909 lines
39 KiB
Python
909 lines
39 KiB
Python
# Copyright (C) 2020 by Animath
|
|
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
|
|
import json
|
|
import os
|
|
import subprocess
|
|
from tempfile import mkdtemp
|
|
|
|
from django.conf import settings
|
|
from django.contrib import messages
|
|
from django.contrib.auth.mixins import AccessMixin, LoginRequiredMixin
|
|
from django.contrib.auth.models import User
|
|
from django.contrib.sites.models import Site
|
|
from django.core.exceptions import PermissionDenied, ValidationError
|
|
from django.db import transaction
|
|
from django.db.models import Q
|
|
from django.http import FileResponse, Http404
|
|
from django.shortcuts import redirect, resolve_url
|
|
from django.template.loader import render_to_string
|
|
from django.urls import reverse_lazy
|
|
from django.utils import timezone, translation
|
|
from django.utils.crypto import get_random_string
|
|
from django.utils.http import urlsafe_base64_decode
|
|
from django.utils.text import format_lazy
|
|
from django.utils.translation import gettext_lazy as _
|
|
from django.views.generic import CreateView, DetailView, RedirectView, TemplateView, UpdateView, View
|
|
from django_tables2 import SingleTableView
|
|
from magic import Magic
|
|
from participation.models import Passage, Solution, Synthesis, Tournament
|
|
from tfjm.tokens import email_validation_token
|
|
from tfjm.views import UserMixin, UserRegistrationMixin, VolunteerMixin
|
|
|
|
from .forms import AddOrganizerForm, CoachRegistrationForm, HealthSheetForm, \
|
|
ParentalAuthorizationFinalForm, ParentalAuthorizationForm, PaymentAdminForm, PaymentForm, \
|
|
PhotoAuthorizationFinalForm, PhotoAuthorizationForm, SignupForm, StudentRegistrationForm, UserForm, \
|
|
VaccineSheetForm, VolunteerRegistrationForm
|
|
from .models import ParticipantRegistration, Payment, Registration, StudentRegistration
|
|
from .tables import RegistrationTable
|
|
|
|
|
|
class SignupView(CreateView):
|
|
"""
|
|
Signup, as a participant or a coach.
|
|
"""
|
|
model = User
|
|
form_class = SignupForm
|
|
template_name = "registration/signup.html"
|
|
extra_context = dict(title=_("Sign up"))
|
|
|
|
def get_context_data(self, **kwargs):
|
|
context = super().get_context_data()
|
|
|
|
context["student_registration_form"] = StudentRegistrationForm(self.request.POST or None)
|
|
context["coach_registration_form"] = CoachRegistrationForm(self.request.POST or None)
|
|
|
|
del context["student_registration_form"].fields["team"]
|
|
del context["student_registration_form"].fields["email_confirmed"]
|
|
del context["coach_registration_form"].fields["team"]
|
|
del context["coach_registration_form"].fields["email_confirmed"]
|
|
|
|
return context
|
|
|
|
@transaction.atomic
|
|
def form_valid(self, form):
|
|
role = form.cleaned_data["role"]
|
|
if role == "participant":
|
|
registration_form = StudentRegistrationForm(self.request.POST)
|
|
else:
|
|
registration_form = CoachRegistrationForm(self.request.POST)
|
|
del registration_form.fields["team"]
|
|
del registration_form.fields["email_confirmed"]
|
|
|
|
if not registration_form.is_valid():
|
|
return self.form_invalid(form)
|
|
|
|
ret = super().form_valid(form)
|
|
registration = registration_form.instance
|
|
registration.user = form.instance
|
|
registration.save()
|
|
registration.send_email_validation_link()
|
|
|
|
return ret
|
|
|
|
def get_success_url(self):
|
|
return reverse_lazy("registration:email_validation_sent")
|
|
|
|
|
|
class AddOrganizerView(VolunteerMixin, CreateView):
|
|
model = User
|
|
form_class = AddOrganizerForm
|
|
template_name = "registration/add_organizer.html"
|
|
extra_context = dict(title=_("Add organizer"))
|
|
|
|
def get_context_data(self, **kwargs):
|
|
context = super().get_context_data()
|
|
|
|
context["volunteer_registration_form"] = VolunteerRegistrationForm(self.request.POST or None)
|
|
del context["volunteer_registration_form"].fields["email_confirmed"]
|
|
if not self.request.user.registration.is_admin:
|
|
del context["volunteer_registration_form"].fields["admin"]
|
|
|
|
return context
|
|
|
|
@transaction.atomic
|
|
def form_valid(self, form):
|
|
registration_form = VolunteerRegistrationForm(self.request.POST)
|
|
del registration_form.fields["email_confirmed"]
|
|
if not self.request.user.registration.is_admin:
|
|
del registration_form.fields["admin"]
|
|
|
|
if not registration_form.is_valid():
|
|
return self.form_invalid(form)
|
|
|
|
ret = super().form_valid(form)
|
|
registration = registration_form.instance
|
|
registration.user = form.instance
|
|
registration.save()
|
|
registration.send_email_validation_link()
|
|
|
|
password = get_random_string(16)
|
|
form.instance.set_password(password)
|
|
form.instance.save()
|
|
|
|
subject = "[TFJM²] " + str(_("New TFJM² organizer account"))
|
|
site = Site.objects.first()
|
|
message = render_to_string('registration/mails/add_organizer.txt', dict(user=registration.user,
|
|
inviter=self.request.user,
|
|
password=password,
|
|
domain=site.domain))
|
|
html = render_to_string('registration/mails/add_organizer.html', dict(user=registration.user,
|
|
inviter=self.request.user,
|
|
password=password,
|
|
domain=site.domain))
|
|
registration.user.email_user(subject, message, html_message=html)
|
|
|
|
if registration.is_admin:
|
|
registration.user.is_superuser = True
|
|
registration.user.save()
|
|
|
|
return ret
|
|
|
|
def get_success_url(self):
|
|
return reverse_lazy("registration:email_validation_sent")
|
|
|
|
|
|
class UserValidateView(TemplateView):
|
|
"""
|
|
A view to validate the email address.
|
|
"""
|
|
title = _("Email validation")
|
|
template_name = 'registration/email_validation_complete.html'
|
|
extra_context = dict(title=_("Validate email"))
|
|
|
|
def get(self, *args, **kwargs):
|
|
"""
|
|
With a given token and user id (in params), validate the email address.
|
|
"""
|
|
assert 'uidb64' in kwargs and 'token' in kwargs
|
|
|
|
self.validlink = False
|
|
user = self.get_user(kwargs['uidb64'])
|
|
token = kwargs['token']
|
|
|
|
# Validate the token
|
|
if user is not None and email_validation_token.check_token(user, token):
|
|
self.validlink = True
|
|
user.registration.email_confirmed = True
|
|
user.registration.save()
|
|
return self.render_to_response(self.get_context_data(), status=200 if self.validlink else 400)
|
|
|
|
def get_user(self, uidb64):
|
|
"""
|
|
Get user from the base64-encoded string.
|
|
"""
|
|
try:
|
|
# urlsafe_base64_decode() decodes to bytestring
|
|
uid = urlsafe_base64_decode(uidb64).decode()
|
|
user = User.objects.get(pk=uid)
|
|
except (TypeError, ValueError, OverflowError, User.DoesNotExist, ValidationError):
|
|
user = None
|
|
return user
|
|
|
|
def get_context_data(self, **kwargs):
|
|
context = super().get_context_data(**kwargs)
|
|
context['user_object'] = self.get_user(self.kwargs["uidb64"])
|
|
context['login_url'] = resolve_url(settings.LOGIN_URL)
|
|
if self.validlink:
|
|
context['validlink'] = True
|
|
else:
|
|
context.update({
|
|
'title': _('Email validation unsuccessful'),
|
|
'validlink': False,
|
|
})
|
|
return context
|
|
|
|
|
|
class UserValidationEmailSentView(TemplateView):
|
|
"""
|
|
Display the information that the validation link has been sent.
|
|
"""
|
|
template_name = 'registration/email_validation_email_sent.html'
|
|
extra_context = dict(title=_('Email validation email sent'))
|
|
|
|
|
|
class UserResendValidationEmailView(LoginRequiredMixin, DetailView):
|
|
"""
|
|
Rensend the email validation link.
|
|
"""
|
|
model = User
|
|
extra_context = dict(title=_("Resend email validation link"))
|
|
|
|
def get(self, request, *args, **kwargs):
|
|
user = self.get_object()
|
|
user.registration.send_email_validation_link()
|
|
return redirect('registration:email_validation_sent')
|
|
|
|
|
|
class MyAccountDetailView(LoginRequiredMixin, RedirectView):
|
|
"""
|
|
Redirect to our own profile detail page.
|
|
"""
|
|
|
|
def get_redirect_url(self, *args, **kwargs):
|
|
return reverse_lazy("registration:user_detail", args=(self.request.user.pk,))
|
|
|
|
|
|
class UserDetailView(LoginRequiredMixin, DetailView):
|
|
"""
|
|
Display the detail about a user.
|
|
"""
|
|
|
|
model = User
|
|
context_object_name = "user_object"
|
|
template_name = "registration/user_detail.html"
|
|
|
|
def dispatch(self, request, *args, **kwargs):
|
|
me = request.user
|
|
if not me.is_authenticated:
|
|
return self.handle_no_permission()
|
|
user = self.get_object()
|
|
if user == me or me.registration.is_admin or me.registration.is_volunteer \
|
|
and user.registration.participates and user.registration.team \
|
|
and (user.registration.team.participation.tournament in me.registration.organized_tournaments.all()
|
|
or user.registration.team.participation.final
|
|
and Tournament.final_tournament() in me.registration.organized_tournaments.all()) \
|
|
or user.registration.is_volunteer and me.registration.is_volunteer \
|
|
and me.registration.interesting_tournaments.intersection(user.registration.interesting_tournaments):
|
|
return super().dispatch(request, *args, **kwargs)
|
|
raise PermissionDenied
|
|
|
|
def get_context_data(self, **kwargs):
|
|
context = super().get_context_data(**kwargs)
|
|
context["title"] = _("Detail of user {user}").format(user=str(self.object.registration))
|
|
return context
|
|
|
|
|
|
class UserListView(VolunteerMixin, SingleTableView):
|
|
"""
|
|
Display the list of all registered users.
|
|
"""
|
|
model = Registration
|
|
table_class = RegistrationTable
|
|
template_name = "registration/user_list.html"
|
|
|
|
|
|
class UserUpdateView(UserMixin, UpdateView):
|
|
"""
|
|
Update the detail about a user and its registration.
|
|
"""
|
|
model = User
|
|
context_object_name = "user_object"
|
|
form_class = UserForm
|
|
template_name = "registration/update_user.html"
|
|
|
|
def get_context_data(self, **kwargs):
|
|
context = super().get_context_data(**kwargs)
|
|
user = self.get_object()
|
|
context["title"] = _("Update user {user}").format(user=str(self.object.registration))
|
|
context["registration_form"] = user.registration.form_class(data=self.request.POST or None,
|
|
instance=self.object.registration)
|
|
if not self.request.user.registration.is_admin:
|
|
if "team" in context["registration_form"].fields:
|
|
del context["registration_form"].fields["team"]
|
|
if "admin" in context["registration_form"].fields:
|
|
del context["registration_form"].fields["admin"]
|
|
del context["registration_form"].fields["email_confirmed"]
|
|
return context
|
|
|
|
@transaction.atomic
|
|
def form_valid(self, form):
|
|
user = form.instance
|
|
registration_form = user.registration.form_class(data=self.request.POST or None,
|
|
instance=self.object.registration)
|
|
if not self.request.user.registration.is_admin:
|
|
if "team" in registration_form.fields:
|
|
del registration_form.fields["team"]
|
|
if "admin" in registration_form.fields:
|
|
del registration_form.fields["admin"]
|
|
del registration_form.fields["email_confirmed"]
|
|
|
|
if not registration_form.is_valid():
|
|
return self.form_invalid(form)
|
|
|
|
registration_form.save()
|
|
return super().form_valid(form)
|
|
|
|
def get_success_url(self):
|
|
return reverse_lazy("registration:user_detail", args=(self.object.pk,))
|
|
|
|
|
|
class UserUploadPhotoAuthorizationView(UserRegistrationMixin, UpdateView):
|
|
"""
|
|
A participant can send its photo authorization.
|
|
"""
|
|
model = ParticipantRegistration
|
|
template_name = "registration/upload_photo_authorization.html"
|
|
extra_context = dict(title=_("Upload photo authorization"))
|
|
|
|
def get_context_data(self, **kwargs):
|
|
context = super().get_context_data(**kwargs)
|
|
if self.object.team:
|
|
tournament = self.object.team.participation.tournament \
|
|
if 'final' not in self.request.path else Tournament.final_tournament()
|
|
context["tournament"] = tournament
|
|
return context
|
|
|
|
def get_form_class(self):
|
|
return PhotoAuthorizationForm if 'final' not in self.request.path else PhotoAuthorizationFinalForm
|
|
|
|
@transaction.atomic
|
|
def form_valid(self, form):
|
|
old_instance: ParticipantRegistration = ParticipantRegistration.objects.get(pk=self.object.pk)
|
|
old_field = old_instance.photo_authorization \
|
|
if 'final' not in self.request.path else old_instance.photo_authorization_final
|
|
if old_field:
|
|
old_field.delete()
|
|
old_instance.save()
|
|
return super().form_valid(form)
|
|
|
|
def get_success_url(self):
|
|
return reverse_lazy("registration:user_detail", args=(self.object.user.pk,))
|
|
|
|
|
|
class UserUploadHealthSheetView(UserRegistrationMixin, UpdateView):
|
|
"""
|
|
A participant can send its health sheet.
|
|
"""
|
|
model = StudentRegistration
|
|
form_class = HealthSheetForm
|
|
template_name = "registration/upload_health_sheet.html"
|
|
extra_context = dict(title=_("Upload health sheet"))
|
|
|
|
@transaction.atomic
|
|
def form_valid(self, form):
|
|
old_instance = StudentRegistration.objects.get(pk=self.object.pk)
|
|
if old_instance.health_sheet:
|
|
old_instance.health_sheet.delete()
|
|
old_instance.save()
|
|
return super().form_valid(form)
|
|
|
|
def get_success_url(self):
|
|
return reverse_lazy("registration:user_detail", args=(self.object.user.pk,))
|
|
|
|
|
|
class UserUploadVaccineSheetView(UserRegistrationMixin, UpdateView):
|
|
"""
|
|
A participant can send its vaccine sheet.
|
|
"""
|
|
model = StudentRegistration
|
|
form_class = VaccineSheetForm
|
|
template_name = "registration/upload_vaccine_sheet.html"
|
|
extra_context = dict(title=_("Upload vaccine sheet"))
|
|
|
|
@transaction.atomic
|
|
def form_valid(self, form):
|
|
old_instance = StudentRegistration.objects.get(pk=self.object.pk)
|
|
if old_instance.vaccine_sheet:
|
|
old_instance.vaccine_sheet.delete()
|
|
old_instance.save()
|
|
return super().form_valid(form)
|
|
|
|
def get_success_url(self):
|
|
return reverse_lazy("registration:user_detail", args=(self.object.user.pk,))
|
|
|
|
|
|
class UserUploadParentalAuthorizationView(UserRegistrationMixin, UpdateView):
|
|
"""
|
|
A participant can send its parental authorization.
|
|
"""
|
|
model = StudentRegistration
|
|
template_name = "registration/upload_parental_authorization.html"
|
|
extra_context = dict(title=_("Upload parental authorization"))
|
|
|
|
def get_context_data(self, **kwargs):
|
|
context = super().get_context_data(**kwargs)
|
|
if self.object.team:
|
|
tournament = self.object.team.participation.tournament \
|
|
if 'final' not in self.request.path else Tournament.final_tournament()
|
|
context["tournament"] = tournament
|
|
return context
|
|
|
|
def get_form_class(self):
|
|
return ParentalAuthorizationForm if 'final' not in self.request.path else ParentalAuthorizationFinalForm
|
|
|
|
@transaction.atomic
|
|
def form_valid(self, form):
|
|
old_instance: StudentRegistration = StudentRegistration.objects.get(pk=self.object.pk)
|
|
old_field = old_instance.parental_authorization \
|
|
if 'final' not in self.request.path else old_instance.parental_authorization_final
|
|
if old_field:
|
|
old_field.delete()
|
|
old_instance.save()
|
|
return super().form_valid(form)
|
|
|
|
def get_success_url(self):
|
|
return reverse_lazy("registration:user_detail", args=(self.object.user.pk,))
|
|
|
|
|
|
class AuthorizationTemplateView(TemplateView):
|
|
def get_context_data(self, **kwargs):
|
|
context = super().get_context_data(**kwargs)
|
|
|
|
translation.activate("fr")
|
|
|
|
if "registration_id" in self.request.GET:
|
|
registration = Registration.objects.get(pk=self.request.GET.get("registration_id"))
|
|
# Don't get unwanted information
|
|
if registration.user == self.request.user \
|
|
or self.request.user.is_authenticated and self.request.user.registration.is_admin:
|
|
context["registration"] = registration
|
|
if "tournament_id" in self.request.GET and self.request.GET.get("tournament_id").isnumeric():
|
|
if not Tournament.objects.filter(pk=self.request.GET.get("tournament_id")).exists():
|
|
raise PermissionDenied("Ce tournoi n'existe pas.")
|
|
context["tournament"] = Tournament.objects.get(pk=self.request.GET.get("tournament_id"))
|
|
elif "tournament_name" in self.request.GET:
|
|
if not Tournament.objects.filter(name__iexact=self.request.GET.get("tournament_name")).exists():
|
|
raise PermissionDenied("Ce tournoi n'existe pas.")
|
|
context["tournament"] = Tournament.objects.get(name__iexact=self.request.GET.get("tournament_name"))
|
|
else:
|
|
raise PermissionDenied("Merci d'indiquer un tournoi.")
|
|
|
|
return context
|
|
|
|
def render_to_response(self, context, **response_kwargs):
|
|
tex = render_to_string(self.template_name, context=context, request=self.request)
|
|
temp_dir = mkdtemp()
|
|
with open(os.path.join(temp_dir, "texput.tex"), "w") as f:
|
|
f.write(tex)
|
|
process = subprocess.Popen(["pdflatex", "-interaction=nonstopmode", f"-output-directory={temp_dir}",
|
|
os.path.join(temp_dir, "texput.tex"), ])
|
|
process.wait()
|
|
return FileResponse(open(os.path.join(temp_dir, "texput.pdf"), "rb"),
|
|
content_type="application/pdf",
|
|
filename=self.template_name.split("/")[-1][:-3] + "pdf")
|
|
|
|
|
|
class AdultPhotoAuthorizationTemplateView(AuthorizationTemplateView):
|
|
template_name = "registration/tex/Autorisation_droit_image_majeur.tex"
|
|
|
|
|
|
class ChildPhotoAuthorizationTemplateView(AuthorizationTemplateView):
|
|
template_name = "registration/tex/Autorisation_droit_image_mineur.tex"
|
|
|
|
|
|
class ParentalAuthorizationTemplateView(AuthorizationTemplateView):
|
|
template_name = "registration/tex/Autorisation_parentale.tex"
|
|
|
|
|
|
class InstructionsTemplateView(AuthorizationTemplateView):
|
|
template_name = "registration/tex/Instructions.tex"
|
|
|
|
|
|
class PaymentUpdateView(LoginRequiredMixin, UpdateView):
|
|
model = Payment
|
|
form_class = PaymentAdminForm
|
|
|
|
def dispatch(self, request, *args, **kwargs):
|
|
user = self.request.user
|
|
object = self.get_object()
|
|
if not user.is_authenticated or \
|
|
not user.registration.is_admin \
|
|
and (user.registration.is_volunteer and user.registration not in object.tournament.organizers.all()
|
|
or user.registration.is_student and user.registration not in object.registrations.all()
|
|
or user.registration.is_coach and user.registration.team != object.team):
|
|
return self.handle_no_permission()
|
|
return super().dispatch(request, *args, **kwargs)
|
|
|
|
def get_context_data(self, **kwargs):
|
|
context = super().get_context_data()
|
|
context['title'] = _("Update payment")
|
|
# Grouping is only possible if there isn't any validated payment in the team
|
|
context['can_group'] = all(p.valid is False for reg in self.object.team.students.all()
|
|
for p in reg.payments.filter(final=self.object.final).all())
|
|
context['bank_transfer_form'] = PaymentForm(payment_type='bank_transfer',
|
|
data=self.request.POST or None,
|
|
instance=self.object)
|
|
|
|
if not self.object.grouped:
|
|
context['scholarship_form'] = PaymentForm(payment_type='scholarship',
|
|
data=self.request.POST or None,
|
|
instance=self.object)
|
|
|
|
context['other_form'] = PaymentForm(payment_type='other',
|
|
data=self.request.POST or None,
|
|
instance=self.object)
|
|
return context
|
|
|
|
def form_valid(self, form):
|
|
old_instance = Payment.objects.get(pk=self.object.pk)
|
|
if self.request.user.registration.participates:
|
|
if old_instance.valid is not False:
|
|
raise PermissionDenied(_("This payment is already valid or pending validation."))
|
|
if old_instance.valid is False:
|
|
form.instance.valid = None
|
|
if old_instance.receipt:
|
|
old_instance.receipt.delete()
|
|
old_instance.save()
|
|
return super().form_valid(form)
|
|
|
|
def get_success_url(self):
|
|
return reverse_lazy("participation:team_detail", args=(self.object.registrations.first().team.pk,))
|
|
|
|
|
|
class PaymentUpdateGroupView(LoginRequiredMixin, DetailView):
|
|
model = Payment
|
|
|
|
def dispatch(self, request, *args, **kwargs):
|
|
payment = self.get_object()
|
|
|
|
if not self.request.user.is_authenticated or \
|
|
not self.request.user.registration.is_admin \
|
|
and (self.request.user.registration not in self.get_object().registrations.all()
|
|
or payment.valid is not False):
|
|
return self.handle_no_permission()
|
|
|
|
if any(p.valid is not False for reg in payment.team.students.all()
|
|
for p in reg.payments.filter(final=payment.final).all()):
|
|
raise PermissionDenied(_("Since one payment is already validated, or pending validation, "
|
|
"grouping is not possible."))
|
|
return super().dispatch(request, *args, **kwargs)
|
|
|
|
def get(self, request, *args, **kwargs):
|
|
payment = self.get_object()
|
|
|
|
if payment.valid is not False:
|
|
raise PermissionDenied(_("This payment is already valid or pending validation."))
|
|
|
|
if payment.grouped:
|
|
registrations = list(payment.registrations.all())
|
|
first_reg = registrations[0]
|
|
payment.registrations.set([first_reg])
|
|
payment.grouped = False
|
|
tournament = first_reg.team.participation.tournament if not payment.final else Tournament.final_tournament()
|
|
payment.amount = tournament.price
|
|
payment.checkout_intent_id = None
|
|
payment.save()
|
|
for registration in registrations[1:]:
|
|
p = Payment.objects.create(type=payment.type,
|
|
grouped=False,
|
|
final=payment.final,
|
|
amount=tournament.price,
|
|
receipt=payment.receipt,
|
|
additional_information=payment.additional_information)
|
|
p.registrations.set([registration])
|
|
p.save()
|
|
else:
|
|
reg = payment.registrations.get()
|
|
tournament = reg.team.participation.tournament if not payment.final else Tournament.final_tournament()
|
|
for student in reg.team.students.all():
|
|
if student != reg:
|
|
Payment.objects.filter(registrations=student, final=payment.final).delete()
|
|
payment.registrations.add(student)
|
|
payment.amount = tournament.price * reg.team.students.count()
|
|
payment.grouped = True
|
|
payment.checkout_intent_id = None
|
|
payment.save()
|
|
|
|
return redirect(reverse_lazy("registration:update_payment", args=(payment.pk,)))
|
|
|
|
|
|
class PaymentRedirectHelloAssoView(AccessMixin, DetailView):
|
|
model = Payment
|
|
|
|
def dispatch(self, request, *args, **kwargs):
|
|
payment = self.get_object()
|
|
|
|
# An external user has the link for the payment
|
|
token = request.GET.get('token', "")
|
|
if token and token == payment.token:
|
|
return super().dispatch(request, *args, **kwargs)
|
|
|
|
if not request.user.is_authenticated:
|
|
return self.handle_no_permission()
|
|
|
|
if not request.user.registration.is_admin:
|
|
if request.user.registration.is_volunteer \
|
|
and payment.tournament not in request.user.registration.organized_tournaments.all():
|
|
return self.handle_no_permission()
|
|
|
|
if request.user.registration.is_student \
|
|
and request.user.registration not in payment.registrations.all():
|
|
return self.handle_no_permission()
|
|
|
|
if request.user.registration.is_coach \
|
|
and request.user.registration.team != payment.team:
|
|
return self.handle_no_permission()
|
|
|
|
return super().dispatch(request, *args, **kwargs)
|
|
|
|
def get(self, request, *args, **kwargs):
|
|
payment = self.get_object()
|
|
if payment.valid is not False:
|
|
raise PermissionDenied(_("The payment is already valid or pending validation."))
|
|
|
|
checkout_intent = payment.create_checkout_intent()
|
|
return redirect(checkout_intent["redirectUrl"])
|
|
|
|
|
|
class PaymentHelloAssoReturnView(DetailView):
|
|
model = Payment
|
|
|
|
def get(self, request, *args, **kwargs):
|
|
checkout_id = request.GET.get("checkoutIntentId")
|
|
payment = self.get_object()
|
|
payment_qs = Payment.objects.exclude(valid=True).filter(checkout_intent_id=checkout_id).filter(pk=payment.pk)
|
|
if not payment_qs.exists():
|
|
messages.error(request, _("The payment is not found or is already validated."), "danger")
|
|
return redirect("index")
|
|
|
|
team = payment.team
|
|
tournament = payment.tournament
|
|
right_to_see = not request.user.is_anonymous \
|
|
and (request.user.registration.is_admin
|
|
or request.user.registration in payment.registrations.all()
|
|
or (request.user.registration.is_volunteer
|
|
and tournament in request.user.registration.organized_tournaments.all())
|
|
or (request.user.registration.is_coach and request.user.registration.team == team))
|
|
|
|
if right_to_see:
|
|
error_response = redirect("registration:update_payment", pk=payment.pk)
|
|
else:
|
|
error_response = redirect("index")
|
|
|
|
return_type = request.GET.get("type")
|
|
if return_type == "error":
|
|
messages.error(request, format_lazy(_("An error occurred during the payment: {error}"),
|
|
error=request.GET.get("error")), "danger")
|
|
return error_response
|
|
elif return_type == "return":
|
|
code = request.GET.get("code")
|
|
if code == "refused":
|
|
messages.error(request, _("The payment has been refused."), "danger")
|
|
return error_response
|
|
elif code != "succeeded":
|
|
messages.error(request, format_lazy(_("The return code is unknown: {code}"), code=code), "danger")
|
|
return error_response
|
|
else:
|
|
messages.error(request, format_lazy(_("The return type is unknown: {type}"), type=return_type), "danger")
|
|
return error_response
|
|
|
|
checkout_intent = payment.get_checkout_intent()
|
|
if 'order' in checkout_intent:
|
|
payment.type = "helloasso"
|
|
payment.valid = True
|
|
payment.additional_information = json.dumps(checkout_intent['order'])
|
|
payment.save()
|
|
messages.success(request, _("The payment has been successfully validated! "
|
|
"Your registration is now complete."))
|
|
payment.send_helloasso_payment_confirmation_mail()
|
|
else:
|
|
payment.type = "helloasso"
|
|
payment.valid = None
|
|
payment.save()
|
|
messages.success(request, _("Your payment is done! "
|
|
"The validation of your payment may takes a few minutes, "
|
|
"and will be automatically done. "
|
|
"If it is not the case, please contact us."))
|
|
|
|
if right_to_see:
|
|
return redirect("participation:team_detail", pk=team.pk)
|
|
else:
|
|
return redirect("index")
|
|
|
|
|
|
class PhotoAuthorizationView(LoginRequiredMixin, View):
|
|
"""
|
|
Display the sent photo authorization.
|
|
"""
|
|
|
|
def get(self, request, *args, **kwargs):
|
|
filename = kwargs["filename"]
|
|
path = f"media/authorization/photo/{filename}"
|
|
if not os.path.exists(path):
|
|
raise Http404
|
|
student = ParticipantRegistration.objects.get(Q(photo_authorization__endswith=filename)
|
|
| Q(photo_authorization_final__endswith=filename))
|
|
user = request.user
|
|
if not (student.user == user or user.registration.is_admin or user.registration.is_volunteer and student.team
|
|
and student.team.participation.tournament in user.registration.organized_tournaments.all()):
|
|
raise PermissionDenied
|
|
# Guess mime type of the file
|
|
mime = Magic(mime=True)
|
|
mime_type = mime.from_file(path)
|
|
ext = mime_type.split("/")[1].replace("jpeg", "jpg")
|
|
# Replace file name
|
|
true_file_name = _("Photo authorization of {student}.{ext}").format(student=str(student), ext=ext)
|
|
return FileResponse(open(path, "rb"), content_type=mime_type, filename=true_file_name)
|
|
|
|
|
|
class HealthSheetView(LoginRequiredMixin, View):
|
|
"""
|
|
Display the sent health sheet.
|
|
"""
|
|
|
|
def get(self, request, *args, **kwargs):
|
|
filename = kwargs["filename"]
|
|
path = f"media/authorization/health/{filename}"
|
|
if not os.path.exists(path):
|
|
raise Http404
|
|
student = StudentRegistration.objects.get(health_sheet__endswith=filename)
|
|
user = request.user
|
|
if not (student.user == user or user.registration.is_admin or user.registration.is_volunteer and student.team
|
|
and student.team.participation.tournament in user.registration.organized_tournaments.all()):
|
|
raise PermissionDenied
|
|
# Guess mime type of the file
|
|
mime = Magic(mime=True)
|
|
mime_type = mime.from_file(path)
|
|
ext = mime_type.split("/")[1].replace("jpeg", "jpg")
|
|
# Replace file name
|
|
true_file_name = _("Health sheet of {student}.{ext}").format(student=str(student), ext=ext)
|
|
return FileResponse(open(path, "rb"), content_type=mime_type, filename=true_file_name)
|
|
|
|
|
|
class VaccineSheetView(LoginRequiredMixin, View):
|
|
"""
|
|
Display the sent health sheet.
|
|
"""
|
|
|
|
def get(self, request, *args, **kwargs):
|
|
filename = kwargs["filename"]
|
|
path = f"media/authorization/vaccine/{filename}"
|
|
if not os.path.exists(path):
|
|
raise Http404
|
|
student = StudentRegistration.objects.get(vaccine_sheet__endswith=filename)
|
|
user = request.user
|
|
if not (student.user == user or user.registration.is_admin or user.registration.is_volunteer and student.team
|
|
and student.team.participation.tournament in user.registration.organized_tournaments.all()):
|
|
raise PermissionDenied
|
|
# Guess mime type of the file
|
|
mime = Magic(mime=True)
|
|
mime_type = mime.from_file(path)
|
|
ext = mime_type.split("/")[1].replace("jpeg", "jpg")
|
|
# Replace file name
|
|
true_file_name = _("Vaccine sheet of {student}.{ext}").format(student=str(student), ext=ext)
|
|
return FileResponse(open(path, "rb"), content_type=mime_type, filename=true_file_name)
|
|
|
|
|
|
class ParentalAuthorizationView(LoginRequiredMixin, View):
|
|
"""
|
|
Display the sent parental authorization.
|
|
"""
|
|
|
|
def get(self, request, *args, **kwargs):
|
|
filename = kwargs["filename"]
|
|
path = f"media/authorization/parental/{filename}"
|
|
if not os.path.exists(path):
|
|
raise Http404
|
|
student = StudentRegistration.objects.get(Q(parental_authorization__endswith=filename)
|
|
| Q(parental_authorization_final__endswith=filename))
|
|
user = request.user
|
|
if not (student.user == user or user.registration.is_admin or user.registration.is_volunteer and student.team
|
|
and student.team.participation.tournament in user.registration.organized_tournaments.all()):
|
|
raise PermissionDenied
|
|
# Guess mime type of the file
|
|
mime = Magic(mime=True)
|
|
mime_type = mime.from_file(path)
|
|
ext = mime_type.split("/")[1].replace("jpeg", "jpg")
|
|
# Replace file name
|
|
true_file_name = _("Parental authorization of {student}.{ext}").format(student=str(student), ext=ext)
|
|
return FileResponse(open(path, "rb"), content_type=mime_type, filename=true_file_name)
|
|
|
|
|
|
class ReceiptView(LoginRequiredMixin, View):
|
|
"""
|
|
Display the sent payment receipt or scholarship notification.
|
|
"""
|
|
|
|
def get(self, request, *args, **kwargs):
|
|
filename = kwargs["filename"]
|
|
path = f"media/authorization/receipt/{filename}"
|
|
if not os.path.exists(path):
|
|
raise Http404
|
|
payment = Payment.objects.get(receipt__endswith=filename)
|
|
user = request.user
|
|
if not (user.registration in payment.registrations.all() or user.registration.is_admin):
|
|
raise PermissionDenied
|
|
# Guess mime type of the file
|
|
mime = Magic(mime=True)
|
|
mime_type = mime.from_file(path)
|
|
ext = mime_type.split("/")[1].replace("jpeg", "jpg")
|
|
# Replace file name
|
|
registrations = ", ".join(str(registration) for registration in payment.registrations.all())
|
|
true_file_name = _("Payment receipt of {registrations}.{ext}").format(registrations=registrations, ext=ext)
|
|
return FileResponse(open(path, "rb"), content_type=mime_type, filename=true_file_name)
|
|
|
|
|
|
class SolutionView(LoginRequiredMixin, View):
|
|
"""
|
|
Display the sent solution.
|
|
"""
|
|
|
|
def get(self, request, *args, **kwargs):
|
|
filename = kwargs["filename"]
|
|
path = f"media/solutions/{filename}"
|
|
if not os.path.exists(path):
|
|
raise Http404
|
|
solution = Solution.objects.get(file__endswith=filename)
|
|
user = request.user
|
|
if user.registration.participates:
|
|
passage_participant_qs = Passage.objects.filter(Q(defender=user.registration.team.participation)
|
|
| Q(opponent=user.registration.team.participation)
|
|
| Q(reporter=user.registration.team.participation),
|
|
defender=solution.participation,
|
|
solution_number=solution.problem)
|
|
else:
|
|
passage_participant_qs = Passage.objects.none()
|
|
if not (user.registration.is_admin
|
|
or (user.registration.is_volunteer
|
|
and user.registration in solution.tournament.organizers.all())
|
|
or (user.registration.is_volunteer
|
|
and user.registration.pools_presided.filter(tournament=solution.tournament).exists())
|
|
or user.registration.is_volunteer
|
|
and Passage.objects.filter(Q(pool__juries=user.registration)
|
|
| Q(pool__tournament__in=user.registration.organized_tournaments.all()),
|
|
defender=solution.participation,
|
|
solution_number=solution.problem).exists()
|
|
or user.registration.participates and user.registration.team
|
|
and (solution.participation.team == user.registration.team or
|
|
any(passage.pool.round == 1
|
|
or timezone.now() >= passage.pool.tournament.solutions_available_second_phase
|
|
for passage in passage_participant_qs.all()))):
|
|
raise PermissionDenied
|
|
# Guess mime type of the file
|
|
mime = Magic(mime=True)
|
|
mime_type = mime.from_file(path)
|
|
ext = mime_type.split("/")[1].replace("jpeg", "jpg")
|
|
# Replace file name
|
|
true_file_name = str(solution) + f".{ext}"
|
|
return FileResponse(open(path, "rb"), content_type=mime_type, filename=true_file_name)
|
|
|
|
|
|
class SynthesisView(LoginRequiredMixin, View):
|
|
"""
|
|
Display the sent synthesis.
|
|
"""
|
|
|
|
def get(self, request, *args, **kwargs):
|
|
filename = kwargs["filename"]
|
|
path = f"media/syntheses/{filename}"
|
|
if not os.path.exists(path):
|
|
raise Http404
|
|
synthesis = Synthesis.objects.get(file__endswith=filename)
|
|
user = request.user
|
|
if not (user.registration.is_admin or user.registration.is_volunteer
|
|
and (user.registration in synthesis.passage.pool.juries.all()
|
|
or user.registration in synthesis.passage.pool.tournament.organizers.all()
|
|
or user.registration.pools_presided.filter(tournament=synthesis.passage.pool.tournament).exists())
|
|
or user.registration.participates and user.registration.team == synthesis.participation.team):
|
|
raise PermissionDenied
|
|
# Guess mime type of the file
|
|
mime = Magic(mime=True)
|
|
mime_type = mime.from_file(path)
|
|
ext = mime_type.split("/")[1].replace("jpeg", "jpg")
|
|
# Replace file name
|
|
true_file_name = str(synthesis) + f".{ext}"
|
|
return FileResponse(open(path, "rb"), content_type=mime_type, filename=true_file_name)
|
|
|
|
|
|
class UserImpersonateView(LoginRequiredMixin, RedirectView):
|
|
"""
|
|
An administrator can log in through this page as someone else, and act as this other person.
|
|
"""
|
|
|
|
def dispatch(self, request, *args, **kwargs):
|
|
if self.request.user.registration.is_admin:
|
|
if not User.objects.filter(pk=kwargs["pk"]).exists():
|
|
raise Http404
|
|
session = request.session
|
|
session["admin"] = request.user.pk
|
|
session["_fake_user_id"] = kwargs["pk"]
|
|
return super().dispatch(request, *args, **kwargs)
|
|
|
|
def get_redirect_url(self, *args, **kwargs):
|
|
return reverse_lazy("registration:user_detail", args=(kwargs["pk"],))
|
|
|
|
|
|
class ResetAdminView(LoginRequiredMixin, View):
|
|
"""
|
|
Return to admin view, clear the session field that let an administrator to log in as someone else.
|
|
"""
|
|
|
|
def dispatch(self, request, *args, **kwargs):
|
|
user = request.user
|
|
if not user.is_authenticated:
|
|
return self.handle_no_permission()
|
|
if "_fake_user_id" in request.session:
|
|
del request.session["_fake_user_id"]
|
|
return redirect(request.GET.get("path", reverse_lazy("index")))
|