success(
                            request, 'Request Sent To %s' %
                            str(user_request.to_user.get_assigned_admin()))

                    # Delete completed
                    if user_request.request_type == UserRequest.COMPLETE_DELETE and user_request.model_type == UserRequest.USER:
                        logger.info('User %s deleted by %s',
                                    str(user_request.user_obj.username),
                                    str(user_request.to_user.username))

                    logger.info("User request %s approved by %s ",
                                user_request.__str__(), str(user.username))

                    return HttpResponseRedirect(
                        reverse('app:UserRequestsReceivedView'))

                return render(request, 'error.html', {
                    'err': 'Request could not be approved',
                })

            else:
                if not user_request.is_approved:
                    UserHelpers.delete_request(user_request)

                    CommonHelpers.send_request_declined_mail(user_request)

                    messages.success(request, 'Request Declined')

                    logger.info("User request %s declined by %s",
                                user_request.__str__(), str(user.username))

                    return HttpResponseRedirect(
                        reverse('app:UserRequestsReceivedView'))

                else:
                    return render(
                        request, 'error.html', {
                            'err':
                            'Request cannot be declined because it is already approved.',
                        })

        return render(request, 'error.html', {
            'err': 'Does not exist',
        })