def post(self, request):
user = request.user
target_user = MyUser.objects.filter(id=user.id, user_type=MyUser.MERCHANT, is_active=True).exclude(username=MyUser.ANON).first()
if not target_user:
return render(request, "error.html", {
'err': "You cannot add client accounts"
})
form = PaymentAccountsForm(request.POST)
if form.is_valid():
acc_number = form.cleaned_data['account_number']
account = get_account_from_number(acc_number)
if check_same_user_account(target_user.id, acc_number):
return render(request, 'error.html', {
'err': 'Please don\'t enter your own accounts.',
})
if check_duplicate(target_user.id, acc_number):
return render(request, 'error.html', {
'err': 'Account exists in your list',
})
form = CreateRequestForm(data={
'request_type': UserRequest.CREATE,
'model_type': UserRequest.ACCOUNT,
})
if form.is_valid():
user_request = form.save(commit=False)
user_request.from_user = target_user
user_request.to_user = account.user
user_request.account_obj = account
if CommonHelpers.is_request_duplicate(user_request):
messages.warning(request, 'Request Already Sent')
return HttpResponseRedirect(reverse('app:HomeView'))
user_request.save()
messages.success(request, 'Request Sent To %s' % user_request.to_user)
logger.info("Request for new adding client account %s sent by %s", str(account.user.username), str(target_user.username))
return HttpResponseRedirect(reverse('app:HomeView'))
else:
return render(request, "error.html", {
'err': "Request could not be sent"
})
return render(request, 'form_template.html', {
'title': 'User Accounts',
'form': form,
})
def post(self, request, user_id):
user = request.user
target_user = MyUser.objects.filter(
id=user_id, is_active=True).exclude(username=MyUser.ANON).exclude(
user_type=MyUser.ADMIN).first()
if not target_user:
return render(request, 'error.html', {
'err': 'You do not have permissions to view this',
})
if user.is_internal_user() and not user.is_admin():
send_request_to = user.assigned_to
form = RequestForm(
data={
'to_user': send_request_to.id,
'request_type': UserRequest.READ,
'model_type': UserRequest.USER,
'for_url': request.build_absolute_uri(),
})
if form.is_valid():
user_request = form.save(commit=False)
user_request.from_user = user
user_request.user_obj = target_user
if CommonHelpers.is_request_duplicate(user_request):
messages.warning(request, 'Request Already Sent')
return HttpResponseRedirect(reverse('app:HomeView'))
user_request.save()
messages.success(request,
'Request Sent To %s' % user_request.to_user)
logger.info("User Profile View Request sent by %s for %s",
str(user.username), str(target_user.username))
return HttpResponseRedirect(reverse('app:HomeView'))
return render(request, 'form_template.html', {
'title': 'Request For Access',
'form': form,
'readonly': True,
})
else:
return render(request, 'error.html', {
'err': 'You do not have permissions for this',
})
def post(self, request, user_id):
user = request.user
if CommonHelpers.is_int_equal(user.id,
user_id) and not user.is_internal_user():
form = CreateRequestForm(
data={
'request_type': UserRequest.CREATE,
'model_type': UserRequest.ACCOUNT,
})
if form.is_valid():
user_request = form.save(commit=False)
user_request.from_user = user
user_request.to_user = user.assigned_to
if CommonHelpers.is_request_duplicate(user_request):
messages.warning(request, 'Request Already Sent')
return HttpResponseRedirect(reverse('app:HomeView'))
user_request.save()
messages.success(request,
'Request Sent To %s' % user_request.to_user)
logger.info("Request for new account sent by %s",
str(user.username))
return HttpResponseRedirect(reverse('app:HomeView'))
return render(request, 'form_template.html', {
'title': 'Add Account',
'form': form,
'readonly': True,
})
else:
return render(request, 'error.html', {
'err': 'You do not have permissions to view this',
})
def post(self, request):
user = request.user
if user.is_admin():
form = UserDeleteForm(request.POST)
if form.is_valid():
target_user = form.cleaned_data['user']
if UserHelpers.safely_delete_user(target_user):
messages.success(request, 'User Deleted')
logger.info('User %s deleted by %s',
str(target_user.username), str(user.username))
return HttpResponseRedirect(reverse('app:HomeView'))
else:
return render(request, 'error.html', {
'err': 'User could not be deleted',
})
return render(request, 'form_template.html', {
'title': 'Delete User',
'form': form,
})
elif not user.is_internal_user():
form = VerifyOTPForm(request, data=request.POST)
if form.is_valid():
send_request_to = user.assigned_to
form = RequestForm(
data={
'to_user': send_request_to.id,
'request_type': UserRequest.DELETE,
'model_type': UserRequest.USER,
})
if form.is_valid():
user_request = form.save(commit=False)
user_request.from_user = user
user_request.user_obj = user
if CommonHelpers.is_request_duplicate(user_request):
messages.warning(request, 'Request Already Sent')
return HttpResponseRedirect(reverse('app:HomeView'))
user_request.save()
messages.success(
request, 'Request Sent To %s' % user_request.to_user)
logger.info("User Delete Request sent by %s for %s to %s",
str(user.username), str(user.username),
str(user_request.to_user))
return HttpResponseRedirect(reverse('app:HomeView'))
else:
return render(request, 'error.html', {
'err': 'User could not be deleted',
})
else:
messages.error(request, 'Incorrect OTP')
return HttpResponseRedirect(reverse('app:HomeView'))
else:
return render(request, 'error.html', {
'err': 'You do not have permissions for this.',
})
def post(self, request, user_id):
user = request.user
target_user = MyUser.objects.filter(
id=user_id, is_active=True).exclude(username=MyUser.ANON).exclude(
user_type=MyUser.ADMIN).first()
if not target_user:
return render(request, 'error.html', {
'err': 'You do not have permissions to view this',
})
if user.is_admin():
form = EditUserProfileForm(data=request.POST, user_id=user_id)
if form.is_valid():
edit_user = form.save(commit=False)
edit_user.user = target_user
edit_user.save()
UserHelpers.update_user_from_edited_version(edit_user)
messages.success(request, 'User Successfully Updated')
logger.info("User Profile Edited by %s for %s",
str(user.username), str(target_user.username))
return HttpResponseRedirect(reverse('app:HomeView'))
return render(request, 'form_template.html', {
'title': 'Edit User Profile',
'form': form,
})
elif user.has_perm('edit_user',
target_user) or CommonHelpers.is_int_equal(
user_id, user.id):
remove_perm('edit_user', user, target_user)
form = EditUserProfileForm(data=request.POST, user_id=user_id)
if form.is_valid():
edit_user = form.save(commit=False)
edit_user.user = target_user
edit_user.save()
send_request_to = user.get_assigned_admin()
form = RequestForm(
data={
'to_user': send_request_to.id,
'request_type': UserRequest.COMPLETE_UPDATE,
'model_type': UserRequest.USER,
'for_url': request.build_absolute_uri(),
})
if form.is_valid():
user_request = form.save(commit=False)
user_request.from_user = user
user_request.user_obj = target_user
if CommonHelpers.is_request_duplicate(user_request):
messages.warning(request, 'Request Already Sent')
return HttpResponseRedirect(reverse('app:HomeView'))
user_request.save()
messages.success(
request, 'Request Sent To %s' % user_request.to_user)
logger.info(
"User Profile Edit Request sent by %s for %s to %s",
str(user.username), str(target_user.username),
str(user_request.to_user))
return HttpResponseRedirect(reverse('app:HomeView'))
return render(request, 'form_template.html', {
'title': 'Edit User Profile',
'form': form,
})
elif user.is_internal_user() and not target_user.is_internal_user():
send_request_to = user.assigned_to
form = RequestForm(
data={
'to_user': send_request_to.id,
'request_type': UserRequest.UPDATE,
'model_type': UserRequest.USER,
'for_url': request.build_absolute_uri(),
})
if form.is_valid():
user_request = form.save(commit=False)
user_request.from_user = user
user_request.user_obj = target_user
if CommonHelpers.is_request_duplicate(user_request):
messages.warning(request, 'Request Already Sent')
return HttpResponseRedirect(reverse('app:HomeView'))
user_request.save()
messages.success(request,
'Request Sent To %s' % user_request.to_user)
logger.info(
"User Profile Edit Access Request sent by %s for %s to %s",
str(user.username), str(target_user.username),
str(user_request.to_user))
return HttpResponseRedirect(reverse('app:HomeView'))
return render(request, 'form_template.html', {
'title': 'Request For Access',
'form': form,
'readonly': True,
})
else:
return render(request, 'error.html', {
'err': 'You do not have permissions to view this',
})
def post(self, request, transaction_id):
user = request.user
if user.is_internal_user():
transaction = Transaction.objects.filter(id=transaction_id, is_approved=False).select_for_update().first()
if 'Approve' in request.POST:
approve_transaction = True
elif 'Decline' in request.POST:
approve_transaction = False
else:
transaction = Transaction.objects.filter(id=transaction_id).first()
if transaction is None:
return render(request, 'error.html', {
'err': 'Transaction does not exist.',
})
request_admin = False
if 'Request Admin' in request.POST:
request_admin = True
send_request_to = transaction.created_by
if request_admin and not user.is_admin():
send_request_to = user.get_assigned_admin()
form = RequestForm(data={
'to_user': send_request_to.id,
'request_type': UserRequest.READ,
'model_type': UserRequest.TRANSACTION,
'for_url': request.build_absolute_uri(),
})
if form.is_valid():
user_request = form.save(commit=False)
user_request.from_user = user
user_request.transaction_obj = transaction
if CommonHelpers.is_request_duplicate(user_request):
messages.warning(request, 'Request Already Sent')
return HttpResponseRedirect(reverse('app:HomeView'))
user_request.save()
messages.success(request, 'Request Sent To %s' % user_request.to_user)
logger.info("Request to view transaction created by %s", str(user.username))
return HttpResponseRedirect(reverse('app:HomeView'))
return render(request, 'form_template.html', {
'title': 'Request For Access',
'form': form,
'readonly': True,
'extra_btn_title': 'Request Admin',
})
if transaction is None:
return render(request, 'error.html', {
'err': 'Transaction already resolved.'
})
verified_to_transact = False
if transaction.is_risky():
if transaction.created_by.get_assigned_manager() == user or user.is_admin():
verified_to_transact = True
else:
if transaction.created_by.assigned_to == user or user.is_admin():
verified_to_transact = True
elif transaction.created_by.get_assigned_manager() == user and user.has_perm('read_transaction', transaction):
remove_perm('read_transaction', user, transaction)
verified_to_transact = True
if verified_to_transact:
# PKI Verify
pki_token = request.POST.get('pki_token', None)
internal_pki_token = request.session.get(self.INTERNAL_PKI_TOKEN, None)
if pki_token is None or internal_pki_token is None:
return render(request, 'error.html', {
'err': 'PKI Verification Failed. Try to reset your PKI and try again.'
})
if PKIHelpers.verify_pki(pki_token, internal_pki_token):
print('PKI Verified')
else:
return render(request, 'error.html', {
'err': 'PKI Verification Failed. Try to reset your PKI and try again.'
})
extra_form = TransactionForms.VerifyOTPForm(request, data=request.POST)
if extra_form.is_valid():
pass
else:
messages.error(request, 'Incorrect OTP')
return HttpResponseRedirect(reverse('app:TransactionPending'))
if approve_transaction:
# Perform Transaction
if TransactionHelpers.perform_transaction(transaction):
with db_transaction.atomic():
transaction = Transaction.objects.filter(id=transaction.id, is_approved=False).select_for_update().first()
if transaction:
transaction.approve(user)
transaction.complete()
else:
return render(request, 'error.html', {
'err': 'Action could not be completed',
})
# Remove view permissions from manager when not approved by them
if transaction.created_by.get_assigned_manager().has_perm('read_transaction', transaction):
remove_perm('read_transaction', transaction.created_by.get_assigned_manager(), transaction)
CommonHelpers.send_transaction_complete_mail(transaction)
messages.success(request, 'Transaction Approved')
logger.info("Transaction %s from %s to %s for amount %s approved by %s", str(transaction.id), str(transaction.from_account), str(transaction.to_account), str(transaction.amount), str(user.username))
return HttpResponseRedirect(reverse('app:TransactionPending'))
else:
return render(request, 'error.html', {
'err': 'This transaction cannot be completed because of low balance or is already completed.',
})
else:
# Decline Transaction
if not transaction.is_approved:
if TransactionHelpers.delete_transaction(transaction):
CommonHelpers.send_transaction_declined_mail(transaction)
messages.success(request, 'Transaction Declined')
logger.info("Transaction %s declined by : %s", str(transaction.id), str(user.username))
return HttpResponseRedirect(reverse('app:TransactionPending'))
return render(request, 'error.html', {
'err': 'Transaction cannot be declined because it is already approved.',
})
return render(request, 'error.html', {
'err': 'You do not have permission for this.',
})
