def post(self, request, *args, **kwargs):
application = get_object_or_404(Application,
pk=request.POST.get('applicationId'))
if not (application.applicant == request.user
or application.proxy_applicant == request.user):
return HttpResponseForbidden(
'Application does not belong to user or proxy application')
session_application_id = utils.get_session_application(request.session)
if session_application_id.id == application.id:
utils.delete_session_application(request.session)
if application.is_temporary:
application.delete()
return HttpResponse()
def property_edit(request, pk):
"""
"""
prop = Property.objects.get(pk=pk)
if request.session['user'] != prop.owner_id:
return HttpResponseForbidden('This property does not belong to you.')
template = loader.get_template('interface/property.html')
form = PropertyForm(request.POST or None, instance=prop)
if form.is_valid():
form.save()
props = Property.objects.all()
template = loader.get_template('interface/list.html')
return HttpResponse(
template.render(dict(properties=props, message='Property Updated'),
request))
else:
return HttpResponse(template.render(dict(form=form), request))
def get(self, request, username):
"""Returns a list of Project for a specific user.
If the requesting user is a super user then we can 'impersonate'
another user. Else this is an unauthorized request.
"""
if not request.user.is_superuser:
return HttpResponseForbidden()
user = get_user_model().objects.get(username=username)
ag = user.agave_oauth.client
q = request.GET.get('q', None)
if not q:
projects = Project.list_projects(agave_client=ag)
else:
projects = Project.search(q=q, agave_client=ag)
return JsonResponse({'projects': projects}, encoder=AgaveJSONEncoder)
def post(self, request, *args, **kwargs):
domain = request.GET.get('domain')
case_type = request.GET.get('case_type')
user_name = request.GET.get('user')
properties = json.loads(request.body)
case_id = properties['case_id']
properties.pop('case_id')
couch_user = CommCareUser.get_by_username(user_name)
if not couch_user.is_member_of(domain):
return HttpResponseForbidden(
"This user does not have access to this domain.")
case = get_case_or_404(domain, case_id)
if not case.type == case_type:
return HttpResponseBadRequest("Case type mismatch")
def event_participants(req, id):
e = Event.objects.get(pk=id)
try:
p = req.user.gotouser.participant
except AttributeError:
p = None
if p:
a = p.application_set.filter(event=e)
if a.count() > 0 and (a[0].status == 1 or a[0].status == 3):
base_context = {
'event': e,
'invited': e.application_set.filter(status=1).all(),
'confirmed': e.application_set.filter(status=3).all()
}
return render(req, 'events/event_participants.html', base_context)
else:
return HttpResponseForbidden()
def obj_create(self, bundle, **kwargs):
model = bundle.obj.__class__
try:
template_id = bundle.data['template_id']
creator = bundle.request.user.username
pipeline_instance_kwargs = {
'name': bundle.data.pop('name'),
'creator': creator,
'pipeline_tree': json.loads(bundle.data.pop('pipeline_tree')),
}
if 'description' in bundle.data:
pipeline_instance_kwargs['description'] = bundle.data.pop(
'description')
except (KeyError, ValueError) as e:
raise BadRequest(e.message)
# XSS handle
self.handle_task_name_attr(pipeline_instance_kwargs)
# validate pipeline tree
try:
validate_web_pipeline_tree(
pipeline_instance_kwargs['pipeline_tree'])
except PipelineException as e:
raise BadRequest(e.message)
try:
template = TaskTemplate.objects.get(id=template_id)
except TaskTemplate.DoesNotExist:
raise BadRequest('template[id=%s] does not exist' % template_id)
if not bundle.request.user.has_perm(CREATE_TASK_PERM_NAME, template):
raise ImmediateHttpResponse(
HttpResponseForbidden(
'You have no permissions to create task'))
try:
pipeline_instance = model.objects.__class__.create_pipeline_instance(
template, **pipeline_instance_kwargs)
except PipelineException as e:
raise BadRequest(e.message)
kwargs['category'] = template.category
if bundle.data['flow_type'] == 'common_func':
kwargs['current_flow'] = 'func_claim'
else:
kwargs['current_flow'] = 'execute_task'
kwargs['pipeline_instance_id'] = pipeline_instance.id
super(TaskFlowInstanceResource, self).obj_create(bundle, **kwargs)
return bundle
def view(request, app, cls, pk, tab=None):
if not request.user.is_authenticated:
return httprr(request,
'/admin/login/?next={}'.format(request.get_full_path()))
try:
_model = apps.get_model(app, cls)
except LookupError as e:
return page_not_found(request, e, 'error404.html')
obj = _model.objects.all(request.user).filter(pk=pk).first()
obj.request = request
obj._user = request.user
if 'one_to_many_count' in request.GET:
# TODO create a specific view for this purpose
return HttpResponse(getattr2(obj, request.GET['one_to_many_count']))
if not permissions.can_view(request, obj):
return HttpResponseForbidden()
title = str(obj)
parent = request.GET.get('parent', None)
printable = get_metadata(_model, 'pdf', False)
widget_panel = ModelDashboard(request,
obj,
tab,
parent,
printable=printable)
widget_panel.process_request()
if widget_panel.model_panel.message:
return httprr(request, request.get_full_path(),
widget_panel.model_panel.message)
log_data = get_metadata(obj.__class__, 'log', False)
if log_data and request.user.is_superuser and request.user.has_perm(
'admin.list_log'):
url = '/log/{}/{}/'.format(app, cls)
widget_panel.model_panel.drop_down.add_action(
'{} {}'.format(_('View'), _('Log')), url, 'ajax', 'fa fa-history')
return render(request, 'default.html', locals())
def authorize(request):
code = request.GET.get('code', '')
# use state to track user id
state = request.GET.get('state', '')
config = SiteConf.get_solo()
if not config.enable_wechat:
return HttpResponseForbidden('没有开启微信登录')
client = WeChatOAuth(config.wx_appid,
config.wx_appsecret,
config.wx_redirect_uri,
scope='snsapi_userinfo',
state=state)
# auth flow
if code:
try:
# may raise
access_token = client.fetch_access_token(code)
user_info = client.get_user_info()
user, _ = User.objects.get_or_create(username='******' +
access_token['openid'])
# may raise IntegrityError 微信用户已经绑定了关系
at, _ = AccessToken.objects.get_or_create(
user=user, openid=access_token['openid'])
at.update_token(access_token)
# update profile
user.profile.update_profile(user_info)
token = issue_token(user)
return JsonResponse({
'token': token['token'],
'user': UserSerializer(user).data
})
except Exception as e:
return JsonResponse({
'status': 'failed',
'message': str(e)
},
status=400)
return JsonResponse({'url': client.authorize_url})
def finaid_message(request, pks):
"""Add a message to some applications"""
if not is_reviewer(request.user):
return HttpResponseForbidden(_(u"Not authorized for this page"))
applications = FinancialAidApplication.objects.filter(pk__in=pks.split(","))\
.select_related('user')
if not applications.exists():
messages.add_message(request, messages.ERROR, _(u"No applications selected"))
return redirect('finaid_review')
if request.method == 'POST':
for application in applications:
message = FinancialAidMessage(user=request.user,
application=application)
message_form = ReviewerMessageForm(request.POST, instance=message)
if message_form.is_valid():
message = message_form.save()
# Send notice to reviewers/pycon-aid alias, and the applicant if visible
context = email_context(request, application, message)
send_email_message("reviewer/message",
# From whoever is logged in clicking the buttons
from_=request.user.email,
to=[settings.FINANCIAL_AID_EMAIL],
context=context,
headers={'Reply-To': settings.FINANCIAL_AID_EMAIL}
)
# If visible to applicant, notify them as well
if message.visible:
send_email_message("applicant/message",
from_=request.user.email,
to=[application.user.email],
context=context,
headers={'Reply-To': settings.FINANCIAL_AID_EMAIL}
)
messages.add_message(request, messages.INFO, _(u"Messages sent"))
return redirect(reverse('finaid_review', kwargs=dict(pks=pks)))
else:
message_form = ReviewerMessageForm()
return render(request, "finaid/reviewer_message.html", {
'applications': applications,
'form': message_form,
})
def review_proposal(request, conference_slug, slug):
conference = get_object_or_404(Conference, slug=conference_slug)
proposal = get_object_or_404(Proposal, slug=slug, conference=conference)
if not _is_proposal_reviewer(request.user, conference):
return HttpResponseForbidden()
if request.method == 'GET':
comments = ProposalComment.objects.filter(
proposal=proposal,
deleted=False,
)
proposal_review_form = ProposalReviewForm(
initial={'review_status': proposal.review_status})
ctx = {
'proposal':
proposal,
'proposal_review_form':
proposal_review_form,
'reviewers_comments':
comments.filter(private=True),
'reviewers_proposal_comment_form':
ProposalCommentForm(initial={'private': True}),
}
return render(request, 'proposals/review.html', ctx)
# POST Workflow
form = ProposalReviewForm(request.POST)
if not form.is_valid():
return render(request, 'proposals/review.html', {
'form': form,
'proposal': proposal,
'errors': form.errors
})
# Valid Form
proposal.review_status = form.cleaned_data['review_status']
proposal.save()
return HttpResponseRedirect(
reverse('proposals-list', args=[conference.slug]))
def upload(self, request, path):
"""
Upload a package to the index.
0. Check if the index allows uploaded packages (live-api-enabled)
1. Check request is in correct format
2. Check if the package is in the repository already
3. If present then reject request
4. Spawn task to add content if no/old session present
5. Add uploads to current session to group into one task
"""
distro = self.get_distribution(path)
if not distro.allow_uploads:
return HttpResponseForbidden(
reason="Index is not allowing uploads")
repo = distro.repository
if not repo:
return HttpResponseBadRequest(
reason="Index is not pointing to a repository")
serializer = PackageUploadSerializer(data=request.data)
serializer.is_valid(raise_exception=True)
artifact, filename = serializer.validated_data["content"]
repo_content = self.get_content(self.get_repository_version(distro))
if repo_content.filter(filename=filename).exists():
return HttpResponseBadRequest(
reason=f"Package {filename} already exists in index")
if settings.PYTHON_GROUP_UPLOADS:
return self.upload_package_group(repo, artifact, filename,
request.session)
result = dispatch(tasks.upload,
exclusive_resources=[artifact, repo],
kwargs={
"artifact_sha256": artifact.sha256,
"filename": filename,
"repository_pk": str(repo.pk)
})
return Response(
data={
"task": reverse('tasks-detail', args=[result.pk], request=None)
})
def verify(request):
if settings.LOGIN_ATTEMPT_LIMIT > 0 and request.method == 'POST':
ip = LoginProtect._get_request_ip(request)
next_available_time = LoginProtect.next_available_login.get(ip, datetime.now(tz=get_current_timezone()) - timedelta(seconds=1))
if next_available_time > datetime.now(tz=get_current_timezone()):
return HttpResponseForbidden('<html><h2>Too many login failures</h2><h5>Please try again later!!</h5></html>')
else:
auth_data, auth_success = func(request)
if auth_success:
if ip in LoginProtect.next_available_login:
LoginProtect.next_available_login.pop(ip)
if ip in LoginProtect.ip_login_count:
LoginProtect.ip_login_count.pop(ip)
else:
LoginProtect.ip_login_count[ip] = LoginProtect.ip_login_count.get(ip, 0) + 1
if LoginProtect.ip_login_count[ip] >= settings.LOGIN_ATTEMPT_LIMIT:
LoginProtect.next_available_login[ip] = datetime.now(tz=get_current_timezone()) + timedelta(seconds=settings.LOGIN_ATTEMPT_TIMEOUT)
return auth_data
return func(request)[0]
def get(self, request, *args, **kwargs):
archive_file: ArchiveFile = self.get_object()
if not archive_file.has_download_permission(request.user):
return HttpResponseForbidden("""
Downloading of this archived file has been blocked by the administrators.
Please contact the collection administrator for more information on this issue.
""")
filename = archive_file.file.name
# url = f'/protected/download/{filename}'
url = reverse("protected_download", kwargs={"path": filename})
# url = request.build_absolute_uri(url)
response = HttpResponse()
response["X-Accel-Redirect"] = url
response["Content-Type"] = mimetypes.guess_type(filename)[0] or ""
response[
"Content-Disposition"] = f'attachment; filename="{Path(archive_file.original_filename or filename).name}"'
return response
def _build_status(request, project_id, build_id):
build = Build.objects.get(project_id=project_id, id=build_id)
if build.state not in [
Build.STATE_PENDING_REVIEW, Build.STATE_APPROVED,
Build.STATE_REJECTED
]:
return HttpResponseForbidden()
if action == 'approve':
build.state = Build.STATE_APPROVED
build.date_approved = timezone.now()
elif action == 'reject':
build.state = Build.STATE_REJECTED
build.date_rejected = timezone.now()
else:
raise Exception('Unknown action {}'.format(action))
build.reviewed_by = request.user.email or request.user.username
build.save()
build.update_github_status()
return redirect('builds:build', project_id, build_id)
def post(self, *args, **kwargs):
if not (self.request.user.profile.is_icap()
or self.request.user.profile.is_country_administrator()
or self.request.user.profile.is_institution_administrator()):
return HttpResponseForbidden(
'You are not authorized to deny faculty access.')
user = get_object_or_404(User, pk=self.request.POST.get('user_id'))
pending = PendingTeachers.objects.get(user_profile=user.profile)
user.profile.school = pending.school
user.profile.country = pending.school.country
user.profile.profile_type = 'TE'
user.profile.save()
self.send_confirmation_email(user)
pending.delete()
return self.render_to_json_response({'success': True})
def post(self, *args, **kwargs):
pk = self.request.POST.get('pk')
group = get_object_or_404(Group, pk=pk)
if (self.request.user.profile.is_student()
or (self.request.user.profile.is_teacher()
and not group.creator == self.request.user)):
return HttpResponseForbidden(
'You are not authorized to update this group')
start_date = self.request.POST.get('start_date')
end_date = self.request.POST.get('end_date')
fmt = "%m/%d/%Y"
group.start_date = datetime.strptime(start_date, fmt).date()
group.end_date = datetime.strptime(end_date, fmt).date()
group.name = self.request.POST.get('name')
group.save()
return HttpResponseRedirect('/dashboard/#user-groups')
def recreate_all_group_widgets(request=None, verbose=False):
""" Resets all CosinnusGroup Dashboard Widget Configurations to their default
by deleting and recreating them. """
if request and not request.user.is_superuser:
return HttpResponseForbidden('Not authenticated')
# delete all widget configs
WidgetConfig.objects.all().delete()
# create all default widgets for all groups
groups_ids = []
all_groups = CosinnusGroup.objects.all()
for group in all_groups:
create_initial_group_widgets(None, group)
groups_ids.append(str(group.id))
if verbose:
print((">>> recreated widget config for group id", group.id))
return HttpResponse("The following groups were updated:<br/><br/>" + "<br/>".join(groups_ids))
def configure(request):
if not request.user.is_authenticated or not request.user.is_staff:
return HttpResponseForbidden()
if request.method == "POST":
for item in SiteConfig.objects.all():
item.value = False
item.save()
for item in request.POST:
print(item)
try:
it = SiteConfig.objects.get(key=item)
it.value = True
it.save()
except ObjectDoesNotExist:
pass
return redirect('admin')
def punch_edit(request, punch_id):
punch = Punch.objects.get(pk=punch_id)
if punch.speaker != request.user:
return HttpResponseForbidden()
ring = punch.ring
template_title = _(u'Edit your opinion')
if request.method == 'POST':
punch_form = PunchForm(request.POST, instance=punch)
if punch_form.is_valid():
punch_updated = punch_form.save(commit=False)
save_punch(request, ring, punch_updated)
return HttpResponseRedirect(reverse('discuss-topic', kwargs={'ring_id':str(ring.pk), 'slug':ring.slug}))
else:
if punch.ring.punch_set.all()[:1].get() == punch:
punch_form = PunchForm(instance=punch, is_first=True)
else:
punch_form = PunchForm(instance=punch)
variables = {'punch_form':punch_form, 'template_title': template_title, 'reverse':reverse('discuss-topic', kwargs={'ring_id':str(ring.pk), 'slug':ring.slug})}
return render(request, 'punch.html', variables)
def oidc_revoke_bearer_tokens(request: HttpRequest) -> HttpResponse:
if not request.user.is_authenticated or not isinstance(
request.user, OIDCUser):
return HttpResponseForbidden()
try:
data = json.loads(request.body.decode("ascii"))
user = cast(OIDCUser, request.user)
for token_id in data["token_ids"]:
token_data = OIDCUserOfflineTokens.objects.get(id=token_id)
secret = get_config()["secret_key"].encode()
salt = user.sub.encode()
decrypted_token = decrypt_data(token_data.offline_token, secret,
salt)
oidc_client = get_oidc_client()
oidc_client.logout(decrypted_token.decode("ascii"))
token_data.delete()
return HttpResponse(status=200)
except InvalidToken:
return HttpResponse(status=401)
def problem(request, user, slug):
""" Main problem view with all required forms. """
problem = get_object_or_404(Problem, slug=slug)
if not problem.has_view_permission(request, for_user=user):
return HttpResponseForbidden()
problem_form = ChallengeProblemForm({'problem': problem.statement})
problem_form.helper.form_action = reverse('problem_update',
kwargs={'slug': problem.slug})
template_form = ChallengeTemplateForm(
{'submission_template': problem.submission_template})
template_form.helper.form_action = reverse('problem_update',
kwargs={'slug': problem.slug})
submission, created = Submission.objects.get_or_create(
problem=problem, author=user, defaults={"code": ""})
public_submissions = Submission.objects.filter(problem=problem,
is_public=True)
if created or submission.code.strip() == "":
submission.code = problem.statement
submission_form = SubmissionForm(
{
'author': str(submission.author.id),
'problem': str(submission.problem.id),
'code': submission.code,
},
user=user)
submission_form.helper.form_action = reverse('submission_test',
kwargs={'slug': problem.slug})
public_test_cases = problem.testcase_set.filter(is_public=True)
return render_to_response(
"dreamcode/problem.html",
{
"problem_problem_form": problem_form,
"problem_template_form": template_form,
"submission_form": submission_form,
"problem": problem,
"public_test_cases": public_test_cases,
"public_submissions": public_submissions,
},
RequestContext(request),
)
def reset_user_tos_flags(request=None):
if request and not request.user.is_superuser:
return HttpResponseForbidden('Not authenticated')
if not request.GET.get('confirm', False) == '1':
active_users = filter_active_users(get_user_model().objects.all())
ret = '********** This will reset all %d active users\' ToS accepted flag! Use param ?confirm=1 to delete the flags! ***********' % active_users.count(
)
else:
count = 0
active_users = filter_active_users(get_user_model().objects.all())
for profile in get_user_profile_model().objects.all().filter(
user__in=active_users):
del profile.settings['tos_accepted']
profile.save(update_fields=['settings'])
count += 1
ret = 'Successfully reset the ToS flag for %d users.' % count
return HttpResponse(ret)
def refund(self, request, pk=None):
if not request.user.has_perm('payments.refund_orderpayment'
) or not properties.ENABLE_REFUNDS:
return HttpResponseForbidden(
'Missing permission: payments.refund_orderpayment')
order_payment = OrderPayment.objects.get(pk=pk)
service = PaymentService(order_payment)
service.refund_payment()
self.message_user(request, 'Refund is requested.')
order_payment_url = reverse('admin:payments_orderpayment_change',
args=(order_payment.id, ))
response = HttpResponseRedirect(order_payment_url)
return response
def mailgun_webhook(request):
"""Handle mailgun webhooks to keep track of user emails that have failed"""
# pylint: disable=too-many-return-statements
def verify(event):
"""Verify that the message is from mailgun"""
token = event.get("token", "")
timestamp = event.get("timestamp", "")
signature = event.get("signature", "")
hmac_digest = hmac.new(
key=settings.MAILGUN_ACCESS_KEY.encode("utf8"),
msg=f"{timestamp}{token}".encode("utf8"),
digestmod=hashlib.sha256,
).hexdigest()
match = hmac.compare_digest(signature, str(hmac_digest))
return match and int(timestamp) + 300 > time.time()
if request.method != "POST":
return HttpResponseNotAllowed(["POST"])
try:
event = json.loads(request.body)
except ValueError:
return HttpResponseBadRequest("JSON decode error")
if not verify(event.get("signature", {})):
return HttpResponseForbidden()
if "event-data" not in event:
return HttpResponseBadRequest("Missing event-data")
event = event["event-data"]
if event.get("event") != "failed":
return HttpResponse("OK")
if "recipient" not in event:
return HttpResponseBadRequest("Missing recipient")
email = event["recipient"]
User.objects.filter(email=email).update(email_failed=True)
ReceiptEmail.objects.filter(email=email).update(failed=True)
return HttpResponse("OK")
def dispatch(self, request: HttpRequest, *args, **kwargs):
if request.user.is_authenticated:
return super().dispatch(request, *args, **kwargs)
authenticator = TokenAuthentication()
try:
auth_result = authenticator.authenticate(request)
if not auth_result:
return self.handle_no_permission()
except exceptions.AuthenticationFailed as e:
return HttpResponse(content=str(e), status=e.status_code)
except PermissionDenied as e:
return HttpResponseForbidden(content=str(e))
user, token = auth_result
request.user = user
request.auth = token
return super().dispatch(request, *args, **kwargs)
def user_dashboard_announcement_activate(request, slug):
""" Toggles an announcement active/inactive """
if not check_user_superuser(request.user):
return HttpResponseForbidden('Not authenticated')
announcement = get_object_or_None(UserDashboardAnnouncement,
portal=CosinnusPortal.get_current(),
slug=slug)
if announcement is None:
return HttpResponseNotFound()
announcement.is_active = not announcement.is_active
announcement.save()
if announcement.is_active:
messages.success(request,
_('Your Announcement was activated successfully.'))
else:
messages.success(request,
_('Your Announcement was deactivated successfully.'))
return redirect('cosinnus:user-dashboard-announcement-list')
def tutorial_message(request, pk):
tutorial = get_object_or_404(PyConTutorialProposal, pk=pk)
presentation = Presentation.objects.get(proposal_base=tutorial)
if not request.user.is_staff:
if not is_attendee_or_speaker(request.user, presentation):
return HttpResponseForbidden(_(u"Not authorized for this page"))
message_form = TutorialMessageForm()
if request.method == 'POST':
message = PyConTutorialMessage(user=request.user, tutorial=tutorial)
message_form = TutorialMessageForm(request.POST, instance=message)
if message_form.is_valid():
message = message_form.save()
context = email_context(request, tutorial, message)
sender_email = request.user.email
speakers = [
x.email for x in tutorial.speakers()
if x.email != sender_email and x.email
]
attendees = [
x.email for x in tutorial.registrants.all()
if x.email != sender_email and x.email
]
recipients = speakers + attendees
# Send new message notice to speakers/attendees
queue_email_message("message",
from_=settings.DEFAULT_FROM_EMAIL,
to=[request.user.email],
bcc=recipients,
context=context)
messages.add_message(request, messages.INFO,
_(u"Message queued to be sent."))
url = reverse('schedule_presentation_detail',
args=[presentation.pk])
return redirect(url)
return render(request, "tutorials/message.html", {
'presentation': presentation,
'form': message_form
})
def handle_ajax(self, request: HttpRequest, **kwargs):
if request.method != "POST":
return HttpResponseBadRequest()
csrf_token = request.META.get('CSRF_COOKIE', None)
if not csrf_token:
return HttpResponseForbidden("CSRF token is missing")
if "HTTP_CONTENT_RANGE" in request.META:
handler = self._handle_chunked
else:
handler = self._handle_complete
result = []
try:
for uploaded_file in request.FILES.values():
result.append(handler(request, csrf_token, uploaded_file))
except InvalidRequestException as e:
return HttpResponseBadRequest(str(e))
return JsonResponse(result, safe=False)
def question_data(request, question_pk=None):
question = QuestionContainer.objects.get(id=question_pk)
if not question.has_change_permission(request.user):
return HttpResponseForbidden()
data = []
if request.GET['type'] == 'SC':
for choice in question.choices.all():
data.append([
choice.text,
len(choice.answers.all()) * 1.0 / len(question.answers.all()) *
100
])
elif request.GET['type'] == 'MC':
for choice in question.choices.all():
data.append([
choice.text,
len(choice.checkanswers.all()) * 1.0 /
len(question.answers.all()) * 100
])
return data
def _update_release_restriction(request, domain, restriction_id, active):
if not toggles.MANAGE_RELEASES_PER_LOCATION.enabled_for_request(request):
return HttpResponseForbidden()
release = AppReleaseByLocation.objects.get(id=restriction_id, domain=domain)
try:
release.activate() if active else release.deactivate()
except ValidationError as e:
response_content = {
'message': ','.join(e.messages)
}
else:
response_content = {
'id': restriction_id,
'success': True,
'activated_on': (datetime.strftime(release.activated_on, '%Y-%m-%d %H:%M:%S')
if release.activated_on else None),
'deactivated_on': (datetime.strftime(release.deactivated_on, '%Y-%m-%d %H:%M:%S')
if release.deactivated_on else None),
}
return JsonResponse(data=response_content)
