from django.shortcuts import render, redirect, reverse from django.contrib.auth.mixins import LoginRequiredMixin, UserPassesTestMixin from django.contrib.auth.decorators import login_required from django.conf import settings from .usersforms import UsersAddNewUser, UsersAddProfileForm, UsersChangeProfil, AgencyUpdateForm, UsersPermForm, UserAreaTaskForm, SupportForm from django.views.generic import CreateView, ListView, UpdateView, DetailView, DeleteView, View from django.contrib import messages from django.contrib.auth.models import User from django.db import models from .models import Profile, Agency from django.core.mail import send_mail from django.contrib.auth.models import Permission from django.http import HttpResponseRedirect,HttpResponse, JsonResponse from areas.models import Areas from tasks.models import Tasks from .priomodel import Prio from standards.models import Standards from datetime import datetime from django.utils import formats from news.models import News import requests import json from PIL import Image from django.template.loader import render_to_string ''' DASHBOARD-View View nach erfolgreichem Login Dashboard Templates: welcomeusers.html und base.html ''' class AgencyCreateView(CreateView): model = User fields = ['first_name', 'last_name','username', 'email'] success_url = '/register/done' def form_valid(self, form): # Send message to the site messages.success(self.request, f'Agentur erstellt! Es wurde eine E-Mail verschickt mit weitere Infos zur Passworterstellung.') # SAVE OBJECTS TO SIGNALE! agency = Agency() agency.save() newuser_name = form.cleaned_data.get('first_name') + ' ' + form.cleaned_data.get('last_name') form.instance.agency = agency form.instance.parent = self.request.user msg_html = render_to_string('users/register_mail.html', {'username': newuser_name}) # E-Mail für Passwort-Setzung! send_mail( 'Agenturanmeldung', 'Hallo ' + form.cleaned_data.get('first_name') + ' ' + form.cleaned_data.get('last_name') + '! Bitte setzen sie sich auf https://digitale-agentur.com/password-reset/ ein Passwort. Anschließend können Sie weitere Details Ihrer Agentur eingeben.', 'support@digitale-agentur.com', [form.cleaned_data.get('email')], html_message=msg_html, fail_silently=False ) return super().form_valid(form) @login_required def dashboard(request): context = { 'active_link' : 'dashboard' } # Adding active_link # Loading only user same agency # Change context and return for template-data # # Get all Users of the Same Agency as logged user standards_of_agency = Standards.objects.filter(agency__pk=request.user.profile.agency.pk).filter(public=True).order_by('-created_standard_date')[:5] filterdate = datetime.now() news = News.objects.filter(agency__pk=request.user.profile.agency.pk).filter(go_online_on__lt=filterdate).filter(go_offline_on__gt=filterdate).order_by('-go_online_on')[:4] context.update({'active_link' : 'dashboard', 'standards_of_agency' : standards_of_agency, 'news' : news}) #return context return render (request, 'users/dashboard.html', context) class UsersManagement(LoginRequiredMixin, ListView): model = User # Adding active_link # Loading only user same agency # Change context and return for template-data def get_context_data(self, **kwargs): context = super().get_context_data(**kwargs) # Get all Users of the Same Agency as logged user users_of_agency = User.objects.filter(profile__agency__pk=self.request.user.profile.agency.pk) context.update({'active_link' : 'usersmanagement', 'users_of_agency':users_of_agency}) return context ''' Class AddNewUser() Erstellt einen neuen Nutzer mit SIGNALS, Profile und Agency (des aktuellen Users mit Rechten) ''' class UsersCreateUser(LoginRequiredMixin, CreateView): model = User fields = ['first_name', 'last_name','username', 'email'] success_url = '/dashboard/usersman/' # Adding active_link def get_context_data(self, **kwargs): context = super().get_context_data(**kwargs) context.update({'active_link' : 'usersmanagement'}) return context def form_valid(self, form): # Send message to the site messages.success(self.request, f'Benutzer angelegt!') # SAVE OBJECTS TO SIGNALE! form.instance.agency = self.request.user.profile.agency form.instance.parent = self.request.user newuser_name = form.cleaned_data.get('first_name') + " " + form.cleaned_data.get('last_name') msg_html = render_to_string('users/newusers_email.html', {'username': newuser_name}) # E-Mail für Passwort-Setzung! send_mail( self.request.user.profile.agency.name + ' Account', 'Hallo ' + form.cleaned_data.get('first_name') + ' ' + form.cleaned_data.get('last_name') + '! Bitte setzen sie sich auf https://digitale-agentur.com/password-reset/ ein Passwort.', 'support@digitale-agentur.com', [form.cleaned_data.get('email')], html_message=msg_html, fail_silently=False, ) return super().form_valid(form) # USER muss eingeloggt sein, um diese Seite zu sehen @login_required def profile(request): if request.method == 'POST': u_form = UsersChangeProfil(request.POST, instance=request.user) if u_form.is_valid(): u_form.save() prename = request.user.first_name name = request.user.last_name messages.success(request, f'Daten für {prename} {name} aktualisiert!') # Daten neu laden und nicht die "Mächten sie die Daten speichern...?" return redirect('users-dashboard') else: # Form in Klammern sind die aktuellen Daten :) u_form = UsersChangeProfil(instance=request.user) #p_form = UsersAddProfileForm(instance=request.user.profile) context = { 'u_form' : u_form, #'p_form' : p_form, 'active_link' : 'dashboard' } return render(request, 'users/profile.html', context) # Hier andere Nutzer ändern, wenn man Usersmanagement darf! class UserManagementUpdateForm(LoginRequiredMixin, UpdateView): model = Profile labels = { "phoneland" : "Telefon", "phonemobile" : "Mobil", "compfunc" : "Agenturfunktion", } fields = ['phoneland','phonemobile','compfunc'] # Update der Zugrifssrechte eines Users class UsersPermUpdateView(LoginRequiredMixin, View): template_name = 'users/users_perm.html' form_class = UsersPermForm success_url = '/dashboard/usersman/' # Form wird geladen; Checkboxen werden vorbereitet und hier rausgerendert. def get(self,request,*args, **kwargs): # User ist der hier Aufgerufene, bzw. das Profil! user_tochange = Profile.objects.get(pk=kwargs['pk']).user return render (request, self.template_name, {'form':self.form_class(user_tochange), 'active_link': 'usersmanagement', 'user_tochange': user_tochange}) # Handle POST GTTP requests def post(self, request, *args, **kwargs): permissions_loaded = dict(request.POST.lists()) user_tochange = Profile.objects.get(pk=kwargs['pk']).user # ITERATION Über alle Elemente gehen und Rechte entziehen (nicht vorhanden) oder adden (wenn vorhanden) # Hat ein user ein Recht NICHT, ist es NICHT in permissions # LOAD PERMISSIONS temprof = Profile for ele in temprof._meta.permissions: tempperm = Permission.objects.get(codename=ele[0]) if ele[0] in permissions_loaded: user_tochange.user_permissions.add(tempperm) else: # Eingeloggter User darf sich nicht selbst die Userverwaltungsrechte entziehen if user_tochange == request.user and ele[0]=='users_usermanagement': messages.warning(request, f'Benutzerverwaltungsrechte für {user_tochange.first_name} {user_tochange.last_name} kann nicht entfernt werden.') else: user_tochange.user_permissions.remove(tempperm) user_tochange.save() messages.success(request, f'Berechtigungen für {user_tochange.first_name} {user_tochange.last_name} aktualisiert!') return HttpResponseRedirect('/dashboard/usersman/') # Benutzerprofil wird aktualisiert ''' class ProfileUpdateView(LoginRequiredMixin, UpdateView): model = Profile form_class = UsersAddProfileForm template_name = 'users/profile_update.html' success_url = '/dashboard/usersman/' def get_context_data(self, **kwargs): context = super(ProfileUpdateView, self).get_context_data(**kwargs) context['active_link'] = 'usersmanagement' return context ''' @login_required def ProfileUpdateView(request, pk): prof_user = User.objects.get(profile__pk=pk) if request.method == 'POST': profileform_form = UsersAddProfileForm(request.POST, request.FILES, instance=prof_user.profile) #profileform_parents = UsersAddProfileFormParents(request.POST, instance=request.user) if profileform_form.is_valid(): profileform_form.save() prename = prof_user.first_name name = prof_user.last_name messages.success(request, f'Daten für {prename} {name} aktualisiert!') # Daten neu laden und nicht die "Mächten sie die Daten speichern...?" return redirect('users-management') else: # Form in Klammern sind die aktuellen Daten :) profileform_form = UsersAddProfileForm(instance=prof_user.profile) possible_users = User.objects.filter(profile__agency__pk=prof_user.profile.agency.pk) context = { 'prof_user' : prof_user, 'profileform_form' : profileform_form, 'active_link' : 'usersmanagement', 'possible_users' : possible_users } return render(request, 'users/profile_update.html', context) ''' Set users Parent by AJAX ''' @login_required def setuserparent(request): if request.method == 'GET': if request.GET['action'] == 'adduserp': userid = request.GET['objectid'] toadd = request.GET['userid'] toadd_user = User.objects.get(pk=toadd) workinguser = User.objects.get(pk=userid) username_clean = toadd_user.first_name + " " + toadd_user.last_name workinguser.profile.parent = toadd_user workinguser.save() # Getting Remaining-Users possible_users = User.objects.filter(profile__agency__pk=request.user.profile.agency.pk) possible_users_js = list(possible_users.values()) # Cleaned out, that only data is neede will send to the side (first/last-name and id) final_possible_users = {} for ele in possible_users_js: final_possible_users.update({'first_name':ele['first_name'],'last_name':ele['last_name'],'id':ele['id']}) # Counter for remaining users to show/hide "Keine Mitarbeiter"-Div return JsonResponse({'userid' : userid, 'username_clean' : username_clean, 'remaining_users':possible_users_js}) else: return HttpResponse("Request method is not a GET") ''' # DELETE A USER Hier wird das Profil gelöscht, aber damit auch der User. Zusätzlich werden alle Standards, Bereiche und Tasks des zu löschenden Nutzers dem User zugeschrieben, welcher eingeloggt ist. Das passiert VOR dem löschen! ''' class ProfileDeleteView(LoginRequiredMixin, DeleteView): model = User success_url = '/dashboard/usersman' template_name = 'users/user_confirm_delete.html' def delete(self, request, *args, **kwargs): user = User.objects.get(pk=kwargs['pk']) logged_user = request.user areas_fs = Areas.objects.filter(created_area_by=user) for a in areas_fs: a.created_area_by = logged_user a.save() # ACHTUNG! Bei Tasks heißt es leider auch created_area... task_fs = Tasks.objects.filter(created_area_by=user) for t in task_fs: t.created_area_by = logged_user t.save() standards_fs = Standards.objects.filter(created_standard_by=user) print(standards_fs) for a in standards_fs: a.created_standard_by = logged_user a.save() standards_fs = Standards.objects.filter(last_modified_by=user) for a in standards_fs: a.last_modified_by = logged_user a.save() standards_fs = Standards.objects.filter(published_by=user) for a in standards_fs: a.published_by = logged_user a.save() response = super(ProfileDeleteView, self).delete(request, *args, **kwargs) name = user.first_name + " " + user.last_name messages.success(request, f'Benutzer ' +name+ ' wurde gelöscht!') return response @login_required def agency(request): context = { 'active_link' : 'agencyinfo' } return render(request, 'users/agency.html', context) class AgencyUpdateView(LoginRequiredMixin, UpdateView): model = Agency form_class = AgencyUpdateForm template_name = 'users/agency_update.html' success_url = '/dashboard/agencyinfo' def get_context_data(self, **kwargs): context = super(AgencyUpdateView, self).get_context_data(**kwargs) context['active_link'] = 'agencyinfo' return context # PRIORISIERUNG ''' Es werden alle Aufgabenbereiche den Bereichen der Agentur zugeordnet und ausgegeben. ''' def UsersPrio(request, pk): user = User.objects.get(pk=pk) if(user.profile.agency.pk != request.user.profile.agency.pk): return HttpResponseRedirect('users-dashboard') else: prios = Prio.objects.filter(user__pk=pk) areas = Areas.objects.filter(agency__pk=request.user.profile.agency.pk) user_first_name = user.first_name user_last_name = user.last_name user_id = user.pk context = { 'active_link' : '', 'areas' : areas, 'user_first_name' : user_first_name, 'user_last_name' : user_last_name, 'user_id' : user_id, 'prios' : prios } return render(request, 'users/users_prio.html', context) def UsersPrioUpdate(request): tempuser = User.objects.get(pk=request.GET['userid']) if request.method == 'GET' and tempuser.profile.agency.pk == request.user.profile.agency.pk: prio = Prio.objects.filter(user__pk=request.GET['userid']).filter(task__pk=request.GET['taskid']) prio = list(prio)[0] prio.prio = request.GET['value'] prio.save() return HttpResponse("udated...") else: return HttpResponse("Request method is not a GET") import re def cleanhtml(raw_html): cleanr = re.compile('<.*?>') cleantext = re.sub(cleanr, '', raw_html) return cleantext # Searxh for Standards by name, content, creator - standards needs to be public! def GlobalSearch(request): if request.method == 'GET': searchfor = request.GET['searchstring'] results = {} ag = request.user.profile.agency.pk results = Standards.objects.filter(agency__pk=ag, public=True).filter(name__icontains=searchfor) | Standards.objects.filter(agency__pk=ag, public=True).filter(content__contains=searchfor) | Standards.objects.filter(agency__pk=ag, public=True).filter(area__name__icontains=searchfor) | Standards.objects.filter(agency__pk=ag, public=True).filter(task__name__icontains=searchfor) | Standards.objects.filter(agency__pk=ag, public=True).filter(created_standard_by__last_name__icontains=searchfor)|Standards.objects.filter(agency__pk=ag, public=True).filter(created_standard_by__first_name__icontains=searchfor) results_st = list(results) final_results_st = [] i = 0 for ele in results_st: tempele = {} tempele['id'] = ele.pk tempele['name'] = ele.name # First 100 chars of the Content tempele['content'] = cleanhtml(ele.content[:100]) tempele['first_name'] = ele.created_standard_by.first_name tempele['last_name'] = ele.created_standard_by.last_name tempele['first_name_mod'] = ele.last_modified_by.first_name tempele['last_name_mod'] = ele.last_modified_by.last_name tempele['created'] = formats.date_format(ele.created_standard_date, "d.m.Y") tempele['last_modified_on'] = formats.date_format(ele.last_modified_on, "d.m.Y") final_results_st.append(tempele) i += 1 return JsonResponse({'standards' : final_results_st}) else: return HttpResponse("Request method is not a GET") def searchStandardRouter(request): if request.method == 'GET': return redirect('/standards/standard/'+request.GET['s_id']+'/single') else: return redirect('dashboard') def UsersAreaTaskUpdate(request, pk): user = User.objects.get(pk=pk) if request.user.profile.agency.pk != user.profile.agency.pk: return redirect('dashboard') else: finaldata = {} context = { 'active_link' : 'usersmanagement', 'user_id' : user.pk, } if request.method == 'POST': form = request.POST areatask_formdata = list(form) # CRSF-Token löschen del areatask_formdata[0] area_ids = [] task_ids = [] for ar in areatask_formdata: tempdata = ar.split("_") if(tempdata[0] == 'area'): area_ids.append(int(tempdata[1])) elif(tempdata[0] == 'task'): task_ids.append(int(tempdata[1])) print(area_ids) print(task_ids) areas = Areas.objects.filter(agency__pk=user.profile.agency.pk) tasks = Tasks.objects.filter(agency__pk=user.profile.agency.pk) for area in areas: if area.pk in area_ids: area.usersfield.add(user) else: area.usersfield.remove(user) area.save() for task in tasks: if task.pk in task_ids: prio = Prio(user=User.objects.get(pk=pk), task=task) prio.save() task.usersfield.add(user) else: task.usersfield.remove(user) Prio.objects.filter(user__pk=pk).filter(task__pk=task.pk).delete() task.save() username_message = user.first_name + " " + user.last_name messages.success(request, f'Zuständigkeiten für {username_message} aktualisiert!') return redirect('users-management') else: form = UserAreaTaskForm(user) user_first_name = user.first_name user_last_name = user.last_name user_id = user.pk context = { 'active_link' : '', 'user_first_name' : user_first_name, 'user_last_name' : user_last_name, 'user_id' : user_id, 'form' : form } return render(request, 'users/users_areatasks.html', context) def support(request): context = { 'active_link' : 'support', 'form' : SupportForm(request.user) } if request.method == 'POST': form = request.POST #image = request.FILES supportdata = dict(form) # Data from Form to JSON-Format name = str(supportdata['name'][0]) mail = str(supportdata['mail'][0]) problemconc = str(supportdata['problemconc'][0]) problem = str(supportdata['problem'][0]) # HEADERS CURL headers = {'X-API-Key': 'F025A238EB74914E3653BA2989BFF7C4'} subject = "Digitale Agentur: " + str(problemconc) #final_img = image['image'] #fi = Image.open(final_img) #print(fi) # DataJSON ostdata = { "topicId" : '12', "name": name, "email": mail, "subject": 'Digitale Agentur: '+problemconc, "ip": "1.1.1.1", "message": "*****************************\nAgentur: "+ request.user.profile.agency.name +" (ID: "+ str(request.user.profile.agency.pk) +")\nBenutzer: "+request.user.first_name+" "+request.user.last_name+" (ID: "+ str(request.user.pk) +")\n*******************************\n\n" + problem } json_data = json.dumps(ostdata) r = requests.post("https://support.vh-solutions.de/api/http.php/tickets.json", data=json_data, headers=headers) # IF request FAILED error-Message if(r.status_code != 201): messages.warning(request, f'Supportanfrage fehlgeschlagen!' + str(r)) else: messages.success(request, f'Supportanfrage erfolgreich! Ihre Ticketnummer ist '+ str(r.json()) +'!') return render(request, 'users/support_done.html', context) else: return render(request, 'users/support.html', context)