Di3ddlmZmZmZddlmZddlmZddlm Z ddl m Z ddl m Z ddlmZddlmZdd lmZmZd d lmZmZmZmZmZd d lmZmZmZmZm Z m!Z!m"Z"m#Z#m$Z$m%Z%m&Z&Gd dejNZ(GddejRZ*GddejRZ+GddejXZ-GddejNZ.GddejRZ/GddejRZ0GddejRZ1y))viewsetsstatus permissions)action)Response)Token) authenticate)User)Q)DjangoFilterBackend) SearchFilterOrderingFilter)MemberChild AnnouncementEventMeeting) MemberSerializerMemberCreateSerializerMemberUpdateSerializerMemberListSerializerChildSerializerUserLoginSerializerPasswordChangeSerializerAdminPasswordResetSerializerAnnouncementSerializerEventSerializerMeetingSerializerceZdZdZdZdZy)IsAdminOrOwnerz` Custom permission: Admin can access everything, members can only access their own data cJ|jxr|jjSN)useris_authenticatedselfrequestviews 7/var/www/kalinger_portal/trust-backend/members/views.pyhas_permissionzIsAdminOrOwner.has_permissions||= = ==cb|jjry|j|jk(SNT)r$is_staff)r'r(r)objs r*has_object_permissionz$IsAdminOrOwner.has_object_permissions% << xx7<<''r,N)__name__ __module__ __qualname____doc__r+r1r,r*r!r!s>(r,r!ceZdZdZej j ZegZ e e e gZ dgZgdZgdZdgZdZdZedd g d Zedd g d Zed dg ddZedd g dZy) MemberViewSetz, ViewSet for Member CRUD operations is_active)namephone father_name)r: created_at annual_tax amount_duer:c|jdk(rtS|jdvrtS|jdk(rtStS)z-Return appropriate serializer based on actioncreate)updatepartial_updatelist)rrrrrr's r*get_serializer_classz"MemberViewSet.get_serializer_class/s? ;;( ") ) [[8 8) ) [[F "' 'r,c|jj}|jrtjj Stjj |S)z"Filter queryset based on user roler$)r(r$r/robjectsallfilter)r'r$s r* get_querysetzMemberViewSet.get_queryset9sE||   ==>>%%' '>>((d(3 3r,Fgetdetailmethodsc tjj|j}t |}t |j S#tj$r t dditjcYSwxYw)z!Get current user's member profilerHerrorzMember profile not foundr) rrIrMr$rrdata DoesNotExistrHTTP_404_NOT_FOUND)r'r(member serializers r*mezMemberViewSet.meCso ^^''W\\':F)&1JJOO, ,"" 4500  sA A 0A?>A?c|jjstdditjSt j jdj}t j jdj}t j jdj}t|||d S) z"Get member statistics (Admin only)rRAdmin access requiredrSTr9r)r?)amount_due__gt) total_members members_paidmembers_pending) r$r/rrHTTP_403_FORBIDDENrrIrKcount)r'r(r^ total_paid total_pendings r* statisticszMemberViewSet.statisticsPs||$$1200  ---=CCE ^^**a*8>>@ --Q-?EEG *&,   r,TpostNc&|j}t|j}|jr7|j |t |jt jSt |jt jS)zAdd a child to a memberrTrWrS) get_objectrrTis_validsaverrHTTP_201_CREATEDerrorsHTTP_400_BAD_REQUEST)r'r(pkrWrXs r* add_childzMemberViewSet.add_childcsh"$',,7    OO6O *JOOF4K4KL L ))&2M2MNNr,c>|jjstdditjSddlm}ddl}|d}d |d <|j|}|jgd tjjd j}|D]}d j|jjDcgc]+}|j d|j"d|j$d-c}} |j|j&|j |j(|j"|j*|j,|j.|j0| |j2|j4|j6|j8g |Scc}w)z$Export members to Excel (Admin only)rRr[rSr) HttpResponseNztext/csv) content_typez"attachment; filename="members.csv"zContent-Disposition) z Member IDNamePhoneDOBAddressz Father Namez Mother Namez Spouse NameChildrenz Annual Taxz Amount Paidz Amount DueStatuschildrenz; z (z, ))r$r/rrra django.httprscsvwriterwriterowrrIprefetch_relatedrJjoinr{r: date_of_birthgender member_idr;addressr< mother_name spouse_namer> amount_paidr?payment_status) r'r(rsr~responsermembersrWc children_lists r* export_excelzMemberViewSet.export_excelnsm||$$1200  -Z8*N&'H%  ..11*=AAC F II,,.'66("Q__-Rz;'M OO   V\\$$fnn""F$6$68J8J!!6#5#5v7H7H%%  's 0F r#)r2r3r4r5rrIrJquerysetr!permission_classesr r rfilter_backendsfilterset_fields search_fieldsordering_fieldsorderingrFrLrrYrerqrr6r,r*r8r8#s~~!!#H()*L.IO#}4MHOxH 4 55'* +  55'* + $ 4&*O+O 55'*&+&r,r8cTeZdZdZej j ZeZ e gZ dZ y) ChildViewSetz+ ViewSet for Child CRUD operations cr|jj}|jrtjj S t jj|}tjj|S#t j$r!tjjcYSwxYw)z"Filter children based on user rolerHri) r(r$r/rrIrJrrMrKrUnone)r'r$rWs r*rLzChildViewSet.get_querysets||   ====$$& & ,+++6}}++6+::&& ,}}))++ ,s?B1B65B6N) r2r3r4r5rrIrJrrserializer_classr!rrLr6r,r*rrs/}}  "H&() ,r,rceZdZdZej gZeddgdZeddgejgdZ eddgejgdZ eddgejgd Z y ) AuthViewSetz/ ViewSet for authentication operations FrfrNc t|j}|jr|jd}|jd}t ||}|rt j j|\}} tj j|}|j} t|j|j|| |j|j|jdStd d it$j& St|j(t$j* S#tj $r=t|j|j||j|j"ddcYSwxYw) zLogin with phone and passwordrhr;password)usernamerrH)tokenuser_idr;is_adminrr:password_reset_requiredF)rrr;rr:rrRzInvalid credentialsrS)rrTrkvalidated_datar rrI get_or_createrrMr/rkeyidr:rrUrrHTTP_401_UNAUTHORIZEDrnro) r'r(rXr;rr$rcreatedrWrs r*loginzAuthViewSet.loginsS)gll;    --g6E!00I ++y+9{{ &|| !!,/ 26. !A&++O*6!'! ))&2M2MNN && 01!44 s*BD%%0EEN) r2r3r4r5rAllowAnyrrrIsAuthenticatedrrrr6r,r*rrs&../ 56(+-O,-O^ 56( @[@[?\] ^  56( @[@[?\]O^O< 56( @[@[?\]&O^&Or,rceZdZdZdZy)IsAdminOrReadOnlyz+Admin can do anything, others can only readc|jtjvry|jxr|jjSr.)methodr SAFE_METHODSr$r/r&s r*r+z IsAdminOrReadOnly.has_permission:s0 >>[55 5||5 5 55r,N)r2r3r4r5r+r6r,r*rr8s 56r,rc2eZdZeZej egZdZ y)AnnouncementViewSetc|jjjrtjj Stjj dSNTr\)r(r$r/rrIrJrKrEs r*rLz AnnouncementViewSet.get_querysetDsD <<   % %''++- -##**T*::r,N) r2r3r4rrrrrrrLr6r,r*rr@s-%557HI;r,rc2eZdZeZej egZdZ y) EventViewSetc|jjjrtjj Stjj dSr)r(r$r/rrIrJrKrEs r*rLzEventViewSet.get_querysetNs@ <<   % %==$$& &}}##d#33r,N) r2r3r4rrrrrrrLr6r,r*rrJs&%557HI4r,rc2eZdZeZej egZdZ y)MeetingViewSetc|jjjrtjj Stjj dSr)r(r$r/rrIrJrKrEs r*rLzMeetingViewSet.get_querysetXs@ <<   % %??&&( (%%%55r,N) r2r3r4rrrrrrrLr6r,r*rrTs(%557HI6r,rN)2rest_frameworkrrrrest_framework.decoratorsrrest_framework.responserrest_framework.authtoken.modelsrdjango.contrib.authr django.contrib.auth.modelsr django.db.modelsr django_filters.rest_frameworkr rest_framework.filtersr rmodelsrrrrr serializersrrrrrrrrrrrBasePermissionr! ModelViewSetr8rViewSetrrrrrr6r,r*rs88,,1,+=??? ([// (rH))rj,8((,*HO(""HOV6 226;(//;48((46X**6r,