def fitbit(request):
user = SupportRequest.target_user(request)
code = request.GET.get('code', None)
status = False
if code is not None:
status = healthdevice.fitbit_connect(user.client, code)
context = {
'provider': HealthDevice.ProviderType.FITBIT.value,
'status': status
}
return render(request, 'healthdevices/oauth2.html', context)
def dispatch(self, request, *args, **kwargs):
try:
user = SupportRequest.target_user(request)
sit = BulkInvestorTransfer.objects.exclude(approved=True).get(
from_advisor=user.advisor)
return HttpResponseRedirect(
"/advisor/support/forms/transfer/bulk/update/{0}".format(
sit.pk))
except ObjectDoesNotExist:
return super(AdvisorBulkInvestorTransferView,
self).dispatch(request, *args, **kwargs)
def under_armour(request):
user = SupportRequest.target_user(request)
code = request.GET.get('code', None)
status = False
if code is not None:
status = healthdevice.underarmour_connect(user.client, code)
context = {
'provider': HealthDevice.ProviderType.UNDERARMOUR.value,
'status': status
}
return render(request, 'healthdevices/oauth2.html', context)
def microsoft_health(request):
user = SupportRequest.target_user(request)
code = request.GET.get('code', None)
status = False
if code is not None:
status = healthdevice.microsofthealth_connect(user.client, code)
context = {
'provider': HealthDevice.ProviderType.MICROSOFT_HEALTH.value,
'status': status
}
return render(request, 'healthdevices/oauth2.html', context)
def post(self, request):
user = SupportRequest.target_user(self.request)
if user.is_client:
serializer = self.serializer_class(data=request.data)
serializer.is_valid(raise_exception=True)
request_advisor_support(
user, serializer.validated_data['url'],
serializer.validated_data.get('text', None))
return Response('ok', status=status.HTTP_200_OK)
else:
return Response('User is not a client',
status=status.HTTP_401_UNAUTHORIZED)
def selected_settings(self, request, pk=None, **kwargs):
goal = self.get_object()
if request.method == 'GET':
serializer = serializers.GoalSettingSerializer(
goal.selected_settings)
return Response(serializer.data)
with transaction.atomic(): # So both the log and change get committed.
sr_id = SupportRequest.get_current(request)
if request.method == 'POST':
check_state(Goal.State(goal.state), Goal.State.ACTIVE)
serializer = serializers.GoalSettingWritableSerializer(
data=request.data)
serializer.is_valid(raise_exception=True)
event = Event.SET_SELECTED_SETTINGS.log(
'{} {}'.format(self.request.method, self.request.path),
request.data,
user=request.user,
obj=goal,
support_request_id=sr_id)
# Write any event memo for the event. All the details are wrapped by the serializer.
serializer.write_memo(event)
settings = serializer.save(goal=goal)
# We use the read-only serializer to send the settings object, not the update serializer.
serializer = serializers.GoalSettingSerializer(settings)
headers = self.get_success_headers(serializer.data)
return Response(serializer.data,
status=status.HTTP_200_OK,
headers=headers)
elif request.method == 'PUT':
check_state(Goal.State(goal.state), Goal.State.ACTIVE)
settings = goal.selected_settings
event = Event.UPDATE_SELECTED_SETTINGS.log(
'{} {}'.format(self.request.method, self.request.path),
request.data,
user=request.user,
obj=goal,
support_request_id=sr_id)
serializer = serializers.GoalSettingWritableSerializer(
settings, data=request.data, partial=True)
serializer.is_valid(raise_exception=True)
# Write any event memo for the event. All the details are wrapped by the serializer.
serializer.write_memo(event)
settings = serializer.save(goal=goal)
# We use the read-only serializer to send the settings object, not the update serializer.
serializer = serializers.GoalSettingSerializer(settings)
headers = self.get_success_headers(serializer.data)
return Response(serializer.data,
status=status.HTTP_200_OK,
headers=headers)
def create_new_account(self, request):
client = SupportRequest.target_user(self.request).client
serializer = serializers.new_account_fabric(request.data)
if serializer.is_valid():
try:
account = serializer.save(request, client)
except ValidationError as e:
return Response({'error': e.detail},
status=status.HTTP_400_BAD_REQUEST)
return Response(
self.serializer_response_class(instance=account).data)
return Response({'error': serializer.errors},
status=status.HTTP_400_BAD_REQUEST)
def dispatch(self, request, *args, **kwargs):
user = SupportRequest.target_user(request)
try:
self.client = user.client
except AttributeError:
raise PermissionDenied()
self.is_advisor = self.request.session.get("is_advisor", False)
if request.method == "POST":
if not self.client.is_accepted:
raise PermissionDenied()
return super(ClientView, self).dispatch(request, *args, **kwargs)
def dispatch(self, request, *args, **kwargs):
client_pk = kwargs["pk"]
user = SupportRequest.target_user(request)
advisor = user.advisor
try:
client = advisor.clients.get(pk=client_pk)
except ObjectDoesNotExist:
raise PermissionDenied()
self.client = client
return super(AdvisorCreateNewAccountForExistingClientSelectAccountType,
self).dispatch(request, *args, **kwargs)
def perform_create(self, serializer):
"""
We don't allow users to create retirement plans for others... So we set the client from the URL and validate
the user has access to it.
:param serializer:
:return:
"""
user = SupportRequest.target_user(self.request)
client = Client.objects.filter_by_user(user).get(id=int(self.get_parents_query_dict()['client']))
if 'client' in serializer.validated_data:
if 'civil_status' in serializer.validated_data['client']:
client.civil_status = serializer.validated_data['client']['civil_status']
if 'smoker' in serializer.validated_data['client']:
client.smoker = serializer.validated_data['client']['smoker']
if 'drinks' in serializer.validated_data['client']:
client.drinks = serializer.validated_data['client']['drinks']
if 'height' in serializer.validated_data['client']:
client.height = serializer.validated_data['client']['height']
if 'weight' in serializer.validated_data['client']:
client.weight = serializer.validated_data['client']['weight']
if 'daily_exercise' in serializer.validated_data['client']:
client.daily_exercise = serializer.validated_data['client']['daily_exercise']
if 'home_value' in serializer.validated_data['client']:
client.home_value = serializer.validated_data['client']['home_value']
if 'home_growth' in serializer.validated_data['client']:
client.home_growth = serializer.validated_data['client']['home_growth']
if 'ss_fra_todays' in serializer.validated_data['client']:
client.ss_fra_todays = serializer.validated_data['client']['ss_fra_todays']
if 'ss_fra_retirement' in serializer.validated_data['client']:
client.ss_fra_retirement = serializer.validated_data['client']['ss_fra_retirement']
if 'state_tax_after_credits' in serializer.validated_data['client']:
client.state_tax_after_credits = serializer.validated_data['client']['state_tax_after_credits']
if 'state_tax_effrate' in serializer.validated_data['client']:
client.state_tax_effrate = serializer.validated_data['client']['state_tax_effrate']
if 'pension_name' in serializer.validated_data['client']:
client.pension_name = serializer.validated_data['client']['pension_name']
if 'pension_amount' in serializer.validated_data['client']:
client.pension_amount = serializer.validated_data['client']['pension_amount']
if 'pension_start_date' in serializer.validated_data['client']:
client.pension_start_date = serializer.validated_data['client']['pension_start_date']
if 'employee_contributions_last_year' in serializer.validated_data['client']:
client.employee_contributions_last_year = serializer.validated_data['client']['employee_contributions_last_year']
if 'employer_contributions_last_year' in serializer.validated_data['client']:
client.employer_contributions_last_year = serializer.validated_data['client']['employer_contributions_last_year']
if 'total_contributions_last_year' in serializer.validated_data['client']:
client.total_contributions_last_year = serializer.validated_data['client']['total_contributions_last_year']
client.save()
return serializer.save(client=client)
def withings(request):
user = SupportRequest.target_user(request)
oauth_verifier = request.GET.get('oauth_verifier', None)
status = False
if 'withings_oauth_token' in request.session and oauth_verifier is not None:
oauth_token = request.session.pop('withings_oauth_token')
oauth_secret = request.session.pop('withings_oauth_secret')
status = healthdevice.withings_connect(user.client, oauth_verifier,
oauth_token, oauth_secret)
context = {
'provider': HealthDevice.ProviderType.WITHINGS.value,
'status': status
}
return render(request, 'healthdevices/oauth2.html', context)
def put(self, request):
"""
---
# Swagger
request_serializer: serializers.UserUpdateSerializer
response_serializer: serializers.UserSerializer
"""
user = SupportRequest.target_user(request)
if user.is_support_staff:
sr = SupportRequest.get_current(self.request, as_obj=True)
user = sr.user
serializer = serializers.UserUpdateSerializer(user,
data=request.data,
partial=True,
context={
'request': request,
})
serializer.is_valid(raise_exception=True)
user = serializer.save()
data = self.serializer_class(user).data
if user.is_advisor:
role = 'advisor'
data['advisor'] = AdvisorSerializer(user.advisor).data
elif user.is_client:
role = 'client'
# If the user wants to update client details, they do it through the specific client endpoint.
data['client'] = ClientFieldSerializer(user.client).data
else:
raise PermissionDenied("User is not in the client or "
"advisor groups.")
data.update({'role': role})
return Response(data)
def get_queryset(self):
"""
Because this viewset can have a primary owner and signatories,
we don't use the queryset parsing features from NestedViewSetMixin as
it only allows looking at one field for the parent.
:return:
"""
qs = super(AccountBeneficiaryViewSet, self).get_queryset()
# show "permissioned" records only
user = SupportRequest.target_user(self.request)
qs.filter(
Q(account__primary_owner__user=user)
| Q(account__primary_owner__advisor__user=user))
return qs
def get(self, request):
user = SupportRequest.target_user(request)
serializer = None
if user.is_advisor:
serializer = self.serializer_class(user.advisor.firm)
elif user.is_authorised_representative:
serializer = self.serializer_class(user.authorised_representative.firm)
elif user.is_supervisor:
serializer = self.serializer_class(user.supervisor.firm)
elif user.is_client:
serializer = self.serializer_class(user.client.advisor.firm)
if serializer:
return Response(serializer.data)
else:
return self.permission_denied(request)
def joint_resend_email(self, request):
client = SupportRequest.target_user(self.request).client
account = ClientAccount.objects.get(
primary_owner=client, account_type=constants.ACCOUNT_TYPE_JOINT)
print(client.id, account.signatories.first())
cosignee = account.signatories.first()
jacm = JointAccountConfirmationModel.objects.get(account=account)
context = RequestContext(request, {
'confirmation': jacm,
})
render = curry(render_to_string, context=context)
cosignee.user.email_user(
render('email/client/joint-confirm/subject.txt').strip(),
message=render('email/client/joint-confirm/message.txt'),
html_message=render('email/client/joint-confirm/message.html'),
)
return Response('ok', status=status.HTTP_200_OK)
def deposit(self, request, pk=None, **kwargs):
goal = self.get_object()
check_state(Goal.State(goal.state), Goal.State.ACTIVE)
sr_id = SupportRequest.get_current(request)
Event.GOAL_DEPOSIT.log('{} {}'.format(request.method, request.path),
request.data,
user=request.user,
obj=goal,
support_request_id=sr_id)
serializer = serializers.TransactionCreateSerializer(data=request.data)
serializer.is_valid(raise_exception=True)
serializer.save(to_goal=goal, reason=Transaction.REASON_DEPOSIT)
headers = self.get_success_headers(serializer.data)
return Response(serializer.data,
status=status.HTTP_201_CREATED,
headers=headers)
def dispatch(self, request, *args, **kwargs):
user = SupportRequest.target_user(request)
try:
self.firm = user.authorised_representative.firm
except AttributeError:
raise PermissionDenied()
if request.method == "POST":
if not user.authorised_representative.is_accepted:
raise PermissionDenied()
response = super(LegalView, self).dispatch(request, *args, **kwargs)
if hasattr(response, 'context_data'):
response.context_data["profile"] = user.authorised_representative
response.context_data["firm"] = user.authorised_representative.firm
response.context_data["is_legal_view"] = True
return response
def create(self, validated_data):
request = self.context.get('request')
sr = SupportRequest.get_current(request, as_obj=True)
user, sr_id = (sr.user, sr.id) if sr else (request.user, None)
roa = super(RecordOfAdviceSerializer, self).create(validated_data)
Event.ROA_GENERATED.log('Record of Advice Generated',
user=request.user,
obj=roa,
support_request_id=sr_id)
goal = validated_data['goal']
client = goal.account.primary_owner
Notify.ADVISOR_CREATE_ROA.send(actor=user,
recipient=client.user,
action_object=roa,
target=goal)
return roa
def archive(self, request, pk=None, **kwargs):
"""
Override this method as we don't want to actually delete the goal,
just disable it.
:param instance: The goal to disable
:return: None
"""
goal = self.get_object()
# If I'm an advisor or the goal is unsupervised,
# archive the goal immediately.
sr = SupportRequest.get_current(request, as_obj=True)
# check helped user instead if support request is active
user, sr_id = (sr.user, sr.id) if sr else (request.user, None)
if not goal.account.supervised or user.is_advisor:
check_state(Goal.State(goal.state), [
Goal.State.ACTIVE, Goal.State.ARCHIVE_REQUESTED,
Goal.State.INACTIVE
])
Event.ARCHIVE_GOAL.log('{} {}'.format(request.method,
request.path),
user=request.user,
obj=goal,
support_request_id=sr_id)
# Set the state to archive requested,
# as the call to archive() requires it.
goal.state = Goal.State.ARCHIVE_REQUESTED.value
goal.archive()
else:
# I'm a client with a supervised goal, just change the status to
# ARCHIVE_REQUESTED, and add a notification
check_state(Goal.State(goal.state),
[Goal.State.ACTIVE, Goal.State.INACTIVE])
Event.ARCHIVE_GOAL_REQUESTED.log('{} {}'.format(
request.method, request.path),
user=request.user,
obj=goal,
support_request_id=sr_id)
# Flag the goal as archive requested.
goal.state = Goal.State.ARCHIVE_REQUESTED.value
# TODO: Add a notification to the advisor that the goal is archive requested.
goal.save()
return Response(serializers.GoalSerializer(goal).data)
def revert_selected(self, request, pk=None, **kwargs):
"""
Called to revert the current selected-settings to the approved-settings
Returns a validation error if there is no approved-settings.
"""
goal = self.get_object()
check_state(Goal.State(goal.state), Goal.State.ACTIVE)
if not goal.approved_settings:
raise ValidationError("No settings have yet been approved for "
"this Goal, cannot revert to last approved.")
sr_id = SupportRequest.get_current(request)
Event.REVERT_SELECTED_SETTINGS.log('{} {}'.format(
request.method, request.path),
user=request.user,
obj=goal,
support_request_id=sr_id)
goal.revert_selected()
serializer = serializers.GoalSettingSerializer(goal.selected_settings)
return Response(serializer.data)
def get_queryset(self):
qs = super(GoalViewSet, self).get_queryset()
# hide "slow" fields for list view
if self.action == 'list':
qs = qs.prefetch_related()
qs = qs.select_related('selected_settings')
qs = qs.exclude(state=Goal.State.ARCHIVED.value)
# show "permissioned" records only
user = SupportRequest.target_user(self.request)
if user.is_advisor:
qs = qs.filter_by_advisor(user.advisor)
elif user.is_client:
qs = qs.filter_by_client(user.client)
else:
raise PermissionDenied('Only Advisors or Clients are allowed '
'to access goals.')
return qs
def get_queryset(self):
"""
Because this viewset can have a primary owner and signatories,
we don't use the queryset parsing features from NestedViewSetMixin as
it only allows looking at one field for the parent.
:return:
"""
qs = super(AccountViewSet, self).get_queryset()
# show "permissioned" records only
user = SupportRequest.target_user(self.request)
if user.is_advisor:
qs = qs.filter_by_advisor(user.advisor)
elif user.is_client:
qs = qs.filter_by_client(user.client)
else:
raise PermissionDenied('Only Advisors or Clients '
'are allowed to access goals.')
return qs
def render(self, data, media_type=None, renderer_context=None):
"""
NB. be sure that settings.REST_FRAMEWORK contains:
'EXCEPTION_HANDLER': '...api_exception_handler',
"""
logger = logging.getLogger(__name__)
wrapper = {
'version': '2',
'data': {},
'meta': {},
}
# move error to the root level
if hasattr(data, 'get') and data.get('error'):
wrapper['error'] = data['error']
del data['error']
if data is not None:
wrapper['data'] = data
try:
response = renderer_context['response']
request = renderer_context['request']
if 200 <= response.status_code < 400:
meta = {}
session_expire = SessionExpire(request)
meta['session_expires_on'] = session_expire.expire_time()
sr = SupportRequest.get_current(request, as_obj=True)
if sr:
meta['support_request'] = {
'ticket': sr.ticket,
'user': UserSerializer(instance=sr.user).data,
}
wrapper['meta'] = meta
except (TypeError, KeyError) as e:
logger.error("Missing parameteres (%s)", e)
return super(ApiRenderer, self).render(wrapper, media_type,
renderer_context)
def get(self, request, pk):
user = SupportRequest.target_user(request)
serializer = None
if user.is_advisor:
if user.advisor.firm.pk == int(pk):
serializer = self.serializer_class(user.advisor.firm)
elif user.is_authorised_representative:
if user.authorised_representative.firm.pk == int(pk):
serializer = self.serializer_class(
user.authorised_representative.firm)
elif user.is_supervisor:
if user.supervisor.firm.pk == int(pk):
serializer = self.serializer_class(user.supervisor.firm)
elif user.is_client:
# make sure user is a client of the requested firm
if user.client.advisor.firm.pk == int(pk):
serializer = self.serializer_class(user.client.advisor.firm)
if serializer:
return Response(serializer.data)
return self.permission_denied(request)
def dispatch(self, request, *args, **kwargs):
client_pk = kwargs["pk"]
account_class = request.POST.get("account_type", request.GET.get("account_type", None))
if account_class is None:
account_class = request.POST.get("account_class", request.GET.get("account_class", None))
if account_class not in ["joint_account", "trust_account"]:
raise http.Http404()
user = SupportRequest.target_user(request)
advisor = user.advisor
try:
client = advisor.clients.get(pk=client_pk)
except ObjectDoesNotExist:
raise PermissionDenied()
self.client = client
self.account_class = account_class
return super(AdvisorCreateNewAccountForExistingClient, self).dispatch(request, *args, **kwargs)
def __init__(self, *args, **kwargs):
super(GoalCreateSerializer, self).__init__(*args, **kwargs)
# request-based validation
request = self.context.get('request')
if not request:
return # for swagger's dummy calls only
user = SupportRequest.target_user(request)
# experimental / for advisors
if user.is_advisor:
self.fields['account'].queryset = \
self.fields['account'].queryset.filter_by_advisor(user.advisor)
# experimental / for clients
# TEMP set default account
if user.is_client:
self.fields['account'].required = False
self.fields['account'].default = user.client.accounts.all().first()
self.fields['account'].queryset = \
self.fields['account'].queryset.filter_by_client(user.client)
def approve_selected(self, request, pk=None, **kwargs):
"""
Called to make the currently selected settings approved by the advisor,
ready to be activated next time the account is processed (rebalance).
"""
sr = SupportRequest.get_current(request, as_obj=True)
# check helped user instead if support request is active
user, sr_id = (sr.user, sr.id) if sr else (request.user, None)
if not user.is_advisor:
raise PermissionDenied('Only an advisor can approve selections.')
goal = self.get_object()
check_state(Goal.State(goal.state), Goal.State.ACTIVE)
Event.APPROVE_SELECTED_SETTINGS.log('{} {}'.format(
request.method, request.path),
user=request.user,
obj=goal,
support_request_id=sr_id)
goal.approve_selected()
serializer = serializers.GoalSettingSerializer(goal.approved_settings)
return Response(serializer.data)
def withdraw(self, request, pk=None, **kwargs):
goal = self.get_object()
check_state(Goal.State(goal.state), Goal.State.ACTIVE)
sr_id = SupportRequest.get_current(request)
Event.GOAL_WITHDRAWAL.log('{} {}'.format(request.method, request.path),
request.data,
user=request.user,
obj=goal,
support_request_id=sr_id)
serializer = serializers.TransactionCreateSerializer(data=request.data)
serializer.is_valid(raise_exception=True)
# Make sure the total amount for the goal is larger than the pending withdrawal amount.
if goal.current_balance + 0.0000001 < serializer.validated_data[
'amount']:
emsg = "Goal's current balance: {} is less than the desired withdrawal amount: {}"
raise SystemConstraintError(
emsg.format(goal.current_balance,
serializer.validated_data['amount']))
serializer.save(from_goal=goal, reason=Transaction.REASON_WITHDRAWAL)
headers = self.get_success_headers(serializer.data)
return Response(serializer.data,
status=status.HTTP_201_CREATED,
headers=headers)
def get_queryset(self):
qs = super(ExternalAssetViewSet, self).get_queryset()
# Only return assets which the user has access to.
user = SupportRequest.target_user(self.request)
return qs.filter_by_user(user)
def get_queryset(self):
qs = super(ClientViewSet, self).get_queryset()
# Only return Clients the user has access to.
user = SupportRequest.target_user(self.request)
return qs.filter_by_user(user)
