400 lines
15 KiB
Python
400 lines
15 KiB
Python
from cloud.models import DataFile, DataDir
|
|
from django.shortcuts import redirect
|
|
from rest_framework.views import APIView
|
|
from rest_framework.response import Response
|
|
#from rest_framework.permissions import IsAuthenticated # <-- Here
|
|
import json
|
|
from standards.models import Standards
|
|
from rest_framework import serializers
|
|
from .serializers import StandardsSerializer, ChatRoomSerializer, ChatRoomFullSerializer
|
|
from rest_framework.decorators import api_view, permission_classes
|
|
from rest_framework import status
|
|
from rest_framework.authentication import SessionAuthentication, BasicAuthentication, TokenAuthentication
|
|
from rest_framework.decorators import authentication_classes
|
|
from chat.models import ChatRoom, ChatMessage
|
|
from django.http import HttpResponseRedirect,HttpResponse, JsonResponse
|
|
from django.contrib.sessions.models import Session
|
|
from timemanagement.models import Absence
|
|
from django.conf import settings
|
|
from digitaleagentur.utils import *
|
|
|
|
class GetUserId(APIView):
|
|
#permission_classes = (IsAuthenticated,) # <-- And here
|
|
|
|
def post(self, request):
|
|
return Response({"userid" : self.request.user.pk})
|
|
|
|
|
|
@api_view(['POST', ])
|
|
#@permission_classes((IsAuthenticated,))
|
|
def getStandardList(request):
|
|
standards = Standards.objects.filter(agency=request.user.profile.agency)
|
|
ser = StandardsSerializer(standards, many=True)
|
|
return Response(ser.data, status=status.HTTP_200_OK)
|
|
|
|
@api_view(['POST', ])
|
|
#@permission_classes((IsAuthenticated,))
|
|
def getSingleStandard(request, pk):
|
|
standard = Standards.objects.get(pk=int(pk))
|
|
ser = StandardsSerializer(standard, many=False)
|
|
return Response(ser.data, status=status.HTTP_200_OK)
|
|
|
|
@api_view(['POST', ])
|
|
#@permission_classes((IsAuthenticated,))
|
|
def logoutByToken(request):
|
|
print(request)
|
|
request.user.auth_token.delete()
|
|
return Response(status=status.HTTP_200_OK)
|
|
|
|
@api_view(['POST', ])
|
|
#@permission_classes((IsAuthenticated,))
|
|
def getchatrooms(request):
|
|
chatrooms = ChatRoom.objects.filter(creator=request.user) | ChatRoom.objects.filter(chatmember_single=request.user)
|
|
chatrooms_ser = ChatRoomSerializer(chatrooms, many=True)
|
|
return Response(chatrooms_ser.data, status=status.HTTP_200_OK)
|
|
|
|
|
|
@api_view(['POST', ])
|
|
#@permission_classes((IsAuthenticated,))
|
|
def getsinglechat(request, pk):
|
|
chatroom = ChatRoom.objects.get(pk=pk)
|
|
if chatroom.creator == request.user or chatroom.chatmember_single == request.user or (request.user in chatroom.chatmembers.all()):
|
|
chatroom_ser = ChatRoomFullSerializer(chatroom, many=False)
|
|
return Response(chatroom_ser.data, status=status.HTTP_200_OK)
|
|
else:
|
|
return Response(status=status.HTTP_403_FORBIDDEN)
|
|
|
|
|
|
@api_view(['POST', ])
|
|
#@permission_classes((IsAuthenticated,))
|
|
def savenewchatmessage(request):
|
|
room = ChatRoom.objects.get(pk=request.POST["room"])
|
|
if(request.user == room.creator or request.user == room.chatmember_single):
|
|
newmessage = ChatMessage(room=room, author=request.user, content=request.POST["message"])
|
|
newmessage.save()
|
|
room.messages.add(newmessage)
|
|
room.save()
|
|
return Response(status=status.HTTP_200_OK)
|
|
else:
|
|
return Response(status=status.HTTP_403_FORBIDDEN)
|
|
|
|
# IMPORTED MODELS FOR MIGRATION
|
|
from users.models import Agency
|
|
from django.contrib.auth.models import User
|
|
|
|
@api_view(['GET', ])
|
|
def migrateAgencyUsers(request, pk):
|
|
datapackage = {}
|
|
Ag = Agency.objects.get(pk=pk)
|
|
for user in User.objects.filter(profile__agency=Ag):
|
|
if(len(user.email) > 0 and len(user.first_name) > 0 and len(user.last_name) > 0):
|
|
datapackage.update({str(user.pk) : {"userid" : user.email, "displayname" : user.first_name + " " + user.last_name}})
|
|
return JsonResponse(datapackage)
|
|
|
|
|
|
|
|
|
|
@api_view(['GET', ])
|
|
def apilogout(request, uid):
|
|
print("LOGOUT: " + str(uid))
|
|
user = User.objects.get(username=uid)
|
|
[s.delete() for s in Session.objects.all() if s.get_decoded().get('_auth_user_hash') == user.get_session_auth_hash()]
|
|
return JsonResponse({'res' : 'ok'})
|
|
|
|
|
|
# This function change the Username of a user, when it was changed in NextCloud! Works only for the own user :) !
|
|
import xmltodict, json, requests
|
|
@api_view(['GET'], )
|
|
def userChangedInNc(request, uid, sid):
|
|
user = User.objects.get(username=uid)
|
|
if(user.is_authenticated and getNCLoggedUserBySession(sid) == uid):
|
|
nc_login_headers = {'Authorization' : 'Bearer ' + sid}
|
|
r = requests.get(settings.NEXTCLOUD_URL + "ocs/v1.php/cloud/users/" + uid, headers=nc_login_headers)
|
|
xpars = xmltodict.parse(r.text)
|
|
js = json.dumps(xpars)
|
|
final_json = json.loads(js)
|
|
new_displayname = final_json['ocs']['data']['displayname'].split(" ")
|
|
new_email = final_json['ocs']['data']['email']
|
|
user.email = new_email
|
|
user.first_name = new_displayname[0]
|
|
new_last_name = ""
|
|
new_displayname.pop(0)
|
|
for ele in new_displayname:
|
|
new_last_name += " " + ele
|
|
user.last_name = new_last_name
|
|
user.save()
|
|
return JsonResponse({"status" : "ok!"})
|
|
return JsonResponse({"status" : "NO AUTH"})
|
|
|
|
from requests.auth import HTTPBasicAuth
|
|
import random
|
|
import string
|
|
from django.contrib.auth.models import Group
|
|
from users.models import AgencyGroup
|
|
|
|
def get_random_number(length = 6):
|
|
result_str = ''.join(random.choice("0123456789") for i in range(length))
|
|
return result_str
|
|
|
|
def get_random_password(length = 6):
|
|
result_str = ''.join(random.choice("!_-abcdefghijklmnopqrstuvwxyzABCDEFGHIJLMNOPQRSTUVWXYZ0123456789") for i in range(length))
|
|
return result_str
|
|
|
|
# Returns a new groupID for NC by Groupname and Agency
|
|
def create_group_id(agencygroupname, agency):
|
|
newgroupid = ""
|
|
pregroupstr = "agencymaingroupid_"
|
|
if(agencygroupname == "Mitarbeiter"):
|
|
newgroupid = pregroupstr + str(agency.pk)
|
|
# NORMAL GROUOPS
|
|
elif(agencygroupname == "Administratoren"):
|
|
newgroupid = pregroupstr + str(agency.pk) + "_defaultadmingroup"
|
|
elif(agencygroupname == "Notfallhilfe"):
|
|
newgroupid = pregroupstr + str(agency.pk) + "_recover"
|
|
else:
|
|
newgroupid = pregroupstr + str(agency.pk) + "_subgroup_" + get_random_number()
|
|
|
|
return newgroupid
|
|
|
|
|
|
'''
|
|
Diese Methode erstellt die Gruppen in Owncloud nach dem Schemata, wie sie auch bei einer Registrierung aufgebaut werden.
|
|
|
|
'''
|
|
@api_view(['POST'], )
|
|
def NCAddGroup(request):
|
|
if request.method == "POST":
|
|
|
|
group = Group.objects.get(name=request.POST.get('groupid'))
|
|
aggroup = AgencyGroup.objects.get(group=group)
|
|
agency = aggroup.agency
|
|
newgroupid = create_group_id(aggroup.agencygroupname, agency)
|
|
headers = {
|
|
'Accept' : 'application/json',
|
|
'Access-Control-Allow-Headers' : 'OCS-APIRequest',
|
|
'OCS-APIRequest' : 'true'
|
|
}
|
|
data = {
|
|
"groupid" : newgroupid
|
|
}
|
|
r = requests.post(settings.NEXTCLOUD_URL + "ocs/v1.php/cloud/groups", data=data, headers=headers, auth=(settings.NEXTCLOUD_USER_API, settings.NEXTCLOUD_PW_API))
|
|
try:
|
|
r_status = json.loads(r.text)
|
|
if(r_status['ocs']['meta']['statuscode'] == 100):
|
|
# Group created, save new group id in Django
|
|
aggroup.nc_name = newgroupid
|
|
aggroup.save()
|
|
|
|
# Group created, set display name in NC
|
|
data = {
|
|
"name": aggroup.agencygroupname,
|
|
"id" : newgroupid
|
|
}
|
|
headers = {
|
|
'Authorization': 'Bearer ' + request.COOKIES['nc_session_id']
|
|
}
|
|
r = requests.post(settings.NEXTCLOUD_URL + "apps/agency/regr", data=data, headers=headers)
|
|
return JsonResponse({'status' : True, 'message': 'Gruppe ' + aggroup.agencygroupname + ' erzeugt - ID: ' + newgroupid})
|
|
else:
|
|
return JsonResponse({'status' : True, 'message': 'Gruppe ' + aggroup.agencygroupname + ' (ID '+aggroup.group.name+') konnte nicht erzeugt werden. Bitte manuell prüfen'})
|
|
except:
|
|
return JsonResponse({'status' : True, 'message': 'Gruppe ' + aggroup.agencygroupname + ' (ID '+aggroup.group.name+') konnte nicht erzeugt werden. Bitte manuell prüfen' + r.text})
|
|
return JsonResponse({"status" : "NO AUTH"})
|
|
|
|
|
|
'''
|
|
Hier werden die Nutzer angelegt.
|
|
'''
|
|
@api_view(['POST'], )
|
|
def NCAddUser(request):
|
|
if request.method == "POST":
|
|
agency = Agency.objects.get(pk=request.POST.get('agencyid'))
|
|
user = User.objects.get(pk=request.POST['userid'])
|
|
# Check, that only users in the same agency can do that!
|
|
if(user.profile.agency == agency):
|
|
# Load all groups the User is in and get AgencyGroup for NC-Group-Name
|
|
groups = []
|
|
for g in user.groups.all():
|
|
groups.append(AgencyGroup.objects.get(group=g).nc_name)
|
|
|
|
#password = get_random_password(50)
|
|
password = ""
|
|
userid = user.username
|
|
displayName = user.first_name + " " + user.last_name
|
|
email = user.email
|
|
|
|
# Data for the new User
|
|
data = {
|
|
"userid": userid,
|
|
"password": password,
|
|
"displayName": displayName,
|
|
"email":email,
|
|
"groups[]":groups
|
|
}
|
|
|
|
headers = {
|
|
'Accept' : 'application/json',
|
|
'Access-Control-Allow-Headers' : 'OCS-APIRequest',
|
|
'OCS-APIRequest' : 'true'
|
|
}
|
|
|
|
# Request for adding the new User
|
|
r = requests.post(settings.NEXTCLOUD_URL + "ocs/v1.php/cloud/users", data=data, headers=headers, auth=(settings.NEXTCLOUD_USER_API, settings.NEXTCLOUD_PW_API))
|
|
try:
|
|
r_status = json.loads(r.text)
|
|
if(r_status['ocs']['meta']['statuscode'] == 100):
|
|
return JsonResponse({'status' : True, 'message': 'Benutzer ' + user.first_name + " " + user.last_name + ' angelegt und in die Gruppen gepackt.'})
|
|
else:
|
|
return JsonResponse({'status' : True, 'message': 'Benutzer ' + user.first_name + " " + user.last_name + ' konnte nicht angelegt werden. Bitte manuell prüfen!'})
|
|
except:
|
|
return JsonResponse({'status' : True, 'message': 'Benutzer ' + user.first_name + " " + user.last_name + ' konnte nicht angelegt werden. Bitte manuell prüfen!'})
|
|
|
|
return JsonResponse({"status" : "NO AUTH"})
|
|
|
|
'''
|
|
Anlegen des Gruppenordners der Agentur in NC
|
|
'''
|
|
@api_view(['POST'], )
|
|
def NCAddGroupFolder(request):
|
|
if request.method == "POST":
|
|
agency = Agency.objects.get(pk=request.POST.get('agencyid'))
|
|
data = {
|
|
"gid" : "agencymaingroupid_" + str(agency.pk),
|
|
"aid" : str(agency.pk)
|
|
}
|
|
headers = {
|
|
'Authorization': 'Bearer ' + request.COOKIES['nc_session_id']
|
|
}
|
|
r = requests.post(settings.NEXTCLOUD_URL + "apps/agency/createagf", data=data, headers=headers)
|
|
print(r.text)
|
|
return JsonResponse({'status' : True, 'message': 'Gruppenordner angelegt!'})
|
|
|
|
return JsonResponse({"status" : "NO AUTH"})
|
|
|
|
import os
|
|
|
|
'''
|
|
Hier werden die Dateien angelegt und entsprechende Zugriffsrechte der Gruppen gesetzt.
|
|
'''
|
|
@api_view(['POST'], )
|
|
def NCAddFiles(request):
|
|
if request.method == "POST":
|
|
agency = Agency.objects.get(pk=request.POST.get('agencyid'))
|
|
file_to_load = DataFile.objects.get(pk=request.POST.get('fileid'))
|
|
datadir_parent = None
|
|
datadir_parent_dirnames = []
|
|
if(file_to_load.parent != None):
|
|
datadir_parent = file_to_load.parent
|
|
datadir_parent_dirnames = [file_to_load.parent.name]
|
|
|
|
while(datadir_parent.parent != None):
|
|
datadir_parent_dirnames.append(datadir_parent.parent.name)
|
|
datadir_parent = datadir_parent.parent
|
|
## Popping last Element
|
|
d_prestring = ""
|
|
if(len(datadir_parent_dirnames) > 0):
|
|
datadir_parent_dirnames.pop(len(datadir_parent_dirnames)-1)
|
|
# Turning Array around
|
|
datadir_parent_dirnames = datadir_parent_dirnames[::-1]
|
|
|
|
# Dirs needed for the File
|
|
for d in datadir_parent_dirnames:
|
|
new_folder = d_prestring + "/" +d
|
|
r = requests.request("MKCOL", settings.NEXTCLOUD_URL + "remote.php/dav/files/admin/Agenturdaten_" + str(agency.pk)+ '/' + new_folder, auth=(settings.NEXTCLOUD_USER_API, settings.NEXTCLOUD_PW_API))
|
|
d_prestring += "/" + d
|
|
|
|
# Uplod the file!
|
|
final_file_path = settings.NEXTCLOUD_URL + "remote.php/dav/files/admin/Agenturdaten_"+ str(agency.pk) + "/" + d_prestring + "/" + file_to_load.name
|
|
with open(file_to_load.file.path, 'rb') as f:
|
|
r = requests.put(final_file_path, data=f, auth=(settings.NEXTCLOUD_USER_API, settings.NEXTCLOUD_PW_API))
|
|
if(len(r.text) == 0):
|
|
return JsonResponse({'status' : True, 'message': 'Datei ' + file_to_load.name + ' angelegt.'})
|
|
else:
|
|
return JsonResponse({'status' : True, 'message': 'Datei ' + file_to_load.name + ' konnte nicht angelegt. Bitte manuell prüfen!'})
|
|
|
|
return JsonResponse({"status" : "NO AUTH"})
|
|
|
|
|
|
'''
|
|
Hier werden die Dateien angelegt und entsprechende Zugriffsrechte der Gruppen gesetzt.
|
|
'''
|
|
@api_view(['POST'], )
|
|
def NCAddDirs(request):
|
|
if request.method == "POST":
|
|
agency = Agency.objects.get(pk=request.POST.get('agencyid'))
|
|
dir_to_create = DataDir.objects.get(pk=request.POST.get('dirid'))
|
|
sharestring = ""
|
|
if(dir_to_create.visibleby.all().count() > 0):
|
|
sharestring = " Ordner nur sichtbar durch: "
|
|
for cd in dir_to_create.visibleby.all():
|
|
sharestring += cd.agencygroupname + " (" + cd.nc_name + ")"
|
|
# Dir has no parent, create
|
|
if(len(dir_to_create.parent.name) == 0):
|
|
r = requests.request("MKCOL", settings.NEXTCLOUD_URL + "remote.php/dav/files/admin/Agenturdaten_" + str(agency.pk)+ '/' + dir_to_create.name, auth=(settings.NEXTCLOUD_USER_API, settings.NEXTCLOUD_PW_API))
|
|
return JsonResponse({'status' : True, 'message': 'Ordner ' + dir_to_create.name + ' angelegt. ' + sharestring})
|
|
# Dir has parents, start thinking :)
|
|
else:
|
|
datadir_parent = None
|
|
datadir_parent_dirnames = []
|
|
if(dir_to_create.parent != None and len(dir_to_create.parent.name) > 0):
|
|
datadir_parent = dir_to_create.parent
|
|
datadir_parent_dirnames = [dir_to_create.parent.name]
|
|
|
|
if(datadir_parent.parent != None):
|
|
while(datadir_parent.parent != None and len(datadir_parent.parent.name) > 0):
|
|
datadir_parent_dirnames.append(datadir_parent.parent.name)
|
|
datadir_parent = datadir_parent.parent
|
|
|
|
if(len(datadir_parent_dirnames) > 0):
|
|
datadir_parent_dirnames = datadir_parent_dirnames[::-1]
|
|
d_prestring = ""
|
|
for d in datadir_parent_dirnames:
|
|
new_folder = d_prestring + "/" +d
|
|
r = requests.request("MKCOL", settings.NEXTCLOUD_URL + "remote.php/dav/files/admin/Agenturdaten_" + str(agency.pk)+ '/' + new_folder, auth=(settings.NEXTCLOUD_USER_API, settings.NEXTCLOUD_PW_API))
|
|
d_prestring += "/" + d
|
|
|
|
r = requests.request("MKCOL", settings.NEXTCLOUD_URL + "remote.php/dav/files/admin/Agenturdaten_" + str(agency.pk)+ '/' + d_prestring + "/" + dir_to_create.name, auth=(settings.NEXTCLOUD_USER_API, settings.NEXTCLOUD_PW_API))
|
|
|
|
return JsonResponse({'status' : True, 'message': 'Ordner ' + dir_to_create.name + ' angelegt.' + sharestring})
|
|
|
|
|
|
return JsonResponse({'status' : False, 'message': 'AUTH ERROR'})
|
|
|
|
@api_view(['GET'], )
|
|
def NCTest(request):
|
|
print(request.headers)
|
|
return JsonResponse({'status' : False, 'message': 'AUTH ERROR'})
|
|
|
|
|
|
@api_view(['POST'], )
|
|
def SetUserData(request):
|
|
#print("HI!")
|
|
#user = User.objects.get(username=request.POST.get('uid'))
|
|
#user.set_password(request.POST.get('pw'))
|
|
#user.save()
|
|
#user = authenticate(username=request.POST.get('uid'), password=request.POST.get('pw'))
|
|
#print(request.POST.get('uid'))
|
|
#print(request.POST.get('pw'))
|
|
return JsonResponse({})
|
|
#user = User.objects.get(username=request.POST.get('uid'))
|
|
#user.backend = 'django.contrib.auth.backends.ModelBackend'
|
|
#login(request, user)
|
|
#login(request, ))
|
|
#if(request.session.get('_auth_user_id') == None):
|
|
# print("LOGIN " + request.POST.get('uid'))
|
|
|
|
#else:
|
|
# print("user logged")
|
|
#return JsonResponse({})
|
|
#print(request.session.get('_auth_user_id'))
|
|
#print(request.POST.get('uid'))
|
|
#print(request.POST.get('reqdata'))
|
|
#if(request.POST.get('key') == "lkais8id7oauihsdjgt6as7zdukHJAGHFTJ7s6a8dziuhabjshdatf6tASZDUHJB"):
|
|
# user =
|
|
# user.backend = 'django.contrib.auth.backends.ModelBackend'
|
|
# login(request, user)
|
|
# return redirect('users-dashboard')
|
|
#else:
|
|
# return redirect('login')
|
|
#return redirect('users-dashboard')
|