def create_customer(request):
if request.method == 'POST':
form = CustomerCreationForm(request.data)
# domain_name = request.META['HTTP_HOST']
if not form.is_valid():
return Response(data=form.errors.as_data(),
status=status.HTTP_400_BAD_REQUEST)
form.clean_password2()
user = form.save()
# generate token and cache user data
token = generate_key(long_token=True)
set_email_verification_cache(token, {
'email': user.email,
'action': 'signup',
})
# send verification email
mail = Email([
user.email,
], TYPE_SIGNUP)
mail.send_mail_welcome({
'username':
user.email,
'url':
'"{}/{}?code={}"'.format('http://www.lmeib.com',
'user/email_confirm', token)
})
return Response(data=response_message(code=201),
status=status.HTTP_201_CREATED)
return Response(data=response_message(code=405),
status=status.HTTP_405_METHOD_NOT_ALLOWED)
def resend_email_confirmation(request):
if request.method == 'POST':
token = request.data['token'] or None
if token:
user = get_cached_user_by_token(token)
if not user:
return Response(
data=response_message(message='Username NOT EXISTS !'),
status=status.HTTP_400_BAD_REQUEST)
token = generate_key(long_token=True)
set_email_verification_cache(token, {
'email': user.email,
'action': 'signup',
})
# send verification email
mail = Email([
user.email,
], TYPE_SIGNUP)
mail.send_mail_welcome({
'username':
user.email,
'url':
'"{}/{}?code={}"'.format('http://www.lmeib.com',
'user/email_confirm', token)
})
return Response(data=response_message(code=200),
status=status.HTTP_200_OK)
return Response(data=response_message(message='Invalid username'),
status=status.HTTP_400_BAD_REQUEST)
return Response(data=response_message(code=405),
status=status.HTTP_405_METHOD_NOT_ALLOWED)
def create_update_permission_group(request, pk=None):
"""
:param request: required fields: list of permission IDs-> permissions, string -> permission_name
:return: response with HTTP status code
"""
if request.method == 'POST' or request.method == 'PUT':
permission_list = [
int(i) for i in request.POST.getlist('permissions[]')
]
if pk is None:
form = PermissionGroupForm(request.POST)
if not form.is_valid():
return Response(data=form.errors.as_data(),
status=status.HTTP_400_BAD_REQUEST)
PermissionGroup.create(permission_list, **form.cleaned_data)
elif pk:
permission_group = get_object_or_404(PermissionGroup, pk=pk)
form = PermissionGroupForm(request.POST, instance=permission_group)
if not form.is_valid():
return Response(data=form.errors.as_data(),
status=status.HTTP_400_BAD_REQUEST)
form.save()
if permission_list:
PermissionGroup.update(permission_group, permission_list)
return Response(data=response_message(code=201),
status=status.HTTP_201_CREATED)
elif request.method == 'DELETE' and pk:
# NOTE : de-active only for now, better to delete with all relations ?
permission_group = get_object_or_404(PermissionGroup, pk=pk)
permission_group.is_active = False
permission_group.save()
return Response(data=response_message(code=405),
status=status.HTTP_405_METHOD_NOT_ALLOWED)
def create_comment(request):
if request.method == 'POST':
form = CommentCreationForm(request.data)
if form.is_valid():
form.save()
return Response(data=response_message(code=200), status=status.HTTP_200_OK)
return Response(data=response_message(message='Invalid request input'), status=status.HTTP_400_BAD_REQUEST)
return Response(data=response_message(code=405), status=status.HTTP_405_METHOD_NOT_ALLOWED)
def logout(request):
if request.method == 'POST':
token = request.data['token']
user_cache = Cache()
user_cache.delete(token)
django_logout(request)
return Response(data=response_message(code=200),
status=status.HTTP_200_OK)
return Response(data=response_message(code=405),
status=status.HTTP_405_METHOD_NOT_ALLOWED)
def reset_password(request):
if request.method == 'POST':
form = UserResetPassword(request.POST)
if form.is_valid():
form.reset_password()
return Response(data=response_message(code=200),
status=status.HTTP_200_OK)
return Response(data=response_message(message='Invalid password'),
status=status.HTTP_400_BAD_REQUEST)
return Response(data=response_message(code=405),
status=status.HTTP_405_METHOD_NOT_ALLOWED)
def create_or_update_university_additional_attr(request):
if request.method == 'POST':
form = UniversityAdditionalAttributesForm(request.POST)
if not form.is_valid():
return Response(data=form.errors.as_data(),
status=status.HTTP_400_BAD_REQUEST)
form.save()
return Response(data=response_message(code=200),
status=status.HTTP_200_OK)
return Response(data=response_message(code=405),
status=status.HTTP_405_METHOD_NOT_ALLOWED)
def create_org_admin(request):
if request.method == 'POST':
form = OrgAdminCreateForm(request.POST)
if not form.is_valid():
return Response(data=form.errors.as_data(),
status=status.HTTP_400_BAD_REQUEST)
form.clean_password2()
form.save()
return Response(data=response_message(code=201),
status=status.HTTP_201_CREATED)
return Response(data=response_message(code=405),
status=status.HTTP_405_METHOD_NOT_ALLOWED)
def delete_wiki(request):
s3 = S3(AWS_BUCKET_ORG_WIKI)
response_data = {}
if request.method == 'POST':
key_name = request.POST['key_name'] or None
if key_name and s3.is_file_exist(key_name):
s3.delete_file(key_name)
return Response(data=response_data, status=status.HTTP_200_OK)
return Response(data=response_message(message='Invalid key name'),
status=status.HTTP_400_BAD_REQUEST)
return Response(data=response_message(code=405),
status=status.HTTP_405_METHOD_NOT_ALLOWED)
def change_password(request):
if request.method == 'POST':
form = UserChangePasswordForm(request.data)
if form.is_valid():
user = form.set_password()
if user:
django_login(request, user)
return Response(data=response_message(code=200),
status=status.HTTP_200_OK)
return Response(data=response_message(message='Invalid password'),
status=status.HTTP_400_BAD_REQUEST)
return Response(data=response_message(code=405),
status=status.HTTP_405_METHOD_NOT_ALLOWED)
def grant_admin_permission_groups(request):
if request.method == 'POST':
form = GrantUserPermissionForm(request.POST)
permission_group_list = [
int(i) for i in request.POST.getlist('permission_groups[]')
]
if form.is_valid(
) and permission_group_list and check_request_user_role(
request.POST['token'], ('president', )):
user = form.authenticate()
update_admin_permission_group(user, permission_group_list)
return Response(data=response_message(code=200),
status=status.HTTP_200_OK)
return Response(data=response_message(message='Invalid inputs'),
status=status.HTTP_400_BAD_REQUEST)
return Response(data=response_message(code=405),
status=status.HTTP_405_METHOD_NOT_ALLOWED)
def email_token_verification(request):
if request.method == 'GET':
token = request.GET['code'] or None
return Response(data={
'is_verified': email_verification(token),
},
status=status.HTTP_200_OK)
return Response(data=response_message(code=405),
status=status.HTTP_405_METHOD_NOT_ALLOWED)
def login(request):
if request.method == 'POST':
form = UserAuthenticationForm(request.data)
if form.is_valid():
(user, token) = form.authenticate()
if user:
django_login(request, user)
response_data = dict({
'result':
'success',
'data':
refresh_or_create_user_cache(token, user),
})
return Response(data=response_data, status=status.HTTP_200_OK)
return Response(
data=response_message(message='Invalid username or password'),
status=status.HTTP_400_BAD_REQUEST)
return Response(data=response_message(code=405),
status=status.HTTP_405_METHOD_NOT_ALLOWED)
def refresh_user_cache(request):
if request.method == 'GET':
token = request.GET['token']
response_data = dict({
'result': 'success',
'data': refresh_or_create_user_cache(token),
})
return Response(data=response_data, status=status.HTTP_200_OK)
return Response(data=response_message(code=405),
status=status.HTTP_405_METHOD_NOT_ALLOWED)
def create_update_feature(request, pk=None):
if request.method == 'POST' or request.method == 'PUT':
if pk is None:
form = FeatureForm(request.POST)
if not form.is_valid():
return Response(data=form.errors.as_data(),
status=status.HTTP_400_BAD_REQUEST)
Feature.create_feature(**form.cleaned_data)
elif pk:
feature = get_object_or_404(Feature, pk=pk)
form = FeatureForm(request.POST, instance=feature)
if not form.is_valid():
return Response(data=form.errors.as_data(),
status=status.HTTP_400_BAD_REQUEST)
form.save()
return Response(data=response_message(code=201),
status=status.HTTP_201_CREATED)
return Response(data=response_message(code=405),
status=status.HTTP_405_METHOD_NOT_ALLOWED)
def retrieve_university_by_slug(request):
if request.method == 'GET':
slug = request.GET['university_slug']
university = University.objects.all().get(slug_name=slug,
is_active=True)
response_data = dict({
'result': 'success',
'data': to_json(university),
})
return Response(data=response_data, status=status.HTTP_200_OK)
return Response(data=response_message(code=405),
status=status.HTTP_405_METHOD_NOT_ALLOWED)
def upload_image(request):
s3 = S3(AWS_BUCKET_ORG_WIKI)
if request.method == 'POST':
form = ImageFileForm(request.POST, request.FILES)
if not form.is_valid():
return Response(data=form.errors.as_data(),
status=status.HTTP_400_BAD_REQUEST)
key_prefix = form.cleaned_data['key_prefix']
s3_key = s3.upload_image(request.FILES['file'], key_prefix)
return Response(data={'s3_key': s3_key},
status=status.HTTP_201_CREATED)
return Response(data=response_message(code=405),
status=status.HTTP_405_METHOD_NOT_ALLOWED)
def get_customer_upg_by_university(request):
if request.method == 'GET':
response_data = list()
token = request.GET['token']
university = get_object_or_404(
University, slug_name=request.GET['university_slug']) or None
cached_data = get_cached_user(token)
if not check_request_user_role(cached_data, ['admin', 'president', ]) or int(cached_data['university_id']) != \
university.pk:
return Response(data=response_message(code=401),
status=status.HTTP_401_UNAUTHORIZED)
if not university:
return Response(data=response_message(message='Invalid parameter'),
status=status.HTTP_400_BAD_REQUEST)
university_upg = CustomerUPG.customer_upg.get_org_deserved_customer_upg(
university)
for upg in university_upg:
response_data.append(model_to_dict(upg))
return Response(data={'result': response_data},
status=status.HTTP_200_OK)
return Response(data=response_message(code=405),
status=status.HTTP_405_METHOD_NOT_ALLOWED)
def create_update_feature_group(request, pk=None):
"""
We do not check permission since the feature group is only created by LMB internally,
all universities should have the same visibility of all base feature groups.
"""
if request.method == 'POST' or request.method == 'PUT':
if pk is None:
form = FeatureGroupForm(request.POST)
if not form.is_valid():
return Response(data=form.errors.as_data(),
status=status.HTTP_400_BAD_REQUEST)
FeatureGroup.create(**form.cleaned_data)
elif pk:
feature_group = get_object_or_404(FeatureGroup, pk=pk)
form = FeatureGroupForm(request.POST, instance=feature_group)
if not form.is_valid():
return Response(data=form.errors.as_data(),
status=status.HTTP_400_BAD_REQUEST)
form.save()
return Response(data=response_message(code=201),
status=status.HTTP_201_CREATED)
return Response(data=response_message(code=405),
status=status.HTTP_405_METHOD_NOT_ALLOWED)
def get_university_additional_attr_list(request):
if request.method == 'GET':
slug = request.GET['slug']
university = University.objects.all().get(slug_name=slug,
is_active=True)
university_additional_attr_list = UniversityAdditionalAttributes.objects.filter(
pk=university.pk)
response_data = dict({
'result': 'success',
'data': university_additional_attr_list,
})
return Response(data=response_data, status=status.HTTP_200_OK)
return Response(data=response_message(code=405),
status=status.HTTP_405_METHOD_NOT_ALLOWED)
def forgot_password_email(request):
if request.method == 'POST':
form = UserForgotPassword(request.POST)
if form.is_valid():
user = form.get_user()
if user:
token = reset_password_cache_handler(user.email)
mail = Email([
user.email,
], TYPE_RESET_PASSWORD)
mail.send_mail_welcome({
'username':
user.email,
'url':
'"{}/{}?code={}"'.format('http://www.lmeib.com',
'user/reset', token)
})
return Response(data=response_message(code=200),
status=status.HTTP_200_OK)
return Response(
data=response_message(message='Username Does not exist !'),
status=status.HTTP_400_BAD_REQUEST)
return Response(data=response_message(code=405),
status=status.HTTP_405_METHOD_NOT_ALLOWED)
def retrieve_university_additional_attr(request):
if request.method == 'GET':
slug = request.GET['slug']
attribute_name = request.GET['attr_name']
university = University.objects.all().get(slug_name=slug,
is_active=True)
university_additional_attr = UniversityAdditionalAttributes.objects.get(
university=university.pk, attribute_name=attribute_name) or ''
response_data = dict({
'result': 'success',
'data': to_json(university_additional_attr),
})
return Response(data=response_data, status=status.HTTP_200_OK)
return Response(data=response_message(code=405),
status=status.HTTP_405_METHOD_NOT_ALLOWED)
def upload_user_avatar(request, ):
s3 = S3(AWS_BUCKET_USER_ARCHIVE)
if request.method == 'POST':
form = UserAvatarFileForm(request.POST, request.FILES)
if not form.is_valid():
return Response(data=form.errors.as_data(),
status=status.HTTP_400_BAD_REQUEST)
key_prefix = form.make_avatar_s3_key_prefix()
s3_key = s3.upload_image(request.FILES['file'], key_prefix)
image_url = form.update_user_avatar_key(AWS_BUCKET_USER_ARCHIVE,
s3_key)
return Response(data={'image_url': image_url},
status=status.HTTP_201_CREATED)
return Response(data=response_message(code=405),
status=status.HTTP_405_METHOD_NOT_ALLOWED)
def upload_wiki(request):
s3 = S3(AWS_BUCKET_ORG_WIKI)
if request.method == 'POST':
form = WikiFileForm(request.POST)
if form.is_valid():
old_key_name = form.cleaned_data['old_path'] or None
new_key_name = form.cleaned_data['new_path']
page = form.cleaned_data['page']
s3_key = s3.upload_wiki(page, new_key_name, old_key_name)
if s3_key:
return Response(data={'s3_key': s3_key},
status=status.HTTP_201_CREATED)
return Response(data=form.errors.as_data(),
status=status.HTTP_400_BAD_REQUEST)
return Response(data=response_message(code=405),
status=status.HTTP_405_METHOD_NOT_ALLOWED)
def get_items(request):
s3 = S3(AWS_BUCKET_ORG_WIKI)
response_data = {}
if request.method == 'POST':
form = GetKeysForm(request.data)
if form.is_valid():
key_prefix = form.cleaned_data['key_name'] or ''
key_spec = form.cleaned_data['spec'] or None
key_suffix = form.cleaned_data['suffix'] or '/'
key_marker = form.cleaned_data['marker'] or ''
response_data['result_list'] = s3.get_sub_keys_with_spec(
key_prefix, key_spec, key_suffix, key_marker)
return Response(data=response_data, status=status.HTTP_200_OK)
return Response(data=form.errors.as_data(),
status=status.HTTP_400_BAD_REQUEST)
return Response(data=response_message(code=405),
status=status.HTTP_405_METHOD_NOT_ALLOWED)
