454 lines
15 KiB
Python
454 lines
15 KiB
Python
from rest_framework.decorators import api_view
|
|
from django.http import JsonResponse
|
|
from .models import *
|
|
from .policy import pol
|
|
import os
|
|
from django.core.mail import EmailMultiAlternatives
|
|
from django.template.loader import render_to_string
|
|
from decouple import config
|
|
|
|
def get_report(report_pk):
|
|
"""
|
|
Returns a python object representation of the specified section.
|
|
|
|
report_pk -- ID of the report to compile.
|
|
"""
|
|
queryset = Report.objects.filter(id=report_pk)
|
|
for i in queryset:
|
|
data = {
|
|
"report_pk": report_pk,
|
|
"title": i.title,
|
|
"date_created": i.date_created,
|
|
"submitted": i.submitted,
|
|
"date_submitted": i.date_submitted,
|
|
"reference_number": i.reference_number,
|
|
}
|
|
# append the sections for each report
|
|
data.update(get_sections(i.id))
|
|
|
|
# return JsonResponse(data)
|
|
return data
|
|
|
|
def get_sections(r_id):
|
|
"""
|
|
Returns a python object array of sections for the specified report.
|
|
|
|
r_id -- ID of the report to compile sections for.
|
|
"""
|
|
# create a dict of arrays for section
|
|
section_set = {"sections": []}
|
|
queryset = Section.objects.filter(report_id=r_id)
|
|
for index in range(len(queryset)):
|
|
i = queryset[index]
|
|
data = {
|
|
"id": i.id,
|
|
"completed": i.completed,
|
|
"title": i.title,
|
|
"html_description": i.html_description,
|
|
"rule_violations": [],
|
|
}
|
|
# append the fields for corresponding section
|
|
data.update(get_fields(i.id))
|
|
# process rules from the policy file if the section is completed
|
|
if i.completed and not i.approved:
|
|
try:
|
|
rules = pol.sections[index].rules
|
|
for rule in rules:
|
|
try:
|
|
named_fields = generate_named_fields_for_section(data['fields'])
|
|
result = rule['rule'](data, named_fields)
|
|
if not result is None:
|
|
info = {
|
|
"label": rule['title'],
|
|
"rule_break_text": result,
|
|
}
|
|
data['rule_violations'].append(info)
|
|
except Exception as e:
|
|
print('Rule "{}" encountered an error. {}'.format(rule['title'], e))
|
|
except Exception as e:
|
|
print('Error accessing policy section {}. Policy file may have changed.'.format(index))
|
|
# append section to the array
|
|
section_set["sections"].append(data.copy())
|
|
|
|
return section_set
|
|
|
|
def get_fields(s_id):
|
|
"""
|
|
Returns a python object array of fields for the specified section.
|
|
|
|
s_id -- ID of the section to compile fields for.
|
|
"""
|
|
# create dict of arrays for fields
|
|
field_set = {"fields": []}
|
|
queryset = Field.objects.filter(section_id=s_id).order_by('number')
|
|
|
|
for i in queryset:
|
|
# function that gets the corresponding datatype
|
|
value = Field.get_datatype(i)
|
|
data = {
|
|
"field_name": i.field_name,
|
|
"label": i.label,
|
|
"field_type": i.field_type,
|
|
"value": value,
|
|
}
|
|
# append the fields to array
|
|
# use copy() to avoid overwriting
|
|
field_set["fields"].append(data.copy())
|
|
|
|
return field_set
|
|
|
|
def generate_named_fields_for_section(fields):
|
|
"""
|
|
Prepares a dictionary of key-value pairs based on the raw fields
|
|
passed in. Used to pass into the rule lambda functions.
|
|
|
|
fields -- Python object prepared by get_fields
|
|
"""
|
|
result = {}
|
|
for field in fields:
|
|
key = field['field_name']
|
|
value = field['value']
|
|
result[key] = value
|
|
return result
|
|
|
|
@api_view(['POST'])
|
|
def report(request):
|
|
"""
|
|
Generates a new empty report for the current user and returns it
|
|
in json format. The title of the report should be provided as
|
|
follows:
|
|
{
|
|
"title": "Report Title Here"
|
|
}
|
|
"""
|
|
# Create the report
|
|
report = Report.objects.create(
|
|
user_id=request.user,
|
|
title=request.data['title'],
|
|
date_created=datetime.date.today(),
|
|
reference_number=request.data['reference']
|
|
)
|
|
report.save()
|
|
|
|
# Create the sections
|
|
for i in range(len(pol.sections)):
|
|
section = pol.sections[i]
|
|
s = Section.objects.create(report_id=report, auto_submit=section.auto_submit,
|
|
required=section.required, completed=False,
|
|
title=section.title, html_description=section.html_description,
|
|
number=i)
|
|
s.save()
|
|
|
|
# Create the fields
|
|
for key in section.fields:
|
|
field = section.fields[key]
|
|
f = Field.objects.create(section_id=s, field_name=key, label=field['label'],
|
|
number=field['number'], field_type=field['field_type'], completed=False)
|
|
f.save()
|
|
|
|
# Return the newly created report
|
|
data = get_report(report.id)
|
|
return JsonResponse(data)
|
|
|
|
@api_view(['GET'])
|
|
def reports(request):
|
|
"""
|
|
Returns a condensed version of the current user's reports in json
|
|
format.
|
|
"""
|
|
report_set = {"reports": []}
|
|
queryset = Report.objects.all().filter(user_id=request.user.id).order_by('date_created')
|
|
for i in queryset:
|
|
data = {
|
|
"user_id": request.user.id,
|
|
"report_pk": i.id,
|
|
"title": i.title,
|
|
"date_created": i.date_created,
|
|
"submitted": i.submitted,
|
|
"date_submitted": i.date_submitted,
|
|
"reference_number": i.reference_number,
|
|
}
|
|
# append the sections for each report
|
|
report_set["reports"].append(data.copy())
|
|
|
|
return JsonResponse(report_set)
|
|
|
|
def user_owns_report(user, report):
|
|
"""
|
|
Returns true if the specified user is owner of the report.
|
|
|
|
report -- ID of the report to check.
|
|
"""
|
|
report_to_check = Report.objects.filter(id=report)
|
|
if len(report_to_check) < 1:
|
|
return False
|
|
return report_to_check[0].user_id == user
|
|
|
|
@api_view(['GET', 'PUT', 'DELETE'])
|
|
def report_detail(request, report_pk):
|
|
"""
|
|
Handler for individual report actions. Actions are divided into
|
|
GET, PUT, and DELETE requests.
|
|
|
|
report_pk -- ID of the report to carry out the action on.
|
|
"""
|
|
# Check that the user owns the report
|
|
if not user_owns_report(user=request.user, report=report_pk):
|
|
return JsonResponse({"message": "Current user does not own the specified report."}, status=401)
|
|
|
|
# GET: Retrieves a json representation of the specified report
|
|
if request.method == 'GET':
|
|
data = get_report(report_pk)
|
|
return JsonResponse(data)
|
|
|
|
# PUT: Submits a report to the administrator for review,
|
|
# but is still allowed to make further changes
|
|
elif request.method == 'PUT':
|
|
# rep = Report.objects.get(id=report_pk)
|
|
# if rep.submitted:
|
|
# return JsonResponse({"message": "Cannot submit a report that has already been submitted."}, status=409)
|
|
# rep.submitted = True
|
|
# rep.save()
|
|
|
|
# Send email
|
|
send_report_to_admin(request, report_pk)
|
|
return JsonResponse({"message": "Report submitted for review."})
|
|
|
|
# DELETE: Deletes a report from the user's account.
|
|
elif request.method == 'DELETE':
|
|
r = Report.objects.get(id=report_pk)
|
|
if r.submitted == True:
|
|
return JsonResponse({"message": "Cannot delete a report that has been submitted."}, status=409)
|
|
# get corresponding sections
|
|
section_set = Section.objects.filter(report_id=report_pk)
|
|
for i in section_set:
|
|
# gets the fields that only have a data file in them
|
|
field_set = Field.objects.filter(section_id=i.id).exclude(data_file__exact='')
|
|
if field_set.exists():
|
|
for j in field_set:
|
|
# delete the file if exists
|
|
path_name = str(j.data_file)
|
|
os.remove(path_name)
|
|
# delete the full report and catch the title
|
|
title = r.title
|
|
r.delete()
|
|
return JsonResponse({"message": "Deleted report: {0}.".format(title)})
|
|
|
|
@api_view(['PUT'])
|
|
def finalize_report(request, report_pk):
|
|
"""
|
|
This function serves as an API endpoint for submitting
|
|
the final report.
|
|
|
|
:param request: incoming request packet
|
|
:param report_pk: report ID
|
|
:return: JSON response containing user message
|
|
"""
|
|
r = Report.objects.get(id=report_pk)
|
|
if r.submitted:
|
|
return JsonResponse({"message": "Cannot submit a report that has already been submitted."}, status=409)
|
|
r.submitted = True
|
|
r.save()
|
|
# Send email
|
|
send_report_to_admin(request, report_pk)
|
|
return JsonResponse({"message": "Final report submitted."})
|
|
|
|
|
|
def user_owns_section(user, section):
|
|
"""
|
|
Returns true if the specified user is owner of the section.
|
|
|
|
section -- ID of the section to check.
|
|
"""
|
|
section_to_check = Section.objects.filter(id=section)
|
|
if len(section_to_check) < 1:
|
|
return False
|
|
report_to_check = section_to_check[0].report_id
|
|
return report_to_check.user_id == user
|
|
|
|
@api_view(['PUT'])
|
|
def section(request, report_pk, section_pk):
|
|
"""
|
|
Updates the specified section with new data.
|
|
|
|
section_pk -- Section for which the data should be updated.
|
|
"""
|
|
# Check that the user owns the report
|
|
if not user_owns_section(user=request.user, section=section_pk):
|
|
return JsonResponse({"message": "Current user does not own the specified section."}, status=401)
|
|
|
|
# Check that the report isn't submitted
|
|
if Section.objects.get(id=section_pk).report_id.submitted:
|
|
return JsonResponse({"message": "Cannot update a report that has been submitted."}, status=409)
|
|
|
|
for key in request.data:
|
|
# get the matching field object
|
|
update = Field.objects.get(section_id=section_pk, field_name=key)
|
|
|
|
if update.field_type == "boolean":
|
|
# flight check
|
|
if request.data[key] == "true":
|
|
update.data_bool = True
|
|
elif request.data[key] == "false":
|
|
update.data_bool = False
|
|
update.completed = True
|
|
|
|
if update.field_type == "decimal":
|
|
# initialize to 0
|
|
if (
|
|
request.data[key] == "" or
|
|
request.data[key] is None
|
|
):
|
|
update.data_decimal = 0.0
|
|
else:
|
|
update.completed = True
|
|
update.data_decimal = request.data[key]
|
|
|
|
if update.field_type == "date":
|
|
# initialize to today's date
|
|
if (
|
|
request.data[key] == "" or
|
|
request.data[key] is None
|
|
):
|
|
update.data_date = None
|
|
else:
|
|
update.completed = True
|
|
update.data_date = request.data[key]
|
|
|
|
if update.field_type == "file":
|
|
if not(
|
|
request.data[key] == "" or
|
|
request.data[key] is None
|
|
):
|
|
update.completed = True
|
|
update.data_file = request.data[key]
|
|
|
|
if update.field_type == "string":
|
|
if not(
|
|
request.data[key] == "" or
|
|
request.data[key] is None
|
|
):
|
|
update.completed = True
|
|
update.data_string = request.data[key]
|
|
|
|
|
|
if update.field_type == "integer":
|
|
# initialize to 0
|
|
if (
|
|
request.data[key] == "" or
|
|
request.data[key] is None
|
|
):
|
|
update.data_integer = 0
|
|
else:
|
|
update.completed = True
|
|
update.data_integer = request.data[key]
|
|
|
|
update.save()
|
|
|
|
# update section boolean to complete
|
|
complete = section_complete(section_pk)
|
|
s = Section.objects.get(id=section_pk)
|
|
if complete:
|
|
s.completed = True
|
|
else:
|
|
s.completed = False
|
|
s.save()
|
|
|
|
# get section and field details
|
|
data = {
|
|
"id": s.id,
|
|
"completed": s.completed,
|
|
"title": s.title,
|
|
"html_description": s.html_description,
|
|
"rule_violations": [],
|
|
}
|
|
data.update(get_fields(s.id))
|
|
# process rules from the policy file if the section is completed
|
|
if s.completed and not s.approved:
|
|
try:
|
|
rules = pol.sections[s.number].rules
|
|
for rule in rules:
|
|
try:
|
|
named_fields = generate_named_fields_for_section(data['fields'])
|
|
result = rule['rule'](data, named_fields)
|
|
if not result is None:
|
|
info = {
|
|
"label": rule['title'],
|
|
"rule_break_text": result,
|
|
}
|
|
data['rule_violations'].append(info)
|
|
except Exception as e:
|
|
print('Rule "{}" encountered an error. {}'.format(rule['title'], e))
|
|
except Exception as e:
|
|
print('Error accessing policy section {}. Policy file may have been changed.'.format(s.number))
|
|
return JsonResponse(data)
|
|
|
|
def section_complete(section_pk):
|
|
"""
|
|
Returns True if any fields of the specified section have been
|
|
entered by the user. This means that entering even one field
|
|
will count the entire section as "complete".
|
|
|
|
section_pk -- ID of the section whose fields you wish to check.
|
|
"""
|
|
# grab field set
|
|
check_fields = Field.objects.filter(section_id=section_pk)
|
|
|
|
# return true if any field is complete
|
|
for i in check_fields:
|
|
if i.completed:
|
|
return True
|
|
return False
|
|
|
|
def send_report_to_admin(request, report_pk):
|
|
"""
|
|
Sends an email message to admin with html/txt version of report,
|
|
along with file attachments. Cc sent to user.
|
|
|
|
request -- Request object with user info inside
|
|
report_pk -- ID of the report to submit
|
|
"""
|
|
params = get_report(report_pk)
|
|
to_email = config('SUBMIT_REPORT_DESTINATION_EMAIL')
|
|
from_email = config('SUBMIT_REPORT_FROM_EMAIL')
|
|
cc = request.user.email
|
|
msg_html = render_to_string('backend/email.html', params)
|
|
msg_plain = render_to_string('backend/email.txt', params)
|
|
message = None
|
|
if params['reference_number'] == '':
|
|
message = EmailMultiAlternatives(
|
|
"{}".format(params['title']),
|
|
msg_plain,
|
|
from_email,
|
|
[to_email],
|
|
cc=[request.user.email],
|
|
)
|
|
else:
|
|
message = EmailMultiAlternatives(
|
|
"[RT - Request Tracker #{}] {}".format(params['reference_number'], params['title']),
|
|
msg_plain,
|
|
from_email,
|
|
[to_email],
|
|
cc=[request.user.email],
|
|
)
|
|
message.attach_alternative(msg_html, "text/html")
|
|
for f in get_files(report_pk):
|
|
message.attach_file(f)
|
|
message.send()
|
|
|
|
def get_files(report_pk):
|
|
"""
|
|
collects all the files in a particular report and returns them
|
|
in an array.
|
|
|
|
report_pk -- ID of the report to collect files for
|
|
"""
|
|
sections = Section.objects.filter(report_id=report_pk)
|
|
files = []
|
|
for section in sections:
|
|
fields = Field.objects.filter(section_id=section.id, completed=True)
|
|
for field in fields:
|
|
if field.field_type == "file":
|
|
print("appending {}".format(field.data_file.name))
|
|
files.append(field.data_file.name)
|
|
return files
|