Blame view

src/core/pyros_django/user_manager/views.py 18.5 KB
1ba49504   Alexis Koralewski   fixing CSS and JS...
1
from django.shortcuts import render, redirect
e419a2f6   Alexis Koralewski   Add new version f...
2
3
from django.contrib.auth import authenticate, login, logout
from django.contrib.auth.decorators import login_required
02d94ed3   Alexis Koralewski   Reworking UI of w...
4
from django.contrib import messages
e419a2f6   Alexis Koralewski   Add new version f...
5
6
7
from dashboard.decorator import level_required
from django.shortcuts import get_object_or_404
from dashboard.forms import UserForm
1ba49504   Alexis Koralewski   fixing CSS and JS...
8
from .forms import PyrosUserCreationForm, UserPasswordResetForm
e419a2f6   Alexis Koralewski   Add new version f...
9
from django.core.mail import send_mail
1ba49504   Alexis Koralewski   fixing CSS and JS...
10
from common.models import ScientificProgram, PyrosUser, UserLevel, SP_Period, SP_Period_User
e419a2f6   Alexis Koralewski   Add new version f...
11
from django.urls import reverse
1ba49504   Alexis Koralewski   fixing CSS and JS...
12
13
from django.http import HttpResponseRedirect, HttpResponse
from django.conf import settings
ad3b297c   Alexis Koralewski   add pagination to...
14
from django.core.paginator import Paginator, EmptyPage, PageNotAnInteger
1ba49504   Alexis Koralewski   fixing CSS and JS...
15
16
import os
import sys
41bdf9a6   Alexis Koralewski   Adding SP on user...
17
from src.pyros_logger import log
ad3b297c   Alexis Koralewski   add pagination to...
18
from src.core.pyros_django.obsconfig.obsconfig_class import OBSConfig
e419a2f6   Alexis Koralewski   Add new version f...
19
20
21

LOGGED_PAGE = "../../dashboard/templates/dashboard/index.html"

1ba49504   Alexis Koralewski   fixing CSS and JS...
22

e419a2f6   Alexis Koralewski   Add new version f...
23
24
25
26
27
def home(request):
    '''
        Initial login view when coming on the website
    '''
    if request.user.is_authenticated:
1ba49504   Alexis Koralewski   fixing CSS and JS...
28
29
30
        return(render(request, LOGGED_PAGE, {'USER_LEVEL': request.user.get_priority(), 'base_template': "base.html", 'weather_img': "normal"}))
    return(render(request, LOGGED_PAGE, {"USER_LEVEL": "Visitor", 'base_template': 'base.html', 'weather_img': "red"}))

e419a2f6   Alexis Koralewski   Add new version f...
31
32

def roles_description(request):
1ba49504   Alexis Koralewski   fixing CSS and JS...
33
34
35
    return (render(request, "user_manager/roles_description.html"))


e419a2f6   Alexis Koralewski   Add new version f...
36
37
38
39
40
41
42
43
44
45
46
def create_user(request):
    '''
        View called to open the user creation form
    '''
    """
    if request.user.is_authenticated:
        return(render(request, LOGGED_PAGE, {'USER_LEVEL': request.user.get_priority(), 'base_template' : "base.html", 'weather_img': "normal"}))
    """
    form = PyrosUserCreationForm()
    return (render(request, "user_manager/home_user_creation.html", locals()))

1ba49504   Alexis Koralewski   fixing CSS and JS...
47

81d77f22   Alexis Koralewski   Adding 'forgotten...
48
49
def forgotten_password(request):
    form = UserPasswordResetForm()
1ba49504   Alexis Koralewski   fixing CSS and JS...
50
    message = ""
dc5e48b6   Alexis Koralewski   Fixing who can ed...
51
    user = None
81d77f22   Alexis Koralewski   Adding 'forgotten...
52
53
    if request.POST:
        password = PyrosUser.objects.make_random_password()
dc5e48b6   Alexis Koralewski   Fixing who can ed...
54
55
56
57
        try:
            user = PyrosUser.objects.get(email=request.POST["email"])
        except PyrosUser.DoesNotExist:
            message = "The email adress is invalid"
81d77f22   Alexis Koralewski   Adding 'forgotten...
58
59
60
61
62
        if user != None:
            user.set_password(password)
            user.save()
            send_mail(
                '[PyROS CC] Registration',
dc5e48b6   Alexis Koralewski   Fixing who can ed...
63
                f"Hello,\nYou recently took steps to reset the password for your PyROS account. A temporary password has been assigned, please log in with the following password: '{password}'. \n\nCordially,\n\nPyROS Control Center",
81d77f22   Alexis Koralewski   Adding 'forgotten...
64
65
66
67
                '',
                [request.POST['email']],
                fail_silently=False,
            )
1ba49504   Alexis Koralewski   fixing CSS and JS...
68
            message = "The email has been send !"
dc5e48b6   Alexis Koralewski   Fixing who can ed...
69
        else:
1ba49504   Alexis Koralewski   fixing CSS and JS...
70
71
72
            return render(request, 'user_manager/forgotten_password.html', {"form": form, "message": message})
    return render(request, 'user_manager/forgotten_password.html', {"form": form, "message": message})

81d77f22   Alexis Koralewski   Adding 'forgotten...
73

e419a2f6   Alexis Koralewski   Add new version f...
74
75
76
77
78
79
80
81
82
83
def user_signup_validation(request):
    '''
        View called to validate the user creation (form submitted)
    '''
    """
    if request.user.is_authenticated:
        return(render(request, LOGGED_PAGE, {'USER_LEVEL': request.user.get_priority(), 'base_template' : "base.html", 'weather_img': "normal"}))
    """
    form = PyrosUserCreationForm(request.POST)
    if request.POST:
35daee3f   Alexis Koralewski   Add bot security ...
84
85
86
        if int(request.POST.get("timer")) < 10:
            error = True
            message = "(Bot prevention) You were too quick to fill the form, please take at least 10 seconds to send the form"
e419a2f6   Alexis Koralewski   Add new version f...
87
        else:
35daee3f   Alexis Koralewski   Add bot security ...
88
89
90
91
92
93
94
95
96
            if "six" != request.POST.get("question").strip():
                error = True
                message = "Wrong answer to the question (Write the answer in letter and lowercase"
            else:
                if form.is_valid() and len(request.POST.get("iambot")) <= 0:
                    form.save()
                    message = "Account creation successful ! Login to continue"
                    success = True
                    if request.user.is_authenticated:
1ba49504   Alexis Koralewski   fixing CSS and JS...
97

35daee3f   Alexis Koralewski   Add bot security ...
98
99
100
101
102
103
104
105
106
                        if request.POST.get("next"):
                            return redirect(request.POST.get('next'))
                        else:
                            return redirect(reverse("users"))
                    else:
                        return(render(request, "user_manager/home_login.html", locals()))
                else:
                    message = "One or more fields contain errors. Please try again"
                    form_errors = form.errors
e419a2f6   Alexis Koralewski   Add new version f...
107
108
109
110
111
112
    else:
        message = "The system encountered an error. Please try again"

    error = True
    return (render(request, "user_manager/home_user_creation.html", locals()))

1ba49504   Alexis Koralewski   fixing CSS and JS...
113

e419a2f6   Alexis Koralewski   Add new version f...
114
115
116
117
def login_validation(request):
    '''
        View called when the user log in (form submitted)
    '''
1ba49504   Alexis Koralewski   fixing CSS and JS...
118
119
    config = OBSConfig(
        os.environ["PATH_TO_OBSCONF_FILE"], os.environ["unit_name"])
ad3b297c   Alexis Koralewski   add pagination to...
120
121
122
123
    observatory_name = config.get_obs_name()
    first_unit_name = config.get_units_name()[0]
    request.session["obsname"] = observatory_name+" "+first_unit_name
    request.session["pyros_config"] = settings.CONFIG_PYROS
e419a2f6   Alexis Koralewski   Add new version f...
124
    if request.user.is_authenticated:
e419a2f6   Alexis Koralewski   Add new version f...
125
126
127
128
        if request.POST.get("next"):
            return redirect(request.POST.get('next'))
        # initiate variable session for telling which role the user is using if this user has multiple roles
        # default role is the role with maximum priority
1ba49504   Alexis Koralewski   fixing CSS and JS...
129
130
        request.session["role"] = str(UserLevel.objects.get(
            priority=request.user.get_priority()))
02d94ed3   Alexis Koralewski   Reworking UI of w...
131
        return redirect(reverse("index"))
e419a2f6   Alexis Koralewski   Add new version f...
132
133
134
135
    username = password = ''
    if request.POST:
        email = request.POST.get('email')
        password = request.POST.get('password')
81d77f22   Alexis Koralewski   Adding 'forgotten...
136
137
138
139
        try:
            is_user_active = PyrosUser.objects.get(username=email).is_active
        except:
            is_user_active = None
e419a2f6   Alexis Koralewski   Add new version f...
140
141
142
143
144
145
146
147
148
149
        user = authenticate(username=email, password=password)
        if user is not None:
            success = False
            if user.is_active:
                login(request, user)
                request.session['user'] = email
                message = "Oui"
                success = True
                # initiate variable session for telling which role the user is using if this user has multiple roles
                # default role is the role with maximum priority
1ba49504   Alexis Koralewski   fixing CSS and JS...
150
151
                request.session["role"] = str(UserLevel.objects.get(
                    priority=request.user.get_priority()))
41bdf9a6   Alexis Koralewski   Adding SP on user...
152
                log.info(f"User {user} did action login")
e419a2f6   Alexis Koralewski   Add new version f...
153
154
                if request.POST.get("next"):
                    return redirect(request.POST.get('next'))
02d94ed3   Alexis Koralewski   Reworking UI of w...
155
                return redirect(reverse("index"))
e419a2f6   Alexis Koralewski   Add new version f...
156
            else:
81d77f22   Alexis Koralewski   Adding 'forgotten...
157
                message = "Your account is not active, please contact the Unit-PI."
e419a2f6   Alexis Koralewski   Add new version f...
158
        else:
81d77f22   Alexis Koralewski   Adding 'forgotten...
159
160
161
162
            if is_user_active != None and not is_user_active:
                message = "Your account is not active, please contact the Unit-PI."
            elif is_user_active or is_user_active == None:
                message = "Your email and/or password were incorrect."
1ba49504   Alexis Koralewski   fixing CSS and JS...
163

e419a2f6   Alexis Koralewski   Add new version f...
164
165
166
167
168
    else:
        message = "An unexpected error has occurred"
    error = True
    return(render(request, "user_manager/home_login.html", locals()))

e419a2f6   Alexis Koralewski   Add new version f...
169
170
171
172
173
174

@login_required
def superoperator_return(request):
    current_user = request.user
    return(render(request, "user_manager/user_detail.html", {'user': current_user, 'admin': 0}))

1ba49504   Alexis Koralewski   fixing CSS and JS...
175

e419a2f6   Alexis Koralewski   Add new version f...
176
177
178
179
180
181
@login_required
def user_logout(request):
    '''
        View called to log out. Redirects on login page.
    '''

41bdf9a6   Alexis Koralewski   Adding SP on user...
182
    log.info(f"User {request.user} did action logout")
e419a2f6   Alexis Koralewski   Add new version f...
183
    logout(request)
1ba49504   Alexis Koralewski   fixing CSS and JS...
184
185
    config = OBSConfig(
        os.environ["PATH_TO_OBSCONF_FILE"], os.environ["unit_name"])
81d77f22   Alexis Koralewski   Adding 'forgotten...
186
187
188
    observatory_name = config.get_obs_name()
    first_unit_name = config.get_units_name()[0]
    request.session["obsname"] = observatory_name+" "+first_unit_name
4e16078e   Alexis Koralewski   Logout redirect t...
189
    return redirect(reverse("index"))
1ba49504   Alexis Koralewski   fixing CSS and JS...
190
191
    return(render(request, LOGGED_PAGE, {'USER_LEVEL':  "Visitor", 'base_template': 'base.html', 'weather_img': "red"}))

e419a2f6   Alexis Koralewski   Add new version f...
192
193

def user_signin(request):
1ba49504   Alexis Koralewski   fixing CSS and JS...
194
    return(render(request, "user_manager/home_login.html", {"next": request.GET.get("next")}))
e419a2f6   Alexis Koralewski   Add new version f...
195
196
197


@login_required
1ba49504   Alexis Koralewski   fixing CSS and JS...
198
199
200
@level_required("Admin", "Unit-PI")
def delete_user(request, pk):
    user_to_be_deleted = get_object_or_404(PyrosUser, pk=pk)
81d77f22   Alexis Koralewski   Adding 'forgotten...
201
    if request.user != user_to_be_deleted and request.method == "POST":
e419a2f6   Alexis Koralewski   Add new version f...
202
203
        user_to_be_deleted.delete()
        return HttpResponseRedirect(reverse('users'))
81d77f22   Alexis Koralewski   Adding 'forgotten...
204
    else:
1ba49504   Alexis Koralewski   fixing CSS and JS...
205
        return HttpResponseRedirect(reverse("user_detail", kwargs={"pk": pk}))
e419a2f6   Alexis Koralewski   Add new version f...
206
207
208


@login_required
1ba49504   Alexis Koralewski   fixing CSS and JS...
209
@level_required("Admin", "Observer", "Management", "Operator", "Unit-PI", "TAC", "Unit board")
e419a2f6   Alexis Koralewski   Add new version f...
210
211
212
def users(request):
    current_user = request.user
    pyros_users_with_roles = []
dc5e48b6   Alexis Koralewski   Fixing who can ed...
213
    admin_and_unit_users = []
02d94ed3   Alexis Koralewski   Reworking UI of w...
214
    inactive_pyros_users = None
81d77f22   Alexis Koralewski   Adding 'forgotten...
215
    common_scientific_programs = None
e419a2f6   Alexis Koralewski   Add new version f...
216
217
218
219
    if request.session.get("role"):
        role = request.session.get("role")
    else:
        role = current_user.get_priority()
e419a2f6   Alexis Koralewski   Add new version f...
220
    if role in "Admin,Unit-PI,Unit board":
1ba49504   Alexis Koralewski   fixing CSS and JS...
221
222
223
224
        pyros_users_with_roles = PyrosUser.objects.exclude(
            is_active=False).order_by("-id")
        inactive_pyros_users = PyrosUser.objects.filter(
            is_active=False).order_by("-id")
e419a2f6   Alexis Koralewski   Add new version f...
225
    else:
1ba49504   Alexis Koralewski   fixing CSS and JS...
226
227
228
        sp_of_current_user = current_user.get_scientific_program()
        sp_periods_of_current_user = SP_Period.objects.filter(
            scientific_program__in=sp_of_current_user)
81d77f22   Alexis Koralewski   Adding 'forgotten...
229
        common_scientific_programs = sp_of_current_user
1ba49504   Alexis Koralewski   fixing CSS and JS...
230
231
        for sp in sp_periods_of_current_user:
            for user in SP_Period_User.objects.filter(SP_Period__in=sp_periods_of_current_user).exclude(user=current_user).values_list("user", flat=True):
e419a2f6   Alexis Koralewski   Add new version f...
232
                pyros_users_with_roles.append(PyrosUser.objects.get(id=user))
1ba49504   Alexis Koralewski   fixing CSS and JS...
233
234
235
236
            pyros_users_with_roles.append(
                sp.scientific_program.sp_pi)
        admin_and_unit_users = PyrosUser.objects.filter(
            user_level__name__in=("Unit-PI", "Unit-board", "Admin")).distinct()
e419a2f6   Alexis Koralewski   Add new version f...
237
    nb_of_scientific_program = ScientificProgram.objects.count()
cc15cb36   Alexis Koralewski   improving user ac...
238
    CAN_ADD_USER = request.session.get("role") in ("Admin,Unit-PI,Unit board")
e419a2f6   Alexis Koralewski   Add new version f...
239
240
    # need the negative to calculate in the template for adjusting correctly the information display
    negative_nb_scientific_program = -nb_of_scientific_program
ad3b297c   Alexis Koralewski   add pagination to...
241
242

    page = request.GET.get('page', 1)
1ba49504   Alexis Koralewski   fixing CSS and JS...
243
244
    pyros_users_paginator = Paginator(
        pyros_users_with_roles, settings.NB_ELEMENT_PER_PAGE)
ad3b297c   Alexis Koralewski   add pagination to...
245
246
247
248
249
    try:
        pyros_users_with_roles = pyros_users_paginator.page(page)
    except PageNotAnInteger:
        pyros_users_with_roles = pyros_users_paginator.page(1)
    except EmptyPage:
1ba49504   Alexis Koralewski   fixing CSS and JS...
250
251
        pyros_users_with_roles = pyros_users_paginator.page(
            pyros_users_paginator.num_pages)
cc15cb36   Alexis Koralewski   improving user ac...
252
253
    return render(request, 'user_manager/users_management.html', {
        'pyros_users_with_roles': pyros_users_with_roles,
1ba49504   Alexis Koralewski   fixing CSS and JS...
254
        "inactive_pyros_users": inactive_pyros_users,
cc15cb36   Alexis Koralewski   improving user ac...
255
        "nb_of_scientific_program": nb_of_scientific_program,
1ba49504   Alexis Koralewski   fixing CSS and JS...
256
257
        "negative_nb_scientific_program": negative_nb_scientific_program,
        "common_scientific_programs": common_scientific_programs,
dc5e48b6   Alexis Koralewski   Fixing who can ed...
258
        "admin_and_unit_users": admin_and_unit_users,
cc15cb36   Alexis Koralewski   improving user ac...
259
        "CAN_ADD_USER": CAN_ADD_USER
1ba49504   Alexis Koralewski   fixing CSS and JS...
260
261
    })

e419a2f6   Alexis Koralewski   Add new version f...
262
263

@login_required
1ba49504   Alexis Koralewski   fixing CSS and JS...
264
@level_required("Admin", "Unit-PI", "Unit board")
e419a2f6   Alexis Koralewski   Add new version f...
265
def change_activate(request, pk, current_user_id):
02d94ed3   Alexis Koralewski   Reworking UI of w...
266
267
268
269
270
    role = None
    if request.session.get("role") != None:
        role = request.session.get("role")
    else:
        role = UserLevel.objects.get(priority=request.user.get_priority()).name
1ba49504   Alexis Koralewski   fixing CSS and JS...
271
272
    if role in ["Admin", "Unit-PI", "Unit board"]:
        try:
81d77f22   Alexis Koralewski   Adding 'forgotten...
273
274
275
276
277
278
279
280
            user = get_object_or_404(PyrosUser, pk=pk)
            user.is_active = not user.is_active
            text_mail = ""
            text_object = ""
            if (user.first_time == False and user.is_active == True):
                user.first_time = True
                text_mail = "Hi,\n\nCongratulations, your registration has been approved by the PI. Welcome to the PyROS Control Center.\nIn order to submit observation sequences, you need to be associated to a scientific program.\n\nCordially,\n\nPyROS Control Center"
                text_object = "[PyROS CC] Welcome"
1ba49504   Alexis Koralewski   fixing CSS and JS...
281
282
283
284
                user.validator = get_object_or_404(
                    PyrosUser, pk=current_user_id)
                send_mail(text_object, text_mail, '', [
                          user.email], fail_silently=False,)
81d77f22   Alexis Koralewski   Adding 'forgotten...
285

1ba49504   Alexis Koralewski   fixing CSS and JS...
286
            # We're not sending an email if the account has been desactivated or re-activated
81d77f22   Alexis Koralewski   Adding 'forgotten...
287
288
289
290
291
292
            # elif (user.is_active == True):
            #     text_mail = "Hi,\n\nYour account on the PyROS Control Center have been re-activated.\n\nCordially,\n\nPyROS Control Center"
            #     text_object = "[PyROS CC] Re-activation"
            # else :
            #     text_mail = "Hi,\n\nYour account on the PyROS Control Center have benn desactivated. Please contact the PI for futher information.\n\nCordially,\n\nPyROS Control Center"
            #     text_object = "[PyROS CC] Desactivation"
1ba49504   Alexis Koralewski   fixing CSS and JS...
293

81d77f22   Alexis Koralewski   Adding 'forgotten...
294
            user.save()
1ba49504   Alexis Koralewski   fixing CSS and JS...
295

81d77f22   Alexis Koralewski   Adding 'forgotten...
296
297
298
299
            return redirect('user_detail', pk=pk)
        except PyrosUser.DoesNotExist:
            return redirect('user_detail', pk=pk)
    else:
1ba49504   Alexis Koralewski   fixing CSS and JS...
300
301
302
        return redirect("user_detail", pk=pk)


e419a2f6   Alexis Koralewski   Add new version f...
303
@login_required
1ba49504   Alexis Koralewski   fixing CSS and JS...
304
305
# @level_required("Admin","Observer","Management","Operator","Unit-PI","TAC","Unit board")
def user_detail_view(request, pk):
e419a2f6   Alexis Koralewski   Add new version f...
306
307
    try:
        is_last_user = PyrosUser.objects.count() == 1
1ba49504   Alexis Koralewski   fixing CSS and JS...
308
        user = PyrosUser.objects.get(pk=pk)
e419a2f6   Alexis Koralewski   Add new version f...
309
310
        current_user = request.user
        roles = current_user.get_list_of_roles()
cc15cb36   Alexis Koralewski   improving user ac...
311
        sp_periods = SP_Period_User.objects.filter(user=user)
1ba49504   Alexis Koralewski   fixing CSS and JS...
312
313
314
315
316
317
318
319
320
321
        CAN_VIEW_VALIDATOR = request.user.id == pk or request.session.get(
            "role") in ("Admin", "Unit-PI", "Unit-board")
        CAN_DELETE_USER = not is_last_user and request.session.get("role") in (
            "Admin", "Unit-PI", "Unit-board") and not user.is_superuser and request.user != user
        CAN_ACTIVATE_USER = not is_last_user and request.session.get("role") in (
            "Admin", "Unit-PI", "Unit-board") and not user.is_superuser and request.user != user
        CAN_EDIT_USER = request.user.id == pk or request.session.get(
            "role") in ("Admin", "Unit-PI", "Unit-board")
        CAN_VIEW_MOTIVE_OF_REGISTRATION = request.session.get("role") in (
            "Admin", "Unit-PI", "Unit-board") and len(user.motive_of_registration) > 0
41bdf9a6   Alexis Koralewski   Adding SP on user...
322
        scientific_programs = user.get_scientific_program()
e419a2f6   Alexis Koralewski   Add new version f...
323
324
    except PyrosUser.DoesNotExist:
        raise Http404("User does not exist")
cc15cb36   Alexis Koralewski   improving user ac...
325
    return render(request, 'user_manager/user_detail.html', context={
1ba49504   Alexis Koralewski   fixing CSS and JS...
326
327
328
329
330
        'user': user,
        'current_user': current_user,
        'is_last_user': is_last_user,
        "roles": roles,
        "scientific_programs": scientific_programs,
cc15cb36   Alexis Koralewski   improving user ac...
331
332
333
        "CAN_VIEW_VALIDATOR": CAN_VIEW_VALIDATOR,
        "CAN_DELETE_USER": CAN_DELETE_USER,
        "CAN_ACTIVATE_USER": CAN_ACTIVATE_USER,
67a50452   Alexis Koralewski   Add variable to c...
334
        "CAN_EDIT_USER": CAN_EDIT_USER,
1ba49504   Alexis Koralewski   fixing CSS and JS...
335
        "CAN_VIEW_MOTIVE_OF_REGISTRATION": CAN_VIEW_MOTIVE_OF_REGISTRATION
cc15cb36   Alexis Koralewski   improving user ac...
336
    })
e419a2f6   Alexis Koralewski   Add new version f...
337

1ba49504   Alexis Koralewski   fixing CSS and JS...
338

e419a2f6   Alexis Koralewski   Add new version f...
339
340
@login_required
@level_required()
1ba49504   Alexis Koralewski   fixing CSS and JS...
341
def user_detail_edit(request, pk):
e419a2f6   Alexis Koralewski   Add new version f...
342
343
344
345
346
    if request.session.get("role"):
        role = request.session.get("role")
    else:
        role = request.user.get_priority()
    # If its not his user profile or user isn't Unit-PI, Unit board, Admin or SP-PI, He can't edit this user profile and he is redirected to home page
1ba49504   Alexis Koralewski   fixing CSS and JS...
347
    if (request.user.id != pk and role not in ("Admin", "Unit-PI", "Unit board")):
e419a2f6   Alexis Koralewski   Add new version f...
348
349
        return HttpResponseRedirect(reverse('index'))
    edit = get_object_or_404(PyrosUser, pk=pk)
02d94ed3   Alexis Koralewski   Reworking UI of w...
350
    is_sp_pi = ScientificProgram.objects.filter(sp_pi=edit).count() > 0
e419a2f6   Alexis Koralewski   Add new version f...
351
    form = UserForm(request.POST or None, instance=edit)
1ba49504   Alexis Koralewski   fixing CSS and JS...
352
353
354
355
    CAN_EDIT_ROLE = request.session.get("role") in (
        "Admin", "Unit-PI", "Unit-board")
    CAN_EDIT_INSTITUTE = request.session.get(
        "role") in ("Admin", "Unit-PI", "Unit-board")
077d5a23   Alexis Koralewski   adding science th...
356
    CAN_EDIT_REFEREE_THEME = request.session.get("role") != "Visitor"
e419a2f6   Alexis Koralewski   Add new version f...
357
358
    # creating list of roles for the formular excluding visitor of the list
    roles = UserLevel.objects.exclude(name="Visitor")
077d5a23   Alexis Koralewski   adding science th...
359
    if request.POST and form.is_valid():
e419a2f6   Alexis Koralewski   Add new version f...
360
        obj = form.save(commit=False)
1ba49504   Alexis Koralewski   fixing CSS and JS...
361
        if(len(request.POST.getlist("roles")) > 0):
e419a2f6   Alexis Koralewski   Add new version f...
362
363
364
365
366
367
            if("Admin" in request.POST.getlist("roles")):
                # if Admin role has been assigned, add the authorisations to access to django admin pages
                obj.is_staff = True
                obj.is_admin = True
                obj.is_superuser = True
            else:
1ba49504   Alexis Koralewski   fixing CSS and JS...
368
                # just in case (for example, if user was previously an admin and has been downgraded) we're removing those authorisations
e419a2f6   Alexis Koralewski   Add new version f...
369
370
371
372
373
374
                obj.is_staff = False
                obj.is_admin = False
            obj.user_level.set(request.POST.getlist("roles"))
        else:
            # No role has been assigned, so the user has the Visitor role
            obj.user_level.set([UserLevel.objects.get(name="Visitor")])
1ba49504   Alexis Koralewski   fixing CSS and JS...
375
        if(len(request.POST.getlist("referee_themes")) > 0):
077d5a23   Alexis Koralewski   adding science th...
376
377
378
            obj.referee_themes.set(request.POST.getlist("referee_themes"))
        else:
            obj.referee_themes.set([])
e419a2f6   Alexis Koralewski   Add new version f...
379
        obj.save()
dc5e48b6   Alexis Koralewski   Fixing who can ed...
380
        if request.user == obj:
1ba49504   Alexis Koralewski   fixing CSS and JS...
381
382
            request.session["role"] = UserLevel.objects.get(
                priority=request.user.get_priority()).name
077d5a23   Alexis Koralewski   adding science th...
383

e419a2f6   Alexis Koralewski   Add new version f...
384
        return redirect('user_detail', pk=pk)
cc15cb36   Alexis Koralewski   improving user ac...
385
386
    return render(request, 'user_manager/user_detail_edit.html', {
        'form': form,
1ba49504   Alexis Koralewski   fixing CSS and JS...
387
388
389
390
        "roles": roles,
        "pk": pk,
        "user_edit": edit,
        "is_sp_pi": is_sp_pi,
dc5e48b6   Alexis Koralewski   Fixing who can ed...
391
        "CAN_EDIT_ROLE": CAN_EDIT_ROLE,
077d5a23   Alexis Koralewski   adding science th...
392
393
        "CAN_EDIT_INSTITUTE": CAN_EDIT_INSTITUTE,
        "CAN_EDIT_REFEREE_THEME": CAN_EDIT_REFEREE_THEME
cc15cb36   Alexis Koralewski   improving user ac...
394
    })
e419a2f6   Alexis Koralewski   Add new version f...
395
396
397
398
399
400


def set_active_role(request):
    previous_active_role = request.session.get("role")
    if request.user.is_authenticated:
        if request.POST.get("role"):
1ba49504   Alexis Koralewski   fixing CSS and JS...
401
402
            request.session["role"] = str(
                UserLevel.objects.get(name=request.POST.get("role")))
e419a2f6   Alexis Koralewski   Add new version f...
403
            if(previous_active_role is not None and previous_active_role != request.session.get("role")):
1ba49504   Alexis Koralewski   fixing CSS and JS...
404
405
                messages.success(
                    request, f"Role changed from {previous_active_role} to {request.session.get('role')}")
02d94ed3   Alexis Koralewski   Reworking UI of w...
406
407
                text_reponse = f'<div class="alert alert-info alert-dismissable"><button type="button" class="close" data-dismiss="alert" aria-hidden="true">&times;</button>\
                Role changed from {previous_active_role} to {request.session.get("role")}</div>'
1ba49504   Alexis Koralewski   fixing CSS and JS...
408
                return HttpResponse(text_reponse)