def get(self, request, *args):
# verifying the user
requester = decodeUser(request)
if requester is None:
responseContent = message_constants.FAILURE_MESSAGE
responseCode = status.HTTP_401_UNAUTHORIZED
else:
try:
# Resolving the requester from user object
requester = User.objects.filter(id=requester)[0]
userType = UserMapping.objects.filter(user=requester)
# Return all the objects if user is admin
if str(userType[0].userType) == message_constants.ADMIN:
companyObjects = CompanySerializer(
DimCompany.objects.all(), many=True)
# Else return only respective company
else:
companyObjects = CompanySerializer(userType[0].company)
responseContent = companyObjects.data
responseCode = status.HTTP_200_OK
except:
responseContent = message_constants.FAILURE_MESSAGE
responseCode = status.HTTP_400_BAD_REQUEST
return JsonResponse(responseContent, status=responseCode, safe=False)
def get(self, request, *args):
try:
# Verifying the user
requester = decodeUser(request)
if requester is None:
responseContent = message_constants.FAILURE_MESSAGE
responseCode = status.HTTP_401_UNAUTHORIZED
else:
try:
try:
# Trying to get query parameter
userId = int(request.GET['user'])
except:
userId = None
# getting user level info
requester = User.objects.filter(id=requester)[0]
userType = UserMapping.objects.filter(user=requester)
# if param not present - send all the list
if userId is None:
# Return all the objects if user is admin
if str(userType[0].userType
) == message_constants.ADMIN:
userIds = User.objects.values_list('id', flat=True)
# Return all the objects under a company if user is company admin
elif str(userType[0].userType
) == message_constants.COMPANY_ADMIN:
userIds = UserMapping.objects.filter(
company=userType[0].company).values_list(
'user', flat=True)
userObjects = get_users(userIds)
else:
userObjects = get_user(userId)
responseContent = userObjects
responseCode = status.HTTP_200_OK
except:
responseContent = message_constants.FAILURE_MESSAGE
responseCode = status.HTTP_400_BAD_REQUEST
except Exception as e:
responseContent = {"erason": str(e)}
responseCode = status.HTTP_400_BAD_REQUEST
return JsonResponse(responseContent, status=responseCode, safe=False)
def put(self, request, *args):
# verify user
requester = decodeUser(request)
if requester is None:
responseContent = message_constants.FAILURE_MESSAGE
responseCode = status.HTTP_401_UNAUTHORIZED
else:
try:
# Trying to parse the request body
payload = request.body.decode('utf-8')
payload = json.loads(payload)
userObject = User.objects.filter(id=payload['id'])
# Update/create user mappings
userMapping = UserMapping.objects.update_or_create(
user=userObject[0])[0]
userMapping.company = DimCompany.objects.filter(
id=payload['company_id'])[0]
userMapping.userType = DimUserType.objects.filter(
id=payload['user_type'])[0]
userMapping.save()
# Update user info
userObject.update(username=payload['username'],
first_name=payload['first_name'],
last_name=payload['last_name'])
# updating password
if payload['password'] is not None:
userObject = User.objects.get(id=payload['id'])
userObject.set_password(payload['password'])
userObject.save()
responseContent = message_constants.SUCCESS_MEASSAGE
responseCode = status.HTTP_202_ACCEPTED
except:
responseContent = message_constants.FAILURE_MESSAGE
responseCode = status.HTTP_400_BAD_REQUEST
return JsonResponse(responseContent, status=responseCode, safe=False)
def delete(self, request, *args):
# verifying user
requester = decodeUser(request)
if requester is None:
responseContent = message_constants.FAILURE_MESSAGE
responseCode = status.HTTP_401_UNAUTHORIZED
else:
try:
# trying to get query params
userToBeDeleted = int(request.GET['user'])
# filtering the requester and user type
requester = User.objects.filter(id=requester)[0]
userType = UserMapping.objects.filter(user=requester)
# initializing response
responseContent = message_constants.FAILURE_MESSAGE
responseCode = status.HTTP_422_UNPROCESSABLE_ENTITY
# Delete employee if requester is admin and target is not admin
# OR
# Delete employee if requester is company admin and target is company employee
if (str(userType[0].userType) == message_constants.ADMIN
and userToBeDeleted!=requester.id)\
or\
(str(userType[0].userType) == message_constants.COMPANY_ADMIN
and userToBeDeleted in list(UserMapping.objects.filter(
company = userType[0].company).values_list('user', flat=True))):
# actual delete happens here
User.objects.filter(id=userToBeDeleted).delete()
responseContent = message_constants.SUCCESS_MEASSAGE
responseCode = status.HTTP_202_ACCEPTED
except:
responseContent = message_constants.FAILURE_MESSAGE
responseCode = status.HTTP_400_BAD_REQUEST
return JsonResponse(responseContent, status=responseCode, safe=False)
def post(self, request, *args):
# verifying the user
requester = decodeUser(request)
if requester is None:
responseContent = message_constants.FAILURE_MESSAGE
responseCode = status.HTTP_401_UNAUTHORIZED
else:
try:
# Trying to parse the request body
payload = request.body.decode('utf-8')
payload = json.loads(payload)
# resolving the requester and his user mappings
requester = User.objects.filter(id=requester)[0]
userType = UserMapping.objects.filter(user=requester)
# Save the object if user is admin
if str(userType[0].userType) == message_constants.ADMIN:
serializedPayload = CompanySerializer(data=payload)
# Validating and saving the object
serializedPayload.is_valid()
serializedPayload.save()
responseContent = message_constants.SUCCESS_MEASSAGE
responseCode = status.HTTP_201_CREATED
# Else return Unauthorized
else:
responseContent = message_constants.FAILURE_MESSAGE
responseCode = status.HTTP_401_UNAUTHORIZED
except:
responseContent = message_constants.FAILURE_MESSAGE
responseCode = status.HTTP_400_BAD_REQUEST
return JsonResponse(responseContent, status=responseCode, safe=False)
def delete(self, request, *args):
# Verify the user
requester = decodeUser(request)
if requester is None:
responseContent = message_constants.FAILURE_MESSAGE
responseCode = status.HTTP_401_UNAUTHORIZED
else:
try:
# Trying to get the company id from query param
companyToBeDeleted = int(request.GET['company'])
# Resolving and getting user mappings for requester
requester = User.objects.filter(id=requester)[0]
userType = UserMapping.objects.filter(user=requester)
# Save the object if user is admin
if str(userType[0].userType) == message_constants.ADMIN\
and\
companyToBeDeleted in list(DimCompany.objects.all().values_list('id', flat=True)):
# Actual delete happens here
DimCompany.objects.filter(id=companyToBeDeleted).delete()
responseContent = message_constants.SUCCESS_MEASSAGE
responseCode = status.HTTP_202_ACCEPTED
# Else return Unauthorized
else:
responseContent = message_constants.FAILURE_MESSAGE
responseCode = status.HTTP_401_UNAUTHORIZED
except:
responseContent = message_constants.FAILURE_MESSAGE
responseCode = status.HTTP_400_BAD_REQUEST
return JsonResponse(responseContent, status=responseCode, safe=False)
def post(self, request, *args):
# verify the user
requester = decodeUser(request)
if requester is None:
responseContent = message_constants.FAILURE_MESSAGE
responseCode = status.HTTP_401_UNAUTHORIZED
else:
try:
# Trying to parse the body
payload = request.body.decode('utf-8')
payload = json.loads(payload)
# creating user
userObject = User.objects.create_user(
username=payload['username'],
first_name=payload['first_name'],
last_name=payload['last_name'],
password=payload['password'])
# creating user mappings
UserMapping.objects.create(userType=DimUserType.objects.filter(
id=payload['user_type'])[0],
user=userObject,
company=DimCompany.objects.filter(
id=payload['company_id'])[0])
responseContent = message_constants.SUCCESS_MEASSAGE
responseCode = status.HTTP_201_CREATED
except:
responseContent = message_constants.FAILURE_MESSAGE
responseCode = status.HTTP_400_BAD_REQUEST
return JsonResponse(responseContent, status=responseCode, safe=False)