def post(self, request, format=None): site = request.query_params.get('site', None) blueprint = request.query_params.get('blueprint', None) if site is not None: try: site = get_object_or_404(Site, id=site) except ObjectDoesNotExist: return Response(status=status.HTTP_404_NOT_FOUND, data={"detail": "Object not found."}) if check_site_permission(request, site.id): files = request.FILES.getlist('files') doc_type = request.POST.get('doc_type') name = request.POST.get('name') if len(files) > 0: objs = [ BluePrints( site=site, image=file, name=name, doc_type=doc_type ) for file in files ] BluePrints.objects.bulk_create(objs) return Response(status=status.HTTP_201_CREATED, data={"detail": "successfully created blueprints."}) else: return Response(status=status.HTTP_400_BAD_REQUEST, data={"detail": "Please select at least one file."}) else: return Response(status=status.HTTP_403_FORBIDDEN, data={"detail": "You do not have permission to perform this action."}) elif blueprint is not None: try: blueprint = BluePrints.objects.get(id=blueprint) except ObjectDoesNotExist: return Response(status=status.HTTP_404_NOT_FOUND, data={"detail": "Object not found."}) if check_site_permission(request, blueprint.site.id): blueprint.delete() return Response(status=status.HTTP_204_NO_CONTENT, data={"detail": "successfully deleted."}) else: return Response(status=status.HTTP_403_FORBIDDEN, data={"detail": "You do not have permission to perform this action."}) else: return Response(status=status.HTTP_404_NOT_FOUND, data={'detail': 'site or blueprint params is required.'})
def has_permission(self, request, view): project = request.query_params.get('project', None) site = request.query_params.get('site', None) if request.is_super_admin: return True if project is not None: try: project = Project.objects.select_related('organization').get( id=project) except ObjectDoesNotExist: return Response(status=status.HTTP_404_NOT_FOUND, data={"detail": "Not found."}) organization_id = project.organization_id user_role_org_admin = request.roles.filter( organization_id=organization_id, group__name="Organization Admin") if user_role_org_admin: return True user_role_as_manager = request.roles.filter( project_id=project.id, group__name__in=["Project Manager", "Project Donor"]) if user_role_as_manager: return True elif site is not None: return check_site_permission(request, site)
def delete_blueprint(request, pk): blueprint = get_object_or_404(BluePrints, id=pk) if check_site_permission(request, blueprint.site.id): blueprint.delete() return Response(status=status.HTTP_204_NO_CONTENT) else: return Response(status=status.HTTP_403_FORBIDDEN, data={"detail": "You do not have permission to perform this action."})
def site_map(request, pk): if check_site_permission(request, int(pk)): pk = int(pk) obj = get_object_or_404(Site, pk=pk, is_active=True) data = serialize('custom_geojson', [obj], geometry_field='location', fields=('name', 'public_desc', 'additional_desc', 'address', 'location', 'phone', 'id')) return Response(json.loads(data)) else: return Response(status=status.HTTP_403_FORBIDDEN, data={"detail": "You do not have permission to perform this action."})
def site_recent_pictures(request): query_params = request.query_params site_id = query_params.get('site') if check_site_permission(request, int(site_id)): try: site_featured_images = Site.objects.get(pk=int(site_id)).site_featured_images except ObjectDoesNotExist: return Response(status=status.HTTP_404_NOT_FOUND) recent_pictures = get_recent_images(int(site_id)) return Response({'site_featured_images': site_featured_images, 'recent_pictures': recent_pictures}) else: return Response(status=status.HTTP_403_FORBIDDEN, data={"detail": "You do not have permission to perform this action."})
def filter_queryset(self, queryset): try: site = Site.objects.get(pk=int(self.kwargs.get('pk'))) except ObjectDoesNotExist: return Site.objects.all().none() content_site = ContentType.objects.get(app_label="fieldsight", model="site") if check_site_permission(self.request, site.id): project = site.project query = Q(site_id=self.kwargs.get('pk')) | ( Q(content_type=content_site) & Q(object_id=self.kwargs.get('pk'))) | ( Q(extra_content_type=content_site) & Q(extra_object_id=self.kwargs.get('pk'))) meta_dict = {} for meta in project.site_meta_attributes: if meta['question_type'] == "Link" and meta[ 'question_name'] in site.site_meta_attributes_ans: meta_site_id = Site.objects.filter( identifier=site.site_meta_attributes_ans[ meta['question_name']], project_id=meta['project_id']) if meta_site_id: selected_metas = [ sub_meta['question_name'] for sub_meta in meta['metas'][str(meta['project_id'])] ] meta_dict[meta_site_id[0].id] = selected_metas for key, value in meta_dict.items(): for item in value: query |= (Q(type=15) & Q(content_type=content_site) & Q(object_id=key) & Q(extra_json__contains='"' + item + '":')) return queryset.filter(query) else: return Site.objects.all().none()
def site_documents(request): query_params = request.query_params site_id = query_params.get('site_id') site_obj = get_object_or_404(Site, id=site_id) site_id = int(site_id) site_blueprints = BluePrints.objects.filter(site=site_obj).count() show_button = True if site_blueprints < 10 else False if check_site_permission(request, site_id): try: blueprints_obj = Site.objects.get(pk=site_id).blueprints.all()[:10] except ObjectDoesNotExist: return Response(status=status.HTTP_404_NOT_FOUND) data = [{'id': blueprint.id, 'name': doc_name(blueprint), 'file': blueprint.image.url, 'doc_type': blueprint.doc_type, 'added_date': readable_date(blueprint.added_date), 'type': check_file_extension((blueprint.image.url.lower()))} for blueprint in blueprints_obj] return Response(data={'show_button': show_button, 'documents': data, 'breadcrumbs': {'name': 'Site Documents', 'site': site_obj.name, 'site_url': site_obj.get_absolute_url()}}) else: return Response(status=status.HTTP_403_FORBIDDEN, data={"detail": "You do not have permission to perform this action."})