diff --git a/README.md b/README.md index de75944a..453594da 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ [coverage_link]: https://coveralls.io/r/sequentech/iam?branch=master # Introduction - + The iam is an isolated server-side component that provides authentication and authorization primitives. It's is completely decoupled from sequent-core, and it's ignorant of concepts like "election", "vote" or diff --git a/iam/api/urls.py b/iam/api/urls.py index e796192c..8c6fb491 100644 --- a/iam/api/urls.py +++ b/iam/api/urls.py @@ -63,6 +63,7 @@ url(r'^auth-event/(?P\d+)/turnout/$', views.turnout, name='turnout'), url(r'^auth-event/(?P[-\w]+)/live-preview/$', views.live_preview, name='live-preview'), url(r'^auth-event/live-preview/$', views.live_preview, name='live-preview'), + url(r'^auth-event/delete-elections/$', views.delete_elections, name='delete-elections'), url(r'^auth-event/module/$', views.authevent_module, name='authevent_module'), url(r'^auth-event/module/(?P[-\w]+)/$', views.authevent_module, name='authevent_module'), diff --git a/iam/api/views.py b/iam/api/views.py index 8d6e571e..de00baf9 100644 --- a/iam/api/views.py +++ b/iam/api/views.py @@ -3365,4 +3365,70 @@ def get(self, request): return json_response(dict( highest_id=highest_pk )) -get_highest_authevent = login_required(GetHighestAutheventView.as_view()) \ No newline at end of file +get_highest_authevent = login_required(GetHighestAutheventView.as_view()) + + +class DeleteElections(View): + @login_required + def post(request, pk=None): + ''' + Uploads the configuration for a live preview + ''' + try: + elections_json = parse_json_request(request) + election_ids = elections_json['election-ids'] + except: + return json_response( + status=400, + error_codename=ErrorCodes.BAD_REQUEST) + + for election_id in election_ids: + permission_required(request.user, 'AuthEvent', ['edit', 'delete'], election_id) + + election_obj = AuthEvent.objects.get(pk=election_id) + children_pks = [child.id for child in election_obj.children.all()] + children_pks.append(election_obj.id) + # delete event and children in ballot box: + for pk in children_pks: + pk_obj = AuthEvent.objects.get(pk=pk) + ballot_box_base = settings.SEQUENT_ELECTIONS_BASE[0] + ballot_box_url = "%s/api/election/%s/delete" % ( + ballot_box_base, + pk + ) + ballot_box_request = requests.post( + ballot_box_url, + json=[], + headers={ + 'Authorization': generate_access_token_hmac( + settings.SHARED_SECRET, + "1:AuthEvent:%s:edit|delete" % pk, + pk_obj.get_refresh_token_duration_secs() + ), + 'Content-type': 'application/json' + } + ) + + LOGGER.info( + "DeleteElections.post\n" + + "delete pk (Ballot Box) '%d'\n" + + "ballot_box_url '%r'\n" + + "ballot_box_request.status_code '%r'\n" + + "ballot_box_request.text '%r'\n", + pk, + ballot_box_url, + ballot_box_request.status_code, + ballot_box_request.text + ) + if ballot_box_request.status_code != 200: + return json_response( + status=500, + error_codename=ErrorCodes.INTERNAL_SERVER_ERROR + ) + + election_obj.delete() + + data = {'status': 'ok'} + return json_response(data) + +delete_elections = DeleteElections.as_view() \ No newline at end of file