def my_retrieve(self, request, station_id, pk):
self.serializer_context = {}
form = Form.current_form(self.get_form_type_name(), station_id)
if form is None:
return Response(status=status.HTTP_404_NOT_FOUND)
try:
the_form = FormData.find_object_by_id(pk, form)
if the_form is None:
return Response(status=status.HTTP_404_NOT_FOUND)
except ObjectDoesNotExist:
return Response(status=status.HTTP_404_NOT_FOUND)
if hasattr(the_form, 'station'):
station = the_form.station
else:
station = BorderStation.objects.get(id=pk)
read_access = UserLocationPermission.has_session_permission(request, self.get_perm_group_name(), 'VIEW', station.operating_country.id, station.id)
edit_access = UserLocationPermission.has_session_permission(request, self.get_perm_group_name(), 'EDIT', station.operating_country.id, station.id)
private_access = UserLocationPermission.has_session_permission(request, self.get_perm_group_name(), 'VIEW PI', station.operating_country.id, station.id)
if not read_access:
return Response(status=status.HTTP_401_UNAUTHORIZED)
if not edit_access and not private_access:
self.serializer_context['mask_private'] = True
form_data = FormData(the_form, form)
serializer = FormDataSerializer(form_data, context=self.serializer_context)
resp_data = serializer.data
return Response(resp_data)
def update_permissions(self, request, pk):
data = JSONParser().parse(request)
if 'permission_id' in data:
permission_id = int(data['permission_id'])
elif 'permission_group' in data:
permission_group = data['permission_group']
permission_id = None
else:
permission_group = None
permission_id = None
user_permissions = UserLocationPermission.objects.filter(account__id = request.user.id)
permission_list = data['permissions']
new_permissions = []
for perm_data in permission_list:
serializer = UserLocationPermissionSerializer(data=perm_data)
if serializer.is_valid():
perm_obj = serializer.create_local()
new_permissions.append(perm_obj)
issues = UserLocationPermission.check_valid_permission_set(pk, new_permissions, permission_id, permission_group)
if len(issues) > 0:
code = status.HTTP_500_INTERNAL_SERVER_ERROR
else:
code = UserLocationPermission.update_permission_set (pk, new_permissions, permission_id, permission_group, user_permissions)
if code == status.HTTP_200_OK:
self.update_account_permission(pk)
return Response({"data": data}, code)
def has_permission(self, account_id, action, country_id):
perm_list = UserLocationPermission.objects.filter(
account__id=account_id,
permission__permission_group='AUDIT',
permission__action=action)
return UserLocationPermission.has_permission_in_list(
perm_list, 'AUDIT', action, country_id, None)
def get_queryset(self):
countries = Country.objects.all()
include_countries = []
country = self.request.GET.get('country')
perm_list = UserLocationPermission.objects.filter(
account__id=self.request.user.id,
permission__permission_group='AUDIT',
permission__action='VIEW')
for country_entry in countries:
if country is not None and int(country) != country_entry.id:
continue
if UserLocationPermission.has_permission_in_list(
perm_list, 'AUDIT', 'VIEW', country_entry.id, None):
include_countries.append(country_entry)
queryset = Audit.objects.filter(country__in=include_countries)
form_type = self.request.GET.get('form_type')
if country is not None:
queryset = queryset.filter(country__id=country)
if form_type is not None:
forms = Form.objects.filter(form_type__id=form_type)
form_names = []
for form in forms:
form_names.append(form.form_name)
queryset = queryset.filter(form_name__in=form_names)
return queryset
def add_permission(user, permission_configuration):
for config in permission_configuration:
perm = Permission.objects.get(permission_group=config['group'],
action=config['action'])
ulp = UserLocationPermission()
ulp.account = user
ulp.permission = perm
ulp.country = config['country']
ulp.station = config['station']
ulp.save()
def create(permission_configuration):
user = GenericUser.create()
for config in permission_configuration:
perm = Permission.objects.get(permission_group=config['group'], action=config['action'])
ulp = UserLocationPermission()
ulp.account = user
ulp.permission = perm
ulp.country = config['country']
ulp.station = config['station']
ulp.save()
return user
def update_permissions(self, request, pk):
data = JSONParser().parse(request)
if 'permission_id' in data:
permission_id = int(data['permission_id'])
elif 'permission_group' in data:
permission_group = data['permission_group']
permission_id = None
else:
permission_group = None
permission_id = None
user_permissions = UserLocationPermission.objects.filter(
account__id=request.user.id,
permission__permission_group='ACCOUNTS',
permission__action='MANAGE')
permission_list = data['permissions']
new_permissions = []
for perm_data in permission_list:
serializer = UserLocationPermissionSerializer(data=perm_data)
if serializer.is_valid():
perm_obj = serializer.create_local()
new_permissions.append(perm_obj)
issues = UserLocationPermission.check_valid_permission_set(
pk, new_permissions, permission_id, permission_group)
if len(issues) > 0:
return_data = {'error_text': issues[0]}
code = status.HTTP_500_INTERNAL_SERVER_ERROR
else:
result = UserLocationPermission.update_permission_set(
pk, new_permissions, permission_id, permission_group,
user_permissions)
code = result['code']
if code == status.HTTP_200_OK:
self.update_account_permission(pk)
return_data = data
else:
return_data = {'error_text': result['error']}
return Response(return_data, code)
def create_local(self):
perm = UserLocationPermission()
perm.account = self.validated_data.get('account')
perm.country = self.validated_data.get('country')
perm.station = self.validated_data.get('station')
perm.permission = self.validated_data.get('permission')
return perm
def destroy(self, request, station_id, pk):
form = Form.current_form(self.get_form_type_name(), station_id)
try:
the_form = FormData.find_object_by_id(pk, form)
except ObjectDoesNotExist:
return Response({'errors' : [self.get_form_type_name() + " not found"], 'warnings':[]}, status=status.HTTP_404_NOT_FOUND)
if not UserLocationPermission.has_session_permission(request, self.get_perm_group_name(), 'DELETE',
the_form.station.operating_country.id, the_form.station.id):
return Response(status=status.HTTP_401_UNAUTHORIZED)
form_data = FormData(the_form, form)
form_data.delete()
form_done.send_robust(sender=self.__class__, form_data=form_data, remove=True)
return Response(status=status.HTTP_200_OK)
def setUp(self):
IntercepteeFactory.create_batch(20)
self.user = SuperUserFactory.create()
self.client.force_authenticate(user=self.user)
ulp = UserLocationPermission()
ulp.account = self.user
ulp.permission = Permission.objects.get(permission_group='IRF',
action='VIEW')
ulp.save()
def retrieve_blank_form(self, request, station_id):
self.serializer_context = {}
form = Form.current_form(self.get_form_type_name(), station_id)
if form is None:
return Response(status=status.HTTP_404_NOT_FOUND)
form_class = FormData.get_form_class(form)
the_form = form_class()
if station_id is not None:
station = BorderStation.objects.get(id=station_id)
the_form.station = station
add_access = UserLocationPermission.has_session_permission(request, self.get_perm_group_name(), 'ADD',
the_form.station.operating_country.id, the_form.station.id)
if not add_access:
return Response(status=status.HTTP_401_UNAUTHORIZED)
if station.auto_number is not None and station.auto_number == form.form_type.name:
the_number = AutoNumber.get_next_number(station, form)
setattr(the_form, form_class.key_field_name(), the_number)
form_data = FormData(the_form, form)
serializer = FormDataSerializer(form_data, context=self.serializer_context)
return Response(serializer.data)
def custom_has_object_permission(self, request, view, method,
permissions_required, obj):
if request.method == method or method == "ANY":
# Need to have a way to access the country id and border station id from the object
# Assume each model will implement property get methods for country_id and border_station_id
get_country_id = getattr(obj, 'get_country_id', None)
if get_country_id is not None and callable(get_country_id):
country_id = obj.get_country_id()
else:
country_id = None
get_station_id = getattr(obj, 'get_border_station_id', None)
if get_station_id is not None and callable(get_station_id):
station_id = obj.get_border_station_id()
else:
station_id = None
for permission in permissions_required:
if not UserLocationPermission.has_session_permission(
request, permission['permission_group'],
permission['action'], country_id, station_id):
self.message = self.message.format(permission)
return False
return True
def create(self, request):
form_type = FormType.objects.get(name=self.get_form_type_name())
request_json = self.extract_data(request, self.get_element_paths())
self.serializer_context = {'form_type':form_type, 'request.user':request.user}
self.pre_process(request, None)
transaction.set_autocommit(False)
try:
serializer = FormDataSerializer(data=request_json, context=self.serializer_context)
if serializer.is_valid():
if not UserLocationPermission.has_session_permission(request, self.get_perm_group_name(), 'ADD',
serializer.get_country_id(), serializer.get_station_id()):
transaction.rollback()
transaction.set_autocommit(True)
return Response(status=status.HTTP_401_UNAUTHORIZED)
try:
form_data = serializer.save()
if self.check_form_number(form_data):
self.logbook_submit(form_data)
serializer2 = FormDataSerializer(form_data, context=self.serializer_context)
form_done.send_robust(sender=self.__class__, form_data=form_data)
ret = serializer2.data
rtn_status = status.HTTP_200_OK
transaction.commit()
transaction.set_autocommit(True)
self.post_process(request, form_data)
else:
transaction.rollback()
transaction.set_autocommit(True)
ret = {
'errors':['Form number exceeds highest number allocated for station'],
'warnings':[]
}
rtn_status=status.HTTP_400_BAD_REQUEST
except IntegrityError as exc:
transaction.rollback()
transaction.set_autocommit(True)
if 'unique constraint' in exc.args[0]:
ret = {
'errors': [ exc.args[0] ],
'warnings':[]
}
rtn_status=status.HTTP_400_BAD_REQUEST
else:
ret = {
'errors': 'Internal Error:' + traceback.format_exc(),
'warnings':[]
}
rtn_status=status.HTTP_400_BAD_REQUEST
else:
transaction.rollback()
transaction.set_autocommit(True)
ret = {
'errors': serializer.the_errors,
'warnings':serializer.the_warnings
}
rtn_status=status.HTTP_400_BAD_REQUEST
except Exception:
transaction.rollback()
transaction.set_autocommit(True)
ret = {
'errors': 'Internal Error:' + traceback.format_exc(),
'warnings':[]
}
rtn_status = status.HTTP_500_INTERNAL_SERVER_ERROR
return Response (ret, status=rtn_status)
def get_can_delete(self, obj):
perm_list = self.context.get('perm_list')
return UserLocationPermission.has_permission_in_list(
perm_list, self.perm_group_name, 'DELETE',
obj.station.operating_country.id, obj.station.id)
def get_can_edit(self, obj):
perm_list = self.context.get('perm_list')
ret = UserLocationPermission.has_permission_in_list(
perm_list, self.perm_group_name, 'EDIT',
obj.station.operating_country.id, obj.station.id)
return ret
def setUp(self):
user = SuperUserFactory.create()
self.client = APIClient()
self.client.force_authenticate(user=user)
self.globalCount += 1
self.nepal = self.get_or_create_country('Nepal')
self.south_africa = self.get_or_create_country('South Africa')
self.thailand = self.get_or_create_country('Thailand')
self.nepal_bs1 = self.get_or_create_station("nepal1", "NP1",
self.nepal)
self.nepal_bs2 = self.get_or_create_station("nepal2", "NP2",
self.nepal)
self.nepal_bs3 = self.get_or_create_station("nepal3", "NP3",
self.nepal)
self.south_africa_bs = self.nepal_bs3 = self.get_or_create_station(
"sa", "SA1", self.south_africa)
self.thailand_bs = self.nepal_bs3 = self.get_or_create_station(
"thai", "TL1", self.thailand)
self.account = SuperUserFactory.create()
self.permissions = []
tmp = UserLocationPermission()
tmp.account = self.account
tmp.country = None
tmp.station = None
tmp.permission = Permission.objects.get(permission_group='IRF',
action='VIEW')
tmp.save()
self.permissions.append(tmp)
tmp = UserLocationPermission()
tmp.account = self.account
tmp.country = None
tmp.station = self.nepal_bs2
tmp.permission = Permission.objects.get(permission_group='IRF',
action='ADD')
tmp.save()
self.permissions.append(tmp)
tmp = UserLocationPermission()
tmp.account = self.account
tmp.country = None
tmp.station = self.thailand_bs
tmp.permission = Permission.objects.get(permission_group='IRF',
action='ADD')
tmp.save()
self.permissions.append(tmp)
tmp = UserLocationPermission()
tmp.account = self.account
tmp.country = None
tmp.station = self.nepal_bs2
tmp.permission = Permission.objects.get(permission_group='IRF',
action='EDIT')
tmp.save()
self.permissions.append(tmp)
tmp = UserLocationPermission()
tmp.account = self.account
tmp.country = None
tmp.station = self.thailand_bs
tmp.permission = Permission.objects.get(permission_group='IRF',
action='EDIT')
tmp.save()
self.permissions.append(tmp)
tmp = UserLocationPermission()
tmp.account = self.account
tmp.country = self.nepal
tmp.station = None
tmp.permission = Permission.objects.get(permission_group='VIF',
action='VIEW')
tmp.save()
self.permissions.append(tmp)
tmp = UserLocationPermission()
tmp.account = self.account
tmp.country = self.nepal
tmp.station = None
tmp.permission = Permission.objects.get(permission_group='VIF',
action='ADD')
tmp.save()
self.permissions.append(tmp)
tmp = UserLocationPermission()
tmp.account = self.account
tmp.country = self.nepal
tmp.station = None
tmp.permission = Permission.objects.get(permission_group='VIF',
action='EDIT')
tmp.save()
self.permissions.append(tmp)
def update(self, request, station_id, pk):
form = Form.current_form(self.get_form_type_name(), station_id)
the_form = FormData.find_object_by_id(pk, form)
if the_form is None:
return Response({'errors' : [self.get_form_type_name() + " not found"], 'warnings':[]}, status=status.HTTP_404_NOT_FOUND)
form_data = FormData(the_form, form)
self.pre_process(request, form_data)
request_json = self.extract_data(request, self.get_element_paths())
self.serializer_context = {'form_type':form.form_type, 'request.user':request.user}
transaction.set_autocommit(False)
try:
serializer = FormDataSerializer(form_data, data=request_json, context=self.serializer_context)
if serializer.is_valid():
if not UserLocationPermission.has_session_permission(request, self.get_perm_group_name(), 'EDIT',
serializer.get_country_id(), serializer.get_station_id()):
return Response(status=status.HTTP_401_UNAUTHORIZED)
form_data = serializer.save()
if self.check_form_number(form_data):
self.logbook_submit(form_data)
serializer2 = FormDataSerializer(form_data, context=self.serializer_context)
form_done.send_robust(sender=self.__class__, form_data=form_data)
rtn_status = status.HTTP_200_OK
ret = serializer2.data
transaction.commit()
transaction.set_autocommit(True)
self.post_process(request, form_data)
else:
transaction.rollback()
transaction.set_autocommit(True)
ret = {
'errors':['Form number exceeds highest number allocated for station'],
'warnings':[]
}
rtn_status=status.HTTP_400_BAD_REQUEST
else:
transaction.rollback()
transaction.set_autocommit(True)
if serializer.the_errors is not None and len(serializer.the_errors) > 0:
rtn_errors = serializer.the_errors
else:
rtn_errors = []
if serializer.the_warnings is not None and len(serializer.the_warnings) > 0:
rtn_warnings = serializer.the_warnings
else:
rtn_warnings = []
if len(rtn_errors) < 1 and len(rtn_warnings) < 1:
rtn_errors = serializer._errors
ret = {
'errors': rtn_errors,
'warnings':rtn_warnings
}
rtn_status = status.HTTP_400_BAD_REQUEST
except Exception:
transaction.rollback()
transaction.set_autocommit(True)
ret = {
'errors': 'Internal Error:' + traceback.format_exc(),
'warnings':[]
}
rtn_status = status.HTTP_500_INTERNAL_SERVER_ERROR
return Response (ret, status=rtn_status)
def get_queryset(self):
if self.action != 'list':
return None
in_country = self.request.GET.get('country_ids')
status = self.request.GET.get('status', 'approved')
search = self.request.GET.get('search')
status_list = []
in_progress=False
for stat in status.split(','):
# Earlier feature to only allow author to view in-progress forms
# has been disabled
#if stat == 'in-progress':
# in_progress = True
#else:
# status_list.append(stat)
status_list.append(stat)
countries = Country.objects.all()
all_country_list = []
for country in countries:
all_country_list.append(country.id)
country_list = []
if in_country is not None and in_country != '':
# client provided a list of countries to consider
for cntry in in_country.split(','):
country_list.append(int(cntry))
else:
# client did not provide a list - so consider all countries
country_list = all_country_list
account_id = self.request.user.id
station_list = []
form_storage_list = []
tmp_station_list = BorderStation.objects.filter(operating_country__in=country_list)
perm_list = UserLocationPermission.objects.filter(account__id=account_id, permission__permission_group=self.get_perm_group_name()).exclude(permission__action='ADD')
self.serializer_context = {'perm_list':perm_list}
for station in tmp_station_list:
if (UserLocationPermission.has_permission_in_list(perm_list, self.get_perm_group_name(), None, station.operating_country.id, station.id)):
station_list.append(station)
form = Form.current_form(self.get_form_type_name(), station.id)
if form is not None and form.storage not in form_storage_list:
form_storage_list.append(form.storage)
q_filter = self.build_query_filter(status_list, station_list, in_progress, account_id)
queryset = None
for form_storage in form_storage_list:
mod = __import__(form_storage.module_name, fromlist=[form_storage.form_model_name])
form_model = getattr(mod, form_storage.form_model_name)
tmp_queryset = form_model.objects.filter(q_filter).only(*self.get_list_field_names())
if search is not None:
tmp_queryset = self.filter_key(tmp_queryset, search)
if queryset is None:
queryset = tmp_queryset
else:
queryset = queryset.union(tmp_queryset)
if queryset is None:
queryset = self.get_empty_queryset()
return queryset