from appservices.common.util import * from appservices.common.form_schemas import * staff_members = Blueprint("staff_members",__name__) # Add staff member @staff_members.route("/add_staff_member",methods=["POST","GET"]) @adminid_access_token_required @csrf_protect def add_staff_member(): data_status={"responseStatus":0,"result":""} try: if not session.get("adminId"): flash("session expired.Please login again.") data_status["responseStatus"]=4 return data_status adminId = session.get("adminId") csrf_token = request.form.get("csrf_token") print(csrf_token,"((((((((((((((csrf_token))))))))))))))") latitude = request.form.get("latitude", "") longitude = request.form.get("longitude", "") loginBrowser = request.headers.get("Sec-Ch-Ua") if loginBrowser: loginBrowseData = loginBrowser.split(";") browser = loginBrowseData[0] else: loginBrowseData = request.headers.get('User-Agent').split(";") browser = loginBrowseData[0] client_ip=0 # Extracting client IP address if request.headers.getlist("X-Forwarded-For"): client_ip = request.headers.getlist("X-Forwarded-For")[0] else: client_ip = request.remote_addr actionDate=datetime.datetime.now() role_permissions = fetch_staff_permissions(session.get("adminId")) rolesList = [] # if request.method == "GET": # roles_queryset = Roles.objects(status__in=[1]).order_by("-id").all() # for each_role in roles_queryset: # roleDict = fetching_role_details(each_role) # rolesList.append(roleDict) # return render_template("super_admin_templates/add_staff_member.html",rolesList=rolesList,role_permissions=role_permissions) permissionsList = check_permissions(adminId,"staffPermissions") if "add" in permissionsList: if request.method == "POST": userName = request.form.get("userName","") email = request.form.get("email","") password = request.form.get("password","") phoneNumber = request.form.get("phoneNumber","") roleId = request.form.get("roleId","") authenticationEnabled = request.form.get("authenticationEnabled",False) otp_check_id = request.form.get("otpLogid", "") defaultVerificationId = request.form.get("defaultVerificationId", "") print("otp_check_id",otp_check_id) if not otp_check_id: flash("Invalid Request.", "danger") data_status['responseStatus']=4 return data_status otpcheck_queryset = OtpChecks.objects(adminId=adminId,defaultVerificationField=defaultVerificationId, id=str(otp_check_id), status=1).first() if not otpcheck_queryset: flash("Invalid Request.", "danger") data_status['responseStatus']=4 return data_status # Update OTP status to 2 after verification otpcheck_queryset.update(status=2) jsonData = request.form.to_dict(flat=True) requestData = [jsonData] updatedrequestData = [jsonData] form = StaffMembersForm(is_update=True) if form.validate_on_submit(): if userName and email and password and phoneNumber and roleId: check_unique = SuperAdmin.objects(userName__iexact=userName,status__in=[0,1]).first() if check_unique: flash("Staff member userName already in use!", "danger") data_status['responseStatus']=4 return data_status check_unique_email = SuperAdmin.objects(email__iexact=email,status__in=[0,1]).first() if check_unique_email: flash("Staff member email already in use!", "danger") data_status['responseStatus']=4 return data_status admin_queryset = SuperAdmin.objects(id=adminId,status=1).first() if admin_queryset: message=admin_queryset.userName+" "+userName+" Staff member created successfully!" save_admin_log_table = save_admin_logs_data(adminId,None,None,"add_staff_member","create",actionDate,client_ip,browser,message,requestData,updatedrequestData,latitude,longitude) if authenticationEnabled == "True": authenticationEnabled=True else: authenticationEnabled=False staff_member_table = SuperAdmin( userName=userName, roleId=roleId, email=email, phoneNumber=phoneNumber, adminType="staff", authenticationEnabled=authenticationEnabled, password= generate_password_hash(password), createdOn=datetime.datetime.now(), status=1 ) save_staff_member_table = staff_member_table.save() flash("Staff member added successfully!", "success") data_status['responseStatus']=1 return data_status else: data_status['responseStatus']=2 data_status['result']="Required fields are missing!!" return data_status else: data_status['result']=form.errors return data_status else: data_status['responseStatus']=4 return data_status else: flash("The staff member does not have permission to create.", "danger") data_status['responseStatus']=4 return data_status except Exception as e: app.logger.error(traceback.format_exc()) flash("Unable to add staff member!!", "danger") data_status['responseStatus']=4 return data_status def fetching_staff_member_details(staff_member_queryset): staff_member_dict = {} try: staff_member_dict = { "id":str(staff_member_queryset.id), "userName":staff_member_queryset.userName, "email":staff_member_queryset.email, "phoneNumber":staff_member_queryset.phoneNumber, # "authenticationEnabled":staff_member_queryset.authenticationEnabled, } try: if staff_member_queryset.authenticationEnabled: staff_member_dict['authenticationEnabled']=staff_member_queryset.authenticationEnabled else: staff_member_dict['authenticationEnabled']=False except Exception as e: staff_member_dict['authenticationEnabled']=False try: if staff_member_queryset.roleId: staff_member_dict["roleId"]=str(staff_member_queryset.roleId.id) staff_member_dict["roleName"]=staff_member_queryset.roleId.roleName else: staff_member_dict["roleId"]="" staff_member_dict["roleName"]="" except Exception as e: staff_member_dict["roleId"]="" staff_member_dict["roleName"]="" if staff_member_queryset.status == 1: staff_member_dict["actionText"] = "Active" else: staff_member_dict["actionText"] = "Deactive" except Exception as e: app.logger.error(traceback.format_exc()) return staff_member_dict # View all staff_members @staff_members.route("/view_all_staff_members",methods=["POST","GET"]) @adminid_access_token_required def view_all_staff_members(): if not session.get("adminId"): return redirect("admin_login") adminId = session.get("adminId") staff_membersList=[] rolesList=[] snoCount=0 pagination = None error = "" Page = "" permissionsList = check_permissions(session.get("adminId"),"staffPermissions") print(permissionsList,"((((((((permissionsList))))))))") form=StaffMembersSearchForm(request.args) if "view" in permissionsList: try: search_element = request.args.get('search_element','') # role_permissions = fetch_staff_permissions(session.get("adminId")) # staff_members_queryset=SuperAdmin.objects(adminType="staff",status__in=[0,1]).order_by("-id") # if search_element: # staff_members_queryset = staff_members_queryset.filter(Q(userName__icontains=search_element)) # staff_members_queryset = staff_members_queryset.order_by("-id") # if staff_members_queryset: # for each_staff_member in staff_members_queryset: # staff_member_dict = fetching_staff_member_details(each_staff_member) # staff_membersList.append(staff_member_dict) # else: # staff_members_queryset=SuperAdmin.objects(id=adminId,status__in=[0,1]).order_by("-id") # for each_staff_member in staff_members_queryset: # staff_member_dict = fetching_staff_member_details(each_staff_member) # staff_membersList.append(staff_member_dict) filters = Q(status__in=[0, 1]) roles_queryset = ( Roles.objects(filters) .only("id","roleName") .order_by("-id") ) rolesList=list(roles_queryset) Page = request.args.get(get_page_parameter("Page"), type=int, default=1) per_page = 20 start = (Page - 1) * per_page total_count = 0 filters = Q(status__in=[0, 1]) & Q(adminType="staff") if form.validate(): if search_element: filters &= Q(userName__icontains=search_element) total_count = SuperAdmin.objects(filters).count() staff_members_queryset = ( SuperAdmin.objects(filters) .only("id", "userName", "email", "phoneNumber","authenticationEnabled","roleId", "status") .order_by("-id") .skip(start) .limit(per_page) ) staff_membersList = list(staff_members_queryset) else: staff_membersList=[] print("form errors",form.errors) snoCount = start pagination = Pagination(Page=Page, total=total_count, per_page=per_page,page_parameter ="Page", alignment="right", record_name="staff",href=f"?search_element={search_element}&Page={{0}}") # bankCodesPagination = Pagination(bankCodesPage=bankCodesPage, total=total_count, page_parameter="bankCodesPage", per_page=per_page, alignment="right", record_name="bankCode", href=f"?transactionApiId={transactionApiId}&bankSearchId={bankSearchId}&bankCodesPage={{0}}") # roles_queryset = Roles.objects(status__in=[0,1]).order_by("-id").all() # for each_role in roles_queryset: # roleDict = fetching_role_details(each_role) # rolesList.append(roleDict) return render_template("super_admin_templates/staff_members_list.html", rolesList=rolesList, staff_membersList=staff_membersList, pagination=pagination, # role_permissions=role_permissions, search_element =search_element, snoCount=snoCount, Page=Page, form=form, ) except Exception as e: app.logger.error(traceback.format_exc()) flash("Unable to fetch staff members list!", "danger") return render_template("super_admin_templates/staff_members_list.html", error=error, rolesList=rolesList, staff_membersList=staff_membersList, pagination=pagination, # role_permissions=role_permissions, search_element =search_element, snoCount=snoCount, Page=Page, form=form,) else: flash("Staff member does not have given view permissions!!", "danger") return redirect(url_for("admin.dashboard")) # Single view staff member @staff_members.route("/single_view_staff_member",methods=["POST","GET"]) @adminid_access_token_required def single_view_staff_member(): if not session.get("adminId"): return redirect("admin_login") try: role_permissions = fetch_staff_permissions(session.get("adminId")) staffMemberId = request.args.get("staffMemberId","") staff_member_queryset = SuperAdmin.objects(id=staffMemberId,status__in=[1,0]).first() staff_member_dict = fetching_staff_member_details(staff_member_queryset) return render_template("super_admin_templates/single_view_staff_member.html", staff_member_dict=staff_member_dict, role_permissions=role_permissions ) except Exception as e: app.logger.error(traceback.format_exc()) error = "Unable to fetch staff member details!!" return render_template("super_admin_templates/single_view_staff_member.html",error=error) # Staff member status update @staff_members.route("/staff_member_update_status",methods=["GET"]) @adminid_access_token_required def staff_member_update_status(): if not session.get("adminId"): return redirect("admin_login") adminId=session.get("adminId") Page=request.args.get("Page") search_element=request.args.get("search_element") redirectTo=url_for("staff_members.view_all_staff_members",Page=Page,search_element=search_element) latitude = request.args.get("latitude", "") longitude = request.args.get("longitude", "") loginBrowser = request.headers.get("Sec-Ch-Ua") if loginBrowser: loginBrowseData = loginBrowser.split(";") browser = loginBrowseData[0] else: loginBrowseData = request.headers.get('User-Agent').split(";") browser = loginBrowseData[0] client_ip=0 # Extracting client IP address if request.headers.getlist("X-Forwarded-For"): client_ip = request.headers.getlist("X-Forwarded-For")[0] else: client_ip = request.remote_addr actionDate=datetime.datetime.now() jsonData = request.form.to_dict(flat=True) existing_record = "" updatedrequestData = [jsonData] permissionsList = check_permissions(session.get("adminId"),"staffPermissions") if "edit" in permissionsList: staffMemberId=request.args.get("staffMemberId","") if staffMemberId: try: staff_member_queryset = SuperAdmin.objects(id__iexact=staffMemberId,status__nin=[2]).first() existing_record = staff_member_queryset.to_json() requestData = [existing_record] if staff_member_queryset: admin_queryset = SuperAdmin.objects(id=adminId,status=1).first() if staff_member_queryset.status == 0: staff_member_queryset.update(status=1) flash('Staff member activated successfully!', "success") message=admin_queryset.userName+" "+staff_member_queryset.userName+" Staff member activated successfully!" else: staff_member_queryset.update(status=0) flash('Staff member deactivated successfully!', "success") message=admin_queryset.userName+" "+staff_member_queryset.userName+" Staff member deactivated successfully!" save_admin_log_table = save_admin_logs_data(adminId,None,None,"staff_member_update_status","updatestatus",actionDate,client_ip,browser,message,requestData,updatedrequestData,latitude,longitude) return redirect(redirectTo) else: return redirect(redirectTo) except Exception as e: flash("Unable to update the status", "danger") app.logger.error(traceback.format_exc()) return redirect(redirectTo) else: return redirect(redirectTo) else: flash("The staff member does not have permission to update status.", "danger") return redirect(redirectTo) # Update staff member @staff_members.route("/update_staff_member",methods=["POST","GET"]) @adminid_access_token_required @csrf_protect def update_staff_member(): data_status={"responseStatus":0,"result":""} try: if not session.get("adminId"): flash("session Expired.") data_status["responseStatus"]=4 return data_status adminId=session.get("adminId") csrf_token = request.form.get("csrf_token") print(csrf_token,"((((((((((((((csrf_token))))))))))))))") latitude = request.form.get("latitude", "") longitude = request.form.get("longitude", "") loginBrowser = request.headers.get("Sec-Ch-Ua") if loginBrowser: loginBrowseData = loginBrowser.split(";") browser = loginBrowseData[0] else: loginBrowseData = request.headers.get('User-Agent').split(";") browser = loginBrowseData[0] existing_record = "" client_ip=0 # Extracting client IP address if request.headers.getlist("X-Forwarded-For"): client_ip = request.headers.getlist("X-Forwarded-For")[0] else: client_ip = request.remote_addr actionDate=datetime.datetime.now() role_permissions = fetch_staff_permissions(session.get("adminId")) permissionsList = check_permissions(session.get("adminId"),"staffPermissions") if "edit" in permissionsList: if request.method == "GET": staff_membersList =[] staffMemberId = request.args.get("staffMemberId") staff_member_queryset = SuperAdmin.objects(id=staffMemberId).first() rolesList = [] # roles_queryset = Roles.objects(status__in=[1]).order_by("-id").all() # for each_role in roles_queryset: # roleDict = fetching_role_details(each_role) # rolesList.append(roleDict) filters = Q(status__in=[0, 1]) roles_queryset = ( Roles.objects(filters) .only("id","roleName") .order_by("-id") ) rolesList=list(roles_queryset) staff_member_dict = fetching_staff_member_details(staff_member_queryset) return render_template("super_admin_templates/update_staff_member.html", staff_member_dict = staff_member_dict,rolesList=rolesList,role_permissions=role_permissions ) elif request.method == "POST": staffMemberId = request.form.get("staffMemberId","") userName = request.form.get("userName","") email = request.form.get("email") phoneNumber = request.form.get("phoneNumber") roleId = request.form.get("roleId","") authenticationEnabled = request.form.get("authenticationEnabled") otp_check_id = request.form.get("otpLogid", "") defaultVerificationId = request.form.get("defaultVerificationId", "") print("otp_check_id",otp_check_id) if not otp_check_id: flash("Invalid Request.", "danger") data_status['responseStatus']=4 return data_status otpcheck_queryset = OtpChecks.objects(adminId=adminId,defaultVerificationField=defaultVerificationId, id=str(otp_check_id), status=1).first() if not otpcheck_queryset: flash("Invalid Request.", "danger") data_status['responseStatus']=4 return data_status # Update OTP status to 2 after verification otpcheck_queryset.update(status=2) jsonData = request.form.to_dict(flat=True) form = StaffMembersForm(request.form, current_id=staffMemberId,is_update=True) if form.validate_on_submit(): check_unique = SuperAdmin.objects(id__ne=staffMemberId,userName__iexact=userName,status__in=[0,1]).first() if check_unique: flash("Staff member userName already in use!", "danger") data_status['responseStatus']=4 return data_status check_unique_email = SuperAdmin.objects(id__ne=staffMemberId,email__iexact=email,status__in=[0,1]).first() if check_unique_email: flash("Staff member email already in use!", "danger") data_status['responseStatus']=4 return data_status staff_member_queryset = SuperAdmin.objects(id=staffMemberId,status__in=[0,1]).first() existing_record = staff_member_queryset.to_json() admin_queryset = SuperAdmin.objects(id=adminId,status=1).first() message=admin_queryset.userName+" "+userName+" Staff member updated successfully!" requestData=[existing_record] updatedrequestData=[jsonData] save_admin_log_table = save_admin_logs_data(adminId,None,None,"update_staff_member","update",actionDate,client_ip,browser,message,requestData,updatedrequestData,latitude,longitude) if authenticationEnabled == "True": authenticationEnabled=True else: authenticationEnabled=False staff_member_queryset.update( userName = userName, email = email, phoneNumber = phoneNumber, authenticationEnabled = authenticationEnabled, roleId = ObjectId(roleId), ) flash('Staff member updated successfully!', "success") data_status["responseStatus"]=1 return data_status else: data_status["result"]=form.errors return data_status else: flash("Invalid request. Please try again.", "danger") data_status["responseStatus"]=4 return data_status else: flash("The staff member does not have permission to update.", "danger") data_status["responseStatus"]=4 return data_status except Exception as e: app.logger.error(traceback.format_exc()) error = "Unable to update staff member!!" flash(error, "danger") data_status["responseStatus"]=4 return data_status # # Delete staff member # @staff_members.route("/delete_staff_member",methods=["GET"]) # def delete_staff_member(): # try: # if not session.get("adminId"): # return redirect("admin_login") # if request.method == "GET": # staffMemberId = request.args.get("staffMemberId") # staff_member_queryset = SuperAdmin.objects(id=staffMemberId,status__in=[0,1]).first() # if not staff_member_queryset: # return # staff_member_queryset.update(status=2) # flash('Staff member deleted successfully!') # return redirect("view_all_staff_members") # except Exception as e: # app.logger.error(traceback.format_exc()) # flash("Unable to delete Staff member!!") # return redirect("view_all_staff_members") @staff_members.route("/delete_staff_member",methods=["POST","GET"]) @adminid_access_token_required @csrf_protect def delete_staff_member(): if not session.get("adminId"): return redirect("admin_login") adminId=session.get("adminId") Page=request.args.get("Page") search_element=request.args.get("search_element") redirectTo=url_for("staff_members.view_all_staff_members",Page=Page,search_element=search_element) csrf_token = request.form.get("csrf_token") print(csrf_token,"((((((((((((((csrf_token))))))))))))))") latitude = request.form.get("latitude", "") longitude = request.form.get("longitude", "") loginBrowser = request.headers.get("Sec-Ch-Ua") if loginBrowser: loginBrowseData = loginBrowser.split(";") browser = loginBrowseData[0] else: loginBrowseData = request.headers.get('User-Agent').split(";") browser = loginBrowseData[0] client_ip=0 # Extracting client IP address if request.headers.getlist("X-Forwarded-For"): client_ip = request.headers.getlist("X-Forwarded-For")[0] else: client_ip = request.remote_addr actionDate=datetime.datetime.now() jsonData = request.form.to_dict(flat=True) existing_record = "" updatedrequestData = [jsonData] permissionsList = check_permissions(session.get("adminId"),"staffPermissions") if "delete" in permissionsList: staffMemberId = request.args.get("staffMemberId","") if staffMemberId: try: otp_check_id = request.form.get("otpLogid", "") defaultVerificationId = request.form.get("defaultVerificationId", "") print("otp_check_id",otp_check_id) if not otp_check_id: flash("Invalid Request.") return redirect(redirectTo) otpcheck_queryset = OtpChecks.objects(adminId=adminId,defaultVerificationField=defaultVerificationId, id=str(otp_check_id), status=1).first() if not otpcheck_queryset: flash("Invalid Request.") return redirect(redirectTo) # Update OTP status to 2 after verification otpcheck_queryset.update(status=2) staff_member_queryset = SuperAdmin.objects(id=staffMemberId,status__in=[0,1]).first() existing_record = staff_member_queryset.to_json() requestData = [existing_record] admin_queryset = SuperAdmin.objects(id=adminId,status=1).first() if staff_member_queryset: staff_member_queryset.update(status=2) flash("Staff member deleted successfully!", "success") message=admin_queryset.userName+" "+staff_member_queryset.userName+" Staff member deleted successfully!" save_admin_log_table = save_admin_logs_data(adminId,None,None,"delete_staff_member","delete",actionDate,client_ip,browser,message,requestData,updatedrequestData,latitude,longitude) return redirect(redirectTo) else: flash("Invaild id!!", "danger") return redirect(redirectTo) except Exception as e: app.logger.error(traceback.format_exc()) return redirect(redirectTo) else: flash("Required field is missing!!", "danger") return redirect(redirectTo) else: flash("The staff member does not have permission to delete.", "danger") return redirect(redirectTo) # @staff_members.route("/generate_password",methods=["GET"]) # def generate_password(): # return_array={'reuslt':'fail'} # try: # if request.method == "GET": # password = request.args.get("password") # hash_password=generate_password_hash(password) # return_array['result']=hash_password # return return_array # except Exception as e: # return return_array # @staff_members.route("/delete_staff_member", methods=["POST", "GET"]) # def delete_staff_member(): # if not session.get("adminId"): # return redirect("admin_login") # adminId = session.get("adminId") # loginBrowser = request.headers.get("Sec-Ch-Ua") # if loginBrowser: # loginBrowseData = loginBrowser.split(";") # browser = loginBrowseData[0] # else: # loginBrowseData = request.headers.get('User-Agent').split(";") # browser = loginBrowseData[0] # client_ip = 0 # # Extracting client IP address # if request.headers.getlist("X-Forwarded-For"): # client_ip = request.headers.getlist("X-Forwarded-For")[0] # else: # client_ip = request.remote_addr # actionDate = datetime.datetime.now() # jsonData = request.form.to_dict(flat=True) # existing_record = "" # updatedrequestData = [jsonData] # permissionsList = check_permissions(session.get("adminId"), "staffPermissions") # action = request.form.get("action", "").strip() # data = request.form.to_dict() # # Step 1: Handle OTP Generation # if action == "generate": # mail_type = data.get("mailType", "").strip() # print(mail_type, "((((((((((((((((mail_type))))))))))))))))") # if not mail_type: # return jsonify({"responseStatus": 0, "result": "mailType is required!"}), 400 # return jsonify(generate_otp_helper(mail_type)) # # Step 2: Handle OTP Verification # elif action == "verify": # otp_check_id = request.form.get("otpCheckId", "") # otp_code = request.form.get("otpCode", "") # print(otp_check_id, "((((((((OTP CHECK ID????????????))))))))") # print(otp_code, "((((((((OTP CODE????????????))))))))") # if not otp_check_id or not otp_code: # return jsonify({"responseStatus": 0, "result": "Required fields are missing!"}) # return jsonify(verify_otp_helper(otp_check_id, otp_code)) # # Step 3: Update OTP status # elif action == "update": # otp_check_id = request.form.get("otpCheckId","A") # otpcheck_queryset = OtpChecks.objects(id=str(otp_check_id), status=1).first() # if not otpcheck_queryset: # return jsonify({"responseStatus": 0, "result": "Invalid Request."}) # # Update OTP status to 2 after verification # otpcheck_queryset.update(status=2) # return jsonify({"responseStatus": 1, "result": "OTP status successfully updated!"}) # permissionsList = check_permissions(session.get("adminId"), "staffPermissions") # if "delete" in permissionsList: # staffMemberId = request.args.get("staffMemberId","C") # if staffMemberId: # try: # staff_member_queryset = SuperAdmin.objects(id=staffMemberId, status__in=[0, 1]).first() # existing_record = staff_member_queryset.to_json() # requestData = [existing_record] # admin_queryset = SuperAdmin.objects(id=adminId, status=1).first() # if staff_member_queryset: # staff_member_queryset.update(status=2) # flash("Staff member deleted successfully!") # message = admin_queryset.userName + " " + staff_member_queryset.userName + " Staff member deleted successfully!" # save_admin_log_table = save_admin_logs_data( # adminId, None, None, "delete_staff_member", "delete", actionDate, client_ip, browser, message, requestData, updatedrequestData # ) # return redirect(url_for("staff_members.view_all_staff_members")) # else: # flash("Invalid id!!") # return redirect(url_for("staff_members.view_all_staff_members")) # except Exception as e: # app.logger.error(traceback.format_exc()) # return redirect(url_for("staff_members.view_all_staff_members")) # else: # flash("Required field is missing!!") # return redirect(url_for("staff_members.view_all_staff_members")) # else: # flash("Staff member does not have given delete permissions!!") # return redirect("view_all_staff_members")