mirror of
https://github.com/lemeow125/DocManagerBackend.git
synced 2025-01-18 17:13:00 +08:00
Add authorization requests
This commit is contained in:
parent
41507aa550
commit
9529560fed
12 changed files with 280 additions and 0 deletions
|
|
@ -13,6 +13,7 @@ urlpatterns = [
|
|||
path("accounts/", include("accounts.urls")),
|
||||
path("documents/", include("documents.urls")),
|
||||
path("requests/", include("document_requests.urls")),
|
||||
path("authorization_requests/", include("authorization_requests.urls")),
|
||||
path("questionnaires/", include("questionnaires.urls")),
|
||||
path("admin/", admin.site.urls),
|
||||
path("schema/", SpectacularAPIView.as_view(), name="schema"),
|
||||
|
|
|
|||
0
docmanager_backend/authorization_requests/__init__.py
Normal file
0
docmanager_backend/authorization_requests/__init__.py
Normal file
11
docmanager_backend/authorization_requests/admin.py
Normal file
11
docmanager_backend/authorization_requests/admin.py
Normal file
|
|
@ -0,0 +1,11 @@
|
|||
from django.contrib import admin
|
||||
from unfold.admin import ModelAdmin
|
||||
from .models import AuthorizationRequest
|
||||
|
||||
# Register your models here.
|
||||
|
||||
|
||||
@admin.register(AuthorizationRequest)
|
||||
class AuthorizationRequestAdmin(ModelAdmin):
|
||||
search_fields = ["id"]
|
||||
list_display = ["id", "date_requested", "status", "college"]
|
||||
6
docmanager_backend/authorization_requests/apps.py
Normal file
6
docmanager_backend/authorization_requests/apps.py
Normal file
|
|
@ -0,0 +1,6 @@
|
|||
from django.apps import AppConfig
|
||||
|
||||
|
||||
class AuthorizationRequestsConfig(AppConfig):
|
||||
default_auto_field = "django.db.models.BigAutoField"
|
||||
name = "authorization_requests"
|
||||
|
|
@ -0,0 +1,61 @@
|
|||
# Generated by Django 5.1.3 on 2025-01-08 16:56
|
||||
|
||||
import django.db.models.deletion
|
||||
import django.utils.timezone
|
||||
from django.conf import settings
|
||||
from django.db import migrations, models
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
initial = True
|
||||
|
||||
dependencies = [
|
||||
migrations.swappable_dependency(settings.AUTH_USER_MODEL),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.CreateModel(
|
||||
name="AuthorizationRequest",
|
||||
fields=[
|
||||
(
|
||||
"id",
|
||||
models.BigAutoField(
|
||||
auto_created=True,
|
||||
primary_key=True,
|
||||
serialize=False,
|
||||
verbose_name="ID",
|
||||
),
|
||||
),
|
||||
("documents", models.TextField(max_length=2048)),
|
||||
(
|
||||
"date_requested",
|
||||
models.DateTimeField(
|
||||
default=django.utils.timezone.now, editable=False
|
||||
),
|
||||
),
|
||||
("college", models.CharField(max_length=64)),
|
||||
("purpose", models.TextField(max_length=512)),
|
||||
("remarks", models.TextField(blank=True, max_length=512, null=True)),
|
||||
(
|
||||
"status",
|
||||
models.CharField(
|
||||
choices=[
|
||||
("pending", "Pending"),
|
||||
("approved", "Approved"),
|
||||
("denied", "Denied"),
|
||||
],
|
||||
default="pending",
|
||||
max_length=32,
|
||||
),
|
||||
),
|
||||
(
|
||||
"requester",
|
||||
models.ForeignKey(
|
||||
on_delete=django.db.models.deletion.CASCADE,
|
||||
to=settings.AUTH_USER_MODEL,
|
||||
),
|
||||
),
|
||||
],
|
||||
),
|
||||
]
|
||||
22
docmanager_backend/authorization_requests/models.py
Normal file
22
docmanager_backend/authorization_requests/models.py
Normal file
|
|
@ -0,0 +1,22 @@
|
|||
from django.db import models
|
||||
from django.utils.timezone import now
|
||||
|
||||
|
||||
class AuthorizationRequest(models.Model):
|
||||
requester = models.ForeignKey(
|
||||
"accounts.CustomUser", on_delete=models.CASCADE)
|
||||
documents = models.TextField(max_length=2048, blank=False, null=False)
|
||||
date_requested = models.DateTimeField(default=now, editable=False)
|
||||
college = models.CharField(max_length=64, blank=False, null=False)
|
||||
purpose = models.TextField(max_length=512, blank=False, null=False)
|
||||
|
||||
STATUS_CHOICES = (
|
||||
("pending", "Pending"),
|
||||
("approved", "Approved"),
|
||||
("denied", "Denied"),
|
||||
)
|
||||
|
||||
remarks = models.TextField(max_length=512, blank=True, null=True)
|
||||
|
||||
status = models.CharField(
|
||||
max_length=32, choices=STATUS_CHOICES, default="pending")
|
||||
109
docmanager_backend/authorization_requests/serializers.py
Normal file
109
docmanager_backend/authorization_requests/serializers.py
Normal file
|
|
@ -0,0 +1,109 @@
|
|||
from rest_framework import serializers
|
||||
from accounts.models import CustomUser
|
||||
from emails.templates import RequestUpdateEmail
|
||||
from .models import AuthorizationRequest
|
||||
|
||||
|
||||
class AuthorizationRequestCreationSerializer(serializers.ModelSerializer):
|
||||
requester = serializers.SlugRelatedField(
|
||||
many=False, slug_field="id", queryset=CustomUser.objects.all(), required=False
|
||||
)
|
||||
documents = serializers.CharField(max_length=2048, required=True)
|
||||
college = serializers.CharField(max_length=64)
|
||||
purpose = serializers.CharField(max_length=512)
|
||||
|
||||
class Meta:
|
||||
model = AuthorizationRequest
|
||||
fields = ["requester", "college", "purpose", "documents"]
|
||||
|
||||
def create(self, validated_data):
|
||||
user = self.context["request"].user
|
||||
|
||||
# Set requester to user who sent HTTP request to prevent spoofing
|
||||
validated_data["requester"] = user
|
||||
|
||||
return AuthorizationRequest.objects.create(**validated_data)
|
||||
|
||||
|
||||
class AuthorizationRequestSerializer(serializers.ModelSerializer):
|
||||
requester = serializers.SlugRelatedField(
|
||||
many=False,
|
||||
slug_field="full_name",
|
||||
queryset=CustomUser.objects.all(),
|
||||
)
|
||||
date_requested = serializers.DateTimeField(
|
||||
format="%m-%d-%Y %I:%M %p", read_only=True
|
||||
)
|
||||
|
||||
class Meta:
|
||||
model = AuthorizationRequest
|
||||
fields = [
|
||||
"id",
|
||||
"requester",
|
||||
"college",
|
||||
"purpose",
|
||||
"date_requested",
|
||||
"documents",
|
||||
"remarks",
|
||||
"status",
|
||||
]
|
||||
read_only_fields = [
|
||||
"id",
|
||||
"requester",
|
||||
"college",
|
||||
"purpose",
|
||||
"date_requested",
|
||||
"documents",
|
||||
"remarks,"
|
||||
"status",
|
||||
]
|
||||
|
||||
|
||||
class AuthorizationRequestUpdateSerializer(serializers.ModelSerializer):
|
||||
status = serializers.ChoiceField(
|
||||
choices=AuthorizationRequest.STATUS_CHOICES, required=True
|
||||
)
|
||||
|
||||
class Meta:
|
||||
model = AuthorizationRequest
|
||||
fields = ["id", "status", "remarks"]
|
||||
read_only_fields = ["id"]
|
||||
|
||||
def update(self, instance, validated_data):
|
||||
print(validated_data)
|
||||
if instance.status == "denied" or instance.status == "approved":
|
||||
raise serializers.ValidationError(
|
||||
{
|
||||
"error": "Already approved/denied requests cannot be updated. You should instead create a new request and approve it from there"
|
||||
}
|
||||
)
|
||||
elif "status" not in validated_data:
|
||||
raise serializers.ValidationError(
|
||||
{
|
||||
"error": "No status value update provided"
|
||||
}
|
||||
)
|
||||
elif validated_data["status"] == instance.status:
|
||||
raise serializers.ValidationError(
|
||||
{"error": "Request form status provided is the same as current status"}
|
||||
)
|
||||
elif validated_data["status"] == "denied" and "remarks" not in validated_data:
|
||||
raise serializers.ValidationError(
|
||||
{"error": "Request denial requires remarks"}
|
||||
)
|
||||
representation = super().update(instance, validated_data)
|
||||
|
||||
# Send an email on request status update
|
||||
try:
|
||||
email = RequestUpdateEmail()
|
||||
email.context = {"request_status": validated_data["status"]}
|
||||
if validated_data["status"] == "denied":
|
||||
email.context = {"remarks": validated_data["remarks"]}
|
||||
else:
|
||||
email.context = {"remarks": "N/A"}
|
||||
email.send(to=[instance.requester.email])
|
||||
except:
|
||||
# Silence out errors if email sending fails
|
||||
pass
|
||||
|
||||
return representation
|
||||
12
docmanager_backend/authorization_requests/urls.py
Normal file
12
docmanager_backend/authorization_requests/urls.py
Normal file
|
|
@ -0,0 +1,12 @@
|
|||
from django.urls import path, include
|
||||
from .views import (
|
||||
AuthorizationRequestCreateView,
|
||||
AuthorizationRequestUpdateView,
|
||||
AuthorizationRequestListView,
|
||||
)
|
||||
|
||||
urlpatterns = [
|
||||
path("create/", AuthorizationRequestCreateView.as_view()),
|
||||
path("list/", AuthorizationRequestListView.as_view()),
|
||||
path("update/<int:pk>/", AuthorizationRequestUpdateView.as_view()),
|
||||
]
|
||||
53
docmanager_backend/authorization_requests/views.py
Normal file
53
docmanager_backend/authorization_requests/views.py
Normal file
|
|
@ -0,0 +1,53 @@
|
|||
from rest_framework import generics
|
||||
from rest_framework.permissions import IsAuthenticated
|
||||
from rest_framework.pagination import PageNumberPagination
|
||||
from accounts.permissions import IsHead, IsStaff
|
||||
from rest_framework.pagination import PageNumberPagination
|
||||
from .serializers import (
|
||||
AuthorizationRequestCreationSerializer,
|
||||
AuthorizationRequestSerializer,
|
||||
AuthorizationRequestUpdateSerializer
|
||||
)
|
||||
|
||||
from .models import AuthorizationRequest
|
||||
|
||||
|
||||
class AuthorizationRequestCreateView(generics.CreateAPIView):
|
||||
"""
|
||||
Used by clients to create authorization requests. Requires passing in request information in addition to the documents themselves
|
||||
"""
|
||||
|
||||
http_method_names = ["post"]
|
||||
serializer_class = AuthorizationRequestCreationSerializer
|
||||
permission_classes = [IsAuthenticated]
|
||||
|
||||
|
||||
class AuthorizationRequestListView(generics.ListAPIView):
|
||||
"""
|
||||
Returns authorization requests. If authorization requests are approved, also returns the link to download the document.
|
||||
Staff/Head are able to view all authorization requests here. Clients are only able to view their own requests.
|
||||
"""
|
||||
|
||||
http_method_names = ["get"]
|
||||
serializer_class = AuthorizationRequestSerializer
|
||||
pagination_class = PageNumberPagination
|
||||
permission_classes = [IsAuthenticated]
|
||||
|
||||
def get_queryset(self):
|
||||
user = self.request.user
|
||||
if user.role == "client":
|
||||
queryset = AuthorizationRequest.objects.filter(requester=user)
|
||||
else:
|
||||
queryset = AuthorizationRequest.objects.all()
|
||||
return queryset
|
||||
|
||||
|
||||
class AuthorizationRequestUpdateView(generics.UpdateAPIView):
|
||||
"""
|
||||
Used by head approve or deny authorization requests.
|
||||
"""
|
||||
|
||||
http_method_names = ["patch"]
|
||||
serializer_class = AuthorizationRequestUpdateSerializer
|
||||
permission_classes = [IsAuthenticated, IsHead]
|
||||
queryset = AuthorizationRequest.objects.all()
|
||||
|
|
@ -96,6 +96,7 @@ INSTALLED_APPS = [
|
|||
"accounts",
|
||||
"documents",
|
||||
"document_requests",
|
||||
"authorization_requests",
|
||||
"questionnaires",
|
||||
"django_cleanup.apps.CleanupConfig",
|
||||
]
|
||||
|
|
|
|||
|
|
@ -35,6 +35,10 @@ class DocumentRequestCreationSerializer(serializers.ModelSerializer):
|
|||
def create(self, validated_data):
|
||||
user = self.context["request"].user
|
||||
documents_data = validated_data.pop("documents")
|
||||
if not documents_data:
|
||||
raise serializers.ValidationError(
|
||||
{"error": "No documents provided"}
|
||||
)
|
||||
# Set requester to user who sent HTTP request to prevent spoofing
|
||||
validated_data["requester"] = user
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue