108 lines
3.8 KiB
Python
108 lines
3.8 KiB
Python
import requests
|
|
import json
|
|
|
|
from django.contrib.auth.models import User
|
|
|
|
from rest_framework import mixins, permissions, status, viewsets
|
|
from rest_framework.authtoken.models import Token
|
|
from rest_framework.decorators import api_view, permission_classes
|
|
from rest_framework.response import Response
|
|
|
|
from . import models, serializers
|
|
from authserver.settings import PROTOSPACE_LOGIN_PAGE
|
|
|
|
class IsLockoutAdmin(permissions.BasePermission):
|
|
def has_permission(self, request, view):
|
|
try:
|
|
return request.user.profile.lockout_admin
|
|
except AttributeError:
|
|
return False
|
|
|
|
class CategoryViewSet(viewsets.ModelViewSet):
|
|
queryset = models.Category.objects.all().order_by('id')
|
|
serializer_class = serializers.CategorySerializer
|
|
permission_classes = (IsLockoutAdmin,)
|
|
lookup_field='slug'
|
|
|
|
class ToolViewSet(viewsets.ModelViewSet):
|
|
queryset = models.Tool.objects.all().order_by('id')
|
|
serializer_class = serializers.ToolSerializer
|
|
permission_classes = (IsLockoutAdmin,)
|
|
lookup_field='slug'
|
|
|
|
class ToolDataViewSet(viewsets.ViewSet):
|
|
def list(self, request):
|
|
objects = models.Category.objects.all().order_by('id')
|
|
serializer = serializers.ToolDataSerializer(objects, many=True, context={'request': request})
|
|
return Response({'categories': serializer.data})
|
|
|
|
class ProfileViewSet(
|
|
mixins.RetrieveModelMixin,
|
|
mixins.UpdateModelMixin,
|
|
mixins.ListModelMixin,
|
|
viewsets.GenericViewSet):
|
|
queryset = models.Profile.objects.all().order_by('-user__date_joined')
|
|
serializer_class = serializers.ProfileSerializer
|
|
permission_classes = (IsLockoutAdmin,)
|
|
|
|
class UserViewSet(viewsets.ReadOnlyModelViewSet):
|
|
serializer_class = serializers.UserSerializer
|
|
permission_classes = (permissions.IsAuthenticated,)
|
|
|
|
def get_queryset(self):
|
|
return User.objects.filter(username=self.request.user)
|
|
|
|
@api_view(["POST"])
|
|
def login(request):
|
|
username = request.data.get("username")
|
|
password = request.data.get("password")
|
|
if username is None or password is None:
|
|
return Response({'error': 'Please provide both username and password'},
|
|
status=status.HTTP_400_BAD_REQUEST)
|
|
|
|
post_data = {'user_name': username, 'web_pw': password, 'SubmitButton': 'Login'}
|
|
res = requests.post(PROTOSPACE_LOGIN_PAGE, post_data, allow_redirects=False)
|
|
if res.status_code == requests.codes.ok:
|
|
return Response({'error': 'Invalid Credentials'}, status=status.HTTP_404_NOT_FOUND)
|
|
|
|
user, created = User.objects.get_or_create(username=username)
|
|
user.set_password(password) # not validated
|
|
user.save()
|
|
|
|
if created:
|
|
models.Profile.objects.create(user=user)
|
|
|
|
token, _ = Token.objects.get_or_create(user=user)
|
|
|
|
return Response({'token': token.key}, status=status.HTTP_200_OK)
|
|
|
|
@api_view(["GET"])
|
|
def cards(request, mac):
|
|
cards = models.Card.objects.all().filter(profile__authorized_tools__mac=mac)
|
|
card_numbers = [card.number for card in cards]
|
|
|
|
return Response(','.join(card_numbers), status=status.HTTP_200_OK)
|
|
|
|
@api_view(["PUT"])
|
|
@permission_classes((IsLockoutAdmin,))
|
|
def update_cards(request):
|
|
data = request.data
|
|
updated_count = 0
|
|
|
|
if not data:
|
|
return Response({'error': 'Please provide card data in the form username=cardnumber'},
|
|
status=status.HTTP_400_BAD_REQUEST)
|
|
|
|
for username, card_number in data.items():
|
|
try:
|
|
profile = models.Profile.objects.get(user__username=username)
|
|
card, _ = models.Card.objects.update_or_create(
|
|
profile=profile,
|
|
defaults={'number': card_number}
|
|
)
|
|
if card: updated_count += 1
|
|
except:
|
|
continue
|
|
|
|
return Response({'updated': updated_count}, status=status.HTTP_200_OK)
|