Add authorization requests

This commit is contained in:
Keannu Bernasol 2025-01-09 02:10:42 +08:00
parent 41507aa550
commit 9529560fed
12 changed files with 280 additions and 0 deletions

View file

@ -13,6 +13,7 @@ urlpatterns = [
path("accounts/", include("accounts.urls")), path("accounts/", include("accounts.urls")),
path("documents/", include("documents.urls")), path("documents/", include("documents.urls")),
path("requests/", include("document_requests.urls")), path("requests/", include("document_requests.urls")),
path("authorization_requests/", include("authorization_requests.urls")),
path("questionnaires/", include("questionnaires.urls")), path("questionnaires/", include("questionnaires.urls")),
path("admin/", admin.site.urls), path("admin/", admin.site.urls),
path("schema/", SpectacularAPIView.as_view(), name="schema"), path("schema/", SpectacularAPIView.as_view(), name="schema"),

View file

@ -0,0 +1,11 @@
from django.contrib import admin
from unfold.admin import ModelAdmin
from .models import AuthorizationRequest
# Register your models here.
@admin.register(AuthorizationRequest)
class AuthorizationRequestAdmin(ModelAdmin):
search_fields = ["id"]
list_display = ["id", "date_requested", "status", "college"]

View file

@ -0,0 +1,6 @@
from django.apps import AppConfig
class AuthorizationRequestsConfig(AppConfig):
default_auto_field = "django.db.models.BigAutoField"
name = "authorization_requests"

View file

@ -0,0 +1,61 @@
# Generated by Django 5.1.3 on 2025-01-08 16:56
import django.db.models.deletion
import django.utils.timezone
from django.conf import settings
from django.db import migrations, models
class Migration(migrations.Migration):
initial = True
dependencies = [
migrations.swappable_dependency(settings.AUTH_USER_MODEL),
]
operations = [
migrations.CreateModel(
name="AuthorizationRequest",
fields=[
(
"id",
models.BigAutoField(
auto_created=True,
primary_key=True,
serialize=False,
verbose_name="ID",
),
),
("documents", models.TextField(max_length=2048)),
(
"date_requested",
models.DateTimeField(
default=django.utils.timezone.now, editable=False
),
),
("college", models.CharField(max_length=64)),
("purpose", models.TextField(max_length=512)),
("remarks", models.TextField(blank=True, max_length=512, null=True)),
(
"status",
models.CharField(
choices=[
("pending", "Pending"),
("approved", "Approved"),
("denied", "Denied"),
],
default="pending",
max_length=32,
),
),
(
"requester",
models.ForeignKey(
on_delete=django.db.models.deletion.CASCADE,
to=settings.AUTH_USER_MODEL,
),
),
],
),
]

View file

@ -0,0 +1,22 @@
from django.db import models
from django.utils.timezone import now
class AuthorizationRequest(models.Model):
requester = models.ForeignKey(
"accounts.CustomUser", on_delete=models.CASCADE)
documents = models.TextField(max_length=2048, blank=False, null=False)
date_requested = models.DateTimeField(default=now, editable=False)
college = models.CharField(max_length=64, blank=False, null=False)
purpose = models.TextField(max_length=512, blank=False, null=False)
STATUS_CHOICES = (
("pending", "Pending"),
("approved", "Approved"),
("denied", "Denied"),
)
remarks = models.TextField(max_length=512, blank=True, null=True)
status = models.CharField(
max_length=32, choices=STATUS_CHOICES, default="pending")

View file

@ -0,0 +1,109 @@
from rest_framework import serializers
from accounts.models import CustomUser
from emails.templates import RequestUpdateEmail
from .models import AuthorizationRequest
class AuthorizationRequestCreationSerializer(serializers.ModelSerializer):
requester = serializers.SlugRelatedField(
many=False, slug_field="id", queryset=CustomUser.objects.all(), required=False
)
documents = serializers.CharField(max_length=2048, required=True)
college = serializers.CharField(max_length=64)
purpose = serializers.CharField(max_length=512)
class Meta:
model = AuthorizationRequest
fields = ["requester", "college", "purpose", "documents"]
def create(self, validated_data):
user = self.context["request"].user
# Set requester to user who sent HTTP request to prevent spoofing
validated_data["requester"] = user
return AuthorizationRequest.objects.create(**validated_data)
class AuthorizationRequestSerializer(serializers.ModelSerializer):
requester = serializers.SlugRelatedField(
many=False,
slug_field="full_name",
queryset=CustomUser.objects.all(),
)
date_requested = serializers.DateTimeField(
format="%m-%d-%Y %I:%M %p", read_only=True
)
class Meta:
model = AuthorizationRequest
fields = [
"id",
"requester",
"college",
"purpose",
"date_requested",
"documents",
"remarks",
"status",
]
read_only_fields = [
"id",
"requester",
"college",
"purpose",
"date_requested",
"documents",
"remarks,"
"status",
]
class AuthorizationRequestUpdateSerializer(serializers.ModelSerializer):
status = serializers.ChoiceField(
choices=AuthorizationRequest.STATUS_CHOICES, required=True
)
class Meta:
model = AuthorizationRequest
fields = ["id", "status", "remarks"]
read_only_fields = ["id"]
def update(self, instance, validated_data):
print(validated_data)
if instance.status == "denied" or instance.status == "approved":
raise serializers.ValidationError(
{
"error": "Already approved/denied requests cannot be updated. You should instead create a new request and approve it from there"
}
)
elif "status" not in validated_data:
raise serializers.ValidationError(
{
"error": "No status value update provided"
}
)
elif validated_data["status"] == instance.status:
raise serializers.ValidationError(
{"error": "Request form status provided is the same as current status"}
)
elif validated_data["status"] == "denied" and "remarks" not in validated_data:
raise serializers.ValidationError(
{"error": "Request denial requires remarks"}
)
representation = super().update(instance, validated_data)
# Send an email on request status update
try:
email = RequestUpdateEmail()
email.context = {"request_status": validated_data["status"]}
if validated_data["status"] == "denied":
email.context = {"remarks": validated_data["remarks"]}
else:
email.context = {"remarks": "N/A"}
email.send(to=[instance.requester.email])
except:
# Silence out errors if email sending fails
pass
return representation

View file

@ -0,0 +1,12 @@
from django.urls import path, include
from .views import (
AuthorizationRequestCreateView,
AuthorizationRequestUpdateView,
AuthorizationRequestListView,
)
urlpatterns = [
path("create/", AuthorizationRequestCreateView.as_view()),
path("list/", AuthorizationRequestListView.as_view()),
path("update/<int:pk>/", AuthorizationRequestUpdateView.as_view()),
]

View file

@ -0,0 +1,53 @@
from rest_framework import generics
from rest_framework.permissions import IsAuthenticated
from rest_framework.pagination import PageNumberPagination
from accounts.permissions import IsHead, IsStaff
from rest_framework.pagination import PageNumberPagination
from .serializers import (
AuthorizationRequestCreationSerializer,
AuthorizationRequestSerializer,
AuthorizationRequestUpdateSerializer
)
from .models import AuthorizationRequest
class AuthorizationRequestCreateView(generics.CreateAPIView):
"""
Used by clients to create authorization requests. Requires passing in request information in addition to the documents themselves
"""
http_method_names = ["post"]
serializer_class = AuthorizationRequestCreationSerializer
permission_classes = [IsAuthenticated]
class AuthorizationRequestListView(generics.ListAPIView):
"""
Returns authorization requests. If authorization requests are approved, also returns the link to download the document.
Staff/Head are able to view all authorization requests here. Clients are only able to view their own requests.
"""
http_method_names = ["get"]
serializer_class = AuthorizationRequestSerializer
pagination_class = PageNumberPagination
permission_classes = [IsAuthenticated]
def get_queryset(self):
user = self.request.user
if user.role == "client":
queryset = AuthorizationRequest.objects.filter(requester=user)
else:
queryset = AuthorizationRequest.objects.all()
return queryset
class AuthorizationRequestUpdateView(generics.UpdateAPIView):
"""
Used by head approve or deny authorization requests.
"""
http_method_names = ["patch"]
serializer_class = AuthorizationRequestUpdateSerializer
permission_classes = [IsAuthenticated, IsHead]
queryset = AuthorizationRequest.objects.all()

View file

@ -96,6 +96,7 @@ INSTALLED_APPS = [
"accounts", "accounts",
"documents", "documents",
"document_requests", "document_requests",
"authorization_requests",
"questionnaires", "questionnaires",
"django_cleanup.apps.CleanupConfig", "django_cleanup.apps.CleanupConfig",
] ]

View file

@ -35,6 +35,10 @@ class DocumentRequestCreationSerializer(serializers.ModelSerializer):
def create(self, validated_data): def create(self, validated_data):
user = self.context["request"].user user = self.context["request"].user
documents_data = validated_data.pop("documents") documents_data = validated_data.pop("documents")
if not documents_data:
raise serializers.ValidationError(
{"error": "No documents provided"}
)
# Set requester to user who sent HTTP request to prevent spoofing # Set requester to user who sent HTTP request to prevent spoofing
validated_data["requester"] = user validated_data["requester"] = user