Merge pull request #355 from nemozak1/develop

Add functionality to delete NonPersonalUserAttributes
OpenBankProject · Apr 19, 2024 · 2651474 · 2651474
2 parents 030e50c + 8876b60
commit 2651474
Show file tree

Hide file tree

Showing 3 changed files with 87 additions and 1 deletion.
diff --git a/apimanager/users/templates/users/detail.html b/apimanager/users/templates/users/detail.html
@@ -118,6 +118,40 @@ <h2>{% trans "Entitlements" %}</h2>
 				</tbody>
 			</table>
 		</div>
+
+		<h2>{% trans "Non Personal User Attributes" %}</h2>
+		<div class="table-responsive">
+			<table class="table table-striped" aria-describedby="uses table">
+				<thead>
+					<th scope="col">{% trans "Name" %}</th>
+					<th scope="col">{% trans "Type" %}</th>
+					<th scope="col">{% trans "Value" %}</th>
+					<th scope="col">{% trans "Insert Date" %}</th>
+					<th scope="col">{% trans "Action" %}</th>
+				</thead>
+				<tbody>
+				{% for attribute in attributes.user_attributes %}
+					<tr>
+						<td>{{ attribute.name }}</td>
+						<td>{{ attribute.type }}</td>
+						<td>{{ attribute.value }}</td>
+						<td>{{ attribute.insert_date }}</td>
+						<td>
+						{# SuperAdmin has no entitlement_id! #}
+						{% if attribute.user_attribute_id %}
+							<form action="{% url 'users-delete-attribute' apiuser.user_id attribute.user_attribute_id %}" method="post">
+								{% csrf_token %}
+								<input type="hidden" name="next" value="{{ request.path }}" />
+								<input type="hidden" name="attribute_name" value="{{ attribute.name }}" />
+								<button type="submit" class="btn btn-primary btn-red">{% trans "Delete" %}</button>
+							</form>
+						{% endif %}
+						</td>
+					</tr>
+				{% endfor %}
+				</tbody>
+			</table>
+		</div>
 	</div>
 {% endif %}
 </div>

diff --git a/apimanager/users/urls.py b/apimanager/users/urls.py
@@ -7,7 +7,7 @@
 from django.urls import path
 
 from .views import IndexView, DetailView, MyDetailView, DeleteEntitlementView, InvitationView, UserStatusUpdateView, \
-    ExportCsvView, AutocompleteFieldView
+    ExportCsvView, AutocompleteFieldView, DeleteAttributeView
 
 urlpatterns = [
     url(r'^all$',
@@ -25,6 +25,9 @@
     url(r'^(?P<user_id>[\w-]+)/entitlement/delete/(?P<entitlement_id>[\w-]+)$',
         DeleteEntitlementView.as_view(),
         name='users-delete-entitlement'),
+    url(r'^(?P<user_id>[\w-]+)/atribute/delete/(?P<user_attribute_id>[\w-]+)$',
+        DeleteAttributeView.as_view(),
+        name='users-delete-attribute'),
     url(r'^(?P<user_id>[\w-]+)/userStatusUpdateView/(?P<username>[\w\@\.\+-]+)$',
         UserStatusUpdateView.as_view(),
         name='user-status-update'),

diff --git a/apimanager/users/views.py b/apimanager/users/views.py
@@ -8,6 +8,7 @@
 from django.http import HttpResponseRedirect, HttpResponse, JsonResponse
 from django.urls import reverse, reverse_lazy
 from django.views.generic import FormView, TemplateView, View
+from django.conf import settings
 
 from base.filters import BaseFilter
 from obp.api import API, APIError
@@ -184,8 +185,22 @@ def get_context_data(self, **kwargs):
         except Exception as err:
             messages.error(self.request, err)
 
+        non_personal_user_attributes = {}
+        try:
+            urlpath = '/users/{}/non-personal/attributes'.format(self.kwargs['user_id'])
+            non_personal_user_attributes = self.api.get(urlpath, settings.API_VERSION["v510"])
+            if 'code' in user and user['code']>=400:
+                messages.error(self.request, user['message'])
+            else:
+                context['form'].fields['user_id'].initial = user['user_id']
+        except APIError as err:
+            messages.error(self.request, err)
+        except Exception as err:
+            messages.error(self.request, err)
+
         context.update({
             'apiuser': user,  # 'user' is logged-in user in template context
+            'attributes': non_personal_user_attributes,
         })
         return context
 
@@ -349,6 +364,40 @@ def post(self, request, *args, **kwargs):
         return HttpResponseRedirect(redirect_url)
 
 
+class DeleteAttributeView(LoginRequiredMixin, View):
+    """View to delete an attribute"""
+
+    def post(self, request, *args, **kwargs):
+        """Deletes non-personal attributes from a user"""
+        print(request)
+        api = API(self.request.session.get('obp'))
+        try:
+            urlpath = '/users/{}/non-personal/attributes/{}'.format(
+                kwargs['user_id'], kwargs['user_attribute_id'])
+            result = api.delete(urlpath, settings.API_VERSION["v510"])
+            if result is not None and 'code' in result and result['code']>=400:
+                messages.error(request, result['message'])
+            else:
+                msg = 'Attribute "{}" has been deleted.'.format(
+                    request.POST.get('attribute_name', '<undefined>'))
+                messages.success(request, msg)
+        except APIError as err:
+            print("apierror")
+            messages.error(request, err)
+        except Exception as err:
+            print("other error")
+            messages.error(self.request, err)
+
+        # from sonarcloud: Change this code to not perform redirects based on user-controlled data.
+        redirect_url_from_gui = request.POST.get('next', reverse('users-index'))
+        if "/users/all/user_id/" in str(redirect_url_from_gui):
+            redirect_url = reverse('users-detail',kwargs={"user_id":kwargs['user_id']})
+        elif ("/users/myuser/user_id/" in str(redirect_url_from_gui)):
+            redirect_url = reverse('my-user-detail',kwargs={"user_id":kwargs['user_id']})
+        else:
+             redirect_url = reverse('users-index')
+        return HttpResponseRedirect(redirect_url)
+
 class UserStatusUpdateView(LoginRequiredMixin, View):
     """View to delete a user"""