diff --git a/loop/admin.py b/loop/admin.py index 269afd601e..2ab42bc551 100644 --- a/loop/admin.py +++ b/loop/admin.py @@ -70,12 +70,12 @@ def formfield_for_foreignkey(self, db_field, request, **kwargs): 'user', 'role', ('name', 'name_en'), 'phone_number', 'village', 'partner', 'mode', 'preferred_language', 'days_count', 'is_visible', 'farmer_phone_mandatory', 'registration','show_farmer_share','percent_farmer_share', 'version') list_display = ( - '__user__', 'name', 'name_en', 'role', 'phone_number', 'village', 'days_count', 'farmer_phone_mandatory', 'partner' ,'show_farmer_share','percent_farmer_share', 'version') + '__user__', 'name', 'name_en', 'role', 'phone_number', 'village', 'days_count', 'farmer_phone_mandatory', 'partner' ,'show_farmer_share','percent_farmer_share', 'version','active') search_fields = ['name', 'name_en', 'phone_number', 'village__village_name_en', 'village__block__district__state__country__country_name'] list_filter = ['village__block__district__state__country', 'village__block__district__state__state_name_en', 'village__block__district__district_name_en', 'role', 'partner', 'version'] - list_editable = ['days_count', 'farmer_phone_mandatory','show_farmer_share','percent_farmer_share', 'partner', 'role'] + list_editable = ['days_count', 'farmer_phone_mandatory','show_farmer_share','percent_farmer_share', 'partner', 'role','active'] class AdminAssignedDistricts(admin.StackedInline): model = AdminAssignedDistrict diff --git a/loop/api.py b/loop/api.py index 1c86eba8cf..237533251c 100644 --- a/loop/api.py +++ b/loop/api.py @@ -23,6 +23,52 @@ from loop_ivr.helper_function import send_sms_using_textlocal + +from tastypie.compat import get_username_field,get_user_model +from tastypie.http import HttpUnauthorized + + +#custom ApiKeyAuthentication, added is_active +class CustomApiKeyAuthentication(ApiKeyAuthentication): + def is_authenticated(self,request,**kwargs): + """ + Finds the user and checks their API key. + Should return either ``True`` if allowed, ``False`` if not or an + ``HttpResponse`` if you need something custom. + """ + try: + username, api_key = self.extract_credentials(request) + except ValueError: + return self._unauthorized() + + if not username or not api_key: + return self._unauthorized() + + username_field = get_username_field() + User = get_user_model() + + lookup_kwargs = {username_field: username} + try: + user = User.objects.select_related('api_key').get(**lookup_kwargs) + loop_user = LoopUser.objects.filter(user=user) + except (User.DoesNotExist, User.MultipleObjectsReturned): + return self._unauthorized() + + if not self.check_active(user): + return False + + # checks if loopuser exists and is active + if loop_user.count() < 1 or not loop_user[0].active or (loop_user[0].role == 3 and request.method !="GET"): + return False + + key_auth_check = self.get_key(user, api_key) + if key_auth_check and not isinstance(key_auth_check, HttpUnauthorized): + request.user = user + + return key_auth_check + + + class AssignedMandiNotSaved(Exception): pass @@ -257,7 +303,7 @@ class Meta: queryset = State.objects.all() resource_name = 'state' authorization = Authorization() - authentication = ApiKeyAuthentication() + authentication = CustomApiKeyAuthentication() excludes = ('time_created', 'time_modified') include_resource_uri = False @@ -277,7 +323,7 @@ class Meta: queryset = District.objects.all() resource_name = 'district' authorization = Authorization() - authentication = ApiKeyAuthentication() + authentication = CustomApiKeyAuthentication() excludes = ('time_created', 'time_modified') include_resource_uri = False @@ -296,7 +342,7 @@ class Meta: queryset = Block.objects.all() resource_name = 'block' authorization = Authorization() - authentication = ApiKeyAuthentication() + authentication = CustomApiKeyAuthentication() excludes = ('time_created', 'time_modified') include_resource_uri = False @@ -319,7 +365,7 @@ class Meta: queryset = Village.objects.all() resource_name = 'village' authorization = VillageAuthorization('id__in') - authentication = ApiKeyAuthentication() + authentication = CustomApiKeyAuthentication() excludes = ('time_created', 'time_modified') include_resource_uri = False @@ -344,7 +390,7 @@ class Meta: resource_name = 'farmer' always_return_data = True authorization = VillageAuthorization('village_id__in') - authentication = ApiKeyAuthentication() + authentication = CustomApiKeyAuthentication() excludes = ('time_created', 'time_modified') include_resource_uri = False @@ -534,7 +580,7 @@ class Meta: allowed_methods = ['post', 'get'] resource_name = 'crop' authorization = Authorization() - authentication = ApiKeyAuthentication() + authentication = CustomApiKeyAuthentication() always_return_data = True excludes = ('time_created', 'time_modified') include_resource_uri = False @@ -591,7 +637,7 @@ class Meta: queryset = Mandi.objects.all() resource_name = 'mandi' authorization = MandiAuthorization('id__in') - authentication = ApiKeyAuthentication() + authentication = CustomApiKeyAuthentication() excludes = ('time_created', 'time_modified') include_resource_uri = False @@ -613,7 +659,7 @@ class Meta: queryset = Gaddidar.objects.all() resource_name = 'gaddidar' authorization = MandiAuthorization('mandi_id__in') - authentication = ApiKeyAuthentication() + authentication = CustomApiKeyAuthentication() always_return_data = True excludes = ('time_created', 'time_modified') include_resource_uri = False @@ -651,7 +697,7 @@ class Meta: queryset = Vehicle.objects.all() resource_name = 'vehicle' authorization = Authorization() - authentication = ApiKeyAuthentication() + authentication = CustomApiKeyAuthentication() always_return_data = True excludes = ('time_created', 'time_modified') include_resource_uri = False @@ -691,7 +737,7 @@ class Meta: queryset = Transporter.objects.all() resource_name = 'transporter' authorization = BlockAuthorization('block') - authentication = ApiKeyAuthentication() + authentication = CustomApiKeyAuthentication() always_return_data = True excludes = ('time_created', 'time_modified') include_resource_uri = False @@ -745,7 +791,7 @@ class Meta: allowed_methods = ["get", "post", "put", "delete"] resource_name = 'transportationvehicle' authorization = BlockAuthorization('transporter__block') - authentication = ApiKeyAuthentication() + authentication = CustomApiKeyAuthentication() always_return_data = True excludes = ('time_created', 'time_modified') include_resource_uri = False @@ -840,7 +886,7 @@ class Meta: detail_allowed_methods = ["get", "post", "put", "delete","patch"] resource_name = 'daytransportation' authorization = DayTransportationAuthorization() - authentication = ApiKeyAuthentication() + authentication = CustomApiKeyAuthentication() always_return_data = True excludes = ('time_created', 'time_modified') include_resource_uri = False @@ -933,7 +979,7 @@ class Meta: max_limit = 0 queryset = GaddidarCommission.objects.all() authorization = MandiAuthorization('mandi_id__in') - authentication = ApiKeyAuthentication() + authentication = CustomApiKeyAuthentication() resource_name = 'gaddidarcommission' always_return_data = True excludes = ('time_created','time_modified') @@ -955,7 +1001,7 @@ class Meta: queryset =GaddidarShareOutliers.objects.all() allowed_methods = ['post','patch','put','get'] authorization = Authorization() - authentication =ApiKeyAuthentication() + authentication = CustomApiKeyAuthentication() resource_name = 'gaddidarshareoutliers' always_return_data = True excludes = ('time_created', 'time_modified') @@ -992,7 +1038,7 @@ class Meta: allowed_methods = ['post','patch','put','get'] resource_name = 'aggregatorshareoutliers' authorization = Authorization() - authentication =ApiKeyAuthentication() + authentication =CustomApiKeyAuthentication() always_return_data = True excludes = ('time_created', 'time_modified') include_resource_uri = False @@ -1030,7 +1076,7 @@ class Meta: queryset = CombinedTransaction.objects.all() resource_name = 'combinedtransaction' authorization = CombinedTransactionAuthorization() - authentication = ApiKeyAuthentication() + authentication = CustomApiKeyAuthentication() always_return_data = True excludes = ('time_created', 'time_modified') include_resource_uri = False diff --git a/loop/migrations/0025_auto_20180405_0534.py b/loop/migrations/0025_auto_20180405_0534.py new file mode 100644 index 0000000000..9d28e1a4c4 --- /dev/null +++ b/loop/migrations/0025_auto_20180405_0534.py @@ -0,0 +1,29 @@ +# -*- coding: utf-8 -*- +from __future__ import unicode_literals + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('loop', '0024_auto_20180116_1209'), + ] + + operations = [ + migrations.AddField( + model_name='loopuser', + name='active', + field=models.BooleanField(default=True), + ), + migrations.AddField( + model_name='loopuser', + name='closing_date', + field=models.DateTimeField(null=True, blank=True), + ), + migrations.AddField( + model_name='loopuser', + name='closing_reason', + field=models.CharField(default=b'', max_length=140, null=True, blank=True), + ), + ] diff --git a/loop/models.py b/loop/models.py index 0618b7498d..0090cbd320 100644 --- a/loop/models.py +++ b/loop/models.py @@ -207,6 +207,9 @@ class LoopUser(LoopModel): percent_farmer_share = models.FloatField(default=0.0) partner = models.ForeignKey(Partner, default=None, null=True, blank=True) version = models.CharField(max_length=10, blank=True, null=True, default="0") + active = models.BooleanField(default=True) + closing_date = models.DateTimeField(blank=True,null=True) + closing_reason = models.CharField(max_length=140,default="",blank=True,null=True) def __unicode__(self): return """%s (%s)""" % (self.name_en, self.phone_number) diff --git a/loop/views.py b/loop/views.py index f7a37b873d..c77140f44c 100644 --- a/loop/views.py +++ b/loop/views.py @@ -75,7 +75,7 @@ def login(request): loop_user.update(registration=reg_token, version=version) - if user is not None and user.is_active and loop_user.count() > 0: + if user is not None and user.is_active and loop_user.count() > 0 and loop_user[0].active: auth.login(request, user) try: