def create_customer(request): if request.method == 'POST': form = CustomerCreationForm(request.data) # domain_name = request.META['HTTP_HOST'] if not form.is_valid(): return Response(data=form.errors.as_data(), status=status.HTTP_400_BAD_REQUEST) form.clean_password2() user = form.save() # generate token and cache user data token = generate_key(long_token=True) set_email_verification_cache(token, { 'email': user.email, 'action': 'signup', }) # send verification email mail = Email([ user.email, ], TYPE_SIGNUP) mail.send_mail_welcome({ 'username': user.email, 'url': '"{}/{}?code={}"'.format('http://www.lmeib.com', 'user/email_confirm', token) }) return Response(data=response_message(code=201), status=status.HTTP_201_CREATED) return Response(data=response_message(code=405), status=status.HTTP_405_METHOD_NOT_ALLOWED)
def resend_email_confirmation(request): if request.method == 'POST': token = request.data['token'] or None if token: user = get_cached_user_by_token(token) if not user: return Response( data=response_message(message='Username NOT EXISTS !'), status=status.HTTP_400_BAD_REQUEST) token = generate_key(long_token=True) set_email_verification_cache(token, { 'email': user.email, 'action': 'signup', }) # send verification email mail = Email([ user.email, ], TYPE_SIGNUP) mail.send_mail_welcome({ 'username': user.email, 'url': '"{}/{}?code={}"'.format('http://www.lmeib.com', 'user/email_confirm', token) }) return Response(data=response_message(code=200), status=status.HTTP_200_OK) return Response(data=response_message(message='Invalid username'), status=status.HTTP_400_BAD_REQUEST) return Response(data=response_message(code=405), status=status.HTTP_405_METHOD_NOT_ALLOWED)
def create_update_permission_group(request, pk=None): """ :param request: required fields: list of permission IDs-> permissions, string -> permission_name :return: response with HTTP status code """ if request.method == 'POST' or request.method == 'PUT': permission_list = [ int(i) for i in request.POST.getlist('permissions[]') ] if pk is None: form = PermissionGroupForm(request.POST) if not form.is_valid(): return Response(data=form.errors.as_data(), status=status.HTTP_400_BAD_REQUEST) PermissionGroup.create(permission_list, **form.cleaned_data) elif pk: permission_group = get_object_or_404(PermissionGroup, pk=pk) form = PermissionGroupForm(request.POST, instance=permission_group) if not form.is_valid(): return Response(data=form.errors.as_data(), status=status.HTTP_400_BAD_REQUEST) form.save() if permission_list: PermissionGroup.update(permission_group, permission_list) return Response(data=response_message(code=201), status=status.HTTP_201_CREATED) elif request.method == 'DELETE' and pk: # NOTE : de-active only for now, better to delete with all relations ? permission_group = get_object_or_404(PermissionGroup, pk=pk) permission_group.is_active = False permission_group.save() return Response(data=response_message(code=405), status=status.HTTP_405_METHOD_NOT_ALLOWED)
def create_comment(request): if request.method == 'POST': form = CommentCreationForm(request.data) if form.is_valid(): form.save() return Response(data=response_message(code=200), status=status.HTTP_200_OK) return Response(data=response_message(message='Invalid request input'), status=status.HTTP_400_BAD_REQUEST) return Response(data=response_message(code=405), status=status.HTTP_405_METHOD_NOT_ALLOWED)
def logout(request): if request.method == 'POST': token = request.data['token'] user_cache = Cache() user_cache.delete(token) django_logout(request) return Response(data=response_message(code=200), status=status.HTTP_200_OK) return Response(data=response_message(code=405), status=status.HTTP_405_METHOD_NOT_ALLOWED)
def reset_password(request): if request.method == 'POST': form = UserResetPassword(request.POST) if form.is_valid(): form.reset_password() return Response(data=response_message(code=200), status=status.HTTP_200_OK) return Response(data=response_message(message='Invalid password'), status=status.HTTP_400_BAD_REQUEST) return Response(data=response_message(code=405), status=status.HTTP_405_METHOD_NOT_ALLOWED)
def create_or_update_university_additional_attr(request): if request.method == 'POST': form = UniversityAdditionalAttributesForm(request.POST) if not form.is_valid(): return Response(data=form.errors.as_data(), status=status.HTTP_400_BAD_REQUEST) form.save() return Response(data=response_message(code=200), status=status.HTTP_200_OK) return Response(data=response_message(code=405), status=status.HTTP_405_METHOD_NOT_ALLOWED)
def create_org_admin(request): if request.method == 'POST': form = OrgAdminCreateForm(request.POST) if not form.is_valid(): return Response(data=form.errors.as_data(), status=status.HTTP_400_BAD_REQUEST) form.clean_password2() form.save() return Response(data=response_message(code=201), status=status.HTTP_201_CREATED) return Response(data=response_message(code=405), status=status.HTTP_405_METHOD_NOT_ALLOWED)
def delete_wiki(request): s3 = S3(AWS_BUCKET_ORG_WIKI) response_data = {} if request.method == 'POST': key_name = request.POST['key_name'] or None if key_name and s3.is_file_exist(key_name): s3.delete_file(key_name) return Response(data=response_data, status=status.HTTP_200_OK) return Response(data=response_message(message='Invalid key name'), status=status.HTTP_400_BAD_REQUEST) return Response(data=response_message(code=405), status=status.HTTP_405_METHOD_NOT_ALLOWED)
def change_password(request): if request.method == 'POST': form = UserChangePasswordForm(request.data) if form.is_valid(): user = form.set_password() if user: django_login(request, user) return Response(data=response_message(code=200), status=status.HTTP_200_OK) return Response(data=response_message(message='Invalid password'), status=status.HTTP_400_BAD_REQUEST) return Response(data=response_message(code=405), status=status.HTTP_405_METHOD_NOT_ALLOWED)
def grant_admin_permission_groups(request): if request.method == 'POST': form = GrantUserPermissionForm(request.POST) permission_group_list = [ int(i) for i in request.POST.getlist('permission_groups[]') ] if form.is_valid( ) and permission_group_list and check_request_user_role( request.POST['token'], ('president', )): user = form.authenticate() update_admin_permission_group(user, permission_group_list) return Response(data=response_message(code=200), status=status.HTTP_200_OK) return Response(data=response_message(message='Invalid inputs'), status=status.HTTP_400_BAD_REQUEST) return Response(data=response_message(code=405), status=status.HTTP_405_METHOD_NOT_ALLOWED)
def email_token_verification(request): if request.method == 'GET': token = request.GET['code'] or None return Response(data={ 'is_verified': email_verification(token), }, status=status.HTTP_200_OK) return Response(data=response_message(code=405), status=status.HTTP_405_METHOD_NOT_ALLOWED)
def login(request): if request.method == 'POST': form = UserAuthenticationForm(request.data) if form.is_valid(): (user, token) = form.authenticate() if user: django_login(request, user) response_data = dict({ 'result': 'success', 'data': refresh_or_create_user_cache(token, user), }) return Response(data=response_data, status=status.HTTP_200_OK) return Response( data=response_message(message='Invalid username or password'), status=status.HTTP_400_BAD_REQUEST) return Response(data=response_message(code=405), status=status.HTTP_405_METHOD_NOT_ALLOWED)
def refresh_user_cache(request): if request.method == 'GET': token = request.GET['token'] response_data = dict({ 'result': 'success', 'data': refresh_or_create_user_cache(token), }) return Response(data=response_data, status=status.HTTP_200_OK) return Response(data=response_message(code=405), status=status.HTTP_405_METHOD_NOT_ALLOWED)
def create_update_feature(request, pk=None): if request.method == 'POST' or request.method == 'PUT': if pk is None: form = FeatureForm(request.POST) if not form.is_valid(): return Response(data=form.errors.as_data(), status=status.HTTP_400_BAD_REQUEST) Feature.create_feature(**form.cleaned_data) elif pk: feature = get_object_or_404(Feature, pk=pk) form = FeatureForm(request.POST, instance=feature) if not form.is_valid(): return Response(data=form.errors.as_data(), status=status.HTTP_400_BAD_REQUEST) form.save() return Response(data=response_message(code=201), status=status.HTTP_201_CREATED) return Response(data=response_message(code=405), status=status.HTTP_405_METHOD_NOT_ALLOWED)
def retrieve_university_by_slug(request): if request.method == 'GET': slug = request.GET['university_slug'] university = University.objects.all().get(slug_name=slug, is_active=True) response_data = dict({ 'result': 'success', 'data': to_json(university), }) return Response(data=response_data, status=status.HTTP_200_OK) return Response(data=response_message(code=405), status=status.HTTP_405_METHOD_NOT_ALLOWED)
def upload_image(request): s3 = S3(AWS_BUCKET_ORG_WIKI) if request.method == 'POST': form = ImageFileForm(request.POST, request.FILES) if not form.is_valid(): return Response(data=form.errors.as_data(), status=status.HTTP_400_BAD_REQUEST) key_prefix = form.cleaned_data['key_prefix'] s3_key = s3.upload_image(request.FILES['file'], key_prefix) return Response(data={'s3_key': s3_key}, status=status.HTTP_201_CREATED) return Response(data=response_message(code=405), status=status.HTTP_405_METHOD_NOT_ALLOWED)
def get_customer_upg_by_university(request): if request.method == 'GET': response_data = list() token = request.GET['token'] university = get_object_or_404( University, slug_name=request.GET['university_slug']) or None cached_data = get_cached_user(token) if not check_request_user_role(cached_data, ['admin', 'president', ]) or int(cached_data['university_id']) != \ university.pk: return Response(data=response_message(code=401), status=status.HTTP_401_UNAUTHORIZED) if not university: return Response(data=response_message(message='Invalid parameter'), status=status.HTTP_400_BAD_REQUEST) university_upg = CustomerUPG.customer_upg.get_org_deserved_customer_upg( university) for upg in university_upg: response_data.append(model_to_dict(upg)) return Response(data={'result': response_data}, status=status.HTTP_200_OK) return Response(data=response_message(code=405), status=status.HTTP_405_METHOD_NOT_ALLOWED)
def create_update_feature_group(request, pk=None): """ We do not check permission since the feature group is only created by LMB internally, all universities should have the same visibility of all base feature groups. """ if request.method == 'POST' or request.method == 'PUT': if pk is None: form = FeatureGroupForm(request.POST) if not form.is_valid(): return Response(data=form.errors.as_data(), status=status.HTTP_400_BAD_REQUEST) FeatureGroup.create(**form.cleaned_data) elif pk: feature_group = get_object_or_404(FeatureGroup, pk=pk) form = FeatureGroupForm(request.POST, instance=feature_group) if not form.is_valid(): return Response(data=form.errors.as_data(), status=status.HTTP_400_BAD_REQUEST) form.save() return Response(data=response_message(code=201), status=status.HTTP_201_CREATED) return Response(data=response_message(code=405), status=status.HTTP_405_METHOD_NOT_ALLOWED)
def get_university_additional_attr_list(request): if request.method == 'GET': slug = request.GET['slug'] university = University.objects.all().get(slug_name=slug, is_active=True) university_additional_attr_list = UniversityAdditionalAttributes.objects.filter( pk=university.pk) response_data = dict({ 'result': 'success', 'data': university_additional_attr_list, }) return Response(data=response_data, status=status.HTTP_200_OK) return Response(data=response_message(code=405), status=status.HTTP_405_METHOD_NOT_ALLOWED)
def forgot_password_email(request): if request.method == 'POST': form = UserForgotPassword(request.POST) if form.is_valid(): user = form.get_user() if user: token = reset_password_cache_handler(user.email) mail = Email([ user.email, ], TYPE_RESET_PASSWORD) mail.send_mail_welcome({ 'username': user.email, 'url': '"{}/{}?code={}"'.format('http://www.lmeib.com', 'user/reset', token) }) return Response(data=response_message(code=200), status=status.HTTP_200_OK) return Response( data=response_message(message='Username Does not exist !'), status=status.HTTP_400_BAD_REQUEST) return Response(data=response_message(code=405), status=status.HTTP_405_METHOD_NOT_ALLOWED)
def retrieve_university_additional_attr(request): if request.method == 'GET': slug = request.GET['slug'] attribute_name = request.GET['attr_name'] university = University.objects.all().get(slug_name=slug, is_active=True) university_additional_attr = UniversityAdditionalAttributes.objects.get( university=university.pk, attribute_name=attribute_name) or '' response_data = dict({ 'result': 'success', 'data': to_json(university_additional_attr), }) return Response(data=response_data, status=status.HTTP_200_OK) return Response(data=response_message(code=405), status=status.HTTP_405_METHOD_NOT_ALLOWED)
def upload_user_avatar(request, ): s3 = S3(AWS_BUCKET_USER_ARCHIVE) if request.method == 'POST': form = UserAvatarFileForm(request.POST, request.FILES) if not form.is_valid(): return Response(data=form.errors.as_data(), status=status.HTTP_400_BAD_REQUEST) key_prefix = form.make_avatar_s3_key_prefix() s3_key = s3.upload_image(request.FILES['file'], key_prefix) image_url = form.update_user_avatar_key(AWS_BUCKET_USER_ARCHIVE, s3_key) return Response(data={'image_url': image_url}, status=status.HTTP_201_CREATED) return Response(data=response_message(code=405), status=status.HTTP_405_METHOD_NOT_ALLOWED)
def upload_wiki(request): s3 = S3(AWS_BUCKET_ORG_WIKI) if request.method == 'POST': form = WikiFileForm(request.POST) if form.is_valid(): old_key_name = form.cleaned_data['old_path'] or None new_key_name = form.cleaned_data['new_path'] page = form.cleaned_data['page'] s3_key = s3.upload_wiki(page, new_key_name, old_key_name) if s3_key: return Response(data={'s3_key': s3_key}, status=status.HTTP_201_CREATED) return Response(data=form.errors.as_data(), status=status.HTTP_400_BAD_REQUEST) return Response(data=response_message(code=405), status=status.HTTP_405_METHOD_NOT_ALLOWED)
def get_items(request): s3 = S3(AWS_BUCKET_ORG_WIKI) response_data = {} if request.method == 'POST': form = GetKeysForm(request.data) if form.is_valid(): key_prefix = form.cleaned_data['key_name'] or '' key_spec = form.cleaned_data['spec'] or None key_suffix = form.cleaned_data['suffix'] or '/' key_marker = form.cleaned_data['marker'] or '' response_data['result_list'] = s3.get_sub_keys_with_spec( key_prefix, key_spec, key_suffix, key_marker) return Response(data=response_data, status=status.HTTP_200_OK) return Response(data=form.errors.as_data(), status=status.HTTP_400_BAD_REQUEST) return Response(data=response_message(code=405), status=status.HTTP_405_METHOD_NOT_ALLOWED)