2019-04-03 13:55:34 +03:00
|
|
|
# -*- encoding: utf-8 -*-
|
|
|
|
|
|
|
|
|
|
from datetime import date, datetime, timedelta # timeSlices
|
|
|
|
|
from collections import OrderedDict
|
|
|
|
|
|
|
|
|
|
import django
|
|
|
|
|
from django.http import HttpResponse, HttpResponseRedirect
|
|
|
|
|
from django.template import Template, RequestContext, loader
|
2019-04-12 00:57:56 +03:00
|
|
|
from django.shortcuts import render, redirect
|
2019-04-03 13:55:34 +03:00
|
|
|
|
|
|
|
|
from django.contrib.auth.decorators import login_required
|
|
|
|
|
from django.urls import reverse
|
|
|
|
|
from django.views.decorators.csrf import ensure_csrf_cookie
|
|
|
|
|
from django import forms
|
|
|
|
|
from django.forms import ModelForm
|
|
|
|
|
from django.contrib import messages
|
|
|
|
|
from django.utils.translation import ugettext_lazy as _
|
|
|
|
|
from django.utils.translation import pgettext, pgettext_lazy
|
|
|
|
|
|
|
|
|
|
from django.db import transaction
|
|
|
|
|
from django.db.models import F
|
|
|
|
|
|
|
|
|
|
from django.core.exceptions import ValidationError
|
|
|
|
|
|
|
|
|
|
import logging
|
|
|
|
|
|
|
|
|
|
from django.conf import settings as appSettings
|
|
|
|
|
|
|
|
|
|
from . import models
|
|
|
|
|
from . import forms
|
|
|
|
|
from . import auth as nalodeni_auth
|
|
|
|
|
|
|
|
|
|
# Logger instance
|
|
|
|
|
logger = logging.getLogger(__name__)
|
|
|
|
|
|
|
|
|
|
def role_required(roles=[]):
|
|
|
|
|
def decorate(func):
|
|
|
|
|
def call(request, *args, **kwargs):
|
|
|
|
|
for r in roles:
|
|
|
|
|
if not r in request.session['site_perms']:
|
|
|
|
|
messages.error(request, "Nedostatečné oprávnění pro přístup. Detaily byly zaznamenány.")
|
|
|
|
|
return HttpResponseRedirect('/')
|
|
|
|
|
result = func(request, *args, **kwargs)
|
|
|
|
|
return result
|
|
|
|
|
return call
|
|
|
|
|
return decorate
|
|
|
|
|
|
|
|
|
|
def get_AppUser_objects(request):
|
|
|
|
|
''' Zkontroluje, že všechny objekty v 'objs' vyhovují přiděleným rolím.
|
|
|
|
|
Nevyhovující vyřadí.
|
|
|
|
|
'''
|
|
|
|
|
sp = request.session['site_perms']
|
|
|
|
|
if 'sso_kodo' not in sp:
|
|
|
|
|
return models.AppUser.objects.none()
|
|
|
|
|
|
|
|
|
|
if 'sso_admin' in sp:
|
|
|
|
|
return models.AppUser.objects.all()
|
|
|
|
|
|
|
|
|
|
objs = models.AppUser.objects.filter(district__in=request.session['spc']['dist'])
|
|
|
|
|
|
|
|
|
|
return objs
|
|
|
|
|
|
|
|
|
|
def get_AppUser_districts(request):
|
|
|
|
|
'''Vrátí dostupné kraje podle rolí.'''
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if 'sso_admin' in request.session['site_perms']:
|
|
|
|
|
return list(models.AppUser.DISTRICT_CHOICES)
|
|
|
|
|
|
|
|
|
|
rslt = []
|
|
|
|
|
for d in models.AppUser.DISTRICT_CHOICES:
|
|
|
|
|
if d[0] in request.session['spc']['dist']:
|
|
|
|
|
rslt.append(d)
|
|
|
|
|
|
|
|
|
|
return rslt
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@ensure_csrf_cookie
|
|
|
|
|
@login_required(login_url="/prihlaseni")
|
|
|
|
|
@role_required(['sso_kodo'])
|
|
|
|
|
def confirmed(request, newOnly=False, dist=None):
|
|
|
|
|
if dist is None:
|
|
|
|
|
dist = int(request.POST.get('dist', -1))
|
|
|
|
|
|
|
|
|
|
objs = get_AppUser_objects(request).order_by('last_name', 'first_name' ,'email')
|
|
|
|
|
|
|
|
|
|
if newOnly:
|
|
|
|
|
objs = objs.filter(status=models.AppUser.STATUS_NEW)
|
|
|
|
|
else:
|
|
|
|
|
objs = objs.filter(status=models.AppUser.STATUS_REG)
|
|
|
|
|
|
|
|
|
|
districts = [(-1, ' -- vše dostupné -- ')] + get_AppUser_districts(request)
|
|
|
|
|
# filtrujeme jen povolene kraje, nebo vse pro adminy
|
|
|
|
|
if dist != -1 and (dist in request.session['spc']['dist'] or 'sso_admin' in request.session['site_perms']):
|
|
|
|
|
selDist = dist
|
|
|
|
|
objs = objs.filter(district=selDist)
|
|
|
|
|
else:
|
|
|
|
|
selDist = -1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
template = 'people/list.html'
|
|
|
|
|
context = {
|
|
|
|
|
'people' : objs,
|
|
|
|
|
'newOnly' : newOnly,
|
|
|
|
|
'distAvail' : districts,
|
|
|
|
|
'selDist' : selDist,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return render(request, template, context)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@ensure_csrf_cookie
|
|
|
|
|
@login_required(login_url="/prihlaseni")
|
|
|
|
|
@role_required(['sso_kodo'])
|
|
|
|
|
def pending(request):
|
|
|
|
|
''' List pending registrations from AppRegEmail. '''
|
|
|
|
|
|
|
|
|
|
show_all = request.GET.get("show_all","no") == "yes"
|
|
|
|
|
|
|
|
|
|
if request.method == "POST":
|
|
|
|
|
act = request.POST.get("action", None)
|
|
|
|
|
ids = request.POST.getlist('r[]')
|
|
|
|
|
|
|
|
|
|
objs = models.AppRegEmail.objects.filter(id__in = ids)
|
|
|
|
|
|
|
|
|
|
if act == "token":
|
|
|
|
|
email_counter = 0
|
|
|
|
|
skipped_counter = 0
|
|
|
|
|
for o in objs:
|
|
|
|
|
# kontrola, jestli uživatel již není registrován
|
|
|
|
|
rslt = models.AppUser.objects.filter(email__iexact=o.email.strip())
|
|
|
|
|
if len(rslt) != 0:
|
|
|
|
|
messages.info(request,'Uživatel s emailem %s již je registrován, požadavek na registaci odstraněn.' % o.email)
|
|
|
|
|
o.delete()
|
|
|
|
|
else:
|
|
|
|
|
if not ( o.etStamp and (datetime.now() - o.etStamp).total_seconds() < int(appSettings.TOKEN_VALID_SEC)):
|
|
|
|
|
# token not valid or not sent
|
|
|
|
|
nalodeni_auth.sendRegisterToken(o.email)
|
|
|
|
|
email_counter += 1
|
|
|
|
|
else:
|
|
|
|
|
skipped_counter += 1
|
|
|
|
|
if email_counter > 0:
|
|
|
|
|
messages.info(request,'Registrační emaily odeslány, celkem odesláno %s zpráv.' % email_counter)
|
|
|
|
|
if skipped_counter > 0:
|
|
|
|
|
messages.info(request,'Celkem %s registrací přeskočeno, ještě jsou platné.' % skipped_counter)
|
|
|
|
|
|
|
|
|
|
elif act == "delete":
|
|
|
|
|
objs.delete()
|
|
|
|
|
messages.info(request,'Registrace odstraněny.')
|
|
|
|
|
|
|
|
|
|
tokenValidAfter = datetime.now() - timedelta(seconds=int(appSettings.TOKEN_VALID_SEC))
|
|
|
|
|
|
|
|
|
|
objs = models.AppRegEmail.objects.all()
|
|
|
|
|
if not show_all:
|
|
|
|
|
# zobrazovat pouze nové registrace
|
|
|
|
|
objs = objs.filter(emailToken = None)
|
|
|
|
|
objs = objs.order_by('etStamp')
|
|
|
|
|
|
|
|
|
|
template = 'people/pending.html'
|
|
|
|
|
context = {
|
|
|
|
|
'people' : objs,
|
|
|
|
|
'tokenValidAfter' : tokenValidAfter,
|
|
|
|
|
'show_all' : show_all,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return render(request, template, context)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@ensure_csrf_cookie
|
|
|
|
|
@login_required(login_url="/prihlaseni")
|
|
|
|
|
@role_required(['sso_kodo'])
|
|
|
|
|
def update(request):
|
|
|
|
|
ids = request.POST.getlist('r[]')
|
|
|
|
|
val = request.POST.get('setStatus', None)
|
|
|
|
|
|
|
|
|
|
if val and val in ['reg','new']:
|
|
|
|
|
objs = get_AppUser_objects(request).filter(id__in=ids)
|
|
|
|
|
|
|
|
|
|
rec = 0
|
|
|
|
|
for o in objs:
|
|
|
|
|
rec += 1
|
|
|
|
|
o.status = o.STATUS_REG if val == 'reg' else o.STATUS_NEW
|
|
|
|
|
o.save()
|
|
|
|
|
|
|
|
|
|
messages.info(request, 'Upraveno celkem %s záznamů.' % rec)
|
|
|
|
|
|
|
|
|
|
if val == 'new':
|
|
|
|
|
return HttpResponseRedirect('/people/list/')
|
|
|
|
|
elif val == "reg":
|
|
|
|
|
return HttpResponseRedirect('/people/list-new/')
|
|
|
|
|
else:
|
|
|
|
|
messages.error(request, 'Špatný požadavek.')
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
return HttpResponseRedirect('/people/list/')
|
|
|
|
|
|
2019-04-12 00:57:56 +03:00
|
|
|
|
|
|
|
|
@login_required(login_url="/prihlaseni")
|
|
|
|
|
@transaction.atomic
|
|
|
|
|
@role_required(['sso_kodo'])
|
|
|
|
|
def person_detail(request, id):
|
|
|
|
|
obj = models.USER_MODEL.objects.get(pk=id)
|
|
|
|
|
|
|
|
|
|
sp = request.session['site_perms']
|
|
|
|
|
sp_sso_kodo = 'sso_kodo' in sp
|
|
|
|
|
sp_sso_admin = 'sso_admin' in sp
|
|
|
|
|
|
|
|
|
|
# Check permissions to edit this object
|
|
|
|
|
if not sp_sso_admin and not obj.district in get_AppUser_districts(request):
|
|
|
|
|
messages.error(request, 'K tomuto záznamu nemáte přístup. ')
|
|
|
|
|
return redirect('nalodeni:people_list')
|
|
|
|
|
|
|
|
|
|
template = 'person/detail.html'
|
|
|
|
|
context = {
|
|
|
|
|
'obj' : obj,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return render(request, template, context)
|
|
|
|
|
|
|
|
|
|
@login_required(login_url="/prihlaseni")
|
|
|
|
|
@transaction.atomic
|
|
|
|
|
@role_required(['sso_kodo'])
|
|
|
|
|
def person_edit(request, id):
|
|
|
|
|
obj = models.USER_MODEL.objects.get(pk=id)
|
|
|
|
|
|
|
|
|
|
sp = request.session['site_perms']
|
|
|
|
|
sp_sso_kodo = 'sso_kodo' in sp
|
|
|
|
|
sp_sso_admin = 'sso_admin' in sp
|
|
|
|
|
|
|
|
|
|
# Check permissions to edit this object
|
|
|
|
|
if not sp_sso_admin and not obj.district in get_AppUser_districts(request):
|
|
|
|
|
messages.error(request, 'K tomuto záznamu nemáte přístup. ')
|
|
|
|
|
return redirect('nalodeni:people_list')
|
|
|
|
|
|
|
|
|
|
if obj.ssoUid:
|
|
|
|
|
_form = forms.AppUserSsoForm
|
|
|
|
|
else:
|
|
|
|
|
_form = forms.AppUserForm
|
|
|
|
|
|
|
|
|
|
if request.method == "GET":
|
|
|
|
|
form = _form(instance=obj)
|
|
|
|
|
|
|
|
|
|
elif request.method == "POST":
|
|
|
|
|
with obj.audit_context(request.user) as ac:
|
|
|
|
|
form = _form(request.POST, instance=obj)
|
|
|
|
|
if form.is_valid():
|
|
|
|
|
form.save()
|
|
|
|
|
|
|
|
|
|
messages.info(request, "Údaje byly uloženy.")
|
|
|
|
|
return redirect('nalodeni:person_detail', form.instance.id)
|
|
|
|
|
|
|
|
|
|
else:
|
|
|
|
|
messages.error(request, "Opravte prosím chyby v zadání.")
|
|
|
|
|
raise ac.DataNotSavedException
|
|
|
|
|
else:
|
|
|
|
|
form = None
|
|
|
|
|
|
|
|
|
|
template = 'person/edit.html'
|
|
|
|
|
context = {
|
|
|
|
|
'obj' : obj,
|
|
|
|
|
'form' : form,
|
|
|
|
|
'AUTH_SERVER' : appSettings.AUTH_SERVER,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return render(request, template, context)
|
|
|
|
|
|
|
|
|
|
|
