def check(request): """ Respond to the "/account/check" API call. """ try: # Extract our payload from the request parameters. request_payload = api_helper.process_request(request) if "error" in request_payload: return request_payload['error'] # Check that the required fields have all been supplied. error = api_helper.check_fields(request_payload, ["session_key", "account_id", "update_id"]) if error != None: return error # Get the values we need from the payload. session = request_payload['session'] account_id = request_payload['fields']['account_id'] update_id = request_payload['fields']['update_id'] if not account_helper.is_valid_account_id(account_id): return api_helper.error(request_payload, api_errors.INVALID_ACCOUNT_ID) # Make sure the user is allowed to access the given account. if account_id != None: if session.user.user_id != account_id.get("user_id"): return api_helper.error(request_payload, api_errors.UNAUTHORIZED) # Get the desired account, if it exists. account = account_helper.get_account(account_id) # See if the account has changed since the client last downloaded it. if account != None: changed = (account.update_id != update_id) else: changed = (update_id != 0) # Finally, return the response payload back to the caller. response_payload = {} if changed: response_payload['changed'] = 1 else: response_payload['changed'] = 0 return api_helper.response(request_payload, response_payload) except: traceback.print_exc() return HttpResponseServerError()
def get(request): """ Respond to the "/account/get" API call. """ try: # Extract our payload from the request parameters. request_payload = api_helper.process_request(request) if "error" in request_payload: return request_payload['error'] # Check that the required fields are present. error = api_helper.check_fields(request_payload, required_fields=["session_key", "account_id"]) if error != None: return error session = request_payload['session'] account_id = request_payload['fields']['account_id'] if not account_helper.is_valid_account_id(account_id): return api_helper.error(request_payload, api_errors.INVALID_ACCOUNT_ID) # Make sure the user is allowed to access the given account. if account_id != None: if session.user.user_id != account_id.get("user_id"): return api_helper.error(request_payload, api_errors.UNAUTHORIZED) # Get the desired account, if it exists. account = account_helper.get_account(account_id) # Build our response payload, based on the account's details. We start # with the account record itself. response_payload = {} response_payload['account'] = {} if account != None: response_payload['account']['exists'] = 1 else: response_payload['account']['exists'] = 0 # Add the account's current balance. balance = decimal.Decimal("0.00") if account != None: transactions = account.transaction_set.all().order_by("timestamp") for transaction in transactions: balance = balance + transaction.amount response_payload['account']['balance'] = balance # Add the list of transactions for this account. response_payload['account']['transactions'] = [] if account != None: transactions = account.transaction_set.all().order_by("timestamp") for transaction in transactions: timestamp = transaction.timestamp.isoformat() amount = transaction.amount metadata = transaction.get_metadata() transaction_data = {'timestamp' : timestamp, 'amount' : amount, 'meta_data' : metadata} other_account = transaction.other_account if other_account != None: other_account_id = account_helper.make_account_id( other_account.user_id, other_account.associated_user_id, other_account.suffix) transaction_data['other_account'] = other_account_id response_payload['account']['transactions'].append( transaction_data) # Add the account's metadata. Note that we exclude the password and pin # number, for security reasons. if account != None: metadata = account.get_metadata() else: metadata = {} if "password" in metadata: del metadata['password'] if "pin_number" in metadata: del metadata['pin_number'] response_payload['account']['meta_data'] = metadata # Add the account's policies, taking into account each policy's default # value, the user-specific override (if any), and account-specific # override (if any). policies = {} for policy in Policy.objects.all(): default = policy.get_default() try: override = PolicyUserOverride.objects.get(policy=policy, user=session.user) user_override = override.get_override() except PolicyUserOverride.DoesNotExist: user_override = None if account != None: try: override = \ PolicyAccountOverride.objects.get(policy=policy, account=account) account_override = override.get_override() except PolicyAccountOverride.DoesNotExist: account_override = None else: account_override = None if account_override != None: value = account_override elif user_override != None: value = user_override else: value = default policies[policy.name] = value response_payload['account']['policies'] = policies # Add the account's update ID. if account != None: response_payload['update_id'] = account.update_id else: response_payload['update_id'] = 0 # Finally, return the response payload back to the caller. return api_helper.response(request_payload, response_payload) except: traceback.print_exc() return HttpResponseServerError()
def get(request): """ Respond to the "/policy/get" API call. We let the caller retrieve a policy override (either at the user or the individual account level) for a given policy. """ try: # Extract our payload from the request parameters. request_payload = api_helper.process_request(request) if "error" in request_payload: return request_payload['error'] # Check that the required fields are present. error = api_helper.check_fields(request_payload, required_fields=["session_key", "policy"], optional_fields=["account_id"]) if error != None: return error user = request_payload['session'].user account_id = request_payload['fields'].get("account_id") policy_name = request_payload['fields']['policy'] # If an account ID was specified, make sure the user is allowed to # access that account. if account_id != None: if user.user_id != account_id.get("user_id"): return api_helper.error(request_payload, api_errors.UNAUTHORIZED) # Get the Policy the user wants the override for. try: policy = Policy.objects.get(name=policy_name) except Policy.DoesNotExist: return api_helper.error(request_payload, api_errors.NO_SUCH_POLICY) # Get the appropriate override for this policy, if any. if account_id != None: # Retrieve the account-level override for this policy and account, # if any. account = account_helper.get_account(account_id) if account != None: try: override = PolicyAccountOverride.objects.get(policy=policy, account=account) override_value = override.get_override() except PolicyAccountOverride.DoesNotExist: override_value = None else: override_value = None else: # Retrieve the user-level override for this policy and user, if # any. try: override = PolicyUserOverride.objects.get(policy=policy, user=user) override_value = override.get_override() except PolicyUserOverride.DoesNotExist: override_value = None # Finally, return the policy override (if any) back to the caller. response_payload = {} if override_value != None: response_payload['override'] = override_value return api_helper.response(request_payload, response_payload) except: traceback.print_exc() return HttpResponseServerError()