def login_view(request):
if request.user.is_authenticated:
if request.user.has_perm('BankingSystem.user_operations'):
return custom_redirect("dashboard", success='Welcome.')
if request.user.has_perm('BankingSystem.employee_operations'):
return custom_redirect("employee_dashboard", success='Welcome.')
return redirect("index")
fields = {
'authentication_error': ''
}
if request.method != 'POST':
return render(request, 'login.html', fields)
username = do_get(request.POST, 'username')
password = do_get(request.POST, 'password')
user = authenticate(request, username=username, password=password)
if user is not None:
login(request, user)
if user.has_perm('BankingSystem.user_operations'):
return custom_redirect("dashboard", success='Successfully logged in.')
if user.has_perm('BankingSystem.employee_operations'):
return custom_redirect("employee_dashboard", success='Successfully logged in.')
return redirect('index')
else:
fields['authentication_error'] = 'Invalid username/password'
return render(request, 'login.html', fields)
def debit_credit(request):
fields = {
'accounts': request.user.profile.account_set.all(),
'username': request.user.username,
'error': '',
}
if request.method != 'POST':
return render(request, 'debit_credit.html', fields)
account = do_get(request.POST, 'account')
transaction_type = do_get(
request.POST, 'debit_or_credit') # Whether Debit or Credit transaction
pref_employee = do_get(request.POST, 'preferred_employee')
amount = do_get(request.POST, 'amount')
try:
if transaction_type == "debit":
transaction = Transactions.create(Transactions.TYPE_DEBIT,
request.user, account, None,
amount, pref_employee)
elif transaction_type == "credit":
transaction = Transactions.create(Transactions.TYPE_CREDIT,
request.user, None, account,
amount, pref_employee)
else:
raise BankingException('Invalid request')
except BankingException as e:
fields['error'] = e.message
return render(request, 'debit_credit.html', fields)
return redirect("transaction_confirmation", transaction_id=transaction.id)
def make_transactions(request):
fields = {
'username':
request.user.username,
'error':
'',
'has_perm_view_critical_transactions':
request.user.has_perm('BankingSystem.view_critical_transactions'),
'has_perm_create_payments':
request.user.has_perm('BankingSystem.create_payments'),
'accounts':
request.user.profile.account_set.all()
}
if request.method != 'POST':
return render(request, 'make_transactions.html', fields)
sender_account_number = do_get(request.POST, 'sender_account_number')
receiver_account_number = do_get(request.POST, 'receiver_account_number')
amount = do_get(request.POST, 'amount')
try:
transaction = Transactions.create(Transactions.TYPE_TRANSACTION,
request.user, sender_account_number,
receiver_account_number, amount)
except BankingException as e:
fields['error'] = e.message
return render(request, 'make_transactions.html', fields)
return redirect("transaction_confirmation", transaction_id=transaction.id)
def user_accounts_list(request):
fields = {
'redirect_info': do_get(request.GET, 'info'), # Like already logged in
'redirect_success': do_get(request.GET, 'success'), # Like login successful
'redirect_error': do_get(request.GET, 'error'), # Generic site error
'username': request.user.username,
'users': request.user.profile.employee_ticket.all(),
'has_perm_employee_operations': request.user.has_perm('BankingSystem.employee_operations'),
}
return render(request, 'user_account_list.html', fields)
def dashboard_internal(request):
fields = {
'redirect_info': do_get(request.GET, 'info'), # Like already logged in
'redirect_success': do_get(request.GET, 'success'), # Like login successful
'redirect_error': do_get(request.GET, 'error'), # Generic site error
'error': '',
'username': request.user.username,
'has_perm_employee_operations': request.user.has_perm('BankingSystem.employee_operations'),
}
return render(request, 'dashboard_internal_user.html', fields)
def reset_2fa(request):
fields = {
'username': request.user.username,
'redirect_info': do_get(request.GET, 'info'), # Like already logged in
'redirect_success': do_get(request.GET,
'success'), # Like login successful
'redirect_error': do_get(request.GET, 'error'), # Generic site error
'error': '',
'token_url': request.user.profile.regenerate_totp_seed()
}
return render(request, 'reset_2fa.html', fields)
def approve_transaction_employee(request):
transactions = map(lambda x: str(x).split(), list(request.user.profile.transactions_set.all()))
transactions.sort(cmp=lambda x, y: int(y[0]) - int(x[0]))
fields = {
'redirect_info': do_get(request.GET, 'info'), # Like already logged in
'redirect_success': do_get(request.GET, 'success'), # Like login successful
'redirect_error': do_get(request.GET, 'error'), # Generic site error
'username': request.user.username,
'transactions': transactions,
'has_perm_employee_operations': request.user.has_perm('BankingSystem.employee_operations'),
'has_perm_view_critical_transactions': request.user.has_perm('BankingSystem.view_critical_transactions'),
}
return render(request, 'approve_transaction_employee.html', fields)
def transaction_confirmation(request, transaction_id):
transaction = get_object_or_404(Transactions, pk=transaction_id)
fields = {
'authentication_error':
'',
'username':
request.user.username,
'transaction_id':
transaction.id,
'error':
'',
'has_perm_user_operations':
request.user.has_perm('BankingSystem.view_user_operations'),
'has_perm_create_payments':
request.user.has_perm('BankingSystem.create_payments'),
}
if request.method != 'POST':
return render(request, 'transaction_confirmation_otp.html', fields)
otp = do_get(request.POST, 'otp')
try:
transaction.verify_otp(otp)
if not transaction.is_cash and transaction.amount < Transactions.CRITICAL_LIMIT:
transaction.process_transaction()
return custom_redirect(
"dashboard", success="Successfully processed transaction")
else:
return custom_redirect(
"dashboard",
info='Transaction will be processed after approval from ' +
str(transaction.employee))
except BankingException as e:
fields['error'] = e.message
return render(request, 'transaction_confirmation_otp.html', fields)
def technical_accounts_access(request):
fields = {
'error':
"",
'username':
request.user.username,
'has_perm_user_operations':
request.user.has_perm('BankingSystem.user_operations'),
}
if request.method != 'POST':
return render(request, 'technical_accounts_access.html', fields)
employee_username = do_get(request.POST, 'employee_username')
try:
employee = User.objects.filter(groups__name='Employees').get(
username=employee_username)
except:
fields['error'] = 'No such employee.'
return render(request, 'technical_accounts_access.html', fields)
if employee is None:
fields['error'] = 'No such employee'
return render(request, 'technical_accounts_access.html', fields)
request.user.profile.ticket_employee = employee.profile
request.user.profile.save()
return custom_redirect('dashboard',
success="Employee given access to your account.")
def approve_payments_for_users(request):
payments = []
for account in request.user.profile.account_set.all():
payments.extend(list(account.payment_user.all()))
fields = {
'redirect_info':
do_get(request.GET, 'info'), # Like already logged in
'redirect_success':
do_get(request.GET, 'success'), # Like login successful
'redirect_error':
do_get(request.GET, 'error'), # Generic site error
'payments':
payments,
'username':
request.user.username,
'has_perm_user_operations':
request.user.has_perm('BankingSystem.user_operations'),
}
return render(request, 'approve_payments_for_users.html', fields)
def create_payment(request):
fields = {
'error':
'',
'username':
request.user.username,
'has_perm_user_operations':
request.user.has_perm('BankingSystem.user_operations'),
'has_perm_create_payments':
request.user.has_perm('BankingSystem.create_payments'),
}
if request.method != 'POST':
return render(request, 'create_payment.html', fields)
payee_account = do_get(request.POST, 'payee_account')
amount = do_get(request.POST, 'amount')
try:
Payments.create(request.user, payee_account, amount)
except BankingException as e:
fields['error'] = e.message
return render(request, 'create_payment.html', fields)
return custom_redirect('dashboard',
success="Payment requested from the user.")
def dashboard_external(request):
print request.user
fields = {
'username':
request.user.username,
'redirect_info':
do_get(request.GET, 'info'), # Like already logged in
'redirect_success':
do_get(request.GET, 'success'), # Like login successful
'redirect_error':
do_get(request.GET, 'error'), # Generic site error
'error':
'',
'has_perm_user_operations':
request.user.has_perm('BankingSystem.user_operations'),
'has_perm_create_payments':
request.user.has_perm(
'BankingSystem.create_payments'), # check if user is Company
'accounts':
request.user.profile.account_set.all()
}
return render(request, 'dashboard_external_user.html', fields)