def post(self, request, uidb1, uidb2, token): INTERNAL_RESET_URL_TOKEN = 'approve-request' INTERNAL_RESET_SESSION_TOKEN = '_approve_request_token' try: uid = force_text(urlsafe_base64_decode(uidb1)) from_user = MyUser.objects.get(pk=uid) except (TypeError, ValueError, OverflowError, MyUser.DoesNotExist): from_user = None try: uid = force_text(urlsafe_base64_decode(uidb2)) target_user = MyUser.objects.get(pk=uid) except (TypeError, ValueError, OverflowError, MyUser.DoesNotExist): target_user = None if from_user is not None and target_user is not None: pii_obj = PII.objects.filter(user=target_user).first() pii_token_generator = PIITokenGenerator(pii_obj) if token == INTERNAL_RESET_URL_TOKEN: session_token = self.request.session.get( INTERNAL_RESET_SESSION_TOKEN) if pii_token_generator.check_token(from_user, session_token): if pii_obj: user_request = UserRequest( from_user=from_user, request_type=UserRequest.READ, model_type=UserRequest.PII_ACCESS, pii_obj=pii_obj, ) if UserHelpers.assign_permissions(user_request): CommonHelpers.send_request_approval_mail( user_request) messages.success(request, 'Request Approved') logger.info( "PII request of %s approved by Government for %s", str(user_request.from_user), str(target_user.username)) return HttpResponseRedirect( reverse('app:HomeView')) else: return render( request, 'error.html', { 'err': 'Action could not be completed', }) else: return render(request, 'error.html', { 'err': 'User has not entered PII.', }) else: if pii_token_generator.check_token(from_user, token): self.request.session[INTERNAL_RESET_SESSION_TOKEN] = token redirect_url = self.request.path.replace( token, INTERNAL_RESET_URL_TOKEN) return HttpResponseRedirect(redirect_url) return render(request, 'error.html', {'err': 'Invalid Link. You Hacker.'})
def post(self, request, user_request_id): user = request.user # Takes care of case that user == user_request.to_user user_request = UserHelpers.get_user_request_to_user_using_id( user_request_id, user) if user_request: if 'Approve' in request.POST: approve_request = True elif 'Decline' in request.POST: approve_request = False else: return render(request, 'error.html', {'err': 'You did something wrong, bro.'}) if user_request.is_approved: return render(request, 'error.html', { 'err': 'Request Already Approved', }) if approve_request: if UserHelpers.assign_permissions(user_request): user_request.approve(user) CommonHelpers.send_request_approval_mail(user_request) messages.success(request, 'Request Approved') # Intermediate Delete Request if user_request.request_type == UserRequest.DELETE and user_request.model_type == UserRequest.USER: messages.success( request, 'Request Sent To %s' % str(user_request.to_user.get_assigned_admin())) # Delete completed if user_request.request_type == UserRequest.COMPLETE_DELETE and user_request.model_type == UserRequest.USER: logger.info('User %s deleted by %s', str(user_request.user_obj.username), str(user_request.to_user.username)) logger.info("User request %s approved by %s ", user_request.__str__(), str(user.username)) return HttpResponseRedirect( reverse('app:UserRequestsReceivedView')) return render(request, 'error.html', { 'err': 'Request could not be approved', }) else: if not user_request.is_approved: UserHelpers.delete_request(user_request) CommonHelpers.send_request_declined_mail(user_request) messages.success(request, 'Request Declined') logger.info("User request %s declined by %s", user_request.__str__(), str(user.username)) return HttpResponseRedirect( reverse('app:UserRequestsReceivedView')) else: return render( request, 'error.html', { 'err': 'Request cannot be declined because it is already approved.', }) return render(request, 'error.html', { 'err': 'Does not exist', })