Breakout (most) user stuff to separate module

The model remains in RIGS for now, as it's pretty painful to move...
2026-01-21 23:42:14 +00:00 · 2020-04-12 19:13:06 +01:00
parent 2bf643cd7a
commit f308a095f3
32 changed files with 314 additions and 250 deletions
--- a/RIGS/views.py
+++ b/RIGS/views.py
@@ -38,26 +38,6 @@ class Index(generic.TemplateView):
 class SearchHelp(generic.TemplateView):
    template_name = 'search_help.html'

-
-# This view should be exempt from requiring CSRF token.
-# Then we can check for it and show a nice error
-# Don't worry, django.contrib.auth.views.login will
-# check for it before logging  the user in
-class LoginEmbed(LoginView):
-    template_name = 'registration/login_embed.html'
-
-    @csrf_exempt
-    def dispatch(self, request, *args, **kwargs):
-        if request.method == "POST":
-            csrf_cookie = request.COOKIES.get('csrftoken', None)
-
-            if csrf_cookie is None:
-                messages.warning(request, 'Cookies do not seem to be enabled. Try logging in using a new tab.')
-                request.method = 'GET'  # Render the page without trying to login
-
-        return super().dispatch(request, *args, **kwargs)
-
-
 """
 Called from a modal window (e.g. when an item is submitted to an event/invoice).
 May optionally also include some javascript in a success message to cause a load of
@@ -270,157 +250,3 @@ class VenueUpdate(generic.UpdateView):
                'pk': self.object.pk,
            })
        return url
-
-
-class SecureAPIRequest(generic.View):
-    models = {
-        'venue': models.Venue,
-        'person': models.Person,
-        'organisation': models.Organisation,
-        'profile': models.Profile,
-        'event': models.Event,
-        'supplier': asset_models.Supplier
-    }
-
-    perms = {
-        'venue': 'RIGS.view_venue',
-        'person': 'RIGS.view_person',
-        'organisation': 'RIGS.view_organisation',
-        'profile': 'RIGS.view_profile',
-        'event': None,
-        'supplier': None
-    }
-
-    '''
-    Validate the request is allowed based on user permissions.
-    Raises 403 if denied.
-    Potential to add API key validation at a later date.
-    '''
-
-    def __validate__(self, request, key, perm):
-        if request.user.is_active:
-            if request.user.is_superuser or perm is None:
-                return True
-            elif request.user.has_perm(perm):
-                return True
-        raise PermissionDenied()
-
-    def get(self, request, model, pk=None, param=None):
-        # Request permission validation things
-        key = request.GET.get('apikey', None)
-        perm = self.perms[model]
-        self.__validate__(request, key, perm)
-
-        # Response format where applicable
-        format = request.GET.get('format', 'json')
-        fields = request.GET.get('fields', None)
-        if fields:
-            fields = fields.split(",")
-
-        # Supply data for one record
-        if pk:
-            object = get_object_or_404(self.models[model], pk=pk)
-            data = serializers.serialize(format, [object], fields=fields)
-            return HttpResponse(data, content_type="application/" + format)
-
-        # Supply data for autocomplete ajax request in json form
-        term = request.GET.get('q', None)
-        if term:
-            if fields is None:  # Default to just name
-                fields = ['name']
-
-            # Build a list of Q objects for use later
-            queries = []
-            for part in term.split(" "):
-                qs = []
-                for field in fields:
-                    q = Q(**{field + "__icontains": part})
-                    qs.append(q)
-                queries.append(reduce(operator.or_, qs))
-
-            # Build the data response list
-            results = []
-            query = reduce(operator.and_, queries)
-            objects = self.models[model].objects.filter(query)
-            for o in objects:
-                data = {
-                    'pk': o.pk,
-                    'value': o.pk,
-                    'text': o.name,
-                }
-                try:  # See if there is a valid update URL
-                    data['update'] = reverse("%s_update" % model, kwargs={'pk': o.pk})
-                except NoReverseMatch:
-                    pass
-                results.append(data)
-
-            # return a data response
-            json = simplejson.dumps(results)
-            return HttpResponse(json, content_type="application/json")  # Always json
-
-        start = request.GET.get('start', None)
-        end = request.GET.get('end', None)
-
-        if model == "event" and start and end:
-            # Probably a calendar request
-            start_datetime = datetime.datetime.strptime(start, "%Y-%m-%dT%H:%M:%S")
-            end_datetime = datetime.datetime.strptime(end, "%Y-%m-%dT%H:%M:%S")
-
-            objects = self.models[model].objects.events_in_bounds(start_datetime, end_datetime)
-
-            results = []
-            for item in objects:
-                data = {
-                    'pk': item.pk,
-                    'title': item.name,
-                    'is_rig': item.is_rig,
-                    'status': str(item.get_status_display()),
-                    'earliest': item.earliest_time.isoformat(),
-                    'latest': item.latest_time.isoformat(),
-                    'url': str(item.get_absolute_url())
-                }
-
-                results.append(data)
-            json = simplejson.dumps(results)
-            return HttpResponse(json, content_type="application/json")  # Always json
-
-        return HttpResponse(model)
-
-
-class ProfileDetail(generic.DetailView):
-    template_name = "profile_detail.html"
-    model = models.Profile
-
-    def get_queryset(self):
-        try:
-            pk = self.kwargs['pk']
-        except KeyError:
-            pk = self.request.user.id
-            self.kwargs['pk'] = pk
-
-        return self.model.objects.filter(pk=pk)
-
-
-class ProfileUpdateSelf(generic.UpdateView):
-    template_name = "profile_form.html"
-    model = models.Profile
-    fields = ['first_name', 'last_name', 'email', 'initials', 'phone']
-
-    def get_queryset(self):
-        pk = self.request.user.id
-        self.kwargs['pk'] = pk
-
-        return self.model.objects.filter(pk=pk)
-
-    def get_success_url(self):
-        url = reverse_lazy('profile_detail')
-        return url
-
-
-class ResetApiKey(generic.RedirectView):
-    def get_redirect_url(self, *args, **kwargs):
-        self.request.user.api_key = self.request.user.make_api_key()
-
-        self.request.user.save()
-
-        return reverse_lazy('profile_detail')