Breakout (most) user stuff to separate module

The model remains in RIGS for now, as it's pretty painful to move...
2026-01-18 14:02:15 +00:00 · 2020-04-12 19:13:06 +01:00
parent 2bf643cd7a
commit f308a095f3
32 changed files with 314 additions and 250 deletions
--- a/PyRIGS/views.py
+++ b/PyRIGS/views.py
@@ -0,0 +1,136 @@
+from django.core.exceptions import PermissionDenied
+from django.http.response import HttpResponseRedirect
+from django.http import HttpResponse
+from django.urls import reverse_lazy, reverse, NoReverseMatch
+from django.views import generic
+from django.contrib.auth.views import LoginView
+from django.db.models import Q
+from django.shortcuts import get_object_or_404
+from django.core import serializers
+from django.conf import settings
+import simplejson
+from django.contrib import messages
+import datetime
+import pytz
+import operator
+from registration.views import RegistrationView
+from django.views.decorators.csrf import csrf_exempt
+
+
+from RIGS import models, forms
+from assets import models as asset_models
+from functools import reduce
+
+class SecureAPIRequest(generic.View):
+    models = {
+        'venue': models.Venue,
+        'person': models.Person,
+        'organisation': models.Organisation,
+        'profile': models.Profile,
+        'event': models.Event,
+        'supplier': asset_models.Supplier
+    }
+
+    perms = {
+        'venue': 'RIGS.view_venue',
+        'person': 'RIGS.view_person',
+        'organisation': 'RIGS.view_organisation',
+        'profile': 'RIGS.view_profile',
+        'event': None,
+        'supplier': None
+    }
+
+    '''
+    Validate the request is allowed based on user permissions.
+    Raises 403 if denied.
+    Potential to add API key validation at a later date.
+    '''
+
+    def __validate__(self, request, key, perm):
+        if request.user.is_active:
+            if request.user.is_superuser or perm is None:
+                return True
+            elif request.user.has_perm(perm):
+                return True
+        raise PermissionDenied()
+
+    def get(self, request, model, pk=None, param=None):
+        # Request permission validation things
+        key = request.GET.get('apikey', None)
+        perm = self.perms[model]
+        self.__validate__(request, key, perm)
+
+        # Response format where applicable
+        format = request.GET.get('format', 'json')
+        fields = request.GET.get('fields', None)
+        if fields:
+            fields = fields.split(",")
+
+        # Supply data for one record
+        if pk:
+            object = get_object_or_404(self.models[model], pk=pk)
+            data = serializers.serialize(format, [object], fields=fields)
+            return HttpResponse(data, content_type="application/" + format)
+
+        # Supply data for autocomplete ajax request in json form
+        term = request.GET.get('q', None)
+        if term:
+            if fields is None:  # Default to just name
+                fields = ['name']
+
+            # Build a list of Q objects for use later
+            queries = []
+            for part in term.split(" "):
+                qs = []
+                for field in fields:
+                    q = Q(**{field + "__icontains": part})
+                    qs.append(q)
+                queries.append(reduce(operator.or_, qs))
+
+            # Build the data response list
+            results = []
+            query = reduce(operator.and_, queries)
+            objects = self.models[model].objects.filter(query)
+            for o in objects:
+                data = {
+                    'pk': o.pk,
+                    'value': o.pk,
+                    'text': o.name,
+                }
+                try:  # See if there is a valid update URL
+                    data['update'] = reverse("%s_update" % model, kwargs={'pk': o.pk})
+                except NoReverseMatch:
+                    pass
+                results.append(data)
+
+            # return a data response
+            json = simplejson.dumps(results)
+            return HttpResponse(json, content_type="application/json")  # Always json
+
+        start = request.GET.get('start', None)
+        end = request.GET.get('end', None)
+
+        if model == "event" and start and end:
+            # Probably a calendar request
+            start_datetime = datetime.datetime.strptime(start, "%Y-%m-%dT%H:%M:%S")
+            end_datetime = datetime.datetime.strptime(end, "%Y-%m-%dT%H:%M:%S")
+
+            objects = self.models[model].objects.events_in_bounds(start_datetime, end_datetime)
+
+            results = []
+            for item in objects:
+                data = {
+                    'pk': item.pk,
+                    'title': item.name,
+                    'is_rig': item.is_rig,
+                    'status': str(item.get_status_display()),
+                    'earliest': item.earliest_time.isoformat(),
+                    'latest': item.latest_time.isoformat(),
+                    'url': str(item.get_absolute_url())
+                }
+
+                results.append(data)
+            json = simplejson.dumps(results)
+            return HttpResponse(json, content_type="application/json")  # Always json
+
+        return HttpResponse(model)