def post(self, request, uidb1, uidb2, token):
INTERNAL_RESET_URL_TOKEN = 'approve-request'
INTERNAL_RESET_SESSION_TOKEN = '_approve_request_token'
try:
uid = force_text(urlsafe_base64_decode(uidb1))
from_user = MyUser.objects.get(pk=uid)
except (TypeError, ValueError, OverflowError, MyUser.DoesNotExist):
from_user = None
try:
uid = force_text(urlsafe_base64_decode(uidb2))
target_user = MyUser.objects.get(pk=uid)
except (TypeError, ValueError, OverflowError, MyUser.DoesNotExist):
target_user = None
if from_user is not None and target_user is not None:
pii_obj = PII.objects.filter(user=target_user).first()
pii_token_generator = PIITokenGenerator(pii_obj)
if token == INTERNAL_RESET_URL_TOKEN:
session_token = self.request.session.get(
INTERNAL_RESET_SESSION_TOKEN)
if pii_token_generator.check_token(from_user, session_token):
if pii_obj:
user_request = UserRequest(
from_user=from_user,
request_type=UserRequest.READ,
model_type=UserRequest.PII_ACCESS,
pii_obj=pii_obj,
)
if UserHelpers.assign_permissions(user_request):
CommonHelpers.send_request_approval_mail(
user_request)
messages.success(request, 'Request Approved')
logger.info(
"PII request of %s approved by Government for %s",
str(user_request.from_user),
str(target_user.username))
return HttpResponseRedirect(
reverse('app:HomeView'))
else:
return render(
request, 'error.html', {
'err': 'Action could not be completed',
})
else:
return render(request, 'error.html', {
'err': 'User has not entered PII.',
})
else:
if pii_token_generator.check_token(from_user, token):
self.request.session[INTERNAL_RESET_SESSION_TOKEN] = token
redirect_url = self.request.path.replace(
token, INTERNAL_RESET_URL_TOKEN)
return HttpResponseRedirect(redirect_url)
return render(request, 'error.html',
{'err': 'Invalid Link. You Hacker.'})
def post(self, request, user_request_id):
user = request.user
# Takes care of case that user == user_request.to_user
user_request = UserHelpers.get_user_request_to_user_using_id(
user_request_id, user)
if user_request:
if 'Approve' in request.POST:
approve_request = True
elif 'Decline' in request.POST:
approve_request = False
else:
return render(request, 'error.html',
{'err': 'You did something wrong, bro.'})
if user_request.is_approved:
return render(request, 'error.html', {
'err': 'Request Already Approved',
})
if approve_request:
if UserHelpers.assign_permissions(user_request):
user_request.approve(user)
CommonHelpers.send_request_approval_mail(user_request)
messages.success(request, 'Request Approved')
# Intermediate Delete Request
if user_request.request_type == UserRequest.DELETE and user_request.model_type == UserRequest.USER:
messages.success(
request, 'Request Sent To %s' %
str(user_request.to_user.get_assigned_admin()))
# Delete completed
if user_request.request_type == UserRequest.COMPLETE_DELETE and user_request.model_type == UserRequest.USER:
logger.info('User %s deleted by %s',
str(user_request.user_obj.username),
str(user_request.to_user.username))
logger.info("User request %s approved by %s ",
user_request.__str__(), str(user.username))
return HttpResponseRedirect(
reverse('app:UserRequestsReceivedView'))
return render(request, 'error.html', {
'err': 'Request could not be approved',
})
else:
if not user_request.is_approved:
UserHelpers.delete_request(user_request)
CommonHelpers.send_request_declined_mail(user_request)
messages.success(request, 'Request Declined')
logger.info("User request %s declined by %s",
user_request.__str__(), str(user.username))
return HttpResponseRedirect(
reverse('app:UserRequestsReceivedView'))
else:
return render(
request, 'error.html', {
'err':
'Request cannot be declined because it is already approved.',
})
return render(request, 'error.html', {
'err': 'Does not exist',
})
