def _inner(request, domain, *args, **kwargs): if toggles.DISABLE_WEB_APPS.enabled_for_request(request): apps_in_domain = get_apps_in_domain(domain) if (len(apps_in_domain) == 1): app_or_domain_name = apps_in_domain[0].name else: app_or_domain_name = domain context = { "app_or_domain_name": app_or_domain_name, "is_superuser": hasattr(request, "couch_user") and request.couch_user.is_superuser } return render(request, "cloudcare/web_apps_disabled.html", context) if hasattr(request, "couch_user"): if request.couch_user.is_web_user(): return require_permission( Permissions.access_web_apps)(view_func)(request, domain, *args, **kwargs) else: assert request.couch_user.is_commcare_user(), \ "user was neither a web user or a commcare user!" return login_and_domain_required(view_func)(request, domain, *args, **kwargs) return login_and_domain_required(view_func)(request, domain, *args, **kwargs)
class DataSetMapCreateView(BaseCreateView, BaseProjectSettingsView): urlname = 'dataset_map_create_view' page_title = _('DataSet Map') template_name = 'dhis2/dataset_map_create.html' model = SQLDataSetMap form_class = DataSetMapForm @method_decorator(require_permission(Permissions.edit_motech)) @method_decorator(toggles.DHIS2_INTEGRATION.required_decorator()) @use_jquery_ui # for datepicker def dispatch(self, request, *args, **kwargs): return super().dispatch(request, *args, **kwargs) def get_queryset(self): return super().get_queryset().filter(domain=self.domain) def get_form_kwargs(self): kwargs = super().get_form_kwargs() kwargs['domain'] = self.domain return kwargs def get_success_url(self): return reverse( DataSetMapListView.urlname, kwargs={'domain': self.domain}, )
class DomainForwardingOptionsView(BaseAdminProjectSettingsView): urlname = 'domain_forwarding' page_title = ugettext_lazy("Data Forwarding") template_name = 'repeaters/repeaters.html' @method_decorator(require_permission(Permissions.edit_motech)) def dispatch(self, request, *args, **kwargs): return super(BaseProjectSettingsView, self).dispatch(request, *args, **kwargs) @property def repeater_types_info(self): return [ RepeaterTypeInfo(r.__name__, r.friendly_name, r._has_config, r.by_domain(self.domain)) for r in get_all_repeater_types().values() if r.available_for_domain(self.domain) ] @property def page_context(self): return { 'repeater_types_info': self.repeater_types_info, 'pending_record_count': RepeatRecord.count(self.domain), 'user_can_configure': (self.request.couch_user.is_superuser or self.request.couch_user.can_edit_motech() or toggles.IS_CONTRACTOR.enabled(self.request.couch_user.username)) }
class BiometricIntegrationView(BaseAdminProjectSettingsView): urlname = 'biometric_integration' page_title = ugettext_lazy("Biometric Integration") template_name = 'integration/biometric.html' @method_decorator(require_permission(Permissions.edit_motech)) @method_decorator(toggles.BIOMETRIC_INTEGRATION.required_decorator()) def dispatch(self, request, *args, **kwargs): return super(BiometricIntegrationView, self).dispatch(request, *args, **kwargs) @property @memoized def simprints_form(self): data = self.request.POST if self.request.method == 'POST' else None return SimprintsIntegrationForm(data, domain=self.domain) @property def page_context(self): return {'simprints_form': self.simprints_form} def post(self, request, *args, **kwargs): if self.simprints_form.is_valid(): self.simprints_form.save() messages.success( request, _("Biometric Integration settings have been updated.")) else: messages.error( request, _("Could not update Biometric Integration settings.")) return self.get(request, *args, **kwargs)
class DomainForwardingOptionsView(BaseAdminProjectSettingsView): urlname = 'domain_forwarding' page_title = ugettext_lazy("Data Forwarding") template_name = 'repeaters/repeaters.html' @method_decorator(require_permission(Permissions.edit_motech)) def dispatch(self, request, *args, **kwargs): return super(BaseProjectSettingsView, self).dispatch(request, *args, **kwargs) @property def repeaters(self): return [(r.__name__, r.by_domain(self.domain), r.friendly_name, r.get_custom_url(self.domain)) for r in get_all_repeater_types().values() if r.available_for_domain(self.domain)] @property def page_context(self): return { 'repeaters': self.repeaters, 'pending_record_count': RepeatRecord.count(self.domain), 'gefingerpoken': ( # Set gefingerpoken_ to whether the user should be allowed to change MOTECH configuration. # .. _gefingerpoken: https://en.wikipedia.org/wiki/Blinkenlights self.request.couch_user.is_superuser or self.request.couch_user.can_edit_motech() or toggles.IS_CONTRACTOR.enabled( self.request.couch_user.username)) }
class BaseMultimediaView(ApplicationViewMixin, BaseSectionPageView): @method_decorator( require_permission(Permissions.edit_apps, login_decorator=login_and_domain_required)) def dispatch(self, request, *args, **kwargs): return super(BaseMultimediaView, self).dispatch(request, *args, **kwargs)
class DomainForwardingOptionsView(BaseAdminProjectSettingsView): urlname = 'domain_forwarding' page_title = ugettext_lazy("Data Forwarding") template_name = 'repeaters/repeaters.html' @method_decorator(require_permission(Permissions.edit_motech)) def dispatch(self, request, *args, **kwargs): return super(BaseProjectSettingsView, self).dispatch(request, *args, **kwargs) @property def repeaters(self): return [(r.__name__, r.by_domain(self.domain), r.friendly_name, r.get_custom_url(self.domain)) for r in get_all_repeater_types().values() if r.available_for_domain(self.domain)] @property def page_context(self): return { 'repeaters': self.repeaters, 'pending_record_count': RepeatRecord.count(self.domain), 'gefingerpoken': self.request.couch_user.is_superuser or toggles.IS_DEVELOPER.enabled(self.request.couch_user.username) }
def _inner(request, domain, *args, **kwargs): if toggles.DISABLE_WEB_APPS.enabled_for_request(request): message = 'Service Temporarily Unavailable' is_superuser = hasattr( request, "couch_user") and request.couch_user.is_superuser if is_superuser or toggles.SUPPORT.enabled_for_request( request): message += " (due to 'disable_web_apps' feature flag)" return HttpResponse(message, content_type='text/plain', status=503) if hasattr(request, "couch_user"): if request.couch_user.is_web_user(): return require_permission( Permissions.access_web_apps)(view_func)(request, domain, *args, **kwargs) else: assert request.couch_user.is_commcare_user(), \ "user was neither a web user or a commcare user!" return login_and_domain_required(view_func)(request, domain, *args, **kwargs) return login_and_domain_required(view_func)(request, domain, *args, **kwargs)
class BaseMultimediaView(ApplicationViewMixin, View): @method_decorator( require_permission(Permissions.edit_apps, login_decorator=login_with_permission_from_post())) def dispatch(self, request, *args, **kwargs): return super(BaseMultimediaView, self).dispatch(request, *args, **kwargs)
def require_can_edit_or_view_locations(view_fn): """Decorator verifying that the user has permission to edit and view individual locations.""" return locations_access_required( require_permission('edit_locations', view_only_permission='view_locations')(view_fn) )
def is_authenticated(self, request, **kwargs): wrappers = [ require_permission( self.permission, login_decorator=self._get_auth_decorator(request)), api_auth, ] return self._auth_test(request, wrappers=wrappers, **kwargs)
def _inner(request, domain, *args, **kwargs): if hasattr(request, "couch_user"): if request.couch_user.is_web_user(): return require_permission(Permissions.edit_data)(view_func)(request, domain, *args, **kwargs) else: assert request.couch_user.is_commcare_user(), \ "user was neither a web user or a commcare user!" return login_and_domain_required(view_func)(request, domain, *args, **kwargs) return login_and_domain_required(view_func)(request, domain, *args, **kwargs)
def is_authenticated(self, request, **kwargs): return self._auth_test( request, wrappers=[ self._get_auth_decorator(request), api_auth, require_permission( 'access_api', login_decorator=self._get_auth_decorator(request)), ], **kwargs)
def _inner(request, domain, *args, **kwargs): if toggles.RESTRICT_MOBILE_ACCESS.enabled(domain): origin_token = request.META.get(ORIGIN_TOKEN_HEADER, None) if origin_token: if _test_token_valid(origin_token): return fn(request, domain, *args, **kwargs) else: return HttpResponseForbidden() return require_permission(Permissions.access_mobile_endpoints)(fn)( request, domain, *args, **kwargs) return fn(request, domain, *args, **kwargs)
class DeprecatedODataFormMetadataView(View): urlname = 'odata_form_meta' @method_decorator(basic_auth_or_try_api_key_auth) @method_decorator( require_permission(Permissions.edit_data, login_decorator=None)) @method_decorator(toggles.ODATA.required_decorator()) def get(self, request, domain, app_id): xmlns_to_properties = get_xmlns_to_properties(domain, app_id) metadata = render_to_string('api/odata_form_metadata.xml', { 'xmlns_to_properties': xmlns_to_properties, }) return add_odata_headers( HttpResponse(metadata, content_type='application/xml'))
class ODataFormMetadataView(View): urlname = 'odata_form_metadata_from_export_instance' @method_decorator(basic_auth_or_try_api_key_auth) @method_decorator( require_permission(Permissions.edit_data, login_decorator=None)) @method_decorator(toggles.ODATA.required_decorator()) def get(self, request, domain, config_id): config = get_document_or_404(FormExportInstance, domain, config_id) metadata = render_to_string( 'api/form_odata_metadata.xml', { 'fields': get_case_odata_fields_from_config(config), }) return add_odata_headers( HttpResponse(metadata, content_type='application/xml'))
def _inner(request, domain, *args, **kwargs): if Domain.get_by_name(domain).restrict_mobile_access: origin_token = request.META.get(ORIGIN_TOKEN_HEADER, None) if origin_token: if _test_token_valid(origin_token): return fn(request, domain, *args, **kwargs) else: auth_logger.info( "Request rejected domain=%s reason=%s request=%s", domain, "flag:mobile_access_restricted", request.path) return HttpResponseForbidden() return require_permission(Permissions.access_mobile_endpoints)(fn)( request, domain, *args, **kwargs) return fn(request, domain, *args, **kwargs)
def _inner(request, domain, *args, **kwargs): if DISABLE_WEB_APPS.enabled_for_request(request): return HttpResponse('Service Temporarily Unavailable', content_type='text/plain', status=503) if hasattr(request, "couch_user"): if request.couch_user.is_web_user(): return require_permission( Permissions.access_web_apps)(view_func)(request, domain, *args, **kwargs) else: assert request.couch_user.is_commcare_user(), \ "user was neither a web user or a commcare user!" return login_and_domain_required(view_func)(request, domain, *args, **kwargs) return login_and_domain_required(view_func)(request, domain, *args, **kwargs)
class ConnectionSettingsDetailView(BaseProjectSettingsView, ModelFormMixin, ProcessFormView): urlname = 'connection_settings_detail_view' page_title = _('Connection Settings') template_name = 'motech/connection_settings_detail.html' model = ConnectionSettings form_class = ConnectionSettingsForm @method_decorator(require_permission(Permissions.edit_motech)) def dispatch(self, request, *args, **kwargs): if (toggles.INCREMENTAL_EXPORTS.enabled_for_request(request) or has_privilege(request, privileges.DATA_FORWARDING)): return super().dispatch(request, *args, **kwargs) raise Http404() def get_queryset(self): return super().get_queryset().filter(domain=self.domain) def get(self, request, *args, **kwargs): # Allow us to update if 'pk' is given in the URL, otherwise create self.object = self.get_object( ) if self.pk_url_kwarg in self.kwargs else None return super().get(request, *args, **kwargs) def post(self, request, *args, **kwargs): self.object = self.get_object( ) if self.pk_url_kwarg in self.kwargs else None return super().post(request, *args, **kwargs) def get_form_kwargs(self): kwargs = super().get_form_kwargs() kwargs['domain'] = self.domain return kwargs def get_success_url(self): return reverse( ConnectionSettingsListView.urlname, kwargs={'domain': self.domain}, ) def form_valid(self, form): form.save() return super().form_valid(form)
class ODataFormServiceView(View): urlname = 'odata_form_service_from_export_instance' @method_decorator(basic_auth_or_try_api_key_auth) @method_decorator( require_permission(Permissions.edit_data, login_decorator=None)) @method_decorator(toggles.ODATA.required_decorator()) def get(self, request, domain): service_document_content = { '@odata.context': absolute_reverse(ODataFormMetadataView.urlname, args=[domain]), 'value': [{ 'name': config.get_id, 'kind': 'EntitySet', 'url': config.get_id, } for config in get_odata_form_configs_by_domain(domain)] } return add_odata_headers(JsonResponse(service_document_content))
class ODataFormMetadataView(View): urlname = 'odata_form_metadata_from_export_instance' @method_decorator(basic_auth_or_try_api_key_auth) @method_decorator( require_permission(Permissions.edit_data, login_decorator=None)) @method_decorator(toggles.ODATA.required_decorator()) def get(self, request, domain): configs = get_odata_form_configs_by_domain(domain) config_ids_to_properties = OrderedDict() for config in configs: config_ids_to_properties[ config.get_id] = get_form_odata_fields_from_config(config) metadata = render_to_string( 'api/form_odata_metadata.xml', { 'config_ids_to_properties': config_ids_to_properties, }) return add_odata_headers( HttpResponse(metadata, content_type='application/xml'))
class DeprecatedODataCaseServiceView(View): urlname = 'odata_case_service' @method_decorator(basic_auth_or_try_api_key_auth) @method_decorator( require_permission(Permissions.edit_data, login_decorator=None)) @method_decorator(toggles.ODATA.required_decorator()) def get(self, request, domain): data = { '@odata.context': absolute_reverse(DeprecatedODataCaseMetadataView.urlname, args=[domain]), 'value': [{ 'name': case_type, 'kind': 'EntitySet', 'url': case_type, } for case_type in get_case_types_for_domain_es(domain)] } return add_odata_headers(JsonResponse(data))
class ReportBuilderView(BaseDomainView): @method_decorator(require_permission(Permissions.edit_data)) @cls_to_view_login_and_domain @use_select2 @use_daterangepicker @use_datatables def dispatch(self, request, *args, **kwargs): if has_report_builder_access(request): return super(ReportBuilderView, self).dispatch(request, *args, **kwargs) else: raise Http404 @property def section_name(self): return _("Report Builder") @property def section_url(self): return reverse(ReportBuilderTypeSelect.urlname, args=[self.domain])
class DeprecatedODataFormServiceView(View): urlname = 'odata_form_service' @method_decorator(basic_auth_or_try_api_key_auth) @method_decorator( require_permission(Permissions.edit_data, login_decorator=None)) @method_decorator(toggles.ODATA.required_decorator()) def get(self, request, domain, app_id): data = { '@odata.context': absolute_reverse(DeprecatedODataFormMetadataView.urlname, args=[domain, app_id]), 'value': [{ 'name': xmlns, 'kind': 'EntitySet', 'url': xmlns, } for xmlns in get_xmlns_by_app(domain, app_id)] } return add_odata_headers(JsonResponse(data))
class DomainForwardingOptionsView(BaseAdminProjectSettingsView): urlname = 'domain_forwarding' page_title = ugettext_lazy("Data Forwarding") template_name = 'repeaters/repeaters.html' @method_decorator(require_permission(Permissions.edit_motech)) @method_decorator( requires_privilege_with_fallback(privileges.DATA_FORWARDING)) def dispatch(self, request, *args, **kwargs): return super().dispatch(request, *args, **kwargs) @property def repeater_types_info(self): return [ RepeaterTypeInfo( class_name=r.__name__, friendly_name=r.friendly_name, has_config=r._has_config, instances=r.by_domain(self.domain), ) for r in get_all_repeater_types().values() if r.available_for_domain(self.domain) ] @property def page_context(self): if are_repeat_records_migrated(self.domain): report = 'repeat_record_report' else: report = 'couch_repeat_record_report' return { 'report': report, 'repeater_types_info': self.repeater_types_info, 'pending_record_count': RepeatRecord.count(self.domain), 'user_can_configure': (self.request.couch_user.is_superuser or self.request.couch_user.can_edit_motech() or toggles.IS_CONTRACTOR.enabled(self.request.couch_user.username)) }
class DeprecatedODataCaseMetadataView(View): urlname = 'odata_case_meta' @method_decorator(basic_auth_or_try_api_key_auth) @method_decorator( require_permission(Permissions.edit_data, login_decorator=None)) @method_decorator(toggles.ODATA.required_decorator()) def get(self, request, domain): case_type_to_properties = get_case_type_to_properties(domain) for case_type in case_type_to_properties: case_type_to_properties[case_type] = sorted( { 'case_name', 'case_type', 'date_opened', 'owner_id', 'backend_id' } | set(case_type_to_properties[case_type])) metadata = render_to_string( 'api/odata_metadata.xml', { 'case_type_to_properties': case_type_to_properties, }) return add_odata_headers( HttpResponse(metadata, content_type='application/xml'))
from fields import FilterUsersField from util import get_all_users_by_domain from corehq.apps.hqsofabed.models import HQFormData from StringIO import StringIO from corehq.apps.app_manager.util import get_app_id from corehq.apps.groups.models import Group DATE_FORMAT = "%Y-%m-%d" datespan_default = datespan_in_request( from_param="startdate", to_param="enddate", default_days=7, ) require_form_export_permission = require_permission(Permissions.view_report, 'corehq.apps.reports.standard.export.ExcelExportReport', login_decorator=None) require_case_export_permission = require_permission(Permissions.view_report, 'corehq.apps.reports.standard.export.CaseExportReport', login_decorator=None) require_can_view_all_reports = require_permission(Permissions.view_reports) @login_and_domain_required def default(request, domain, template="reports/base_template.html"): return render_to_response(request, template, dict( domain=domain, report=dict( title="Select a Report to View", show=request.couch_user.can_view_reports() or request.couch_user.get_viewable_reports(), slug=None, is_async=True ) ))
from corehq.apps.reports.dbaccessors import touch_exports from corehq.apps.reports.display import xmlns_to_name from corehq.apps.reports.standard.export import CaseExportReport, ExcelExportReport from corehq.apps.settings.views import BaseProjectDataView from corehq.apps.users.decorators import require_permission from corehq.apps.users.models import Permissions from couchexport.models import SavedExportSchema, ExportSchema from couchexport.schema import build_latest_schema from dimagi.utils.decorators.memoized import memoized from django.utils.translation import ugettext as _, ugettext_noop, ugettext_lazy from dimagi.utils.logging import notify_exception from dimagi.utils.parsing import json_format_date from dimagi.utils.web import json_response require_form_export_permission = require_permission( Permissions.view_report, "corehq.apps.reports.standard.export.ExcelExportReport", login_decorator=None ) class BaseExportView(BaseProjectDataView): template_name = "export/customize_export.html" export_type = None is_async = True @property def parent_pages(self): return [{"title": self.report_class.name, "url": self.export_home_url}] @method_decorator(require_form_export_permission) def dispatch(self, request, *args, **kwargs): return super(BaseExportView, self).dispatch(request, *args, **kwargs)
import json from django.contrib import messages from django.core.urlresolvers import reverse from django.http import HttpResponseRedirect, HttpResponseForbidden from django.views.decorators.http import require_POST from django.utils.translation import ugettext as _ from corehq.apps.users.forms import MultipleSelectionForm from corehq.apps.users.models import Permissions, CommCareUser from corehq.apps.groups.models import Group, DeleteGroupRecord from corehq.apps.users.decorators import require_permission require_can_edit_groups = require_permission(Permissions.edit_commcare_users) @require_POST @require_can_edit_groups def add_group(request, domain): group_name = request.POST['group_name'] if not group_name: messages.error(request, _( "We could not create the group; " "please give it a name first" )) return HttpResponseRedirect(request.META['HTTP_REFERER']) group = Group.by_name(domain, group_name, one=False).first() if group: messages.warning(request, _( "A group with this name already exists: instead of making " "a new one, we've brought you to the existing one."
try: request.app = get_app(domain, app_id, latest=latest, target=target) return f(request, *args, **kwargs) except (AppEditingError, CaseError, ValueError), e: logging.exception(e) messages.error(request, "Problem downloading file: %s" % e) return HttpResponseRedirect( reverse("view_app", args=[domain, app_id])) return _safe_download def no_conflict_require_POST(f): """ Catches resource conflicts on save and returns a 409 error. Also includes require_POST decorator """ @require_POST @wraps(f) def _no_conflict(*args, **kwargs): try: return f(*args, **kwargs) except ResourceConflict: return HttpResponse(status=409) return _no_conflict require_can_edit_apps = require_permission(Permissions.edit_apps) require_deploy_apps = login_and_domain_required # todo: can fix this when it is better supported
def is_authenticated(self, request, **kwargs): wrappers = [ require_permission(self.permission, login_decorator=self._get_auth_decorator(request)), api_auth, ] return self._auth_test(request, wrappers=wrappers, **kwargs)
from corehq.apps.groups.models import Group from corehq.apps.users.bulkupload import GroupMemoizer from corehq.apps.users.decorators import require_permission from corehq.apps.users.models import CommCareUser, Permissions from corehq.apps.users.util import normalize_username from couchexport.export import UnsupportedExportFormat, export_raw from couchexport.models import Format from couchexport.shortcuts import export_response from dimagi.utils.couch.bulk import CouchTransaction from dimagi.utils.excel import WorkbookJSONReader, WorksheetNotFound from dimagi.utils.logging import notify_exception from dimagi.utils.web import json_response from dimagi.utils.decorators.view import get_file require_can_edit_fixtures = require_permission(Permissions.edit_data) def strip_json(obj, disallow_basic=None, disallow=None): disallow = disallow or [] if disallow_basic is None: disallow_basic = ['_rev', 'domain', 'doc_type'] disallow += disallow_basic ret = {} try: obj = obj.to_json() except Exception: pass for key in obj: if key not in disallow: ret[key] = obj[key]
from corehq.apps.case_importer import util as importer_util from corehq.apps.case_importer.exceptions import ImporterError from django.views.decorators.http import require_POST from corehq.apps.case_importer.suggested_fields import get_suggested_case_fields from corehq.apps.case_importer.tracking.case_upload_tracker import CaseUpload from corehq.apps.case_importer.util import get_importer_error_message from corehq.apps.users.decorators import require_permission from corehq.apps.users.models import Permissions from corehq.form_processor.interfaces.dbaccessors import CaseAccessors from django.contrib import messages from django.shortcuts import render from django.utils.translation import ugettext as _ require_can_edit_data = require_permission(Permissions.edit_data) EXCEL_SESSION_ID = "excel_id" def render_error(request, domain, message): """ Load error message and reload page for excel file load errors """ messages.error(request, _(message)) return HttpResponseRedirect(base.ImportCases.get_url(domain=domain)) @require_can_edit_data def excel_config(request, domain): """ Step one of three.
message = 'User attempted to install deleted application: {}'.format(app_id) except (AppEditingError, CaseError, ValueError) as e: message = e logging.exception(message) messages.error(request, "Problem downloading file: %s" % message) return HttpResponseRedirect(reverse("view_app", args=[domain, app_id])) return _safe_cached_download def no_conflict_require_POST(fn): """ Catches resource conflicts on save and returns a 409 error. Also includes require_POST decorator """ return require_POST(no_conflict(fn)) def no_conflict(fn): @wraps(fn) def _no_conflict(*args, **kwargs): try: return fn(*args, **kwargs) except ResourceConflict: return HttpResponse(status=409) return _no_conflict require_can_edit_apps = require_permission(Permissions.edit_apps) require_deploy_apps = login_and_domain_required # todo: can fix this when it is better supported
from dimagi.utils.decorators.memoized import memoized from dimagi.utils.make_uuid import random_hex from dimagi.utils.couch.database import get_db from dimagi.utils.web import json_request, json_response from casexml.apps.case.models import CommCareCase from corehq.apps.domain.decorators import require_superuser from corehq.apps.groups.models import Group from corehq.apps.users.decorators import require_permission from corehq.apps.users.models import CommCareUser, Permissions from corehq.apps.receiverwrapper.util import get_submit_url from couchforms.models import XFormInstance require_can_cleanup = require_permission(Permissions.edit_data) # -----------submissions------------- @require_can_cleanup def submissions(request, domain, template="cleanup/submissions.html"): return render(request, template, {'domain': domain}) @require_can_cleanup def submissions_json(request, domain): def query(limit=100, userID=None, group=False, username__exclude=["demo_user", "admin"], **kwargs): if group: if userID is None: key = [domain] else:
from corehq.apps.users.decorators import require_permission from corehq.apps.users.models import CommCareUser, Permissions from corehq.apps.users.util import normalize_username from couchexport.export import UnsupportedExportFormat, export_raw from couchexport.models import Format from couchexport.shortcuts import export_response from dimagi.utils.couch.bulk import CouchTransaction from dimagi.utils.excel import WorkbookJSONReader, WorksheetNotFound from dimagi.utils.logging import notify_exception from dimagi.utils.web import json_response from dimagi.utils.decorators.view import get_file require_can_edit_fixtures = lambda *args, **kwargs: ( require_permission(Permissions.edit_data)( requires_privilege_with_fallback(privileges.LOOKUP_TABLES)(*args, **kwargs) ) ) def strip_json(obj, disallow_basic=None, disallow=None): disallow = disallow or [] if disallow_basic is None: disallow_basic = ['_rev', 'domain', 'doc_type'] disallow += disallow_basic ret = {} try: obj = obj.to_json() except Exception: pass for key in obj:
from corehq.apps.domain.decorators import cls_to_view from corehq.apps.reports.dispatcher import ReportDispatcher from corehq.apps.users.decorators import require_permission from corehq.apps.users.models import Permissions # this is the permissions setting that makes the most sense now, # but perhaps there should be a specific edit_indicators permission? require_edit_indicators = require_permission(Permissions.edit_data) cls_require_edit_indicators = cls_to_view(additional_decorator=require_edit_indicators) class IndicatorAdminInterfaceDispatcher(ReportDispatcher): prefix = "indicator_admin_interface" map_name = "INDICATOR_ADMIN_INTERFACES" @cls_require_edit_indicators def dispatch(self, request, *args, **kwargs): return super(IndicatorAdminInterfaceDispatcher, self).dispatch(request, *args, **kwargs)
import json from django.contrib import messages from django.urls import reverse from django.http import HttpResponseRedirect, HttpResponseForbidden from django.views.decorators.http import require_POST from django.utils.translation import ugettext as _ from corehq.apps.users.models import Permissions, CommCareUser from corehq.apps.groups.models import Group, DeleteGroupRecord from corehq.apps.users.decorators import require_permission from dimagi.utils.couch import CriticalSection from dimagi.utils.couch.undo import DELETED_SUFFIX require_can_edit_groups = require_permission(Permissions.edit_groups) @require_POST @require_can_edit_groups def add_group(request, domain): group_name = request.POST['group_name'] if not group_name: messages.error(request, _( "We could not create the group; " "please give it a name first" )) return HttpResponseRedirect(request.META['HTTP_REFERER']) group = Group.by_name(domain, group_name) if group: messages.warning(request, _(
import json from django.contrib import messages from django.core.urlresolvers import reverse from django.http import HttpResponseRedirect, HttpResponseForbidden from django.views.decorators.http import require_POST from django.utils.translation import ugettext as _ from corehq.apps.users.forms import MultipleSelectionForm from corehq.apps.users.models import Permissions, CommCareUser from corehq.apps.groups.models import Group, DeleteGroupRecord from corehq.apps.users.decorators import require_permission require_can_edit_groups = require_permission(Permissions.edit_commcare_users) @require_POST @require_can_edit_groups def add_group(request, domain): group_name = request.POST["group_name"] if not group_name: messages.error(request, _("We could not create the group; " "please give it a name first")) return HttpResponseRedirect(request.META["HTTP_REFERER"]) group = Group.by_name(domain, group_name, one=False).first() if group: messages.warning( request, _( "A group with this name already exists: instead of making " "a new one, we've brought you to the existing one."
assert repeater.domain == domain assert record.domain == domain assert record.repeater_id == repeater.get_id attempt = repeater.fire_for_record(record) return JsonResponse(attempt.to_json()) @login_and_domain_required @require_http_methods(['POST']) def openmrs_import_now(request, domain): import_patients_to_domain(request.domain, force=True) return JsonResponse({'status': 'Accepted'}, status=202) @method_decorator(require_permission(Permissions.edit_motech), name='dispatch') @method_decorator(toggles.OPENMRS_INTEGRATION.required_decorator(), name='dispatch') class OpenmrsImporterView(BaseProjectSettingsView): urlname = 'openmrs_importer_view' page_title = ugettext_lazy("OpenMRS Importers") template_name = 'openmrs/importers.html' def _update_importer(self, importer, data): for key, value in data.items(): if key == 'password': if value == PASSWORD_PLACEHOLDER: continue # Skip updating the password if it hasn't been changed. else: value = b64_aes_encrypt(value) elif key == 'report_params':
from corehq.apps.registration.forms import AdminInvitesUserForm from corehq.apps.prescriptions.models import Prescription from corehq.apps.domain.models import Domain from corehq.apps.hqwebapp.utils import InvitationView from corehq.apps.users.decorators import require_permission from corehq.apps.users.forms import WebUserForm, UserForm, ProjectSettingsForm, CommtrackUserForm from corehq.apps.users.models import CouchUser, CommCareUser, WebUser, \ DomainRemovalRecord, UserRole, AdminUserRole, DomainInvitation, PublicUser from corehq.apps.domain.decorators import login_and_domain_required, require_superuser, domain_admin_required, domain_specific_login_redirect from corehq.apps.orgs.models import Team from corehq.apps.reports.util import get_possible_reports from corehq.apps.sms import verify as smsverify from django.utils.translation import ugettext as _, ugettext_noop require_can_edit_web_users = require_permission('edit_web_users') require_can_edit_commcare_users = require_permission('edit_commcare_users') def require_permission_to_edit_user(view_func): @wraps(view_func) def _inner(request, domain, couch_user_id, *args, **kwargs): go_ahead = False if hasattr(request, "couch_user"): user = request.couch_user if user.is_superuser or user.user_id == couch_user_id or (hasattr(user, "is_domain_admin") and user.is_domain_admin()): go_ahead = True else: couch_user = CouchUser.get_by_user_id(couch_user_id) if not couch_user: raise Http404() if couch_user.is_commcare_user() and request.couch_user.can_edit_commcare_users():
from corehq.apps.users.decorators import require_permission from corehq.apps.users.models import Permissions from dimagi.utils.decorators.memoized import memoized from .models import UI_SIMPLE_FIXED, UI_COMPLEX from .util import can_use_survey_reminders, get_form_list, get_form_name, get_recipient_name from corehq.apps.domain.models import Domain from corehq.util.timezones.utils import get_timezone_for_user from custom.ewsghana.forms import EWSBroadcastForm ACTION_ACTIVATE = 'activate' ACTION_DEACTIVATE = 'deactivate' ACTION_DELETE = 'delete' reminders_framework_permission = lambda *args, **kwargs: ( require_permission(Permissions.edit_data)( requires_privilege_with_fallback(privileges.REMINDERS_FRAMEWORK)(*args, **kwargs) ) ) survey_reminders_permission = lambda *args, **kwargs: ( require_permission(Permissions.edit_data)( requires_privilege_with_fallback(privileges.INBOUND_SMS)(*args, **kwargs) ) ) def get_project_time_info(domain): timezone = get_timezone_for_user(None, domain) now = pytz.utc.localize(datetime.utcnow()) timezone_now = now.astimezone(timezone) return (timezone, now, timezone_now)
from corehq.apps.api.odata.utils import ( get_case_odata_fields_from_config, get_form_odata_fields_from_config, ) from corehq.apps.domain.decorators import basic_auth_or_try_api_key_auth from corehq.apps.export.models import CaseExportInstance, FormExportInstance from corehq.apps.users.decorators import require_permission from corehq.apps.users.models import Permissions from corehq.feature_previews import BI_INTEGRATION_PREVIEW from corehq.util import get_document_or_404 from corehq.util.view_utils import absolute_reverse odata_auth = method_decorator([ basic_auth_or_try_api_key_auth, require_permission(Permissions.edit_data, login_decorator=None), BI_INTEGRATION_PREVIEW.required_decorator(), ], name='dispatch') @odata_auth class ODataCaseServiceView(View): urlname = 'odata_case_service_from_export_instance' table_urlname = 'odata_case_service_from_export_instance_table' def get(self, request, domain, config_id, **kwargs): table_id = int(kwargs.get('table_id', 0)) urlname = ODataCaseMetadataView.urlname url_args = [domain, config_id]
from corehq.apps.users.models import Permissions from corehq.motech.dhis2.dhis2_config import Dhis2FormConfig from corehq.motech.requests import Requests from corehq.motech.dhis2.dbaccessors import get_dhis2_connection, get_dataset_maps from corehq.motech.dhis2.forms import Dhis2ConnectionForm, Dhis2ConfigForm from corehq.motech.dhis2.models import DataValueMap, DataSetMap from corehq.motech.dhis2.repeaters import Dhis2Repeater from corehq.motech.dhis2.tasks import send_datasets from corehq.apps.domain.views.settings import BaseProjectSettingsView from memoized import memoized from dimagi.utils.web import json_response from six.moves import range from six.moves import map @method_decorator(require_permission(Permissions.edit_motech), name='dispatch') @method_decorator(toggles.DHIS2_INTEGRATION.required_decorator(), name='dispatch') class Dhis2ConnectionView(BaseProjectSettingsView): urlname = 'dhis2_connection_view' page_title = ugettext_lazy("DHIS2 Connection Settings") template_name = 'dhis2/connection_settings.html' def post(self, request, *args, **kwargs): form = self.dhis2_connection_form if form.is_valid(): form.save(self.domain) get_dhis2_connection.clear(request.domain) return HttpResponseRedirect(self.page_url) context = self.get_context_data(**kwargs) return self.render_to_response(context)
from corehq.apps.users.decorators import require_permission from corehq.apps.users.export import export_users from corehq.apps.users.models import CommCareUser from corehq.apps.users.models import Permissions from corehq.apps.domain.decorators import login_and_domain_required DATE_FORMAT = "%Y-%m-%d" datespan_default = datespan_in_request( from_param="startdate", to_param="enddate", default_days=7, ) require_form_export_permission = require_permission(Permissions.view_report, 'corehq.apps.reports.standard.export.ExcelExportReport', login_decorator=None) require_case_export_permission = require_permission(Permissions.view_report, 'corehq.apps.reports.standard.export.CaseExportReport', login_decorator=None) require_form_view_permission = require_permission(Permissions.view_report, 'corehq.apps.reports.standard.inspect.SubmitHistory', login_decorator=None) require_case_view_permission = require_permission(Permissions.view_report, 'corehq.apps.reports.standard.cases.basic.CaseListReport', login_decorator=None) require_can_view_all_reports = require_permission(Permissions.view_reports) @login_and_domain_required def default(request, domain): return HttpResponseRedirect(reverse(saved_reports, args=[domain])) @login_and_domain_required def old_saved_reports(request, domain): return default(request, domain)
from corehq.apps.reminders.forms import CaseReminderForm, ComplexCaseReminderForm, SurveyForm, SurveySampleForm, EditContactForm from corehq.apps.reminders.models import CaseReminderHandler, CaseReminderEvent, REPEAT_SCHEDULE_INDEFINITELY, EVENT_AS_OFFSET, EVENT_AS_SCHEDULE, SurveyKeyword, Survey, SurveySample, SURVEY_METHOD_LIST, SurveyWave, ON_DATETIME, RECIPIENT_SURVEY_SAMPLE, QUESTION_RETRY_CHOICES from corehq.apps.users.decorators import require_permission from corehq.apps.users.models import CouchUser, CommCareUser, Permissions from .models import UI_SIMPLE_FIXED, UI_COMPLEX from .util import get_form_list, get_sample_list from corehq.apps.sms.mixin import VerifiedNumber from corehq.apps.sms.util import register_sms_contact, update_contact from corehq.apps.domain.models import DomainCounter from casexml.apps.case.models import CommCareCase from dateutil.parser import parse from corehq.apps.sms.util import close_task from corehq.apps.groups.models import Group reminders_permission = require_permission(Permissions.edit_data) @reminders_permission def default(request, domain): return HttpResponseRedirect(reverse('list_reminders', args=[domain])) @reminders_permission def list_reminders(request, domain, template="reminders/partial/list_reminders.html"): handlers = CaseReminderHandler.get_handlers(domain=domain).all() return render(request, template, { 'domain': domain, 'reminder_handlers': handlers }) @reminders_permission def add_reminder(request, domain, handler_id=None, template="reminders/partial/add_reminder.html"):
class BaseProcessUploadedView(BaseMultimediaView): @property def username(self): return self.request.couch_user.username if self.request.couch_user else None @property def share_media(self): return self.request.POST.get('shared') == 't' @property def license_used(self): return self.request.POST.get('license', '') @property def author(self): return self.request.POST.get('author', '') @property def attribution_notes(self): return self.request.POST.get('attribution-notes', '') @property @memoized def uploaded_file(self): return self.request.FILES.get('Filedata') @property @memoized def mime_type(self): try: data = self.uploaded_file.file.read() return CommCareMultimedia.get_mime_type(data, filename=self.uploaded_file.name) except Exception as e: raise BadMediaFileException("There was an error fetching the MIME type of your file. Error: %s" % e) @method_decorator(require_permission(Permissions.edit_apps, login_decorator=login_with_permission_from_post())) # YUI js uploader library doesn't support csrf @csrf_exempt def dispatch(self, request, *args, **kwargs): return super(BaseMultimediaView, self).dispatch(request, *args, **kwargs) def get(self, request, *args, **kwargs): return HttpResponseBadRequest("You may only post to this URL.") def post(self, request, *args, **kwargs): self.errors = [] response = {} try: self.validate_file() response.update(self.process_upload()) except BadMediaFileException as e: self.errors.append(e.message) response.update({ 'errors': self.errors, }) return HttpResponse(json.dumps(response)) def validate_file(self, replace_diff_ext=False): raise NotImplementedError("You must validate your uploaded file!") def process_upload(self): raise NotImplementedError("You definitely need to implement this guy.")
from corehq.apps.domain.decorators import require_superuser from ctable.util import get_test_extractor, get_backend, backends from dimagi.utils.web import json_response from django.utils.translation import ugettext_noop as _ from django.core.urlresolvers import reverse from django.http import Http404 from corehq.apps.users.models import Permissions from corehq.apps.users.decorators import require_permission from ctable.models import SqlExtractMapping from django.shortcuts import render, redirect from ctable.tasks import process_extract from ctable.util import get_extractor require_can_edit_sql_mappings = require_permission(Permissions.edit_data) def _to_kwargs(req): # unicode can mix this up so have a little utility to do it # was seeing this only locally, not sure if python / django # version dependent return dict((str(k), v) for k, v in json.load(req).items()) @require_superuser def view(request, domain=None, template='ctable/list_mappings.html'): if domain: mappings = SqlExtractMapping.by_domain(domain) else: mappings = SqlExtractMapping.all()