drinks-manager/app/views.py

import json
import sys

from pathlib import Path

from django.conf import settings
from django.contrib.auth import authenticate
from django.contrib.auth import get_user_model
from django.contrib.auth import login
from django.contrib.auth.decorators import login_required
from django.contrib.auth.forms import AuthenticationForm
from django.http.response import HttpResponseRedirect
from django.http.response import FileResponse
from django.http.response import HttpResponse
from django.shortcuts import render

from django.utils.translation import gettext as _
from django.utils.formats import decimal

from . import sql_queries

from .models import Drink
from .models import Order
from .models import RegisterTransaction


def login_page(request):
    userlist = get_user_model().objects.filter(is_superuser=False).filter(is_active=True).order_by("username")
    if request.method == "POST":
        form = AuthenticationForm(request.POST)
        username = request.POST['username']
        password = request.POST['password']
        user = authenticate(username=username,password=password)
        if user:
            if user.is_active:
                login(request, user)
                return HttpResponseRedirect("/")
        else:
            return render(request,'registration/login.html', {
                "form": form,
                "user_list": userlist,
                "error_message": _("Invalid username or password.")
            })
    else:
        if request.user.is_authenticated:
            return HttpResponseRedirect("/")
        form = AuthenticationForm()
    return render(request,'registration/login.html', {
        "form": form,
        "user_list": userlist
    })


@login_required
def index(request):
    context = {
        "available_drinks": Drink.objects.filter(available__gt=0).filter(deleted=False).order_by('product_name'),
    }
    return render(request, "index.html", context)


@login_required
def history(request):
    context = {
        "history": sql_queries.select_history(request.user, language_code=request.LANGUAGE_CODE),
    }
    return render(request, "history.html", context)


@login_required
def order(request, drinkid):
    try:
        drink_ = Drink.objects.get(pk=drinkid)
        context = {"drink": drink_}
        return render(request, "order.html", context)
    except Drink.DoesNotExist:
        return HttpResponseRedirect("/")


@login_required
def deposit(request):
    return render(request, "deposit.html", {})


@login_required
def statistics(request):
    context = {
        "yopml12m": sql_queries.select_yopml12m(request.user),
        "aopml12m": sql_queries.select_aopml12m(),
        "yopwd": sql_queries.select_yopwd(request.user),
        "aopwd": sql_queries.select_aopwd(),
        "noyopd": sql_queries.select_noyopd(request.user),
        "noaopd": sql_queries.select_noaopd()
    }
    return render(request, "statistics.html", context)


@login_required
def supply(request):
    return render(request, "supply.html")


@login_required
def redirect_home(request):
    return HttpResponseRedirect("/")


# API for XHR requests #

@login_required
def api_order_drink(request):
    # check request -> make order
    user = request.user
    try:
        if user.allow_order_with_negative_balance or user.balance > 0:
            drinkid = int(request.POST["drinkid"])
            amount = int(request.POST["numberofdrinks"])
            drink = Drink.objects.get(pk=drinkid)
            if ((drink.do_not_count and drink.available > 0) or (drink.available >= amount)) and not drink.deleted:
                Order.objects.create(drink=drink, user=user, amount=amount)
                return HttpResponse("success", status=200)
            else:
                return HttpResponse("notAvailable", status=400)
        else: raise Exception("Unexpected input or missing privileges.")
    except Exception as e:
        print(f"An exception occured while processing an order: User: {user.username} - Exception: {e}", file=sys.stderr)
        return HttpResponse(b"", status=500)


@login_required
def api_deposit(request):
    # check request -> deposit
    user = request.user
    try:
        amount = decimal.Decimal(request.POST["depositamount"])
        if 0.00 < amount < 9999.99:
            # create transaction
            RegisterTransaction.objects.create(
                transaction_sum=amount,
                comment=f"User deposit by user {user.username}",
                is_user_deposit=True,
                user=user)
            return HttpResponse("success", status=200)
        else: raise Exception("Deposit amount too big or small.")
    except Exception as e:
        print(f"An exception occured while processing a transaction: User: {user.username} - Exception: {e}", file=sys.stderr)
        return HttpResponse(b"", status=500)


@login_required
def api_supply(request):
    # check request -> supply
    user = request.user
    try:
        price = decimal.Decimal(request.POST["supplyprice"])
        description = str(request.POST["supplydescription"])
        if 0.00 < price < 9999.99 and (user.allowed_to_supply or user.is_superuser):
            # create transaction
            RegisterTransaction.objects.create(
                transaction_sum=-price,
                comment=f"Supply: {description}",
                is_user_deposit=False,
                user=user
            )
            return HttpResponse("success", status=200)
        else: raise Exception("Unexpected input or missing privileges.")
    except Exception as e:
        print(f"An exception occured while processing a supply transaction: User: {user.username} - Exception: {e}", file=sys.stderr)
        return HttpResponse(b"", status=500)
Initial commit - existing project files 2022-03-16 12:11:30 +01:00			`import json`
			`import sys`

Profile pictures are now handled by the application to mitigate possible directory traversals to other sub-directories of the static directory (Admins/Staff with the right to edit user accounts were able to set a path like ../static/favicon.png for the profile picture - this isn't a "i'm in, now i have root access and can hack your mom"-vulnerability, but better fix it before it evolves to one. or a dragon. it's too late for this crap.) 2022-11-02 21:55:36 +01:00			`from pathlib import Path`

			`from django.conf import settings`
Initial commit - existing project files 2022-03-16 12:11:30 +01:00			`from django.contrib.auth import authenticate`
			`from django.contrib.auth import get_user_model`
			`from django.contrib.auth import login`
			`from django.contrib.auth.decorators import login_required`
			`from django.contrib.auth.forms import AuthenticationForm`
			`from django.http.response import HttpResponseRedirect`
Profile pictures are now handled by the application to mitigate possible directory traversals to other sub-directories of the static directory (Admins/Staff with the right to edit user accounts were able to set a path like ../static/favicon.png for the profile picture - this isn't a "i'm in, now i have root access and can hack your mom"-vulnerability, but better fix it before it evolves to one. or a dragon. it's too late for this crap.) 2022-11-02 21:55:36 +01:00			`from django.http.response import FileResponse`
Initial commit - existing project files 2022-03-16 12:11:30 +01:00			`from django.http.response import HttpResponse`
			`from django.shortcuts import render`

			`from django.utils.translation import gettext as _`
			`from django.utils.formats import decimal`

			`from . import sql_queries`

			`from .models import Drink`
			`from .models import Order`
			`from .models import RegisterTransaction`


			`def login_page(request):`
			`userlist = get_user_model().objects.filter(is_superuser=False).filter(is_active=True).order_by("username")`
			`if request.method == "POST":`
			`form = AuthenticationForm(request.POST)`
			`username = request.POST['username']`
			`password = request.POST['password']`
			`user = authenticate(username=username,password=password)`
			`if user:`
			`if user.is_active:`
			`login(request, user)`
			`return HttpResponseRedirect("/")`
			`else:`
			`return render(request,'registration/login.html', {`
			`"form": form,`
			`"user_list": userlist,`
			`"error_message": _("Invalid username or password.")`
			`})`
			`else:`
			`if request.user.is_authenticated:`
			`return HttpResponseRedirect("/")`
			`form = AuthenticationForm()`
			`return render(request,'registration/login.html', {`
			`"form": form,`
			`"user_list": userlist`
			`})`


			`@login_required`
			`def index(request):`
			`context = {`
Order drinks by product_name on the home page 2022-05-16 11:00:24 +02:00			`"available_drinks": Drink.objects.filter(available__gt=0).filter(deleted=False).order_by('product_name'),`
Initial commit - existing project files 2022-03-16 12:11:30 +01:00			`}`
			`return render(request, "index.html", context)`

Completely re-structured the project from scratch, wrote a better bootstrap script, changed configuration format to yaml, improved Caddyfile, and more. #15 #16 #20 2023-02-11 17:23:57 +01:00
Initial commit - existing project files 2022-03-16 12:11:30 +01:00			`@login_required`
			`def history(request):`
			`context = {`
			`"history": sql_queries.select_history(request.user, language_code=request.LANGUAGE_CODE),`
			`}`
			`return render(request, "history.html", context)`

Completely re-structured the project from scratch, wrote a better bootstrap script, changed configuration format to yaml, improved Caddyfile, and more. #15 #16 #20 2023-02-11 17:23:57 +01:00
Initial commit - existing project files 2022-03-16 12:11:30 +01:00			`@login_required`
Refactored CSS and HTML templates and polished UI (#10), changed JavaScript variable names to camelCase, adjusted filenames and some url parameter names in urlpatterns, and more. 2022-11-04 20:35:28 +01:00			`def order(request, drinkid):`
Initial commit - existing project files 2022-03-16 12:11:30 +01:00			`try:`
Refactored CSS and HTML templates and polished UI (#10), changed JavaScript variable names to camelCase, adjusted filenames and some url parameter names in urlpatterns, and more. 2022-11-04 20:35:28 +01:00			`drink_ = Drink.objects.get(pk=drinkid)`
Improved readability of python code by adding/removing newlines, identation, etc. 2023-02-11 22:14:01 +01:00			`context = {"drink": drink_}`
Initial commit - existing project files 2022-03-16 12:11:30 +01:00			`return render(request, "order.html", context)`
			`except Drink.DoesNotExist:`
			`return HttpResponseRedirect("/")`

Completely re-structured the project from scratch, wrote a better bootstrap script, changed configuration format to yaml, improved Caddyfile, and more. #15 #16 #20 2023-02-11 17:23:57 +01:00
Initial commit - existing project files 2022-03-16 12:11:30 +01:00			`@login_required`
			`def deposit(request):`
			`return render(request, "deposit.html", {})`

Completely re-structured the project from scratch, wrote a better bootstrap script, changed configuration format to yaml, improved Caddyfile, and more. #15 #16 #20 2023-02-11 17:23:57 +01:00
Initial commit - existing project files 2022-03-16 12:11:30 +01:00			`@login_required`
			`def statistics(request):`
			`context = {`
			`"yopml12m": sql_queries.select_yopml12m(request.user),`
			`"aopml12m": sql_queries.select_aopml12m(),`
			`"yopwd": sql_queries.select_yopwd(request.user),`
			`"aopwd": sql_queries.select_aopwd(),`
			`"noyopd": sql_queries.select_noyopd(request.user),`
			`"noaopd": sql_queries.select_noaopd()`
			`}`
			`return render(request, "statistics.html", context)`

Completely re-structured the project from scratch, wrote a better bootstrap script, changed configuration format to yaml, improved Caddyfile, and more. #15 #16 #20 2023-02-11 17:23:57 +01:00
Added 'supply' page to create negative register transactions, updated translation 2022-10-15 19:37:01 +02:00			`@login_required`
			`def supply(request):`
			`return render(request, "supply.html")`

Completely re-structured the project from scratch, wrote a better bootstrap script, changed configuration format to yaml, improved Caddyfile, and more. #15 #16 #20 2023-02-11 17:23:57 +01:00
Initial commit - existing project files 2022-03-16 12:11:30 +01:00			`@login_required`
			`def redirect_home(request):`
			`return HttpResponseRedirect("/")`


			`# API for XHR requests #`

			`@login_required`
			`def api_order_drink(request):`
			`# check request -> make order`
			`user = request.user`
			`try:`
			`if user.allow_order_with_negative_balance or user.balance > 0:`
Refactored CSS and HTML templates and polished UI (#10), changed JavaScript variable names to camelCase, adjusted filenames and some url parameter names in urlpatterns, and more. 2022-11-04 20:35:28 +01:00			`drinkid = int(request.POST["drinkid"])`
			`amount = int(request.POST["numberofdrinks"])`
			`drink = Drink.objects.get(pk=drinkid)`
rename the field 'binary_availability' to 'do_not_count' in model Drink 2022-05-24 18:49:04 +02:00			`if ((drink.do_not_count and drink.available > 0) or (drink.available >= amount)) and not drink.deleted:`
Initial commit - existing project files 2022-03-16 12:11:30 +01:00			`Order.objects.create(drink=drink, user=user, amount=amount)`
			`return HttpResponse("success", status=200)`
			`else:`
			`return HttpResponse("notAvailable", status=400)`
Added 'supply' page to create negative register transactions, updated translation 2022-10-15 19:37:01 +02:00			`else: raise Exception("Unexpected input or missing privileges.")`
Initial commit - existing project files 2022-03-16 12:11:30 +01:00			`except Exception as e:`
			`print(f"An exception occured while processing an order: User: {user.username} - Exception: {e}", file=sys.stderr)`
			`return HttpResponse(b"", status=500)`


			`@login_required`
			`def api_deposit(request):`
			`# check request -> deposit`
			`user = request.user`
			`try:`
Refactored CSS and HTML templates and polished UI (#10), changed JavaScript variable names to camelCase, adjusted filenames and some url parameter names in urlpatterns, and more. 2022-11-04 20:35:28 +01:00			`amount = decimal.Decimal(request.POST["depositamount"])`
Initial commit - existing project files 2022-03-16 12:11:30 +01:00			`if 0.00 < amount < 9999.99:`
			`# create transaction`
			`RegisterTransaction.objects.create(`
			`transaction_sum=amount,`
			`comment=f"User deposit by user {user.username}",`
			`is_user_deposit=True,`
Improved readability of python code by adding/removing newlines, identation, etc. 2023-02-11 22:14:01 +01:00			`user=user)`
Initial commit - existing project files 2022-03-16 12:11:30 +01:00			`return HttpResponse("success", status=200)`
			`else: raise Exception("Deposit amount too big or small.")`
			`except Exception as e:`
Added 'supply' page to create negative register transactions, updated translation 2022-10-15 19:37:01 +02:00			`print(f"An exception occured while processing a transaction: User: {user.username} - Exception: {e}", file=sys.stderr)`
			`return HttpResponse(b"", status=500)`

Improved readability of python code by adding/removing newlines, identation, etc. 2023-02-11 22:14:01 +01:00
Added 'supply' page to create negative register transactions, updated translation 2022-10-15 19:37:01 +02:00			`@login_required`
			`def api_supply(request):`
			`# check request -> supply`
			`user = request.user`
			`try:`
Refactored CSS and HTML templates and polished UI (#10), changed JavaScript variable names to camelCase, adjusted filenames and some url parameter names in urlpatterns, and more. 2022-11-04 20:35:28 +01:00			`price = decimal.Decimal(request.POST["supplyprice"])`
			`description = str(request.POST["supplydescription"])`
Added 'supply' page to create negative register transactions, updated translation 2022-10-15 19:37:01 +02:00			`if 0.00 < price < 9999.99 and (user.allowed_to_supply or user.is_superuser):`
			`# create transaction`
			`RegisterTransaction.objects.create(`
			`transaction_sum=-price,`
			`comment=f"Supply: {description}",`
			`is_user_deposit=False,`
			`user=user`
			`)`
			`return HttpResponse("success", status=200)`
			`else: raise Exception("Unexpected input or missing privileges.")`
			`except Exception as e:`
			`print(f"An exception occured while processing a supply transaction: User: {user.username} - Exception: {e}", file=sys.stderr)`
Initial commit - existing project files 2022-03-16 12:11:30 +01:00			`return HttpResponse(b"", status=500)`