diff --git a/apimanager/apimanager/settings.py b/apimanager/apimanager/settings.py index 2c134a6..dd26105 100644 --- a/apimanager/apimanager/settings.py +++ b/apimanager/apimanager/settings.py @@ -257,7 +257,7 @@ API_EXPLORER_HOST = 'http://127.0.0.1:8082' # Only override this if you have a separate portal instance API_PORTAL = API_HOST API_BASE_PATH = '/obp/v' -API_VERSION = '5.1.0' +API_VERSION = '5.0.0' # URL to API Tester API_TESTER_URL = 'https://www.example.com' diff --git a/apimanager/users/views.py b/apimanager/users/views.py index 4482f21..6144dd1 100644 --- a/apimanager/users/views.py +++ b/apimanager/users/views.py @@ -248,7 +248,7 @@ class MyDetailView(LoginRequiredMixin, FormView): messages.error(self.request, err) except Exception as err: messages.error(self.request, err) - user["entitlements"]["list"] = sorted(user["entitlements"]["list"], key=lambda d: d['role_name']) + context.update({ 'apiuser': user, # 'user' is logged-in user in template context }) @@ -340,7 +340,7 @@ class DeleteEntitlementView(LoginRequiredMixin, View): except Exception as err: messages.error(self.request, err) - # from sonarcloud: Change this code to not perform redirects based on user-controlled data. + # from sonarcloud: Change this code to not perform redirects based on user-controlled data. redirect_url_from_gui = request.POST.get('next', reverse('users-index')) if "/users/all/user_id/" in str(redirect_url_from_gui): redirect_url = reverse('users-detail',kwargs={"user_id":kwargs['user_id']}) @@ -348,7 +348,7 @@ class DeleteEntitlementView(LoginRequiredMixin, View): redirect_url = reverse('my-user-detail',kwargs={"user_id":kwargs['user_id']}) else: redirect_url = reverse('users-index') - + return HttpResponseRedirect(redirect_url) @@ -360,16 +360,38 @@ class UserStatusUpdateView(LoginRequiredMixin, View): api = API(self.request.session.get('obp')) try: if(request.POST.get("Delete")): - self._delete_user(api, request, args, kwargs) + urlpath = '/users/{}'.format(kwargs['user_id']) + result = api.delete(urlpath) + if result is not None and 'code' in result and result['code'] >= 400: + messages.error(request, result['message']) + else: + msg = 'User with ID {} has been deleted.'.format(kwargs['user_id']) + messages.success(request, msg) elif(request.POST.get("Lock")): - self._lock_user(api, request, args, kwargs) + urlpath = '/users/{}/locks'.format(kwargs['username']) + result = api.post(urlpath, None) + if result is not None and 'code' in result and result['code'] >= 400: + messages.error(request, result['message']) + else: + msg = 'User {} has been lock.'.format(kwargs['username']) + messages.success(request, msg) else: - self._lock_status_user(api, request, args, kwargs) + urlpath = '/users/{}/lock-status'.format(kwargs['username']) + result = api.put(urlpath, None) + #if result is not None and 'code' in result and result['code'] >= 400: + if 'code' in result and result['code'] == 404: + msg = 'User {} has been unlocked.'.format(kwargs['username']) + messages.success(request, msg) + else: + messages.error(request, result['message']) + #else: + # msg = 'User {} has been unlocked.'.format(kwargs['username']) + # messages.success(request, msg) except APIError as err: messages.error(request, err) - except Exception as err: - messages.error(self.request, err) + except Exception as e: + messages.error(self.request, 'Unknown Error' + str(e)) # from sonarcloud: Change this code to not perform redirects based on user-controlled data. redirect_url_from_gui = request.POST.get('next', reverse('users-index')) @@ -382,36 +404,6 @@ class UserStatusUpdateView(LoginRequiredMixin, View): return HttpResponseRedirect(redirect_url) - def _delete_user(self, api, request, *args, **kwargs): - urlpath = '/users/{}'.format(kwargs['user_id']) - result = api.delete(urlpath) - if result is not None and 'code' in result and result['code'] >= 400: - messages.error(request, result['message']) - else: - msg = 'User with ID {} has been deleted.'.format(kwargs['user_id']) - messages.success(request, msg) - - def _lock_user(self, api, request, *args, **kwargs): - urlpath = '/users/{}/locks'.format(kwargs['username']) - result = api.post(urlpath, None) - if result is not None and 'code' in result and result['code'] >= 400: - messages.error(request, result['message']) - else: - msg = 'User {} has been lock.'.format(kwargs['username']) - messages.success(request, msg) - - def _lock_status_user(self, api, request, *args, **kwargs): - urlpath = '/users/{}/lock-status'.format(kwargs['username']) - result = api.put(urlpath, None) - #if result is not None and 'code' in result and result['code'] >= 400: - if 'code' in result and result['code'] == 404: - msg = 'User {} has been unlocked.'.format(kwargs['username']) - messages.success(request, msg) - else: - messages.error(request, result['message']) - #else: - # msg = 'User {} has been unlocked.'.format(kwargs['username']) - # messages.success(request, msg) class ExportCsvView(LoginRequiredMixin, View): """View to export the user to csv""" @@ -449,4 +441,3 @@ class ExportCsvView(LoginRequiredMixin, View): writer.writerow([user['username'], user['user_id'], user['email'], user['provider_id'], user['provider'], user['last_marketing_agreement_signed_date']]) return response -