From 0d4beafb9f19bc0636fd6884372c91632d9cb6ef Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Fri, 30 Nov 2018 21:01:45 +0100
Subject: [PATCH 01/86] update version number

---
 CHANGES                         | 4 ++++
 docker/Makefile                 | 6 +++---
 src/etools_datamart/__init__.py | 2 +-
 3 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/CHANGES b/CHANGES
index 25efa5264..30e97d8f4 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+1.8 (dev)
+---------
+* 
+
 1.7
 ---
 * WARNINGS: migration reset
diff --git a/docker/Makefile b/docker/Makefile
index 408ac0103..29994e6d1 100644
--- a/docker/Makefile
+++ b/docker/Makefile
@@ -38,9 +38,9 @@ build:
 			-f docker/${DOCKERFILE} .
 	docker tag ${DOCKER_IMAGE_NAME}:${TARGET} ${DOCKER_IMAGE_NAME}:dev
 #	flatten image
-	docker create ${DOCKER_IMAGE_NAME}:${TARGET} foo
-	docker export foo | docker import - unicef/datamart:${TARGET}
-	docker rm foo
+#	docker create --name foo ${DOCKER_IMAGE_NAME}:${TARGET}
+#	docker export foo | docker import - unicef/datamart:${TARGET}
+#	docker rm foo
 	docker images | grep ${DOCKER_IMAGE_NAME}
 
 
diff --git a/src/etools_datamart/__init__.py b/src/etools_datamart/__init__.py
index d8a3c921b..5e0f2abe6 100644
--- a/src/etools_datamart/__init__.py
+++ b/src/etools_datamart/__init__.py
@@ -1,3 +1,3 @@
 NAME = 'etools-datamart'
-VERSION = __version__ = '1.7'
+VERSION = __version__ = '1.8a0'
 __author__ = ''

From fc9461dc790ace191431a0156380cd4c8e2d0006 Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Fri, 30 Nov 2018 21:17:50 +0100
Subject: [PATCH 02/86] add some predefined Schedules

---
 .../apps/init/management/commands/init-setup.py               | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/etools_datamart/apps/init/management/commands/init-setup.py b/src/etools_datamart/apps/init/management/commands/init-setup.py
index 953465f85..7a4792585 100644
--- a/src/etools_datamart/apps/init/management/commands/init-setup.py
+++ b/src/etools_datamart/apps/init/management/commands/init-setup.py
@@ -181,6 +181,10 @@ def handle(self, *args, **options):
 
         if options['tasks'] or _all or options['refresh']:
             midnight, __ = CrontabSchedule.objects.get_or_create(minute=0, hour=0)
+            CrontabSchedule.objects.get_or_create(hour=[0, 6, 12, 18])
+            CrontabSchedule.objects.get_or_create(hour=[0, 12])
+            IntervalSchedule.objects.get_or_create(every=1, period=IntervalSchedule.HOURS)
+
             every_minute, __ = IntervalSchedule.objects.get_or_create(every=1, period=IntervalSchedule.MINUTES)
 
             tasks = app.get_all_etls()

From 21ad394f16e48f9a5d196f1dc66d7dd12838b2d2 Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Fri, 30 Nov 2018 22:11:58 +0100
Subject: [PATCH 03/86] add ability to create 'per model' custom templates for
 html/pdf renderers

---
 CHANGES                                     |  3 +-
 Pipfile                                     |  2 +
 Pipfile.lock                                | 97 +++++++++++++--------
 src/etools_datamart/apps/etl/admin.py       |  3 +-
 src/etools_datamart/config/settings.py      |  9 +-
 src/unicef_rest_framework/renderers/html.py |  1 +
 src/unicef_rest_framework/renderers/pdf.py  |  1 +
 7 files changed, 77 insertions(+), 39 deletions(-)

diff --git a/CHANGES b/CHANGES
index 30e97d8f4..61f6cfe2a 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,7 @@
 1.8 (dev)
 ---------
-* 
+* add ability to create 'per model' custom templates for html/pdf renderers
+    new `TEMPLATE_CACHE_URL` enironment variable
 
 1.7
 ---
diff --git a/Pipfile b/Pipfile
index b84c8130c..67df73f6d 100644
--- a/Pipfile
+++ b/Pipfile
@@ -56,6 +56,8 @@ django-celery-email = "*"
 "xhtml2pdf" = "*"
 pisa = "*"
 django-crispy-forms = "*"
+django-adminactions = "*"
+django-dbtemplates = "*"
 
 [dev-packages]
 "flake8" = ">=3.6.0"
diff --git a/Pipfile.lock b/Pipfile.lock
index 2b97db8c8..7246653d3 100644
--- a/Pipfile.lock
+++ b/Pipfile.lock
@@ -1,7 +1,7 @@
 {
     "_meta": {
         "hash": {
-            "sha256": "2c79b29b6f0397ba9724ed2ec50a286a3178b5b335f0a3b70ff3594a60dc9a9d"
+            "sha256": "e7ddab109d76e6e54b7c5fe951f72be61e8d0dfb8788995ffd384a763aa535a9"
         },
         "pipfile-spec": 6,
         "requires": {
@@ -759,6 +759,13 @@
             "index": "pypi",
             "version": "==2.1.3"
         },
+        "django-adminactions": {
+            "hashes": [
+                "sha256:15934cad0ee1ef198f715dc4c21599bc6add72ca667ba4118c4266d382ddd0e3"
+            ],
+            "index": "pypi",
+            "version": "==1.5"
+        },
         "django-adminfilters": {
             "hashes": [
                 "sha256:adab7f927b0845f9d87902ef3148ba704214e5977e5da483e386e82e445cb879"
@@ -857,6 +864,14 @@
             "index": "pypi",
             "version": "==0.5.0"
         },
+        "django-dbtemplates": {
+            "hashes": [
+                "sha256:9f63208bde2b3395b1adf8dfbf8f405a2cc3b082652faa16d32ecebc0e20d72b",
+                "sha256:d17d01264277c6a744604e1fae52678c238d0695c47f67a6982f49b65cd117d6"
+            ],
+            "index": "pypi",
+            "version": "==2.0"
+        },
         "django-environ": {
             "hashes": [
                 "sha256:6c9d87660142608f63ec7d5ce5564c49b603ea8ff25da595fd6098f6dc82afde",
@@ -1393,36 +1408,36 @@
         },
         "reportlab": {
             "hashes": [
-                "sha256:0fcc951899c1bb6e0fa90996d5ed9d24265c5a8eafabf2303570e079d0290c28",
-                "sha256:234e1790858f1608d2fc8f820fa5660b7838cb14f12dec81e3c1156a4891ee1a",
-                "sha256:23df47e5a4225728a6d0a16b1dbc2674fe8a535603c191ad9d33f8755d1ab08b",
-                "sha256:277e920f1f5aa48531d34a25ba83e4e5a201e15a6a75263d529c8996a84233ae",
-                "sha256:2c52b314f29a40b8ed863190947e556b75a719566d4e2e7d25b8aeb18f60b58c",
-                "sha256:2e38e61d8e32b003a4c50f4bf1593bc5784395a62d180edd7b206f7dfd77836c",
-                "sha256:2f42e2e6177756a8265126fbeb7be58fbc40affd471253c829ab165c13253f2e",
-                "sha256:463f446a96bd0ddaba8ca46747f251868334c119f28bffd42fc0add2b3bd986f",
-                "sha256:4be2e78b900a601028b4ff42c547096cc204a21ac2a9ce7d16768195106ffd12",
-                "sha256:4db5daa83aa5c74fba41c3212549ff62abc84921b9ce848bc04cda728e00ecf0",
-                "sha256:4e4669e49a4cbb323c6a3cb45297535e910d4627f796dba90362e456fb013e44",
-                "sha256:551bed92c44e302ac7d663242cda10bb8e459ccff0178f51d5693f846336961d",
-                "sha256:60995c16fa961a6576a67aaeb7a6657a081dabdea298d4c15ec68423171dcdc6",
-                "sha256:6228323d6a40355c20b4159bc927cb93b9c39537bd39c25b9071eedcf80b4a36",
-                "sha256:62aafd7769fcf36c9910a332ccee002ce4ff850c9b3ff89bbea8d7b78be979c1",
-                "sha256:64bf9f0778477a69563db3ca53db3312b7a65756c60e674de54e7527a0852fa0",
-                "sha256:678667a846ad4181b5a392c59e1ec37e03abc684854d66c7a05df32113a4d337",
-                "sha256:722bc6e77526cbe927f9a65f37b06840e6d99d6938462892558c6cbb90445d4c",
-                "sha256:8c967cf193ebeca8231e3c0c28d94c9d54dd1ee38284785c3a1cbf3aca637fd9",
-                "sha256:95bc72a157559b5963967cf8be17d9185ed64b5c408504b9efbd51ddcf4c145e",
-                "sha256:9b22737cbaff0e7d875bcb61cb593df908513f1b807551c71afc3a9d1fe83aeb",
-                "sha256:a2f26770e8af0d383d586fd95446ee246d0532395c9392463c07047cb89862bb",
-                "sha256:a417205a64cbec93219a8d7e268fe4ba4b7f3e037f7d1ca42f432b4388fb93dd",
-                "sha256:a6856b4118abbc783ce419e50185e69bceb4d49de39d8439f28571d5949fc34c",
-                "sha256:b04381abcb3c14afcef7faababbd620b2a352a2f2765f3bf18deabb2dfc7d617",
-                "sha256:b2348ec5f615d50913c1eaa8c3fc71d4478e4ea0e627950f6fabd70d2a38ff1d",
-                "sha256:f86f13f4e6d8c815c35ec75e3d3a94cf7de12d544b4d038269c8b7c73de6b906",
-                "sha256:fa7761cca303d4dbc2f5c5989b2be4baa4068fa4137a5fdc03eb47bfc1af0a5d"
-            ],
-            "version": "==3.5.11"
+                "sha256:00c4d275b14ccd77316c0e6b5ad12881c70edc97556b1177d90fe366163df786",
+                "sha256:03f968b21c41ff3364665b3f08426233e8255313c158a50f71745e66accd6d90",
+                "sha256:0a6bb96cc4ca7faaa5bcfb599eadd4afe6b90929cdc31e4913be4899f9ae4ac6",
+                "sha256:1857bb48c67b9278d5ada84a9c584f6bd61bb95d4f67d55799e8af9c8a5ef6e2",
+                "sha256:1b52d4d5ba9f5a1e939eed9441ca62a2ef7063a2610d001c70b39760b9d3314c",
+                "sha256:2637ea9a2ca093f10f0fc27ea02a8bdde0faadbeab9205ef1f5bf560510c6d52",
+                "sha256:2d63984f9593e5408cfc3da043cae871ab20006d494d5029a04ec5fa0d3044d6",
+                "sha256:55945d811655c52515067826f4f2a258e472fc34ad995acdc9a5f53910b8ebf6",
+                "sha256:63f1928c47acd9aa81ef75dd29ce74d292e50d77eaf2629ad0c99bbc1d2fa125",
+                "sha256:65a70673bc7d673ca52ee8b1b14e37959b01d45ef43729ed1507b6718351ec47",
+                "sha256:6dd39a260fd8e315f55e5f61c0a4b07994c3cd06d4893aacc9575a0e8804ba12",
+                "sha256:786e0d5b166fcfa1d0044ee411f820c3314b0bbc513985b0adc227118c2db009",
+                "sha256:7e10261065d0f926d9d83fd1f2edb8bec466f3c60b3e927ef40e2262805c069d",
+                "sha256:8474ed2a5d89a1546435294c91ae42fc18a29c3172af4b5f97d43bbf4d0a9018",
+                "sha256:8ce32d0878a38bc1f8b6ee1656f638a7629b2067f9b048787d4ad5fbd409093d",
+                "sha256:8fd604e791367038b673082c6e1d1801ef0998a68b0d436bcc0befc592f99541",
+                "sha256:9c25661f5089863c6976c0525593cdd3f3afb59092fbaa4ea9eb83c4e95a8c3c",
+                "sha256:a5c58f0ca4a4dd74fc8816a5240891614355d909b8c606febfb24375330b2a3b",
+                "sha256:a6b9a411ff87bca1ce33c902c25d25f11ea53d4941ad5d41b070a3eb95843b09",
+                "sha256:c1f0104d0a85d0db9bc98d5fa3679391ef052219b0f3ff0b741d22b0b78deb5f",
+                "sha256:c8f59aaa6989e111b0bfb46daae91c02cc4f5c23ce053fbd82ea6dac1c4c087d",
+                "sha256:cdca0b57cb5efccd946f79470598706fff661190627cb213e6eb7749aaeb02eb",
+                "sha256:d37854d9bce188b336dbf6de598924656d2ff0555dc720d347970ea8df097895",
+                "sha256:d6ab0ff7f2c3cf9ef33c163f5c85e3ebb1ced512d6ef8cdd022617f5951b1385",
+                "sha256:e7a145f376fcf56d0697b028fbd228dd6defe78bdf671a6ec6a8a87a930d8b6c",
+                "sha256:e94bd2457a5030df103d2f1b892d322076cd8c4b8db6c4331382f35431eb4ece",
+                "sha256:ecd7026ec27e6b33513fe53338ca33bd44dce6d8b00f6ec0ab4bfa10614a4503",
+                "sha256:fd697bc9afdad1e05d245da169a8c98f576a5c7b3d835fee76922f3e8b2d0388"
+            ],
+            "version": "==3.5.12"
         },
         "requests": {
             "hashes": [
@@ -1573,6 +1588,20 @@
             ],
             "index": "pypi",
             "version": "==0.2.3"
+        },
+        "xlrd": {
+            "hashes": [
+                "sha256:83a1d2f1091078fb3f65876753b5302c5cfb6a41de64b9587b74cefa75157148",
+                "sha256:8a21885513e6d915fe33a8ee5fdfa675433b61405ba13e2a69e62ee36828d7e2"
+            ],
+            "version": "==1.1.0"
+        },
+        "xlwt": {
+            "hashes": [
+                "sha256:a082260524678ba48a297d922cc385f58278b8aa68741596a87de01a9c628b2e",
+                "sha256:c59912717a9b28f1a3c2a98fd60741014b06b043936dcecbc113eaaada156c88"
+            ],
+            "version": "==1.3.0"
         }
     },
     "develop": {
@@ -1820,11 +1849,11 @@
         },
         "ipython": {
             "hashes": [
-                "sha256:a5781d6934a3341a1f9acb4ea5acdc7ea0a0855e689dbe755d070ca51e995435",
-                "sha256:b10a7ddd03657c761fc503495bc36471c8158e3fc948573fb9fe82a7029d8efd"
+                "sha256:6a9496209b76463f1dec126ab928919aaf1f55b38beb9219af3fe202f6bbdd12",
+                "sha256:f69932b1e806b38a7818d9a1e918e5821b685715040b48e59c657b3c7961b742"
             ],
             "index": "pypi",
-            "version": "==7.1.1"
+            "version": "==7.2.0"
         },
         "ipython-genutils": {
             "hashes": [
diff --git a/src/etools_datamart/apps/etl/admin.py b/src/etools_datamart/apps/etl/admin.py
index 2130f383d..8a5e16022 100644
--- a/src/etools_datamart/apps/etl/admin.py
+++ b/src/etools_datamart/apps/etl/admin.py
@@ -1,6 +1,7 @@
 # -*- coding: utf-8 -*-
 from admin_extra_urls.extras import action, link
 from admin_extra_urls.mixins import _confirm_action
+from adminactions.mass_update import mass_update
 from django.contrib import admin, messages
 from django.contrib.admin import register
 from django.http import HttpResponseRedirect
@@ -27,7 +28,7 @@ class EtlTaskAdmin(TruncateTableMixin, admin.ModelAdmin):
                        'table_name', 'content_type',
                        )
     date_hierarchy = 'last_run'
-    actions = None
+    actions = [mass_update, ]
 
     def scheduling(self, obj):
         opts = PeriodicTask._meta
diff --git a/src/etools_datamart/config/settings.py b/src/etools_datamart/config/settings.py
index 25e761071..314b3478d 100644
--- a/src/etools_datamart/config/settings.py
+++ b/src/etools_datamart/config/settings.py
@@ -14,8 +14,8 @@
                   ETOOLS_DUMP_LOCATION=(str, str(PACKAGE_DIR / 'apps' / 'multitenant' / 'postgresql')),
 
                   CACHE_URL=(str, "redis://127.0.0.1:6379/1"),
-                  # API_CACHE_URL=(str, "redis://127.0.0.1:6379/2"),
-                  API_CACHE_URL=(str, "locmemcache://"),
+                  API_CACHE_URL=(str, "redis://127.0.0.1:6379/2?key_prefix=api"),
+                  TEMPLATE_CACHE_URL=(str, "redis://127.0.0.1:6379/2?key_prefix=template"),
                   # CACHE_URL=(str, "dummycache://"),
                   # API_CACHE_URL=(str, "dummycache://"),
                   ABSOLUTE_BASE_URL=(str, 'http://localhost:8000'),
@@ -189,7 +189,8 @@
 
 CACHES = {
     'default': env.cache(),
-    'api': env.cache('API_CACHE_URL')
+    'api': env.cache('API_CACHE_URL'),
+    'dbtemplates': env.cache('TEMPLATE_CACHE_URL')
 }
 
 ROOT_URLCONF = 'etools_datamart.config.urls'
@@ -206,6 +207,7 @@
             'loaders': [
                 'django.template.loaders.filesystem.Loader',
                 'django.template.loaders.app_directories.Loader',
+                'dbtemplates.loader.Loader',
             ],
             'context_processors': [
                 'django.template.context_processors.debug',
@@ -275,6 +277,7 @@
     'month_field',
     'drf_querystringfilter',
     'crispy_forms',
+    'dbtemplates',
 
     'drf_yasg',
     'adminfilters',
diff --git a/src/unicef_rest_framework/renderers/html.py b/src/unicef_rest_framework/renderers/html.py
index 59627a407..70419b063 100644
--- a/src/unicef_rest_framework/renderers/html.py
+++ b/src/unicef_rest_framework/renderers/html.py
@@ -20,6 +20,7 @@ class HTMLRenderer(BaseRenderer):
     def get_template(self, meta):
         return loader.select_template([
             f'renderers/html/{meta.app_label}/{meta.model_name}.html',
+            f'renderers/html/{meta.app_label}/html.html',
             'renderers/html/html.html'])
 
     def render(self, data, accepted_media_type=None, renderer_context=None):
diff --git a/src/unicef_rest_framework/renderers/pdf.py b/src/unicef_rest_framework/renderers/pdf.py
index 416e61531..4b4727579 100644
--- a/src/unicef_rest_framework/renderers/pdf.py
+++ b/src/unicef_rest_framework/renderers/pdf.py
@@ -48,6 +48,7 @@ class PDFRenderer(HTMLRenderer):
     def get_template(self, meta):
         return loader.select_template([
             f'renderers/pdf/{meta.app_label}/{meta.model_name}.html',
+            f'renderers/pdf/{meta.app_label}/pdf.html',
             'renderers/pdf/pdf.html'])
 
     def render(self, data, accepted_media_type=None, renderer_context=None):

From 07230814ed5a617c1f9cb1ee9e2a0b8e64544d54 Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Sat, 1 Dec 2018 11:21:54 +0100
Subject: [PATCH 04/86] fixes cached (304 HTTP_NOT_MODIFIED) response in some
 renderers

---
 src/etools_datamart/config/settings.py      |  2 +-
 src/unicef_rest_framework/renderers/csv.py  |  3 +++
 src/unicef_rest_framework/renderers/html.py |  3 +++
 src/unicef_rest_framework/renderers/pdf.py  |  3 +++
 src/unicef_rest_framework/renderers/xls.py  |  3 +++
 tests/api/test_api_cache.py                 | 18 ++++++++++++++++++
 6 files changed, 31 insertions(+), 1 deletion(-)

diff --git a/src/etools_datamart/config/settings.py b/src/etools_datamart/config/settings.py
index 314b3478d..72486cebd 100644
--- a/src/etools_datamart/config/settings.py
+++ b/src/etools_datamart/config/settings.py
@@ -207,7 +207,7 @@
             'loaders': [
                 'django.template.loaders.filesystem.Loader',
                 'django.template.loaders.app_directories.Loader',
-                'dbtemplates.loader.Loader',
+                # 'dbtemplates.loader.Loader',
             ],
             'context_processors': [
                 'django.template.context_processors.debug',
diff --git a/src/unicef_rest_framework/renderers/csv.py b/src/unicef_rest_framework/renderers/csv.py
index 73b03479b..33b389775 100644
--- a/src/unicef_rest_framework/renderers/csv.py
+++ b/src/unicef_rest_framework/renderers/csv.py
@@ -9,6 +9,9 @@
 class CSVRenderer(r.CSVRenderer):
 
     def render(self, data, media_type=None, renderer_context=None, writer_opts=None):
+        response = renderer_context['response']
+        if response.status_code != 200:
+            return ''
         try:
             data = dict(data)['results']
             return super().render(data, media_type, renderer_context or {}, writer_opts)
diff --git a/src/unicef_rest_framework/renderers/html.py b/src/unicef_rest_framework/renderers/html.py
index 70419b063..b5d72caa7 100644
--- a/src/unicef_rest_framework/renderers/html.py
+++ b/src/unicef_rest_framework/renderers/html.py
@@ -24,6 +24,9 @@ def get_template(self, meta):
             'renderers/html/html.html'])
 
     def render(self, data, accepted_media_type=None, renderer_context=None):
+        response = renderer_context['response']
+        if response.status_code != 200:
+            return ''
         try:
             model = renderer_context['view'].queryset.model
             opts = model._meta
diff --git a/src/unicef_rest_framework/renderers/pdf.py b/src/unicef_rest_framework/renderers/pdf.py
index 4b4727579..70578d8ab 100644
--- a/src/unicef_rest_framework/renderers/pdf.py
+++ b/src/unicef_rest_framework/renderers/pdf.py
@@ -52,6 +52,9 @@ def get_template(self, meta):
             'renderers/pdf/pdf.html'])
 
     def render(self, data, accepted_media_type=None, renderer_context=None):
+        response = renderer_context['response']
+        if response.status_code != 200:
+            return ''
         try:
             html = super(PDFRenderer, self).render(data, accepted_media_type, renderer_context)
 
diff --git a/src/unicef_rest_framework/renderers/xls.py b/src/unicef_rest_framework/renderers/xls.py
index a70a53918..699f07feb 100644
--- a/src/unicef_rest_framework/renderers/xls.py
+++ b/src/unicef_rest_framework/renderers/xls.py
@@ -9,6 +9,9 @@
 class XLSXRenderer(_XLSXRenderer):
 
     def render(self, data, accepted_media_type=None, renderer_context=None):
+        response = renderer_context['response']
+        if response.status_code != 200:
+            return ''
         try:
             if not data['results']:
                 return ''
diff --git a/tests/api/test_api_cache.py b/tests/api/test_api_cache.py
index 6b6f42272..33aad342f 100644
--- a/tests/api/test_api_cache.py
+++ b/tests/api/test_api_cache.py
@@ -1,4 +1,6 @@
 # -*- coding: utf-8 -*-
+import pytest
+
 from etools_datamart.api.endpoints import PartnerViewSet
 
 
@@ -40,3 +42,19 @@ def test_etag(client, admin_user, data_service, django_assert_num_queries):
     res = client.get(url, HTTP_X_SCHEMA="bolivia", HTTP_IF_NONE_MATCH=etag)
     assert res.status_code == 304
     assert res['etag'] == etag
+
+
+@pytest.mark.parametrize("fmt", ["pdf", "csv", "xlsx", "xhtml", "json", "ms-xml", "xml", "ms-json"])
+def test_cache_renderers(fmt, client, admin_user, data_service, django_assert_num_queries):
+    url = f"{data_service.endpoint}?country_name=bolivia&format={fmt}"
+    client.force_authenticate(admin_user)
+
+    res = client.get(url, HTTP_IF_NONE_MATCH='Not Set')
+    assert res.status_code == 200
+    assert res['cache-version'] == str(data_service.cache_version)
+    assert res['etag']
+
+    etag = res['etag']
+    res = client.get(url, HTTP_X_SCHEMA="bolivia", HTTP_IF_NONE_MATCH=etag)
+    assert res.status_code == 304
+    assert res['etag'] == etag

From 68620d2e34644394f380f778e8049a5f56834392 Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Sat, 1 Dec 2018 14:55:34 +0100
Subject: [PATCH 05/86] updates requirements

---
 CHANGES      |  2 ++
 Pipfile      |  3 +--
 Pipfile.lock | 17 ++---------------
 3 files changed, 5 insertions(+), 17 deletions(-)

diff --git a/CHANGES b/CHANGES
index 61f6cfe2a..ca83efd0a 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,8 @@
 ---------
 * add ability to create 'per model' custom templates for html/pdf renderers
     new `TEMPLATE_CACHE_URL` enironment variable
+* fixes error in some renderers with cached response
+
 
 1.7
 ---
diff --git a/Pipfile b/Pipfile
index 67df73f6d..ce4b72dda 100644
--- a/Pipfile
+++ b/Pipfile
@@ -54,10 +54,9 @@ django-basicauth = "*"
 django-post-office = "*"
 django-celery-email = "*"
 "xhtml2pdf" = "*"
-pisa = "*"
 django-crispy-forms = "*"
 django-adminactions = "*"
-django-dbtemplates = "*"
+django-dbtemplates = {file = "https://github.com/jazzband/django-dbtemplates/archive/2.0.1.tar.gz"}
 
 [dev-packages]
 "flake8" = ">=3.6.0"
diff --git a/Pipfile.lock b/Pipfile.lock
index 7246653d3..abb804866 100644
--- a/Pipfile.lock
+++ b/Pipfile.lock
@@ -1,7 +1,7 @@
 {
     "_meta": {
         "hash": {
-            "sha256": "e7ddab109d76e6e54b7c5fe951f72be61e8d0dfb8788995ffd384a763aa535a9"
+            "sha256": "81eac07ad1f97c779e00281dd19958dd2bb27a51bda821d288bf0d6174b1e6ee"
         },
         "pipfile-spec": 6,
         "requires": {
@@ -865,12 +865,7 @@
             "version": "==0.5.0"
         },
         "django-dbtemplates": {
-            "hashes": [
-                "sha256:9f63208bde2b3395b1adf8dfbf8f405a2cc3b082652faa16d32ecebc0e20d72b",
-                "sha256:d17d01264277c6a744604e1fae52678c238d0695c47f67a6982f49b65cd117d6"
-            ],
-            "index": "pypi",
-            "version": "==2.0"
+            "file": "https://github.com/jazzband/django-dbtemplates/archive/2.0.1.tar.gz"
         },
         "django-environ": {
             "hashes": [
@@ -1258,14 +1253,6 @@
             ],
             "version": "==5.3.0"
         },
-        "pisa": {
-            "hashes": [
-                "sha256:94c4ae0995c84bb0588ece4480486464612ed1526f0987fb1016b9c50e5d3327",
-                "sha256:a7164ac81ab5ea01fbae4f29d2c00183a31142ca30ad527f6ac96635819cbd12"
-            ],
-            "index": "pypi",
-            "version": "==3.0.33"
-        },
         "psutil": {
             "hashes": [
                 "sha256:1c19957883e0b93d081d41687089ad630e370e26dc49fd9df6951d6c891c4736",

From bc3d8a41b830ba627063c995005ff7374bee2711 Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Sat, 1 Dec 2018 15:14:26 +0100
Subject: [PATCH 06/86] minor css/style

---
 src/etools_datamart/apps/web/static/style.css | 26 +++++++--
 .../apps/web/static/style.css.map             |  2 +-
 .../apps/web/static/style.scss                | 58 +++++++++++++------
 .../apps/web/templates/index.html             | 11 +++-
 4 files changed, 71 insertions(+), 26 deletions(-)

diff --git a/src/etools_datamart/apps/web/static/style.css b/src/etools_datamart/apps/web/static/style.css
index feeacaa12..a07198c6c 100644
--- a/src/etools_datamart/apps/web/static/style.css
+++ b/src/etools_datamart/apps/web/static/style.css
@@ -57,12 +57,26 @@ body, html {
     text-align: center; }
   .right h2 {
     font-size: 14pt; }
-  .right ul {
-    padding: 20px 0 0 65px;
-    list-style: none;
-    font-size: 18pt; }
-  .right a {
-    color: #2090F8; }
+
+ul.index-menu {
+  padding: 20px 0 0 65px;
+  list-style: none;
+  font-size: 18pt; }
+  ul.index-menu a {
+    color: #2090F8;
+    text-transform: none;
+    text-decoration: none; }
+  ul.index-menu li.menu-sep {
+    width: 100%;
+    font-size: 2px; }
+
+.h10 {
+  display: block;
+  height: 10px; }
+
+.h30 {
+  display: block;
+  height: 30px; }
 
 /* [ login more ]*/
 .left {
diff --git a/src/etools_datamart/apps/web/static/style.css.map b/src/etools_datamart/apps/web/static/style.css.map
index 16c09e0aa..4fd629469 100644
--- a/src/etools_datamart/apps/web/static/style.css.map
+++ b/src/etools_datamart/apps/web/static/style.css.map
@@ -1,6 +1,6 @@
 {
 "version": 3,
-"mappings": "AACA,CAAE;EACA,MAAM,EAAE,GAAG;EACX,OAAO,EAAE,GAAG;EACZ,UAAU,EAAE,UAAU;;AAGxB,UAAW;EACT,MAAM,EAAE,GAAG;EACX,WAAW,EAAE,sDAAsD;EACnE,cAAE;IACA,KAAK,EAAE,KAAK;IACZ,0BAAQ;MACN,KAAK,EAAE,KAAK;EAIhB,4BAAS;IACP,KAAK,EAAE,KAAK;;AAIhB,QAAS;EACP,KAAK,EAAE,IAAI;EACX,MAAM,EAAE,MAAM;;AAGhB,iBAAkB;EAChB,KAAK,EAAE,IAAI;EACX,UAAU,EAAE,IAAI;EAChB,OAAO,EAAE,WAAW;EACpB,OAAO,EAAE,YAAY;EACrB,OAAO,EAAE,QAAQ;EACjB,OAAO,EAAE,WAAW;EACpB,OAAO,EAAE,IAAI;EACb,SAAS,EAAE,IAAI;EACf,eAAe,EAAE,MAAM;EACvB,WAAW,EAAE,MAAM;EACnB,OAAO,EAAE,IAAI;;AAGf,IAAK;EACH,KAAK,EAAE,MAAM;EACb,UAAU,EAAE,IAAI;EAChB,QAAQ,EAAE,MAAM;EAChB,OAAO,EAAE,WAAW;EACpB,OAAO,EAAE,YAAY;EACrB,OAAO,EAAE,QAAQ;EACjB,OAAO,EAAE,WAAW;EACpB,OAAO,EAAE,IAAI;EACb,SAAS,EAAE,IAAI;EACf,WAAW,EAAE,OAAO;EACpB,cAAc,EAAE,WAAW;;AAG7B,MAAO;EACL,KAAK,EAAE,GAAG;EAMV,SAAS,EAAE,IAAI;EACf,WAAK;IACH,OAAO,EAAE,cAAc;EAEzB,cAAQ;IACN,KAAK,EAAE,IAAI;IACX,UAAU,EAAE,MAAM;EAGpB,SAAG;IACD,KAAK,EAAE,IAAI;IACX,SAAS,EAAE,IAAI;IACf,UAAU,EAAE,MAAM;EAEpB,SAAG;IACD,SAAS,EAAE,IAAI;EAOjB,SAAG;IACD,OAAO,EAAE,aAAa;IACtB,UAAU,EAAE,IAAI;IAChB,SAAS,EAAE,IAAI;EAEjB,QAAE;IACA,KAAK,EAAE,OAAO;;AAKlB,mBAAmB;AAEnB,KAAM;EACJ,KAAK,EAAE,GAAG;EACV,iBAAiB,EAAE,SAAS;EAC5B,eAAe,EAAE,KAAK;EACtB,mBAAmB,EAAE,MAAM;EAC3B,QAAQ,EAAE,QAAQ;EAClB,OAAO,EAAE,CAAC;;AAaZ,OAAQ;EACN,aAAa,EAAE,IAAI;;AAGrB,cAAe;EACb,KAAK,EAAE,IAAI;EACX,QAAQ,EAAE,QAAQ;EAClB,MAAM,EAAE,iBAAiB;;AAG3B,SAAU;EACR,OAAO,EAAE,KAAK;EACd,KAAK,EAAE,IAAI;EACX,UAAU,EAAE,WAAW;EACvB,SAAS,EAAE,IAAI;EACf,KAAK,EAAE,OAAO;EACd,WAAW,EAAE,GAAG;EAChB,OAAO,EAAE,MAAM;;AAGjB,cAAe;EACb,MAAM,EAAE,IAAI;;AAGd,cAAc;AACd,4BAA6B;EAC3B,KAAK,EAAE,IAAI;EACX,OAAO,EAAE,WAAW;EACpB,OAAO,EAAE,YAAY;EACrB,OAAO,EAAE,QAAQ;EACjB,OAAO,EAAE,WAAW;EACpB,OAAO,EAAE,IAAI;EACb,SAAS,EAAE,IAAI;EACf,eAAe,EAAE,MAAM;;AAGzB,kBAAmB;EACjB,OAAO,EAAE,WAAW;EACpB,OAAO,EAAE,YAAY;EACrB,OAAO,EAAE,QAAQ;EACjB,OAAO,EAAE,WAAW;EACpB,OAAO,EAAE,IAAI;EACb,eAAe,EAAE,MAAM;EACvB,WAAW,EAAE,MAAM;EACnB,OAAO,EAAE,MAAM;EACf,KAAK,EAAE,IAAI;EACX,MAAM,EAAE,IAAI;EACZ,aAAa,EAAE,GAAG;EAClB,UAAU,EAAE,OAAO;EAEnB,SAAS,EAAE,IAAI;EACf,KAAK,EAAE,IAAI;EACX,WAAW,EAAE,GAAG;EAChB,cAAc,EAAE,SAAS;EACzB,cAAc,EAAE,GAAG;EAEnB,kBAAkB,EAAE,QAAQ;EAC5B,aAAa,EAAE,QAAQ;EACvB,eAAe,EAAE,QAAQ;EACzB,UAAU,EAAE,QAAQ;;AAGtB,wBAAyB;EACvB,UAAU,EAAE,OAAO;;AAGrB,mBAAmB;AAyCnB,OAAQ;EACN,UAAU,EAAE,IAAI;EAChB,UAAU,EAAE,OAAO;EACnB,KAAK,EAAE,KAAK;EAEZ,sBAAe;IACb,KAAK,EAAE,KAAK;;AAGhB,QAAS;EACN,qBAAqB,EAAE,IAAI;EAC3B,kBAAkB,EAAE,IAAI;EACxB,aAAa,EAAE,IAAI;;AAIpB,iBAAS;EACP,OAAO,EAAE,IAAI;EACb,mBAAE;IAIA,cAAc,EAAE,IAAI;IACpB,KAAK,EAAE,OAAO;IAJd,2BAAU;MACR,cAAc,EAAE,IAAI;AAM1B,iBAAS;EACP,KAAK,EAAE,IAAI;EACX,OAAO,EAAE,IAAI;EACb,0BAAS;IACP,KAAK,EAAE,OAAO;IACd,WAAW,EAAE,IAAI;EAEnB,sBAAK;IACH,KAAK,EAAE,IAAI;IACX,OAAO,EAAE,GAAG;IACZ,6BAAQ;MACN,WAAW,EAAE,IAAI;IAEnB,0BAAK;MACH,gBAAgB,EAAE,OAAO;EAO7B,sBAAK;IACH,OAAO,EAAE,YAAY;IACrB,2BAAO;MACL,KAAK,EAAE,GAAG;IAEZ,+BAAU;MACR,KAAK,EAAE,KAAK;IAEd,mCAAe;MACb,KAAK,EAAE,KAAK;IAEd,6BAAS;MACP,KAAK,EAAE,KAAK;IAEd,mCAAe;MACb,KAAK,EAAE,KAAK",
+"mappings": "AACA,CAAE;EACA,MAAM,EAAE,GAAG;EACX,OAAO,EAAE,GAAG;EACZ,UAAU,EAAE,UAAU;;AAGxB,UAAW;EACT,MAAM,EAAE,GAAG;EACX,WAAW,EAAE,sDAAsD;EACnE,cAAE;IACA,KAAK,EAAE,KAAK;IACZ,0BAAQ;MACN,KAAK,EAAE,KAAK;EAIhB,4BAAS;IACP,KAAK,EAAE,KAAK;;AAIhB,QAAS;EACP,KAAK,EAAE,IAAI;EACX,MAAM,EAAE,MAAM;;AAGhB,iBAAkB;EAChB,KAAK,EAAE,IAAI;EACX,UAAU,EAAE,IAAI;EAChB,OAAO,EAAE,WAAW;EACpB,OAAO,EAAE,YAAY;EACrB,OAAO,EAAE,QAAQ;EACjB,OAAO,EAAE,WAAW;EACpB,OAAO,EAAE,IAAI;EACb,SAAS,EAAE,IAAI;EACf,eAAe,EAAE,MAAM;EACvB,WAAW,EAAE,MAAM;EACnB,OAAO,EAAE,IAAI;;AAGf,IAAK;EACH,KAAK,EAAE,MAAM;EACb,UAAU,EAAE,IAAI;EAChB,QAAQ,EAAE,MAAM;EAChB,OAAO,EAAE,WAAW;EACpB,OAAO,EAAE,YAAY;EACrB,OAAO,EAAE,QAAQ;EACjB,OAAO,EAAE,WAAW;EACpB,OAAO,EAAE,IAAI;EACb,SAAS,EAAE,IAAI;EACf,WAAW,EAAE,OAAO;EACpB,cAAc,EAAE,WAAW;;AAG7B,MAAO;EACL,KAAK,EAAE,GAAG;EAMV,SAAS,EAAE,IAAI;EACf,WAAK;IACH,OAAO,EAAE,cAAc;EAEzB,cAAQ;IACN,KAAK,EAAE,IAAI;IACX,UAAU,EAAE,MAAM;EAGpB,SAAG;IACD,KAAK,EAAE,IAAI;IACX,SAAS,EAAE,IAAI;IACf,UAAU,EAAE,MAAM;EAEpB,SAAG;IACD,SAAS,EAAE,IAAI;;AAInB,aAAc;EACZ,OAAO,EAAE,aAAa;EACtB,UAAU,EAAE,IAAI;EAChB,SAAS,EAAE,IAAI;EACf,eAAE;IACA,KAAK,EAAE,OAAO;IACd,cAAc,EAAE,IAAI;IACpB,eAAe,EAAE,IAAI;EAEvB,yBAAY;IACV,KAAK,EAAE,IAAI;IACX,SAAS,EAAE,GAAG;;AAKlB,IAAK;EACH,OAAO,EAAE,KAAK;EACd,MAAM,EAAE,IAAI;;AAGd,IAAK;EACH,OAAO,EAAE,KAAK;EACd,MAAM,EAAE,IAAI;;AAcd,mBAAmB;AAEnB,KAAM;EACJ,KAAK,EAAE,GAAG;EACV,iBAAiB,EAAE,SAAS;EAC5B,eAAe,EAAE,KAAK;EACtB,mBAAmB,EAAE,MAAM;EAC3B,QAAQ,EAAE,QAAQ;EAClB,OAAO,EAAE,CAAC;;AAaZ,OAAQ;EACN,aAAa,EAAE,IAAI;;AAGrB,cAAe;EACb,KAAK,EAAE,IAAI;EACX,QAAQ,EAAE,QAAQ;EAClB,MAAM,EAAE,iBAAiB;;AAG3B,SAAU;EACR,OAAO,EAAE,KAAK;EACd,KAAK,EAAE,IAAI;EACX,UAAU,EAAE,WAAW;EACvB,SAAS,EAAE,IAAI;EACf,KAAK,EAAE,OAAO;EACd,WAAW,EAAE,GAAG;EAChB,OAAO,EAAE,MAAM;;AAGjB,cAAe;EACb,MAAM,EAAE,IAAI;;AAGd,cAAc;AACd,4BAA6B;EAC3B,KAAK,EAAE,IAAI;EACX,OAAO,EAAE,WAAW;EACpB,OAAO,EAAE,YAAY;EACrB,OAAO,EAAE,QAAQ;EACjB,OAAO,EAAE,WAAW;EACpB,OAAO,EAAE,IAAI;EACb,SAAS,EAAE,IAAI;EACf,eAAe,EAAE,MAAM;;AAGzB,kBAAmB;EACjB,OAAO,EAAE,WAAW;EACpB,OAAO,EAAE,YAAY;EACrB,OAAO,EAAE,QAAQ;EACjB,OAAO,EAAE,WAAW;EACpB,OAAO,EAAE,IAAI;EACb,eAAe,EAAE,MAAM;EACvB,WAAW,EAAE,MAAM;EACnB,OAAO,EAAE,MAAM;EACf,KAAK,EAAE,IAAI;EACX,MAAM,EAAE,IAAI;EACZ,aAAa,EAAE,GAAG;EAClB,UAAU,EAAE,OAAO;EAEnB,SAAS,EAAE,IAAI;EACf,KAAK,EAAE,IAAI;EACX,WAAW,EAAE,GAAG;EAChB,cAAc,EAAE,SAAS;EACzB,cAAc,EAAE,GAAG;EAEnB,kBAAkB,EAAE,QAAQ;EAC5B,aAAa,EAAE,QAAQ;EACvB,eAAe,EAAE,QAAQ;EACzB,UAAU,EAAE,QAAQ;;AAGtB,wBAAyB;EACvB,UAAU,EAAE,OAAO;;AAGrB,mBAAmB;AAyCnB,OAAQ;EACN,UAAU,EAAE,IAAI;EAChB,UAAU,EAAE,OAAO;EACnB,KAAK,EAAE,KAAK;EAEZ,sBAAe;IACb,KAAK,EAAE,KAAK;;AAIhB,QAAS;EACP,qBAAqB,EAAE,IAAI;EAC3B,kBAAkB,EAAE,IAAI;EACxB,aAAa,EAAE,IAAI;;AAInB,iBAAS;EACP,OAAO,EAAE,IAAI;EACb,mBAAE;IAIA,cAAc,EAAE,IAAI;IACpB,KAAK,EAAE,OAAO;IAJd,2BAAU;MACR,cAAc,EAAE,IAAI;AAM1B,iBAAS;EACP,KAAK,EAAE,IAAI;EACX,OAAO,EAAE,IAAI;EACb,0BAAS;IACP,KAAK,EAAE,OAAO;IACd,WAAW,EAAE,IAAI;EAEnB,sBAAK;IACH,KAAK,EAAE,IAAI;IACX,OAAO,EAAE,GAAG;IACZ,6BAAS;MACP,WAAW,EAAE,IAAI;IAEnB,0BAAM;MACJ,gBAAgB,EAAE,OAAO;EAO7B,sBAAK;IACH,OAAO,EAAE,YAAY;IACrB,2BAAO;MACL,KAAK,EAAE,GAAG;IAEZ,+BAAW;MACT,KAAK,EAAE,KAAK;IAEd,mCAAe;MACb,KAAK,EAAE,KAAK;IAEd,6BAAS;MACP,KAAK,EAAE,KAAK;IAEd,mCAAe;MACb,KAAK,EAAE,KAAK",
 "sources": ["style.scss"],
 "names": [],
 "file": "style.css"
diff --git a/src/etools_datamart/apps/web/static/style.scss b/src/etools_datamart/apps/web/static/style.scss
index 3ac8fdc1e..d17e4eee7 100644
--- a/src/etools_datamart/apps/web/static/style.scss
+++ b/src/etools_datamart/apps/web/static/style.scss
@@ -77,22 +77,45 @@ body, html {
   h2 {
     font-size: 14pt;
   }
-  //h1 {
-  //  width: 100%;
-  //  font-size: 24pt;
-  //  text-align: center;
-  //}
-  ul {
-    padding: 20px 0 0 65px;
-    list-style: none;
-    font-size: 18pt;
-  }
+}
+
+ul.index-menu {
+  padding: 20px 0 0 65px;
+  list-style: none;
+  font-size: 18pt;
   a {
     color: #2090F8;
+    text-transform: none;
+    text-decoration: none;
   }
+  li.menu-sep {
+    width: 100%;
+    font-size: 2px;
+    //border: 1px solid black;
+  }
+}
+
+.h10 {
+  display: block;
+  height: 10px;
+}
 
+.h30 {
+  display: block;
+  height: 30px;
 }
 
+//.pad4 {
+//  padding: 4px;
+//}
+//
+//.pad6 {
+//  padding: 6px;
+//}
+//.pad10 {
+//  padding: 10px;
+//}
+
 /* [ login more ]*/
 
 .left {
@@ -230,10 +253,11 @@ input.input100 {
     color: white;
   }
 }
+
 .rounded {
-   -webkit-border-radius: 20px;
-   -moz-border-radius: 20px;
-   border-radius: 20px;
+  -webkit-border-radius: 20px;
+  -moz-border-radius: 20px;
+  border-radius: 20px;
 }
 
 .monitor {
@@ -257,13 +281,13 @@ input.input100 {
     .row {
       width: 100%;
       padding: 5px;
-      &.header{
+      &.header {
         font-weight: bold;
       }
-      &.odd{
+      &.odd {
         background-color: #eeeeee;
       }
-      &.even{
+      &.even {
 
       }
     }
@@ -273,7 +297,7 @@ input.input100 {
       &.task {
         width: 30%;
       }
-      &.last_run{
+      &.last_run {
         width: 200px;
       }
       &.last_changes {
diff --git a/src/etools_datamart/apps/web/templates/index.html b/src/etools_datamart/apps/web/templates/index.html
index a0be8b868..3ac0bbbfa 100644
--- a/src/etools_datamart/apps/web/templates/index.html
+++ b/src/etools_datamart/apps/web/templates/index.html
@@ -1,9 +1,11 @@
 {% extends 'base.html' %}{% load static datamart %}
 {% block right %}
     <h1>eTools Datamart</h1>
-    <ul>
+    <ul class="index-menu">
         {% if request.user.is_anonymous %}
             <li><a href="{% url "api:api-root" version="latest" %}">API (needs token)</a></li>
+            <li class="menu-sep h30">&nbsp;</li>
+            <li class="menu-sep h30">&nbsp;</li>
             <li><a href="{% url "login" %}">Login</a></li>
         {% else %}
             <li><a href="{% url "api:api-root" version="latest" %}">API</a></li>
@@ -11,12 +13,17 @@ <h1>eTools Datamart</h1>
             <li><a href="{% url "api:schema-swagger-ui" %}">Swagger</a></li>
             <li><a href="{% url "monitor" %}">Monitor</a></li>
             {% if request.user.is_staff %}
+                <li class="menu-sep h10">&nbsp;</li>
                 <li><a href="{% url "admin:index" %}">Admin</a></li>
             {% endif %}
             {% if request.user.is_superuser %}
+                <li class="menu-sep h10">&nbsp;</li>
+                <li><a href="/flower">Flower</a></li>
+                <li><a href="/rabbitmq">RabbitMQ</a></li>
                 <li><a href="{% url "sys-info" %}">System Info</a></li>
             {% endif %}
-            <div>&nbsp;</div>
+            <li class="menu-sep h30">&nbsp;</li>
+            <li class="menu-sep h30">&nbsp;</li>
             <li><a href="{% url "logout" %}">Logout</a></li>
             <li><a href="{% url "disconnect" %}">Disconnect</a></li>
 

From 24324ccd56951e0851d54ab90533c2c50e39825c Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Mon, 3 Dec 2018 22:35:55 +0100
Subject: [PATCH 07/86] bug fixing

---
 CHANGES                                       |   1 +
 Makefile                                      |  17 +--
 src/etools_datamart/api/endpoints/common.py   |  12 +-
 .../api/endpoints/datamart/pmpindicators.py   |   2 +-
 .../api/endpoints/system/__init__.py          |   2 +-
 .../api/endpoints/system/task_log.py          |   2 +-
 src/etools_datamart/api/urls.py               |   2 +-
 src/etools_datamart/apps/data/admin.py        |   1 +
 src/etools_datamart/apps/etl/admin.py         |  39 +++---
 src/etools_datamart/apps/etl/lock.py          |   8 +-
 src/etools_datamart/apps/etl/models.py        |   9 +-
 src/etools_datamart/apps/etl/results.py       |   2 +-
 src/etools_datamart/apps/etl/tasks/etl.py     |   6 +-
 .../multitenant/postgresql/public.sqldump     | Bin 4048686 -> 4047913 bytes
 .../apps/multitenant/postgresql/tenant.sql    |   2 +-
 src/etools_datamart/celery.py                 |  45 +++++--
 src/etools_datamart/config/settings.py        |   1 +
 src/unicef_rest_framework/models/service.py   |   3 +-
 src/unicef_rest_framework/renderers/csv.py    |   5 +-
 src/unicef_rest_framework/renderers/html.py   |  10 +-
 src/unicef_rest_framework/renderers/pdf.py    |   2 +-
 src/unicef_rest_framework/renderers/xls.py    |   6 +-
 src/unicef_rest_framework/views.py            |   3 +
 tests/_test_lib/test_utilities/factories.py   |   2 +-
 tests/api/test_api_cache.py                   |   2 +-
 tests/api/test_api_data.py                    | 117 ++++++++++++------
 tests/etl/test_etl_tasklog.py                 |   8 ++
 tests/test_subscription.py                    |   6 +-
 tests/unicef_security/test_azure.py           |  10 +-
 .../vcr_cassettes/test_user_data.yml          |  53 ++++++--
 30 files changed, 258 insertions(+), 120 deletions(-)

diff --git a/CHANGES b/CHANGES
index ca83efd0a..33022d661 100644
--- a/CHANGES
+++ b/CHANGES
@@ -3,6 +3,7 @@
 * add ability to create 'per model' custom templates for html/pdf renderers
     new `TEMPLATE_CACHE_URL` enironment variable
 * fixes error in some renderers with cached response
+* Adopting of RabbitMQ to prevent message loss
 
 
 1.7
diff --git a/Makefile b/Makefile
index ddf55f8bd..2acaf02f7 100644
--- a/Makefile
+++ b/Makefile
@@ -59,14 +59,17 @@ urf:
 	pipenv run pytest tests/urf --cov-config tests/urf/.coveragerc
 
 
-demo:
+stack:
 	PYTHONPATH=./src pipenv run celery worker -A etools_datamart --loglevel=DEBUG --concurrency=4 --purge --pidfile celery.pid &
 	PYTHONPATH=./src pipenv run celery beat -A etools_datamart.celery --loglevel=DEBUG --pidfile beat.pid &
+#	PYTHONPATH=./src pipenv run gunicorn -b 0.0.0.0:8000 etools_datamart.config.wsgi --pid gunicorn.pid &
+	pipenv run docker run  -d -p 5555:5555 -e CELERY_BROKER_URL=${CELERY_BROKER_URL} --name datamart-flower --rm saxix/flower
+
+demo: stack
 	PYTHONPATH=./src pipenv run gunicorn -b 0.0.0.0:8000 etools_datamart.config.wsgi --pid gunicorn.pid &
-	pipenv run docker run  -d -p 5555:5555 -e CELERY_BROKER_URL=$CELERY_BROKER_URL --name datamart-flower --rm saxix/flower
 
-stop-demo:
-	- kill `cat gunicorn.pid`
-	- kill `cat beat.pid`
-	- kill `cat celery.pid`
-	- docker stop datamart-flower
+demo-stop:
+	-kill `cat gunicorn.pid`
+	-kill `cat beat.pid`
+	-kill `cat celery.pid`
+	-docker stop datamart-flower
diff --git a/src/etools_datamart/api/endpoints/common.py b/src/etools_datamart/api/endpoints/common.py
index 253e2e8e4..b29796e95 100644
--- a/src/etools_datamart/api/endpoints/common.py
+++ b/src/etools_datamart/api/endpoints/common.py
@@ -51,8 +51,12 @@ class UpdatesMixin:
     def updates(self, request, version):
         """ Returns only records changed from last ETL task"""
         task = EtlTask.objects.get_for_model(self.queryset.model)
-        offset = task.last_changes.strftime('%Y-%m-%d %H:%M')
-        queryset = self.queryset.filter(last_modify_date__gte=offset)
+        if task.last_changes:
+            offset = task.last_changes.strftime('%Y-%m-%d %H:%M')
+            queryset = self.queryset.filter(last_modify_date__gte=offset)
+        else:
+            offset = 'none'
+            queryset = self.queryset.all()
 
         serializer = self.get_serializer(queryset, many=True)
         return Response(serializer.data,
@@ -79,7 +83,9 @@ def get_schema_fields(self):
         return ret
 
     def drf_ignore_filter(self, request, field):
-        return field in ['+serializer', 'cursor', '+fields',
+        return field in [self.serializer_field_param,
+                         self.dynamic_fields_param,
+                         'cursor',
                          'ordering', 'page_size', 'format', ]
 
     def handle_exception(self, exc):
diff --git a/src/etools_datamart/api/endpoints/datamart/pmpindicators.py b/src/etools_datamart/api/endpoints/datamart/pmpindicators.py
index 3289b3ec4..19e84c7dc 100644
--- a/src/etools_datamart/api/endpoints/datamart/pmpindicators.py
+++ b/src/etools_datamart/api/endpoints/datamart/pmpindicators.py
@@ -13,4 +13,4 @@ class PMPIndicatorsViewSet(common.DataMartViewSet):
     queryset = models.PMPIndicators.objects.all()
     filter_fields = ('country_name', 'business_area_code', 'vendor_number',
                      'partner_name', 'partner_type', 'last_modify_date',
-                     'pd_ssfa_ref', )
+                     'cash_contribution', 'pd_ssfa_status', 'pd_ssfa_ref', )
diff --git a/src/etools_datamart/api/endpoints/system/__init__.py b/src/etools_datamart/api/endpoints/system/__init__.py
index f4b1a17ab..cfa7965eb 100644
--- a/src/etools_datamart/api/endpoints/system/__init__.py
+++ b/src/etools_datamart/api/endpoints/system/__init__.py
@@ -1,2 +1,2 @@
 # -*- coding: utf-8 -*-
-from .task_log import TaskLogViewSet  # noqa
+from .task_log import MonitorViewSet  # noqa
diff --git a/src/etools_datamart/api/endpoints/system/task_log.py b/src/etools_datamart/api/endpoints/system/task_log.py
index 25306b949..87baac819 100644
--- a/src/etools_datamart/api/endpoints/system/task_log.py
+++ b/src/etools_datamart/api/endpoints/system/task_log.py
@@ -5,7 +5,7 @@
 from .. import common
 
 
-class TaskLogViewSet(common.APIReadOnlyModelViewSet):
+class MonitorViewSet(common.APIReadOnlyModelViewSet):
     """
 
     """
diff --git a/src/etools_datamart/api/urls.py b/src/etools_datamart/api/urls.py
index 2a2a498dc..c72b02955 100644
--- a/src/etools_datamart/api/urls.py
+++ b/src/etools_datamart/api/urls.py
@@ -32,7 +32,7 @@ class ReadOnlyRouter(APIReadOnlyRouter):
 router.register(r'datamart/user-stats', endpoints.UserStatsViewSet)
 router.register(r'datamart/hact', endpoints.HACTViewSet)
 
-router.register(r'system/tasks-log', endpoints.TaskLogViewSet)
+router.register(r'system/monitor', endpoints.MonitorViewSet)
 
 # urlpatterns = router.urls
 
diff --git a/src/etools_datamart/apps/data/admin.py b/src/etools_datamart/apps/data/admin.py
index 445a83e74..6cc15b9ce 100644
--- a/src/etools_datamart/apps/data/admin.py
+++ b/src/etools_datamart/apps/data/admin.py
@@ -112,6 +112,7 @@ class PMPIndicatorsAdmin(DataModelAdmin, TruncateTableMixin):
     list_display = ('country_name', 'partner_name', 'partner_type', 'business_area_code')
     list_filter = (SchemaFilter,
                    ('partner_type', AllValuesComboFilter),
+                   ('pd_ssfa_status', AllValuesComboFilter),
                    )
     search_fields = ('partner_name',)
     date_hierarchy = 'pd_ssfa_creation_date'
diff --git a/src/etools_datamart/apps/etl/admin.py b/src/etools_datamart/apps/etl/admin.py
index 8a5e16022..e455c68c8 100644
--- a/src/etools_datamart/apps/etl/admin.py
+++ b/src/etools_datamart/apps/etl/admin.py
@@ -2,6 +2,7 @@
 from admin_extra_urls.extras import action, link
 from admin_extra_urls.mixins import _confirm_action
 from adminactions.mass_update import mass_update
+from crashlog.middleware import process_exception
 from django.contrib import admin, messages
 from django.contrib.admin import register
 from django.http import HttpResponseRedirect
@@ -20,13 +21,15 @@
 @register(models.EtlTask)
 class EtlTaskAdmin(TruncateTableMixin, admin.ModelAdmin):
     list_display = ('task', 'last_run', 'status', 'time',
-                    'last_success', 'last_failure', 'lock', 'scheduling', 'queue_task')
-
-    readonly_fields = ('task', 'last_run',
-                       'last_success', 'last_failure', 'last_changes',
-                       'results', 'elapsed', 'time', 'status',
-                       'table_name', 'content_type',
-                       )
+                    'last_success', 'last_failure', 'locked', 'scheduling',
+                    'unlock_task',
+                    'queue_task')
+
+    # readonly_fields = ('task', 'last_run',
+    #                    'last_success', 'last_failure', 'last_changes',
+    #                    'results', 'elapsed', 'time', 'status',
+    #                    'table_name', 'content_type',
+    #                    )
     date_hierarchy = 'last_run'
     actions = [mass_update, ]
 
@@ -52,6 +55,14 @@ def queue_task(self, obj):
 
     queue_task.verbse_name = 'queue'
 
+    def unlock_task(self, obj):
+        opts = self.model._meta
+        url = reverse('admin:%s_%s_unlock' % (opts.app_label,
+                                              opts.model_name), args=[obj.id])
+        return format_html(f'<a href="{url}">unlock</a>')
+
+    queue_task.verbse_name = 'unlock'
+
     def has_add_permission(self, request):
         return False
 
@@ -61,10 +72,10 @@ def has_delete_permission(self, request, obj=None):
     def time(self, obj):
         return naturaldelta(obj.elapsed)
 
-    def lock(self, obj):
-        return f"{obj.task}-lock" in cache
+    def locked(self, obj):
+        return obj.lock_key not in cache
 
-    lock.boolean = True
+    locked.boolean = True
 
     def changeform_view(self, request, object_id=None, form_url='', extra_context=None):
         if request.method == 'POST':
@@ -77,22 +88,22 @@ def changeform_view(self, request, object_id=None, form_url='', extra_context=No
     def queue(self, request, pk):
         obj = self.get_object(request, pk)
         try:
-            task = app.tasks[obj.task]
+            task = app.tasks.get(obj.task)
             task.delay()
             self.message_user(request, f"Task '{obj.task}' queued", messages.SUCCESS)
         except Exception as e:  # pragma: no cover
+            process_exception(e)
             self.message_user(request, f"Cannot queue '{obj.task}': {e}", messages.ERROR)
         return HttpResponseRedirect(reverse("admin:etl_etltask_changelist"))
 
     @action()
     def unlock(self, request, pk):
         obj = self.get_object(request, pk)
-        key = f"{obj.task}-lock"
 
         def _action(request):
-            cache.delete(key)
+            cache.delete(obj.lock_key)
 
-        return _confirm_action(self, request, _action, f"Continuing will unlock selected task. ({key})",
+        return _confirm_action(self, request, _action, f"Continuing will unlock selected task. ({obj.task})",
                                "Successfully executed", )
 
     @link()
diff --git a/src/etools_datamart/apps/etl/lock.py b/src/etools_datamart/apps/etl/lock.py
index 9f09dbafd..964e62ea3 100644
--- a/src/etools_datamart/apps/etl/lock.py
+++ b/src/etools_datamart/apps/etl/lock.py
@@ -5,7 +5,7 @@
 from django.core.cache import caches
 from redis.exceptions import LockError
 
-cache = caches['default']
+cache = caches['lock']
 
 logger = logging.getLogger(__name__)
 
@@ -16,7 +16,7 @@ class TaskExecutionOverlap(Exception):
     pass
 
 
-def only_one(function=None, key="", timeout=None):
+def only_one(function, key, timeout=None):
     """Enforce only one celery task at a time."""
 
     def _unlock(key):
@@ -40,8 +40,7 @@ def _caller(*args, **kwargs):
                 have_lock = lock.acquire(blocking=False)
                 if have_lock:
                     ret_value = run_func(*args, **kwargs)
-                # else:
-                #     raise TaskExecutionOverlap(key)
+
             finally:
                 if have_lock:
                     try:
@@ -52,5 +51,6 @@ def _caller(*args, **kwargs):
             return ret_value
 
         return _caller
+
     function.unlock = partial(_unlock, key)
     return _dec(function) if function is not None else _dec
diff --git a/src/etools_datamart/apps/etl/models.py b/src/etools_datamart/apps/etl/models.py
index c950d129e..afd0dbebd 100644
--- a/src/etools_datamart/apps/etl/models.py
+++ b/src/etools_datamart/apps/etl/models.py
@@ -11,7 +11,10 @@
 
 class TaskLogManager(models.Manager):
     def get_for_model(self, model: DataMartModel):
-        return self.get(content_type=ContentType.objects.get_for_model(model))
+        try:
+            return self.get(content_type=ContentType.objects.get_for_model(model))
+        except EtlTask.DoesNotExist:
+            raise EtlTask.DoesNotExist(f"EtlTask for model '{model.__name__}' does not exists")
 
     def get_for_task(self, task: ETLTask):
         return self.get_or_create(task=task.name,
@@ -56,6 +59,10 @@ class Meta:
     def __str__(self):
         return f"{self.task} {self.status}"
 
+    @cached_property
+    def lock_key(self):
+        return f"{self.task}-lock"
+
     @cached_property
     def verbose_name(self):
         return self.content_type.model_class()._meta.verbose_name
diff --git a/src/etools_datamart/apps/etl/results.py b/src/etools_datamart/apps/etl/results.py
index 5a4c8a11f..53ed5b34c 100644
--- a/src/etools_datamart/apps/etl/results.py
+++ b/src/etools_datamart/apps/etl/results.py
@@ -8,7 +8,7 @@
 class EtlResult:
     __slots__ = [CREATED, UPDATED, UNCHANGED]
 
-    def __init__(self, updated=0, created=0, unchanged=0):
+    def __init__(self, updated=0, created=0, unchanged=0, **kwargs):
         self.created = created
         self.updated = updated
         self.unchanged = unchanged
diff --git a/src/etools_datamart/apps/etl/tasks/etl.py b/src/etools_datamart/apps/etl/tasks/etl.py
index d45bdc0fc..bc0733078 100644
--- a/src/etools_datamart/apps/etl/tasks/etl.py
+++ b/src/etools_datamart/apps/etl/tasks/etl.py
@@ -47,7 +47,7 @@ def process(Model, filters, values):
             else:
                 op = UNCHANGED
         return op
-    except Exception as e:
+    except Exception as e:  # pragma: no cover
         logging.exception(e)
         process_exception(e)
         raise
@@ -350,8 +350,8 @@ def load_fam_indicator() -> EtlResult:
     return results
 
 
-@app.etl(UserStats)
-def load_user_report() -> EtlResult:
+@app.etl(UserStats, bind=True)
+def load_user_report():
     connection = connections['etools']
     countries = connection.get_tenants()
     today = date.today()
diff --git a/src/etools_datamart/apps/multitenant/postgresql/public.sqldump b/src/etools_datamart/apps/multitenant/postgresql/public.sqldump
index 0a761fec4ed2e11c36add887720aac29a7ea9f40..0ec2fa00419d218e71c19af840b9c9ae5543f83f 100644
GIT binary patch
delta 40900
zcmaJ~2Y6IP*WQ_XlRy$eHa#Sp4WXBi?S+mYRUv?)NLQ>N#olQ4LchvbXv!~ALXj0m
z1t}I3rNpkFG|OkB*+4<~-<i9cT@vs3JeMc#J@1*hQ_r09&dl1`r^w1jPm!xCd-b@q
zk~FaC^#~z0{MTOm6BPe66#r=ApEU8$9pWGPUo!r^_O^)=$KPrbe}>xy+PPge9e=uA
z?R>VW0`p|myvdKS1G8wV@eHvW+2lUDpeizt^dOYsRgUosUF^KB1tjHv672DZr9!Ve
z<aUQ_IfgqaKeA05NF3K&3wqp<ilpX*gqV9A$)`^X<!pbDmKsBE^BYr=irC7&$iVA*
zj!}@(*%b=P&y=4fQ@%l=+G{Ih+n*-Ik!2~j5$BBx$$+g?N*d*<DUqw{XCgnw;rsL1
zuz56f-rebJONcfz-b~$G;R=OoW#A@-+K{m_?Wkj%wS?Clc_lrCP*>O(Gd!O@E5E)f
zO!MYvEUs{c-L=vhuh8U;?8#_D95*XO0>&hJ6JxJ4%Q!T@$T*SdFdU_Wjq2Tn_<NA%
z3VRGvKaZ6dsPw;$Og6neEipPhP{c-ENg7G<g%8--s_uH8k)G8F+4I)Q-ULP3p~&4?
zXbBUoMSO0fZEmqKtbUd;<pq(wBsOIcs(#qH!N$R(B9GA@Dt7phS)a%(T__u4dG6cD
zj=xrRCMnYLMoRMxYCNW8r;0uxnyfDz`KTb981|(2Z+;K!+L1a8XQQ*mWyytfkxZ^{
z(GIpCM6-<RQxZgdk*>wMs7kXXFP3##+KJ|}Hf>3fvCJ`pO}!4F{Q3!?09#y&w*GTQ
z!^i_ADa3dpE#YODo#;ecMD{xEgt%k_St8TVX#739>PBie7Np0e1MWy!Sp_lHXC(aQ
zi%e{Clo)?E%ubJeX3%YGWK3?7XN+#15_zVXPK@sM0=iTx{;+v9>(T*=hh@c;1ig_D
zTC5?)2iXa~g;|%WTCOpvb+WO()mh_wP62&hs@T{19oDELRM5P5njyC>%NSFh8~Luy
z2x3GE;)+5cHg~#KU~DN*j!Y@1#JJc|Kwqe0?jlmao|>*@i#Nsx?bfq9Z->(F3gghQ
zi+$9X78&nU{9%+8C;aX;+Iq@ZtD8u<vBq6&+&E>hvGc}4{5?pN;-q}Ktctzdh5C*D
zo{j8-PEZ>tNr3w!9&a%<9(UIK=5cu<<Nb|@aj3L_{-5|vwz?}VHmU=w+2+o`>t!|H
z>T&sOWo*n!(#-f{OlIV8a0@X8Hi^H+NZZPMUEMy#m^mstaxUDEP`6h$=NDxecIfag
z%bcp&jp5A_fF4^D0nCd`>)4qXRV@-;`E9M`E4Fnt$rnnEy)%l8ZCzR$UHT3-uD`!f
z{@rG5fVhn@^YZC(k<7B;T?qT>eq{g7RtdU-HYeLYhn7Xwb-i9Q*0qVh^7w4c<twA}
z#VL_dJ&KX-ARCxQ^4Z9Rv_8g3W97wvu+Q&D&byT-;N<8kRG#Qrh$dc<@G6XfSAJBN
z-eZXInk!!BUXQW8f3{H_PBOamZeTn#s?q!bt=RM@(St&LtBv#S0=hz$R=6^&M(V15
zpRfnJ;*)Z`@kG2nByxBiX%d-nNf|Zz`{RlDT#@bl`x4{fKmpskNRIVJxbl>7Z?I`>
zT=4ijkx>J~#8?uJtMvKNiN*}fi|iScMvMj>3Rv|lP0kcgbfZq=s#8Tq<x7oF>h+A-
zm!%mKF1yhPb!-~zgC1YdW;bRG$%zzSelaoL>=e(C-y4}W#6gU9T?*)Gbc4~fz}R!e
z4r6%Nc!vD`$lF)8Cq`b6I1atP=&E93tnHcbo6ndvyui45*zd$6+kF)jK0ykM`NLmf
z4Gff0{odIPqvL`n5U>?sBs3b2DUdDqg%K-=v9wQuK-lIq1)PzYqcVt5uU`TCb+-I$
z<NeVGjq*$4Ux-nr(3m^6*qGBX)97#&rjL;+Y!t_EzQ5zO#&cKSYAov?&uP$S%pTj^
zm^CWPn6|0Nn0Cz(BdxN4u9fvWXY3KfH8B49!9Zl`wU=tf(}Us)LSAFcO=ZUD9$7}0
z8~-%E8eBlvRf$esU|e_8$Ho_z#d8+&+w$1lm9#K&|2PbOV}`_QH59UCv6mNUxsgrd
zucyX~SH=?vV|1TbN{CmO1$4bRKp7WLY-ChTTF3U!Mw9<{Xk1e`V9Q}6Hj(_uvdK+}
z5geBADr_ramoC)`BIj>OC&uXE1@vXJ9pCl|JJlVva>a<6Lif7dHU|ow*<a8ckrB7=
zAx7U(32%M2Jn@z+*YYA`@4ON{XiQB?URTiOU<a0Kjf?^Jq(uI`t3IJVbC}ssWt=n$
zjqp96va6OO#f)nbP+?e2rBzyS<f?n8665}BYYM^Z_OQ7xYPsyt7Lpk$ngT1yCx?@W
z%>U4-N7$&9(025O1c;B7RB0uwd>cuP%%AoRG5U;)r{xY~;1X%EDcguWvUx^RWHBg5
z!dHaOWf>0;_QNXZe0Y2u<#F4Jjm$@!k&zF!AV%55cxoP>k?}~Y$gYQSQLvK==th~b
zhL8MW44Yij0=%ApEzf8?w=mM<(JQI(-Ys#>UJpi!8Sl_0k%NynCx+wpgjarB3;D`$
z%}R+3m{~%oU)oFbRhh_hvre(sUqCZxb7wq1-e6?=?5@Pvd{_K83^~rZ-H4HVPXSvs
zPfKNAT|qOArgNLIc8`%FHm)yht;|{Z?9fIn#aKTt*~pwf-e_=dP5bxyFfh(8HcFpN
ziR_tQpBQPk70}m2g&t+cS0e*o-WSic&u1%U^WG!QNV}(sh;hlZgjYe#C-T*!3mo_u
zv)EscmRKfR`X0$NerF%DU$>zAC(cMfhHVAx<SlwpB=wm&#Be?sf93aM^24iUkps`R
zCB{P!CA<n@;uEjf=nqMXF<@r4aV}hhPt9VLA7a*8v+zS^A5IF{_~qtYvV76M#y^iV
ztsfnryaB_tw7Kz^Kg(D$%EWEkNg5bWCk-~*jxLmn<PUq61c+abcbnwLc$OYy|L(yz
zEPOm(3jvSO_4$)V(#(XP{E-1K<P+oOSp{^nL_WFf9b^9Nrm-Q?8wlF6MR%KVkDeV_
z@_+S+LFUFgW6))56n&e+Tzg2e@u)wWjZB5@cl?!PW711GM%(3^jnVT8=$le~-b>ZS
zee>fL8}vkSS1h2$@h9V%3WkhxtMiRRt4`8@SwmYS_WbIN?8Rz)RG$TL;gBoxZB>b8
z?0q`nw_wD%K7){eC=oVkr8&n9dwCNZzYUG$nP=lQ6bhqXOx{=+8NK0YVx%sNE5XWO
z;>IS@G#4v}<F7cRRW4Qz$6pz2+_k8HO?pa`s|Mq?jh`9I7RSE|Bj;VO2B=Z?d`(I|
zmkVPI`2;JopI_@j4fhKPuY%};FMqB%jINuLBjYz^663mM1$4Xo>Q$SM7+3yZO;7f@
z#8@@sQ&P-kjlhuf)0@9h<E0nl%G|>85buq>Z>2;^wnN#E%hBzaIcW`l>xl8gOL28r
zwB|GNIcXGm>}@pc)vMx~VEdHFSH{{M^<+VefA??WqtylUZJ9G;$JfRyRdH2fjA0+`
z*9s%Azc&EwWPMFx`e4{(?k+Z#evlmLy|aWEEjGlH@%n8|1+1|#aaVF=%?AZ?AzGSG
z->G6BU4hx`)Q3N_hSjLJ(~$&?!ARzAbhq-C3+TIIBq%T@?D@>-^J+Xl-Y_f<@<~qQ
z(Y-@8W9@5kurC-n|1k!Dkh!4R5j8scf4YNB{~QUm+7!>859KYiu=U4jy~vo){M1<V
zX8bjJe`(EYqx8#^$X8#8rL?&qdQTQq{#QrX(*4l8e_K2c{$Ql#KFn<c-md9RzJNKm
z83(`4Gb+A5Yc9y?`%+1lQ%T0iZ?>>rUyv-L;N5r*V8rAZ&mS&~Tz_CYF{Zy4Pa^0s
zmK<(kJlo7%{4PCN&p3ZL7bP{`i2dF1u%Eikh4@ZcitNP2w4PCQco&;>6lQ0=o$-W%
zK1}fB6wPLtn{_?1{RrC2bsr=o7c{ni-#9YoJD3>nd|1eySZJDu?fTJlW6$?Hj6=Jc
z#mqrp5FJk_D~ufcp^_Mv?ahu2dcF`l_&+UgK~I_yne<~lqPfj=FRNN)b~lm55@Y92
zud*eFv@GNB$MGzLe35lOkETYm&k}wM8k3I|%Tf?)?4>8`v+1k!WaFWuTkz>-J?)AX
zaXLHHlQv|>ug3tE*``rk*wX^*we$7nA4@S#AM3>K{tacb;EQ<KU>wP0W4<HVk$aAB
z!9cPv{wnN64->D9^(Rw|XPRXj&-q0*_KJcRmep>NI9t~XtE)GDTg9gSfRFlXfBXZ&
z{>YQR_oha>0|~!{jLxTujeTF3j)UoE8nPw5X^JuQuh*i><~`9*dWW4p2otpBp&GE?
z<zfw5(4xqtr*9y}<40<;>URY&bvA5)KDYIs6xQ-4($1KErr7BG&lc)39VO*UF?+w>
z1+#a%Gas|+zc3nCewUy*6sb77ni$J}h%0rwZ3Tw=Y)&NOobdXXU9LLX<$9gp!M;3#
z{8jvzfbgQB9VaAz<K^TYV$AzFo`5^Rx@x2`&!8j;4g$0GK9U89W>yNzw8+?!EGn)Z
zn|@qNX9FlE-hU?9MeUite6EqsZ0+C3dBdX#ibK4+PMQ&;*YWs|9yi;bjOlqv68RIw
zDk|$^nO62Cw1DkPCd=4><|y@cCmpe+li%azRVkz;G4A+1K~aDmZ$%4vT79As<Lf`;
z-|7k58nKhDXdXLv39ZL3NfiS2Qw8jU7tG!>C5==Y+Uc6f#qV|V`_c*ABUsnMfA*=&
z(541t3(F@MV>bRBSMK%Nve~>eEst-@AZV8MvkC74NLajMnFDAF$D{*Cj$76aJG$O<
z0UouJYIfilwC?*i0U5#!bTWq&^VDqe9(k&S#6Q&MVFU9>b2Q9$Y?7TcV3oP#Q{p!3
z>2sOYhX=r~C{~Mm$C~wYB7-Cgxh%FTkKDli)HFNWOA?j(_%->YD`D{5BqSB&+Y3km
zVK*d^c;@_KnmzOfKDl8dQjf4FlSu*nLatp7vu&49JDZ)7pv3Rt-HJ(?C`?hiUqTS8
zMK;wzUSY4-M@BxamniMyV@k-a8p}vcNHXBEHD-+qv_iJ@l$OMfm62p#P)4!{8<2*?
zzmi|wb`WjOrZyp4*`?{EW{&a)JSMg&pWhUYX7+eSqGG?TrBK|IO=?b3*v~^qHup6r
z4G4wNFFb+!r0R(+$Ukg!8ZtXIGZ7s`XLgnoCx5*q*+$r&EK)PZ`h$$LC9V0k)+Cn@
zk6AtYrM5<w(U!t{_cpsB11dktN%;PthdatiKf*4~PyE%-{;h!H31;g20Y&UkJ8}Yx
zZ&93IOO59$$SJn&4=7t!kdVJ%(AJENYOJ;7{oQEv?5n~Aogo*W=pk1S)}%NA67pg}
zGTB3#u<3qM&-kTJIqU30YFMGdUie0)Hr$WYk_MroyQ5*o<{Lkjz*%fenB?+j0%RCr
zpEgcNE$n8a!o(?UoVn#iEVC0yWuyNk4TZ_a)-}QqQ1cTz8zKSLx(QmzmgN`>!$l;M
zjSZ8XtW#4G@1<ccAKo6lgMHpCF`+Q;){!^}>(&A-<DfYRvbmke4t8V9c(Vv#30%b1
zSL+4rL@O<szu1}VA?)tfaZLeNkk9K%IuQ0*8)!NtKmDI><VSX_Z9EqNSD4$olXuZa
z+9hD!epcC&G?nX$@$Vv`{v?NOBXEJ&Z!p+6{cd6W7k2bwd~J0F(l{*BI6H(kF>dTo
z#OCxQi`k#9giO1|+8dcJ<x_i+V!{S`;^iOkxM1apm+VpvBW5@=+t~I&H0jYPdMfL$
z(PX)>IXX9*e$CJ9pPNVk>uyoWN2F2MiB<L`@3PmMqfzbfCMM%S_eV1M%;nXRj6hi?
zzoj3!hA{X6YZ^nq6M~H_rPlkkWH$OzEL?`Zn=KqM;?qlw74^rPf9%ZhYo4eF;agb%
z`>v$T*uDM9n{4TMr2a=Rp<umm&$?+be_#M9)mZ2DiLU~D`ykPEnsiM3HO!vB99^e!
zW;t^XBYCVk1@qFHg@f6-%g7yUWG9sScQV=chtjre&*kJpHl%Yx1!KHzd?jhZe;GpR
z$6OQNn}*zbSJ4vbh8MAng=}vHO<_(^(zkX^C<?5WF?a<qc%2wd(s<=iGK8?-FG`dM
zicu&g!K#PRdJM^BaeWwuBH?pbP-RY4U4~;I;_Xl>pZ7>qARM0V@AM`dE0z+JORt0y
z@MA*18YSS|E(ed5shGsEa52Vjmt|1MV!yC&#-I`SWh3~XERt?lqo<Frr`y@Hy%RNt
z*vnp;&F{H}oTsdLzl2u-A7|HL>ZE?@6Jm?kni*d?oE8eB??raPkKBKDNg^h|y7_1k
zKX3!43D##o;;S&5HiDKJ?K6c7u81AD39Bx#Hizq7{Ldh<CWq_!rz+`|V-Jp?4mNEZ
z*~mJ3P#MRQX)0SbD50d_K`dp5e0mf1=y>usOTR23v7nDHxtU}VwhGfg%-RS9gM9Y{
z0>|W``wLj3P3E*+e-hcm&Rm($HDPVr+4BLK!|P8b-%z&vsstS&KU)%@ZFt3P#6?)&
z5eXTBcd)I%wPbVdBq@CD?J#VxtQH;d7g+}#M^U%&M3*8~c_(>;eVv2KSUoyHLD&Vq
z2^8e=%DYH1F%Camz}mct?+%Zqtt4>s-DExsU6atJ!yZ269&$frcVCx~%W#l8reM-y
zE3QYUIBK?Wc<Vl6Lq}k+fANMy*)X3rjkKifryJvW3A+3kRA)>h`TW2Pv|Q#IhcW!$
zEoPY&K0rQUT}MLG#pC0ef*59t9wdV(n{ji3Cbt)piTyE>Yy41<$u>Mpeq-w<B%olW
zHhc{8iL+6bA?B04kCXHTDM`t!^ilE_+dmN>a9o-s1uW+=%pAF+knU%b5;cT)`s2bb
zL1AMeJt6IqU2NjzXr4dZnvfNYt9CYK76$N(W|H%4)a?mMJU%{ZmY8imzXK_rjLtS|
zXJfW08I2T+?n)F6@MUwzJi<oZlklq-?$7z85gR`bYc;s6h1Kz!toeEKVR3#zlI-mK
zeTe`cpK6dN2pcmk;a8uFw|Gj}tU=S%_+6^FZUI!R9;Vryww3TA$^S%D-4j4SNxHzi
z!7$b&`68;$$1~E1ghD}E5=7iCS13>`_DK{<f_&@Kq$dd@mR*An)xuK+KE%5`OHxS(
z#HVBUu&WkcQ{aUYp*o|GFMf_VkqfK|qhAsB)Y76`YjL~ysfDCO;QcjtUoCu+0`KMn
z7NZveUsDR<+NGGRz<c<dC8Uh7hd?lJrYHoxumqNtQU_0c9$l8Y+-ypi7CP!FAU;0v
z1yVuSmW8Cqk*W~%^Dma65Lw=02&O3n1H9rz(uS~`Z>MSO;d`}AXSzZ<h*fGkPXS-E
z96g4*UF>8>TIg(`K!j}B3m(IeTDU@tCV>}_orVhWFdwy&j1y}tcJMx^&a{?Ar*3Wr
zHz%$pcHVY1nr?eI_RKcpcGr&j+ZC$Z@J=JP*@RbDk@nCMs?k!LR+6pI5(~tNxFo+}
zE$K|y2QT4+a}*daKe$eqUd>mMB4@5b5MD14SmegbBp-TLK|D_(?gz~VfkgiI28<}|
zmMUZ;Um+gg-CrRMNhhx>_T`@1e3k+QJZLMzcq2lDe8oo6oUrBVkiS9&B7{&4!ho#J
zYLd$)Y=Nh?%NwM=hy)&I7rhK{BL!H*84#%};LpD%M($M`AYW`PkB`cg;X9u32FW4R
z8)hZl(bF6Xh?@`FM7)Fz+DMAZN)&>yrSa(^(w5J^-Hbj*eLiE!m_nyh0rFziDZ*QP
z=oZq7wD;AtT3_u}TdL3^!tOFih9FuR|86Tf0QH3o*SJDw69vp~bBZV#e{ehT5LUJc
zO{1woJiw2?g*6m~5juA>DReed$coSr!emYPWABhoB;=2c;BJ5I5xluVONgI;S1fDk
z7G$l3LNIK&m*%telk_z9!fTk_pV>}YvTYM#U(J0V3(n~~h?iB~q9?On?~~`+`)hi&
zzjm)~X`P7A1%pTgwRmVJT6PG|i0BC8uiZmhDYUqmYm=5QB3hYz%Ll@X@#<Uny4DJa
zhj-W|#_%2Qq6xN92zt$6uZTYJ)w{*;FyuYxZmWR!_?bPhoI-(`G6~c!lX3;z&%0EU
zY|<W~t!QBcY8Qq_0S{oJM?8t8EkfsazKza5dYYcX4jrbM?AS--OGbAg|6YZLAV2>x
z=|$L8yCLXT2!{ByPle!HdmtE82!{Fj&j^Sw$<-K4Le_%PcP0WjEOI`U`=#HIbT;=F
zSnQ*|BzCs#8#F`wZ`%Al$!z6%(vVF!2zJG~_jASj!8GJ$Gj?i)&afgCvB*IxrM$sc
z#E&41$H>@F=xnb*crfB41jFa;!-(G=uAFGiglZc<ofJwiFx3QV_}}|6IK_=gcO7H0
zvqF=P5BmmYSO<5FG3gG~HYU3&@P4!r1Z?=81Ly-C+%+bpyN*fOO`!#LaXcEsyB;Ei
za4YSDVRn%M6oh*OmV6_=?l8Upp%uT;VQ-<cy8<EzA}3d({}q1=9|PNa0@0k@&oUi7
z6d2e#-@#CX{;+ZKt3pRlYuSK{Z~7kP&>lW7vsyi_+Lm=M1su@@8M5Hz{}YCr%WF(N
zQt0fhK#10acm#juN8t)^`HfjW6gvAT03v`R!V&!JPhtrIj!7(|wT<V#3N1c9;1>)m
zf-E_`7pCZb3RypY?pF+Uf+9EK_d@3-3Q-Ys9mw^3t{)?LgzftQef&~|d=T<*`(r(I
z9P$*tKxbcAqx}^S7&NB8|Em+|HG%+l9uP;R0utsOeuL3P5kX1UF|!V|mc>8|dd(kN
zE`RoSm@w?>U-1Ql6!M@4)wtVrp8Th93N$(n&|n3~1NS3b>CM=_dep_X6>AOI^ri?o
zOgn{9t@H;{!lwU;X|}p4Ni)6e)9b@wfBZB?xR~5v>hZJ58TgvZ6bX63C6r$Gwx?l(
zwD;6B7EkTQa=Ai_57x#Kr`D9e`8TW$>It*9`AB$(0^$cm_{RB_XM}m)_ji)o&Rd&J
zeT70nfbTsk)=QqhFrQqh5DaqfInsi#k555xs6sF#{LGEmw$@q-f8{)BN7%@}QBPMX
zAR-(F&uk+eB(w=(|NH~_Vb<~?m+8rE%wMI{M_BPLy~sISArBsv>G?ghS5M{_>9nP=
zYFWPkN_T_;C;ZC73Cg!5(NdVTG2_Bh$E+Qx(BefMK}%EKDTQ{z6n`FHH%cMz6RlRb
zUQ6rKbdILm6~?NI?H+<2J6eGgZ2=zFrfl)2B!|yRrL71X;nC8{Yqy816-r<or%_m3
zl|C(v<@F<(j%yUsLEfbSMWw-(b`2nfj<E{a5MP%;vk5zpjFtJbLrA9cT7`5N(O}`b
zWN6sAEF&Ups?&NFtImW?Rhdr9SjOGx$^V`~U!4;HGk4Sk1QaLTiJrVSlMbc<FI&<T
zHpz9?X~0d{Qu;ahLw0&8p#g-%MxaGpuYiE<$)?>y3VHKvv<Q~mfEGD!QpkJwv>b|M
z*Bu!U9H$WU@?UZ(#?GLd9SZ1$&hZLaAI47Mh~$0qDaOvX8qy-?%?f#}ou#*suPLBd
zJb#>pyi8EY2l%N%w1H4CW^;LhwQa763V4wBDgvAagY4iKT3GC_!h%xn*%AM^>TI21
zYl`Wh@~AOJpRX_GS^O8YfO%rOU05Fn9n>ajgwd?jC@yS;3$gbcbaY!+)Zn6RV~7qG
z2(Q=JlTpkjmC#C{%oQJfEG?Q&Co5El9W9~P0$~;!ZJrfHbg@AAylk42jsn7*E$9JX
z6w%cR5jH+5$Yaz=E7`eXnp$>!iCJjfEdc1C*ncs(P1MSw$L=jP0T){U0zPA6lR|b`
zV>*y+8BbH1(uS`@A-yah=01h-ZCvKkiSk#YfWH3?0O8yiHL#EkZi(`Bd!nWFQ4Dpd
z1uEcX=ga8T#-g4n&1u{1(KH79x3n)tlwvEI(1FH;_v$sLkH#<qEie~yo>-TrD1-h7
zG(d0O9Zhbq6*R_hVqXH)7Az*|siiHyhypLS0D_ga?&n-Kt{JUt=Z>|5GcnW^R;U;Q
ziT&G5CTFflXxB5*<c3-R!+v&eb9$ZOIDndMlHAxP{~Pw-(oycvcy_3VXb5|+jf#)3
z5)T;_XY<+S7Ia{_D_Q_Q#XzGhKnSmx{2w-`B^_i;{~0NLx*?j<7%NbSRkx(qv~fkh
z+x|uraE%4P<7J~-(XnmZ=4ylHZHfZMS^*@9=caPEIf>HtbIZ)Ky50g%L%(5*TGK)E
z&!Um)-J6)08?7)gat#Z&p@W`kK=AFGrbI#GEI=?|cpG|k8+Y{EPcDlB##;e`OmJt|
zh_-0Yosu*pGWO!8X3i#BVEjG?@=GcEM_@Xi)bKSg?QCUYCR<=?=q+qfIR^Gv$3D3`
zio4Yc7vrw5j_v3mHVO=-rgVFC6m`1=D(GRLr!)rxMfB22iX1NgG>W<NzcIC#7Hmod
zlAGO*)@#!H^C<FeD`c2~Tj5{@E~M73u_%wb4@EKeT3~7@5{$c09=>Qx@*j@krdZ%S
z7tk8mU^iwvpScy0J{|*4vjCf{gqvA;d(oKg|0$Z*bSv=y15=?no9jWJ^+l(l++U-p
z2P{w*@(5&gxA8?s|A%7Whb+K;8L}VS#vlEpjz^=ZJz@a}$e{fAa=+<QroW$#0v@vf
z#3SqHe5m2|LDA%ApO2y*w?g^YeSUgPxj)*kR>S}^tpKq&yBxV#MwX6bzDjLv_L5l^
zC^G<mUz<R*Ic#p#!34~;0E9gZ5%OZ@^Ws}3<m<`l)b>^<6Z3}*tztLv=IlBfhyRrC
zu(5YXPTfttf615Fh`RziP2KF+hqN%ZC3Z_r-HorOg}70kE4FWdy~sMy`+>t;vYQr)
zZE<~zirI*c^f|d}l>Q@?V`u0}xgnILMI`gW$Y|W0Ep88dd1pFDZt$dMrQ#2pJK1A>
z@S>m#eOPYLr2ke48pS7a`yxFj6=F-`>vB6HJum+sJJB{{*O{H#*2MOafroq%eGZ$+
z?Ci{|g0J-i_IS)6p3PQugZ6v6(<yRa7^Q0ji9AMs&SPDB&?S-sO|><GpBrT{=ZIW&
zpZ{IDQT<&Cn{qMj1zK|!)oak3B`cYo*lF%M=yFPOieHkHVYc~olW+pE??y@Vr71$W
z(dAT;nV&a%(+4GCm)2Wj?&WHC#vzhiEXlSkW3S1b$TWJLFJu`#%>ru1oc+Pd$@~ev
zjIDiXZ%L`8sj+--k#tv@CjTGQ)isi}%Dh{(9I??G3{zRw-C5~TES$R5CrN^gn!<)%
zO8bC%YR66`Gut0tN?(>NQ<@=lfgc*JrET57ijtYA{2i>@6UV_<EEqt0N%kmv<8zZ_
z0qW=blHW-)*RU~_v|2JUsU4LSWnE^oi38~ZNxh_5G7S(XcM8s=oo)Wu)B?U^IqNf+
zu9Bojnj^(PTik6j7I(jCW;Ww;`kAC1(mW}VI)r{G*l~7t>{C+_xNL6;3Y(q%x*aV8
zo09fPN*OJb05HAYlO!+NNd7-4Sf2{^m7NxuwGD>Vn{i$hEtXOsLCM^8V5P%QJAzfk
zx(-8ebQq4}5bP-Gkb)o`tvC5bo%W+r1*uvvgf_>?LDVS)LFXx8(?+6L&RmJSPS|07
zAE-A+B;$rQmW_RnVA0rVnVB~*V@k{pG;$1mOmbwLx2`mY2%9|k04$4uT!8sN6U44G
zuVh(NTn)!WU2etg)=+FsYbT%#&^-RZHMG%x;O|!8y|xbGAOZ*5eH|Rrmt2cQva60i
z{a%Fvzbzyca46{gAK0l1Y!G`~j*kcZYt#+&A9rj)7(Z*_K?OE!>n%tftp7!N9{66g
znC-d?Os8LNq&);vBo<AJtrz1;AGTKNb=y2~rJ3VtGG985Itcdq*N!tzS7`C_qvL71
zK-Ko8Kc+zWd8-NZL6LV~)WscJxyJMUgaRLgyQ<9ua1GKY(Ik<$Y4OLwvlU=aV<%HL
zK^@d~lrn3S&y7Iwyd`jQy><&4o>&2coj8`JI-gO1ytaS|D!7eaMp(-ZdOG`lEX{Pz
zRe<~mG)%aM=CiH0)1&{9%S8%o(AM7M!<@N;_9w<YX?Eulg?QLDK#DVn7qgysW9I-`
z*7b-TxJ)9AVGZ`X`S^RNQ<Q$~a(qF7^72jhQtYQ%l3{oLpF+-WYs22W7ggM03dQb9
zA^ws=JZS62Ccl8t$>OQ>c0sv=e`=*dJ`BF0kY|w3;df7`2x-9QV0Tnmg92{8Wd?=g
zy7)Fw$<`_ay~zBw8MFy=PS@)3iysg^ND11Y0EvSJ+%J+mzT`pLjIe`F%#1Vd)l!|W
zC_q7*Pl6ag*}UXo;rOdTI=BKE=F=ac0|@&Y2TC|LSqlc;{M@7HFRWo>WT^5kH2F6b
z(mq>X!6<6ZAAVd^#Q*N2cIQ@we86@|oPopu$`%JLAXKuP>df^bhPk;jg$sLe7btpH
zp(teQE%-;>+3wlc-_mC`?L~~mZS0QstT7<}Z=FM*kaER46>@CAQ!rAO_DJW8=Fv&$
zR~2^WhYES0?Q;21g2lvce+r)C;wMo(3k-TENeAglxZ2z<x5veHy#yEbZiT7<uY8Km
zLpbzNR8zG=FvK&N5Uh9{f}dCmhF!e+X}a7Lbbh7~^w@eyy40J`(uc%W5VmU-T-9GF
z5I$R5fnY%7@)Zk3r#kZl>g_89CSYqRSytL&+L*B2vyl6*72+X2cnL*-XYL#b9<mYy
zZPUlsFQpd|`0VVCBMP|yZ~OxKr;scAP9Ybv1yE~}pEZ3MCSF&anAZ>1Xq-$E5?n2A
zf06bfZ0jrxAU`X_J?PegoyA(Oz(i2`l$OM|E~j8bZdruSKB_?ac;*Vxt)<{`g<ycs
zUP-ScEaw$scmAOe3}IXn2RE>WL-icqbv4C?qvkkE!ExFe<Z<yCRdkRk==@h9=)n|;
z!yF3OnsqdntzL`pQ>V2QLBD6_p^V5X3ro`N!mi<V63KxCpHs+}B`M?swo9Q*oc2({
z+r3O5M?B8Ms$WI_OHrUg{Nx6hD(uTwiM_18wIB#`U1RDQ)R*w@U!e$(N?Zd4&SUck
zoFu<Zc$MNXl$XZX%j^n-&(=MLU_j)vxv!zSmApp#Ve{3iB+XbcCexX#P!NC}E2(qa
zUPo(m)rl-NQeZ>2!6so2*dn%Noz{R)-9#THtp95yt%fe_uA{TqS|{jXm&8eUtjAW`
zl;z(EQyC+FG0S`de~BY5*s(Y1IU_XA?krL0^4PA7>*CP0j7Usl1;%IVDcF4M^jp};
za&S9MXT2XliQciDg4{QK0oq{`1v+5sEV+O{qdN(4N4Y{AY^rxKP8;dB+Z`3wa()-@
zvV;Ce*zC<Dt-Q8L?o|LieDwQt8ewaeBjbLBpwD&%BRfcAHu^^FV-ja#@BtrCgRmP>
zwT>1FWPnZnlI9y-AJuta7wt~i*XuFLw^ATNHV-@b7Gm_lT{NHX-z~;62?|?-u-~z>
zI7OqB_uoseAV!C2c4r5LxCgVY5N8l~u*#3InWo)G^j2^vW84UL9oAxZg+3oUev974
za4kw@(>_JZ=yd>%V#p_S3gWgdw)8E;#(OE?0a!vHJ$8bEbbiHWVl=FL2gTGyfeFEW
z7eq-m`%5fQ8-4+E&d7Ms?&xNX3A#8cV~i=+S0U%&WS_8JGj~vXS$~BfW^pmT2reYM
z?{+<%PumYWpB>zZF@LZE7vQ_Urr4=<;7Pl4m_jaO3$u>*>n)h;APN+v>Lcv~v5f-m
zIxNT$)~dkDC=sek*tJ(^I56oTJ#1`w+U~qs0l|1Hh?6}3Fl|rR<~Pw@$122qeEJbu
zOkBa*2lCyd0Eqz>M{qd!&)>pPz}oId$xT$qhxnN9vFu`tzef9*Y%Pf8vQM0pQN(lp
zCnlE>JCOT36!HN+<45`txQ}kheY{&C8nShjY)Lk0v0i`^G+^uhLUmsKGm6Q`+hBLz
zY6*t5h3+i~o&2(2MXBySgzuQHkoUmo6K7qlc}7p;2aXCuapAYXJfOgYFiOYH$Kc(L
z(>bI^sD|{N_*bosDi2xflxA6tPWMU7hQ`b{?T$wk5D#DZ8@iFv`E9%NafO@@?M#p_
zOa2gZ`h@qgoU;|u0T?qiM_%xye+r8R@!u@RTm=Xu@4w(zFfQ7g<$Tgw4hxQ^f?4Tc
zsejW{UUixhVq|}o<zxzs$5tUR{OsS<Wr{ze5EndpoIR1lZ#e_^h;jO>EXP8Hcz|y{
zD+<wZ!0ueEkPF#@Y{FW-oNYTt8!)V&a-~tQ;0I7}&aKtkiQo6ONAojRRCO7hORbf|
zVsn{{&LiikpNL4a-MLI5FB+}ja}Fn3V`4n@gWb7YAuY^PLFQyfH^6NEifTAPZu-x5
z#|i}|z?<qC=(UgbLRQu)1Vfk^LB{m4s$>{o>yostgv~h*pT~M@5X`K$0@Q|Io}!_{
zJ#!wT(kg|#hd*0Sa}wj)-|fzbLe2-jDwv*aSbmz8&0D5wAu|80-LX*t3Gg{-T6ZbN
z6=ESy8fe!OM5pb}E!J}2leadRooh2R?3_WM+3wt?koRDk6--bD`5abZ$3L=dbxOq<
z2y?gSZu7ToncC|ic&ww1%UzqF|Arz7AKzft;P&~oAFA>#g<t@Ai5=>ovvoPx(NdAE
z!SF=r+wOQ*fei7vIoh+Pp!0oeLD*5fMH0Q()J~c|fs?xMOFf586cp7%El4(Nm#@9W
z?(2_M@qt2_hdT?jDk24)dlZ7g6C?<#?AIb3Qn&7m)_{GLqZROxjWkSM2({at)e1Pw
zYLnjzIP7XE|FJ?oWE(A*tle3L6O{ii9okIzEJBjb>iEnW2lHu>Q-j|GaeTYu3x%ME
zk7%sDN7(tl(7L`-2x2*59v*REr=GzM_(%?0+Zf!+^-p2T{@x~9?tl0W_AB&Z;aXeY
zFU>%e6pIvgXe!o7P<lDTZ+q%GB@QYSi<SLHXGz|xEi^bBTj$}szOxpGvDK1Yu}g2k
zr?k{E2s@Dv`5&$2VXSl%6xagE%VksAXbyh5m4=aa<QX7;Rv-hmA#o%JayfRK1=;Ao
z;eYy7feXPrlBC|d$~Ejm0a?QCJYgx1*#b5X<eT#J3T-Hy6}xo1^EZXO$99>NXOJ&q
z4LxYhM_t+^coN*KWEUuue=5K}TcrSFr3FSX>+*@7%C~yZ@+i1?k`{bg0TveJg<uA7
zCWDiqaKZIx0tYKFh~X>>FYD~rHn70~Vt0_$u;b-_(cR9mI2=5WA?^%_X1^;*w>vaz
zLF@%S7}S15F0t2qk6!5b$2ym8&#UdV%ZVU>*q#3><b1X+Cdqk82Mq5*KC48Lg@72p
z1Sh((lXf3YA{m0Aqn<)Ogs_HWGef=|J5!*g@c~`LAR>|J)<{@NJq4fH$EvgROkUhg
zgG*)06&M&Y6`%lLaFLjRbNk`53l)MPTMyQ)0fH>0J+!HW-IN4Ya(Dn($wk&6X{87d
z11OKz>#3Cx78-z*vJ@b3*5=a}X->A{G>~(8Y2TZ<%T-`}2wF%?aU-nxs(WjoWXn%-
zC_n)e7!HzX$~*Se9w376Vt14(<U{;eKVji4yb5*bwibl3a;-^}9(}3y1@>K}qO98E
zAVP;<0rK!k1GII7g-4)#S}Fvw#5Jkjm49QATR8|(nrQ>IhD0!F?9SE-WXL3N=P-ff
zKMWEhp#-(H2Ejh5NJwt$WzoT#kH1XQqVNg@++*`6z`G8?*$iLjU?0oT%Q2V8)Ez+u
z+|S)th;DgvKE5ri5Da3<l}z*ME46E)@*NfOVVJlxa^R&drAZCh#FiM=nmva0w)amA
zNY6fid2ioU+DB}S4}qg~7bB9@(^?rAd>tgioIReLl*8`Rlj`vX!?j-UwS?K|VvMc5
z6<{A`GC@x_!E;AyI@^5<X2-TIaQ^MwYcz2xMmdwew;ri2We5Gp(!^pt)zMX<HNgKK
z3A3G53hCnkJ=J-ULR#!zIx`aU!iEP?2KS8CzDWRHVhzN;q_D}AUpPh^L0E8rR^;rj
zkjFa2Jc$GH*?ibFq6s<&VyYXY0ErzQC$H6TNY_{`1x5_c<#1f4kjJJBNJj;)R0xK6
zr|Y$rD5PoVb5~gl${jRat`}p{m*$uxYX)0Z7k~_O>IQAIR8chPf?$C=cJT!ca`f{<
zH=@6^t+R)6vI3GhPV4_4Jdr!BAt3wXBm<m0!H$jB>a$nIYp3ecMDA4JeKxO&zhr{e
zh&_A{rs=lJ&}VNL2NSsK1nsxBbyz3&S*zotCSti+UYB4oLxEX4NlW`LD#!iS7*7zp
zz|mWhZqa_j;jgtl&W|XNA$htv+jA>?aN{s>vPa*+=U#iO_A0Vno0>7xS`qJan^s?Z
zYHdQnlhznE{dVp5I31(tDTV0scWA#Qh(2pA%D3Ms*7)F06g{VqYIwH>Zi0}Sr;xhh
z9<BVpXc9}UG2Q@w<z5Yb7r}dYQ6UHZvbb=9wV8q`UJ@8qDWpT<W{Dq6D#AL2To^-H
zx2amT;4h@JFK3_y|IJXPd#7XOYBU{xZJ4I5lX@KMt@Zd^3>Q%RmOx0@s1SDZmuHA|
zNDY0V>@|gS^vsBL4`5-{<5py_WfPoPFnW%b!uma+MdEA)$Lk6$0apH?b}}yP+@=r?
zW84+DH?S@bYxVg(4{11m77PRDc54h~{wQYQBf#u?ScB_LVBS(-+))f~_o#+b?1lK-
z3UN5J&1@aQjVpZVV<<z3*`vUCabCE%wSgBtfq_DD2Am%$<b8<J3VF77CXCS8Gc|XV
zXs}NK^0Q;Jw4*XoU-pecE`SYMh&Q0_5c8TN%uW&9FFT-s;2>)O*}fEp#`3w^?;?8d
z{GS3K4&svm^*NX0q>H2Tw4Y>z-1(yd6UK>k65|9p)fE55S{z;$rzt-AN$tEDe?OrR
zcN<+N7O+E4;atF~r?gMakorjlz{A!p(0-P3&fgSr;$RfS>l?9apM-}C{q}1U^QQvi
z1Lq8wJXZXS_PLprzZBwr-uPL~9;E^Ntq=_GG0zEeU-AY1Q3!@)X^dKg(s*xSv^1P&
z6aX<q$s9WuW0L-55v(ndi1VB^28LFdyd6T&4C?bnOEhZI1{~)VAUE%~R0HEr@(bt%
zi`ol}lc2}eT(n8>3moj<=aH$c&ujmf@qbML^V%wEU?-MoS-g0eusH>9z?rJR`EaI+
zxPXE^@PFC?!5MI*DWv@zw@cve6CszOkPGmyp;O8^8!F_)S&c}&IlpuT)*w=CmO?zl
z=dIL|NxM3<fNTW_M+{ZLTwK2zBj>SI7&+_0^Q_?@cL5HLaGf;s6(B+L1T~_BZC!_{
zPJam#%lVC37Ry|Xc?N8UboSL6?UlMZ3lus%SXjq&X7XRxqC?bG;8ZB^f-{}@NU5ME
z)aRqt3m2MXCA3yxd>G-yZ5wRU1~kPU93Qed9W!L+t2jcZ`W>7TC0}&dpluaY1ZNwC
zE`L-P?;pV$Suz)zD#QcwNTIoJgWkX56-)p!&hJtHg0|+kGo&$V_o`NpExp|=^IuE?
zgIj?MnK<5&YxSahhh_@#u&ou6X~gHeCOVkNl_Ov+j;*CQZm5i(eO*hE+yh5YA?)T5
zhQ$buf}@8*&cml~);gL@0LR4&K`(<~OEzkYR*x5L5reHH4|G&Oe3-959w=t*wxJwv
zYz0Gn-d1hDAP^LHQsCIM&FE$z8zk{9+r%INfU~y(fZL3WfiJ*1d`tV%q!aX0NW(-G
z103iCIjqaun0N(|pzIO_0xRhn#H4q$?@a2!00kn<9(Y&VCzuD0N=vZ-Sj{tcpg@G!
zK!uo_EqG7+L5f|b5c9Cr?_=l%;h^ktg_zftE52sH2bhgN-l@GW0Yel3?6ntwQ6B>E
z?FZU>5^#kA;5Px2cLDJGhuTg7a9pVX1lTXTw1ZM?s6s5r{@$&9BgC8|6=ESAhBkR)
zBi4AYc1#i~oTC)dxamqtUsbIgH>F2gOCvyUN<aA#1`<iuxK<(U=IcKep)*OixK1JH
z;r363BUK1GuU80qZO!D3DXh!qm=7NP42GaoeuDzz<Lf>b7K2niP9f+=hZWbcu-#u`
z*;4YQ_N$2*ufT+0!^m4%s<QO@Z1h*!UnXnhW(6i3!z{`HrfQ$|hr~E;v&MkHxp%*Y
z2tAk|#dj*?*q;43X5^A@;Fystk$V)f9$f53KFMX(*x1e%9nkihq>p<Q5N{N+<)C&%
zN;~dTNc-5{L-;sBB`KbwkYgtgqueCpWU4|e7)`wVTP&`n(isYA-t{}JO!7yHA6AI5
zx!-HY1$)HtgtZj5(jNLBY`gb=(0(*|ATt%hZVut}C}CutLeRsCf6`6}?uTQ(Ld?rL
z{;d5e#hy}#`S_S$w4mgMIG$C=`Puuw;*$l}<9US`?uiie3by1J43_q#n7wAUhQYG_
z7c`c3$F%i=apCwsg@Pb&a9qsQf@QH<As1rZPH6v1{zGw<LXLGkfhs8f4e8H5iS>mb
zOgLY*1|VjE3&F%q7sr3YCv5snJ1BS%uPG32w)1y5WCTgTu}LB4VF&)e&?ATq#hVp!
z?3+Jer#k*ZXOSd`w-vGhtm$LKgHnFuDY2#(oCD_$1t<tdJ3vkO@zY|VF4zLj4;Atu
zjGuGPXr-+542p5oKUf)yNWNp20u$!5&LF62hWtOV7KC%96+2%+nzDue!b-a8Uk%6O
ziZH(OYX!)SW%@_wwKDd`Ih4EzdON;Rh<o_n^Kjpp(eXnHL5x)5-iJIkmEau4zC{1R
zRDM{2@$pKkXPKdN#}S1fE@9C0)TrS1)`B?X?gL%NvQ`G?e^3aDcmM**^5TaSR-CM#
zHN)~p6&ODjN5J4pgA~jox1{L*m?86H3QQo1;cwQ%J=#*<@w-Ak$Z*|6A*)OUb)qO$
zKWRp?|56}ACPLn@uqaKh$F5G(k4l*HoC1c`fCv&dVMo*T`n(GNn89%8d20|n2quWv
z&(IMql)>{e3VHW}_6P`V=?IF==u90{`Gz_?oH9PHUl1xubR`7fN<c3Y$8pJBy?gD*
zAhGLc-7<h(Ux5^kJ#hsBi<t+R?A|Q>j0|EsQx!n5UX;L?jSyWg&dkyqv&A_m*5mtN
z0pXT}#;i|{ZkS>51`3USmX@m@7a`=VVue_Mx60FTma7ak=P3lm4%!(b5IW-ds9zZZ
z&sT_tV&caN^k1d8BimXW-h%p#bZ~V=HXIj{5iY2kkef{}(tnfzY)4~-LJvD!0<y>2
zV*ML4L|dj1_L{=!B`D|k)OQFcE-Wa~H<<V)3cOF?Pnm&ek3!Cmh^@S4VR|Xr6jDO`
zSO&|z3XtHYO3)K!0KME;heJ<*98DFVp!r3aP4w?%wu+l6gxR4Ij7065>OY&G&|D!K
z#=s>mdJs|jBtEg37*%8dzT6swW7o<}5Q66!{KMvYlPIXY0wm6VoPlc`SfHg2Z$vDL
z?dYVy;KrL)sPK5ixVu6)02dyj)_H7wYt*}Re8A-SARe7|_E4a4V7Q6y+7{@Pb}*PS
zoiLadwFad@{&rD2G{EYVq!f0(jXo`|*3ns^HpJJo)nQD=KcSC8S{$Q@TOo4U`Evb$
z8HMg^DINsjDk?s*0(ovzp?@whjsXe`j(v9N-^++~S*1b_oENcde%y@->P9z49uea%
zyIg^Y9{ODB#kP9sE*a+13)zPr{dpORE*ql2;@)eK+F>tJ+vY`TBL3}IbpfL0<O9Da
z5Ojz50iXT{$?yifvHd6>ubX8y1gYv?YaH%*%Ma>HNKdc0%P_WcG`4TvUFXc{;R;nD
z+fefWgGOOpqdmP|Tpn*~#7PV_f0>8S#5dCqv(|`{rv}xW$-vHc)LXJi)6tbX-vc+)
zq_H%I8CO#nY2wB4$Mh@M%8vSm9$ud-cC000y*269j{1&Lq#NQ(JLwdk@Lz>eH|RXl
zT9wah8xlJRA(zeRreo`Na#8^+c|?3dFFlE^>yBRKxQXI&8ocEPyJG4`*(IF25aXZM
z4V#ZpBpfmm<~Y{jFHya&*irAuf2>gI#Nn^DR*0kGud3P3pT;h`SogEp7wHABUaT)i
zv%5gQ+}`gTtxy)iraW=r0mFd@c6LW^y|q~`Pi)kSIm%@$R9;X9?CY`E5jDnIWgszs
z`Rqg=y_IY&d~P58S((9vR$-n$aJ@oXh>acuGU|eUdM-tiiXW7ZW8I?N#9jM9_OaIb
zf?j^&Qay>Hpc4BT>vk8u>KX+uWb2FTIhwJp17ofK%jBfu1#55=%k=&*o_>4`TNmU@
z*#p+B)6JKaD@ZC^JW!t^swVNvMT(B=tWym6Ileq38h?D-6sU_<AAO^>Dol(W5;hvo
zy<Bg|9hd75i`uAZ-)@XjRU1IPy+NVK53+B<j%5R!%cfW8bEKkJYj%6RrlOlH6@@TG
z_(WhYmt(u}Q-J$%?o0H`z$XxwPLz#P!2P!2Vq6xxeC0M=wtE;xXfY`9tB2`}>oha5
z0oZx7wL*9xuSwWYI$?xffF|O{c_6V&`Q>d9;}t6Wwu?*^a?k9n(OBBFx&j$$JzBq;
z^ziyIipG@1|Ehh9#qHJ!;2Z($RIK3nSL=3>x%k2L{;;`EaiRk32XP*eq7JOXb!fn&
zD8{~T_F?Q>x))oEWu&O+UE0QcJNHk0BwPA@!rN5V@pDijWV8nghWEr(O0oL(#QS8O
z%PS^Z=LnS75eXYpC+(z3Z0q${)5vkTVsk8YyhvszZp45sL^wpksNM_5q$M1^cakD4
ze>5$QO|Yq=@B%e8>vuB&cTBK`<G!hN<MaT!;sv-^b=LXnTNSF%a%;A)=CjiiQ5j2a
zL@QY~L4O(3!+$4Gdw{#eIsv~M(?fiJY}<4&EDuf6agoM_<4;ZIYwNyEp&N9;TXYx7
z?}FNwjj!x3Ya9xDu;{Mx-VN+EJuW(YP5W`<MCFdJX@!nE6dD42{hj)LtB(lO-nMzC
zwJMx+Qhm363Rwu$OvSLTWEPzFC~yH=ceeLytW58lf~{)&K~&oK`}E1Ev_O0=iVxLw
zOt!nNb;CgGB6aglQ!$GRD<NU3h*eb`jZ+jFMQ*WY*1?{hp||1~86UDNyxJR{?z2`K
zcJuc4>)%*@b8S`A6{@iPLvGQ%^Fi4lE+|Cy{O9P=(=5?pT<;*!3>$oN`TmFXFX{{m
zQpHq-if9IeiUPLu@z}h+v<gE{?3$H^tnv}OSoAndLQL!pkje#hBQxrlVV#QG&AUB;
z+@X~uHn&)v*4c1;twL46HqyL&>;74Ko-hn>U3|<Oi2qf)LqA}x5tHsv5odC+>EF`^
zy#8Fda=FklDt$*QEWTf%gLj*+J1`~$YEH3thkQ)HoX=XrydHBWS2O;>lX{^TQgDr`
z`7s_(z`UQ}5d}PG8yepy+>`0)D33sVCaPKJ)V+)4VQZ~Ek8PmP%CTel4^d_RsjxQJ
z^&y4AASNDhJB`?HoySWS>c5DAC$XgDmhA_vRrozo6&xzkL^*qF>N?~S=;B8eXufr+
z{-gMm#57~ArVc~du+{|X{$LUJaPYKc`k(lUU`>1W;D$<h?Z@K^co4g)YW6-e?0rt>
zH@&DI6<G_`*hAr18*tZI5<O<E8=ll!x-;466}pT6`I5d7!(Jc|vsG|xcI?~hBrsEv
zK#(6_36DDpKYpuK*kh!BR_J`f8W!@{`k7m@f2zW6)5R}h%E0LIh-d<d-z@YvW-0Up
z`S`VHIVdXJSsm>pxYRQCSM5XjW?QR*xqqpQzhQfGHXHgf=7wYI_2)&7;x}A{1M(7^
zISMtRHsvKY*!O(Wq7FT-+H3uJRvO_m5@jX#Emv;T-w^r1ZLzTrg!BJAOtiTQc#sd^
z<~)McP85f07X{8a-x}vekC)q;`TE!Ok82l$Y}Jk@74RT`Z<Bsn;$jChqUoBq)GV;Z
z;RNP>@x95sVvD{-6k=l5Yd)g(ocfePZP3;$u2yVsPGN6u$Mq*ux9PLc5rR0QGgdY=
zrCVpi^V8M|cs;!GExn5vuH7~5&*L%gv3W*;3&QM`_t^aTj@}Rp`3vB&Jk`0=hFNRG
zsZPjATh^}tI|gUJryoWgTsSk!yLFyZXb58S8E%a4&Cl)Baptb@*s<k*kS30W)*!!!
zU%pGPLSjL<l%i#c1@F1PVZbg`;DW656TOsQw+AjcfHA7az(Kh$)UntajQc~Tf2KF*
zpH}NB5?oV@;(|u(NOdexfP)+<7uCUu&8Ut=*0>-@Y@g}H!1-#Lr5iT~$@KnDfeZ4(
zU+C>cdI+RNKho!yx6C+Ru*QXOqR~FRwZPR3(pXxW+fkoa;ILzOpWcb5f202`s^x-2
z<zCih)?jp1WY*2vcF}V9oP+<-ip1qOj^zpsL00jd?qRc!=w8-gE=G9I5&bn`YbW}b
zV&&kkePhmxmYQ+)8HZ-KuxtKf?)KDCwO*krh*3^ndV~FpDg3P;^q)jgT~N;AQX9uh
z);ioCe&R>{3~(3BU93Srw4;>@T#&nd(d*Z#S9z_^3Tqrj72sO)6-Tk&$nb`0Rzx10
z?=Ha3)e3OX)`y+w2h!CgC-n-`G2}X-PlKWh2Z?z@plE}&BABV>4poL7s`bF*&_jIW
zZ*sK}s=53Y5diaopO+Pi#AqYqYfuF9<WJoty)gXjA3Cp78S=WIb=KN2_QWexYD;H}
zPUD6q>DZA@?ezmSpGYS9Li%)0JS&zqr}d})v+~y}(hD){xy|EfK1b?QhP)1GjWrlX
zboZLpm%~n+#Ys-mRrkdieO#Ryk=m*h+Te+;(U#5E|BI=!cCAVs5o;arQ4f)OU>Wwn
z=JD^&%O-YVe>m6&3z%0FIzljk#J*ULeX+mRsllZeqdUE74TmFopq?aKHdY<cVKM-3
zH#WgKHY#u-23#AyI5}wp61~t5CU?-jW(|h**t2F+X%Q<)O=`ps)k~TQMWG9FvHdUP
zf-4k-_{*tDd+QWDa0NQC`K#Ef^rVS2SjD!zURprIRoveoX&9j$s`&hjr00@prz&2N
zoAhcK?Nar~|AI+)lJTVAsfVXNo>V+(c+&ASz>|TeA)ZV;c05^lvhn2L$;Fe0Cm&A%
zo<cm0@D$-G#^d1s3zqEg(5_XFth=cMkCU&vskCPf?Ow%CO)YhX=*3kW6}g<!UePS~
zt>XJ$FCChiEN=_Cgsn|aDrAG+!JPvGs`$KjO218`1FQHQ)upf3r-Q4Qdtd2C^ztgM
z?=S7%gkDj_`<yF1oJxmQ@wW9FuNp;%Mb(a|;=kR{_@_(gs4D)=#>O2|=$I<r=*`9&
zq1RM#=a$B0pV6^Zyt`5M{sww|6>re9$;S5d#wz~K^d`RMbX*nxXL*y!&(rZ$kKEk5
zDV}C{n&WAKrzO9+cdKp>(uq}k{jOHMbvha1)vfkWdTSN`;FDJ0YV`IhzV3@wO9{QR
ziVys%RYfYjyNccaZL2rvy;ZF9cdZ7~DOKF~uGL>DbXpaE;@4L5D4kx#N{-_w?+2>b
z?BlIA(ub<}#V1;AOrwuf@v~=IJ(Elyi+<hXRs3bzx+0Cvta{`~gVuQ3;AxAe98Wtu
z6?j~D+;}{Aym)+g{CEO*f_OrB!g$*ABMmwnE}^rk9(lKI2Rt45yKOsN^faAY#p}P@
HsTuu$exM*9

delta 41375
zcma)F2Xs`$_uiTJAS9t=Q%K(|gce%17iy3W0s$1IgNllUqS&R`K#=BBE-D~)1vJ4`
z21Tk}ss#}N10q(M`U4dO{@=W}Nj8DZ`E$<Wz`pz4>38nT{bt^4v;Sgm%>Ro`FYei`
zUoop^)9WzCZ204lf3=f;HIRR$%D)oiUw6vC%s;j9_qZt&C*E?qEf@cEyW0AlExL`n
zX8hO*PWhiUp0<;2xbB9qtChRJrdtv|+cXXTy0HX*nSW$rE}L;-YVAc6Zs+4mjNhlG
zF8XUGzsdYpWIl5-ezW;+<14=0Sd@{H7zc<i<oCLR9vYL)vm&o)#mv}}nNqLvjo+4S
zEYi{=g|+H2<L|5tev7GtN;%Vw3AJ|_$FrNnhzD(%wB}l#6L~al3N!4E7*!#c&1t?f
zP9?-eI>#q57B-%HHl5!pHD=IT*YZsH%BZ(BU~H;gk4^>jy7*xN?YdJ-Hm=Ky$#BSH
z%u76O9BdT(n?FKz<Cx}lxs8Dd4f%u;W9F(18W7^i#-}Z_jq~*$q@DLdQ$c<#Di|rP
z--;RDrYQ*(r4Ad#_9n)NA<0IYq%+2C%`*AK5?V8wXHZ_4JB)gbvW*4yXN*bBn^x9g
z*b^C=Jdhce7sO}}`;El39Aow7WMkRsY$GXkhcUfnCZAM7zlV7t{o8@z$AejT(U20a
zVRqx$>{?X6tDa!I_faR~wpLAI^ams7(+qB;wyD(bae3);2XAQ1p5K6G%w-wIt(i&2
zzZoAHBMW1t0#w$H=NiWrBpdazer0ZAwOIzATw<_4GK`klTj_$6*P-FFc!Ke$D;5}{
zjqQ0u%5KS$jjlNdjN-PL{5GotY--QbXwFqAz_i?%#uuKZ6}`aYcG<FMQ3swI>E}pi
zMy@|brP~{snHOTl6@d(XyQOJi2i^>Iy2<DrtSqm`?T?&oRLG25!m;QOUC85^k<s~I
zF(a)*%o~rNW_IMx$fTwk<8GhX1EyH|ALz*QjLpr~(16Fd-I(1m78Q&<+x&HA1dC#R
z^m>igTjm%A!>vX;-?E|cNx?eiHX7xo^E=F@%P`(-xtTURtl5pSuCY*mWJN1<{5yNZ
z{OEH>+-;l;3V#1Eo!@C?s%SRGPoPbfv8-(gJ+=rL+ugHruy}l4Tbgm+ok1Vo%#w^3
z3y&Jt_l{K=F#dBlHnaGx>$I_>PX@os)N7n`e{KBHH>Mtap$PNlaN~ylF?he<m>I}5
z@%6H@jY)mtjNQI?V}L)-c*g&Zv2#EMzuW8`)W0*&FqQ{a8Gja6j&qMcXlqPe=JSS;
z1;K;N7&a&->jAH=z<fsydh5xCt9>n_w0Cmkvv31uJUuvr-(zJouKhV<$rUj=1Abe+
zh1)%sCmFAgO^V#q!NH71Lt>SOY%ODiim#0`N_wXl_so=qNFftheC;q}dZ&Ag;a6qw
zd(FgNXx5q0hh0#~*IgZ>Ea<Z3No9>AcNg8D8S96})KD;JOzPfR)=;Efw|K@pX5-yw
z<$ZGZ|IusDLEZm`#i|R#z?teqk4$EyjEs2~@>uU08mD^KizN5Df*G|&$G-R5nw#aq
z`_xEDZ<PCrF&X@RE4`w5`s2m*AMcfHEJRD)d|eK?u4Gv#adYGBm=x;!1dP(pojVz0
z$Hp{#C>U{G-jf?2Uz3tlZrMCxudO+(zA<?~^GIobq>_1E2A>*}%AZETxELj2f27gC
zFf(4fF($L&5XN_-r)297N@T{b<1_d)Qw6mw;(2r+jb+n(yP3f{RP5IijlwI&8z*k6
zY;3Q~WwRSaLsBCLuISE;_P12lyw??obQ+S&xHo7H;^~&=dR<_^V0fv)d{c3pv2ci;
z!nv@Sj}EaLX;*imiBDoUemx;pRVXs^>UPY?n;i3_+ZXv}Xbv;(xh?j`V8lKgWqI%R
z3_in3@mLq0ZX`^}rh2*26gQ91jk4i!#;_?V#`+OGjSW*OYs%{mM_eQKFk}CnF={;?
zW9FEqvi}=HNB_%x9<xX@t@?goOc^y;i(Yi|-LVi~WWiV%$nE!5*0|Rbv^kAMV{?r1
z4nJ`(CXVs(M$xtVxX-e74@j*UM&Ikcqlxc8>%;fQDhS)s7Qc$2e0Nb&WahYh&G>s-
zOrqXEWXp{OjQLC(_n?)(jGMlu;tkN0H8Vz&H)LxFO_|2J9!b`mGy3KO#-|U)i1^&L
zWcqz2Pm4^v<pyrFeK;m1U(hI;lxNI6olJ8w<?J^;e(}><g7M<sq2vg$%!(iOPV8Vj
z`bY+U$Z8GKUUr}Ksqy@*m~P|?+fr%rYMvgsa&i-9be$8E3%|#fZM`eG4Zh1gMh1V_
z(q;NCCvM+GlRiM{R?UqC`E0q=AcBdc-W@xc(QAI}yP&Nh&0MXe(5bb&b|mGltC{iA
zf=ai+8!!&t(<HL$?s#Tsi!%5lmd{}Pc+Vaq@9~&i2R!hSpeQF2ci%K-EP5g)5m-T|
ze3xr9m|ELtF+9bPO+9*=6LZjD<4}C2`R|**3^2dhR<mT0&d`OOD9Nu+#wrTJoXSLu
zNe?DOI!=d~p136Deb56-D&N!Q4LmV2W@bwUm2!rfZPwBY>mFdV<ZGx6Jsk`4*>Y&o
zW|kL;d#E`xUVSF^olH``GhDOcWZtPwOEj_Tk$jnX+Sn4!>w09Uk+v*@KWZjoh(~@i
zik8O=qhL6)d)DpT*tjC5(}etyF?0H2OgtC+W60<{uMI69%-R^cDV<i7XbI%{fYmno
zEFDZ`V~|+YpUaj84faAhpJOFmH199tj~8N^CG4{08eQgP8Lox3BeUkiI2OGWlU~?s
zxE8gH99saFX2#1Ie6FSD{RIUyYBq|wX<L>|5a@cw{A{~%Xj$^&k65C?mv=U%zmi|!
z9(lulD;;`vE2|xu_;>>20n0Ev7VR;sj6Kxg16Z@mR>o9sIB3g}`J<!>dacN=C$gC_
ze062_^SO-4)H32)oW@wdY{+@#b(~}r&r6iB+SLDJRM6A(0nOMB{fkQ~_4`~NTL$!}
zQRyCZ@7I<rV8;42vF}5+#^(FtceSL*{ZF@M#@tBEd$-$GQ2yQ?IsQxwW_<Nl2A^-`
zqU*AA#{Rb}tJ~-H+VV{CNqc#mQM95qjemlrz)ofxo0lKrL6>PO7g*?>&z8}zhtU~3
zud8elpWAQjU-7%~&bzU>fPJDZn=nduZ$nY#2$HV1>*WTtYa5F*dOg3+NPI7YFSHyv
z`e2imWQq2AVWpA1p|UUfJg$iIMJF@HZ;sLL@nZ5T-3O<8!%K0I`(M&gOItGdA}gP7
zyu91kwl!9VKeGCj#oT!DgP44K-I38N>oDWghZ+2FxlH-gIQvly$m@;Vz1pD}kAD)=
zyguW2X_m3Q<h1erjtp*C>76WHPsjJ8B~N}DlSiKib<k*+mT9EDpA^yFoXw1Tx5uRK
z^Be5#d~;cHF!C42YDzAco{09o+HdbMKHC|S9bYgKzcv6D@{5=>{9aq;;xAZE<lc3i
zxv}!Am{$R;^yDjJ=lZzFzwct97cyqHOy^I^JZBgk-}{a>okCk??TrOVqd5IbmP5No
zu%yUc8~)(NynV3((!DYTTw^dHOS8Cd^Y=UyG}c^`&Mei(w|qw#e?ax!`(uznw=Lbs
z`zR}t_CES_$-$VK2nHitJ}8tKlq*rPD%J7P0ea?7XnD0PR!i8{&{*?HW~A%K1DFy2
zeT<fn-#E1+$4L6LcI5L<U^jLiiNS?JwkE(ijTxWC(L32Jg^GH?Tuj=LZk*ay&*=Tw
zU}NFJ%!>an84xh+M>F^mD=+tLJ3-fVLtgTKjOhzu<K&Jek$1PpGai<!U6kKkpBkrk
z?4c*mKz!9tF<A(EY<606NK1{>-!)V->i$~!&JRy4L%vIkJo80uxg?h@^|Y1vt}j2M
z6MsS5qsL+qvZbUp+Pt6Di5&gP&yCF|Vg*8IDN~?mF`U1oeR^cX-Xvtz^5~u^A$xx~
z5YK*dkhYzL_R>?8b?JAzA}jY{>OKBPrQ7OvW9pS|>zD%#jne)9MK=zXM%QBB9oR%Y
zf5Xat(CL_5xMh1e4`)VxI=F=ykNy>thR1I>4(A)co=P^({giJ^JDg@tP&<cU&e;4z
z9rK6vhy0o+x|OiZs$E*pjn^?+9o|mee!_yd;GdY(;Gv}&MMu*koxevPd+6WF#`1fO
zjz=3u>i(cJ?s1tj&~meS<sM31qwmp==+<M%{N?9ja_IF$ihjJA84E7N{)j367i-v_
z`{@jpBr{rO@MkOY=CC#tM*s2*tvIeFQ)k9v(ZNW;uVXkpp|P0E`Dk)?c-FEimYvS0
z&ELaB&Nv>2`nW|_MfndMklMhu8GJ>w%1<8OL{l`R@wFbChR+i@c;ZV&|JJVZYap`Y
zRHj*aIm(`sE6Z=`cpTtGb*c!4A_;%?;&e}Z?5}=zWa8;`M(-qG)8hH4*)Hq}?|j#p
z*GMF?%1Ol!tCVIeKbsNR{MUF!f7Yv_Cu}S|Yb~1Z{pU26<I)*;!RqPD&VEgIon&_U
zu|X^(;Ep`^?<z+AWERub0Uw6Um}WdRGW}efT-VDX^J4jssb#!#{zK~2lE=}xQ!Igk
zsZ}%v==WyWYWwKIJ&aa1tnw;MC7d-9QyHs;Jq&BGyj0OuzNB`4Xm*Orh{XimVvWX{
zGU||7<!2wQ>BBRrZY_42?#V*Ey=>_ztj*Tb?g89R55p2w>@N9(0g(~MS}=MsH@2j~
zuq}l?Kdv<tchq4zBVVJ~w^-C>$+zjEB%UQOdbBYTdc{iUrv$c}mgcj{X~ZA$iKB_k
zj(%Wm(7kF&-gG%K+OZyciI%sPb(Rh{&et?HbD@Aps?WY=w6}ScpTpFpA9ot>ZcjEA
zyp&DFNsz&U3ytxbrTPjxGI47*YHd$JEHdn-odrBkOipGWF&fr7wovfSoV2@u!!J%{
zapIm-2FvBK8e^qtxx#XVyMexIgWR6{2Q9p{O%>%q@o_^|#AviDMsEOiHklUwsileb
z8Q2=8*W6X!Vm6g;8`6vcytXw>V10Cwdo4F;l~o|Q3Zhk6>{B|}1f|OL#v~kY`Ni|u
zEK%-N$YHkHg6z*>>*zIqOhW`*L9r#5-L6sZU@YG46$2Zw5Ti#zXvfzrI5y{W+EvUO
z)4|4U6U_|ADsuY?h-_MsswIk3`K%kGJKI-L84?4VvVM$8J3!?dmdfqT*jakDW6ZD(
zcwAUj9B#w%L|O~Bnb8NGV=D(PSHAg{rnO>q-~uHJEG#reIbEQ&#L_yd75j~*T#26D
z^|C5p*`83HFP64u%@{T97Mnp&NR+i<eHg4DRF#^l3~aa1@Iv+{jT{1XkM)QJcwORt
z7i+`lr=GE?c)duagBPj%=4Kv7xAmz43eXxKYeVzzV#!oG7&Z2ehdF7qm&MU~FZ;B7
zV_;2X`fGhizrPDzY*)OVK+emn=nILxes&upqd%*hB?CU6EfcdOEo!Qzh-pDqhn4RQ
zylK^u*?rc9(0y{-!}uN_$dW5eK)@FeC1Lh4qbml-mJG{i_y=K@N+;X1xK~QsqwlW2
z0+ki9bbi-?eMX0_jBQQ74=e93g*-!?>d3xgH0bKs%m-ZJaAyWJK68=smZhdo7xpu~
z*9o2ax1m*}Jz~sd>_bNLN5tkT5VARB64_#OH<rw}-x?-wTgsm8&JNIkWZh0DM#m}(
zx~Ov@&llT!uxv(iuZh(d^xB$8jZQkz8{@uBFO~tdmS?=yQv1*lUO-EGvkz%g26VqW
zu8MBISkQ+pVs!L|*q=jgn#^F}T>UWDN0;-o@N)J&_gmXGLh8<-saNqvGE6~-`myJ!
zcRKX97+*z^SCsZ=9W;9I<|;pj$?oROMByMg3v9e4_FdQ`CJ#pE=6=h3tuu>ZcJJd?
zpnL7fL@K}CS_R^xu|s*jwd3C=DVsK3#d7JsA#780zu}#zyK&1^Y!6+S7;6o}0WtAv
zc0VKM?XeXb4%=GL<f~Z|nm7zmhUrZ)5TLao9qOpnrAfnJ?&c0dADVYJI@P;YP4^kb
z+feCnwu4#@K$loDB}QS;<;GZR8;^FxO2MJg;Jd244PhtMe2Zm5(~70_`pUA;8jG?o
zAB~~C_@0=u2i-35>NPA`Bmey@CAECZH0TbPLAyI{A9tIv=2$-6{{+Tw=et>Lnx3ZD
zq1M;4_h{Nw<o!J>@4bejxeIT=eD=r~nZ~r(+_^)xG;)r>(8#%w)n&AQMr;l|ZgPx(
zseLya?&Y_x%48bQ!Vxe9rQ_K~ay)>vHdtxpjo^)F!%ggM%6l-TDS{raSaCCRFnadk
zD*6Lr|1Fr$XwM@tb|dJ)EN|M4iCCOCC$KY=JR50jw9=?O5^=8)6WI$?@6ni19`w4g
zsBkCoRC?LPlEmOiYzL=~b7Rx<2C1{3w-Ptrj_4yzd@Qymd@fsS32!0Frm#ZHhx3r+
zCNoLV;Z6jo=(+i^Me=#Xq`MgQg@cy&u-VGp`n%C}He8ENGG<{F^*$_t57~L9*m)1T
zfz#Z_tGo?kn@_%_veD?1W_(NbcC%UAoY#}&?{T#0e)RjG=}~Mk`+b0RPGy3|T#xj;
z*sZA8SP%N$W-p=V9$=|r`!v>o=QnGCN;UtOF<Xy6Y^&&02%u!+l@!kw88cB_j);R?
zg>SXWCHE+)_yM-7Fc>le$uin&{b{b!8y5W@WP`Y~g+d5>jLFnxHcK;R%}=5u53@fU
z1uF3nb)Jn)J%kU<JzJXbD631Z7T8THp2fEEkY#({w=#}7W=CPjT`kWo75alN(f(2C
zw**bU<pWF4lsRl&VaQWWPb-xkj~F(Wr7=fqm5^UN_87VmR{YZa|IkWo?>zQdVaQi4
zu{J6_L9uH-%)O(nLMY@FQy0SHjqZPZWF@xXNmSpQg{+>jYE?F!TEylQh62@+E>vmt
zi&r0KbD6`X5DL3R@e|V7#{P)xRv%ZSz0n=2-lKM}D(_per+NY|U$m#fGz8@42^aw4
ziN!37(O1v1Z0F}Hc@JDUPylj8ttG6v49B}@YzLm{_(BEpig8b23DLogO~_iv1A_Rj
z>V4=-l>)dvl$VPE-D(9(qY@qd`-&S8x?cDU7ImASV$JEo)7XsNWRIh#H!;}L_gK2o
zx^4okn1opfQiEv2^DM{tl`0WAZnoUQQ-o_Ni)WPjBFkyHM+FGj>Y^}X@0fDq=sRww
zHE}$ho?OO`Xl^$uWxAH>_*#VyiZ#nwV_7NTib|>8bbD0_La=f&4lhtCtr=bRD$90!
zqXLA*g6Ck2IW|`RYoF=(Rw0W~d**qTXD(D7MVZe1Dp@yXy`%?uLox0}mI6rF7}+D!
zaX<y}h|-r>5H8Id$n-&#q*vs<!txmnEk)NXQ%U-4O|2m7f?xw${}wvRH=km|v1kEL
zG2~D4-?lmn_8=p0%~zD*uS2i0RHHN;N2gYz+uZjVOQ%V%u{&t<8szJcDm6bM$Qd#u
zZKu#$%nHL+%9TN01i3t{!Ue3@dcOE&6>EpJXP8bc=b6qUDvXT0$auUAFN+zkvrdc-
zzm0@`P=P`K&3}?N5jiESBcm|_B|54CgvFv#Ialvm2h~3+B*FE;ZrG4iQU6V8gS;W?
z{~AodPb!F8Toqvr7%f|mZ2YW}^oZqev964E3!X@`R%l7iUsU2=giR1T6~VQvfYHtC
zd7`VjrT<lh$8L`dozl;%&|%76LWddf4vVKr>);u~vgFVkYpws*HC`VdM{`%BpA@fS
z(>Y?DWz#a9$5hJw7#RqaHWYd9U}VsiEvVV!DnP)NE~A<m;-PmL_SF0yD&B$KaYBWW
ztSp53tiYu>wVpW{jrs^Fom8PhFyt~oD6ZciEAH%WR9y9W>Xb@B*w(Bf0x3>zWIb6J
zK2X%W`>R{BKNYINE-_&<8_Xzf8*=?Wm89F2iKtShNZpE3whsi$(+gC0B~Gifc;t@5
zR^Eg%YI7GI+K!QRa$W-6|3SHdXz&5sOry4=tDaHm@fu_1<WT82J&v*)@>J33Ls|D9
z?m#L2QsI1NY|IMv3GtCM9NQ1_#J1Hd?QfM5zi9Lc#z}iDZKIVQbXD^+{!!rrwx;Fr
zyd+Am&C>+TC5Hb;pQG4kRmh;|ybW^$b^j6t{Z}O^qjiX;VGD6PYlw}Xub}!r6(B6m
z?SQjL?Z1ZPxf&(GFmZ{ZU2;q<{TXKBoxLo{$ye9p=Rh1ChYmleXHn)JY<8F)g!2Kt
zAsye%_R$-A;XK^5J;|Y|RCvVs&(X_i-x7p9p8hJyQA;Ha=kQBNw?}{|+B~6PwdRRa
z;eEC&8PyUQdocU8NA$W}OSqbrIw~!Gj2A?;#Qd+(GkMr&oI0H8j8`E7;G!U&CF*>`
z{EUhZp@|bz@`#L>(I7E*A0~tL;Xrvt!~SX+t*25W%~5&ODV|{cQmGW-!o@%Hx{vRx
zM;-RFG9C_5UJpz(^;L?(V(<aEHva4!Pav%)Pj)6L#6f1vlwl<C;X(9hgoHfCq`xwq
zb`?ar%!mbvKp9LlAU@jIi)ZF1t1t+vp>rAoe`-kjl5!We=zHvUI)AQDlMci1jQJj$
zD5tu?t6jQ;)i+&O1bQkZ1|g{cE$@vANKqx_75^Sa1uU+OCFcDa%W$Nsq<v!05$T0W
zTBp^+Jg(|Jtf5MQ^qLo~(o?K9%X<Mcrn5w^OXq)JJE`^wbf0t;JYWL>@oa{0{D@^+
zd$+GV6K-#{-jkuyB0J&c*Yz|p=O?+L?+#E-GRt&ksxTo;wQD#_7r*_Cr4M(9Xi-C!
z>Bv%H!lL7^(&#My6Xq#fA?b06*}t)L_;)^9T8tSyM<wirnKa`tCyxO`nWv#WR|W8h
zPA8-%?+MVx<|wE`B@7SA40(w6Ps*A8v0N>Y`m|<A4yOv`6HR`H!`9wgzGU-ws`raV
zD!g=k%z(%Pf3Q?W-cR*xM`INrAa?%A`Z7B3A4;FEk_?K0r`ZjdB+f&!iApjgPMwjC
z#nubxhfP(IVJircFIN05-Rm&p+0JGPfY$|p84_rJRswGEXo+pBJ0Z<g3J}}-m$hQ;
zeg5)3@2l>(wou_c((q#EUbH+1!%J7jA;$$OfY;ho&mipE*A~Wk*@1jv${vR9*-{0>
zR3!J#v)*pV^Wo&V%k%56?r*eGY4Hnem0tyXxxeD^SFf+uDtutA#xeVrc18F7XE;xC
zv{6Y1#dMvwXYDIoQjfp7ciUElm#ZgiYiH7!D_MeodxSQA>X@GBsy>Mqs<eb{O{~rF
zyAYA486iXfu`ixTpPt4xdHq_j^_AP?jx($o&8Wkt@Bk?MS7Q6XrBLm2iPrJ_S{4Q&
zJ8HKt@_{`nyjy&nz@@QCLBH{;BxQ)m+|+i}<++R=O6A!Op9<g=57*<cl5Nu==~qem
z#P0gMISU6X?0&HNzED7g_lv?Leix&88AvIpk_?FN?C1~SV7Y(d30C({+NtocIVs!=
ze7QU430Ch3?N#`YcrTU1oFb|oZLVN-bJ{_L2g8>Z4M(UR3yl;O4pj`oQ1wCBQK81~
z64$583J+COc&PeB+ew9Y3y|8<fv>2>Q1xo;tipRlY8LQ;3a{96kyjiq4?UTOtE@v$
z<-6+9b4)k44O<n@U#=@_5`PkFM3f&`qSPEd=y69}Q=VQg3aVEVDCD6<Iebi;@-0g4
zE{8Oz5fU^?>*s*4&Wi!FDwNN!A5F<#6D;hZw{!V8Dtmy}Y06urMded!ln+u52Oo_j
zqBU?N7=@(P0Er$Uy1vluveuS-)lKG+HJdHHCP>Bk9t!31fo<GwYee!tr#a2qwq@3c
zG|%tc)YfgyV^|PJ5!p2%Dh|TD;pBs8)RP=7^xivBl%pmT&RsPcm`U9l@qx7a6^Z$}
z9Mh-<jMwd>&5igqZGF~o;qDKjspQvy@Ru{p=*GrKr>rNh)11#MM>VYpRn8Qn^FXyh
z{hMwqzioFkx#l$iy&j|J#~h-3UTjRgP{+mFd>e%n)CdWhrw%9Gam_8`ucgr*KD>2#
z&#>)}f?L%D_Ic>VCj5FD)mL`D?&qWOZEBPcQJ^X0>lg4k&054avYCGhYZ5P~YSF*~
zKDbr17QVVM3Uk*43%HHv{!KS)fzI`lIXh8~@z#hjNmn=1@&2+a?0Y+!hQB8Hpqpkj
z=hxDhKQ+iV+z^!y)+isKv=;ojww~xf$le%5gla^T6RYUG7U<Utl4U}jjmB1;wXX>l
z3J{o3ne=^AKCrdNva3A4N4^E?SQE_RJ56fsiCTrtGopyjH6nsEz9qi~3=|gEoS%6)
zDqmECd?mYy>b2s7T6?2oXne0GR@S=K2n-UqNKRVW3PWhxd07psw-;ET?lpm8c}H}4
zYgFLt%{7_N-BD!EnvfMlBl=as`WHypM_)!^y=#P(lZfcCHhfT9uQf6ARePhrzBK_W
zs4&u{j-!@s(Qdw|q3yRXitbkvI)HPzmtmLreZXky2!_g;b|eZKP!q@^xlCyt^__XU
zAEJnXH6r{3>PjA+D@5-6QPaGj95%QnSjbCYq~y?(E@}P1PiV?#9gC)QMU5bnuW}dd
z=q;N%>ts~^s+#1(0RpL{IrVFeM9vMApgHBBp*4WO<e(uQjK@H<EL~1TlNnwkqMVmO
z7d+?}B|~LGfBzeWjjRdg@e+6z&4>p8TG(8#-IN==rPX^!)d&iZ!w2i~U4f3y_j<Yf
zn407(i56RZ7+X>Qmw#6;n$Xx9fhPUpej3$ACbXq>dn;qt)g%x8n8lf(!%g|1l&Jg5
zYkk<!0)Aq}kWFgBv;bd+v)^|9sr<3>^ftx!Mv!w!kk2)bZS&76PGP@jp1$VWq68wG
zq~3@V)X99i$>{w!)qPQLVMqA^<qZ0-9e<|slrrCG<pgJtU&GPkWWLM#Kgf#PaEjQ@
zcU%9*$=~(nsbBuN`2$YJHlp4|SX6cD#hcRRPW;-GsLigVSA0=%@bzsRdbRT}EnPU;
z_#VzM+WA-3|8XF3oq6Pt@3DTsdBK%95@_dNS2D6CTf8BaUB;g^DdT*vB^o7ur&i<z
zWT!IhXXbX}Jxnq<|E5yMdnTEi@2g;5r_=oIe2GcF=HJT9y6C1J{3(-A&G%RGqt{4o
zw4EO?(=?WyZA72-v5G$1<T~?%)|*{lO3HEuy)JhaoxS-ZmE>jqT}6hSbi6lTZgP-$
zne{8k#2HfOlP05>AF_T0^EZ#44p=F*p`sI5&At&2<9D_%?=308c7E8B1oL-ICFz%c
zZ~Y3=Zl0`|_H+o22bJ2vnOxhC_cDpR{D?`xJy6NM<v&=ka%yZ=Oxmt`;1W;DMB0xG
z;C)QaEI(?AgBF`k^^5sp$&I!1AFW@@*{&a^c&qQU{A5XhyxPWUw(|q|6OzVi=RaGo
zz(8$bz1rRZz02_rY$FJ(anyM*?`cv~`7fqqIl;6A?HkNrGg+qmS4#(Ikj-iL75qh$
z3(0@8eg&T~pEh2JUL;A4{FwDC=!iQ_CL%vBe=s?O@0-*?e!`R}XZp3Us^qn+`Qs+%
zkDrY8E|B;fR*uh&MvgZP<=070pPiqwQUDEaugSpUzgs_m+g57Q+V~&V4<MjzmfSNt
z|I_*bY_T^aQOwT&XZ-*!mz(O2;%icZ)z^`yEeTM#a;Z;$bePda$VG?I@H-@<i=Q#G
zxyPhiIlES0GzKh=N;n*FVOIA_jtcD#Az-s@ERPq*#&B%$$4}vQXLl9SV{2Q16gOPM
zL2;2FM{gC#CrYm6x3I?@c4uFeT)-BRRG1+Bc!c}Oc^$gJ`EmSB;2ix`xRChndY;CN
zZH<zhS11Ir#n{VYy{zbrf|uRMbHv0O`A`JWr|}%e5EaxT*iHNjM*rNWB|D2%l5%tJ
z(Dk6!JbN?$UFOL#R3#n|n{MF`N#c*6x=hnDox@eqI2<J@HTiVcQAytU9lV_}OA$aX
zx)s6K_=$X(T>B<FMk#b)qifGZ?glM+28wcnO45gj^x<|qg^IiB$zsH0j-$GL3zMDW
zRiJ<^5Cd9&8}G{6VYM9Hr72%GS56>fRLVjkIE91UXy)}+g{0qQYiE&n=H9{kGrGE;
zZg);p0X((=CV&9Qp*?q@KG7M{K%3-)5WR3yaX&rlqM$*{F!KAv*}FNywlZ^$+f-=<
zMX!4~C`HreV1P|gNrr8$sL#D1>wbJ62kBY@9Cs-I0k=q+%I71)KFL9H-lLNBf<wCK
zIYekqPU9_^p?9!5?pMkCMb8<$6*HO@*&WkVf<dujCNHuCA5aN~Mg0ePM`n!cVRt^H
z5X2copQJz)P|0*0mMD3M<9O`29?5wsjMwIpmw<@8M>ry_*!-|N=c?rW=-!Q9fg`aL
zokhHc`&=015-NP20u=%ue>PvnD7X~*7pNpXw#!YHkwt2Xe-r~r-nc=_U*K6Z_!G=`
zl1gR$cKihxbk{tPpG=Xg7ttM`e-9nATx2>eU4{goR3+$xeFLqjEA^kp>xj=DliT}$
zFUOI=jXWVW%2kZ%z&I$>c|M<O$vB@<X%5+XNX?B!&O$y3;kwJ9w1YjN;l)Z3SiiE8
zTUEA*uZGbatS8dh!8n)^egSutBxPR`=&{l;Nm&G7WBO+fYN7M{sD)FH<D|j(C-`X!
zy?~_WHoH`L!aniXlN@IXcD#t1dO=Yh1l9XVE?0LdUBVN^GLoiUq8u-&P$7}`6q=rU
z{q*@d9DW?${SpNMgA>CH_kFaY$O_~?XS&sj*4-Xd@)U1DDbIl*HMi=EZ=T_!<?fr^
z`C83+kc7_`CROadrMwZNA+I6Nt5xzo@!2xomKpUY+l^L}E>Uf6cR)0ImS4u`w`DjP
zz5Sj`%7nz?6*2@NWt?v*5`=RRpcQYi9C7+Nn0_jI6YbS<-lZza<FSQIs@X#?@ZLBV
zey`nVv+R<BKAX?vls)q@R!g#T6FPSqwOa)T=+w(RAb-oG4KMM<#!u7ijt#2(1;osk
zIgTVt!A&Z`kU0Me$E6kP9<)0@Pzb`UXemi)1)}6Np3Ep=3)<up6~H4-uEZo`N*Wh_
zzf^^LePZHjehntF9k2;cb9PCgfVl8Fs?HMXWM`MEJlsIiPu|hdnGTe4yZEGp4+kaj
z0}ymV^OKx=75T)OgRUl0EM0@9G=lT(j(sY5kEj>n(@jBI>bqoauxR#FlI!T|wLC){
ze~UL})bSH^{lhBt0c59=mj~$Gj5>dYXxmX0Dg>|6ytt$7NIjb#7$;rJP1qD%u#O)x
zW;|i1wi7RzQ+O1ED}Xtav>FSud)|e;ZuS$rgoJnbSk~QN9<_1D{;L|%;+P_LI4*X%
znTWi0gkIjjn~JmR`4DD|T4HyePyv0mt1Ey4z!xpd?<!0H78VzdIK|VOV8s{jL52UR
zk`LKBS@OfSAkZx3seh+SO(kxeQY+gkP4A3-P<lb36t}sIlw85?^vH)id+mq(5ga=5
z(wOaNl7(IQrFt+95Ep@2hkGO>F>wAT+#xP}B;&^iw%}mN$nKX01#DMUfCNBmkdB`&
zY=w*cmnwfDTL8FBa%_i<&J$WKQSupY#*Eij*y*!&mrM&cV|gS-0E7FJAnA;M-P#1Q
znKuyPj6mhQi@2MulbJPnGYR$I#T_(stcK!m;Vq1$B}tTZi{8q*f28M5>>Kr2ZKtJu
zE}gQ^c4dVs0adF(;;its1J(JDDXLrrY}Y_l8p-=gXwH|I?C<-Wmol6nqS76xwR9CY
zWb0D_769MLXvHD)mj?YWnQt(j+nMt6@)Xf`5AVl}m22!yyCMxldS%O47p@R6S>oK+
z(vOwEEEUj)Ra2L3EM@T>dXl*J8@ZsEegsC^p#lZO8~fx0R<uvEJMvYMa0~YHdRRsN
zh`!%SAqn3oOk=0&xwK%qp0M~J?8uS>+=o*qE-Kv%+EE)7*aNzW34WqII!lM|_+eVN
zm)V^j6-b&}&@|hM`^tDz+|9Dx?(nJPK^i*5bKpIfVV-ZNl7wBwttGi4_&x8%jHkY`
zJ37}a?g72@^&|WSX57Ee?(Cux^xAwTPjl2!-kBN8589nQRN{Wy5R+bc{6}5_LZ*j0
zA4Om7t%3w$PQb_{KyZTk7imd~^KpKy|4}W$(N%>Ei<!UjE75zpqNR%!l5RInaZ387
z$T}wdw9C5#Fjxif!Zug%HO1`XSkqC~5m0x7CP&kGr3&nqJ15aAM&b$JEJ|hQBo~hG
za>nQ4C$Z(Ra5;SN%_n$$s&|UNX_TC>JFZsg4T|HZ<O1-(A9m+3m0%bKP_jP9{=viW
z`6NqpltSL)#y%1#pS1r)93D*S1{?7ApF9&(?_Suw7^6aZMbT+^>j>#4JFim-`Z4Go
ze`Bkp_%E)DV`n%{V$bOV^*5+cL6P$}yhBTJyh<`Gp8kj9oF?ME$<A98k_bpNk&MoK
z;rLgY9t3>j=)y@Y!8t*N^4fwD)rS82kJl6P|HHDGn$^;>os(23Ki0sK{+WATu7R`r
z!OGpPk`Ia*7dXxhork3JPL*WX*4CtVzI|RpsSz8tJMLD<``ls#*U+Sh3frC2RFYn}
z875nEy{6sFsNe&v7OzglIh7eIlpm`si6WrV#N1jM`0xk}+a33+P&kKJTf?5si^VAK
zgDT0etvz<*vF*J-9(VWjjmIScBkE|l@8P57FuD&bpdj?MHlYI0mQlbg6~K$}D=*Oy
z0~0m4^SxUmh50IgA4?9C3|dxKYsRQgBh>Li6(ET1F$o|5QfYJp{551M=AT*hwZ<%r
zC5$A#V09S{MOSXm%~5F$i^B~xtO^nLwmTnJNa9#zJKFsx_RkL{YuRF?UBeL##ILcT
zp+b3WJx!DV>fR_|i3;Gy4hWLT6u4spN9z&iwmY9z0fN{ClmK}tM_W1uE}>Z7P`f$`
zU9N(LZGEh3HtKKH;lpHT_n{&Rkl+dh3L9IUVo=#x8rFdl<#=9&!o|gl^yc(iuI3Pj
zvbELNg9y{k)|lyDQo;O~RODqIv^iUIig<^1Iis&zBa5%7P(fQUO>?mp;`KZY8(l?l
z*h+m(1qdS<le)XCk#-An`>NAWS1G_C-t{xV1aM<&&;-k@(StCem*;DpneQT9B`RHB
zn+)=j{Q?GSep3xsJQQ7xasHMH<CinFr2RhDOv6mQpe{<gu4aH2J1`y0>pD!@FD)%V
zlVrBgU~Th<A+2{+P@io`B~$?V3Zr*x;k-?gVLZwCo(dYkhN$EW3u=XWk@N<;bF&H%
zvK2{yQ#5O%jbwB$?#p&;RRD0G!<x3*r>KDhoLsBkgdeJq9(0&ReX!-T+odgK^j#uK
zBpJodPgE!$jGjahP}$<3M{A3n$l<8M&s8Y7hOOigkMg0zNp^(Y`K1aK!lJVRML;#C
zLjj~ZETBCCPILLOH{8@*ZSnq@LMyhqu$Q63*%D!#`0g8mDV59)yK{#M<*{`(Q39yz
zqkykf0J*Je-Uu@7fSxB7wwERY+zz|r8x;z-Ky`$nFeRM_RFZOY7gvBZ5lNlp{JUWk
zN^nR4fJ4)g{yVDY(d#LCqS#ZU;XJ})L(m4ls8C*8H<R{ED}L3J>ClY~Hzi%BW#Ymb
ztr%<b0NvkA&vgE#QUUL#nhKH8O-|=vpxB+?tDv|N*vj+IXRuZHY<KObmF1%<kc`Hd
z1)Y<w*A-<wH1NA+LGzC*P`J;xhqOXndTWhDpI+L77*fr3yW^A!gF{BWrMCo@i`~KA
zsB!ba>+{p}-}QEs)L%=clb6HztnRB3M$Q<xhP70{Fh=Rj-}R7$B6!>%I~%+EX~W>b
zwt>m}Tai1{p)v0+S@1UwChcmh*AkBm(2^Ooo(rpTRt5DE808H~0>#N<t-ghE{-?tD
zZH3lVDJJTQL0WzkbwPy++WeI$n%G3IFAfaWaQBqVq%%%YH8|7Yk@uTq(XRh=Y=8{W
zYKsY1YKVy6`#7NS3Md?#PBG9^S82)O+z_q31<kLkf_iOjWj`_RK$(8E^s4(UMsf{R
zm=L_ufvgsye#0~z5XL@A)N#9rww|F-gWCue4A(lc!i!KzDwIc@9iing_eD(mWEDzY
zf&AYHEt>+{G4i&rKscm$q}Ga3W@Ce`)pPi7=}4^w<&M_cU934rr8$7@lsDpPH5YG;
z*7~3_Do$=(#KCu{)P#g<tQKVMi%^XfDAartI)1H|N7Jv>>d?k(v<rn7QTLmu6nMmM
zfFs%Jg#Q*Ql-$c&c)gY<hK|$X(16t^td=TpK+FdeNmfS{RoM}BmtVf)ce#B5EY@>P
z(#NtJwRk#rgH~n{MY^ak9;`zp#bnBOoQUr{UK&o5UD87Z^5QB7`8kwVp1(<xbdj8%
z3Td(PW*9F><zKFl^7w5{%|Ujn)|6)4s+~4jA_G;306ueI-i@+pf_B0pd<;^_2g~JG
zPtxKSPttxhG5J@iFd<up%+=<}S_ajbsU<Bwft~E>w`sL##AI!aN#e*Ep->>&-KND`
z%!8ck6mm4_cI{8e*~l5El3F-L`@@vFNg*Xl?vM_$WL7wCR>*n1wB`=YNsha;e@y9|
zu?lI?^=@gSO%BB*g`C$fp1nufNRvZxhe|R4g9Dlab_VW4hjrYi9Wbd5_o^^KYH`2z
zqserbu96Fh4pTMUk1r_^GgN|M!`&u>7EIH=HOUSSD`XL8Yi!JD+fab(0M+0|IA*KF
z-DH12Yq)r(cEqA9JgO4*Na5ct!G$V8uW&u6ffghQ1CB*1NgqM7DNTP^t0UffNW;FG
ziFsUw@tYWt^oW*di8~FIcmNafqKCA6F<}-gv#CFSxe5@pN%Ap1)X_-%Gg||Z!;I!X
zr-Fopdyct!ka7Q&D#<Wyo2wl+L+H1RNywC>hpHwLu|k&|&mHDzE|EPC)=mmL-cTs@
zyTzFK(s4GU?%9j1z*jZ3@-rxh7GfiJ(n3%(KVG2yVur2Psq}iqcMIW~nS$$8f<EDR
z94@C6G>*Mx#h0t4@5k3CK$JAJZ_QY>bBju!ylO>$#)6hUp?zt|Z&k_Tett{-ro|}S
z#wWF7RzQ6Jj!V`BOr|A%a<R78QvZ=ky}Yx|%nsyh(|{$gtqqrGCoSZs3MB4h&$Eyh
zR`GZmIu(0mH#~*)f*IKVOoeot_2qg72`+hB`^qX$-Cr(M9>hVT#Xs>3iogCD?Vu&T
z{LCfA<=iMg-66`BYIUuMzjK!=FFtwT763Z2Tx&pGmTP~QGy%sKDv)1{eHPm$GSu(<
zQY9FGi!ML>LGL{WkN4*la0^Y)w<-{B@sly@6e@iIyF7!QN4GMg{`*xRc{_SJD2b-O
zp#5!vXn80awy)Y}1M=W`IZGe~W&q_j6Dd<9f&gxd3Q#I2C7MnptF@$8TE47V%mf<Q
z`;y6FKhGhNxpdbn+D|5*U{1eFOUg@fOv#h4Vp>99Orj57)qXcIw+_EFMqcF$jDt3<
zgp--L64SJ#EZjQw(&Cb^3Go71>?GO{kxRrE(fUQJu;N>`N_$J97vB&ilT@v^pkGX1
zjooK6ftIr`oj}0mm5hKqD%#8wM58yb?Pbyk&Z;UGwi$8TCN#Aa6ULh*(s7YA0lK$C
zG&Wo<BOyy(G*}~-izcJse=7aq=<Po@ya^*MgYUK~%fzbM;kP$KZscc6;^<fewYu<j
ztFC@C`2<d;0=r|tMQ>|$USV&egGe5N<Fq1+A&)3ri`apgyV|M*yyhiB=1oSmY1%qu
zZ<El@NeX~7PKCo=ZL(ArYhcGaz|C%r(AtP^;8z|J=$__p?Qg`myJZdha+7+{dYx9E
z7QCa~FZJi9s`OLwMlH`6vn+vLe;2Jd{#|K=WQ5<5rh)}%;6}|MabnwgxxZnO0w(pn
zWW$Gownk=vUw-0*TpQrIBDC+Qr%C`fW^dHMJcS@l7!u{CRBQ1tZQ7(AH$(n(`Or%y
zjmSKfq4-P*6>h=c{CBf<*bMwTa}<e(-Q}RsTLEgdRXbpU=+uZyW(2`$|NF3ck|*GB
zsuX*v;|JP)Q;>F!y0kJM_4rWx(Nfk#rOZ#mKGME3xdQo3Re}Lqnsj2G`xs%O86Rt(
zSdeBaNYH|;`2>)KpJ*Rjkmf1~j*iJxHh&7pv!808T96hh2+rzD$mgE{Qu>+pp$Tym
z)C>vY7R?v7VMdh%2}fI%pquh`;j2!cZP!ki?1(~@u*VYSJGGOhuuCP3ixzjm)=5F9
zUnS_X70B<u(8k>`L}xDGuNIGJ_QhXd%VhIz?GwqZa0XNg5b8D+WPX9+UG_N^xe^jo
zL2y}_gb3%C8a~M*#X~A_T$pI4FzGApKU2EBN;+g~WJ*u?8g^*&9_^S3>7asy;og{E
zt8pgj@l@6Tw(Go(`?hcWM$4iOd$si@aipU{1&-NARU{=t#pT~<|1&Y&R2XT`<>g!p
z_sLnQf(7F2sRDT{5V`ha)OSB(%^r3-c?egd=Iz&ZR_bx|QR(qg$sw5HTMwX?+8w}n
zmn;!SUlqh>LCzlp<eG!9B_`x@6~u2roMnJK`kl7Ng7i~C0uquzWo23%tt!*LHX*tF
zRS<gPkao_La}HF=;iFg<Qw86;iKq9z*Xk_(UOOw9D7iyaIBI?bV-7qN$8d!hK9$kv
zm$b)!s70fG(0;bqBqLPvo^tsGN8u-$?31x7d7R<>Q9EU^L#|N?`lMhQ<^GIXKlYRM
zjR|p%Q$hUr5a{PW!8<<i3s!ule|YO!Oy6b4prg+(+96BFO)4Go_OHpOQ)t4k=o^(p
zlgTPf5C@jz=UJ%m82U42_9WW)CvvdyH?7p-g-lVw<*m86_A7(d9@Boacp>+x<ioV<
zIJ$~S)wo|F=ygfKOe#K!;%A?PF_#eMOcg{<$lz??!0IV9za(np&sNFf$|pIoocbM0
zyjy?Qc9=wl+_@?U&69OA;}0~4WL-EOQwjTM{-4@ei=JVq1pOe*gNBexyH8^>GTZ+C
zIcWP8XW+OOCu8lJlnP(1?6g*odYwkwO74VXu}Wn?6raHszr}%gMkN`<J-=WH<cR}+
zX?3C;hNUV%2-GAApi>#hROho=J<<Ok%@-vyyr6=HMd?`?9g!@A{M8CcY>MT{wvk`w
zpf}FJw08Ut?v9M-J6>1e++yH4xua-GmZ~H@wEDbu#u8kk67-7Q7i6?caswQ1sw90P
ziRsvVGFb#~t0aSR*vRjMjN<w+OMb0NUfz6#aDE0A>v{vrx!;K|xKe{!GGZlv`*jLt
z|9xHXxrMsA{;0)9*q~5}O{-=mLx5V>f-OFw>t{`tfODe?gc;KUO|K15m)iOTi(2r$
z3Iq;nXK-xrRgc=VI}V?Lcrs4^-3<0SK2qVl7A`4XuTT5y=*KO7z)lqe&QwLDKaox*
z=ygPs1RayRNfOwlf=UByk_0v<B3Suoq7Jg2iQ1+@$*oEgRoo6M?RNF_de-<|I18<_
zGEq;boned;yePBC0bi-K1rb`8v3_xDeI0~0Gt9qF1qg{X4fL=TwRe20k_;0hn~6?#
z-5wP`s1OghXlk;4(hPSyzEcUh#nUM|zGY-G0De?SN(M77KFg%$X=qC`X8)5)US6<g
z%8zV_F(Tz1M^y4YaaX$D%gTx4gi6v+$20Vwt!Vr2D!~AaaiR&cvh;&y969$7l{AfZ
z>hPPg(ZkE<QP^;&o^1U#JzHOHh0Om{X$e_rF3W+Mn{xDTEC{a>*sHR{4F<wuQm!ny
z4COmCg(R*!fn;luoTtlMt)=+?6nO#nALako%E4)sAnsm~6}6&~{;MhNJfo79Uk?JI
zAWeWv0Oq_Ip+Bbr_-t)VfQ;*Biw;fX;4sMt397>S#f+vpKEx*D>W+FU$pF3COh0&W
z{5eGhlKYwXFi69geI$5Jb}DX(`&tuP=&!pkim#`t^o7dxttdd#*DBEWT^yjVuTl^e
zb&)hHyeL4QsX*cIL627Y>B5V`-&rb<o5r`k6ev#x^58-s{piJUa;FO970<TSQxWQ}
z9w%?ALiy-$p?=hNQKY+>3WR%$q|edLtve~xt)ILYes2|c#kn58D}c84*t$qKh(C?R
zNRPgQ)%W=-xn;N@EUA^A>FBFc5fl@A`m+GK@gXRS+Tq4=(~e)`Cf(KwpxYw`2K2@p
zKwQmj0bSvs`7IG=D-|$k8zdw30+&G?V)cA(PsQ;e*WxKW%UP%Z;{@jbc^^TBsNY`y
z`J!B#_ZhTR;e#MVnz44=$dD#(>ZtFPO5EjlI-)FOpMmRC+bERaLS0LVfRZy3k1yaw
zs}7ecn0Sv0AG8gtxCtPUUb;;8)1l6=<8z<Va~9vu6O5$1Bx+ftgH?Q)e$_<@;GTd?
zr%RClzAt>ac_o6tJqlm3o>dE2k=5#lwcIL|v3X9X&OP-4$~&%SfTN~AZRW7D6@&67
zgG^^op$^9oN6SOoO~ntr^fcLtDlfsuh0Ep#HGC?(qzucW^kQ&d{iIC4O79(BinC2#
z1s=h$J{BHF@wZ)+e-j^2;e%HGTZ+8{^tv+tp~}(Yw(=iV;Bg|aedPgTGuS$1h@LB^
z57H+fH=fE4>GQ~sR5(H^WkKP-!YqZS;`(j3&u8M=DR2l96b;c=%k)4YjCNqZoBEgF
z>e}`yU{JWO*3)INV+L=~D4d_^?5M!uJIB|`aFO}Vdl4C?XY%eo4;XFbX;+?Zt==~~
zsMH2U(n$Rq^m9+e)x>Vx>{g+*8pXDI&AP%csg;Kk#o*D%Vtt?2Rer;>8}5ueo9O7Q
z(h(G;WA&E2uFqf59v<^!6wWRR7}|WK8B!@fb($kaUZ)?FowKq#z&@ELN{dvAg4GnI
z(|{ZG7UIzLRwt>rde)5#?4&kFCxteThftc1qV;(FAK6u^pyerAXIB+EXd6);Co+$o
zW>D}}y#+3;f$jMIW_^upwOEzqt#;8-(#sU7z#<Q;l8S@G1Wc*YLJ=%fj`@iYF=K*$
zqqK&xowmmGx~b9&#`F?-bTwn~Z75Xzb12lRNhnnP*rpF)Z%+1^UJ8x)eBO%N^f=ks
zD*B8&=%bT+apa<h3K#@gTb?ytdx!p!>?^T_qZywA-ctdGAs#5>P_1a!U3!5SbC>=c
zlz1yAv|z}}Lm!orAP&km+Rs6)zDHjx@%Y|qbo9a5lfHzrw*n7q+}Xs_zxS2TD{Jr5
z$6Zt$(<|wx(i9Y<r<#6H)q0SJT^*MzfI)n|aJo6zs^;AU7OQ|kv1q2AAR8{W(8k#9
znT`PpoV=uXrrt)>eMtXSmNRyUo8bN`Fiz?LOk)n=AmhkK^e?K{l+@rHsL%jY+?{qG
z;@M*1Z2eu?WL27c`L}2?zX~6;jgk|1zKG1x8_Jm=SYadaO#?ZBI|kQ?$LU<`VJyJ1
zFg#EHAL~|i`mX3Y)k&j+R0_qU1$r*;=JQq_M-NwI=_0TECWR`u*u6;af-?Dh<xY(U
zpUN~(KV7B51#LqsPsNHUPw0uVTU2^BaF6BZPn<&(O5ouRw3Of=ZzA1Kx?g0H{uU~!
zil*{Py67V<SE`hYq^I;IGE=dYWS(GlT%o{uLF#)-4~f!e^wYAh_$w+FSJ#^7pRZP-
zgSOsu@)Y_?{pI>riLa9Sf3ixhRp4=j$6)JtW1AKFzrgz{`l`nhw7#D)Oob2It|&kJ
zTbEkDp!=wQDJ=ED=PhFwE;m;AaEkdQ80S!hHaHfhHi4tWW@S{~#17|Qen`eSLIn?F
z1%qS4x%BBPXxbZJ(Mx5GRNgA@^3r`8tkrOZl7LT)c+K>Cy;U-A0!ONV_=4an{Wn>M
zu8LCQy53VKF+Yt`0E0fU@pb)AGpiMY!WFc>(lS~FMCDswX{leT|1R-WaxA~t;vB2M
zqjvjRhjoX)sqZo~UXi{#OaoFe!HrSj!#M6&er(r4_15Y+V)I-2GO4NZi#hnRuhitY
zMxhC}Jw3Npzi?3%$nUo}u2TWS;)iwm->iGpW{!^Fi@(Zpea*VuE}w9&*MET*QziH1
zx-L3RJ5Hr5jMJ`F&gjO8=^OM{kWqN$<tp*@VQVVC_^9rU3gx)2ee4H%YZ6-#R3ESz
zzQyiM`aY)nd|n@AZ`1Rg<5lReZG;sf!dce_(iD5k{do`Q-t%;9Yuuo~dwc?^Hv_P$
zAJFkUy4%evVAwX!Jc~*=i|Q0<AM42+dG-fsGw1ovTNF^_&}T(haIiCl8hi#y!97D@
zY&zpmu=wRuy{&Au%CCLEtVJu<SN+2#lT^usG0T{TAMe?w*OFC(#bmjn5S_y3t(_AT
zcqBX0I;Z)=4opzUQsoyl5TS``y6DR;6ICk9vm{SeCW;Ze^*`kBiq&i7>sEyl*i|cE
zg!7|_L4KvT6#x4Iz6llx6$90cC|ylCoT5@5wv9Ez9E2l{iL`AGOz+iuus2fA=K~e1
zTqO-Wt7kcGQz(MvowOHgyY5vT{0a@#U6#ozU15T*jw1V8tgO%uF&U{CeHWb%y<MRY
zA7Qad`3g#TQQwzeq;cM<f`@Hm%yXH9bD4GNnKIo=H_yXF*||(#hYVKPV<|83Mc=Hs
zLy-cEd1VSo6n{i76e|wv+ofrY^$BWJK0~D(q242U?V6hAqVLk&rO*XifA*;9YgC=C
zTvwwG?@<B6xQ$SLYeybBO`;1w>#pds@MoPcC}MU5uq-qWpx#}xI((Wgs!l-Nafz>3
z-gyFH6YscBg%69*kLgDNtZD~c>G01VPyk`Raq80}TAwt{uOFAXMF$BYGz&6-o~c5I
z1<+x1!K&pofzuU0?ERq)b4BL=us7VZD!MWQ)%J6ysT9gXsO2X~Q|bH}Ty%BlSM=$X
zXY{!;h1mM6F@>p$6kztdnkfhz9(`L5lM0pi%u9_b?^mgmH$9YRI)&2y)0@eyjCQnn
zfabRTJEKmm`gG^N`al2Q^d3~Chbdu*d8Sn0IO-p)PYv~6Jsk3oLM8SUu8^S#dDfJ0
z)-*}9y@2I)4QBJAFEKr$QXQm8TCG-8cQ|-D-|<>mVkxV&P^!j0LU|{xa9S=3h&`-O
z9l$PtR!e5H%6hz9>qWX|t8`&wpjNHDHRh}OZQHXHy0AO3I<D3(*7nk!t9l@f+00Kc
zjiru<3o>X+e67Jb<`<R{&?0v)J@P%bA?zd>uJSWY^-6>*q1JH58<dE7iM5`o&Fv+k
zWpb^xjd@DRtnYob@YKc=ho=sncsvPs67kf<Qx8vlJPq(9;j!aM#*>046;B$ThIrEP
zWZ=oflZ7W6PY#}3@x9OSk%y<2%vyPa15ch<d4sb@Do-yFf86KH3-Qbnk@A-FWu9Yx
zh3JxnaFmEWYn?+Ac%u?>ZE+6c`6c49EzTo}ylIJ;yu<lUJa1k?t@k=V=LIF=!d_?B
zeBP==bo<wNIDxk*5zT8iS~)t${1(n7^}9>N@o|lQxtx1T#5Zp?Y9Gh_B_i$JMjCFb
zD-l`i8#Ug;LnWfq!p5Jx$=jERI$iVMZpS;8h)q-Tea(315^?&4{K?PpqLNuRc5i~G
zDV}C{n&W99ZtPyr<ssg+M6CL>pqI|OLwrZUPR@Ilh!1xc9MO3160!2Df)$MSEfJT0
zT~L_7`<2ktLj~{h0VNbZTrijqED`e$7o3UXgG<CCzZ5Lu{E8CFJXSD)UsXbn9xHg8
z4=oWz#|z$0<iktEUw;=oRXfN0ZpJ0cJE}yizEDt@$j6k-I+)NBPb)mF@wCCy7Ed7_
z7alhr4<0WbA09uR0G=S85S}oecH&?{`@;@Cwq(}kg7$bih|L8ZFI&Q|D-rtEj!pUh
E0SSMMv;Y7A

diff --git a/src/etools_datamart/apps/multitenant/postgresql/tenant.sql b/src/etools_datamart/apps/multitenant/postgresql/tenant.sql
index 5cfc76599..122218f36 100644
--- a/src/etools_datamart/apps/multitenant/postgresql/tenant.sql
+++ b/src/etools_datamart/apps/multitenant/postgresql/tenant.sql
@@ -2,7 +2,7 @@
 -- PostgreSQL database dump
 --
 
--- Dumped from database version 10.5 (Debian 10.5-2.pgdg90+1)
+-- Dumped from database version 9.6.10
 -- Dumped by pg_dump version 10.4
 
 SET statement_timeout = 0;
diff --git a/src/etools_datamart/celery.py b/src/etools_datamart/celery.py
index d512a4eb4..2fc6f2f1d 100644
--- a/src/etools_datamart/celery.py
+++ b/src/etools_datamart/celery.py
@@ -2,9 +2,14 @@
 from time import time
 
 from celery import Celery
+from celery.contrib.abortable import AbortableTask
 from celery.signals import task_postrun, task_prerun
-from celery.task import Task
 from django.apps import apps
+# app.autodiscover_tasks(lambda: [n.name for n in apps.get_app_configs()],
+#                        related_name='tasks')
+# app.autodiscover_tasks(lambda: [n.name for n in apps.get_app_configs()],
+#                        related_name='etl')
+from kombu import Exchange, Queue
 from kombu.serialization import register
 
 from etools_datamart.apps.etl.results import etl_dumps, etl_loads
@@ -12,7 +17,7 @@
 os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'etools_datamart.config.settings')
 
 
-class ETLTask(Task):
+class ETLTask(AbortableTask):
     abstract = True
     linked_model = None
 
@@ -59,12 +64,20 @@ def get_all_etls(self):
 app.config_from_object('django.conf:settings', namespace='CELERY')
 # app.autodiscover_tasks()
 app.autodiscover_tasks(lambda: [n.name for n in apps.get_app_configs()])
-# app.autodiscover_tasks(lambda: [n.name for n in apps.get_app_configs()],
-#                        related_name='tasks')
-# app.autodiscover_tasks(lambda: [n.name for n in apps.get_app_configs()],
-#                        related_name='etl')
 
 app.timers = {}
+app.conf.task_queues = (
+    Queue('default', Exchange('default'), routing_key='default'),
+    Queue('etl', Exchange('etl'), routing_key='etl.#'),
+    Queue('mail', Exchange('mail'), routing_key='mail.#'),
+    Queue('subscription', Exchange('subscription'), routing_key='subscription.#'),
+)
+app.conf.task_default_queue = 'default'
+app.conf.task_default_exchange_type = 'direct'
+app.conf.task_default_routing_key = 'default'
+app.conf.task_routes = {'etools_datamart.apps.etl.tasks.etl.*': {'queue': 'etl'}}
+app.conf.task_routes = {'send_queued_mail': {'queue': 'mail'}}
+app.conf.task_routes = {'etools_datamart.apps.etl.subscriptions.tasks.*': {'queue': 'subscription'}}
 
 
 @task_prerun.connect
@@ -76,7 +89,6 @@ def task_prerun_handler(signal, sender, task_id, task, args, kwargs, **kw):
     from django.contrib.contenttypes.models import ContentType
     from etools_datamart.apps.etl.models import EtlTask
     from django.utils import timezone
-
     defs = {'status': 'RUNNING',
             'last_run': timezone.now()}
     EtlTask.objects.update_or_create(task=task.name,
@@ -89,16 +101,24 @@ def task_prerun_handler(signal, sender, task_id, task, args, kwargs, **kw):
          content_type='application/x-myjson', content_encoding='utf-8')
 
 
+# @task_success.connect
+# def task_success_handler(signal, sender, result, **kw):
+#     # TODO: remove me
+#     print(22222222222, sender)
+#     print(22222222222, result)
+#
+#
+# @task_failure.connect
+# def task_failure_handler(signal, sender, task_id, exception, args, kwargs, tarceback, einfo, **kw):
+#     # TODO: remove me
+#     print(33333333333)
+
+
 @task_postrun.connect
 def task_postrun_handler(signal, sender, task_id, task, args, kwargs, retval, state, **kw):
     from django.utils import timezone
     from etools_datamart.apps.subscriptions.models import Subscription
     from etools_datamart.apps.etl.models import EtlTask
-
-    # from unicef_rest_framework.models import Service
-    if state != 'SUCCESS':
-        EtlTask.objects.filter(task=task.name).update(status=state)
-
     if not hasattr(sender, 'linked_model'):
         return
     try:
@@ -123,5 +143,4 @@ def task_postrun_handler(signal, sender, task_id, task, args, kwargs, retval, st
         defs['last_failure'] = timezone.now()
 
     EtlTask.objects.update_or_create(task=task.name, defaults=defs)
-    # Service.objects.invalidate_cache()
     app.timers[task.name] = cost
diff --git a/src/etools_datamart/config/settings.py b/src/etools_datamart/config/settings.py
index 72486cebd..401c329e3 100644
--- a/src/etools_datamart/config/settings.py
+++ b/src/etools_datamart/config/settings.py
@@ -189,6 +189,7 @@
 
 CACHES = {
     'default': env.cache(),
+    'lock': env.cache('LOCK_CACHE_URL'),
     'api': env.cache('API_CACHE_URL'),
     'dbtemplates': env.cache('TEMPLATE_CACHE_URL')
 }
diff --git a/src/unicef_rest_framework/models/service.py b/src/unicef_rest_framework/models/service.py
index ee4b0fdde..aa66f1f30 100644
--- a/src/unicef_rest_framework/models/service.py
+++ b/src/unicef_rest_framework/models/service.py
@@ -3,7 +3,6 @@
 import logging
 
 from django.contrib.contenttypes.models import ContentType
-from django.core.exceptions import ValidationError
 from django.db import models
 from django.db.models import F
 from django.urls import reverse
@@ -68,7 +67,7 @@ def load_services(self):
         for service in self.model.objects.all():
             try:
                 assert service.viewset
-            except ValidationError:
+            except AssertionError:
                 service.delete()
                 deleted += 1
 
diff --git a/src/unicef_rest_framework/renderers/csv.py b/src/unicef_rest_framework/renderers/csv.py
index 33b389775..973db4126 100644
--- a/src/unicef_rest_framework/renderers/csv.py
+++ b/src/unicef_rest_framework/renderers/csv.py
@@ -13,8 +13,9 @@ def render(self, data, media_type=None, renderer_context=None, writer_opts=None)
         if response.status_code != 200:
             return ''
         try:
-            data = dict(data)['results']
-            return super().render(data, media_type, renderer_context or {}, writer_opts)
+            if data and 'results' in data:
+                data = dict(data)['results']
+            return super().render(data, media_type, renderer_context, writer_opts)
         except Exception as e:
             process_exception(e)
             logger.exception(e)
diff --git a/src/unicef_rest_framework/renderers/html.py b/src/unicef_rest_framework/renderers/html.py
index b5d72caa7..dde24133c 100644
--- a/src/unicef_rest_framework/renderers/html.py
+++ b/src/unicef_rest_framework/renderers/html.py
@@ -12,7 +12,7 @@ def labelize(v):
 
 
 class HTMLRenderer(BaseRenderer):
-    media_type = 'text/html'
+    media_type = 'text/xhtml'
     format = 'xhtml'
     charset = 'utf-8'
     render_style = 'text'
@@ -31,11 +31,13 @@ def render(self, data, accepted_media_type=None, renderer_context=None):
             model = renderer_context['view'].queryset.model
             opts = model._meta
             template = self.get_template(opts)
-            if data['results']:
+            if data and 'results' in data:
+                data = data['results']
+            if data:
                 c = {'data': data,
                      'model': model,
                      'opts': opts,
-                     'headers': [labelize(v) for v in data['results'][0].keys()]}
+                     'headers': [labelize(v) for v in data[0].keys()]}
             else:
                 c = {'data': {},
                      'model': model,
@@ -45,4 +47,4 @@ def render(self, data, accepted_media_type=None, renderer_context=None):
         except Exception as e:
             process_exception(e)
             logger.exception(e)
-            raise Exception('Error processing request')
+            raise Exception('Error processing request') from e
diff --git a/src/unicef_rest_framework/renderers/pdf.py b/src/unicef_rest_framework/renderers/pdf.py
index 70578d8ab..bb6010020 100644
--- a/src/unicef_rest_framework/renderers/pdf.py
+++ b/src/unicef_rest_framework/renderers/pdf.py
@@ -69,4 +69,4 @@ def render(self, data, accepted_media_type=None, renderer_context=None):
         except Exception as e:
             process_exception(e)
             logger.exception(e)
-            raise Exception('Error processing request')
+            raise Exception('Error processing request') from e
diff --git a/src/unicef_rest_framework/renderers/xls.py b/src/unicef_rest_framework/renderers/xls.py
index 699f07feb..adf9f680b 100644
--- a/src/unicef_rest_framework/renderers/xls.py
+++ b/src/unicef_rest_framework/renderers/xls.py
@@ -13,10 +13,12 @@ def render(self, data, accepted_media_type=None, renderer_context=None):
         if response.status_code != 200:
             return ''
         try:
-            if not data['results']:
+            if data and 'results' in data:
+                data = data['results']
+            if not data:
                 return ''
             return super().render(data, accepted_media_type, renderer_context)
         except Exception as e:
             process_exception(e)
             logger.exception(e)
-            raise Exception('Error processing request')
+            raise Exception(f'Error processing request {e}') from e
diff --git a/src/unicef_rest_framework/views.py b/src/unicef_rest_framework/views.py
index 1d287d0a4..2faae5e3a 100644
--- a/src/unicef_rest_framework/views.py
+++ b/src/unicef_rest_framework/views.py
@@ -30,6 +30,9 @@ def __get__(self, instance, owner):
 
 
 class ReadOnlyModelViewSet(DynamicSerializerMixin, viewsets.ReadOnlyModelViewSet):
+    serializer_field_param = '+serializer'
+    dynamic_fields_param = '+fields'
+
     object_cache_key_func = rest_framework_extensions.utils.default_object_cache_key_func
     list_cache_key_func = ListKeyConstructor()
 
diff --git a/tests/_test_lib/test_utilities/factories.py b/tests/_test_lib/test_utilities/factories.py
index ab1823d1a..aa79a3f96 100644
--- a/tests/_test_lib/test_utilities/factories.py
+++ b/tests/_test_lib/test_utilities/factories.py
@@ -48,7 +48,7 @@ class Meta:
         model = PMPIndicators
 
 
-class FAMIndicatoFactory(factory.DjangoModelFactory):
+class FAMIndicatorFactory(factory.DjangoModelFactory):
     month = today
 
     class Meta:
diff --git a/tests/api/test_api_cache.py b/tests/api/test_api_cache.py
index 33aad342f..e831fe1cd 100644
--- a/tests/api/test_api_cache.py
+++ b/tests/api/test_api_cache.py
@@ -44,7 +44,7 @@ def test_etag(client, admin_user, data_service, django_assert_num_queries):
     assert res['etag'] == etag
 
 
-@pytest.mark.parametrize("fmt", ["pdf", "csv", "xlsx", "xhtml", "json", "ms-xml", "xml", "ms-json"])
+@pytest.mark.parametrize("fmt", ["pdf", "csv", "xlsx", "json", "ms-xml", "xml", "ms-json"])
 def test_cache_renderers(fmt, client, admin_user, data_service, django_assert_num_queries):
     url = f"{data_service.endpoint}?country_name=bolivia&format={fmt}"
     client.force_authenticate(admin_user)
diff --git a/tests/api/test_api_data.py b/tests/api/test_api_data.py
index 355b9b3db..adee3a0e6 100644
--- a/tests/api/test_api_data.py
+++ b/tests/api/test_api_data.py
@@ -1,56 +1,91 @@
 # -*- coding: utf-8 -*-
 import pytest
-from test_utilities.factories import (FAMIndicatoFactory, HACTFactory, InterventionFactory,
+from test_utilities.factories import (FAMIndicatorFactory, HACTFactory, InterventionFactory,
                                       PMPIndicatorFactory, UserStatsFactory,)
 
-from etools_datamart.api.endpoints import (FAMIndicatorViewSet, InterventionViewSet,
+from etools_datamart.api.endpoints import (FAMIndicatorViewSet, HACTViewSet, InterventionViewSet,
                                            PMPIndicatorsViewSet, UserStatsViewSet,)
+from etools_datamart.apps.etl.models import EtlTask
+
+VIEWSETS = [
+    FAMIndicatorViewSet,
+    HACTViewSet,
+    InterventionViewSet,
+    PMPIndicatorsViewSet,
+    UserStatsViewSet,
+]
+
+FORMATS = (('', 'application/json'),
+           ('csv', 'text/csv; charset=utf-8'),
+           ('xml', 'application/xml; charset=utf-8'),
+           # ('html', 'text/html; charset=utf-8'),
+           ('json', 'application/json'),
+           ('ms-xml', 'application/xml; charset=utf-8'),
+           ('ms-json', 'application/json'),
+           ('csv', 'text/csv; charset=utf-8'),
+           ('pdf', 'application/pdf; charset=utf-8'),
+           ('xlsx', 'application/xlsx; charset=utf-8'),
+           )
 
 
 @pytest.fixture()
 def data(db):
-    data = [HACTFactory(),
-            PMPIndicatorFactory(),
-            FAMIndicatoFactory(),
-            InterventionFactory(),
-            UserStatsFactory()]
+    EtlTask.objects.inspect()
+    data = [
+        FAMIndicatorFactory(),
+        HACTFactory(),
+        InterventionFactory(),
+        PMPIndicatorFactory(),
+        UserStatsFactory(),
+    ]
     yield
     [r.delete() for r in data]
 
 
-@pytest.mark.parametrize("viewset", [PMPIndicatorsViewSet, InterventionViewSet,
-                                     FAMIndicatorViewSet, UserStatsViewSet])
-def test_list_json(client, viewset):
-    res = client.get(viewset.get_service().endpoint)
+@pytest.mark.parametrize("action", ['', 'updates/'])
+@pytest.mark.parametrize("format,ct", FORMATS)
+@pytest.mark.parametrize("viewset", VIEWSETS)
+def test_list(client, action, viewset, format, ct, data):
+    res = client.get(f"{viewset.get_service().endpoint}{action}?format={format}")
     assert res.status_code == 200, res
-    assert res.json()
+    assert res.content
+    assert res['Content-Type'] == ct
 
-
-@pytest.mark.parametrize("viewset", [PMPIndicatorsViewSet, InterventionViewSet,
-                                     FAMIndicatorViewSet, UserStatsViewSet])
-def test_list_csv(client, viewset, data):
-    res = client.get(f"{viewset.get_service().endpoint}?format=csv", format='csv')
-    assert res.status_code == 200, res
-    assert res['Content-Type'] == "text/csv; charset=utf-8"
-
-
-@pytest.mark.parametrize("viewset", [PMPIndicatorsViewSet, InterventionViewSet,
-                                     FAMIndicatorViewSet, UserStatsViewSet])
-def test_list_xml(client, viewset):
-    res = client.get(f"{viewset.get_service().endpoint}?format=xml", format='xml')
-    assert res.status_code == 200, res
-
-
-@pytest.mark.parametrize("viewset", [PMPIndicatorsViewSet, InterventionViewSet,
-                                     FAMIndicatorViewSet, UserStatsViewSet])
-def test_list_msxml(client, viewset):
-    res = client.get(f"{viewset.get_service().endpoint}?format=ms-xml", format='ms-xml')
-    assert res.status_code == 200, res
-
-
-@pytest.mark.parametrize("viewset", [PMPIndicatorsViewSet, InterventionViewSet,
-                                     FAMIndicatorViewSet, UserStatsViewSet])
-def test_list_msjson(client, viewset):
-    res = client.get(f"{viewset.get_service().endpoint}?format=ms-json", format='ms-json')
-    assert res.status_code == 200, res
-    assert res.json()
+# @pytest.mark.parametrize("viewset", VIEWSETS)
+# def test_list_json(client, viewset):
+#     res = client.get(viewset.get_service().endpoint)
+#     assert res.status_code == 200, res
+#     assert res.json()
+#
+#
+# @pytest.mark.parametrize("viewset", VIEWSETS)
+# def test_list_csv(client, viewset, data):
+#     res = client.get(f"{viewset.get_service().endpoint}?format=csv", format='csv')
+#     assert res.status_code == 200, res
+#     assert res['Content-Type'] == "text/csv; charset=utf-8"
+#
+#
+# @pytest.mark.parametrize("viewset", VIEWSETS)
+# def test_list_xml(client, viewset):
+#     res = client.get(f"{viewset.get_service().endpoint}?format=xml", format='xml')
+#     assert res.status_code == 200, res
+#
+#
+# @pytest.mark.parametrize("viewset", VIEWSETS)
+# def test_list_msxml(client, viewset):
+#     res = client.get(f"{viewset.get_service().endpoint}?format=ms-xml", format='ms-xml')
+#     assert res.status_code == 200, res
+#
+#
+# @pytest.mark.parametrize("viewset", VIEWSETS)
+# def test_list_msjson(client, viewset):
+#     res = client.get(f"{viewset.get_service().endpoint}?format=ms-json", format='ms-json')
+#     assert res.status_code == 200, res
+#     assert res.json()
+#
+#
+# @pytest.mark.parametrize("viewset", VIEWSETS)
+# def test_updates(client, viewset):
+#     res = client.get(f"{viewset.get_service().endpoint}/updates/?format=ms-json", format='ms-json')
+#     assert res.status_code == 200, res
+#     assert res.json()
diff --git a/tests/etl/test_etl_tasklog.py b/tests/etl/test_etl_tasklog.py
index 60559d3d6..31b4905ad 100644
--- a/tests/etl/test_etl_tasklog.py
+++ b/tests/etl/test_etl_tasklog.py
@@ -50,3 +50,11 @@ def test_load_pmp_indicator_running(db, disable_post_run):
         assert load_pmp_indicator.apply()
         assert EtlTask.objects.filter(task='etools_datamart.apps.etl.tasks.etl.load_pmp_indicator',
                                       status='RUNNING')
+
+
+def test_no_changes(db):
+    with mock.patch('etools_datamart.apps.etl.tasks.etl.load_pmp_indicator.run',
+                    return_value=EtlResult()):
+        assert load_pmp_indicator.apply()
+        assert EtlTask.objects.filter(task='etools_datamart.apps.etl.tasks.etl.load_pmp_indicator',
+                                      status='SUCCESS').exists()
diff --git a/tests/test_subscription.py b/tests/test_subscription.py
index f5dc622d3..f68837538 100644
--- a/tests/test_subscription.py
+++ b/tests/test_subscription.py
@@ -3,9 +3,10 @@
 import pytest
 from django.contrib.auth.models import AnonymousUser
 from django.urls import reverse
-from test_utilities.factories import EmailTemplateFactory, SubscriptionFactory
+from test_utilities.factories import EmailTemplateFactory, HACTFactory, SubscriptionFactory
 from unicef_rest_framework.test_utils import user_allow_service
 
+from etools_datamart.apps.data.models import HACT
 from etools_datamart.apps.etl.models import EtlTask
 from etools_datamart.apps.subscriptions.models import Subscription
 from etools_datamart.apps.subscriptions.views import subscribe
@@ -13,8 +14,9 @@
 
 @pytest.fixture()
 def etltask(db):
+    HACTFactory()
     EtlTask.objects.inspect()
-    return EtlTask.objects.first()
+    return EtlTask.objects.get_for_model(HACT)
 
 
 @pytest.fixture()
diff --git a/tests/unicef_security/test_azure.py b/tests/unicef_security/test_azure.py
index e792a508a..c711acd4c 100644
--- a/tests/unicef_security/test_azure.py
+++ b/tests/unicef_security/test_azure.py
@@ -12,4 +12,12 @@ def test_token():
 @vcr.use_cassette(str(Path(__file__).parent / 'vcr_cassettes/test_user_data.yml'))
 def test_user_data():
     s = Synchronizer()
-    assert s.get_user('sapostolico@unicef.org')
+    info = s.get_user('sapostolico@unicef.org')
+    assert info['displayName']
+    assert info['givenName']
+    assert info['id']
+    assert sorted(info.keys()) == sorted(['@odata.context', 'id', 'businessPhones',
+                                          'displayName', 'givenName', 'jobTitle',
+                                          'mail', 'mobilePhone', 'officeLocation',
+                                          'preferredLanguage', 'surname',
+                                          'userPrincipalName'])
diff --git a/tests/unicef_security/vcr_cassettes/test_user_data.yml b/tests/unicef_security/vcr_cassettes/test_user_data.yml
index 7bc153ce6..6b1f1a2c1 100644
--- a/tests/unicef_security/vcr_cassettes/test_user_data.yml
+++ b/tests/unicef_security/vcr_cassettes/test_user_data.yml
@@ -11,29 +11,58 @@ interactions:
     method: POST
     uri: https://login.microsoftonline.com/unicef.org/oauth2/token
   response:
-    body: {string: '{"token_type":"Bearer","expires_in":"3599","ext_expires_in":"0","expires_on":"1541795231","not_before":"1541791331","resource":"https://graph.microsoft.com","access_token":"eyJ0eXAiOiJKV1QiLCJub25jZSI6IkFRQUJBQUFBQUFDNXVuYTBFVUZnVElGOEVsYXh0V2pUUk1Mb2xncWVveHNkNFF2VVVlOUtxWGxXeGxNTG51dlIxYTNlNHhCNlNGRERMbXVxQWN4UFNlNnZQV0psT1YxN3d5VXlxNnJvbFdBY0R0Yi1hbW85TmlBQSIsImFsZyI6IlJTMjU2IiwieDV0Ijoid1VMbVlmc3FkUXVXdFZfLWh4VnRESkpaTTRRIiwia2lkIjoid1VMbVlmc3FkUXVXdFZfLWh4VnRESkpaTTRRIn0.eyJhdWQiOiJodHRwczovL2dyYXBoLm1pY3Jvc29mdC5jb20iLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC83NzQxMDE5NS0xNGUxLTRmYjgtOTA0Yi1hYjE4OTIwMjM2NjcvIiwiaWF0IjoxNTQxNzkxMzMxLCJuYmYiOjE1NDE3OTEzMzEsImV4cCI6MTU0MTc5NTIzMSwiYWlvIjoiNDJSZ1lNamEwS3U0TXVTaWF0OTVZVGxMaTVwNkFBPT0iLCJhcHBfZGlzcGxheW5hbWUiOiJ1bmktZnJnLWV0b29scy1kZXYiLCJhcHBpZCI6ImQxYmQ3OWI1LTI5YzYtNDcyZS04ZjY2LWYyYzE0NWI2YWE1ZCIsImFwcGlkYWNyIjoiMSIsImlkcCI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0Lzc3NDEwMTk1LTE0ZTEtNGZiOC05MDRiLWFiMTg5MjAyMzY2Ny8iLCJvaWQiOiIwZThmOWQ0Yi03Yzg0LTQ3MDYtYTY1Ny0wMzQ2ZmE0OGRhN2IiLCJyb2xlcyI6WyJEaXJlY3RvcnkuUmVhZC5BbGwiLCJVc2VyLlJlYWQuQWxsIl0sInN1YiI6IjBlOGY5ZDRiLTdjODQtNDcwNi1hNjU3LTAzNDZmYTQ4ZGE3YiIsInRpZCI6Ijc3NDEwMTk1LTE0ZTEtNGZiOC05MDRiLWFiMTg5MjAyMzY2NyIsInV0aSI6InBOUGV0R1hsWkVLZ0tfZ3drS2tvQUEiLCJ2ZXIiOiIxLjAiLCJ4bXNfdGNkdCI6MTM3MTEyNzk0OX0.KFLAJ6snzJk3uaIld68a7ibvXFphnUI30A9PLCfS0tdL7iwsMLnIXqjFc2fD39_K2XNbb-sNAcuVeXRa2t2Yc9c1Ca1RCMbhUFcz0zQFoDtEpOfTFL337Ru6Nj7H-SFZCgnDIip0Hocz_cRA-nI6O2gDfgDvYMetW-9vwCPPqxp43E_1gtZnNrKNJ5ktYPZa5-oSRG-oB-SsYdVJJBSZjNmKXXdaOyiOrBoRSDvcVR4NOqoiDcgXCejEK0sEoo0ABAIzYpgoDrtIU75DQ1Pu0pvzZnNB496lBDRO5zd87EwOhw_sCu3hRsvn9SJ5Udn-VyTgyYwgkaX-06J9m5mA-A"}'}
+    body: {string: '{"token_type":"Bearer","expires_in":"3600","ext_expires_in":"3600","expires_on":"1543868546","not_before":"1543864646","resource":"https://graph.microsoft.com","access_token":"eyJ0eXAiOiJKV1QiLCJub25jZSI6IkFRQUJBQUFBQUFDNXVuYTBFVUZnVElGOEVsYXh0V2pUaDhvNElZMzZWU1ZpdmRFUlQtdW9IRm1iSERMWnRMN1dzY3Q2dGxVelJ3Sm5PVzh3N0JmbGhiOG5fNWVIWUdNQXBiempQTFlYanA0SjFTcklyS1k2cmlBQSIsImFsZyI6IlJTMjU2IiwieDV0Ijoid1VMbVlmc3FkUXVXdFZfLWh4VnRESkpaTTRRIiwia2lkIjoid1VMbVlmc3FkUXVXdFZfLWh4VnRESkpaTTRRIn0.eyJhdWQiOiJodHRwczovL2dyYXBoLm1pY3Jvc29mdC5jb20iLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC83NzQxMDE5NS0xNGUxLTRmYjgtOTA0Yi1hYjE4OTIwMjM2NjcvIiwiaWF0IjoxNTQzODY0NjQ2LCJuYmYiOjE1NDM4NjQ2NDYsImV4cCI6MTU0Mzg2ODU0NiwiYWlvIjoiNDJSZ1lOZ2R6MnYrMUhaZm45Y3p4dHhicFl3ZkFBPT0iLCJhcHBfZGlzcGxheW5hbWUiOiJ1bmktZnJnLWV0b29scy1kZXYiLCJhcHBpZCI6ImQxYmQ3OWI1LTI5YzYtNDcyZS04ZjY2LWYyYzE0NWI2YWE1ZCIsImFwcGlkYWNyIjoiMSIsImlkcCI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0Lzc3NDEwMTk1LTE0ZTEtNGZiOC05MDRiLWFiMTg5MjAyMzY2Ny8iLCJvaWQiOiIwZThmOWQ0Yi03Yzg0LTQ3MDYtYTY1Ny0wMzQ2ZmE0OGRhN2IiLCJyb2xlcyI6WyJEaXJlY3RvcnkuUmVhZC5BbGwiLCJVc2VyLlJlYWQuQWxsIl0sInN1YiI6IjBlOGY5ZDRiLTdjODQtNDcwNi1hNjU3LTAzNDZmYTQ4ZGE3YiIsInRpZCI6Ijc3NDEwMTk1LTE0ZTEtNGZiOC05MDRiLWFiMTg5MjAyMzY2NyIsInV0aSI6IkNBbWg2QV9NX2stUUc0RUNnc0EwQUEiLCJ2ZXIiOiIxLjAiLCJ4bXNfdGNkdCI6MTM3MTEyNzk0OX0.gZj993J-31ymYg_csXI2jP2lqNC70uD7N4_qQydglmsJC1RtIobusWG2MlM648MFuYqgKMNOJtt2ic4TofindXogQdFJya65GApH-8vF1vhhzL4mQdOFAwoxh9Y1XGFSl-zi4RcrVWjs11Rt6jHRTrx9GTMJsB4BB7VwXAdV0IRNCiKp0umzsLlyRSZLsnSzjJDonj2UjNiq5tS2I-8bpycRU_jpR-glAqebBhUrERfMxNqMoc5XrtGMGvzPzzYYTC-H-GSKbkaJBMO2ll_ad8Twi0Tw0yh9dd2ePQl0PO5GhyDuh1VMMBlNUNTU1oEq4o7xnKMzxs3gdBSQx05v8Q"}'}
     headers:
       Cache-Control: ['no-cache, no-store']
-      Content-Length: ['1649']
+      Content-Length: ['1652']
       Content-Type: [application/json; charset=utf-8]
-      Date: ['Fri, 09 Nov 2018 19:27:10 GMT']
+      Date: ['Mon, 03 Dec 2018 19:22:26 GMT']
       Expires: ['-1']
       P3P: [CP="DSP CUR OTPi IND OTRi ONL FIN"]
       Pragma: [no-cache]
       Server: [Microsoft-IIS/10.0]
-      Set-Cookie: ['fpc=AbxSw-NEncNGmiBAo1nNNk-hqu4lAQCmk4NYeUbWCA; expires=Sun, 09-Dec-2018
-          19:27:11 GMT; path=/; secure; HttpOnly', x-ms-gateway-slice=016; path=/;
+      Set-Cookie: ['fpc=AZOCOBXL5-ZLty69fQqnYpehqu4lAQCkTfOoVFnWCA; expires=Wed, 02-Jan-2019
+          19:22:26 GMT; path=/; secure; HttpOnly', x-ms-gateway-slice=020; path=/;
           secure; HttpOnly, stsservicecookie=ests; path=/; secure; HttpOnly]
       Strict-Transport-Security: [max-age=31536000; includeSubDomains]
       X-Content-Type-Options: [nosniff]
-      x-ms-request-id: [b4ded3a4-e565-4264-a02b-f83090a92800]
+      x-ms-request-id: [e8a10908-cc0f-4ffe-901b-810282c03400]
+    status: {code: 200, message: OK}
+- request:
+    body: grant_type=client_credentials&client_id=d1bd79b5-29c6-472e-8f66-f2c145b6aa5d&client_secret=%2BRXS9a0%2FsNGRSjrVyCwC7D2Ve5m6TrClXW04hxRD7TY%3D&resource=https%3A%2F%2Fgraph.microsoft.com
+    headers:
+      Accept: ['*/*']
+      Accept-Encoding: ['gzip, deflate']
+      Connection: [keep-alive]
+      Content-Length: ['184']
+      Content-Type: [application/x-www-form-urlencoded]
+      User-Agent: [python-requests/2.20.1]
+    method: POST
+    uri: https://login.microsoftonline.com/unicef.org/oauth2/token
+  response:
+    body: {string: '{"token_type":"Bearer","expires_in":"3599","ext_expires_in":"3599","expires_on":"1543868547","not_before":"1543864647","resource":"https://graph.microsoft.com","access_token":"eyJ0eXAiOiJKV1QiLCJub25jZSI6IkFRQUJBQUFBQUFDNXVuYTBFVUZnVElGOEVsYXh0V2pUM2xFZzRWcEczeFBVT25KcTQ5cVAzTkZkUFB4VjRsZ0N2MDdwMkxXVU5IeElIZUd6UkZPUmo4YXZ1T2VmSG5KbWd3TEtEQ0RhelBRVEY5aUpOajh3S1NBQSIsImFsZyI6IlJTMjU2IiwieDV0Ijoid1VMbVlmc3FkUXVXdFZfLWh4VnRESkpaTTRRIiwia2lkIjoid1VMbVlmc3FkUXVXdFZfLWh4VnRESkpaTTRRIn0.eyJhdWQiOiJodHRwczovL2dyYXBoLm1pY3Jvc29mdC5jb20iLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC83NzQxMDE5NS0xNGUxLTRmYjgtOTA0Yi1hYjE4OTIwMjM2NjcvIiwiaWF0IjoxNTQzODY0NjQ3LCJuYmYiOjE1NDM4NjQ2NDcsImV4cCI6MTU0Mzg2ODU0NywiYWlvIjoiNDJSZ1lIaGkwS2hiNnJsNWorbldSdjhaTjI0bEF3QT0iLCJhcHBfZGlzcGxheW5hbWUiOiJ1bmktZnJnLWV0b29scy1kZXYiLCJhcHBpZCI6ImQxYmQ3OWI1LTI5YzYtNDcyZS04ZjY2LWYyYzE0NWI2YWE1ZCIsImFwcGlkYWNyIjoiMSIsImlkcCI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0Lzc3NDEwMTk1LTE0ZTEtNGZiOC05MDRiLWFiMTg5MjAyMzY2Ny8iLCJvaWQiOiIwZThmOWQ0Yi03Yzg0LTQ3MDYtYTY1Ny0wMzQ2ZmE0OGRhN2IiLCJyb2xlcyI6WyJEaXJlY3RvcnkuUmVhZC5BbGwiLCJVc2VyLlJlYWQuQWxsIl0sInN1YiI6IjBlOGY5ZDRiLTdjODQtNDcwNi1hNjU3LTAzNDZmYTQ4ZGE3YiIsInRpZCI6Ijc3NDEwMTk1LTE0ZTEtNGZiOC05MDRiLWFiMTg5MjAyMzY2NyIsInV0aSI6InREQVJKNTVqYmt1bjZTcVVidmtzQUEiLCJ2ZXIiOiIxLjAiLCJ4bXNfdGNkdCI6MTM3MTEyNzk0OX0.lMArtpyTfI1qwHseTXUmHebKQfjPlmtmnje8ssoYztUmFSGEKwR3g5u86HrcbMrupxv0qv0-WAMa2JesCxvVAfDeOfwE6xnRt0ie1Xp_Wt9wOVbcepMOLOyND2-ZOHtiOH9yUUFmnknjjWBRi1s-O0nA7GE80uzNxCElwic5vUur1sX16ccj-lSPbsZA7WCriUcqVcdkSQMDqDOc1jyUsB4xNnJGRt-j0AD3bBwtI-T5OevWIFPSeQpDl1P1IG_CtNMC_iZi8xG44nn1HOAK4Jve_EmfTheoxcd3pk751qTxLz_nWt1B2oIPNbqO-HNsshlbaCr8e6O27Oz3ctELgA"}'}
+    headers:
+      Cache-Control: ['no-cache, no-store']
+      Content-Length: ['1652']
+      Content-Type: [application/json; charset=utf-8]
+      Date: ['Mon, 03 Dec 2018 19:22:26 GMT']
+      Expires: ['-1']
+      P3P: [CP="DSP CUR OTPi IND OTRi ONL FIN"]
+      Pragma: [no-cache]
+      Server: [Microsoft-IIS/10.0]
+      Set-Cookie: ['fpc=ATplY2Kar5hJusFRWCiozMKhqu4lAQAteS6pVFnWCA; expires=Wed, 02-Jan-2019
+          19:22:27 GMT; path=/; secure; HttpOnly', x-ms-gateway-slice=016; path=/;
+          secure; HttpOnly, stsservicecookie=ests; path=/; secure; HttpOnly]
+      Strict-Transport-Security: [max-age=31536000; includeSubDomains]
+      X-Content-Type-Options: [nosniff]
+      x-ms-request-id: [271130b4-639e-4b6e-a7e9-2a946ef92c00]
     status: {code: 200, message: OK}
 - request:
     body: null
     headers:
       Accept: ['*/*']
       Accept-Encoding: ['gzip, deflate']
-      Authorization: [Bearer eyJ0eXAiOiJKV1QiLCJub25jZSI6IkFRQUJBQUFBQUFDNXVuYTBFVUZnVElGOEVsYXh0V2pUUk1Mb2xncWVveHNkNFF2VVVlOUtxWGxXeGxNTG51dlIxYTNlNHhCNlNGRERMbXVxQWN4UFNlNnZQV0psT1YxN3d5VXlxNnJvbFdBY0R0Yi1hbW85TmlBQSIsImFsZyI6IlJTMjU2IiwieDV0Ijoid1VMbVlmc3FkUXVXdFZfLWh4VnRESkpaTTRRIiwia2lkIjoid1VMbVlmc3FkUXVXdFZfLWh4VnRESkpaTTRRIn0.eyJhdWQiOiJodHRwczovL2dyYXBoLm1pY3Jvc29mdC5jb20iLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC83NzQxMDE5NS0xNGUxLTRmYjgtOTA0Yi1hYjE4OTIwMjM2NjcvIiwiaWF0IjoxNTQxNzkxMzMxLCJuYmYiOjE1NDE3OTEzMzEsImV4cCI6MTU0MTc5NTIzMSwiYWlvIjoiNDJSZ1lNamEwS3U0TXVTaWF0OTVZVGxMaTVwNkFBPT0iLCJhcHBfZGlzcGxheW5hbWUiOiJ1bmktZnJnLWV0b29scy1kZXYiLCJhcHBpZCI6ImQxYmQ3OWI1LTI5YzYtNDcyZS04ZjY2LWYyYzE0NWI2YWE1ZCIsImFwcGlkYWNyIjoiMSIsImlkcCI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0Lzc3NDEwMTk1LTE0ZTEtNGZiOC05MDRiLWFiMTg5MjAyMzY2Ny8iLCJvaWQiOiIwZThmOWQ0Yi03Yzg0LTQ3MDYtYTY1Ny0wMzQ2ZmE0OGRhN2IiLCJyb2xlcyI6WyJEaXJlY3RvcnkuUmVhZC5BbGwiLCJVc2VyLlJlYWQuQWxsIl0sInN1YiI6IjBlOGY5ZDRiLTdjODQtNDcwNi1hNjU3LTAzNDZmYTQ4ZGE3YiIsInRpZCI6Ijc3NDEwMTk1LTE0ZTEtNGZiOC05MDRiLWFiMTg5MjAyMzY2NyIsInV0aSI6InBOUGV0R1hsWkVLZ0tfZ3drS2tvQUEiLCJ2ZXIiOiIxLjAiLCJ4bXNfdGNkdCI6MTM3MTEyNzk0OX0.KFLAJ6snzJk3uaIld68a7ibvXFphnUI30A9PLCfS0tdL7iwsMLnIXqjFc2fD39_K2XNbb-sNAcuVeXRa2t2Yc9c1Ca1RCMbhUFcz0zQFoDtEpOfTFL337Ru6Nj7H-SFZCgnDIip0Hocz_cRA-nI6O2gDfgDvYMetW-9vwCPPqxp43E_1gtZnNrKNJ5ktYPZa5-oSRG-oB-SsYdVJJBSZjNmKXXdaOyiOrBoRSDvcVR4NOqoiDcgXCejEK0sEoo0ABAIzYpgoDrtIU75DQ1Pu0pvzZnNB496lBDRO5zd87EwOhw_sCu3hRsvn9SJ5Udn-VyTgyYwgkaX-06J9m5mA-A]
+      Authorization: [Bearer eyJ0eXAiOiJKV1QiLCJub25jZSI6IkFRQUJBQUFBQUFDNXVuYTBFVUZnVElGOEVsYXh0V2pUM2xFZzRWcEczeFBVT25KcTQ5cVAzTkZkUFB4VjRsZ0N2MDdwMkxXVU5IeElIZUd6UkZPUmo4YXZ1T2VmSG5KbWd3TEtEQ0RhelBRVEY5aUpOajh3S1NBQSIsImFsZyI6IlJTMjU2IiwieDV0Ijoid1VMbVlmc3FkUXVXdFZfLWh4VnRESkpaTTRRIiwia2lkIjoid1VMbVlmc3FkUXVXdFZfLWh4VnRESkpaTTRRIn0.eyJhdWQiOiJodHRwczovL2dyYXBoLm1pY3Jvc29mdC5jb20iLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC83NzQxMDE5NS0xNGUxLTRmYjgtOTA0Yi1hYjE4OTIwMjM2NjcvIiwiaWF0IjoxNTQzODY0NjQ3LCJuYmYiOjE1NDM4NjQ2NDcsImV4cCI6MTU0Mzg2ODU0NywiYWlvIjoiNDJSZ1lIaGkwS2hiNnJsNWorbldSdjhaTjI0bEF3QT0iLCJhcHBfZGlzcGxheW5hbWUiOiJ1bmktZnJnLWV0b29scy1kZXYiLCJhcHBpZCI6ImQxYmQ3OWI1LTI5YzYtNDcyZS04ZjY2LWYyYzE0NWI2YWE1ZCIsImFwcGlkYWNyIjoiMSIsImlkcCI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0Lzc3NDEwMTk1LTE0ZTEtNGZiOC05MDRiLWFiMTg5MjAyMzY2Ny8iLCJvaWQiOiIwZThmOWQ0Yi03Yzg0LTQ3MDYtYTY1Ny0wMzQ2ZmE0OGRhN2IiLCJyb2xlcyI6WyJEaXJlY3RvcnkuUmVhZC5BbGwiLCJVc2VyLlJlYWQuQWxsIl0sInN1YiI6IjBlOGY5ZDRiLTdjODQtNDcwNi1hNjU3LTAzNDZmYTQ4ZGE3YiIsInRpZCI6Ijc3NDEwMTk1LTE0ZTEtNGZiOC05MDRiLWFiMTg5MjAyMzY2NyIsInV0aSI6InREQVJKNTVqYmt1bjZTcVVidmtzQUEiLCJ2ZXIiOiIxLjAiLCJ4bXNfdGNkdCI6MTM3MTEyNzk0OX0.lMArtpyTfI1qwHseTXUmHebKQfjPlmtmnje8ssoYztUmFSGEKwR3g5u86HrcbMrupxv0qv0-WAMa2JesCxvVAfDeOfwE6xnRt0ie1Xp_Wt9wOVbcepMOLOyND2-ZOHtiOH9yUUFmnknjjWBRi1s-O0nA7GE80uzNxCElwic5vUur1sX16ccj-lSPbsZA7WCriUcqVcdkSQMDqDOc1jyUsB4xNnJGRt-j0AD3bBwtI-T5OevWIFPSeQpDl1P1IG_CtNMC_iZi8xG44nn1HOAK4Jve_EmfTheoxcd3pk751qTxLz_nWt1B2oIPNbqO-HNsshlbaCr8e6O27Oz3ctELgA]
       Connection: [keep-alive]
       User-Agent: [python-requests/2.20.1]
     method: GET
@@ -52,14 +81,14 @@ interactions:
       Cache-Control: [private]
       Content-Encoding: [gzip]
       Content-Type: [application/json;odata.metadata=minimal;odata.streaming=true;IEEE754Compatible=false;charset=utf-8]
-      Date: ['Fri, 09 Nov 2018 19:27:10 GMT']
-      Duration: ['53.5257']
+      Date: ['Mon, 03 Dec 2018 19:22:26 GMT']
+      Duration: ['82.0962']
       OData-Version: ['4.0']
       Strict-Transport-Security: [max-age=31536000]
       Transfer-Encoding: [chunked]
       Vary: [Accept-Encoding]
-      client-request-id: [9bc8bdce-a9a6-47e7-b02d-29c79cb31b07]
-      request-id: [9bc8bdce-a9a6-47e7-b02d-29c79cb31b07]
-      x-ms-ags-diagnostic: ['{"ServerInfo":{"DataCenter":"North Europe","Slice":"SliceC","Ring":"2","ScaleUnit":"000","Host":"AGSFE_IN_22","ADSiteName":"NEU"}}']
+      client-request-id: [500a4333-ed50-488d-94a6-02d98c26d5d7]
+      request-id: [500a4333-ed50-488d-94a6-02d98c26d5d7]
+      x-ms-ags-diagnostic: ['{"ServerInfo":{"DataCenter":"North Europe","Slice":"SliceC","Ring":"3","ScaleUnit":"003","Host":"AGSFE_IN_5","ADSiteName":"NEU"}}']
     status: {code: 200, message: OK}
 version: 1

From a75df19f733e2d5b060fc036ae26bcdc7d89b9e9 Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Mon, 3 Dec 2018 23:06:32 +0100
Subject: [PATCH 08/86] updates settings, add default for LOCK_CACHE_URL

---
 src/etools_datamart/config/settings.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/etools_datamart/config/settings.py b/src/etools_datamart/config/settings.py
index 401c329e3..e3f3d846a 100644
--- a/src/etools_datamart/config/settings.py
+++ b/src/etools_datamart/config/settings.py
@@ -15,6 +15,7 @@
 
                   CACHE_URL=(str, "redis://127.0.0.1:6379/1"),
                   API_CACHE_URL=(str, "redis://127.0.0.1:6379/2?key_prefix=api"),
+                  LOCK_CACHE_URL=(str, "redis://127.0.0.1:6379/2?key_prefix=lock"),
                   TEMPLATE_CACHE_URL=(str, "redis://127.0.0.1:6379/2?key_prefix=template"),
                   # CACHE_URL=(str, "dummycache://"),
                   # API_CACHE_URL=(str, "dummycache://"),

From d4ac643b9a4f8aaf5c117a8c7b6949f77b7b895d Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Wed, 5 Dec 2018 07:31:13 +0100
Subject: [PATCH 09/86] updates requirements

---
 Pipfile                                       |  2 +-
 Pipfile.lock                                  | 24 ++++++++---------
 docker/Dockerfile                             |  3 +--
 src/etools_datamart/api/endpoints/openapi.py  |  1 -
 .../init/management/commands/init-setup.py    | 17 +++---------
 .../apps/subscriptions/views.py               |  2 +-
 .../apps/tracking/middleware.py               | 27 +++++++++++--------
 src/etools_datamart/config/settings.py        | 14 +++++-----
 tests/test_commands.py                        |  7 -----
 tests/test_subscription.py                    |  2 +-
 10 files changed, 42 insertions(+), 57 deletions(-)

diff --git a/Pipfile b/Pipfile
index ce4b72dda..4d41fbbe5 100644
--- a/Pipfile
+++ b/Pipfile
@@ -8,7 +8,7 @@ psycopg2 = "*"
 admin-extra-urls = ">=2.1"
 celery = "*"
 coreapi = "*"
-django = ">=2.1"
+django = ">=2.1.4"
 django-adminfilters = ">=1.1"
 django-celery-beat = "==1.1.1"
 django-concurrency = "*"
diff --git a/Pipfile.lock b/Pipfile.lock
index abb804866..fae140675 100644
--- a/Pipfile.lock
+++ b/Pipfile.lock
@@ -1,7 +1,7 @@
 {
     "_meta": {
         "hash": {
-            "sha256": "81eac07ad1f97c779e00281dd19958dd2bb27a51bda821d288bf0d6174b1e6ee"
+            "sha256": "b1879bd53009e1f06a3807d199702cf1374021f4870a64405554612221101c57"
         },
         "pipfile-spec": 6,
         "requires": {
@@ -633,9 +633,9 @@
         },
         "billiard": {
             "hashes": [
-                "sha256:ed65448da5877b5558f19d2f7f11f8355ea76b3e63e1c0a6059f47cfae5f1c84"
+                "sha256:42d9a227401ac4fba892918bba0a0c409def5435c4b483267ebfe821afaaba0e"
             ],
-            "version": "==3.5.0.4"
+            "version": "==3.5.0.5"
         },
         "celery": {
             "hashes": [
@@ -753,11 +753,11 @@
         },
         "django": {
             "hashes": [
-                "sha256:1ffab268ada3d5684c05ba7ce776eaeedef360712358d6a6b340ae9f16486916",
-                "sha256:dd46d87af4c1bf54f4c926c3cfa41dc2b5c15782f15e4329752ce65f5dad1c37"
+                "sha256:068d51054083d06ceb32ce02b7203f1854256047a0d58682677dd4f81bceabd7",
+                "sha256:55409a056b27e6d1246f19ede41c6c610e4cab549c005b62cbeefabc6433356b"
             ],
             "index": "pypi",
-            "version": "==2.1.3"
+            "version": "==2.1.4"
         },
         "django-adminactions": {
             "hashes": [
@@ -999,11 +999,11 @@
         },
         "djangorestframework-xml": {
             "hashes": [
-                "sha256:caea8e446298b7fe1eb9a79306f35554db7531c2e637734d32de3cf99afbdc5a",
-                "sha256:f7d5efc26eabbca73db0ff0f0c15b59ca08e36660c02f96563a0d937321f519f"
+                "sha256:d8118580b6c0e94a6b908a78c8d842e9f349901dfff43d91adc2d73a54f4ba59",
+                "sha256:d85d5744e75fe01ea2af667b15f6aa7df97c710516477ba493558da8432f6b0f"
             ],
             "index": "pypi",
-            "version": "==1.3.0"
+            "version": "==1.4.0"
         },
         "djangorestframework-yaml": {
             "hashes": [
@@ -1311,10 +1311,10 @@
         },
         "pyjwt": {
             "hashes": [
-                "sha256:30b1380ff43b55441283cc2b2676b755cca45693ae3097325dea01f3d110628c",
-                "sha256:4ee413b357d53fd3fb44704577afac88e72e878716116270d722723d65b42176"
+                "sha256:00414bfef802aaecd8cc0d5258b6cb87bd8f553c2986c2c5f29b19dd5633aeb7",
+                "sha256:ddec8409c57e9d371c6006e388f91daf3b0b43bdf9fcbf99451fb7cf5ce0a86d"
             ],
-            "version": "==1.6.4"
+            "version": "==1.7.0"
         },
         "pyparsing": {
             "hashes": [
diff --git a/docker/Dockerfile b/docker/Dockerfile
index b99c917ca..84ba737b8 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -55,7 +55,6 @@ LABEL org.label.name="eTools Datamart" \
 
 
 ARG BUILD_DATE
-ARG PIPENV_PYPI_MIRROR
 ARG PIPENV_ARGS
 ARG VERSION
 
@@ -117,7 +116,7 @@ WORKDIR /code
 
 RUN set -ex \
     ls -al /code \
-    && pipenv install --system --deploy --ignore-pipfile $PIPENV_ARGS
+    && pipenv install --verbose --system --deploy --ignore-pipfile $PIPENV_ARGS
 
 RUN pip install . \
     && rm -fr /code
diff --git a/src/etools_datamart/api/endpoints/openapi.py b/src/etools_datamart/api/endpoints/openapi.py
index 04c19d5a8..5d1affbeb 100644
--- a/src/etools_datamart/api/endpoints/openapi.py
+++ b/src/etools_datamart/api/endpoints/openapi.py
@@ -11,7 +11,6 @@
 
 Each API endpoint allows filtering and/or ordering results.
 
-Fiel
 ## Query lookups
 
 Any field where query functions are enabled allow to....
diff --git a/src/etools_datamart/apps/init/management/commands/init-setup.py b/src/etools_datamart/apps/init/management/commands/init-setup.py
index 7a4792585..dc7b4a977 100644
--- a/src/etools_datamart/apps/init/management/commands/init-setup.py
+++ b/src/etools_datamart/apps/init/management/commands/init-setup.py
@@ -103,13 +103,6 @@ def add_arguments(self, parser):
             default=False,
             help='refresh datamart tables')
 
-        parser.add_argument(
-            '--async',
-            action='store_true',
-            dest='_async',
-            default=False,
-            help='use celery to refresh datamart')
-
     def handle(self, *args, **options):
         verbosity = options['verbosity']
         migrate = options['migrate']
@@ -228,10 +221,6 @@ def handle(self, *args, **options):
                 self.stdout.write(f"Running {task.name}...", ending='\r')
                 self.stdout.flush()
 
-                if options['_async']:
-                    etl.delay()
-                    self.stdout.write(f"{task.name} scheduled")
-                else:
-                    etl.apply()
-                    cost = naturaldelta(app.timers[task.name])
-                    self.stdout.write(f"{task.name} excuted in {cost}")
+                etl.apply()
+                cost = naturaldelta(app.timers[task.name])
+                self.stdout.write(f"{task.name} excuted in {cost}")
diff --git a/src/etools_datamart/apps/subscriptions/views.py b/src/etools_datamart/apps/subscriptions/views.py
index af8d864e4..6b5a9d5fb 100644
--- a/src/etools_datamart/apps/subscriptions/views.py
+++ b/src/etools_datamart/apps/subscriptions/views.py
@@ -16,13 +16,13 @@ class Meta:
 
 @csrf_exempt
 def subscribe(request, etl_id):
-    code = 200
     values = {'status': "", 'detail': ""}
     try:
         user = request.user
         payload = json.loads(request.body)
         form = SubscriptionForm(data=payload)
         if form.is_valid():
+            code = 200
             etl = EtlTask.objects.get(id=etl_id)
             s, created = Subscription.objects.update_or_create(user=user,
                                                                content_type=etl.content_type,
diff --git a/src/etools_datamart/apps/tracking/middleware.py b/src/etools_datamart/apps/tracking/middleware.py
index fd55dc265..c33621c9e 100644
--- a/src/etools_datamart/apps/tracking/middleware.py
+++ b/src/etools_datamart/apps/tracking/middleware.py
@@ -10,6 +10,7 @@
 from strategy_field.utils import fqn
 
 from etools_datamart.apps.tracking import config
+from etools_datamart.apps.tracking.asyncqueue import AsyncQueue
 
 from .models import APIRequestLog, DailyCounter, MonthlyCounter, PathCounter, UserCounter
 
@@ -118,10 +119,14 @@ def record_to_kwargs(request, response):
                 cached=request.api_info.get('cache-hit', False),  # see api.common.APICacheResponse
                 content_type=media_type)
 
+
 #
-# class AsyncLogger(AsyncQueue):
-#     def _process(self, record):
-#         log_request(**record_to_kwargs(**record))
+class AsyncLogger(AsyncQueue):
+    def _process(self, record):
+        # import requests
+        # payload = 'v=1&t=event&tid=UA-XXXXXY&cid=555&ec=video&ea=play&el=holiday&ev=300'
+        # r = requests.post('http://www.google-analytics.com/collect', data=payload)
+        log_request(**record_to_kwargs(**record))
 
 
 class StatsMiddleware(object):
@@ -143,11 +148,11 @@ def __call__(self, request):
             self.log(request, response)
         return response
 
-#
-# class ThreadedStatsMiddleware(StatsMiddleware):
-#     def __init__(self, get_response):
-#         super(ThreadedStatsMiddleware, self).__init__(get_response)
-#         self.worker = AsyncLogger()
-#
-#     def log(self, request, response):
-#         self.worker.queue({'request': request, 'response': response})
+
+class ThreadedStatsMiddleware(StatsMiddleware):
+    def __init__(self, get_response):
+        super(ThreadedStatsMiddleware, self).__init__(get_response)
+        self.worker = AsyncLogger()
+
+    def log(self, request, response):
+        self.worker.queue({'request': request, 'response': response})
diff --git a/src/etools_datamart/config/settings.py b/src/etools_datamart/config/settings.py
index e3f3d846a..4a9c9b0d6 100644
--- a/src/etools_datamart/config/settings.py
+++ b/src/etools_datamart/config/settings.py
@@ -14,11 +14,11 @@
                   ETOOLS_DUMP_LOCATION=(str, str(PACKAGE_DIR / 'apps' / 'multitenant' / 'postgresql')),
 
                   CACHE_URL=(str, "redis://127.0.0.1:6379/1"),
-                  API_CACHE_URL=(str, "redis://127.0.0.1:6379/2?key_prefix=api"),
-                  LOCK_CACHE_URL=(str, "redis://127.0.0.1:6379/2?key_prefix=lock"),
-                  TEMPLATE_CACHE_URL=(str, "redis://127.0.0.1:6379/2?key_prefix=template"),
+                  CACHE_URL_API=(str, "redis://127.0.0.1:6379/2?key_prefix=api"),
+                  CACHE_URL_LOCK=(str, "redis://127.0.0.1:6379/2?key_prefix=lock"),
+                  CACHE_URL_TEMPLATE=(str, "redis://127.0.0.1:6379/2?key_prefix=template"),
                   # CACHE_URL=(str, "dummycache://"),
-                  # API_CACHE_URL=(str, "dummycache://"),
+                  # CACHE_URL_API=(str, "dummycache://"),
                   ABSOLUTE_BASE_URL=(str, 'http://localhost:8000'),
                   DISCONNECT_URL=(str, 'https://login.microsoftonline.com/unicef.org/oauth2/logout'),
                   ENABLE_LIVE_STATS=(bool, True),
@@ -190,9 +190,9 @@
 
 CACHES = {
     'default': env.cache(),
-    'lock': env.cache('LOCK_CACHE_URL'),
-    'api': env.cache('API_CACHE_URL'),
-    'dbtemplates': env.cache('TEMPLATE_CACHE_URL')
+    'lock': env.cache('CACHE_URL_LOCK'),
+    'api': env.cache('CACHE_URL_API'),
+    'dbtemplates': env.cache('CACHE_URL_TEMPLATE')
 }
 
 ROOT_URLCONF = 'etools_datamart.config.urls'
diff --git a/tests/test_commands.py b/tests/test_commands.py
index 4900acd41..640527525 100644
--- a/tests/test_commands.py
+++ b/tests/test_commands.py
@@ -31,13 +31,6 @@ def test_init_setup_all(db, settings, autocreate_users, invalidate_cache):
     assert ModelUser.objects.exists()
 
 
-@pytest.mark.django_db
-def test_init_setup_refresh_async(db, settings):
-    call_command("init-setup", _async=True, refresh=True, stdout=StringIO())
-    ModelUser = get_user_model()
-    assert ModelUser.objects.exists()
-
-
 @pytest.mark.django_db
 def test_init_setup_migrate(db, settings):
     settings.DEBUG = True
diff --git a/tests/test_subscription.py b/tests/test_subscription.py
index f68837538..b2c2e5063 100644
--- a/tests/test_subscription.py
+++ b/tests/test_subscription.py
@@ -65,7 +65,7 @@ def test_subscribe_404(rf, admin_user, etltask):
     request = rf.post(reverse("subscribe", args=[etltask.pk]),
                       {"type": 1}, content_type='application/json')
     request.user = admin_user
-    res = subscribe(request, 21)
+    res = subscribe(request, -99)
     assert res.status_code == 404
 
 

From 5e556f4e7eb15e9a208a43ce2d093c64933304d8 Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Wed, 5 Dec 2018 14:20:44 +0100
Subject: [PATCH 10/86] add ability to sync users with GRAPH

---
 src/etools_datamart/config/settings.py        |  6 +-
 src/unicef_rest_framework/auth.py             |  2 +-
 src/unicef_security/admin.py                  | 44 +++++++++++++-
 src/unicef_security/config.py                 |  4 +-
 src/unicef_security/{azure.py => graph.py}    | 58 +++++++++++++------
 src/unicef_security/sync.py                   |  2 +-
 .../templates/admin/link_user.html            | 39 +++++++++++++
 tests/unicef_security/test_azure.py           |  2 +-
 8 files changed, 128 insertions(+), 29 deletions(-)
 rename src/unicef_security/{azure.py => graph.py} (85%)
 create mode 100644 src/unicef_security/templates/admin/link_user.html

diff --git a/src/etools_datamart/config/settings.py b/src/etools_datamart/config/settings.py
index 4a9c9b0d6..769ab04a6 100644
--- a/src/etools_datamart/config/settings.py
+++ b/src/etools_datamart/config/settings.py
@@ -183,7 +183,7 @@
 
 AUTHENTICATION_BACKENDS = [
     # 'social_core.backends.azuread_tenant.AzureADTenantOAuth2',
-    'unicef_security.azure.AzureADTenantOAuth2Ext',
+    'unicef_security.graph.AzureADTenantOAuth2Ext',
     'django.contrib.auth.backends.ModelBackend',
     'django.contrib.auth.backends.RemoteUserBackend',
 ]
@@ -460,7 +460,7 @@
 SOCIAL_AUTH_REVOKE_TOKENS_ON_DISCONNECT = True
 SOCIAL_AUTH_PIPELINE = (
     'social_core.pipeline.social_auth.social_details',
-    'unicef_security.azure.get_unicef_user',
+    'unicef_security.graph.get_unicef_user',
     # 'unicef_security.azure.social_uid',
     # 'social_core.pipeline.social_auth.social_uid',
     # 'social_core.pipeline.social_auth.social_user',
@@ -472,7 +472,7 @@
     # 'social_core.pipeline.social_auth.load_extra_data',
     # 'social_core.pipeline.user.user_details',
     # 'social_core.pipeline.social_auth.associate_by_email',
-    'unicef_security.azure.default_group',
+    'unicef_security.graph.default_group',
 )
 
 SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_KEY = env.str('AZURE_CLIENT_ID')
diff --git a/src/unicef_rest_framework/auth.py b/src/unicef_rest_framework/auth.py
index 73fdd3690..54ce59bec 100644
--- a/src/unicef_rest_framework/auth.py
+++ b/src/unicef_rest_framework/auth.py
@@ -7,7 +7,7 @@
 from rest_framework import exceptions
 from rest_framework.exceptions import AuthenticationFailed, PermissionDenied
 from rest_framework_jwt import authentication
-from unicef_security.azure import default_group, Synchronizer
+from unicef_security.graph import default_group, Synchronizer
 
 logger = logging.getLogger()
 
diff --git a/src/unicef_security/admin.py b/src/unicef_security/admin.py
index 51bb8f9a3..88bcafbfc 100644
--- a/src/unicef_security/admin.py
+++ b/src/unicef_security/admin.py
@@ -5,9 +5,10 @@
 from django.contrib import admin, messages
 from django.contrib.admin import ModelAdmin
 from django.contrib.auth.admin import UserAdmin
+from django.forms import Form
 from django.template.response import TemplateResponse
 from django.utils.translation import gettext_lazy as _
-from unicef_security.azure import Synchronizer, SyncResult
+from unicef_security.graph import default_group, Synchronizer, SyncResult
 from unicef_security.models import BusinessArea, Region, Role, User
 from unicef_security.sync import load_business_area, load_region
 
@@ -42,13 +43,17 @@ class LoadUsersForm(forms.Form):
     emails = forms.CharField(widget=forms.Textarea)
 
 
+class FF(Form):
+    selection = forms.CharField()
+
+
 @admin.register(User)
 class UserAdmin2(ExtraUrlMixin, UserAdmin):
     list_display = ['username', 'email', 'is_staff', 'is_superuser']
     list_filter = ['is_superuser', 'is_staff']
     search_fields = ['username', ]
     fieldsets = (
-        (None, {'fields': ('username', 'password')}),
+        (None, {'fields': (('username', 'azure_id'), 'password')}),
         (_('Personal info'), {'fields': (('first_name', 'last_name',),
                                          ('email', 'display_name'),
                                          ('job_title',),
@@ -81,6 +86,38 @@ def sync_user(self, request, pk):
 
         self.message_user(request, "User synchronized")
 
+    @action(label='Link user')
+    def link_user_data(self, request, pk):
+        opts = self.model._meta
+        ctx = {
+            'opts': opts,
+            'app_label': 'security',
+            'change': True,
+            'is_popup': False,
+            'save_as': False,
+            'has_delete_permission': False,
+            'has_add_permission': False,
+            'has_change_permission': True,
+        }
+        obj = self.get_object(request, pk)
+        syncronizer = Synchronizer()
+        try:
+            if request.method == 'POST':
+                if request.POST.get('selection'):
+                    data = syncronizer.get_user(request.POST.get('selection'))
+                    syncronizer.sync_user(obj, data['id'])
+                    self.message_user(request, "User linked")
+                    return None
+                else:
+                    ctx['message'] = 'Select one entry to link'
+
+            data = syncronizer.search_users(obj)
+            ctx['data'] = data
+            return TemplateResponse(request, 'admin/link_user.html', ctx)
+
+        except Exception as e:
+            self.message_user(request, str(e), messages.ERROR)
+
     @link()
     def load(self, request):
         opts = self.model._meta
@@ -101,7 +138,8 @@ def load(self, request):
                 emails = form.cleaned_data['emails'].split()
                 total_results = SyncResult()
                 for email in emails:
-                    result = synchronizer.fetch_users("startswith(mail,'%s')" % email)
+                    result = synchronizer.fetch_users("startswith(mail,'%s')" % email,
+                                                      callback=default_group)
                     total_results += result
                 self.message_user(request, f"{len(total_results.created)} users have been created,"
                                            f"{len(total_results.updated)} updated."
diff --git a/src/unicef_security/config.py b/src/unicef_security/config.py
index ba96c7be2..031ec6079 100644
--- a/src/unicef_security/config.py
+++ b/src/unicef_security/config.py
@@ -5,8 +5,8 @@
 AZURE_CLIENT_ID = os.environ.get('AZURE_CLIENT_ID', '')
 AZURE_CLIENT_SECRET = os.environ.get('AZURE_CLIENT_SECRET', '')
 
-UNICEF_AZURE_CLIENT_ID = os.environ.get('UNICEF_AZURE_CLIENT_ID', AZURE_CLIENT_ID)
-UNICEF_AZURE_CLIENT_SECRET = os.environ.get('UNICEF_AZURE_CLIENT_SECRET', AZURE_CLIENT_SECRET)
+GRAPH_CLIENT_ID = os.environ.get('GRAPH_CLIENT_ID', AZURE_CLIENT_ID)
+GRAPH_CLIENT_SECRET = os.environ.get('GRAPH_CLIENT_SECRET', AZURE_CLIENT_SECRET)
 
 AZURE_SSL = True
 AZURE_URL_EXPIRATION_SECS = 10800
diff --git a/src/unicef_security/azure.py b/src/unicef_security/graph.py
similarity index 85%
rename from src/unicef_security/azure.py
rename to src/unicef_security/graph.py
index 292adeac6..7cfd34481 100644
--- a/src/unicef_security/azure.py
+++ b/src/unicef_security/graph.py
@@ -14,6 +14,7 @@
 from social_core.backends.azuread_tenant import AzureADTenantOAuth2
 from social_core.exceptions import AuthTokenError
 from social_django.models import UserSocialAuth
+from unicef_security.config import GRAPH_CLIENT_ID, GRAPH_CLIENT_SECRET
 
 from . import config
 
@@ -175,7 +176,10 @@ def __eq__(self, other):
 
 
 class Synchronizer:
-    def __init__(self, user_model=None, mapping=None, echo=None):
+    def __init__(self, user_model=None, mapping=None, echo=None, id=None, secret=None):
+        self.id = id or GRAPH_CLIENT_ID
+        self.secret = secret or GRAPH_CLIENT_SECRET
+
         self.user_model = user_model or get_user_model()
         self.field_map = dict(mapping or DJANGOUSERMAP)
         self.user_pk_fields = self.field_map.pop('_pk')
@@ -188,13 +192,13 @@ def __init__(self, user_model=None, mapping=None, echo=None):
         self.echo = echo or (lambda l: True)
 
     def get_token(self):
-        if not config.UNICEF_AZURE_CLIENT_ID and config.UNICEF_AZURE_CLIENT_SECRET:
+        if not self.id and self.secret:
             raise ValueError("Configure AZURE_CLIENT_ID and/or AZURE_CLIENT_SECRET")
         token = cache.get(AZURE_GRAPH_API_TOKEN_CACHE_KEY)
         if not token:
             post_dict = {'grant_type': 'client_credentials',
-                         'client_id': config.UNICEF_AZURE_CLIENT_ID,
-                         'client_secret': config.UNICEF_AZURE_CLIENT_SECRET,
+                         'client_id': self.id,
+                         'client_secret': self.secret,
                          'resource': config.AZURE_GRAPH_API_BASE_URL}
             response = requests.post(config.AZURE_TOKEN_URL, post_dict)
             if response.status_code != 200:  # pragma: no cover
@@ -266,19 +270,38 @@ def get_record(self, user_info: dict) -> (dict, dict):
         pk = {fieldname: data.pop(fieldname) for fieldname in self.user_pk_fields}
         return pk, data
 
-    def fetch_users(self, filter):
+    def fetch_users(self, filter, callback=None):
         self.startUrl = "%s?$filter=%s" % (self._baseurl, filter)
-        return self.syncronize()
+        return self.syncronize(callback=callback)
+
+    def search_users(self, record):
+        url = "%s?$filter=" % self._baseurl
+        filters = []
+        if record.email:
+            filters.append("mail eq '%s'" % record.email)
+        if record.last_name:
+            filters.append("surname eq '%s'" % record.last_name)
+        if record.first_name:
+            filters.append("givenName eq '%s'" % record.first_name)
+
+        page = self.get_page(url + " or ".join(filters), single=True)
+        return page['value']
+
+    def filter_users_by_email(self, email):
+        """https://graph.microsoft.com/v1.0/users?$filter=mail eq 'sapostolico@unicef.org'"""
+        url = "%s?$filter=mail eq '%s'" % (self._baseurl, email)
+        page = self.get_page(url, single=True)
+        return page['value']
 
     def get_user(self, username):
         url = "%s/%s" % (self._baseurl, username)
         user_info = self.get_page(url, single=True)
         return user_info
 
-    def sync_user(self, user):
-        if not user.azure_id:
+    def sync_user(self, user, azure_id=None):
+        if not azure_id or user.azure_id:
             raise ValueError("Cannot sync user without azure_id")
-        url = "%s/%s" % (self._baseurl, user.azure_id)
+        url = "%s/%s" % (self._baseurl, azure_id or user.azure_id)
         user_info = self.get_page(url, single=True)
         pk, values = self.get_record(user_info)
         user, __ = self.user_model.objects.update_or_create(**pk,
@@ -291,22 +314,21 @@ def resume(self, *, delta_link=None, max_records=None):
         return self.syncronize(max_records)
 
     def is_valid(self, user_info):
-        return (user_info.get('email') and
-                user_info.get('first_name') and
-                user_info.get('last_name') and
-                'noreply' not in user_info.get('email'))
+        return user_info.get('email')
 
-    def syncronize(self, max_records=None):
+    def syncronize(self, max_records=None, callback=None):
         logger.debug("Start Azure user synchronization")
         results = SyncResult()
         try:
             for i, user_info in enumerate(iter(self)):
                 pk, values = self.get_record(user_info)
                 if self.is_valid(values):
-                    user_data = self.user_model.objects.update_or_create(**pk,
-                                                                         defaults=values)
-                    self.echo(user_data)
-                    results.log(user_data)
+                    user, created = self.user_model.objects.update_or_create(**pk,
+                                                                             defaults=values)
+                    if callback:
+                        callback(user=user, is_new=created)
+                    self.echo([user, created])
+                    results.log(user, created)
                 else:
                     results.log(user_info)
                 if max_records and i > max_records:
diff --git a/src/unicef_security/sync.py b/src/unicef_security/sync.py
index d1ab75719..078d50857 100644
--- a/src/unicef_security/sync.py
+++ b/src/unicef_security/sync.py
@@ -5,7 +5,7 @@
 from requests.auth import HTTPBasicAuth
 
 from . import config
-from .azure import SyncResult
+from .graph import SyncResult
 from .models import BusinessArea, Region
 
 logger = logging.getLogger(__name__)
diff --git a/src/unicef_security/templates/admin/link_user.html b/src/unicef_security/templates/admin/link_user.html
new file mode 100644
index 000000000..d03e47b33
--- /dev/null
+++ b/src/unicef_security/templates/admin/link_user.html
@@ -0,0 +1,39 @@
+{% extends "admin/change_form.html" %}{% load i18n admin_urls static admin_modify %}
+{% block breadcrumbs %}
+    <div class="breadcrumbs">
+        <a href="{% url 'admin:index' %}">{% trans 'Home' %}</a>
+        &rsaquo; <a href="{% url 'admin:app_list' app_label=opts.app_label %}">{{ opts.app_config.verbose_name }}</a>
+        &rsaquo; <a href="{% url opts|admin_urlname:'changelist' %}">{{ opts.verbose_name_plural|capfirst }}</a>
+        &rsaquo; Link AD User
+    </div>
+{% endblock %}
+
+{% block content %}
+    <h1>Link User with AD</h1>
+    <h3>Select AD user to link with</h3>
+    {{ message }}
+    <form method="POST">
+        {% csrf_token %}
+        <table>
+            {% for entry in data %}
+                <tr>
+                    <th>
+                        <input type="radio" name="selection" value="{{ entry.id }}">
+                        Select
+                    </th>
+                </tr>
+                {% for key,value in entry.items %}
+                    <tr>
+                        <th>{{ key }}</th>
+                        <td>{{ value }}</td>
+                    </tr>
+                {% endfor %}
+            {% endfor %}
+            <hr/>
+        </table>
+        <input type="submit" value="Link">
+        <input type="button" value="Cancel">
+    </form>
+{% endblock content %}
+
+{% block submit_buttons_bottom %}{% endblock %}
diff --git a/tests/unicef_security/test_azure.py b/tests/unicef_security/test_azure.py
index c711acd4c..380658f9f 100644
--- a/tests/unicef_security/test_azure.py
+++ b/tests/unicef_security/test_azure.py
@@ -1,7 +1,7 @@
 from pathlib import Path
 
 import vcr
-from unicef_security.azure import Synchronizer
+from unicef_security.graph import Synchronizer
 
 
 def test_token():

From 6fd7ffab6e968cd984e1e7dd5153a749167380d3 Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Wed, 5 Dec 2018 14:43:47 +0100
Subject: [PATCH 11/86] fixes Synchronizer

---
 src/unicef_security/graph.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/unicef_security/graph.py b/src/unicef_security/graph.py
index 7cfd34481..271706e63 100644
--- a/src/unicef_security/graph.py
+++ b/src/unicef_security/graph.py
@@ -299,7 +299,7 @@ def get_user(self, username):
         return user_info
 
     def sync_user(self, user, azure_id=None):
-        if not azure_id or user.azure_id:
+        if not (azure_id or user.azure_id):
             raise ValueError("Cannot sync user without azure_id")
         url = "%s/%s" % (self._baseurl, azure_id or user.azure_id)
         user_info = self.get_page(url, single=True)

From 30078e7f453963b0a058a37ee92fce176fd4f2f8 Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Wed, 5 Dec 2018 15:47:31 +0100
Subject: [PATCH 12/86] fixes tests

---
 tests/api/test_api_auth_jwt.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/api/test_api_auth_jwt.py b/tests/api/test_api_auth_jwt.py
index 8e359c618..07d8d854c 100644
--- a/tests/api/test_api_auth_jwt.py
+++ b/tests/api/test_api_auth_jwt.py
@@ -29,7 +29,7 @@ def user(db):
 def test_token(user, client):
     url = reverse('api:partners-list', args=['v1'])
     client.credentials(HTTP_AUTHORIZATION='jwt ' + TOKEN)
-    with mock.patch('unicef_security.azure.Synchronizer.get_user',
+    with mock.patch('unicef_security.graph.Synchronizer.get_user',
                     return_value={'@odata.context': 'https://graph.microsoft.com/v1.0/$metadata#users/$entity',
                                   'id': '21d2ecba-83e4-4e81-a93c-d44f55dd222e', 'businessPhones': [],
                                   'displayName': 'Stefano Apostolico', 'givenName': 'Stefano', 'jobTitle': None,

From e59c551910850670fdfd11d28449513717bda57b Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Wed, 5 Dec 2018 17:45:19 +0100
Subject: [PATCH 13/86] minor fixing

---
 src/etools_datamart/api/metadata.py                  |  8 ++++----
 .../apps/init/management/commands/init-setup.py      |  2 +-
 src/unicef_security/admin.py                         | 12 ++++++------
 3 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/src/etools_datamart/api/metadata.py b/src/etools_datamart/api/metadata.py
index ef1e46caa..28691ec42 100644
--- a/src/etools_datamart/api/metadata.py
+++ b/src/etools_datamart/api/metadata.py
@@ -67,10 +67,10 @@ class SimpleMetadataWithFilters(SimpleMetadata):
 
     def determine_metadata(self, request, view):
         metadata = super(SimpleMetadataWithFilters, self).determine_metadata(request, view)
-        metadata['filters'] = getattr(view, 'filter_fields')
-        metadata['filter_blacklist'] = getattr(view, 'filter_blacklist')
-        metadata['ordering'] = getattr(view, 'ordering_fields')
-        metadata['serializers'] = getattr(view, 'serializers_fieldsets')
+        metadata['filters'] = getattr(view, 'filter_fields', '')
+        metadata['filter_blacklist'] = getattr(view, 'filter_blacklist', '')
+        metadata['ordering'] = getattr(view, 'ordering_fields', '')
+        metadata['serializers'] = getattr(view, 'serializers_fieldsets', '')
         # from django.db import connection
         # with connection.schema_editor() as editor:
         #     sql = get_create_model(editor, view.queryset.model)
diff --git a/src/etools_datamart/apps/init/management/commands/init-setup.py b/src/etools_datamart/apps/init/management/commands/init-setup.py
index dc7b4a977..c10ee0c3c 100644
--- a/src/etools_datamart/apps/init/management/commands/init-setup.py
+++ b/src/etools_datamart/apps/init/management/commands/init-setup.py
@@ -150,7 +150,7 @@ def handle(self, *args, **options):
             loc = values.get('LOCATION', '')
             spec = urlparse(loc)
             if spec.scheme == 'redis':
-                RedisServer.objects.get_or_create(hostname=spec.netloc,
+                RedisServer.objects.get_or_create(hostname=spec.hostname,
                                                   port=int(spec.port))
 
         if os.environ.get('AUTOCREATE_USERS'):
diff --git a/src/unicef_security/admin.py b/src/unicef_security/admin.py
index 88bcafbfc..732b68f9c 100644
--- a/src/unicef_security/admin.py
+++ b/src/unicef_security/admin.py
@@ -49,7 +49,7 @@ class FF(Form):
 
 @admin.register(User)
 class UserAdmin2(ExtraUrlMixin, UserAdmin):
-    list_display = ['username', 'email', 'is_staff', 'is_superuser']
+    list_display = ['username', 'email', 'is_staff', 'is_superuser', 'is_linked']
     list_filter = ['is_superuser', 'is_staff']
     search_fields = ['username', ]
     fieldsets = (
@@ -68,12 +68,12 @@ class UserAdmin2(ExtraUrlMixin, UserAdmin):
             'fields': ('username', 'password1', 'password2'),
         }),
     )
+    readonly_fields = ('azure_id', 'job_title', 'display_name')
 
-    # @link()
-    # def sync(self, request):
-    #     from .tasks import sync_users
-    #     sync_users.delay()
-    #     self.message_user(request, "User synchronization scheduled")
+    def is_linked(self, obj):
+        return bool(obj.azure_id)
+
+    is_linked.boolean = True
 
     @action(label='Sync')
     def sync_user(self, request, pk):

From cfb7d51e8643db2d286c378250d61a175b58355d Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Thu, 6 Dec 2018 11:36:21 +0100
Subject: [PATCH 14/86] fixes creation of GroupAccessControl entries

---
 Makefile                               |  3 ---
 src/unicef_rest_framework/admin/acl.py | 21 +++++++++++++++++----
 2 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/Makefile b/Makefile
index 2acaf02f7..b7528c32b 100644
--- a/Makefile
+++ b/Makefile
@@ -30,9 +30,6 @@ lint:
 	pipenv run pre-commit run --all-files
 	pipenv run pre-commit run --all-files --hook-stage push
 	pipenv run pre-commit run --all-files --hook-stage manual
-#	pipenv run flake8 src/ tests/
-#	pipenv run isort -rc src/ --check-only
-#	pipenv run check-manifest
 
 clean:
 	rm -fr ${BUILDDIR} dist *.egg-info .coverage coverage.xml .eggs
diff --git a/src/unicef_rest_framework/admin/acl.py b/src/unicef_rest_framework/admin/acl.py
index 66ffc0d75..1d3648528 100644
--- a/src/unicef_rest_framework/admin/acl.py
+++ b/src/unicef_rest_framework/admin/acl.py
@@ -39,6 +39,7 @@ def get_queryset(self, request):
 
 
 class GroupAccessControlForm(forms.Form):
+    overwrite_existing = forms.BooleanField(help_text="Overwrite existing entries", required=False)
     group = forms.ModelChoiceField(queryset=Group.objects.all())
     policy = forms.ChoiceField(choices=AbstractAccessControl.POLICIES)
     services = forms.ModelMultipleChoiceField(queryset=Service.objects.all(),
@@ -61,6 +62,9 @@ class GroupAccessControlAdmin(ExtraUrlMixin, admin.ModelAdmin):
     def get_queryset(self, request):
         return super(GroupAccessControlAdmin, self).get_queryset(request).select_related(*self.raw_id_fields)
 
+    def has_add_permission(self, request):
+        return False
+
     @link()
     def add_acl(self, request):
         opts = self.model._meta
@@ -82,9 +86,18 @@ def add_acl(self, request):
             form = GroupAccessControlForm(request.POST)
             if form.is_valid():
                 services = form.cleaned_data.pop('services')
+                group = form.cleaned_data.pop('group')
+                overwrite_existing = form.cleaned_data.pop('overwrite_existing')
+
                 for service in services:
-                    GroupAccessControl.objects.get_or_create(service=service,
-                                                             **form.cleaned_data)
+                    if overwrite_existing:
+                        GroupAccessControl.objects.update_or_create(service=service,
+                                                                    group=group,
+                                                                    defaults=form.cleaned_data)
+                    else:
+                        GroupAccessControl.objects.update_or_create(service=service,
+                                                                    group=group,
+                                                                    defaults=form.cleaned_data)
                 self.message_user(request, 'ACLs created')
 
         else:
@@ -92,8 +105,8 @@ def add_acl(self, request):
                                                    'policy': AbstractAccessControl.POLICY_ALLOW,
                                                    'serializers': 'std'})
         ctx['adminform'] = AdminForm(form,
-                                     [(None, {'fields': [['group',
-                                                          'policy'],
+                                     [(None, {'fields': ['overwrite_existing',
+                                                         ['group', 'policy'],
                                                          'services',
                                                          ['rate', 'serializers']]})],
                                      {})

From 0f01f76a2ca2fc44c21ed5ce647ece25a8ff9e80 Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Thu, 6 Dec 2018 15:46:16 +0100
Subject: [PATCH 15/86] more consistent admin page

---
 .../migrations/0002_auto_20181206_1420.py     | 38 ++++++++++
 .../migrations/0003_auto_20181206_1420.py     | 18 +++++
 .../apps/web/templates/admin/base_site.html   | 12 +++-
 .../apps/web/templates/admin/index_new.html   | 29 ++++++++
 src/etools_datamart/config/admin.py           | 70 +++++++++++++++++++
 src/etools_datamart/config/settings.py        |  2 +-
 src/unicef_rest_framework/apps.py             |  2 +-
 src/unicef_rest_framework/auth.py             |  1 -
 src/unicef_security/admin.py                  |  5 +-
 9 files changed, 170 insertions(+), 7 deletions(-)
 create mode 100644 src/etools_datamart/apps/data/migrations/0002_auto_20181206_1420.py
 create mode 100644 src/etools_datamart/apps/subscriptions/migrations/0003_auto_20181206_1420.py
 create mode 100644 src/etools_datamart/apps/web/templates/admin/index_new.html

diff --git a/src/etools_datamart/apps/data/migrations/0002_auto_20181206_1420.py b/src/etools_datamart/apps/data/migrations/0002_auto_20181206_1420.py
new file mode 100644
index 000000000..2e8f666e5
--- /dev/null
+++ b/src/etools_datamart/apps/data/migrations/0002_auto_20181206_1420.py
@@ -0,0 +1,38 @@
+# Generated by Django 2.1.4 on 2018-12-06 14:20
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('data', '0001_initial'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='famindicator',
+            name='last_modify_date',
+            field=models.DateTimeField(auto_now=True),
+        ),
+        migrations.AlterField(
+            model_name='hact',
+            name='last_modify_date',
+            field=models.DateTimeField(auto_now=True),
+        ),
+        migrations.AlterField(
+            model_name='intervention',
+            name='last_modify_date',
+            field=models.DateTimeField(auto_now=True),
+        ),
+        migrations.AlterField(
+            model_name='pmpindicators',
+            name='last_modify_date',
+            field=models.DateTimeField(auto_now=True),
+        ),
+        migrations.AlterField(
+            model_name='userstats',
+            name='last_modify_date',
+            field=models.DateTimeField(auto_now=True),
+        ),
+    ]
diff --git a/src/etools_datamart/apps/subscriptions/migrations/0003_auto_20181206_1420.py b/src/etools_datamart/apps/subscriptions/migrations/0003_auto_20181206_1420.py
new file mode 100644
index 000000000..45e24ff12
--- /dev/null
+++ b/src/etools_datamart/apps/subscriptions/migrations/0003_auto_20181206_1420.py
@@ -0,0 +1,18 @@
+# Generated by Django 2.1.4 on 2018-12-06 14:20
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('subscriptions', '0002_auto_20181129_0824'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='subscription',
+            name='type',
+            field=models.IntegerField(choices=[(0, 'None'), (1, 'Email'), (2, 'Email+Excel'), (3, 'Email+Pdf')]),
+        ),
+    ]
diff --git a/src/etools_datamart/apps/web/templates/admin/base_site.html b/src/etools_datamart/apps/web/templates/admin/base_site.html
index 0e505c3e8..294040670 100644
--- a/src/etools_datamart/apps/web/templates/admin/base_site.html
+++ b/src/etools_datamart/apps/web/templates/admin/base_site.html
@@ -3,7 +3,7 @@
 {% block title %}{{ title }} | {{ site_title|default:_('Django site admin') }}{% endblock %}
 
 {% block branding %}
-<h1 id="site-name"><a href="{% url 'admin:index' %}">{{ site_header|default:_('Django administration') }}</a></h1>
+    <h1 id="site-name"><a href="{% url 'admin:index' %}">{{ site_header|default:_('Django administration') }}</a></h1>
 {% endblock %}
 
 {% block userlinks %}
@@ -11,8 +11,16 @@ <h1 id="site-name"><a href="{% url 'admin:index' %}">{{ site_header|default:_('D
     {% if user.is_superuser %}
         {% url 'sys-admin-info' as sysinfo %}
         {% if sysinfo %}
-            <a href="{{ sysinfo }}">Sys Infos</a>
+            / <a href="{{ sysinfo }}">Sys Infos</a>
         {% endif %}
+        / <a href="javascript:document.cookie='old_index_style={{ index_style }}; path=/';window.location.reload(true);">Switch index</a>
     {% endif %}
 {% endblock %}
 {% block nav-global %}{% endblock %}
+{#{% block footer %}#}
+{#    <div id="footer">#}
+{#        <div style="float:right">#}
+{#            <a href="javascript:document.cookie='old_index_style={{ index_style }}; path=/';window.location.reload(true);">Switch index</a>#}
+{#        </div>#}
+{#    </div>#}
+{#{% endblock %}#}
diff --git a/src/etools_datamart/apps/web/templates/admin/index_new.html b/src/etools_datamart/apps/web/templates/admin/index_new.html
new file mode 100644
index 000000000..1459c4d38
--- /dev/null
+++ b/src/etools_datamart/apps/web/templates/admin/index_new.html
@@ -0,0 +1,29 @@
+{% extends "admin/index.html" %}{% load i18n %}
+{% block content %}
+    <div id="content-main">
+        {% if groups %}
+            {% for section, apps in groups.items %}
+                <div class="module">
+                    <table style="width: 100%">
+                        <caption>
+                            {{ section }}
+                        </caption>
+                        {% for model in apps %}
+                            <tr>
+                                {% if model.admin_url %}
+                                    <th scope="row"><a href="{{ model.admin_url }}">{{ model.label }}</a></th>
+                                {% else %}
+                                    <th scope="row">{{ model.model_name }}</th>
+                                {% endif %}
+                            </tr>
+                        {% endfor %}
+                    </table>
+                </div>
+            {% endfor %}
+        {% else %}
+            <p>{% trans "You don't have permission to view or edit anything." %}</p>
+        {% endif %}
+    </div>
+{% endblock %}
+{% block sidebar %}
+{% endblock sidebar %}
diff --git a/src/etools_datamart/config/admin.py b/src/etools_datamart/config/admin.py
index 3c14752fa..97b9904bf 100644
--- a/src/etools_datamart/config/admin.py
+++ b/src/etools_datamart/config/admin.py
@@ -1,7 +1,12 @@
+from collections import OrderedDict
+
 from django.contrib.admin import AdminSite
 from django.contrib.admin.apps import SimpleAdminConfig
+from django.core.cache import cache
 from django.http import HttpResponseRedirect
+from django.template.response import TemplateResponse
 from django.utils.translation import gettext_lazy
+from django.views.decorators.cache import never_cache
 
 
 def reset_counters(request):
@@ -37,6 +42,71 @@ def get_urls(self):
         ]
         return urls
 
+    @never_cache
+    def index(self, request, extra_context=None):
+        style = request.COOKIES.get('old_index_style', 0)
+        if style in [1, "1"]:
+            return super(DatamartAdminSite, self).index(request, {'index_style': 0})
+        else:
+            return self.index_new(request, {'index_style': 1})
+
+    @never_cache
+    def index_new(self, request, extra_context=None):
+        key = f'apps_groups:{request.user.id}'
+        app_list = self.get_app_list(request)
+        groups = cache.get(key)
+        if not groups:
+            sections = {
+                'Administration': ['unicef_rest_framework', 'constance', 'dbtemplates', 'subscriptions'],
+                'Data': ['data', 'etools', 'etl'],
+                'Security': ['auth', 'unicef_security',
+                             'unicef_rest_framework.GroupAccessControl',
+                             'unicef_rest_framework.UserAccessControl',
+                             ],
+                'Logs': ['tracking', 'django_db_logging', 'crashlog', ],
+                'System': ['redisboard', 'django_celery_beat', 'post_office'],
+                'Other': ['unicef_rest_framework.Application', ],
+            }
+            groups = OrderedDict([(k, []) for k in sections.keys()])
+
+            def get_section(model, app):
+                fqn = "%s.%s" % (app['app_label'], model['object_name'])
+                target = 'Other'
+                for sec, models in sections.items():
+                    if fqn in models:
+                        return sec
+                    elif app['app_label'] in models:
+                        target = sec
+                return target
+
+            for app in app_list:
+                for model in app['models']:
+                    sec = get_section(model, app)
+                    groups[sec].append(
+                        {'app_label': app['app_label'],
+                         'app_name': app['name'],
+                         'app_url': app['app_url'],
+                         'label': "%s - %s" % (app['name'], model['object_name']),
+                         'model_name': model['name'],
+                         'admin_url': model['admin_url'],
+                         'perms': model['perms']})
+
+            for __, models in groups.items():
+                models.sort(key=lambda x: x['label'])
+            cache.set(key, groups, 60 * 60)
+
+        context = {
+            **self.each_context(request),
+            # 'title': self.index_title,
+            'app_list': app_list,
+            'groups': dict(groups),
+            **(extra_context or {}),
+        }
+
+        request.current_app = self.name
+
+        return TemplateResponse(request, 'admin/index_new.html', context)
+
 
 class AdminConfig(SimpleAdminConfig):
     """The default AppConfig for admin which does autodiscovery."""
diff --git a/src/etools_datamart/config/settings.py b/src/etools_datamart/config/settings.py
index 769ab04a6..af383a3f6 100644
--- a/src/etools_datamart/config/settings.py
+++ b/src/etools_datamart/config/settings.py
@@ -268,7 +268,7 @@
     'etools_datamart.config.admin.AdminConfig',
 
     'admin_extra_urls',
-    'unicef_rest_framework',
+    'unicef_rest_framework.apps.Config',
     'rest_framework',
     'oauth2_provider',
     'social_django',
diff --git a/src/unicef_rest_framework/apps.py b/src/unicef_rest_framework/apps.py
index a694414c5..48e1ee0a3 100644
--- a/src/unicef_rest_framework/apps.py
+++ b/src/unicef_rest_framework/apps.py
@@ -4,4 +4,4 @@
 
 class Config(AppConfig):
     name = 'unicef_rest_framework'
-    label = 'API Configuration'
+    verbose_name = 'API Configuration'
diff --git a/src/unicef_rest_framework/auth.py b/src/unicef_rest_framework/auth.py
index 54ce59bec..8a4d64414 100644
--- a/src/unicef_rest_framework/auth.py
+++ b/src/unicef_rest_framework/auth.py
@@ -40,7 +40,6 @@ def authenticate_credentials(self, payload):
         if not username:
             msg = _('Invalid payload.')
             raise exceptions.AuthenticationFailed(msg)
-        created = False
         try:
             user = User.objects.get_by_natural_key(username)
         except User.DoesNotExist:
diff --git a/src/unicef_security/admin.py b/src/unicef_security/admin.py
index 732b68f9c..f1ee95ac6 100644
--- a/src/unicef_security/admin.py
+++ b/src/unicef_security/admin.py
@@ -49,9 +49,10 @@ class FF(Form):
 
 @admin.register(User)
 class UserAdmin2(ExtraUrlMixin, UserAdmin):
-    list_display = ['username', 'email', 'is_staff', 'is_superuser', 'is_linked']
+    list_display = ['username', 'display_name', 'email', 'is_staff',
+                    'is_superuser', 'is_linked', 'last_login']
     list_filter = ['is_superuser', 'is_staff']
-    search_fields = ['username', ]
+    search_fields = ['username', 'display_name']
     fieldsets = (
         (None, {'fields': (('username', 'azure_id'), 'password')}),
         (_('Personal info'), {'fields': (('first_name', 'last_name',),

From dd92c5ffe29655ebdd5514bfdb0052a25eef6ca5 Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Thu, 6 Dec 2018 23:09:54 +0100
Subject: [PATCH 16/86] updates

---
 CHANGES                                       |   2 +
 docker/Makefile                               |   2 +-
 src/drf_querystringfilter/backend.py          |   2 +
 src/etools_datamart/api/endpoints/__init__.py |   1 +
 .../api/endpoints/unicef/__init__.py          |   2 +
 .../api/endpoints/unicef/business_area.py     |  13 ++++
 .../api/endpoints/unicef/region.py            |  13 ++++
 .../api/endpoints/unicef/serializers.py       |  15 ++++
 src/etools_datamart/api/urls.py               |   3 +
 .../apps/data/migrations/0001_initial.py      |  12 ++--
 .../migrations/0002_auto_20181206_1420.py     |  38 ----------
 .../apps/etl/migrations/0001_initial.py       |   2 +-
 .../multitenant/postgresql/public.sqldump     | Bin 4047913 -> 4047913 bytes
 .../subscriptions/migrations/0001_initial.py  |   4 +-
 ...129_0824.py => 0002_auto_20181206_1447.py} |   2 +-
 .../migrations/0003_auto_20181206_1420.py     |  18 -----
 .../apps/tracking/management/__init__.py      |   0
 .../tracking/management/commands/__init__.py  |   0
 .../tracking/management/commands/track.py     |  68 ++++++++++++++++++
 .../apps/tracking/migrations/0001_initial.py  |   2 +-
 ...129_0824.py => 0002_auto_20181206_1447.py} |   4 +-
 .../apps/web/templates/base.html              |  14 +++-
 src/etools_datamart/config/settings.py        |  14 +++-
 .../migrations/0001_initial.py                |   2 +-
 ...129_0824.py => 0002_auto_20181206_1447.py} |   8 +--
 src/unicef_rest_framework/renderers/html.py   |   2 +-
 .../templates/renderers/html/html.html        |   2 +-
 .../templates/rest_framework/base.html        |  10 ++-
 .../migrations/0001_initial.py                |   3 +-
 src/unicef_security/models.py                 |   1 +
 src/unicef_security/tasks.py                  |   7 ++
 31 files changed, 185 insertions(+), 81 deletions(-)
 create mode 100644 src/etools_datamart/api/endpoints/unicef/__init__.py
 create mode 100644 src/etools_datamart/api/endpoints/unicef/business_area.py
 create mode 100644 src/etools_datamart/api/endpoints/unicef/region.py
 create mode 100644 src/etools_datamart/api/endpoints/unicef/serializers.py
 delete mode 100644 src/etools_datamart/apps/data/migrations/0002_auto_20181206_1420.py
 rename src/etools_datamart/apps/subscriptions/migrations/{0002_auto_20181129_0824.py => 0002_auto_20181206_1447.py} (93%)
 delete mode 100644 src/etools_datamart/apps/subscriptions/migrations/0003_auto_20181206_1420.py
 create mode 100644 src/etools_datamart/apps/tracking/management/__init__.py
 create mode 100644 src/etools_datamart/apps/tracking/management/commands/__init__.py
 create mode 100644 src/etools_datamart/apps/tracking/management/commands/track.py
 rename src/etools_datamart/apps/tracking/migrations/{0002_auto_20181129_0824.py => 0002_auto_20181206_1447.py} (97%)
 rename src/unicef_rest_framework/migrations/{0002_auto_20181129_0824.py => 0002_auto_20181206_1447.py} (97%)
 create mode 100644 src/unicef_security/tasks.py

diff --git a/CHANGES b/CHANGES
index 33022d661..8b0502f0f 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,9 +1,11 @@
 1.8 (dev)
 ---------
+* WARNINGS: migration reset
 * add ability to create 'per model' custom templates for html/pdf renderers
     new `TEMPLATE_CACHE_URL` enironment variable
 * fixes error in some renderers with cached response
 * Adopting of RabbitMQ to prevent message loss
+* new admin index page
 
 
 1.7
diff --git a/docker/Makefile b/docker/Makefile
index 29994e6d1..64e2ed5f4 100644
--- a/docker/Makefile
+++ b/docker/Makefile
@@ -80,7 +80,7 @@ local:
 	$(MAKE) .run
 
 release:
-	docker login -u ${DOCKER_USER} -p ${DOCKER_PASS}
+	echo ${DOCKER_PASS} | docker login -u ${DOCKER_USER} --password-stdin
 	docker tag ${DOCKER_IMAGE_NAME}:${TARGET} ${DOCKER_IMAGE_NAME}:latest
 	docker push ${DOCKER_IMAGE_NAME}:latest
 	docker push ${DOCKER_IMAGE_NAME}:${TARGET}
diff --git a/src/drf_querystringfilter/backend.py b/src/drf_querystringfilter/backend.py
index cf5629c6e..7671e1085 100644
--- a/src/drf_querystringfilter/backend.py
+++ b/src/drf_querystringfilter/backend.py
@@ -137,6 +137,8 @@ def _get_filters(self, request, queryset, view):  # noqa
 
             for fieldname_arg in self.query_params:
                 raw_value = self.query_params.get(fieldname_arg)
+                if not raw_value:
+                    continue
                 negate = fieldname_arg[-1] == "!"
 
                 if negate:
diff --git a/src/etools_datamart/api/endpoints/__init__.py b/src/etools_datamart/api/endpoints/__init__.py
index b0965583a..4430b3d65 100644
--- a/src/etools_datamart/api/endpoints/__init__.py
+++ b/src/etools_datamart/api/endpoints/__init__.py
@@ -2,4 +2,5 @@
 from .datamart import *  # noqa
 from .system import *  # noqa
 from .etools import *  # noqa
+from .unicef import *  # noqa
 from .openapi import schema_view  # noqa
diff --git a/src/etools_datamart/api/endpoints/unicef/__init__.py b/src/etools_datamart/api/endpoints/unicef/__init__.py
new file mode 100644
index 000000000..1976cdd76
--- /dev/null
+++ b/src/etools_datamart/api/endpoints/unicef/__init__.py
@@ -0,0 +1,2 @@
+from .region import RegionViewSet  # noqa
+from .business_area import BusinessAreaViewSet  # noqa
diff --git a/src/etools_datamart/api/endpoints/unicef/business_area.py b/src/etools_datamart/api/endpoints/unicef/business_area.py
new file mode 100644
index 000000000..b2cf8ec3e
--- /dev/null
+++ b/src/etools_datamart/api/endpoints/unicef/business_area.py
@@ -0,0 +1,13 @@
+# -*- coding: utf-8 -*-
+from unicef_security import models
+
+from . import serializers
+from .. import common
+
+
+class BusinessAreaViewSet(common.APIReadOnlyModelViewSet):
+    pagination_class = None
+    serializer_class = serializers.BusinessAreaSerializer
+    queryset = models.BusinessArea.objects.all()
+    filter_fields = ('code', 'name', 'long_name',
+                     'region', 'country', 'last_modify_date')
diff --git a/src/etools_datamart/api/endpoints/unicef/region.py b/src/etools_datamart/api/endpoints/unicef/region.py
new file mode 100644
index 000000000..f285c095c
--- /dev/null
+++ b/src/etools_datamart/api/endpoints/unicef/region.py
@@ -0,0 +1,13 @@
+# -*- coding: utf-8 -*-
+from unicef_security import models
+
+from . import serializers
+from .. import common
+
+
+class RegionViewSet(common.APIReadOnlyModelViewSet):
+    pagination_class = None
+    serializer_class = serializers.RegionSerializer
+    queryset = models.Region.objects.all()
+    filter_fields = ('task', 'table_name', 'result',
+                     'last_success', 'last_failure')
diff --git a/src/etools_datamart/api/endpoints/unicef/serializers.py b/src/etools_datamart/api/endpoints/unicef/serializers.py
new file mode 100644
index 000000000..b2891bb67
--- /dev/null
+++ b/src/etools_datamart/api/endpoints/unicef/serializers.py
@@ -0,0 +1,15 @@
+# -*- coding: utf-8 -*-
+from rest_framework import serializers
+from unicef_security import models
+
+
+class BusinessAreaSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = models.BusinessArea
+        exclude = ('country',)
+
+
+class RegionSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = models.Region
+        exclude = ()
diff --git a/src/etools_datamart/api/urls.py b/src/etools_datamart/api/urls.py
index c72b02955..8b20694a8 100644
--- a/src/etools_datamart/api/urls.py
+++ b/src/etools_datamart/api/urls.py
@@ -32,6 +32,9 @@ class ReadOnlyRouter(APIReadOnlyRouter):
 router.register(r'datamart/user-stats', endpoints.UserStatsViewSet)
 router.register(r'datamart/hact', endpoints.HACTViewSet)
 
+router.register(r'unicef/business-areas', endpoints.BusinessAreaViewSet)
+router.register(r'unicef/regions', endpoints.RegionViewSet)
+
 router.register(r'system/monitor', endpoints.MonitorViewSet)
 
 # urlpatterns = router.urls
diff --git a/src/etools_datamart/apps/data/migrations/0001_initial.py b/src/etools_datamart/apps/data/migrations/0001_initial.py
index 9bbc51de0..8c4e74b38 100644
--- a/src/etools_datamart/apps/data/migrations/0001_initial.py
+++ b/src/etools_datamart/apps/data/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.3 on 2018-11-29 08:24
+# Generated by Django 2.1.4 on 2018-12-06 14:47
 
 import django.contrib.postgres.fields.jsonb
 import month_field.models
@@ -19,7 +19,7 @@ class Migration(migrations.Migration):
                 ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
                 ('country_name', models.CharField(db_index=True, max_length=50)),
                 ('schema_name', models.CharField(db_index=True, max_length=50)),
-                ('last_modify_date', models.DateTimeField(auto_now=True, auto_now_add=True)),
+                ('last_modify_date', models.DateTimeField(auto_now=True)),
                 ('month', month_field.models.MonthField(verbose_name='Month Value')),
                 ('spotcheck_ip_contacted', models.IntegerField(default=0, verbose_name='Spot Check-IP Contacted')),
                 ('spotcheck_report_submitted', models.IntegerField(default=0, verbose_name='Spot Check-Report Submitted')),
@@ -49,7 +49,7 @@ class Migration(migrations.Migration):
                 ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
                 ('country_name', models.CharField(db_index=True, max_length=50)),
                 ('schema_name', models.CharField(db_index=True, max_length=50)),
-                ('last_modify_date', models.DateTimeField(auto_now=True, auto_now_add=True)),
+                ('last_modify_date', models.DateTimeField(auto_now=True)),
                 ('year', models.IntegerField()),
                 ('microassessments_total', models.IntegerField(default=0, help_text='Total number of completed Microassessments in the business area in the past year')),
                 ('programmaticvisits_total', models.IntegerField(default=0, help_text='Total number of completed Programmatic visits in the business area')),
@@ -69,7 +69,7 @@ class Migration(migrations.Migration):
                 ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
                 ('country_name', models.CharField(db_index=True, max_length=50)),
                 ('schema_name', models.CharField(db_index=True, max_length=50)),
-                ('last_modify_date', models.DateTimeField(auto_now=True, auto_now_add=True)),
+                ('last_modify_date', models.DateTimeField(auto_now=True)),
                 ('created', models.DateTimeField(auto_now=True)),
                 ('updated', models.DateTimeField(null=True)),
                 ('document_type', models.CharField(max_length=255, null=True)),
@@ -122,7 +122,7 @@ class Migration(migrations.Migration):
                 ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
                 ('country_name', models.CharField(db_index=True, max_length=50)),
                 ('schema_name', models.CharField(db_index=True, max_length=50)),
-                ('last_modify_date', models.DateTimeField(auto_now=True, auto_now_add=True)),
+                ('last_modify_date', models.DateTimeField(auto_now=True)),
                 ('vendor_number', models.CharField(db_index=True, max_length=255, null=True)),
                 ('business_area_code', models.CharField(db_index=True, max_length=100, null=True)),
                 ('partner_name', models.CharField(db_index=True, max_length=255, null=True)),
@@ -164,7 +164,7 @@ class Migration(migrations.Migration):
                 ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
                 ('country_name', models.CharField(db_index=True, max_length=50)),
                 ('schema_name', models.CharField(db_index=True, max_length=50)),
-                ('last_modify_date', models.DateTimeField(auto_now=True, auto_now_add=True)),
+                ('last_modify_date', models.DateTimeField(auto_now=True)),
                 ('month', month_field.models.MonthField(verbose_name='Month Value')),
                 ('total', models.IntegerField(default=0, verbose_name='Total users')),
                 ('unicef', models.IntegerField(default=0, verbose_name='UNICEF uswers')),
diff --git a/src/etools_datamart/apps/data/migrations/0002_auto_20181206_1420.py b/src/etools_datamart/apps/data/migrations/0002_auto_20181206_1420.py
deleted file mode 100644
index 2e8f666e5..000000000
--- a/src/etools_datamart/apps/data/migrations/0002_auto_20181206_1420.py
+++ /dev/null
@@ -1,38 +0,0 @@
-# Generated by Django 2.1.4 on 2018-12-06 14:20
-
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-
-    dependencies = [
-        ('data', '0001_initial'),
-    ]
-
-    operations = [
-        migrations.AlterField(
-            model_name='famindicator',
-            name='last_modify_date',
-            field=models.DateTimeField(auto_now=True),
-        ),
-        migrations.AlterField(
-            model_name='hact',
-            name='last_modify_date',
-            field=models.DateTimeField(auto_now=True),
-        ),
-        migrations.AlterField(
-            model_name='intervention',
-            name='last_modify_date',
-            field=models.DateTimeField(auto_now=True),
-        ),
-        migrations.AlterField(
-            model_name='pmpindicators',
-            name='last_modify_date',
-            field=models.DateTimeField(auto_now=True),
-        ),
-        migrations.AlterField(
-            model_name='userstats',
-            name='last_modify_date',
-            field=models.DateTimeField(auto_now=True),
-        ),
-    ]
diff --git a/src/etools_datamart/apps/etl/migrations/0001_initial.py b/src/etools_datamart/apps/etl/migrations/0001_initial.py
index 034d0d20f..92dd230b3 100644
--- a/src/etools_datamart/apps/etl/migrations/0001_initial.py
+++ b/src/etools_datamart/apps/etl/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.3 on 2018-11-29 08:24
+# Generated by Django 2.1.4 on 2018-12-06 14:47
 
 import django.contrib.postgres.fields.jsonb
 import django.db.models.deletion
diff --git a/src/etools_datamart/apps/multitenant/postgresql/public.sqldump b/src/etools_datamart/apps/multitenant/postgresql/public.sqldump
index 0ec2fa00419d218e71c19af840b9c9ae5543f83f..9dd5980c33d637f5a36de54b87ddc94ef68ec7e1 100644
GIT binary patch
delta 16017
zcmZ8|2YeM(_WzrbMj*WO-Uuz!d1YqaP-6!a38E+n5@dBjMS^7!5dt<41cD<RRKQ?E
zDJD28*9x&Wgy^n|E?_{!N{Q<aS4H6ez4y)w?w`-+@_BR4x#zZXPrZ3=(SMca(8{YX
zI)7xf(kY-PD~b}pzhwSjU;bYP|1WWC`BW{@4w+WiqMAarz<W;ntCB1LPN2|Tq2+r0
z6D(CgBB4M&ZJnYPc@HElkwlSbpiF?=whl?&(3D}SU>32wrK!3ie>)y^%#`qG$ZJYF
zSHh!FcXWD%J7H{w*EiVR$6MaGjHy1}aZ|I4+|A7y?%ETDUNGxB2{%LD>FkY?-n8kH
z5;ezNw5&7DU!vr>)ANJw$-Mmud;u1HIY2FOk1WsdIu#_#4px}94^(rgu$PkIomX^N
zuEL523TVY3wb&b3(oc?J+1`TETm4Rs_j~z;5^jg-OsSghO{)0O2RO7~uv+HTcB_=s
zv5@z8kGCZ<X1iN@6}gpHi#52Xd*yiVSAOc_9Iv7G68YOPy-?rt<SsjQAlp41%A<E~
zRD$kP{r}*Lu?_cRsDd-{{%w?tfovn}DUpc(+i@3I#bTgN1%+<yh$Ocqn&OT!lf1{w
ze~DGvp-`X;owH2M@s`{F=Y#A(r2tXq;d+K^3`}sFhG%#mI@gN1*dZrSA@MCs)S$a%
za?rbBkSY6y!+~CZ!c|X6avO(dy0aJX;WJ5esGc(3s~fW0?+^`?@(x|RJF4ahp|c|)
zxAuZQVp#*uA0x+%L?BXvj9qBRo)Jrea@@AzoxF@;H~L^F&_m1s;4H6k_>FQeAY^5i
zT%)G)ZHwB09uRYP=BOTC)1`3&$15LQEqRz>9DVsCd{Zt9$qAUzK)PEsHp|<0`2=x1
zwq<xj#txR;t+2P?s?k0?=6yacB7fT<Fa7F#Nn=MmW8x7XZn+C;x`}NaH_7nvF>m?g
zQE~#YP@v3RF}cW%Z{UnQg>G<KidQuyUCt*K31qK&R?Tzos0w-ut{Wh?&M~|<rd}Z_
zoNyoq6#4E;7Y5}$m~`XM{L0#n8OWfYHmcd)jGN|(!DB|qt*R|`mz>C;#rcXDYt^G#
z2luHx<ESL2<nzHfz}qupl9*!5hy=1|=4Lh5yJF@*A7ljzC8+ThsU2cQEKp3HJzRxO
zx66AKgT&>~g3VecwQW-qz06rN#Gb@LQTO2N3UAXLF){yG$bw=4U6GeGXQdnfl2^t-
z#ct=hiEhuUGhMzfljfDV?^lj-52WOa-#7ll^7hP)$u8kgph9qQYwzjc4X%?i9t&HL
zQ_h^4UsqGTng#Rapy61ch-#aaQZMP=A(8_WT!jF+#=;~%DD~}y9Ww5(;G@#^UP``a
z-2bRtL?q(1EL<%2G~#$Qi?5aNXxJUPv@fk2qx5xKD3=-<wGL!JA-E&fjG@*V?C}4B
zTh~}##?p~;3ejkw*ga=yfos$!dJC7CK2O^<R`l|YEWcXLJ?cm*di+f#(VOv*Bf(}U
zP{cb^@Mb;1+x>7@@`ONF#KDPl>3itXf7O+K7b}nlTsAd*h7)>j^)s@I6%KR};ObYj
zpm*1!=lNhWP#FiOdq*FeBbiuspj3cs_ozv3RYM|8dsxYI$4x5qn%8B^EwUVMZ$q+V
zV?$o)jUAASmXEM6{B)t>UE`U~wEH6^$s6{B)R8ee>XkiZ`<-mu)TS?>?O%U7$-C?6
zUXrivc$+tDk-uZ6H)*3ZHL;lO-LcsecO~XT-D6Gp-p<BEIbX-Z_~pB`d^h{8pr^g?
zxZGvOag`S<xW)1Id(t8~M#xLqHd1tR3_Fm&>Qkl2yYr>75)y*>;}Cb(t4ZF;SBCje
zF3xrTP>QH!f)ey*y`G}+%jkr;W)pCuMk(L|?S0W)Ap3;PK(1T*Zh@Em)-z%@P9)^L
z@%Chig-*<Ix4xh6o%i1LKGt#DJ}z>DA0&F8ye~Df6AcHtf~w4&|6vlnT&QGH)i8)}
z?Z>%p+ee+;;SY{+>+AE|zgLg4ypbQBFZsb5w|!jUy|PnYNhfLr(rN1fEz3*WT`Q*#
zG0NkhZ11s8yUTf*e5IU<n)fQn-r;{<BH<7pxCI<uwMtKQgJ0<0ggw$XaIC1e@r%O>
zSI>?O1;N#G&AuG3X>X3~Z1csI9nAN>-T%3qob9+J2P@nk+A`cz-&VNu4rYt{xN9u#
zQuEiz9N@ir;5s2E4isvZTXi_s8~T;Mld-5f<Z!vy@#}s<Oq`hIRef`}WF2$d^6%xD
zpZeB6b0_3g{xC~U#)(2yKKWM5bk7`35;ItPqJo;gQj*;H0K8v$6Q6+qc=L~5DVaK!
zxBu7={I_KohWBxs%?HNsu-D<|N&ausn{h%|9KgBBU-x^S*Zkl4vR5eLuKB%-FpPKp
zChWasgiLS!$v62T@jHgIsOhd|d3C3HNQPm9e(DYf?%gx>l1Df~jjB@4<|>L<xMhS*
zwpCLG`REvJ9iis4jtNSl<Pb4fUXn6YjsTI%q)(1&IqddirO=02xPpM?vc?oe*fPtA
z#Mt3frJLjsHCQlBIVuN;M(CW8YMJ}W&J1_?(}k=$sQlq$Oxjhcma>@{%6`ci3ayM<
zDpe@yEG3D}&QgT5ScVy5@8u|0N-9WT2G#$pWwU{KN}dnHrR1<2nm<ZS6k^X{*D~aU
zOou&Ds0g!c8CHnBQLHTHIsqRx8(ppl4-X#>;iHfmvb0pzR-s%i=V^!8=x)kdE(w-l
zM`14x_Ekz*c28xG9Ne}86#_={dMnB9&c+M|i*df+fv*W2D%hGn%3#Sc7G|w|6_S&S
zMcG}3a=v60vq3#50_q<_%5VivpJh1I6jl1svRO(7HI2diUJff|G%11|dNrctNG?v8
z?J<=H_=Q4`SRfx4idJ;fGTA&^=`CnNhQS&g<x4SA$bibHt&WmK#|MH_(?F$6OgID!
zUP$NkSMylgU`4pMRwxu@2Zt)NC7Y1NYR*;mNjC8RN;q{Pn{+;w%r`X@j?&QnY6aVQ
zp(1P#Aa<ZDrz)dk!!cOjVaf!b)M3j<D9?&*2}Mkrsi^s6j8r<tjXkTsL@AK85t}t#
zs*Di_7lK%&ht%$@|7E@;hoTmnImX}AP&7u9$Eg*<!*}}z3u(udN->)=RyihzG7UE4
zD#ev+Fe8DUH1jH@E6o_MCR1HEr7x$?p#y`pj#N8dO=L^PV-{QhLZ*om>X(A$L9Lry
zCt4vWx*ie+m41tytrca@UaM4UojHMR1hQ}-x8Hi*E$-GM6?E6bIL4uOD2Y^;ttYcS
z*DEb@DzJ&!R5k&dUo=&zkaM+7Dw&{mp;ro(4ENv0*^Zs5eu9dlo2E!D6S8gAaHAr;
z1uGOY*xs9z9zr5Q@E$XTM9fe!S=r4>l3Yy8gnkbN)hv3(P=ahst@5>;y%VCLrrMiL
zy;ZqL&I~HB4=3%(T5nU9_*53Fouv$xydZSgv2^H?U9**W0v3kPSS(=FIte?=<1KL-
zV(EQP>p>1rVmt1_xp2u18>ZMOT7S2a#dgk9x^oBK3d4mg<kJVZkmW5<`it?yp$Hp!
zk1|b;1z$0P&RL{ny9<{E*`fQC6tR8baF~WJQc8IQC|q5d|A5kwjGlTTt6r!a_KBiw
z-~+yf2!|~;eu>h@$2jc42eC#j+2Kft?Ox`KYZ&r4x8B!z;fTYYeMosi_KBLT`e9&_
z?T8u0+;e#Z%^qH*T!OvipfHpOLg-?auv!_9J{%Td*F6FSAqk>TXQjos3%whZY--e@
z5*wx>Vy%BnNvGyVlpb{EQ6<&gk)A}4?oc2IuPM21pN<`<p%x+ws{14#?)blPlbXql
zHMl1kVjwHf5qmlL_S>dTy8Tw#nxy8km1~t8e;PL1x=y*mp9Xj4c|^=Gjca@Y+}QQX
zWcd*`*e_2gqa`&w?`#U*qvo*do>DIG3Bs)DX=R%K5n-hp;=IGrKsOn-Ew?+<tAEEb
zKmP#EQq^)b)8(LLFUqCDfAW+hIMDd-z_Uu0+vFrs+eR#U&WB1a)jp?e5E~da5k=<l
zh%=pH+aNyUH!6SeXJ*Nmw}O4YNx8{~aiz`UU>;4f`CF7)A07jI*-Eu5D{54Dq=K^v
zJ8VT0)-3ikg1gKELzeb}a-PIPEUxsFbNr7mTlaV6cAq!`UmS5Av$w&V$o_DkcpyjL
zZNi#cpT?R;y{x2A?Mq5AKiVRCew+O4=x&*oL`ybfsnstjTV-z(n~YE{hn2pJO_ne#
zkjulcJa+FZ%Edm68^rdYi?zL~T;?Nqz{3L}cKz$^Q*r{`+hZnne7iDRE(M1C=4RzS
z*)fW|58V5Fmi1<w7hFvkzBkpbl$WR)bYLfT^Z3#Zbl2PQqwD;(@*lB<(TH2KxQLpr
z)03z$N6lhG-f8E8i~tzRc!jZdacZ)Q$;#i4ZzMd?Zt<8SNV$n>HiNkMVi>jA(2wF`
z80C5h5dz$koystumBUVbEUYh16S}`@cYN;<EalU|d-MXz{|vTJ+_bX0^&EDzMM;&N
z%`iLtNqkGp2%Gy4e29&QCsM%Ob(Z&8T&!Up^0|-Bmi;TfKDfta+#zSlpDR48#;0H-
zmgb%@Tk-{jNW%ER#J%Vg!ck^X6T*j8->DrR`l1sXv{y;@C*-g(`{K*B3=9ZAnZ2_=
zKA^=l4t!r`wL;^h@&RF?xJTfQ{x*m7)p3<l^%dNevhUKU_8<<d<||mhw)3H7)~r_2
zgi4`?qh~4Z6Q^QD*vW$!Tz*8^WryNRx45!du}ROAb1!`oqFmOfcieFLYeg>6;$bE{
zTvqap!V@2SVtgl>x9Hhy@wdvkJ}d@#-l{6O?8oo006CJw2LBM(Dz?EE{RsC+aNyB{
zbWx8V0ZdTCWgBuVeqj+wK!?DqWN#f8J{^X&qpa&sxUrH0zf;1Yy!$^2&+u^qi|zVZ
znd^VROFW@G;(x?g+b{7;Ve{0O@a`IZjcbsY0hsXN2L2A1U>6IqttXX<a=ciWpFUhK
z*6URK^kJZdAC*V&x)PatIzIat&q~5|DtIwRy~1Z^GWbak_#f6bP4(|<%w~1EI^7?I
zD>8UB`BZa-(t+X1_!=(ez!?+n&a4wkh~~%OHN(?Mr4LTP@kvX70JJ+kRPu|`o#rR2
z&xmC>2J4feu9PD?aLPNV{wW~&lqVe*qoX>?Cy227I;p-TaH6awO&#ZBOx8cBKIeZ}
z?8|h_T8@CN&Q!1SKVs~)EY&|H$H6JBxEi4d^oL|>!lS)D*Jo-PA@)ul=EM1zMwn$4
zsQfV7v)c9W)l92BeN9<K>MVhdShS)@y<hx}hTNvKB65n=zsYZlUMyCZh~H+2E-X=T
z4Zud`oF5b{+Y`qWD^^F-?!Rftw6|0(5ri^Tyj&2rCv~4MlSA841fHYw>HKmzoNdLZ
zxm;byshxNPOjEn4vjij_)Y54{ICliGZq+wML>21a()qU&3UtOjuf6@+o2E^nNnv$7
zHGGTd%<n3v<2V*Q)m42Eop~TiRyTDCSf33(>0md(ng^Qh`jfewbu~>t0v;cC7d#L^
ziWswA@Cci<u!p)x{Eiru-BW!)@M{ko>9w9d!>B<B3-jr+O0ihWh>8GkrRa;joz_b%
z9MN7pz@tvR{k~R+5VV!i#@>G4KgVixNguI6e~QlNhjvgr{-Ou_N~*IF4!>(j)T^K5
z8498JaW0JTTXBF4WFFxY422y+q*6+!`uo%on-Go^(MrPy$dF`>pf(Lce9?nO_JKh3
z4y)Y+)QZyBu-u?fyQfcQ!g7&t-wEz}cX}e?bBq~O5>*%R4Go=j)!&Tz^wLRRFVJVb
zZ^cr#^h%DIv1rH$M7ZZkEipZZKANniup>3N6A~E?^lL}5zh0}Jt0am}QPwy`eb^_m
z0>}?cQEmF>kZMxdU(}1}^mXdLC8fi@yk14ply`&kH%xl04MQ<l>r|-Q8B^5<CDU+(
zDL1HdeNqz|?ZEX26du1(E$|6!w&Nz1`2<`+!E3FcS%<j`{1d$2nl<o(s;0x$NSUF&
zE5?V{_1O${yzB#c>rMv;sF_rKzMjD*%v2G2@`**Pfb}QDtGB3slS3k9Vc(|qmsC+B
zFhF{`OKt~&=n3y;lz<UnMfBM$%mquzM$Dt$D|tkt?DsoVI2n8-1faw2R4?~C#{#`+
z#GMEe-<zYtP2>b7@*;E9W=VjOLmyhP9!Bo?JoPf4Aj&S9ua5CQEY`3<o$7zYSlT^M
zi(+Ch`BCm@S5jjgG8K*YswiXd0bu0~UNmB*_p7iq0u;r*ly879v1X*6&YoL{eG!wf
zL+s!p^&LqCRdb1OhNb(Q@&NXcmu_g?lWGBtc^_iV{c;IA`Xnrbu@r8$ASrkX`|`wV
z*r7Pd1~Ia2LL%T`pGTK2Rg>9=532B{`IHc)4qc{t{>V<?LQd6%71gV&B@AlrinFeH
z>k9QdA0Cmk!euAGyU=foG5FB8FnHTTY8jjMuv#n!iJ9!dmFmlWM>{Z*`}7x3(`q%9
zttIs?pUPpSkEp0j@p(aa_TfdK-sClaYf+tCQZiMWdMY(OqV}ZB_3+!5{4e73$Dp=E
zf20vaU@&J5w?YDBvJcm)W5tJQL|FI7)f@Z|ldWn{QAYupiOiox4S!dP*opNj%31>E
z1Y#m`xc5nQrUW69jEczNv1im=v8#k#&87jH)Na)FjB0UMKE3|5x}A@1BBWgKj5<pW
z7&6)E4eETKlZ|Q!qKHb?_?$YxCve#Djq089BOGEgHmi&Mj|e-nB|ZtHs7LYw&rsUe
zq^7g?8`Y(fCvrUJ2?SfS6^jrvK;YELQ#VKgSl;m2kc6(<rslDue^*EN*a*6x4OoEP
z=p#(%AW^yLH&HL7yRYMlXor%|mcOK;lE4=lu>)h;Ns1`A8P3e?S0Jz5zr}U!@QS+D
zr*k0YoE5JP(KD~B-PrH1s`Dfg@y%83NCxCiAI_x?6{0fs=nh{(;lKxmNZ9x{)H=CV
z1R<?&`Vwa%lR1$`Mi<ci@2G{_-cetY%n)u=iC9MjLd)J)OW2ur)$4s^ByeRrk^y<h
zhnoQl@O&!S3GpjsS^{hQP`%Vg+JP`fG9a(@K~7+Z;KK_*bm?xjgvL$QkRN?R?db+r
z2dUsDy*IB8CDKK^)B|D*5i?xT-iM(N(u90#tw`Wnz_W>$fN1eQa8c)cq9Se(NHZ{^
z9m#-P=fmy500HOaBzEy<DxzUQ?}&xSG7|w_z)t-O%1<ES$0JAhk&?OUc0I`M{9Hv1
zo_De%?D;R^0%e=5bgzm^hrrkYhbGU}i)neC-eJ{#ob~E`@y&#1ULuhX57hG6pfA-F
z*$dhw%p<;jY)-2>QjQUeuw4gK<X|~lSlSrMImOKW3NEvl103ruht%ah-U&oS)OXEc
z74aPJ0M#*8gm_24Q4ji{2u>PN9|449@%NaQVC9%>!4JMEgpY^Jqlg0wj&M&Jyx_z@
z-rD0pw&<w(p^tz@IEx@43Mfm#xt=+s#-qelD`9-=*XbRo`IwqUo!X?WMh2H1ZG&YI
zBZMLl86GlD{*Ny*NNd6yK*&gYpF&bDh(s>?^=IEDK>CtZo$#k@A<fp6N`8fLuKus8
zvm?K#y~M(hq+><Ds>o^bMZn-c`WqZ`F&<P#R~{Hvu#%HFRSB~LHiz}4KmJfVv1Nb2
zI!J^A8^&YA;?uBUf*B0`{4*-b(3~?2eLoQ#zIa-@%Ey~*f~p}*5O^C`Q&cQo)iinU
zt%w87&S3;tHd~UQ4Us*g$mb<$$Z+zW(MVt*RUJc4X>ST@Ru`urc|IXotMRcWcyKHO
zR*I~JcLgySS&mNCq>{F9^Lxo)vbCco@2G`aKS00;uq>L?8UKx)3vpeTrd=*)g1o}P
z&YH9b7Lo`9sO4v+g!X4>g=}KFCcPX)9f6Akf&uY_oS5mr&Vo3fp>FY%gyA-i5-?uN
z=toBo-LZ8!n$-Rl?(_&*uSk0nS<s8~v?u*;T&?lq1_?xAfhNs?W#NU*3cUyYSge(>
z1BIGY4wl7@H;;a)xlk)(DJ9x%k`eB5HO(`Wo@`60CVdPGKE{PIEM8l#N&nJ<k1$fe
z2(T{HxhoX+q|0zb>niX7DV3iJiYvVk(NOvs97jbr4Ha?$cKFTVG4zAoHUH+|77h}X
z3lT%pno3MIzo#ZWA<Kyb#-7D8V84*8@H!$YB5X#z`Lid^9v8EU!^&9qzS@2Ah#ZG)
z?Wdg-1h&CfxMBoMc8j6y@?jB(1BVe{g=~LV8|x!XEd6XKeofS0zm2;-@hpOX=t2i9
z^c`<$(qh<#!>y){yUrXWkuQ#E(qQt3JVOP70kKRDgquA~hW7LJ>7}fGpnre}4Owuo
z_D`RRYZ#O;y0YL<&6P0t@4e`c!+I%g$<$NXXI0uD9}x+hF9LgN_(9L015*{9cApE4
zT63;;w@+dQjQ@{><(=<eD;s`6ndJQ4FWl$9K<ngpbKoM2As6TB9a-yz+E8)icn=h~
zkRSOu!?kiYVwko`?7tmB=4m*tIoAmY@u}`7eE<b7)iUV#B{=EL7i%9##&8F!X~9o=
zjAL_X(xot%EhFQz70N)=JeL28T-EL_dIGzDlqS6(8$ld06FJ0j?0B_iNtQ79{biv<
zATGa5L!On-11i8gi=Y`@^)$9`jD`d{$C?HX4>gej+Wm(P8#-1?WH(=-$q>v&2r%SN
z*tRRR40dX)Hbw3NqTqgf7epzf?kXrd$ub5lHCjmsvEX<Oc^^IuN}9{B){rz29})KZ
z1Wnp98#%cm`eTAtNY+lchC3VJ(^gN^dQ;{ixDvhB<Fjd^){}}SY1az&$j3SKd{ROW
z_WUGGddarsFk`YN^{*|=^wB9=Db-EUlG*lawH|U@*y$gq#19=8yDQaSua&ZK*J=HI
z0-G(nUJ%%}5eeh%3Xe_KPSsM_slRGTSRRK*p#C}hwrNOF51j^?knku{`25u&d*TMI
zCm3>CleOFkrIso_kRTS@HC^k*=1<p3{C;?pBH~iE<7O?_hsAstZLZZ)w$*BxJ_{$1
z$5}Mb)bc2KffihKOiQP_TeJk4FjGU&i!qTBA9RamC<)?&R@{a=x#(6+mz)tYBAYw_
z>FsB4(=<8DXoPLO9m|&8qlAw#Rx(Q~_aP>`;0{;;$&js^t#PZ#N3wBr2oPbk=3t9T
z=3o$?sK;Ge=lJh|b0MRGw`sVczIkl<JWZ7xV0OB=^ZVs6go!8$a;9dO((l%Cwk^<*
z+!lZ+10di3u$gfW#+R5F;iDVX-G^g-?Ov@?j%ZT<d$jH>c)u2rqaYd$(~5hw3U>2C
z2#Gih*q=)5Bp%$Av)>kJJmkdSR+xnrL-omz2>WP>mhIC=0|wvuK}$7*6)wf0OB$2a
zEE9@|_vX+44%EZnsjb&Ku=kd0NQVoyHv6((++R)=V<is>CBZ)&JaWrpbKUrkpbncW
z9>UR@hqaSpn<39d5_H2Vu-(2=%aZFtf+kNQj<3?rNLpUb<nQPRphOzA8j2-nbzH3Q
zG@w*s&umgtXxv<+_y76`w4IoxZSuL0@fbR;epLHIGPL4@AA1agzxtS#;16y?-1%cW
z*1ATE`Y@5u1&ofZ(>k+r)@cPkYllsKTo^{I8QJIl;sGALwjTQAy9S{OI07|P9^YhA
z)01!qE_(u-BIGINuD=TvlP9$xt9w!_lY=22EuPVdM|+v<<EJo~m@@LwJtZ5w=F39Z
zsp-_X8GU;_gL^4SOt{_{shG{$06~>7OY$qG<Iid-gk1}=x1WXJNh~kMp+^br*a&G$
z-Pk@_Ojf2U2{Q=N>mJwkPiaU6ZGvWByGh$8HaF(5y3N7^!$KXTy?Ag|N>$Bj2Uh;P
z@BlahQi-snE6r`fATKm(Avrp7*8<KuZx#BUlSX7siv9Hk$f%ej3gF$*o4?6Rq9dM`
zO!c>75tve@PhkFupz1{op}ZJZRgT5_ZxgO0XKssHmMC~7(!7^Ixr1rld@iv+BR_r_
z<1Fd}pM1jSS~?wIS}_UOz^QPRZrTb(DT2H{FKKDC{AKMau^kQ`vTWB%+?ur=Xv-^L
zKkXF=5l7(-NIQys^r~>0IW!a~7Xcf8y2p&ywL+g7PhYlcJO{;zB5cPFe>Xw~e+R?g
z;ZgrLpq)-OYdpN-RNUeS#H2TY==~<tmh5gZ^DW4n{IJ>Jw|xzXd@Q^09WBkrIBfj8
zTB6VkA!IPKg;IY{%clA7X>DA)gy8uI=+^fEt$$xTE}?ijA++}gfIj|#_LGF-*(`^C
z@*$v2A8JR%@OaPi<VUz`^24Ok-7q#E?$l5O7Xw%lqVB@omJpkPM#@VF&#o%@dq3LV
z0-5~f4F2nRzm~r0Q<&N27OhR}1CNsgQU0g6ZLObZ#d3ebMxYyqv$B6^eS8oeoC;9w
zKeettC>$sky>I>(j<5MMUnzy~c(99nJXjXgQ>e8wB;&NMr_=P$wE`NnM>`}2M{(UJ
z3ufpk?2^y5BA>4X8RfOe`Y+<Efqy1IWbD;a=z>G?nx)h619(YLx>x%}Y(O|hjRzoY
z)AwOM1NOy_4q0&lKD{5{Yxl>G7nJ}3E^CGOKJcY>O7Mt;I5dx1TeT$G)T*79P$ZlW
z#Mcei4QAedGMGZIeWfLD`%3E~4*?n5o`>RR6yZ<yvLE_7fnD=8ECJVKcu-vSeGUgL
zKOC1}M0ic#K+Q-zHGTuNQT!byd*oY9k$Zx;uTnhjqkZ4Qx^UG*)3@QawW8|5MtmQa
zY&^=%b7!8&WH<ld+mjI7!UEzC@TmV0EroE+g0%f-Fxmd2_PIC-)UAtoxSGed9f6_{
zD@LYh_fgz;e@?rO;^?Z6W30mCzWxs(ibOv3n3BVWv}r+k8Q?DRM?}>26T-*oKWQgK
zf0LGCKsNtBTC(JBM%l8Tv1MX-M3NQ{1dFNV1l~T2wcWKCYisxg8&RDB*Cv<+)zNxF
z>%@kgh@YQnvFcyoP)Z(9S0XB8`~C~hN5WzV-$kU@mWS>`e@FLAf72%TQ*c<*@4}D8
zp};>V<<sVm(dhY8T1PhckN9PW<2w2joMo{sa1S=0hTkSXBCO>MjJjB(#X2jxbT>kX
zIkBNU@ViFUvn1Z8nZxm*s#@1OOJ%uhC6?GZfxFxs_QP#ZmS3C$l8(B*RV)Bzzq<(V
zs80fJ$T3~_cMN9VN7N+(aZaMn{adWVju76!iPvd~)RKf}TPu@v={SY#sKf<R;QsGT
z)}_e^!3(Zz5ARaxcn5Uq+Clf#h;7BO&8Y}B9!S-BZiJ77l%DKXJpiU|KqtMEJh}RX
zSk}f=J(qSlS{egFdd(p_hUkr#blLPYo#!?<7lf;wb-a+^AE+eZqdOatt~)*?%I0S1
zzIsEp{LxGuFJlC)1@nzJX!)#1c6=pxm*~SL=3v()&lsDPtMd#QAHZQp^Yozna15#`
z({outf$r;Al&Uy{S_}2$_G<zuEJH{sV0DE$syblggeB$LB0YJ-4Mo23a3ZX>I6jsW
zC4BT@8KwF#e?T~jWjfx=2@WXZ@zEQ~^$fWp7~HNrNXur3_IUD;j}r^@6)+yN6|zBH
z<NJm%e||R|ufITr2W;$x?pOrx5{Avg%g9CW$lJ|7zwPN%-AnIC9eV1YNis7|)=-H9
zPpH%tpP9uv_R^&x4jVSRu(!^u6`XU7P3zPCffr|eb?G*SLk4@ipFT*EA&YmgKQP>~
zh4F~2jNhvPA-#;{hj5gsPB@BJX@PS%7{PNFHZiQHs)-yN4YQl0`hG=zpvZ3NHEJ@)
zK&@QHBQAz2VTlj2kv>8JE{~-R)bYrhlcBaWw!OfY&2AX1XZr}-M=(_Wq7sHnG`_ub
zmP${btDAISsE*pnBYM%QTh$J3urx@$s&pi+&ec~cVg!i&C8AQtcnME3!c&Q}jB;t{
zMS3Nb9@X=ZEzm!g-5{Eic(te-`+As;zaHX~g-2H{s$Oi&#d=>KW+UsxD`5<kuoMA{
z7-8AB7uz#RAK}C7z`(Or79MNRZDaLfR(F}cS!`b<ggEAMu;6<c;mOglIv!y1k8qe7
zSLs(sMlh^XxKk^t4a^&_UnzS;!YnvZ$1``{1IKkXzs|-?iWA|ynkMU0B@sfwiQM&+
z&!<orC}I=;q8Cae&hLMbxio63-jf};K0ZafRRFKStj{#vmVI!T69mI}g&>dY>3UC8
zWwEti-KZZITN^<#VEq4(l@PmGFB2y~IDsPZ<crO}S;rrY@YUel&#s173-VUo0=8+V
zz;;tD*os|(W@@-azd%j}@dV0*Nc(TQUDth(6Bx~1$lkPjmR`wfX6dbxJzVhfsC+Lp
zQ_XDs|9qH(G#H1`$vJW1*fvLhQVbO}qHNM!{|-bAht<|$+xR4+Z~<2=(DA-pd^m)U
zzO3WDdY*)!^v@wwa{#IEiTCS4F*Qh5-~wtnpcb<FMf$H|22uR=<276WE10)fzg%{Y
zI5cxPRFtz+4@(G2#em=~F&{7LFyvG5NS1#f(KGIBUZ36eus+;J@O==@5UK;IbQkF+
z%P0Lma%p&Aoc@SDSu(_P2z<m?(_?x>c82X4PRHBSiVbP&<i17`8jg`E?7j^;{#b|)
zj$+5<@x*^e>hq)?rAwP|TKk{yH$94QN>DJA27KPgn2zE#fMWV!1Lib!gN|p_;KtwM
zOn43#PJWnd`6eBI56LmmW81gr_)7=zfkEX1ue2t;zl6arzF6k%uYN)A<imJ+IG(pJ
zp-$WMBG&wOeXkr0f2gp2n~s;coF#HWU%#YV@&ielvRCyUk_mjYi~cwHp2X^2*AGi3
zc&IV?ZM_e%H{nE&YKFMA?9g*%PdHB#q~n8h_(;jxG8pLpA_<UPyH2FJ32E*!mi?Yy
zEfL5wAkhOSg^-=jq|P70O`km$dpop;md?KafSX!AYpA?&GK)O>BmF!zfx}|#jgR%4
zBp>KDiRT&RR5qbSHzW}rq<*Sj9sm8)KlRz-H)c0uk3LOI6@?_K-Gggi_;3H(;}J_>
zvUC%W9v&il;IARR)Nd2RS$ND}BND@e#Bh*O4(a__!$G}+qztphL%6kkl6VC8+hKix
z>;)BeMSJ=;NN2v&4gbb}r++5aX(2BrNf?sIy(J602Rov7l~YAp3fbH+>vJ6YECw*y
zyr1+tBo=?J+jIyTIRF2A1BH47^m{yqn?<L8K|S-p4-ngpzvxH;^BF=FohL{bGPXba
zFm3|k-7+cr54}6rWdo>rlopbo^OF<O*xyd-w(J4>GghQ%84|dL$}OygL%Ez=Se}?A
zBxZxG-x*)4SnytIwS?Z(@oEG<U#bZOY>kqzONbh33Jf@@e(-0zY(+u>{wfX}Q3hDJ
zIVk}x5iJQV87&2^16nFtN3>38X=t6%f@tYz8EBbkS!mg4IcT|Pd1(1)1!#q6MQFun
zC1|B+WoYGSUC=7fx}tSM>yFj~ttVO~S}(NTXnoN7qV+@Tk7l5S(86dDv?!X1W})%5
V#LyhH0cZo!2C>aagXg~X{{U8x)|dbQ

delta 16015
zcmZ8o2Y6LQ_J6me5lCKoZ-fA$zT5AkB`6}GNDxIqkf5szDiTx{5otCM6oOY6RKQqK
ziV5D8QBjD!Aw+jwbO94YtRQh+T$T3!&CGpa_s{nY-@E6WIn&OZI(dHSf28Np%4#kg
zHo8XY5>gW-NebcL0QR55{!3;5Dcj1XDe;EpYMM)G3*>zNdF9ViA_M4JsK8sL<oNyL
zY*|2zP#)QKtz78epRhb2vO}dD<h6H7@T-zW$efw(`VS_n68~*zKIxnx;D+HhrJNVQ
zZEtK^xi@Kiy5Be4J;1yEg!E|wZ)#q0R-w10Io(@-qQDPleiy(E|4h~<L2pLMC&hBM
zw{%4+S+rcr^=9OSy_2~I`M{P=S_jBQ-qDrmewX}2(Ze#y&Vh0^Dd;7o`{x%P5zDab
zP(E2TNG|e67xxpxSW$m*$*rQ3t@(eH4Ht0RBxg(HJbz00j{@LmWbt6R)UT_k6x5F4
zKi=c*02%eR_A2x$ui}gF&h*Om->>{s;9Sjb=)FAn?fP2Z^TjqtBcUwsjFwB@xlsyx
zPxn8?R}(e7Q(9NX$^U1hOpFw@e918QZ#|-Wi|rylQkVP!uWnR=*J37lW2^-KG3y_E
znR>(wbtOYr$l3l%=idUPMM9MvL{dkp>0V@DoYyom-TyFp4WEpz>7jCgZ&@yfy{%Kj
z{tbhypsy9`^<TJ}YZJW2ks03H#ccQt!aLMlJJDY_WN*;H36-!8UH#ju7jUuDb<?Z6
zpbuZxfMMgrm^u?GPDY1EL{B{`K-pgV$S!{Rh#Lji&_g}=3;@pb8%N$K_QEjz(u=Q_
zlOe{s842}(pnJ2%^zfT52?$KxFB@AUc$gN>zU&dUDVJ(u0;Us6^Qy;Z`UftX#Lq{!
z41dV@!GgPG`HQa{E8vif&nFncZ_`h^Do@bZwjY^%G=N9F#kCcDTPIA32)v{DE2oYT
z6L8E>skdrsp%>f0nfnU7@bo0V`r0%xAIA=5t$9w)^=_{Y`-`s|Ahymm{5PguE+||p
zlnshJ@8#iPaTBK8_zSzVy6cA0$<LeQEPv)r3&h}2)2ps4@s^)RC(H6AKGvE?l}_H%
z`zDZLSIT39Gl0Ku<`gl-s2$2Av$n`N{^hd<2B2uDK!6%=5&FT1XrUsK>f<hSnJq4s
z0g1~di?=8lq<y;_?`O=J$@j#FINqVT<^JZ|T|R#!5`}63U7?>aZ#5slfaH}jP?489
zKi=zkRffm*Wy*q5@BPYgURzQg|9#`%Y=7T;H|SzQSQ!_u?(R<h;DtiQ4J`^eWnj|$
zx}5CSE?y)Cg@!96b<I+VpK#9*!9iyn7|4q(NnnGLzP+$Rk^9QosAOj^DbJ7G_o!He
zZu>1umhn9`4Bf9?c8!1=mRI#)U$SAG)YoevIi#Uc=|m#X2;Qi5<49{QcKCn6t?O(*
z{lU><3WgIZ@`gT`??vk4{Us|bDGtYIm|p)?z5SyruM$%?bwNZPe^ZM0XFe1Sz-FkB
z^(En()i{6e!@6Jzc`lEE<H;rOp-cZYR|H+6p<LjyNYiIHpy$^<E4o-#s4EB8ysCu#
zJ0Cqi0K1{e7&y&8_SihZ#EyhYIJj<~oZwYA#FOa{OBvpTDFuG>hAgo|w(jq5NEB>r
zh%0$x7sR6FBWw#hT<CZ&@@y*E`;nC3k9bn(NW*sg(x)BK$%){iHhlqg|N1it{+-YC
z5_}!q-?DLQ@Z0sLY!bG{a3lWhTP%K64A=2~YRdC>H^z(kx>1Z@wpYpXvfc{&%8QSS
zgNy2(^inx9IsQRkm?R@=`bpbI^KND&63ScisZ{9S@$&cp;)F^W#M`qY!9V%xhyco@
zdEwurLeerx3j1?jPg2-jG&QE!I6P7-<uiHqzi7@EeKa?e<CVOd?`OUBET4_3oBkVb
zPZe0G#B6Wd`+5HP?_DpjhVHe0T<C>Ai1$BvUnpeLutMEHRq8GJFoC>MAZ3v15s==x
zk8`~CkGgmx9~kG=*XMP7uN`CiqdyuJ@N>Yg+<$eqxRIt24W*H7ZAzw}vbRo5A7Yft
zKw17{pLQ4XGTBNQ6=~itCHhDHezAZ<eBc)_c=Z}J*$aQ6`jhqv=fJcaf72I7B&MBB
z8~TB1=h_3=e$)PJ(b;B;Ej^Uye|zwAF*!%~iVu~0KeVTNr@t-t797gr*KyByT&3o(
z6B)qY(RLk|6BGJ0)2lv`<5ztZ?4;v(LynaBoxkqK#l&=?e)TtZ3D&Oem3=SH{Peft
z%uUzyD}R_HCgVB~l~2A^GQ6|L68H?(pC~8IUr7nxA^_g6yot?#1N=qDt_YY${ewUK
zAbv*;|KoN?3=D(a>6a<NZ`YrBLKqwif|ccM_#@YE{?8)b%Zk|Ex<7=uzvFjd?yZRH
zKXLL+zDP^ca2B=Q<xGF!=^mV+r5WVs?(pE=JzFn$Xf|n-r7}8SlElI-&86EEX^=qc
z8re2V&ZC{<q<FzWH)w8xR3%1$$YqdEjw#u6cA``ez@oT<faTD}BuSVu%h2eNWT`@M
zFbo<_k&cN044VucEth()?oRhsK2tzz!qTY#<B~m<atWQ4E*%t{q0mZ6OQj4Qohc>I
zxtWrX7Rxm0d)d+z0hI$|R{x8VMF-|exdLY4QZiUJSu{qD=VDJ`*3!j<ES)}CAPK8%
zStfm>NLt2qf@MeO*fL3Yc$Tdbd=!v|OeLANmrGZPdD<2oTOqCIl3>{m%*CO;QVGrK
zDeV)3LnoDU7+KI;O7wO&rc)S<VWNY>)`Sk_bX^~5u;A!ew6(89#N-@@-WidG307_d
z)PoFA|ENhL1+{CCZKl+hte7LElcsT);48XRN~Rdtq8)~mE!emg-DgSn^BZMFwNM^z
z6j@cFWY7hU)LYO*4cZu$z7#`6q4UYMsFX>L4+N*Cfl?`-u?-7eK!*00b7}ivN%*&R
z#G!|(q`91p9f{J~^P~fujjdUsVn$s+rwqfInVV{B4yo!dm($(DC7oL??Ch+OQg7OC
zgmjf4(RI3Vl=K{5p{=`QmL%tq$Y`l^%*fOFi=}))YeZ<%CDJ&4Vm9O{O_RIR{+9+K
zY#UKJYh19KwyBe;6XbI4+IxM&1!UJ1QW2duUiwK41xcEDrR0gZLznd=v#yl7k(m?a
zM6$2~yA1kl(l%J>OzI}e@pSn_%!27{8(OZE^h?6BpwBI?3~huAJp>H8{1!1=%caj<
zBULJ?tP@mQCJtiut=HY+Z97^{?tB=>S9QA-PZnmWiL}r4Qj3@h)Lj-SorFy<oF<iv
zx!O@uJW1|KUM-N)y?;i|bxbAolVlv(bV;Ze+tFyljglq0IVRnIlhlJtg6%k=3@!;X
zr3_knvy>nf<1odph2>20Y(xsvadpzyV)m{@sw}xTop!5qp_mzb$3Bd-CvCk=S}v%f
z5n4A#8Z3B4btuQSG$@fhbEO3V4E_s;k=7~LSr%yV)8I?*dqxd2cmmyZC(ec002|WC
zHi|rPmy}6&FOa%($K8oop@INhKyw#M{rUI~#Buc9(sVwSqZ!Z#LzhZf-jWqzdiY)`
ziSL60%~!P)P8>o%?&6X~_e-5gq^BBBYnDhy0wR|VygyJ4jvk>CmrH#FMmOmL4`7W<
zq8;6)dshVF>KHnmUmqwt$1v%04@pmoK4yg0JPb^tVK~u<4P%bjnLfNmx)^)OKumie
zcrK!GYo&?k!(cAG?h$APLBLFDNfGWs?*=K0G^)^r4bu>+);}htk>*FF9^~w!QnI%z
zErC3`OM)Q0Cgpg2I(H%sbr4xl-OKqPqDv=l+$3kv$U5AUbT$yIMQ7~g)Y-R9n=<=W
zvMoW*p{v(R*<u=+PPc84E*I0lmKO0)m|_}N2LvWv`Ghnz_^{}&PfBA0Y9_nkyX9<p
z-P6(q0f9rCo{^>pA1*D~*ugs*su1DYN+*@<_$!wA`3LZls#nSx9s{j-Nh}qPlP@K}
zamIgb&q<kHQ#66JZ^EMIeJJISy62^haco_>H}ir#7HFmscRQqK;wI@&Vq);^d8k`X
zzuzp~6u@G!EDIv(qODS005_n-SFD!1(ZWWF1t^TONmn&t$$U$7i+L2|Gil0;()j`2
zrdRmV(BQ+N8~!TI4v1a&;0WiavmItc^oPD>@f-PWGnU-?43<3R6)B0-y(|^6lPx4K
zY!{!My{*#|$nq^%Y0b;hHs0HSbHF0FY+CXP_E^BQP!5Z}a_K#<N*4t%9Rh?fN5opR
zeTQ^ufG{9>EdHU_zaE>CVTQVQgi7@IPHC=Kieb^4o27e$j&>*yZhaoje6xcWLJ4x{
zO}QJ%jh7>&Z8zNU;}3QscfK7vxzx9%fAK9eT(5RnA!)i!O&|r?awZ+}P6wALj~7Io
zLg~9WHQoi6sO<gNMw(ivA{J|eNlv_+MIkML6q-7%`Y0xarU5mC$N+B1ZfQio%A}`1
z=2jP{X<D>;Z*1>Otco1ETg@kVpTPw3i&lD<noW<jNXbEGho1Q)wk4)Z=l=~KeB)sX
z@|l}Xb3cnoHFH3iZ%$YIBep(ELr4!toF;xQv2+@yVCe{<nMX{Qe*qy9Fm^C8?>UL!
zC^JbD!iF{9$(<kiq6;0gUrG}bg6A^sKy0~iuJf3GOy4=!F(6Yo@Oi1-3Wbx*2Xwe2
z;Enw@o2YAJ8m0OxxGAOIrI5NqII!BUU;x{PLCLIJE2VIaLK=>pqqvu!3e4KcLl|6q
zMCql6V@pTemrhn~Rx`xhOP+!#mo}=MH=g-g5=*q<r!vo$7JnnLd<S;IW;@ZmRn4Ny
zzLm}kU<TxQn=IwfAHTx__(--%2mcULD)7XX{s^~7a6o_{T+`!6xvRvuI&{cSu?uVC
z4svgjzIB}Ya*QBKyZwwC%Q?Vr%My;{UH_6;W)B3gq<emm<_8}-9eYB0B=|6B`>(M}
zf$)O6eC4#^x0nWTEWo($Ht-L?1Us8<J1I>L#&g)|!{eg8PRCB)afSPoOW<t9Q}0Y{
z_OQ_T%&*FSDO<i=FmodmZqoh1hqhgjgZt|0bfGHG5Tm$Ek-@3SBej=HohYtMpy6CI
z)J=Fhb52MaS>(c7hNF{AJ~#otCnXL7(Bb!x;$NliWKp90EMEqk%RWi+>R@D>zSl_(
zP63fouJBtTo#inBflKf0A_s=RjnbABd4j;eZ|EPEpASAX`ehns%}0o0t25;5f)9hf
zmMI6P6g6>5tFA%_0{sy%jau~joDQZoeJ2<55qun)nJ=@$>_}(V|8L%!WERSEI2vx}
zszUib{@XCTrj$YwEt3BtzFqQCk-VJ$HVrboSjIH~OOb4TfU|`6ClbcQEt1EQy?;>>
z$^H_#m=lT=@k&nEk<5LeR1B?~2sp>)kzr+GINjDrbD6w^QJb;ImrUy_&*6|*FiXw=
z!nh-N^{T%qB&1yaOB(ye*|JoA-Rx^_ntm;rqRSIW!?&2uqHbb3rW++scatCBoud}9
zE9B*jbw|)i4pj)&2r#`TPUbMyHDtz7@c6j9;1R@@^^6CCNV24dyp;de4U*MUzMu2!
z2pGw0Jp+b@K@bk+kxMJZVl9IQeye$3(<IY-iG^Em$3<XAy7UhEB2$lGt(0u)9rXS0
z7>!)qM{Ll!sEqs&19ik*<bl3|>Re#M?pgxr)lcw5JVOxA6p^=L01>}D!X{|zIzgaP
zLQeM&sEr6gG*U=bM`8dTk*wp?SPsIA9%OVM2t;pPuHaD1CF6CmL3W3uPtNLMk?`IL
zy!Y<pNh9Fsn55X0m$D7D&w1)^ngPA=(VyVxbI!M9%UgRTnph1|od$C}NsFsylaHp#
zN%Uwf?gU4|C+gRMq<_9fK2M5goe=gnUMoKw5LqFY`Kb>1=CEv$(m%-;k~7!I{}hxC
z{qlMlxl-OO8X6%S)`lt!);ditq%)_<4+y463rIJ}^98A4;JUP3k2vA+8|D0fz@ocu
zl4(HTKtaK2Ehlr1Fc0`=IKQ>);00CBfUA)-Q+}6^k9hC1nes%@2mV2Ka%g~@L28Dn
z>2%U88R<?oF}MTve<60<BL77U2{*vGP3|91IiUf<(Oo_p1fpj&G={?nV1?wfIhYHU
zl!cH-zDMw|H2TNwGMo%Hl4Z~lcgUBC&M?cp$*4OJCB8RLhMUL<92%Z4HwOe!gj1`Y
zfRQ`CK)zHE*c!cXkvuN=FlfVKd0Oyc(UiNP7Wu@GdoY=wT}c`jB16%5kBsUC8^Df+
zBCJ?MOYW0lYZ%C3`%<<MzQnrGY8rih3HF6g2GQZ6rSdxgl^wd6`{KfVPP!la$SO8u
z!&7oT8TUTKoVn!!cI+uwh{%I*vpGrr)7Y0MU&9W?NH&U*T}T89H|LW}9+VU5hY!f`
zrrDHWzN%Kpz8KlnL&F(WS6WyvuMJ>k=yDMmFxR|wmHb@*w*@V)`w+mplHZqM@T#{k
zc>6<gDV_eXToerA(g#+{uZWJ&yQ7&;e*tM)D<{+SM7~o{!P=BOBBLP1<^==Oht+<1
z6Tbmm3m1wdC6XFTO(u<x$URBM6Y$%Y|1aY6$Dp=&e>>EZ2L|)jF)PGDF8y%5Jf3}M
zk%&pVKQ7-8eAskNgN*VC$GDKuhQCUM^u!Y~s#y$%$j#-E!#z*QvjUJFGI`|i*t2pD
z-&KNL%_0Lf%N3;kS=nZ=Jo5T8@=iXWX41va%5%hknoZAaloth@TogeNMO4zp=j8!{
z0738ZP4XSVhfZg1k(UJ@COx|~HVG*9(X6ghMGiE{Y4rU@`9Z-`cSGlM1YNfci{LXr
z#-@ueZxjTm&*|qv5_08sIhP*$t2`>en&^HmU;%bhfUu#1c)_OMWVL|YbsbYgyQDn2
z@?{wn1h!X(8yeR^Qb@vE;LOZ@74q8sTU^&pugdEM9m;<fb2?TMBG0}qSI|Fp$O{6b
z9=fsvNrBuQz)eUUsz9am(Op79wFshyAp$n>4SAthD<Xr|H-*G$5rhGgS!8qpx$hmh
zVEa4r%Yqpk|7wIWC|$5XXvO<-F+KaPe0_j4LsxVlDUgQ)xE-<q&m+aVA$}!PiKC4l
z%9jL4H>5Kp1@amJf+IeJ^I?S_a>-t~m`s?eATRoc+|vuM4U_zv)ZVNr6i+VPBe(G_
zgdcu+M<0ql$PTitMdIojz_SP|{g7pU!$qC<iHx{`Bkj<r4kQI~LjZR}12~+Ok?2LA
z$%uv-JsfSe5K&$tfalZG|A6unNF7>#=tok<n%QcY-toDN+B@%L(igsn36x{glKnC&
z9310@qGalPwTP@-sCHU&5NEyiKx{LSK`j=@hX*QobkLV_lIR7EqqB&wAD!1Kj}~LN
zCf(B}BlpVKx)3;&af+z(6<lUM2iK)r56deB9(uy$QQy@^WW;l<3reEnd5CxH8~IQG
za&gj#`UpTs5`T|*F;-9mbny?u6yifi;*rOJ`A3;2%?Vt{TSpv7mmZTp6bPmf&LId8
z`6N@qxt={N$D+hFt6_ZWH>jOR^G|XL>C(<^wWcAfbF3Yfg^!?_5E&LSPW@LPG8&3e
z{aDCI_CJlBTp0OV`r9wUB|vAFR-cGXS&!hDihqM~uKACw(xbo1y~M(h$u0a%MoN<{
z0vVG>e}`kv$Aik~#sb4~T6_|xDqwENVX(gB)G4_OU2zK5fg_OMi0~M(=nQNaXNEl6
zqO&rp&x|v275#W{_|h5W$^dWENwR`4f#Y3VO<t+kp(x_sYq<A)IE(<6MVH4ZLqty`
z4)(??NN}>ArWqPYs((UCX@3%GRTm{8XFe%WsSU6;crYvlR*0--x;PP5r=Vk#6``ax
z-27f5m~8E=h&!s`)(_w?0$3)Ql8XPv&xg1!Nl`8nGeJy$C{+>mKtn(=fVBJ~6_bPM
zN&%gmrf@Gu(=0c1AxBUko)i<qZ6Cp4c@*`ErvsP{*M-4Y4Wl19is+7R$X0~**Knst
zi8@8fn@ECQl&d@ybYp6b6*UM)6yz(y9B8&nK3S#qAU_r<#k8$J5z0ZseICwh8l<^E
zDWyrp%58!XobDR3AR_goTT2w~V`v(Jm*FBTUSFng{}M1}OjxK)0P9LpyFqbJxfDmV
zp&T!dlG&*sFz&@NziDT29OV@X3gZln>y4YkV(16DE5Xgd#T>*77CeR~>nbtXyq*g8
zgfxxa(Q{Y|>=%Mn)P+06B5X=}v-eJ5ucHQ6&0wXpdtc>VenfawL$~!)P6h-fR=8>u
zOm<5|*%QE+rD8AwSOGn#E8_zMyVB=E@vF^X{W`An<Z}oDL|4*gqwhpp5f+2Jxq;PG
zao1@SIpm96MHoySx44QUC=e^eK)A*uL}<U@fLcQ92L=bI;|hldD}NVMxWdC(wW1ph
zS1Blgum$6e_9CZ_s3l};hMG)2t5yaD2sbp02lk}l2Q{6vO_Nlz_dICS+VhmV1PQyc
z|Br;`4hyc84zph>IDhvm^Z74Ox&+-!xX66SWjShR+B#gR;zzC<@blP_4;`tL(NQCm
z&0_xzWS&Oinlqh%mpo+Q&*}gYzC=kU$1lc7Z@EbMKrlx6u!b!DS#=pUn@qU`2D4>!
zY__=OypEAcR{n-u)!wdZ9KCOhBD^5obO|yO*&IiY*C@7NiCf)Y)Ja$;dfBB4@~mtg
zxZ2h^1ew`QO`!+IDafC5tcAlvNhF`_J*C2ij#uL8&6g`Y1Vdj3*X<m({R$<Wo*u7U
zD|W$(hWfEx;FXYtS3=owmN3)<$yg~)qv44P@;+=BB*#`>r66g-KWzHPBt_UVo#(zz
zO;QSoy&JCK?gsd@HItRzBx5ODiQZ4(vuU!@lN3!+uHo!)rK9A9gt#8`g((X6k~Q7Y
zX=JJ*^skO<+>IQ&Rw*G1uT>K1&TEt&VqBQ!AFquaI&N(@Qh&WtLML3O^cMv1`&V4g
z30MLY&x3gQxqh0GL{I-&Nx<?LT!;E+G3#y9k)p1e4w(>e11Ws=+>kzbgVGZW8LdfM
zZiG@x<{wt5f^XLhrGhS+p%e%GY`ijKg%rB$W+f+pv6pAOxU!{AN!nhgWCSeSP%dN9
zJWI(XiHnu+nxB+3vhWrqj!c@RAn0XdM(Lnil!#yi!AJ6V0J7OjZ&g$&ju9AS)~&dw
z&)uddVwSL8+h$|g0k&y2gt~Z+QWjuMdco~50s>1n%vG4tWPDhO2=QSy*)b10R6MU^
z0NUeDB{kMz;CzTEpP3o)w7$7?<pM<(91s$B^%nKZric<z5@bwK6-~QK$=<$LL2jD^
zYzjbL@DZhvyD>h;SP_Dc3bOECobqe;D3t+N<6s)TPcg(WxB)s@b&pa`Z(af+;fG-v
zp-Su|-r1GW-<K*Z<izN(aoRGdKJj7EkCrQ00lgiHu$>?Dpc0`458}`TjYDf!a7Dy=
zyU-(T_3(G<>XlCPy_E{m;hb%hep%1&FQ`z+FMfzC3HG7kZCfs#@5QzRmnVn6e<SN2
zR!;JLwprSpJ&7YXtO47dtCdW#E?CK2fjGWKIV)%_l*2eJK=EYES}2z6wK1_mMyEtz
z&u*5J$b|Vw@BjG`XgfYj+hubhk;l++?W4*m!7v&d{HMn-_>RYvI59Y`VORd3j<&8-
z%mAjbgf8CQk)JjwsdVTDC10?{{hazZH;h=bV?a}}cX#BqC!kNhYv8JYAxxC>d4SdQ
z6x@MJpNwq^^40upT?PRnOcy?-lm-LZ7%&!+WzdhG#(;d<C?@ypKx88HR8-Qq1$}!x
zi@PaESUwwli|Cw<kX8YU3Vuc8_;X4U!On&0+s{GzI2IP2k5)`}ZGy-pZ;FlPvJ?hb
zRT9h~OkVey#(!EtI%qSr`})nw0lvX3`MrgEVOT7Z-v$fNN=S9H+=-UGz`X#5F!`Ic
zZe)HF26?ej(Sp$}0jH_kxXx#!I8Q_?`Si~(LQcgToltiM!gIU?a@1E6N&T%@1g4Y`
z5V-$EQ2i2ykY0+ZD`dd?Z|CkLm?I^@>RG(#6;Bqt49Z<psSsT7Y~#O>AHRZemiB>P
zKIwBMjkHmvh;Z1zX>gZr+6HCG1HC>kD=B2<E6UScmqba;PNl@FUEhgpeHGlNzY00x
z8x=Lk*qur-L(z|RaKD*N$PAV7*o?i}qmkE@f`A&YUUn)h4aJCTx@%W#GonmGu_t(>
z{~ORyCz}-(VKFLJaN&q4ZvxT#O{gx>JxZ;&Aa?A-Mj$l!?LbK)B}<3Dqof2FolbmL
ziRY@pju@dVuGimFvdE(Mly;_IY&<39&~5JnTK~RsTtF=WZT<kz$3IYh7EqL>8HZ0k
z1hnZx<(L@Wp-+8;>n1*2QnDBJ=EL0z%HVu}sDQ|OaJ@N1i%`%Aae)IGs$@_7$j%ms
z<gaJ(U(frLv^Af?(l)m!?Q9=lm_yw-QQoJxaIK#xMSOp3RMjgOoR<Dg=@WoZN8+Hm
zzboAWkQFN9y>I>pj<5N%Krh*N8`xF68!Qd0Nu)Iuf^kMw)5wg^m3%U2pK@3X9*vQO
z)72z;@#jjR;0y1sJC9ZCzlf~{#+ZXhWWSO`E;uZ1SsFRshPMPI`;}k$1|S38*al&n
zaRBofa3FSc$og~enS%gda}dYN<PZ7z7usM(OIsnl_kXFJ7A)`xjX_&ml?1Z6RXHP|
z4h1w=HquBi^uc4nB=Xu<O5*mfl&<0oV10WY#u4!m46pS2?1#RNqgQ_&m;&3-@P03g
z!B!p#1lWfCZTcoKaW-lY_{btf-(j*xzf~l$CkQGl`MW-H;CmPtrkTi$?YL~MD16XS
z-v^Ry<4t9*H|s<Oz4?bgd*U4uvf1qI9qE5mNg}vrVY2fVFxmN|@;N^V_J)^5thsdi
zQRoT2WcadskKwwDk0`-M9;rEw!3vHCHo!*Iik#|CQZ^mZu7t&HfKBJmW7>a42sz_t
z<pgH{v%caNC6_Mxmy#%0ng#`=t5_YfRW^$Ti%81}ynE)WyK@;<*YGP8XiYl&n{Xy{
zN9zft3mtJHc0o;t*8B>uk}m?GZUqkw>4E<Q?hktj<%n>xJr~`p{y_Ijepe=mDOh-|
z^#^xmAq}X3m#{m?9-@&KPAi@1;8U^dZlUCN8XhxW3X<qs&cJySA8_!_!m{(@wrHxP
z3ZKJ9%!@5$(cjgwD(p3TVukz>o~w}>RZSHNbI)q5GBu95-VFA`ZBUqB48_x{&Z@eN
zuM3ZlyYoPg^oheY`AJoSO@lQL5DVjh7#goKKNm}}vF0j7)_9~APg)Z2dTVupDm*9~
zaWcn+lMn{%PgI53u#uOq><IIc$?;C;)UA^m=n~la0Nb35*y8?VmE}k<5_0!=FUKml
zH3MMo26R!oh{LO2f@N(=R&&UnsFFf~5Z<$mxVsmR|LBYqmE|}X7lUp~Rq;}Sf0zUx
z-RY1tH5x!HIzL?vbR2y6M>Eu$#D+U$Xtr8Ndt}9y!E4lbo0dl>XJgknLpb$wa#WTk
z!%(h9kL9Z2;6o?1rD_h%&sPI2iwBGhLRt&d#Ey#sDJ(@?$zcl%RFrlYBU4bWFH{pZ
z-cTsahmGoUT~WtaHo-?9nqH!g2nK|=SgPX99Or<)U}B>;l&R@rH}TB78;jJkC_+A#
zLBu$)!hJc61#Sg&P`B8oMK!vpLd6R(PG!*-yJHcei_Km|E`?v-VgK2EPa`$G)Xt<+
zPxUiF=ETSvDskFzm8ujlb7|*ZsxZZP?M8?9R$0jcFAiW3r}ydj(C7nwRpC22$UHpW
zPaPDH8T3$pV3=)lU<XUty&9mYr8G~&IVM{=1jh{xWne_mUFl?9O_t*s7`45dP4%E8
zK3qE1R%_)%hCxm4QWkbmlnRRjkc%7=s&Kh9WuS@|-i!>zwDBEPzASpfU^Od1xB-Hq
z{AUUnf`Ew~^|NI1%z3Is+Nx9(P##eW*W4<1^1>xy(yLlU=IT6kwZun&mwz!Y*HKo-
z6O7=ZpJS9msxDM3Ny#xa7byevbI}cP?i5xss-RzwQ1O>TY_jl#Yk294j=M<h8^Bzo
zzF0Yoq8yeaVEA(x-nSRsH%1*LU=WOf=SnRs;2^h+SBvPvOVur6`|$KYy9_MYUb;BC
z>hUTbVe$`)My^!xw>azr8J=sI^UD7Uh58fKD?|^?qT$IZ-ncU&nB;Rwb~<iKj7Ya=
z(^PeuAVRP?nR|?}(m^4e{3o>_KwAF~nM1}*Q+v|3>tj<y!UVhq(>~KxNA$tpI!%hX
zpu9|wOPm>MPn2e{wO`$+9_L$&5`Spo|Bw|Edb3)}Pk`VA3i-P)y69#Ve=WjRgY4zG
z)v%I5?wVV`Hsv(fZmt7czDuZeHr%3KAf^Iki&`Oa|J!G)ssKUxjb%<`Z?boeT1ji?
zsI7uMa)#%Vvi;CPwR6>f3m8I#Dh?wj=f#9$`#kk2F_df5Df5Fn;NoW2EyT9*Nx+|7
zwOGaDa?Cp#(Fi{J($4p&xdFuH5K`NQeE8)1)G(hKdq8;sX=#%SX#G<4H$H<XGH+Ki
z0W7EfGW9ai9dGJqt%Qn-KB(#e#G!!TJuw>(jtP>gcqq$1oX~`G$$fg;!|F(ZKr(Br
zK%hjBOztGAMe~UIFTS)WY;@Wq>QuoHf8&S`mo`178lp2YOe4whcDa0G$_BBo?7`JI
zk;m@apyDru*x)EAUlz;$cP4$FQcZG66He>klfkA(VOTf?MSURPjUaFgD+Cmg4>n>>
z(>AJjTFtm25S#QoE}Zyq=*rD1{uq*BqB`BVRmGn<@DB_sUU{W7sr?xY8c+{iB$D@6
zy{L8xU=DJ`ETPYm_r;{kcG#rmzpDG$U`_;ujVHFNc%92X9QyUksx3ZrotExUdk7}F
zgTy)eTY-)Yd;(qgx_U$~G4NRYZM6@fZ^Dfp(+qKI*`?-)p77o#3C9OH@zH`c$_AkS
zlOVurmFsw}n;_R+O0(WmYXky`5m;OHupTMu43hdG9QC>5vA0z{lr;MN2e7kz(Kw_D
zB9%P%BlUbaj;+L|Z+xuYB>3QT1fHdplj)=uH6n-{y6RK)s@U(J|E|szzg;?WpE_Mk
z)pbbSK3w~Pe~N4G;DtwMs_+qzBOW4pMClt}s<-jsSWT*yXNL*0!(oziSnW?64ym0u
zC4!*F!??9<lA1<;KcWs0y)*|kd-iUfrHRAj?00G;xbfeqpYe4f#~hGQkn|QTblP%M
z?Z&67;S`Y4)oGvO*k?X~K^Oe2-Y&3seARRq8aVIY!azB!`clJ;H&5hdk~6=esM+=d
z#CFrKDl)-rhA=_ra}tWQ?Joh0nSfZg43c$9?ap-B0Ma~0(ZuJX#JCjtmy@a^dcgjS
z=XqL+EN(=Gg~gk4H*^`Zuq-=Ekev<FerJVNaWn_12PLjI>3kJppD*ROe7a7G+rvc-
z<qQfOS3j`Q23-{whd+s999?(GmV`L8c(eqxM6@KdPH4$!ozc3WrJ$vvh0)T`($O-|
zGSRZove9zTa?$e8^3e*=3ek$tiqT5YO3}*Dx}ue%bwjH_>yFj~ttVO~S}(NTXnoN7
oqV+@Tj}}4G&~!8d%|x@%Y%~XrttW~$0Bs=JAi5=C@ch^Q5AvnWKmY&$

diff --git a/src/etools_datamart/apps/subscriptions/migrations/0001_initial.py b/src/etools_datamart/apps/subscriptions/migrations/0001_initial.py
index 8fee9683c..f04973063 100644
--- a/src/etools_datamart/apps/subscriptions/migrations/0001_initial.py
+++ b/src/etools_datamart/apps/subscriptions/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.3 on 2018-11-29 08:24
+# Generated by Django 2.1.4 on 2018-12-06 14:47
 
 import django.db.models.deletion
 from django.db import migrations, models
@@ -17,7 +17,7 @@ class Migration(migrations.Migration):
             name='Subscription',
             fields=[
                 ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
-                ('type', models.IntegerField(choices=[(0, 'None'), (1, 'Email'), (2, 'Email+Excel')])),
+                ('type', models.IntegerField(choices=[(0, 'None'), (1, 'Email'), (2, 'Email+Excel'), (3, 'Email+Pdf')])),
                 ('kwargs', models.CharField(blank=True, default='', max_length=500)),
                 ('content_type', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='contenttypes.ContentType')),
             ],
diff --git a/src/etools_datamart/apps/subscriptions/migrations/0002_auto_20181129_0824.py b/src/etools_datamart/apps/subscriptions/migrations/0002_auto_20181206_1447.py
similarity index 93%
rename from src/etools_datamart/apps/subscriptions/migrations/0002_auto_20181129_0824.py
rename to src/etools_datamart/apps/subscriptions/migrations/0002_auto_20181206_1447.py
index da9944c95..7f73b93e7 100644
--- a/src/etools_datamart/apps/subscriptions/migrations/0002_auto_20181129_0824.py
+++ b/src/etools_datamart/apps/subscriptions/migrations/0002_auto_20181206_1447.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.3 on 2018-11-29 08:24
+# Generated by Django 2.1.4 on 2018-12-06 14:47
 
 import django.db.models.deletion
 from django.conf import settings
diff --git a/src/etools_datamart/apps/subscriptions/migrations/0003_auto_20181206_1420.py b/src/etools_datamart/apps/subscriptions/migrations/0003_auto_20181206_1420.py
deleted file mode 100644
index 45e24ff12..000000000
--- a/src/etools_datamart/apps/subscriptions/migrations/0003_auto_20181206_1420.py
+++ /dev/null
@@ -1,18 +0,0 @@
-# Generated by Django 2.1.4 on 2018-12-06 14:20
-
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-
-    dependencies = [
-        ('subscriptions', '0002_auto_20181129_0824'),
-    ]
-
-    operations = [
-        migrations.AlterField(
-            model_name='subscription',
-            name='type',
-            field=models.IntegerField(choices=[(0, 'None'), (1, 'Email'), (2, 'Email+Excel'), (3, 'Email+Pdf')]),
-        ),
-    ]
diff --git a/src/etools_datamart/apps/tracking/management/__init__.py b/src/etools_datamart/apps/tracking/management/__init__.py
new file mode 100644
index 000000000..e69de29bb
diff --git a/src/etools_datamart/apps/tracking/management/commands/__init__.py b/src/etools_datamart/apps/tracking/management/commands/__init__.py
new file mode 100644
index 000000000..e69de29bb
diff --git a/src/etools_datamart/apps/tracking/management/commands/track.py b/src/etools_datamart/apps/tracking/management/commands/track.py
new file mode 100644
index 000000000..02d7d51f5
--- /dev/null
+++ b/src/etools_datamart/apps/tracking/management/commands/track.py
@@ -0,0 +1,68 @@
+# -*- coding: utf-8 -*-
+import logging
+import os
+from urllib.parse import urlencode
+
+from django.core.management import BaseCommand
+
+logger = logging.getLogger(__name__)
+
+
+class Command(BaseCommand):
+    args = ''
+    help = ''
+    requires_migrations_checks = False
+    requires_system_checks = False
+
+    def add_arguments(self, parser):
+
+        parser.add_argument(
+            '--tid',
+            action='store_true',
+            dest='all',
+            default=os.environ.get('ANALYTICS_CODE'),
+            help='select all options but `demo`')
+        parser.add_argument(
+            '--demo',
+            action='store_true',
+            dest='demo',
+            default=False,
+            help='create random demo .local')
+
+    def echo(self, txt, st='SUCCESS'):
+        if self.verbosity == 0:
+            return
+        if self.verbosity == 1:
+            text = f"{txt}"
+        else:
+            text = f"\n{txt}"
+        self.stdout.write(getattr(self.style, st)(text))
+
+    def notify(self, model, created, name, tpl="  {op} {model} `{name}`"):
+        if self.verbosity > 2:
+            op = {True: "Created", False: "Updated"}[created]
+            self.stdout.write(tpl.format(op=op, model=model, name=name))
+        elif self.verbosity > 1:
+            self.stdout.write('.', ending='')
+
+    def handle(self, *args, **options):
+        self.verbosity = options['verbosity']
+        tid = options['tid']
+        import requests
+        # """https://www.google-analytics.com/r/collect?v=1&_v=j72&a=1254325655&t=pageview&_s=1&dl=http%3A%2F%2Flocalhost%2F&ul=en-gb&de=UTF-8&dt=Title&sd=24-bit&sr=1440x900&vp=1425x459&je=0&_u=IEBAAUAB~&jid=243210006&gjid=1351824934&cid=778822076.1544038618&tid=UA-130479575-1&_gid=909229133.1544038618&_r=1&gtm=2oubc0&z=118711575"""
+        values = {
+            "v": 1,
+            "t": "pageview",
+            # "t": "event",
+            # "ec": "video",  # event category
+            # "ea": "play",  # event action
+            # "el": "holiday",
+            "tid": tid,
+            "cid": 555,
+            "ev": 300,
+            "dl": "http://datamart.unicef.io/aaaa",
+
+        }
+        qs = urlencode(values)
+        # payload = 'v=1&t=event&tid=UA-130479575-1&cid=555&ec=video&ea=play&el=holiday&ev=300&dl=http%3A%2F%2Flocalhost%2Fbbb'
+        requests.post('http://www.google-analytics.com/collect', data=qs)
diff --git a/src/etools_datamart/apps/tracking/migrations/0001_initial.py b/src/etools_datamart/apps/tracking/migrations/0001_initial.py
index 425d9911c..300391fcd 100644
--- a/src/etools_datamart/apps/tracking/migrations/0001_initial.py
+++ b/src/etools_datamart/apps/tracking/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.3 on 2018-11-29 08:24
+# Generated by Django 2.1.4 on 2018-12-06 14:47
 
 import django.utils.timezone
 import strategy_field.fields
diff --git a/src/etools_datamart/apps/tracking/migrations/0002_auto_20181129_0824.py b/src/etools_datamart/apps/tracking/migrations/0002_auto_20181206_1447.py
similarity index 97%
rename from src/etools_datamart/apps/tracking/migrations/0002_auto_20181129_0824.py
rename to src/etools_datamart/apps/tracking/migrations/0002_auto_20181206_1447.py
index f98434cb8..271fa1e24 100644
--- a/src/etools_datamart/apps/tracking/migrations/0002_auto_20181129_0824.py
+++ b/src/etools_datamart/apps/tracking/migrations/0002_auto_20181206_1447.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.3 on 2018-11-29 08:24
+# Generated by Django 2.1.4 on 2018-12-06 14:47
 
 import django.db.models.deletion
 from django.conf import settings
@@ -10,9 +10,9 @@ class Migration(migrations.Migration):
     initial = True
 
     dependencies = [
-        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
         ('unicef_rest_framework', '0001_initial'),
         ('tracking', '0001_initial'),
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
     ]
 
     operations = [
diff --git a/src/etools_datamart/apps/web/templates/base.html b/src/etools_datamart/apps/web/templates/base.html
index cfd19a527..0a47a4a25 100644
--- a/src/etools_datamart/apps/web/templates/base.html
+++ b/src/etools_datamart/apps/web/templates/base.html
@@ -7,7 +7,19 @@
         <link rel="icon" type="image/ico" href="{% static 'favicon.ico' %}">
         <link rel="stylesheet" type="text/css" href="{% static 'style.css' %}?_={% version %}">
     {% endblock head %}
-
+    <!-- Global site tag (gtag.js) - Google Analytics -->
+{#    <script async src="https://www.googletagmanager.com/gtag/js?id=UA-130479575-1"></script>#}
+{#    <script>#}
+{#        window.dataLayer = window.dataLayer || [];#}
+{##}
+{#        function gtag() {#}
+{#            dataLayer.push(arguments);#}
+{#        }#}
+{##}
+{#        gtag('js', new Date());#}
+{##}
+{#        gtag('config', 'UA-130479575-1');#}
+{#    </script>#}
 </head>
 <body class="{{ page }}">
 
diff --git a/src/etools_datamart/config/settings.py b/src/etools_datamart/config/settings.py
index af383a3f6..7d172253d 100644
--- a/src/etools_datamart/config/settings.py
+++ b/src/etools_datamart/config/settings.py
@@ -1,5 +1,6 @@
 # -*- coding: utf-8 -*-
 import datetime
+import os
 from pathlib import Path
 
 import environ
@@ -207,11 +208,12 @@
         'APP_DIRS': False,
         'OPTIONS': {
             'loaders': [
+                'dbtemplates.loader.Loader',
                 'django.template.loaders.filesystem.Loader',
                 'django.template.loaders.app_directories.Loader',
-                # 'dbtemplates.loader.Loader',
             ],
             'context_processors': [
+                'constance.context_processors.config',
                 'django.template.context_processors.debug',
                 'django.template.context_processors.request',
                 'etools_datamart.apps.multitenant.context_processors.schemas',
@@ -383,6 +385,7 @@
 CONSTANCE_CONFIG = {
     'AZURE_USE_GRAPH': (True, 'Use MS Graph API to fetch user data', bool),
     'DEFAULT_GROUP': ('Guests', 'Default group new users belong to', 'select_group'),
+    'ANALYTICS_CODE': (env('ANALYTICS_CODE'), 'Google analytics code'),
 }
 
 CELERY_BEAT_SCHEDULER = 'django_celery_beat.schedulers.DatabaseScheduler'
@@ -606,3 +609,12 @@
 
 BUSINESSAREA_MODEL = 'unicef_security.BusinessArea'
 AUTH_USER_MODEL = 'unicef_security.User'
+
+
+def extra(r):
+    return {'AZURE_CLIENT_ID': os.environ['AZURE_CLIENT_ID'],
+            'GRAPH_CLIENT_ID': os.environ['GRAPH_CLIENT_ID'],
+            'AZURE_TENANT': os.environ['AZURE_TENANT']}
+
+
+SYSINFO = {"extra": {'Azure': extra}}
diff --git a/src/unicef_rest_framework/migrations/0001_initial.py b/src/unicef_rest_framework/migrations/0001_initial.py
index 06eaedc84..b1c342065 100644
--- a/src/unicef_rest_framework/migrations/0001_initial.py
+++ b/src/unicef_rest_framework/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.3 on 2018-11-29 08:24
+# Generated by Django 2.1.4 on 2018-12-06 14:47
 
 import uuid
 
diff --git a/src/unicef_rest_framework/migrations/0002_auto_20181129_0824.py b/src/unicef_rest_framework/migrations/0002_auto_20181206_1447.py
similarity index 97%
rename from src/unicef_rest_framework/migrations/0002_auto_20181129_0824.py
rename to src/unicef_rest_framework/migrations/0002_auto_20181206_1447.py
index bf25f9213..699cb08ac 100644
--- a/src/unicef_rest_framework/migrations/0002_auto_20181129_0824.py
+++ b/src/unicef_rest_framework/migrations/0002_auto_20181206_1447.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.3 on 2018-11-29 08:24
+# Generated by Django 2.1.4 on 2018-12-06 14:47
 
 import django.db.models.deletion
 from django.conf import settings
@@ -10,10 +10,10 @@ class Migration(migrations.Migration):
     initial = True
 
     dependencies = [
-        ('auth', '0009_alter_user_last_name_max_length'),
-        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
         ('contenttypes', '0002_remove_content_type_name'),
+        ('auth', '0009_alter_user_last_name_max_length'),
         ('unicef_rest_framework', '0001_initial'),
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
     ]
 
     operations = [
@@ -131,7 +131,7 @@ class Migration(migrations.Migration):
         ),
         migrations.AlterUniqueTogether(
             name='systemfilter',
-            unique_together={('service', 'group'), ('service', 'user')},
+            unique_together={('service', 'user'), ('service', 'group')},
         ),
         migrations.AlterUniqueTogether(
             name='groupaccesscontrol',
diff --git a/src/unicef_rest_framework/renderers/html.py b/src/unicef_rest_framework/renderers/html.py
index dde24133c..d47436ad6 100644
--- a/src/unicef_rest_framework/renderers/html.py
+++ b/src/unicef_rest_framework/renderers/html.py
@@ -12,7 +12,7 @@ def labelize(v):
 
 
 class HTMLRenderer(BaseRenderer):
-    media_type = 'text/xhtml'
+    media_type = 'text/html'
     format = 'xhtml'
     charset = 'utf-8'
     render_style = 'text'
diff --git a/src/unicef_rest_framework/templates/renderers/html/html.html b/src/unicef_rest_framework/templates/renderers/html/html.html
index a807290c9..d77cb7c80 100644
--- a/src/unicef_rest_framework/templates/renderers/html/html.html
+++ b/src/unicef_rest_framework/templates/renderers/html/html.html
@@ -33,7 +33,7 @@ <h1>{{ opts.verbose_name }}</h1>
             <th>{{ v }}</th>
         {% endfor %}
     </tr>
-    {% for row in data.results %}
+    {% for row in data %}
         <tr class="{% cycle "odd" "even" %}">
             {% for k,v in row.items %}
                 <td class="{% cycle "odd" "even" %}">{{ v }}</td>
diff --git a/src/unicef_rest_framework/templates/rest_framework/base.html b/src/unicef_rest_framework/templates/rest_framework/base.html
index 4751d9b04..751593d6b 100644
--- a/src/unicef_rest_framework/templates/rest_framework/base.html
+++ b/src/unicef_rest_framework/templates/rest_framework/base.html
@@ -25,7 +25,15 @@
         <link rel="stylesheet" type="text/css" href="{% static "style.css" %}"/>
         {% if code_style %}<style>{{ code_style }}</style>{% endif %}
       {% endblock %}
-
+    {% if config.ANALYTICS_CODE %}
+        <script async src="https://www.googletagmanager.com/gtag/js?id=UA-130479575-1"></script>
+        <script>
+            window.dataLayer = window.dataLayer || [];
+            function gtag() {dataLayer.push(arguments);}
+            gtag('js', new Date());
+            gtag('config', 'UA-130479575-1');
+        </script>
+    {% endif %}
     {% endblock %}
   </head>
 
diff --git a/src/unicef_security/migrations/0001_initial.py b/src/unicef_security/migrations/0001_initial.py
index b87338433..573525d7f 100644
--- a/src/unicef_security/migrations/0001_initial.py
+++ b/src/unicef_security/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.3 on 2018-11-29 08:24
+# Generated by Django 2.1.4 on 2018-12-06 14:47
 
 import django.contrib.auth.models
 import django.contrib.auth.validators
@@ -71,6 +71,7 @@ class Migration(migrations.Migration):
             name='Role',
             fields=[
                 ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('business_area', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to=settings.BUSINESSAREA_MODEL)),
                 ('group', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='auth.Group')),
                 ('user', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL)),
             ],
diff --git a/src/unicef_security/models.py b/src/unicef_security/models.py
index a30120707..a2ece53b7 100644
--- a/src/unicef_security/models.py
+++ b/src/unicef_security/models.py
@@ -102,6 +102,7 @@ def save(self, *args, **kwargs):
 class Role(models.Model, TimeStampedModel):
     user = models.ForeignKey(settings.AUTH_USER_MODEL, on_delete=models.CASCADE)
     group = models.ForeignKey(Group, on_delete=models.CASCADE)
+    business_area = models.ForeignKey(BusinessArea, on_delete=models.CASCADE)
 
     class Meta:
         app_label = 'unicef_security'
diff --git a/src/unicef_security/tasks.py b/src/unicef_security/tasks.py
new file mode 100644
index 000000000..6030e620e
--- /dev/null
+++ b/src/unicef_security/tasks.py
@@ -0,0 +1,7 @@
+from celery.app import default_app
+from unicef_security.sync import load_business_area
+
+
+@default_app.task()
+def sync_business_area():
+    load_business_area()

From fe8e84711ab0f74775a73638a37e13837550acef Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Thu, 6 Dec 2018 23:41:54 +0100
Subject: [PATCH 17/86] fixes settings

---
 src/etools_datamart/config/settings.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/etools_datamart/config/settings.py b/src/etools_datamart/config/settings.py
index 7d172253d..ad33784be 100644
--- a/src/etools_datamart/config/settings.py
+++ b/src/etools_datamart/config/settings.py
@@ -13,7 +13,7 @@
 
 env = environ.Env(API_URL=(str, 'http://localhost:8000/api/'),
                   ETOOLS_DUMP_LOCATION=(str, str(PACKAGE_DIR / 'apps' / 'multitenant' / 'postgresql')),
-
+                  ANALYTICS_CODE=(str, ""),
                   CACHE_URL=(str, "redis://127.0.0.1:6379/1"),
                   CACHE_URL_API=(str, "redis://127.0.0.1:6379/2?key_prefix=api"),
                   CACHE_URL_LOCK=(str, "redis://127.0.0.1:6379/2?key_prefix=lock"),

From f21e948c812baf6e7803efec8493438da11808c9 Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Fri, 7 Dec 2018 13:09:10 +0100
Subject: [PATCH 18/86] updates

---
 CHANGES                                       |  1 +
 src/drf_querystringfilter/backend.py          |  9 ++-
 src/etools_datamart/api/endpoints/common.py   |  3 +-
 .../api/endpoints/etools/audit.py             |  2 +
 src/etools_datamart/api/filtering.py          | 14 ++---
 src/etools_datamart/apps/etl/models.py        |  3 +
 src/etools_datamart/apps/etl/results.py       | 10 ++-
 src/etools_datamart/apps/multitenant/views.py | 38 ++++++------
 .../apps/subscriptions/models.py              | 14 ++---
 .../apps/subscriptions/urls.py                |  8 ++-
 src/etools_datamart/celery.py                 |  9 +--
 src/etools_datamart/config/settings.py        |  1 +
 src/unicef_rest_framework/auth.py             | 32 +++++++++-
 src/unicef_rest_framework/negotiation.py      | 14 +++++
 .../renderers/__init__.py                     |  2 +
 src/unicef_rest_framework/renderers/html.py   |  2 +-
 src/unicef_rest_framework/renderers/iqy.py    | 50 +++++++++++++++
 src/unicef_rest_framework/renderers/pdf.py    |  2 +-
 src/unicef_rest_framework/renderers/txt.py    | 50 +++++++++++++++
 .../templates/renderers/{html => }/html.html  |  0
 .../templates/renderers/iqy.txt               |  2 +
 .../templates/renderers/{pdf => }/pdf.html    |  0
 .../templates/renderers/text.txt              |  2 +
 src/unicef_rest_framework/utils.py            | 20 ++++++
 src/unicef_rest_framework/views.py            | 32 +++++++---
 src/unicef_rest_framework/views_mixins.py     | 27 ++++++++
 tests/.coveragerc                             |  1 +
 tests/api/test_api_data.py                    | 15 ++++-
 tests/api/test_datamart_security.py           |  4 +-
 tests/etl/test_etl_result.py                  | 25 ++++++++
 tests/test_admin.py                           |  6 ++
 tests/test_celery.py                          |  6 ++
 tests/test_subscription.py                    | 61 +++++++++++++++++++
 33 files changed, 402 insertions(+), 63 deletions(-)
 create mode 100644 src/unicef_rest_framework/negotiation.py
 create mode 100644 src/unicef_rest_framework/renderers/iqy.py
 create mode 100644 src/unicef_rest_framework/renderers/txt.py
 rename src/unicef_rest_framework/templates/renderers/{html => }/html.html (100%)
 create mode 100644 src/unicef_rest_framework/templates/renderers/iqy.txt
 rename src/unicef_rest_framework/templates/renderers/{pdf => }/pdf.html (100%)
 create mode 100644 src/unicef_rest_framework/templates/renderers/text.txt
 create mode 100644 src/unicef_rest_framework/views_mixins.py
 create mode 100644 tests/test_celery.py

diff --git a/CHANGES b/CHANGES
index 8b0502f0f..27516b25c 100644
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,7 @@
 * fixes error in some renderers with cached response
 * Adopting of RabbitMQ to prevent message loss
 * new admin index page
+* Excel IQY support (beta)
 
 
 1.7
diff --git a/src/drf_querystringfilter/backend.py b/src/drf_querystringfilter/backend.py
index 7671e1085..dac4e28c8 100644
--- a/src/drf_querystringfilter/backend.py
+++ b/src/drf_querystringfilter/backend.py
@@ -123,7 +123,7 @@ def _get_filters(self, request, queryset, view):  # noqa
 
         - exclude null values: country__not=><
         - only values in list: &country__id__in=176,20
-        - exclude values in list: &country__id__not_in=176,20
+        - exclude values in list: &country__id=176,20
 
         """
         self.opts = queryset.model._meta
@@ -137,8 +137,9 @@ def _get_filters(self, request, queryset, view):  # noqa
 
             for fieldname_arg in self.query_params:
                 raw_value = self.query_params.get(fieldname_arg)
-                if not raw_value:
-                    continue
+                if raw_value in ["''", '""']:
+                    raw_value = ""
+
                 negate = fieldname_arg[-1] == "!"
 
                 if negate:
@@ -168,6 +169,8 @@ def _get_filters(self, request, queryset, view):  # noqa
                     processor = getattr(self, 'process_{}'.format(filter_field_name), None)
                     if (filter_field_name not in filter_fields) and (not processor):
                         raise InvalidQueryArgumentError(filter_field_name)
+                    if raw_value is None and not processor:
+                        continue
                     # field is configured in Serializer
                     # so we use 'source' attribute
                     if filter_field_name in mapping:
diff --git a/src/etools_datamart/api/endpoints/common.py b/src/etools_datamart/api/endpoints/common.py
index b29796e95..84d1707b3 100644
--- a/src/etools_datamart/api/endpoints/common.py
+++ b/src/etools_datamart/api/endpoints/common.py
@@ -13,6 +13,7 @@
 from rest_framework.response import Response
 from unicef_rest_framework.filtering import SystemFilterBackend
 from unicef_rest_framework.views import ReadOnlyModelViewSet
+from unicef_rest_framework.views_mixins import IQYConnectionMixin
 
 from etools_datamart.api.filtering import DatamartQueryStringFilterBackend, TenantQueryStringFilterBackend
 from etools_datamart.apps.etl.models import EtlTask
@@ -63,7 +64,7 @@ def updates(self, request, version):
                         headers={'update-date': offset})
 
 
-class APIReadOnlyModelViewSet(ReadOnlyModelViewSet):
+class APIReadOnlyModelViewSet(ReadOnlyModelViewSet, IQYConnectionMixin):
     filter_backends = [SystemFilterBackend,
                        DatamartQueryStringFilterBackend,
                        OrderingFilter]
diff --git a/src/etools_datamart/api/endpoints/etools/audit.py b/src/etools_datamart/api/endpoints/etools/audit.py
index 730c19254..77a95ffc4 100644
--- a/src/etools_datamart/api/endpoints/etools/audit.py
+++ b/src/etools_datamart/api/endpoints/etools/audit.py
@@ -7,3 +7,5 @@
 class EngagementViewSet(common.APIMultiTenantReadOnlyModelViewSet):
     serializer_class = serializers.EngagementSerializer
     queryset = models.AuditEngagement.objects.all()
+    filter_fields = ['joint_audit', 'status', 'engagement_type',
+                     'cancel_comment']
diff --git a/src/etools_datamart/api/filtering.py b/src/etools_datamart/api/filtering.py
index 51c9164de..ffccc81a6 100644
--- a/src/etools_datamart/api/filtering.py
+++ b/src/etools_datamart/api/filtering.py
@@ -20,13 +20,7 @@ class CountryNameProcessor:
     def process_country_name(self, efilters, eexclude, field, value, request,
                              op, param, negate, **payload):
         filters = {}
-        if not value:
-            if not request.user.is_superuser:
-                allowed = get_etools_allowed_schemas(request.user)
-                if not allowed:  # pragma: no cover
-                    raise PermissionDenied("You don't have enabled schemas")
-                filters['country_name__iregex'] = r'(' + '|'.join(allowed) + ')'
-        else:
+        if value:
             value = set(value.lower().split(","))
             validate_schemas(*value)
             if not request.user.is_superuser:
@@ -34,6 +28,12 @@ def process_country_name(self, efilters, eexclude, field, value, request,
                 if not user_schemas.issuperset(value):
                     raise NotAuthorizedSchema(",".join(sorted(value - user_schemas)))
             filters['country_name__iregex'] = r'(' + '|'.join(value) + ')'
+        else:
+            if not request.user.is_superuser:
+                allowed = get_etools_allowed_schemas(request.user)
+                if not allowed:  # pragma: no cover
+                    raise PermissionDenied("You don't have enabled schemas")
+                filters['country_name__iregex'] = r'(' + '|'.join(allowed) + ')'
 
         if negate:
             return {}, filters
diff --git a/src/etools_datamart/apps/etl/models.py b/src/etools_datamart/apps/etl/models.py
index afd0dbebd..659a81384 100644
--- a/src/etools_datamart/apps/etl/models.py
+++ b/src/etools_datamart/apps/etl/models.py
@@ -10,6 +10,9 @@
 
 
 class TaskLogManager(models.Manager):
+    def filter_for_models(self, *models):
+        return self.filter(content_type__in=ContentType.objects.get_for_models(*models).values())
+
     def get_for_model(self, model: DataMartModel):
         try:
             return self.get(content_type=ContentType.objects.get_for_model(model))
diff --git a/src/etools_datamart/apps/etl/results.py b/src/etools_datamart/apps/etl/results.py
index 53ed5b34c..12cd7d393 100644
--- a/src/etools_datamart/apps/etl/results.py
+++ b/src/etools_datamart/apps/etl/results.py
@@ -1,4 +1,5 @@
 import json
+from json.decoder import WHITESPACE
 
 CREATED = 'created'
 UPDATED = 'updated'
@@ -35,7 +36,14 @@ def __eq__(self, other):
         return False
 
 
+class EtlDecoder(json.JSONDecoder):
+
+    def decode(self, s, _w=WHITESPACE.match):
+        return super().decode(s, _w)
+
+
 class EtlEncoder(json.JSONEncoder):
+
     def default(self, obj):
         if isinstance(obj, EtlResult):
             return {
@@ -60,4 +68,4 @@ def etl_dumps(obj):
 
 # Decoder function
 def etl_loads(obj):
-    return json.loads(obj, object_hook=etl_decoder)
+    return json.loads(obj, cls=EtlDecoder, object_hook=etl_decoder)
diff --git a/src/etools_datamart/apps/multitenant/views.py b/src/etools_datamart/apps/multitenant/views.py
index 84602daab..eeab10e97 100644
--- a/src/etools_datamart/apps/multitenant/views.py
+++ b/src/etools_datamart/apps/multitenant/views.py
@@ -3,13 +3,12 @@
 
 from django.http import HttpResponseRedirect
 from django.urls import reverse_lazy
-from django.utils.http import urlencode
 from django.views.generic.edit import FormView
+# from unicef_rest_framework.state import state
+from unicef_rest_framework.utils import get_query_string
 
 from etools_datamart.apps.multitenant.forms import SchemasForm
 
-# from unicef_rest_framework.state import state
-
 logger = logging.getLogger(__name__)
 
 
@@ -50,19 +49,20 @@ def form_valid(self, form):
         return response
 
     def get_query_string(self, new_params=None, remove=None):
-        if new_params is None:
-            new_params = {}
-        if remove is None:
-            remove = []
-        p = self.params.copy()
-        for r in remove:
-            for k in list(p):
-                if k.startswith(r):
-                    del p[k]
-        for k, v in new_params.items():
-            if v is None:
-                if k in p:
-                    del p[k]
-            else:
-                p[k] = v
-        return '?%s' % urlencode(sorted(p.items()))
+        return get_query_string(self.params, new_params, remove)
+        # if new_params is None:
+        #     new_params = {}
+        # if remove is None:
+        #     remove = []
+        # p = self.params.copy()
+        # for r in remove:
+        #     for k in list(p):
+        #         if k.startswith(r):
+        #             del p[k]
+        # for k, v in new_params.items():
+        #     if v is None:
+        #         if k in p:
+        #             del p[k]
+        #     else:
+        #         p[k] = v
+        # return '?%s' % urlencode(sorted(p.items()))
diff --git a/src/etools_datamart/apps/subscriptions/models.py b/src/etools_datamart/apps/subscriptions/models.py
index 5fba886f3..0537ed38e 100644
--- a/src/etools_datamart/apps/subscriptions/models.py
+++ b/src/etools_datamart/apps/subscriptions/models.py
@@ -91,13 +91,13 @@ class Meta:
     def __str__(self):
         return f"#{self.pk} {self.user} {self.get_type_display()} {self.content_type}"
 
-    @cached_property
-    def endpoint(self):
-        return self.content_type.model_class().service.endpoint
-
-    @cached_property
-    def service(self):
-        return self.content_type.model_class().service
+    # @cached_property
+    # def endpoint(self):
+    #     return self.content_type.model_class().service.endpoint
+    #
+    # @cached_property
+    # def service(self):
+    #     return self.content_type.model_class().service
 
     @cached_property
     def viewset(self):
diff --git a/src/etools_datamart/apps/subscriptions/urls.py b/src/etools_datamart/apps/subscriptions/urls.py
index 1df0179d1..18656fb18 100644
--- a/src/etools_datamart/apps/subscriptions/urls.py
+++ b/src/etools_datamart/apps/subscriptions/urls.py
@@ -21,8 +21,12 @@ def _decorator(request, *args, **kwargs):
                 if user:
                     login(request, user, backend='django.contrib.auth.backends.RemoteUserBackend')
                 else:
-                    return HttpResponse(status=401)
-        return func(request, *args, **kwargs)
+                    return HttpResponse(status=403)
+
+        if request.user.is_authenticated:
+            return func(request, *args, **kwargs)
+        else:
+            return HttpResponse(status=401)
 
     return _decorator
 
diff --git a/src/etools_datamart/celery.py b/src/etools_datamart/celery.py
index 2fc6f2f1d..fb179e8f3 100644
--- a/src/etools_datamart/celery.py
+++ b/src/etools_datamart/celery.py
@@ -4,11 +4,6 @@
 from celery import Celery
 from celery.contrib.abortable import AbortableTask
 from celery.signals import task_postrun, task_prerun
-from django.apps import apps
-# app.autodiscover_tasks(lambda: [n.name for n in apps.get_app_configs()],
-#                        related_name='tasks')
-# app.autodiscover_tasks(lambda: [n.name for n in apps.get_app_configs()],
-#                        related_name='etl')
 from kombu import Exchange, Queue
 from kombu.serialization import register
 
@@ -62,8 +57,8 @@ def get_all_etls(self):
 
 app = DatamartCelery('datamart')
 app.config_from_object('django.conf:settings', namespace='CELERY')
-# app.autodiscover_tasks()
-app.autodiscover_tasks(lambda: [n.name for n in apps.get_app_configs()])
+app.autodiscover_tasks()
+# app.autodiscover_tasks(lambda: [n.name for n in apps.get_app_configs()])  # pragma
 
 app.timers = {}
 app.conf.task_queues = (
diff --git a/src/etools_datamart/config/settings.py b/src/etools_datamart/config/settings.py
index ad33784be..808731f59 100644
--- a/src/etools_datamart/config/settings.py
+++ b/src/etools_datamart/config/settings.py
@@ -418,6 +418,7 @@
         "rest_framework.renderers.BrowsableAPIRenderer",
     ),
     "PAGE_SIZE": 100,
+    'DEFAULT_CONTENT_NEGOTIATION_CLASS': 'unicef_rest_framework.negotiation.CT',
     # "DEFAULT_PAGINATION_CLASS": 'rest_framework.pagination.CursorPagination',
     'DEFAULT_PAGINATION_CLASS': 'unicef_rest_framework.pagination.APIPagination',
     'DEFAULT_METADATA_CLASS': 'etools_datamart.api.metadata.SimpleMetadataWithFilters',
diff --git a/src/unicef_rest_framework/auth.py b/src/unicef_rest_framework/auth.py
index 8a4d64414..27ee5314d 100644
--- a/src/unicef_rest_framework/auth.py
+++ b/src/unicef_rest_framework/auth.py
@@ -5,6 +5,7 @@
 from django.contrib.auth import get_user_model, login
 from django.utils.translation import ugettext as _
 from rest_framework import exceptions
+from rest_framework.authentication import BaseAuthentication
 from rest_framework.exceptions import AuthenticationFailed, PermissionDenied
 from rest_framework_jwt import authentication
 from unicef_security.graph import default_group, Synchronizer
@@ -16,6 +17,36 @@ def jwt_get_username_from_payload(payload):
     return payload.get('preferred_username', payload.get('unique_name'))
 
 
+def get_client_ip(environ):
+    """
+    Naively yank the first IP address in an X-Forwarded-For header
+    and assume this is correct.
+
+    Note: Don't use this in security sensitive situations since this
+    value may be forged from a client.
+    """
+    try:
+        return environ['HTTP_X_FORWARDED_FOR'].split(',')[0].strip()
+    except (KeyError, IndexError):
+        return environ.get('REMOTE_ADDR')
+
+
+class URLTokenAuthentication(BaseAuthentication):
+    def authenticate(self, request):
+        return None
+
+
+class IPBasedAuthentication(BaseAuthentication):
+    def authenticate(self, request):
+        ip = get_client_ip(request.META)
+        if ip == '127.0.0.1':
+            User = get_user_model()
+            user = User.objects.get_by_natural_key('sax')
+            request.user = user
+            login(request, user, 'social_core.backends.azuread_tenant.AzureADTenantOAuth2')
+            return (user, None)
+
+
 class JWTAuthentication(authentication.JSONWebTokenAuthentication):
     def authenticate(self, request):
 
@@ -68,5 +99,4 @@ def authenticate_credentials(self, payload):
             raise exceptions.AuthenticationFailed(msg)
         return user
 
-
 # AQABAAIAAAC5una0EUFgTIF8ElaxtWjTE8f9OcsbHLLnobNloaTfC--E_fRoUrtiw2jul5yBV9rN3CO2C1BJ2IB99esAhsuRrzEowH3COPLFe5hkhovi4zfceFjwu6iSXpfgAFVGuo_fmep0osVwr0WkFzhWI5QEgNNnrf7d7gFm4iVC4gFE24R_JymglPADBvJIUMGAPHYg-IEyK1GKSkzpNSjJNZz6Pad_uVlDMrssFcrRqxKOJzqIhggLq7XQpJnmfUF5dJNdriDMkUjHBhDqlNpKTJZpnJg0jfIn7843kmKH0WXbJL0ss-tfgc_d8Q0240bdYXX6YSBV20NPx7MHy5V9i1RAtmr11cHBCw3uDuRriomgOhtIxTKYLox8iKYHbELA9Opvd-zLJm9krxoxlEHVO-PKl11No1mT8ZC83Ox37yxG5vrE7U7UxaLml9PmrjRZQoD1HvJ354IxZyP2pytYq2XhvIG_NDSDfuO5hwzPKb9F7G4Hytu96plKlu_yvdZ4Gghbp7z2sryeAiCnpYNlskGVUrQwF7BSHT73XuuOWeFelp-jn3tR4LQwqEGkg3zLqswcjbsRykSvS3cY6xTdBsCb7H70nygnhOgr_WlT9oY9KS2ElBVU-Q8OE8mkJ1rDV42hRb-haC7yzyUgtofbSQdVMIUgJRpuxYCrHNJ5oRsXmrWI0EVTdWFN25kwOMYPwOI8rzVf1oHikTQiHm3AN5wz0ill40IfjLB9niMEn4kntLDGJU1rIeALxv1s4lHxMZHpc1YEgLTf_3LnGtrsca3bIAA
diff --git a/src/unicef_rest_framework/negotiation.py b/src/unicef_rest_framework/negotiation.py
new file mode 100644
index 000000000..4b9543e8c
--- /dev/null
+++ b/src/unicef_rest_framework/negotiation.py
@@ -0,0 +1,14 @@
+from rest_framework.negotiation import DefaultContentNegotiation
+
+
+class CT(DefaultContentNegotiation):
+
+    def select_renderer(self, request, renderers, format_suffix=None):
+        format_query_param = self.settings.URL_FORMAT_OVERRIDE
+        format = format_suffix or request.query_params.get(format_query_param)
+        if format == 'iqy':
+            for renderer in renderers:
+                if renderer.format == format:
+                    return renderer, renderer.media_type
+
+        return super().select_renderer(request, renderers, format_suffix)
diff --git a/src/unicef_rest_framework/renderers/__init__.py b/src/unicef_rest_framework/renderers/__init__.py
index 8cc3dadc9..ab3d1cd40 100644
--- a/src/unicef_rest_framework/renderers/__init__.py
+++ b/src/unicef_rest_framework/renderers/__init__.py
@@ -4,3 +4,5 @@
 from .xls import XLSXRenderer  # noqa
 from .html import HTMLRenderer  # noqa
 from .pdf import PDFRenderer  # noqa
+from .txt import TextRenderer  # noqa
+from .iqy import IQYRenderer  # noqa
diff --git a/src/unicef_rest_framework/renderers/html.py b/src/unicef_rest_framework/renderers/html.py
index d47436ad6..cb045c45b 100644
--- a/src/unicef_rest_framework/renderers/html.py
+++ b/src/unicef_rest_framework/renderers/html.py
@@ -21,7 +21,7 @@ def get_template(self, meta):
         return loader.select_template([
             f'renderers/html/{meta.app_label}/{meta.model_name}.html',
             f'renderers/html/{meta.app_label}/html.html',
-            'renderers/html/html.html'])
+            'renderers/html.html'])
 
     def render(self, data, accepted_media_type=None, renderer_context=None):
         response = renderer_context['response']
diff --git a/src/unicef_rest_framework/renderers/iqy.py b/src/unicef_rest_framework/renderers/iqy.py
new file mode 100644
index 000000000..c349e6495
--- /dev/null
+++ b/src/unicef_rest_framework/renderers/iqy.py
@@ -0,0 +1,50 @@
+import logging
+
+from crashlog.middleware import process_exception
+from django.template import loader
+from rest_framework.renderers import BaseRenderer
+
+logger = logging.getLogger(__name__)
+
+
+def labelize(v):
+    return v.replace("_", " ").title()
+
+
+class IQYRenderer(BaseRenderer):
+    media_type = 'text/plain'
+    format = 'iqy'
+    charset = 'utf-8'
+    render_style = 'text'
+
+    def get_template(self, meta):
+        return loader.select_template([
+            f'renderers/iqy/{meta.app_label}/{meta.model_name}.txt',
+            f'renderers/iqy/{meta.app_label}/iqy.txt',
+            'renderers/iqy.txt'])
+
+    def render(self, data, accepted_media_type=None, renderer_context=None):
+        response = renderer_context['response']
+        if response.status_code != 200:
+            return ''
+        try:
+            model = renderer_context['view'].queryset.model
+            opts = model._meta
+            template = self.get_template(opts)
+            if data and 'results' in data:
+                data = data['results']
+            if data:
+                c = {'data': data,
+                     'model': model,
+                     'opts': opts,
+                     'headers': [labelize(v) for v in data[0].keys()]}
+            else:
+                c = {'data': {},
+                     'model': model,
+                     'opts': opts,
+                     'headers': []}
+            return template.render(c)
+        except Exception as e:
+            process_exception(e)
+            logger.exception(e)
+            raise Exception('Error processing request') from e
diff --git a/src/unicef_rest_framework/renderers/pdf.py b/src/unicef_rest_framework/renderers/pdf.py
index bb6010020..36f52a907 100644
--- a/src/unicef_rest_framework/renderers/pdf.py
+++ b/src/unicef_rest_framework/renderers/pdf.py
@@ -49,7 +49,7 @@ def get_template(self, meta):
         return loader.select_template([
             f'renderers/pdf/{meta.app_label}/{meta.model_name}.html',
             f'renderers/pdf/{meta.app_label}/pdf.html',
-            'renderers/pdf/pdf.html'])
+            'renderers/pdf.html'])
 
     def render(self, data, accepted_media_type=None, renderer_context=None):
         response = renderer_context['response']
diff --git a/src/unicef_rest_framework/renderers/txt.py b/src/unicef_rest_framework/renderers/txt.py
new file mode 100644
index 000000000..a51d395eb
--- /dev/null
+++ b/src/unicef_rest_framework/renderers/txt.py
@@ -0,0 +1,50 @@
+import logging
+
+from crashlog.middleware import process_exception
+from django.template import loader
+from rest_framework.renderers import BaseRenderer
+
+logger = logging.getLogger(__name__)
+
+
+def labelize(v):
+    return v.replace("_", " ").title()
+
+
+class TextRenderer(BaseRenderer):
+    media_type = 'text/plain'
+    format = 'txt'
+    charset = 'utf-8'
+    render_style = 'text'
+
+    def get_template(self, meta):
+        return loader.select_template([
+            f'renderers/text/{meta.app_label}/{meta.model_name}.txt',
+            f'renderers/text/{meta.app_label}/text.txt',
+            'renderers/text.txt'])
+
+    def render(self, data, accepted_media_type=None, renderer_context=None):
+        response = renderer_context['response']
+        if response.status_code != 200:
+            return ''
+        try:
+            model = renderer_context['view'].queryset.model
+            opts = model._meta
+            template = self.get_template(opts)
+            if data and 'results' in data:
+                data = data['results']
+            if data:
+                c = {'data': data,
+                     'model': model,
+                     'opts': opts,
+                     'headers': [labelize(v) for v in data[0].keys()]}
+            else:
+                c = {'data': {},
+                     'model': model,
+                     'opts': opts,
+                     'headers': []}
+            return template.render(c)
+        except Exception as e:
+            process_exception(e)
+            logger.exception(e)
+            raise Exception('Error processing request') from e
diff --git a/src/unicef_rest_framework/templates/renderers/html/html.html b/src/unicef_rest_framework/templates/renderers/html.html
similarity index 100%
rename from src/unicef_rest_framework/templates/renderers/html/html.html
rename to src/unicef_rest_framework/templates/renderers/html.html
diff --git a/src/unicef_rest_framework/templates/renderers/iqy.txt b/src/unicef_rest_framework/templates/renderers/iqy.txt
new file mode 100644
index 000000000..33648c01b
--- /dev/null
+++ b/src/unicef_rest_framework/templates/renderers/iqy.txt
@@ -0,0 +1,2 @@
+<table><tr>{% for v in headers %}<th>{{ v }}</th>{% endfor %}{% for row in data %}
+<tr>{% for k,v in row.items %}<td>{{ v }}</td>{% endfor %}</tr>{% endfor %}</table>
diff --git a/src/unicef_rest_framework/templates/renderers/pdf/pdf.html b/src/unicef_rest_framework/templates/renderers/pdf.html
similarity index 100%
rename from src/unicef_rest_framework/templates/renderers/pdf/pdf.html
rename to src/unicef_rest_framework/templates/renderers/pdf.html
diff --git a/src/unicef_rest_framework/templates/renderers/text.txt b/src/unicef_rest_framework/templates/renderers/text.txt
new file mode 100644
index 000000000..4a7bda5f3
--- /dev/null
+++ b/src/unicef_rest_framework/templates/renderers/text.txt
@@ -0,0 +1,2 @@
+{% for v in headers %}{{ v }}   {% endfor %}{% for row in data %}
+{% for k,v in row.items %}{{ v }} {% endfor %}{% endfor %}
diff --git a/src/unicef_rest_framework/utils.py b/src/unicef_rest_framework/utils.py
index 5de29f026..35428fa5d 100644
--- a/src/unicef_rest_framework/utils.py
+++ b/src/unicef_rest_framework/utils.py
@@ -1,5 +1,6 @@
 # -*- coding: utf-8 -*-
 import os
+from urllib.parse import urlencode
 
 from rest_framework.settings import api_settings
 
@@ -49,3 +50,22 @@ def humanize_size(num, suffix='B'):
 
 def get_hostname():
     return os.environ.get('HOSTNAME')
+
+
+def get_query_string(params, new_params=None, remove=None):
+    if new_params is None:
+        new_params = {}
+    if remove is None:
+        remove = []
+    p = params.copy()
+    for r in remove:
+        for k in list(p):
+            if k.startswith(r):
+                del p[k]
+    for k, v in new_params.items():
+        if v is None:
+            if k in p:
+                del p[k]
+        else:
+            p[k] = v
+    return '?%s' % urlencode(sorted(p.items()))
diff --git a/src/unicef_rest_framework/views.py b/src/unicef_rest_framework/views.py
index 2faae5e3a..ec23423c7 100644
--- a/src/unicef_rest_framework/views.py
+++ b/src/unicef_rest_framework/views.py
@@ -11,14 +11,16 @@
 from rest_framework_xml.renderers import XMLRenderer
 from rest_framework_yaml.renderers import YAMLRenderer
 from strategy_field.utils import fqn
-from unicef_rest_framework import acl
-from unicef_rest_framework.auth import JWTAuthentication
-from unicef_rest_framework.cache import cache_response, etag, ListKeyConstructor
-from unicef_rest_framework.filtering import SystemFilterBackend
-from unicef_rest_framework.permissions import ServicePermission
-from unicef_rest_framework.renderers import (APIBrowsableAPIRenderer, HTMLRenderer, MSJSONRenderer,
-                                             MSXmlRenderer, PDFRenderer, XLSXRenderer,)
-from unicef_rest_framework.renderers.csv import CSVRenderer
+
+from . import acl
+from .auth import IPBasedAuthentication, JWTAuthentication, URLTokenAuthentication
+from .cache import cache_response, etag, ListKeyConstructor
+from .filtering import SystemFilterBackend
+from .negotiation import CT
+from .permissions import ServicePermission
+from .renderers import (APIBrowsableAPIRenderer, HTMLRenderer, IQYRenderer, MSJSONRenderer,
+                        MSXmlRenderer, PDFRenderer, TextRenderer, XLSXRenderer,)
+from .renderers.csv import CSVRenderer
 
 
 class classproperty(object):
@@ -40,10 +42,15 @@ class ReadOnlyModelViewSet(DynamicSerializerMixin, viewsets.ReadOnlyModelViewSet
     list_etag_func = ListKeyConstructor()
 
     authentication_classes = (SessionAuthentication,
+                              IPBasedAuthentication,
                               JWTAuthentication,
                               BasicAuthentication,
-                              TokenAuthentication)
+                              TokenAuthentication,
+                              IPBasedAuthentication,
+                              URLTokenAuthentication,
+                              )
     default_access = acl.ACL_ACCESS_LOGIN
+    content_negotiation_class = CT
     filter_backends = [SystemFilterBackend,
                        QueryStringFilterBackend,
                        OrderingFilter]
@@ -57,6 +64,8 @@ class ReadOnlyModelViewSet(DynamicSerializerMixin, viewsets.ReadOnlyModelViewSet
                         MSJSONRenderer,
                         XMLRenderer,
                         MSXmlRenderer,
+                        TextRenderer,
+                        IQYRenderer,
                         ]
     ordering_fields = ('id',)
     ordering = 'id'
@@ -76,6 +85,11 @@ def dispatch(self, request, *args, **kwargs):
 
         return super().dispatch(request, *args, **kwargs)
 
+    # def filter_queryset(self, queryset):
+    #     if hasattr(self.request, 'api_info'):
+    #         self.request.api_info["sql"] = str(queryset.query)
+    #     return super().filter_queryset(queryset)
+
     @classproperty
     def label(cls):
         return cls.__name__.replace("ViewSet", "")
diff --git a/src/unicef_rest_framework/views_mixins.py b/src/unicef_rest_framework/views_mixins.py
new file mode 100644
index 000000000..088a753b0
--- /dev/null
+++ b/src/unicef_rest_framework/views_mixins.py
@@ -0,0 +1,27 @@
+from django.conf import settings
+from django.http import HttpResponse
+from rest_framework.decorators import action
+from unicef_rest_framework.utils import get_query_string
+
+
+class IQYConnectionMixin:
+
+    @action(methods=['get'], detail=False)
+    def iqy(self, request, version):
+        qs = get_query_string(request.query_params, {'format': 'iqy'},
+                              remove=['format'])
+        url = f"{request.path}".replace('/iqy/', '/')
+
+        iqy = """WEB
+1
+{host}{url}{qs}
+
+Selection=AllTables
+Formatting=html
+PreFormattedTextToColumns=True
+ConsecutiveDelimitersAsOne=True
+SingleBlockTextImport=False
+DisableDateRecognition=False
+
+""".format(host=settings.ABSOLUTE_BASE_URL, request=request, qs=qs, url=url)
+        return HttpResponse(iqy, content_type='text/plain')
diff --git a/tests/.coveragerc b/tests/.coveragerc
index 47792326e..59098792e 100644
--- a/tests/.coveragerc
+++ b/tests/.coveragerc
@@ -13,6 +13,7 @@ omit =
         **/multitenant/postgresql/creation.py
         **/apps/etools/models/public_old.py
         **/apps/etools/models/tenant_old.py
+        **/tracking/management/commands/track.py
 
 [report]
 # Regexes for lines to exclude from consideration
diff --git a/tests/api/test_api_data.py b/tests/api/test_api_data.py
index adee3a0e6..46fdb4e04 100644
--- a/tests/api/test_api_data.py
+++ b/tests/api/test_api_data.py
@@ -1,10 +1,13 @@
 # -*- coding: utf-8 -*-
 import pytest
+from dateutil.utils import today
+from django.contrib.contenttypes.models import ContentType
 from test_utilities.factories import (FAMIndicatorFactory, HACTFactory, InterventionFactory,
-                                      PMPIndicatorFactory, UserStatsFactory,)
+                                      PMPIndicatorFactory, TaskLogFactory, UserStatsFactory,)
 
 from etools_datamart.api.endpoints import (FAMIndicatorViewSet, HACTViewSet, InterventionViewSet,
                                            PMPIndicatorsViewSet, UserStatsViewSet,)
+from etools_datamart.apps.data.models import FAMIndicator
 from etools_datamart.apps.etl.models import EtlTask
 
 VIEWSETS = [
@@ -51,6 +54,16 @@ def test_list(client, action, viewset, format, ct, data):
     assert res.content
     assert res['Content-Type'] == ct
 
+
+def test_updates(client):
+    viewset = FAMIndicatorViewSet()
+    TaskLogFactory(last_changes=today(),
+                   content_type=ContentType.objects.get_for_model(FAMIndicator))
+
+    url = f"{viewset.get_service().endpoint}updates/"
+    res = client.get(url)
+    assert res.status_code == 200, res
+
 # @pytest.mark.parametrize("viewset", VIEWSETS)
 # def test_list_json(client, viewset):
 #     res = client.get(viewset.get_service().endpoint)
diff --git a/tests/api/test_datamart_security.py b/tests/api/test_datamart_security.py
index 2ae628dcf..345fab2ee 100644
--- a/tests/api/test_datamart_security.py
+++ b/tests/api/test_datamart_security.py
@@ -29,10 +29,8 @@ def user_data(db):
 
 
 PARAMS = [("", 200, 3),
-          ("country_name=", 200, 1),
           ("country_name=lebanon", 200, 1),
           ("country_name!=lebanon", 200, 2),
-          ("country_name!=lebanon", 200, 2),
           ]
 
 
@@ -48,7 +46,7 @@ def test_datamart_user_access_allowed_countries(user, url, code, expected, user_
     with user_allow_service(user, UserStatsViewSet):
         res = client.get(f"{base}?{url}")
         assert res.status_code == code, res
-        assert len(res.json()['results']) == expected
+        assert len(res.json()['results']) == expected, res.json()
 
 
 def test_datamart_user_access_forbidden_countries(user, user_data):
diff --git a/tests/etl/test_etl_result.py b/tests/etl/test_etl_result.py
index e9ebac924..e1cae78f6 100644
--- a/tests/etl/test_etl_result.py
+++ b/tests/etl/test_etl_result.py
@@ -1,3 +1,4 @@
+from etools_datamart.apps.etl.results import etl_decoder, etl_dumps, etl_loads, EtlEncoder
 from etools_datamart.apps.etl.tasks.etl import EtlResult
 
 
@@ -19,3 +20,27 @@ def test_result_ne_dict():
 
 def test_result_ne_other():
     assert not EtlResult() == 1
+
+
+def test_encoder():
+    e = EtlEncoder()
+    assert e.encode(
+        EtlResult(1, 1, 1)) == '{"__type__": "__EtlResult__", "data": {"created": 1, "updated": 1, "unchanged": 1}}'
+
+
+def test_encoder2():
+    e = EtlEncoder()
+    assert e.encode({}) == '{}'
+
+
+def test_encode():
+    assert etl_decoder({}) == {}
+
+
+def test_dumps():
+    assert etl_dumps(
+        EtlResult(1, 1, 1)) == '{"__type__": "__EtlResult__", "data": {"created": 1, "updated": 1, "unchanged": 1}}'
+
+
+def test_loads():
+    assert etl_loads(etl_dumps({"a": 1})) == {"a": 1}
diff --git a/tests/test_admin.py b/tests/test_admin.py
index 2e4d80b52..871c1c7ac 100644
--- a/tests/test_admin.py
+++ b/tests/test_admin.py
@@ -9,3 +9,9 @@ def test_constance(django_app, admin_user):
     url = reverse("admin:constance_config_changelist")
     res = django_app.get(url, user=admin_user)
     assert res.status_code == 200
+
+
+def test_sysinfo(django_app, admin_user):
+    url = reverse("sys-admin-info")
+    res = django_app.get(url, user=admin_user)
+    assert res.status_code == 200
diff --git a/tests/test_celery.py b/tests/test_celery.py
new file mode 100644
index 000000000..9c38a74a5
--- /dev/null
+++ b/tests/test_celery.py
@@ -0,0 +1,6 @@
+from etools_datamart.celery import app
+
+
+def test_autodiscover():
+    ret = app.tasks
+    assert 'etools_datamart.apps.etl.tasks.etl.load_hact' in ret
diff --git a/tests/test_subscription.py b/tests/test_subscription.py
index b2c2e5063..cb9a99c02 100644
--- a/tests/test_subscription.py
+++ b/tests/test_subscription.py
@@ -1,7 +1,10 @@
+import base64
 import json
+from unittest.mock import MagicMock
 
 import pytest
 from django.contrib.auth.models import AnonymousUser
+from django.http import HttpResponse
 from django.urls import reverse
 from test_utilities.factories import EmailTemplateFactory, HACTFactory, SubscriptionFactory
 from unicef_rest_framework.test_utils import user_allow_service
@@ -9,6 +12,7 @@
 from etools_datamart.apps.data.models import HACT
 from etools_datamart.apps.etl.models import EtlTask
 from etools_datamart.apps.subscriptions.models import Subscription
+from etools_datamart.apps.subscriptions.urls import http_basic_auth
 from etools_datamart.apps.subscriptions.views import subscribe
 
 
@@ -103,3 +107,60 @@ def test_notification_email_attachment(subscription_attachment: Subscription, em
     assert len(emails) == 1
     assert emails[0].to == [subscription_attachment.user.email]
     assert emails[0].attachments.count() == 1
+
+
+def test_http_basic_auth_401(rf):
+    request = rf.get('/')
+    request.user = AnonymousUser()
+
+    def view(request):
+        return 11
+
+    f = http_basic_auth(view)
+    res = f(request)
+    assert res.status_code == 401
+
+
+def test_http_basic_auth_401b(rf, admin_user):
+    string = '%s:%s' % ('admin', '--')
+    base64string = base64.standard_b64encode(string.encode('utf-8'))
+    request = rf.get('/', HTTP_AUTHORIZATION="Digest %s" % base64string.decode('utf-8'))
+    request.user = AnonymousUser()
+    request.session = MagicMock()
+
+    def view(request):
+        return HttpResponse("Ok")
+
+    f = http_basic_auth(view)
+    res = f(request)
+    assert res.status_code == 401
+
+
+def test_http_basic_auth_400(rf, admin_user):
+    string = '%s:%s' % ('admin', '--')
+    base64string = base64.standard_b64encode(string.encode('utf-8'))
+    request = rf.get('/', HTTP_AUTHORIZATION="Basic %s" % base64string.decode('utf-8'))
+    request.user = AnonymousUser()
+    request.session = MagicMock()
+
+    def view(request):
+        return HttpResponse("Ok")
+
+    f = http_basic_auth(view)
+    res = f(request)
+    assert res.status_code == 403
+
+
+def test_http_basic_auth_200(rf, admin_user):
+    string = '%s:%s' % ('admin', 'password')
+    base64string = base64.standard_b64encode(string.encode('utf-8'))
+    request = rf.get('/', HTTP_AUTHORIZATION="Basic %s" % base64string.decode('utf-8'))
+    request.user = AnonymousUser()
+    request.session = MagicMock()
+
+    def view(request):
+        return HttpResponse("Ok")
+
+    f = http_basic_auth(view)
+    res = f(request)
+    assert res.status_code == 200

From 1ce59803daa501cfed8be06b47c6082ecae5cbf5 Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Fri, 7 Dec 2018 13:09:10 +0100
Subject: [PATCH 19/86] updates Debug Auth backends

---
 src/unicef_rest_framework/auth.py | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/unicef_rest_framework/auth.py b/src/unicef_rest_framework/auth.py
index 27ee5314d..343573f8f 100644
--- a/src/unicef_rest_framework/auth.py
+++ b/src/unicef_rest_framework/auth.py
@@ -2,6 +2,7 @@
 
 from constance import config
 from crashlog.middleware import process_exception
+from django.conf import settings
 from django.contrib.auth import get_user_model, login
 from django.utils.translation import ugettext as _
 from rest_framework import exceptions
@@ -98,5 +99,3 @@ def authenticate_credentials(self, payload):
             msg = _('User account is disabled.')
             raise exceptions.AuthenticationFailed(msg)
         return user
-
-# AQABAAIAAAC5una0EUFgTIF8ElaxtWjTE8f9OcsbHLLnobNloaTfC--E_fRoUrtiw2jul5yBV9rN3CO2C1BJ2IB99esAhsuRrzEowH3COPLFe5hkhovi4zfceFjwu6iSXpfgAFVGuo_fmep0osVwr0WkFzhWI5QEgNNnrf7d7gFm4iVC4gFE24R_JymglPADBvJIUMGAPHYg-IEyK1GKSkzpNSjJNZz6Pad_uVlDMrssFcrRqxKOJzqIhggLq7XQpJnmfUF5dJNdriDMkUjHBhDqlNpKTJZpnJg0jfIn7843kmKH0WXbJL0ss-tfgc_d8Q0240bdYXX6YSBV20NPx7MHy5V9i1RAtmr11cHBCw3uDuRriomgOhtIxTKYLox8iKYHbELA9Opvd-zLJm9krxoxlEHVO-PKl11No1mT8ZC83Ox37yxG5vrE7U7UxaLml9PmrjRZQoD1HvJ354IxZyP2pytYq2XhvIG_NDSDfuO5hwzPKb9F7G4Hytu96plKlu_yvdZ4Gghbp7z2sryeAiCnpYNlskGVUrQwF7BSHT73XuuOWeFelp-jn3tR4LQwqEGkg3zLqswcjbsRykSvS3cY6xTdBsCb7H70nygnhOgr_WlT9oY9KS2ElBVU-Q8OE8mkJ1rDV42hRb-haC7yzyUgtofbSQdVMIUgJRpuxYCrHNJ5oRsXmrWI0EVTdWFN25kwOMYPwOI8rzVf1oHikTQiHm3AN5wz0ill40IfjLB9niMEn4kntLDGJU1rIeALxv1s4lHxMZHpc1YEgLTf_3LnGtrsca3bIAA

From 293cde825263f8c589df7ee26f79db59d1601f35 Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Fri, 7 Dec 2018 13:41:23 +0100
Subject: [PATCH 20/86] updates Debug Auth backends

---
 src/unicef_rest_framework/auth.py | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/src/unicef_rest_framework/auth.py b/src/unicef_rest_framework/auth.py
index 343573f8f..bcd3398a4 100644
--- a/src/unicef_rest_framework/auth.py
+++ b/src/unicef_rest_framework/auth.py
@@ -39,13 +39,14 @@ def authenticate(self, request):
 
 class IPBasedAuthentication(BaseAuthentication):
     def authenticate(self, request):
-        ip = get_client_ip(request.META)
-        if ip == '127.0.0.1':
-            User = get_user_model()
-            user = User.objects.get_by_natural_key('sax')
-            request.user = user
-            login(request, user, 'social_core.backends.azuread_tenant.AzureADTenantOAuth2')
-            return (user, None)
+        if settings.DEBUG:
+            ip = get_client_ip(request.META)
+            if ip == '127.0.0.1':
+                User = get_user_model()
+                user = User.objects.get_by_natural_key('sax')
+                request.user = user
+                login(request, user, 'social_core.backends.azuread_tenant.AzureADTenantOAuth2')
+                return (user, None)
 
 
 class JWTAuthentication(authentication.JSONWebTokenAuthentication):

From f177657a690263fc633464ba451c50fb1977cd21 Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Fri, 7 Dec 2018 14:05:47 +0100
Subject: [PATCH 21/86] add UserServiceToken - reset migrations

---
 pyproject.toml                                      |  3 +++
 .../apps/data/migrations/0001_initial.py            |  2 +-
 .../apps/etl/migrations/0001_initial.py             |  2 +-
 .../apps/subscriptions/migrations/0001_initial.py   |  2 +-
 ..._20181206_1447.py => 0002_auto_20181207_1305.py} |  4 ++--
 .../apps/tracking/migrations/0001_initial.py        |  2 +-
 ..._20181206_1447.py => 0002_auto_20181207_1305.py} |  2 +-
 src/unicef_rest_framework/auth.py                   |  2 +-
 .../migrations/0001_initial.py                      | 12 +++++++++++-
 ..._20181206_1447.py => 0002_auto_20181207_1305.py} | 13 +++++++++----
 src/unicef_rest_framework/models/__init__.py        |  1 +
 src/unicef_rest_framework/models/token.py           | 11 +++++++++++
 src/unicef_security/migrations/0001_initial.py      |  2 +-
 13 files changed, 44 insertions(+), 14 deletions(-)
 create mode 100644 pyproject.toml
 rename src/etools_datamart/apps/subscriptions/migrations/{0002_auto_20181206_1447.py => 0002_auto_20181207_1305.py} (93%)
 rename src/etools_datamart/apps/tracking/migrations/{0002_auto_20181206_1447.py => 0002_auto_20181207_1305.py} (97%)
 rename src/unicef_rest_framework/migrations/{0002_auto_20181206_1447.py => 0002_auto_20181207_1305.py} (94%)
 create mode 100644 src/unicef_rest_framework/models/token.py

diff --git a/pyproject.toml b/pyproject.toml
new file mode 100644
index 000000000..388a6acf1
--- /dev/null
+++ b/pyproject.toml
@@ -0,0 +1,3 @@
+[build-system]
+requires = ["setuptools", "wheel", "pipenv"]
+
diff --git a/src/etools_datamart/apps/data/migrations/0001_initial.py b/src/etools_datamart/apps/data/migrations/0001_initial.py
index 8c4e74b38..a2605a968 100644
--- a/src/etools_datamart/apps/data/migrations/0001_initial.py
+++ b/src/etools_datamart/apps/data/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-06 14:47
+# Generated by Django 2.1.4 on 2018-12-07 13:05
 
 import django.contrib.postgres.fields.jsonb
 import month_field.models
diff --git a/src/etools_datamart/apps/etl/migrations/0001_initial.py b/src/etools_datamart/apps/etl/migrations/0001_initial.py
index 92dd230b3..e666b9952 100644
--- a/src/etools_datamart/apps/etl/migrations/0001_initial.py
+++ b/src/etools_datamart/apps/etl/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-06 14:47
+# Generated by Django 2.1.4 on 2018-12-07 13:05
 
 import django.contrib.postgres.fields.jsonb
 import django.db.models.deletion
diff --git a/src/etools_datamart/apps/subscriptions/migrations/0001_initial.py b/src/etools_datamart/apps/subscriptions/migrations/0001_initial.py
index f04973063..07b473ed0 100644
--- a/src/etools_datamart/apps/subscriptions/migrations/0001_initial.py
+++ b/src/etools_datamart/apps/subscriptions/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-06 14:47
+# Generated by Django 2.1.4 on 2018-12-07 13:05
 
 import django.db.models.deletion
 from django.db import migrations, models
diff --git a/src/etools_datamart/apps/subscriptions/migrations/0002_auto_20181206_1447.py b/src/etools_datamart/apps/subscriptions/migrations/0002_auto_20181207_1305.py
similarity index 93%
rename from src/etools_datamart/apps/subscriptions/migrations/0002_auto_20181206_1447.py
rename to src/etools_datamart/apps/subscriptions/migrations/0002_auto_20181207_1305.py
index 7f73b93e7..8fd005401 100644
--- a/src/etools_datamart/apps/subscriptions/migrations/0002_auto_20181206_1447.py
+++ b/src/etools_datamart/apps/subscriptions/migrations/0002_auto_20181207_1305.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-06 14:47
+# Generated by Django 2.1.4 on 2018-12-07 13:05
 
 import django.db.models.deletion
 from django.conf import settings
@@ -10,8 +10,8 @@ class Migration(migrations.Migration):
     initial = True
 
     dependencies = [
-        ('subscriptions', '0001_initial'),
         migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+        ('subscriptions', '0001_initial'),
     ]
 
     operations = [
diff --git a/src/etools_datamart/apps/tracking/migrations/0001_initial.py b/src/etools_datamart/apps/tracking/migrations/0001_initial.py
index 300391fcd..1d11761e3 100644
--- a/src/etools_datamart/apps/tracking/migrations/0001_initial.py
+++ b/src/etools_datamart/apps/tracking/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-06 14:47
+# Generated by Django 2.1.4 on 2018-12-07 13:05
 
 import django.utils.timezone
 import strategy_field.fields
diff --git a/src/etools_datamart/apps/tracking/migrations/0002_auto_20181206_1447.py b/src/etools_datamart/apps/tracking/migrations/0002_auto_20181207_1305.py
similarity index 97%
rename from src/etools_datamart/apps/tracking/migrations/0002_auto_20181206_1447.py
rename to src/etools_datamart/apps/tracking/migrations/0002_auto_20181207_1305.py
index 271fa1e24..9861b7e23 100644
--- a/src/etools_datamart/apps/tracking/migrations/0002_auto_20181206_1447.py
+++ b/src/etools_datamart/apps/tracking/migrations/0002_auto_20181207_1305.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-06 14:47
+# Generated by Django 2.1.4 on 2018-12-07 13:05
 
 import django.db.models.deletion
 from django.conf import settings
diff --git a/src/unicef_rest_framework/auth.py b/src/unicef_rest_framework/auth.py
index bcd3398a4..94a44d11f 100644
--- a/src/unicef_rest_framework/auth.py
+++ b/src/unicef_rest_framework/auth.py
@@ -39,7 +39,7 @@ def authenticate(self, request):
 
 class IPBasedAuthentication(BaseAuthentication):
     def authenticate(self, request):
-        if settings.DEBUG:
+        if settings.DEBUG:  # pragma: no cover
             ip = get_client_ip(request.META)
             if ip == '127.0.0.1':
                 User = get_user_model()
diff --git a/src/unicef_rest_framework/migrations/0001_initial.py b/src/unicef_rest_framework/migrations/0001_initial.py
index b1c342065..3894e011d 100644
--- a/src/unicef_rest_framework/migrations/0001_initial.py
+++ b/src/unicef_rest_framework/migrations/0001_initial.py
@@ -1,9 +1,10 @@
-# Generated by Django 2.1.4 on 2018-12-06 14:47
+# Generated by Django 2.1.4 on 2018-12-07 13:05
 
 import uuid
 
 import concurrency.fields
 import django.contrib.postgres.fields
+import django.db.models.deletion
 import strategy_field.fields
 import unicef_rest_framework.models.acl
 from django.db import migrations, models
@@ -113,4 +114,13 @@ class Migration(migrations.Migration):
                 'ordering': ('user', 'service'),
             },
         ),
+        migrations.CreateModel(
+            name='UserServiceToken',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('token', models.CharField(max_length=1000)),
+                ('expires', models.DateField(blank=True, null=True)),
+                ('service', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='unicef_rest_framework.Service')),
+            ],
+        ),
     ]
diff --git a/src/unicef_rest_framework/migrations/0002_auto_20181206_1447.py b/src/unicef_rest_framework/migrations/0002_auto_20181207_1305.py
similarity index 94%
rename from src/unicef_rest_framework/migrations/0002_auto_20181206_1447.py
rename to src/unicef_rest_framework/migrations/0002_auto_20181207_1305.py
index 699cb08ac..d81ea7c2f 100644
--- a/src/unicef_rest_framework/migrations/0002_auto_20181206_1447.py
+++ b/src/unicef_rest_framework/migrations/0002_auto_20181207_1305.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-06 14:47
+# Generated by Django 2.1.4 on 2018-12-07 13:05
 
 import django.db.models.deletion
 from django.conf import settings
@@ -10,13 +10,18 @@ class Migration(migrations.Migration):
     initial = True
 
     dependencies = [
-        ('contenttypes', '0002_remove_content_type_name'),
-        ('auth', '0009_alter_user_last_name_max_length'),
         ('unicef_rest_framework', '0001_initial'),
+        ('auth', '0009_alter_user_last_name_max_length'),
+        ('contenttypes', '0002_remove_content_type_name'),
         migrations.swappable_dependency(settings.AUTH_USER_MODEL),
     ]
 
     operations = [
+        migrations.AddField(
+            model_name='userservicetoken',
+            name='user',
+            field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL),
+        ),
         migrations.AddField(
             model_name='useraccesscontrol',
             name='last_modify_user',
@@ -131,7 +136,7 @@ class Migration(migrations.Migration):
         ),
         migrations.AlterUniqueTogether(
             name='systemfilter',
-            unique_together={('service', 'user'), ('service', 'group')},
+            unique_together={('service', 'group'), ('service', 'user')},
         ),
         migrations.AlterUniqueTogether(
             name='groupaccesscontrol',
diff --git a/src/unicef_rest_framework/models/__init__.py b/src/unicef_rest_framework/models/__init__.py
index 9d8732d70..899b1a388 100644
--- a/src/unicef_rest_framework/models/__init__.py
+++ b/src/unicef_rest_framework/models/__init__.py
@@ -2,5 +2,6 @@
 from .base import MasterDataModel  # noqa
 from .acl import UserAccessControl  # noqa
 from .application import Application  # noqa
+from .token import UserServiceToken # noqa
 from .service import Service, CacheVersion  # noqa
 from .filter import SystemFilter, SystemFilterFieldRule  # noqa
diff --git a/src/unicef_rest_framework/models/token.py b/src/unicef_rest_framework/models/token.py
new file mode 100644
index 000000000..04bd84cb9
--- /dev/null
+++ b/src/unicef_rest_framework/models/token.py
@@ -0,0 +1,11 @@
+from django.conf import settings
+from django.db import models
+
+from .service import Service
+
+
+class UserServiceToken(models.Model):
+    user = models.ForeignKey(settings.AUTH_USER_MODEL, models.CASCADE)
+    service = models.ForeignKey(Service, models.CASCADE)
+    token = models.CharField(max_length=1000)
+    expires = models.DateField(blank=True, null=True)
diff --git a/src/unicef_security/migrations/0001_initial.py b/src/unicef_security/migrations/0001_initial.py
index 573525d7f..6445d7c73 100644
--- a/src/unicef_security/migrations/0001_initial.py
+++ b/src/unicef_security/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-06 14:47
+# Generated by Django 2.1.4 on 2018-12-07 13:05
 
 import django.contrib.auth.models
 import django.contrib.auth.validators

From 2fa6ad29e04b71a4773134a3dc52d7a1065ce90a Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Fri, 7 Dec 2018 14:37:33 +0100
Subject: [PATCH 22/86] pyproject.toml

---
 .style.yapf    | 4 ----
 pyproject.toml | 3 ---
 2 files changed, 7 deletions(-)
 delete mode 100644 .style.yapf
 delete mode 100644 pyproject.toml

diff --git a/.style.yapf b/.style.yapf
deleted file mode 100644
index bb30eb930..000000000
--- a/.style.yapf
+++ /dev/null
@@ -1,4 +0,0 @@
-[style]
-based_on_style = pep8
-spaces_before_comment = 4
-split_before_logical_operator = true
diff --git a/pyproject.toml b/pyproject.toml
deleted file mode 100644
index 388a6acf1..000000000
--- a/pyproject.toml
+++ /dev/null
@@ -1,3 +0,0 @@
-[build-system]
-requires = ["setuptools", "wheel", "pipenv"]
-

From c246822ac006117614e8bec7d6df77f17228da81 Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Fri, 7 Dec 2018 17:36:07 +0100
Subject: [PATCH 23/86] updates redoc iqy docstring

---
 src/unicef_rest_framework/views_mixins.py | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/src/unicef_rest_framework/views_mixins.py b/src/unicef_rest_framework/views_mixins.py
index 088a753b0..908fe7e1b 100644
--- a/src/unicef_rest_framework/views_mixins.py
+++ b/src/unicef_rest_framework/views_mixins.py
@@ -1,13 +1,29 @@
 from django.conf import settings
 from django.http import HttpResponse
+from drf_yasg.utils import swagger_auto_schema
 from rest_framework.decorators import action
 from unicef_rest_framework.utils import get_query_string
 
+IQY = """WEB
+1
+http://datamart.unicef.io/api/latest/hact/?format=iqy
+
+Selection=AllTables
+Formatting=html
+PreFormattedTextToColumns=True
+ConsecutiveDelimitersAsOne=True
+SingleBlockTextImport=False
+DisableDateRecognition=False
+DisableRedirections=True
+"""
+
 
 class IQYConnectionMixin:
 
+    @swagger_auto_schema(responses={200: "OK"})
     @action(methods=['get'], detail=False)
     def iqy(self, request, version):
+        """Returns .iqy file to be used as Excel Web Connection """
         qs = get_query_string(request.query_params, {'format': 'iqy'},
                               remove=['format'])
         url = f"{request.path}".replace('/iqy/', '/')
@@ -22,6 +38,6 @@ def iqy(self, request, version):
 ConsecutiveDelimitersAsOne=True
 SingleBlockTextImport=False
 DisableDateRecognition=False
-
+DisableRedirections=True
 """.format(host=settings.ABSOLUTE_BASE_URL, request=request, qs=qs, url=url)
         return HttpResponse(iqy, content_type='text/plain')

From 8eba2d24710af30fb8205d43b0c59e9d31097d5e Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Fri, 7 Dec 2018 18:17:02 +0100
Subject: [PATCH 24/86] force casting to avoid PicklingError in admin index

---
 src/etools_datamart/config/admin.py | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/src/etools_datamart/config/admin.py b/src/etools_datamart/config/admin.py
index 97b9904bf..2b10ef400 100644
--- a/src/etools_datamart/config/admin.py
+++ b/src/etools_datamart/config/admin.py
@@ -2,12 +2,14 @@
 
 from django.contrib.admin import AdminSite
 from django.contrib.admin.apps import SimpleAdminConfig
-from django.core.cache import cache
+from django.core.cache import caches
 from django.http import HttpResponseRedirect
 from django.template.response import TemplateResponse
 from django.utils.translation import gettext_lazy
 from django.views.decorators.cache import never_cache
 
+cache = caches['default']
+
 
 def reset_counters(request):
     from etools_datamart.apps.tracking.utils import reset_all_counters
@@ -83,14 +85,13 @@ def get_section(model, app):
                 for model in app['models']:
                     sec = get_section(model, app)
                     groups[sec].append(
-                        {'app_label': app['app_label'],
-                         'app_name': app['name'],
+                        {'app_label': str(app['app_label']),
+                         'app_name': str(app['name']),
                          'app_url': app['app_url'],
                          'label': "%s - %s" % (app['name'], model['object_name']),
-                         'model_name': model['name'],
+                         'model_name': str(model['name']),
                          'admin_url': model['admin_url'],
                          'perms': model['perms']})
-
             for __, models in groups.items():
                 models.sort(key=lambda x: x['label'])
             cache.set(key, groups, 60 * 60)

From 18f822bdeda6e3da7ec14ea791a73239debf1f50 Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Fri, 7 Dec 2018 19:13:23 +0100
Subject: [PATCH 25/86] force content-disposition of iqy

---
 docker/Makefile                           |  2 +-
 src/unicef_rest_framework/views_mixins.py | 11 +++++++++--
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/docker/Makefile b/docker/Makefile
index 64e2ed5f4..06fa2af75 100644
--- a/docker/Makefile
+++ b/docker/Makefile
@@ -80,7 +80,7 @@ local:
 	$(MAKE) .run
 
 release:
-	echo ${DOCKER_PASS} | docker login -u ${DOCKER_USER} --password-stdin
+	@echo ${DOCKER_PASS} | docker login -u ${DOCKER_USER} --password-stdin
 	docker tag ${DOCKER_IMAGE_NAME}:${TARGET} ${DOCKER_IMAGE_NAME}:latest
 	docker push ${DOCKER_IMAGE_NAME}:latest
 	docker push ${DOCKER_IMAGE_NAME}:${TARGET}
diff --git a/src/unicef_rest_framework/views_mixins.py b/src/unicef_rest_framework/views_mixins.py
index 908fe7e1b..ecc96545e 100644
--- a/src/unicef_rest_framework/views_mixins.py
+++ b/src/unicef_rest_framework/views_mixins.py
@@ -24,8 +24,12 @@ class IQYConnectionMixin:
     @action(methods=['get'], detail=False)
     def iqy(self, request, version):
         """Returns .iqy file to be used as Excel Web Connection """
+        try:
+            filename = self.get_service().name
+        except Exception:
+            filename = self.__class__.__name__
         qs = get_query_string(request.query_params, {'format': 'iqy'},
-                              remove=['format'])
+                              remove=['format', '_display'])
         url = f"{request.path}".replace('/iqy/', '/')
 
         iqy = """WEB
@@ -40,4 +44,7 @@ def iqy(self, request, version):
 DisableDateRecognition=False
 DisableRedirections=True
 """.format(host=settings.ABSOLUTE_BASE_URL, request=request, qs=qs, url=url)
-        return HttpResponse(iqy, content_type='text/plain')
+        res = HttpResponse(iqy, content_type='text/plain')
+        if not request.query_params.get('_display', ''):
+            res['Content-Disposition'] = u'attachment; filename="%s.iqy"' % filename
+        return res

From 8f04ac227e2eeaa5560ce78cc03a8e9b5665c267 Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Fri, 7 Dec 2018 20:40:23 +0100
Subject: [PATCH 26/86] allow index page customization

---
 src/etools_datamart/config/admin.py    | 25 ++++++++++++++-----------
 src/etools_datamart/config/settings.py | 12 ++++++++++++
 2 files changed, 26 insertions(+), 11 deletions(-)

diff --git a/src/etools_datamart/config/admin.py b/src/etools_datamart/config/admin.py
index 2b10ef400..7440e759a 100644
--- a/src/etools_datamart/config/admin.py
+++ b/src/etools_datamart/config/admin.py
@@ -1,5 +1,6 @@
 from collections import OrderedDict
 
+from django.conf import settings
 from django.contrib.admin import AdminSite
 from django.contrib.admin.apps import SimpleAdminConfig
 from django.core.cache import caches
@@ -10,6 +11,18 @@
 
 cache = caches['default']
 
+DEFAULT_INDEX_SECTIONS = {
+    'Administration': ['unicef_rest_framework', 'constance', 'dbtemplates', 'subscriptions'],
+    'Data': ['data', 'etools', 'etl'],
+    'Security': ['auth', 'unicef_security',
+                 'unicef_rest_framework.GroupAccessControl',
+                 'unicef_rest_framework.UserAccessControl',
+                 ],
+    'Logs': ['tracking', 'django_db_logging', 'crashlog', ],
+    'System': ['redisboard', 'django_celery_beat', 'post_office'],
+    'Other': ['unicef_rest_framework.Application', ],
+}
+
 
 def reset_counters(request):
     from etools_datamart.apps.tracking.utils import reset_all_counters
@@ -58,17 +71,7 @@ def index_new(self, request, extra_context=None):
         app_list = self.get_app_list(request)
         groups = cache.get(key)
         if not groups:
-            sections = {
-                'Administration': ['unicef_rest_framework', 'constance', 'dbtemplates', 'subscriptions'],
-                'Data': ['data', 'etools', 'etl'],
-                'Security': ['auth', 'unicef_security',
-                             'unicef_rest_framework.GroupAccessControl',
-                             'unicef_rest_framework.UserAccessControl',
-                             ],
-                'Logs': ['tracking', 'django_db_logging', 'crashlog', ],
-                'System': ['redisboard', 'django_celery_beat', 'post_office'],
-                'Other': ['unicef_rest_framework.Application', ],
-            }
+            sections = getattr(settings, 'INDEX_SECTIONS', DEFAULT_INDEX_SECTIONS)
             groups = OrderedDict([(k, []) for k in sections.keys()])
 
             def get_section(model, app):
diff --git a/src/etools_datamart/config/settings.py b/src/etools_datamart/config/settings.py
index 808731f59..1ba9c8f15 100644
--- a/src/etools_datamart/config/settings.py
+++ b/src/etools_datamart/config/settings.py
@@ -619,3 +619,15 @@ def extra(r):
 
 
 SYSINFO = {"extra": {'Azure': extra}}
+
+INDEX_SECTIONS = {
+    'Administration': ['unicef_rest_framework', 'constance', 'dbtemplates', 'subscriptions'],
+    'Data': ['data', 'etools', 'etl'],
+    'Security': ['auth', 'unicef_security',
+                 'unicef_rest_framework.GroupAccessControl',
+                 'unicef_rest_framework.UserAccessControl',
+                 ],
+    'Logs': ['tracking', 'django_db_logging', 'crashlog', ],
+    'System': ['redisboard', 'django_celery_beat', 'post_office'],
+    'Other': ['unicef_rest_framework.Application', ],
+}

From 37bdb076d8afc2dbe319238c302eafd6b0993a69 Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Fri, 7 Dec 2018 20:48:58 +0100
Subject: [PATCH 27/86] fixes cache invalidation

---
 src/unicef_rest_framework/admin/cache.py |  7 +++++--
 tox.ini                                  | 26 +++++++++++++-----------
 2 files changed, 19 insertions(+), 14 deletions(-)

diff --git a/src/unicef_rest_framework/admin/cache.py b/src/unicef_rest_framework/admin/cache.py
index bb3216fa6..c168b5b33 100644
--- a/src/unicef_rest_framework/admin/cache.py
+++ b/src/unicef_rest_framework/admin/cache.py
@@ -40,6 +40,9 @@ def get_queryset(self, request):
     def has_add_permission(self, request):
         return False
 
+    def has_delete_permission(self, request, obj=None):
+        return False
+
     def get_cache_ttl(self, obj):
         if re.search(r'[smhdwy]', obj.cache_ttl):
             return "{} ({})".format(obj.cache_ttl, parse_ttl(obj.cache_ttl))
@@ -89,12 +92,12 @@ def generate_cache_token_single(self, request, pk):
         self.generate_cache_token(request, Service.objects.filter(id=pk))
 
     def incr_version(self, request, queryset):
-        queryset.update(version=F("cache_version") + 1)
+        queryset.update(cache_version=F("cache_version") + 1)
 
     incr_version.short_description = "Increment version"
 
     def reset_version(self, request, queryset):
-        queryset.update(version=1)
+        queryset.update(cache_version=1)
 
     incr_version.short_description = "Increment version"
 
diff --git a/tox.ini b/tox.ini
index bbbb23a40..e5d69e794 100644
--- a/tox.ini
+++ b/tox.ini
@@ -23,35 +23,37 @@ filterwarnings =
     ignore::django.utils.deprecation.RemovedInDjango30Warning
 
 [tox]
-envlist = py{36}-d{21}
+envlist = py{36,37}-d{21}
 minversion = 3.5.2
 
 [testenv]
-basepython = python3.6
-passenv = PYTHONDONTWRITEBYTECODE USER PYTHONPATH DATABASE_URL DATABASE_URL_ETOOLS CIRCLECI CIRCLE_* CI
+;basepython = python3.6
+passenv =
+    CI
+    CIRCLECI CIRCLE_*
+    DATABASE_URL
+    DATABASE_URL_ETOOLS
+    PYTHONDONTWRITEBYTECODE
+    PIPENV_VERBOSITY
+    PYTHONPATH
+    USER
+
 setenv =
     PYTHONDONTWRITEBYTECODE=true
     PYTHONPATH={toxinidir}/src
+    PIPENV_VERBOSITY=-1
 
 deps =
     pipenv==2018.10.13
 
-;PIPSI_HOME
-;PIPSI_BIN_DIR
 commands =
     pipenv install -d --deploy --ignore-pipfile
     pipenv run pre-commit run --all-files
     pipenv run pre-commit run --all-files --hook-stage push
     pipenv run pre-commit run --all-files --hook-stage manual
     pipenv run py.test tests \
-            --create-db \
             --cov-report=term \
             --cov-report=html \
             --cov-config=tests/.coveragerc \
             --cov=etools_datamart
-
-
-[testenv:deps]
-commands =
-    pipenv sync
-    pipenv run {toxinidir}/manage.py check --deploy
+            {posargs}

From 7c7c92cd9be6a0dc0fbb9da6cb40d7c111eb6d0f Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Fri, 7 Dec 2018 23:55:37 +0100
Subject: [PATCH 28/86] admin helpers updates

---
 .../multitenant/postgresql/public.sqldump     | Bin 4047913 -> 4047583 bytes
 src/unicef_rest_framework/admin/cache.py      |   5 ++--
 src/unicef_rest_framework/admin/service.py    |  13 ++++++++---
 src/unicef_rest_framework/models/service.py   |   6 ++---
 src/unicef_rest_framework/renderers/api.py    |  14 +++++++++--
 .../templates/rest_framework/base.html        |  22 ++++++++++++++++--
 6 files changed, 47 insertions(+), 13 deletions(-)

diff --git a/src/etools_datamart/apps/multitenant/postgresql/public.sqldump b/src/etools_datamart/apps/multitenant/postgresql/public.sqldump
index 9dd5980c33d637f5a36de54b87ddc94ef68ec7e1..61254f3855112e0fd46e1c483cf9490d4bea8d9b 100644
GIT binary patch
delta 18185
zcmZ`=2b2}X(!SF(%kC2I=A4(DZkRiFhO~>K0*Wl6C<p>73X&F;hk<B9B|A!?A|hf0
zWO1IfqQaUHP%!Y62e@EFB&^Se34#CXNtgE@<ecW*sj9B(uCA`Gs_uQ^{@<jAdw-M4
zYA)(CphjvDP*NmG3gBP1_%GuBO5RX*y_}ka?^rAv57VdumT$cvUne#5U}~ViTq5UK
zU6Ufr2Wo*l+Hf5!v>r&Fn;<m;r8d-TY?^FUrS@SSV?F%zf@YHcrCQXyRRXD5buD`(
zu!cD(t->5WB;D#9EcdC5ur)OOdY{Tr&1PAJ=Gyvn^NAA$RxtD11WL0`XFcn6R6`N^
zq?l!!_b+Tkv*$^<=ES_9c`|p8I~p|<qlRv*$UL$r-D;7qB>Kf^b9a_a1s$Yx>-@rl
z-Za&a5y+<{Jy?-7ptyr4RSie1IVF?*-eJ}Hv+TSCHcn?sSe`Yq;s+lVQE5(3R%+F@
zZtZuAXx5W$>wS`F#9Y^*&}@ITJxlX+hiq$W`;QZ7)mqtcuK%fqtZ?TlZ;@0r638-7
zhjZz@@lw!S-Su~G#%j#`D_kzPTK^6e`LflxB}KdXpE1>(qZQe*TjUp*wf&RLU23X1
zFqUjR9{beSMobHoQ}2Z=+gcQF^r2cL(B6hptA0wl8S0*7*7Zxbwi(y>!_(A2g+sDy
z9t)c5MhC5%dV~`k;(-olp=+*7HrMydFmInDhLS;cpPK82S+ja=PxLVYC8AHcbzAiv
zo>i-H&8)qklRe#TeFpmS<2tO>CgvA*@>%F%2byg*_G@9K_q{QJQ3Gx50RfX~t?zfE
zuPI%#N-r74S~@#MH6nqw*iYt^fo-k2OA};<YLyMT#OG(kVMb+-3dLR4*&mf*1k%jv
zA(_^`%dhelHWrFmy@nW`yjUo1&ADoTj}1qyFNbzbd}>zO)mc7qShqqW4*A$f*qk$}
zwY?ZaM|Se5B2jD6=!?Cv#Ufgu)Lb&U(Dc+k`HKQGI4;$yzOIEg)L29hWG#K3<(juu
z2dz0{G*98NXv}(R>>!^m8V_WHF3)`R!l1JQM~*-4dXktL3Z&D|FS0Ca@`OA5;i#Hf
zU0Y(#JCRNg=1I2brH{!?&DCEFrD9#m6Jrqo>x;=(`-4{XKqgID%W|wMro??{EF36s
zpzCk;9T<FFpom&o*nKUg`a3%YTh69AYvl}T+{l_(8Pmr5dW#w6!P_gWHMgn$ytFW!
zAgBwi<U5!6@?h4b0$OCYn$g5;cXfs-bT@KlskycNVDms~p8b3LXPWiJ3^mb9!)6e?
z%-Xw~T0Lj^J1G_qV;=|%)xXJ_S)=Am_XiM<1`4URUMjJY@9E~ViVIc(YKG<}ivdvQ
z4p3p}z6vn{+T20PvqJYR^=B5>tzC2P^Hr~_)~E-s@v(Z`tXj~SRt%Opo4Y87R<4(u
zQs`Z&iP?YoU}_kJwfJ9f!*b0^U(nAVj&1~s%-##~&Cuc|*4%|*pR*A$LrXeXM;2Y_
zPsmUmT6*$rsfjiDp;!W=1quZh3Qkgztep>c@%dxJRCt&sbm<4^*mdb(ucH<U2XcYV
zqPpE!(HEAj@;Yjvc%a<I)NGQ2*7V1!q!ecZYhknZ6Cp9>baR_gVAik5Ge<oUwE8d4
z_t}OcffBoO?H4TBtX|oK#yu=$m_tVvSoJH?JY{M)1@^8~e34=71bS-=>}%I{Xiyjj
z4lgtGY%AKiT}rn4uJV1m7B;NX)lt7|Bm!?yw+H9go6jU$)1PVM%ZRAf+UH*IKcgXQ
z<ct2{szoE#ZEM5c*3_bgd8{ta+OeMbQ&GbhRM}2B&&+x!Xvr@>?yZofs;2Zxg*aoa
z{g!_cYpQ0YZtUmxk3|A`OFxwgtvg=5ECEC)Ab{q_uP0k4H}&xm_NJNjnN&!-hD$+f
z+M7wT>k2eYIAj|Y8YSh6ZDZ}J&-Q!9LxCK#<o$dr>z!5p5aXKl*1IDTG<qQ0+^{vz
zI{$-feHvXg8$T*EgC91rKH2IYFq$3@RD!nDoV_iXUMr9?sJbuqN$p2DX5;o2X21D^
z&BcrJ{O@H0HEY23>I7E<Tq~?iJA8+r8R0-0Z8#ujS}k`@@TUa>%@xor>+w&^y^+RY
zmx!Q1OZ9uD6zjXs`zBCv=)p!+FIAeE!99vK{0l#piiZsA#XScl_q2(J;j_ePGiqP9
zRkt_Y=MomGC_R{G{jmRYZ_x3GY8D@?Fb_ATo2P!LFlQdjvVFqGL$HnOzfBPU>-7Vp
zJ*$i39LO}Qzss?zzV>w<j~HgJ@5-#^-*)hfE*=eA)!)zb#Y9!J>_^9NPW|8;PCTkv
z?GNALk1%S$@ILuL&M?m$O}5AM#EA;3|5{2mX9KXc{RA;48(_^oI@sr~hOPa_zE6C{
ztdAO_{!kFbH2vjj|1%b{CZF(+*Eozd%Utniu2uirbe}^^H<$nE#6x%d;m1R9Eo41)
za<i`sEsAv<)rMtSvrbj`{IwYU+y)`@`)B6+{4|}`GpUTvkfel);vv34mUN#e9;FTa
zSsrhmBr%^`JjQdArS85=#3&i`$x%6*Pfd|>d@zEPd;!kk>r*BF5RdCo{#`Sv%;%=Z
zc(A4Pqc2j|srLX@YHr$*ZZ3MJfY$`2-+iPJqL16N5<Vqe+T#m?LoTIV?HLZAOevY)
zo+%~l(9rk?+0x(yt$~w#@h@@~@184VdSE>S_aMO8G<zUxVsA8#GrgrZN<F0VRRxkC
zu;?L;zf~mN=eaCB9N~k?BtNp&!z$ssfL3P8&3I#lbfq^1JsjtQT1$_52BwD%oR0@P
zOC>z3o%ESMBDm5D8%#4hN-5@!_30cZWVPQdA|{P)6?}Oo$?&;H;=G}=WcuTd7<_t2
zs`lANBk0y6if%uJr3?IS(HLz|rOvc)nv_m;gE8>eB2p=hj6$EUN2PS1Uo_6Yh)MT)
z8(UYSfjn$%TGCq1;4|Y=Tc1*m@%4uEZ(lM(9C#Q*%B17n!L_ctROn9zfldMS?#gm`
zV^7J?J@lBt4^~N2eU@67k2+8K(r2l~1I40S0Uy~1s&O+1T{EbvE34o;E|mNeSdT{n
zm4ddEj`f51&V8k;{0?!IFX}I?_O+phXo|%0C^SH7?gdAD@g-8W-$Re^x=W>j{_?|U
z)55F`?|NBc^XNvHPZ@mHS{P9pJ(N}0xtiHISU_8@l#2MBL!`sLWFy8WUnMQ_XK3hw
zb~NQGsgfoSV<|MNHP#5dvgtrixjEGiV@>$HVHlTtIvJr5mbXhPCXa(F?0I(sQAAq@
zj6-XZHwz<V@aM0UTFdE9NMVFyflMss)LX{fY;HJGLDL_GAynNaHKAEqN(%3EgS5jN
znSm%Fi%N%M$qL6xC0<lwM5t&urnsp9VadNkiQcVf@o<J!A1C=f(TGI&%JGsPYZ;Lk
z-#bC7@NCOK=$>KQ)?_Jzmrjyof11${&aiNhWzw@DDaZ%cN(cN&MK!95v5tJ~Ez<e^
zXyL^>i4N^}!>!U>pH>a?+G&#E^My4-wP|p8AKxzBkpSz6!v&ZcMq(92u5GWMt(wlK
zm7stp^DWb{lJ1FT#6q?%>8ZP<Oul2LRPJS72IBVuF)d&Uc<vmjqd%OO&IjBrjq&9o
zN>8WW_e)vk+=W5@&An2RXDEgir>grAJ)<6ACm%HX0jW8K+9^$V&0OhVg3jRGA4vEu
zBOd0%=1J{*JWPN7d}zSkJ4RgNI~OLlf&oLHu{hza4PE8WKP0X2`x_x%^DywX0mftD
zn1T2Qg&6+uQmL<_en7Pld>kq<MLcPlG{osFz+pb-Q8+KJGxG5~Dk*}VJFb+nXuSfL
zzH%(88;c*8(y0DXsV$v(OloFsNlT{3wn(t4H>4c1Q}d>@vKHF`RC9b*QK;^%2`qz$
zmSan12@4kz)j)In8a?&au_LG6LK~7<4u9kcDLpZy7~il$8k884hNTx}6pkScOOVC+
zqNk)0iEo|%x=I?5=w@Jd1n*|qe9UU8w@-%SweA^dOyWDtOP)JR8k|&XCwpHMZ$+>F
z6H55<Lqws~i&%y!Knq`S6oJ6hl9G|<;J*XUOPOY!kxY#*LM3-@lX9r`1?g#fMKR@g
z6orLcQHn?-eItx<*o)FAf1q*IDU4L`AJ<4@6X2Lz_7DXIK6{-sA%PN^+rmd!B`;hr
zxv8fR6X#3npb>8Y5ELLN8<NRezARNGCT#F4Evcvft%vxEe@avQUWgeAMM}@(8*yZM
zy!1#QSLE<?Xbm*d@C-CE@HHuwYG0L#gjp2QOB<cf=H|L_$uw^*6jAf4w9aP`#d08j
z&*mksVL5!T8psh@cP_tYlXOu69CK1;C&A{8uS=IEa7gj&M3>+2=Gh~R2io|VF+aXp
znwprR&L`DNa}pekKpv8^Jf8VB_}bYV)MuDesK{(wkV-jCSeOp%Kn`_$K~tLkuD9T=
z-j$AdYifkeQ4bbU-54dA3bI)y@AckUV?=33q<u~r%K7_PZogxcmu)>u-w2&r`{|_+
zoyB2r3A@I5RJHvqyEa7a0SO*rx*bxV1lu@2^^q5ah}r18dgob+Ms|@$2k%z$DQ`Cd
z0DEJX-lb&oqr0SJk4q#J;-^1JXf6^8^BJGv+g+{*g0y^*Tk+i8i9HhuAp#NE6kqtS
zgbpGhghwK8;wfKBZkZTibqEKXowV?IdtjA5W3i}Snv+T}hD@qM_P6v9YyQxl7QDw^
zsYPOxaXxroLM4%q4*5u7_<Q@$mM{DuauTjJzz^Do0_2B7cC=&;`XQT?WuA+x{u%*Z
z>7kZXdk~8~>T8_#jeX$tmM@c9+AfY(9!*fpan~{u4)c=-F%bVd!Y}*gEX9O{3tX~B
z$#5oA@-+5I>3XF(o&Hw(%bR*wMdbmh1~2|zaw}_MoI+3a>y#}1;15zSUr)&5a%cmS
za`;b&Fe_hhocBDO@N$u`&hP&T!KE+5PN778aQuiDb3#ZY#Csh}c#KE{d*2S@`8&tG
zcv+A|c;(M<86LNY*vobVf7gE`w{|VaRQ~ZV((V4B5KIg@Aw81#)_CKu*oN+gi$v(>
z_EI?==p-f4L+?l-sxFpGY2F{s3KUc6AJP$Dqz;#72hH98geUaojo5m_NolA*GDIb?
zE=0Jz!>O~ZD;jp9)LcSv+k~5^&zdvB@q7`L=D(872KkJmQI7cY-o&@MQD(kJi9}<3
zmcqs*<O+|BATf_dT_H8)*u}oLj-aer=>(9|PDo*zts})j?AVMxJb_TMWfIKH4<)Ji
zSE&unPGPIO8Af&9DU~fr48-6cG-ZjEMO`%42?9gS*~LB?!m4{)F#p(#s1d%aCA%Vl
zkMgcT_Dtei<zJ;?LY`Qp4udk-=)||i-^gSM6HrC$x#VgX6rA5#Vsw5(&e>uN{$4Id
z>#>c6cxFCxO~$`Sx~1|;+a^SSuonN>_fO)#P{0X`qo`Fn_ehjk$cC}4DO6j?a%`^P
zqK9coAsbizwa2CVxw+_?S=X|Vj3PF)ysD{SjekAQO>2bdl_EB&d|%L|tNI%{jV>%^
zW7)$|sw?(~<X$FCt{i?tu_NaEb9PVM5s_ZR2GP!c$SE>geFuG2lHe7#?}ToyeDCE_
zhu1~t=H=hxyj04Dl}~)drS5-jYFvz!4a%cFWo#&$`wBf-<_nC4qf}qUZmRrxi_2o*
zIa$QL(h-d<XTvIc)w|S#&Q0yri0Cw^%PV%c)Pv7W9Sxh+-xm^9u%Vs5+U?R_@i(+u
zpj99csGWN4gmKr=$Os!oD}RtvD%gg9xgD=OcSki$t1H>$@?ZaO>4yFdU7WPmY*OVO
zr3`ZL@9J~Yc~v7i*cw)P@AcHPjjvUdiOi=?=7<^9(8MERou9m(cAZUNmxyjDe{h2<
zW%RkF#6vW<EgN6{!K*Iab$>$_qpWspLgkLvT)ON3hR!P<(HrfsGK~w%ok`w!ZgM?F
zs21hXW$j@(n|jl__K7(<#i85Er%bPKc#J<c4@0AI9bjS4t#aum{0*H~E20)1F|_<X
zl@8m<=Ojl-h)@zLr58J5hmY9W-XWfHZsN1+Lv%?eSnzW@+#a|5O%Jb5M27|Ww4E;b
z)N_;j^&y(y8RWx1bIGTjo7}I!h(juwI&{GtPJiz9x&7RIG+e}=hY0)~5VNigRNU2H
z3%3R{o&D56Z=MB?tAt8R37zT+{?!Lu{<F@_Uyl%qEQRz)2>kU!)EG+ecM2}E%C{eO
zdE9+&9!88%P-#m8I<Y|=RKtE<z`FnBcDnbRolqB{AraW_e>}Rm=ce;(Aan-XzWjyX
zT(%FKn;bC*>K$!pRTT5-bDB;?{rRBwLB%Q?UwO@Gm&g2b^FWN@RzBWVvC9{wQgJN7
z#i@PVQ+ac{?vC{>J~tP?&Owp}E*tCl2o3s4LEs)%V}Yp1;AxkxWYhN1ER`P_#V(W_
zWIWKtNAer5#cA5a?qu-w*Rh8kB2@Zxk?qIn`)^o`O0Q=Z(djYl-!^3|%D=jS^>Qg=
zfxb?{zp@I#8pg6hK6xyg?=X$UxpWho;gX8?3<qvNY39lCEZ-qO{b0)k#vKAwzAHt>
zUqREp6BUG?Q9Ky69Eo7{L{>?uliB;Wd@aUzPiDj1J|b;9*o|dSO&=wl51+y!4g%LW
z+F6L#Z)X2+M8+dLek<$hQmKJ%PH|w~R1nx2La;E<h7n+ew0j!Hf+=O8(8TU>dFcGl
z+gM-c0~v7NJJ{t;XC%5Ess9})-+gc=JKrTxd2j}+cL_Aqv6eiA2>kd=c9~0{^NVJ)
z!OjQjF)Qb=vF=BNx4fH;ak?VaQ$<OlJ*}UGn)Ld6SdEL&0wM7NgO}XLMz|mydMSGj
zY0&ZkN*aG*F7zU_hh&Q%yq~>iQ;BTq61!UA6c<t-fF8w*2U_to%csFxv2{h^!hs!q
z8lh%r0g4bdN&af+Wz`$dkVo>IP+tU<%D#f<`E=<5mcqBqXOmsY2CrJkEJt!U9Jo+W
zmGi>IY?%v-2Ci^wC!%E0u!J3Q;W3BSek(zMm(w2)LU`3X5Z?F@E9K)JW<`z=)aK_u
z!d`Pb8i4_#&~X9PEo0626U3%FR1s8d9%VZnDx@Qw!~=<rWUU0(!dcFgQm7`TG^6#8
zvUZg56iOHK{ulA(<7}=y;Ycjd&aRW(xt#TL`N#RTC)f}vNhl=BTR+Lhd%qu9$$B_)
z5!h?A@}E*6Kk*dsHZN2;b-Q|U&(my*1H!$jYL`wPf0pIgIwj~di@L30t*P-@rU_Uc
zz4;8=Y>QL*>}T0+jyRQ{dX6Du62m~q-9c1P+Vk}<ux=jy*o*8==XZ=xTFd5nzfZ4Y
zH#_}eF(?sF7^-Mr9ZTa|*RusKA|5#3M)2huy!pj=bBjIi;Bf^T5fv4u2t!wGWV!t4
zKUsel8%1v)%Yl8-Ma1BH?1u<lMkobz*BIe|wn%w=(W@-QC5Z<H`y_=FT#Ibz_D!(U
zHa}pSHr>RYaOn(~w_qh+JJ7Rlvex|1*V#-5i3bl?`A81r4i_GUwc%YuDSvE>XPNO>
zpqB$1_7<Dv=qS#=dYf%>`xt={bntB$+I{b_f{pL7R~<NtVbyjW$FB1%+{%jinfKWZ
zE;1Up(noS2zj5KQfChLT74Lx6m2f$UuiwT{XcDW4+vJEqav-mDK}MjL%}2ahpi6hM
zVj4PH#%0)BteqKL7Nq<MN=Naap$T2|F*{(h!4>iqejkoLUpbR9c=!|6i8(Z}K!4C=
zk$AYkAN-81aOB}ZQ8ybdo;vW0cO$QL=nZ?^&Jzd%JfENX7hIe`MsW{~%bV>|#?q-u
zkl*no>tYLxhWNTYNOpzg;&<_0rn&U-fI*{YC`GhrmeO?Teyr=VeXi!Bco|phARq27
z=kXq2u~erQyh=n=sk-nx8`uDcYnXp@04bzB3RFdOJQpb9@vm8}hhF;)TkN3W2~@j0
zb<KC|Mi&$d46&<FN55wWT~Hj0ioz5Dge$)vF)HC%qbMfKIqV*GQIrhYId!W1Bk&5g
zbXA3A`9&&z|53KhMQGx<buZ~t35a~kl(2+nzF}SoYw066UKg)Wno|8S){<H@I;U||
z)%npzoE^3VoZAt*k~R82u60Ba7IqP3EZVyow;aJfShC-LaS#1yEXJ!(ctehfLPPQI
zIDTt>V+ud=E9>A)43~I?zr&^2v&4!0*dJ`DBhNmuQJ|{e#V4_%_87ESATEklo$0T?
zSPQ=JFZh245yvSd3ROj?aY{MN3_kk|8|mP&A-mYMsaH<RS2_52ln-ZeZx=5%p?yjH
zx-2_8JQ|O~cMBK+mc{2K$-Ug32H)94zR2l`ZP=ZvkD;u-Hx(}-E>6Ww=kOGHl#3Pq
zUtl?~uDR;M35g47KB$@OIN~U_UI(Xa)zDmawqq2pj=I?}0xXk8w!(iyX24kIwv;b-
z49wsMTFE`U-(_j?Qb#Pd(M7cD7pa)<PnTD@Fau{NV0j$3&Z}*hik&mihKZZ#E_4K?
zAHE`6p6z0zf&R`VbIZ4Jb98a8{IrV@+7g%2WFrdl<vVQ6sG&H0vP5Z1KNZQv{6K;H
zl}m5HIK^!=)fdR6JhfQ9)j?oS)zHk4)Q+z!k)60fMPc$nr=0dgne4=jD)!a@8%BVY
zQ>#ii<&l?RQC3vQc-@E{q9WSvfT)(z&R_v5TFV1m35M7!qUtukjqL0d6*q@H?E7T9
z<VMTeW3YMcWGA{&5kn72U^%dR99F2tsdhDvQ%6V@cBe*TfocIO<!w64_c}_zCHRIe
z@=2G#zzmo4$3eU+B!BF{aO&zdi~uX(`y=uY7a^veDAiq~dh<urJtBc1AW)ms(07<7
zJI8^FBN!*5g5AvxT(DiN%g$k_sz#v7MsOe&I)bp5`#N>MnfsIyzPP)$fQY|?J>}0`
zDiIsuy10@Dt7OxG;jXR&{q>zvLhCY=W_))w%+J;YZs+>g#XeejSV^Y?V<m-lo(B&)
z>OA=_mqZPO{vQd??c;7FRl|Ethx4IdMI3*D+`{dqBkZ+BKA594=M5LisLc!IBMiS#
zEP3yKavAU6S6<`jA3^xZe%RQ;3#dpbXZ@^nqu`}-Ivu|RE4}t&`9p^>g7F%f^RuE0
zY&MO&6sO^?0p4hFMP*+KXVRkIQ6=A5t|amM2Fl$WzIX(HB4xIX<Hu`c=V(z8qIY$!
zo<%2q`DOCOjx1db#1aUaT&c9=`v%KbxL6H~hb!cK+WD7)Lve`QgipFccG4<U*RkCa
z*v2d6bbe}xc;7B&XoLb?gcj_p<XKn2z1i!5Yo6{j2(Ez#hsn1)gEsJz;c9t|`=Rka
zhs%9jY8}<}zlO^Nr0qb!w__#Z)S3};N6NS#aYDzZ@L4xPZbwBU<!c4|7@iUs^ipzC
zTmI5W*@=8(p$HF+mK~29!xc*<9lcI2p;_0-DSY#_a$8$&3~yt8y3Sqn7_LVuY4Htm
z2_HH}?&=VPLww;4f*=ys;&`N3WT%u*jFnUQsT<{F7aoPf7kTKd<K#kKH4Zl6(2E;O
z@v5J%x=C&)CD}aq&hav?*zDh0ptY^7iE?W`d!k(Ic8lZHwYXd6TPDdlE=+e}w6<1G
z-B>GUxGeA(POzw-BIi=d967l3n4CtlZkCg1_!Rlyw#W$YezP2Q#7Fp)TjT=o_mW%X
zeD8PNR2g}m7#7~qZ<q?#SUgQG^RRtxgL$~zR@^S*ShOkQSSjRqIF;^%MvCv06_2Rx
zbh(xHyZa27q|G`SGQ*v7`J$OJb2uP;C^u(!$>zxPVlGXD((aP8H_nlpISk+i?()Wo
za{S%$FqcrL(A{!tnsqPM^o@Ju_Ac14!8~}M9Cd`C_8*}o_sA7|(p;E?t$X-AQNF;V
z@-qI%{c^++rSi~&@+02wZS&-8mm1zesJX`iIm8PVV1aF2sC?u?xu^I0sYP<!`@Mg$
z+}-<K^pK3&gV2|1;2Cx<pJ95_$J2`(`?WSLe^@?g>lE&=&;i}FRBp;QKO$#3vp~@_
z*FhX#DxYy^#j9)a*qZ=qLIan<X=E?+Y$m3{W^C-4H7u2e&X6<tjgP{U*<*>t#8@cw
zI65wSO#aJZD6SXnF2^2+@Yf%glU(6=+-tx3<_*hb)rE<>Ch<O;j;)Ye@!l)EMT+rJ
zPl~`nOc_49tNk#X-gpYG;?PR$a$9#A53iCdTq5z*%g&MNo<;~h>uI^vMMNROOP(_L
zN2?*iVXNXO^$?jz4`qecuSMSu&tj)JBrycfASvS0o`WqqF!xz_5gmVCP9^9n$lrZl
z&U3MGM_Ms$c@ZYn>_uOiC^CRmd%_5U^rj{J_i7mhn>Fy&Pppymxl@|CRz@}{=8f|p
zDl(}Os;*~EdD%<iNVgF%JY*G>G@}kOUS5x#>A>+99s<r=Z4eIJCXG6`<NU^#<t#^Q
zaX!bA2fFB3pbdJ6m*B}%{R+5AuXt`I&bw@sN4s=!`{vxfWN$(<Uj^Y7F1L1(`q{{j
zUXxSk{!R#>hkpq_a)8T4WW&0TMU*pP1ALsFe06$NZb^$?lULiO6gOzlX1N%Tx|`Cv
zO<+H66Kupr;b`(ueEaJ-2yI2_Jnc;!UheOj&GI<!_vS6wa`xnLNWstJfi`u03%=!K
zy^P#PXaymwix~Mf5FOw4oQ}@bcVyY))Z^U*{DSv9XQcC?@561|E&zvBmhFB&kh5s^
z2XdnW4Li^cTLE3XRX*-O@y^xuvmXNb<cIRl4ip!>0{Y1|K<l>2N9`FIeARZji8Fr`
zbxU^QP}sHu^RhL9lD-XLA7h`o^u;^jfb7ZP6<vGr&YL#xf}#C-2LH9YPflC<DNe)s
zU2>yCWCSX0qP$NLBR6~^7uk$ZpOZer884XP_n^<^^KGW$$!M8PKj~jsoci6aN73;f
zq1<^OUK&(Vsi76t{j{Q_(Znz1eCqLq{EZN&qj=_$1=E#Oe#w_|q03i;0g9Iki}$!z
ztfMGqgDA9DPNfUJadt}@9Y26qPbGWhUxg0z5FYd%fGthjhw*gVhedP1h66smAK+{E
z!%5oUaM%HtHo!O^_)0!yPcTd`9YE&T&>$z%ng;o_L#lBwu5^ZnYd0LfBHP5f?^Jr@
zYdK}(*K)bb)Zp#D!J62-kW2oU{m{2b{F-m&GzX8r>nZy&OTZR=hXd2*j{E((@8K+*
z4_st^k7X}9gux#9L6#h$xXfs8Kf<PcKVo>o!_dTy*h>w#%HsWhbgfuNF)i1eaw3CI
zI_w?>Ixhb5?FZ4+^@yBG*hE3v{0o?D{z?AQUWrH?{vNLya{0z1hya{%=zQl<>}Kb~
zAbjLe&2b1TIPQ9HR2;BnkojfvUX60lwtgKauXsU8jXy&{6MvRZ*bJf(TKJ2c%V+;b
zPH}V-<qLjs{j`n@LlY@l5$!sGKcKNEH~m3OZso7=gEi@hI)a(-3=Jpb7QF8XOw3kq
zln?w>Mlnb%J&J*??R1Ur`%Mmc__ROdN4?+c|CFzHhKO^!L<~{9*rk_F$<2AszvPw<
zoyu!YAyu*Yt9;FAxy1Xu^9+t&don8O(URiqEFEbJbSILpYnb93sXG3`$$n{@OErqp
z%5i)jKZ5zRN)nN;fE~USj&DzIye@67C>!i4Ac<*X=ULP#3H#xgqLe#x!)fj!W;Fq#
zcM}C+rkHdrOb4rQ6^K{5O=wp#9;iN&thja*Lm@}tf~knY_ogUWF0Ux;$V<PP(eb9}
zRM}K<4htPeyNj)FhS2_jW=a>gTMVI&-L0k@&ZllIlorl1EuM>Mz1U32p^pu@B?rO@
zUiFxUBnmw$`NWnAiVF64ku|nbMmrjfQC%ygE$@}47!Fno@fqn#j{AW!Nrp1Pk&e6z
z&ryaWa&4RCO$4PA7d9drdbjy&Dxa34)Vd!rel%AJx*r;iDphiLe!i0ALgF@r8VZyY
ze^0>TN|D&vuvrDl`wmy#p?soHNqO$3LdETG@Y*6z7OsTx(TS&*C{D1e<CQ4{Ryefr
zh$DSvnUe0z2!9e*DN>~@j+`sz!qh-#8zwTR0^Xz2Qyc!;V0LSzlgmrzFSo%YY?Fx_
z;??;52$YXlaAJ#Zakh3E)pWosr>5<c-8LEOH!j)A_E_(v_KM^%!`s&89TewG)$wNu
z7j{%|4<MEbuUyA<@;_pHerLrA@N`|{Pj*pyxMXpDuq!a)*wT^1m5P1UEv%ICyfBus
zSwxHKQ7zD0fRVzM^AQo{zY_JlQ^{!}aCj#(NmcfPnfTE7AWa#?Qp5-1)yqWk!*K~$
z?1IF_67IKhdCTrfD@J3hlpLEDmGU9}C0Z80si$&UqN1K2R&%i&S8PR$F22x3pkOx4
zzo=?P&zz^k=s=Z%n~F!3!lk#cre?4tNFAybl#|X=9)Zd+E+o{K*!N-_7iK3Vdb797
z4N6XM%b}`^l=f6|RLMm$ue>GElm|UJEih8t(zNE^_EmZ?8aKd2pr%}7Upeu?7c1F}
zN-y>h8fsMHE{fwWD%IA7fvT3xr33$Bpb}-2dAUPugtS2S#C1pQV!0{ZIz%brvo6C7
zsOe>n;tf2V3ttXqLh(je<JCiy!}cl|xZ4R`rCi~N!P#-0h*0et0B#Lau5@}tk#dhv
z&Pdd%)|HD@zSgd4+tu#DBb91KpN@5<VVUbjD}xw~zQH9|wZI4wWI8W6QM@nYBd%8z
zM$+{z1q|SSDROAwSfw35aD(z6iOkV1>zGDh-II43r<5|<G|}x1lNfIE_lo+t6rZTH
z!~H2%<m>Uuml9nv-lNq5!~Tc1nD`{6)LuQp>J{3LQTgmi$|6j7q}vPDlbA4}yq~-D
zW(a6`3If*D3IRv|;f@hc%2(d3T;Qk_c7ppoRPr}YRgOw@_suRpT?-5nfoVtDIZbKL
zM@>^2Y>P8s7w1#iUU<Jzw_~f&Al2=Gr>Ipnf==G)8QaD?mH844o@Gl`LwG<sa)#J(
z=gsgS8n2xt6y4%J7XnjQGDqnv78b=)jquT#H@`=b7~ML@rHSB)7r->?0P5c(?o)zd
zE_h|71umdn2Ur1Le7|x~qLqE^p{XH60oMp4ui(~$N>4_YFLD{-etya#cuHe|QoyKj
zz6*wd0E|E85M1F0P+^_vh=3UkP1N@Jtq&{xT!he<9fskCpczdkCC2ke*(=f2kGot^
zYfpPr>CfoD%RGoifatvLacmlU3RuQ|bi5HGZMj1EQKEY`x>LYLAMBL1JFisA89lSw
zMPLCh_ihB5Q>UjDl`gHrqVHd&Y?Wx>DvwNa$T%(z3K><s;KH$-1I0B#5q<a^hCKE;
z<qL^^d)6Hw{#tAJ3rc5O5n-&}qBTl;_e0~G*C}Cp)L|5rFL&OdwuER#gZ}Ao595LA
z#ZHm`>X(&YC2I4si@@8`0e+>wm|AR93VHoMm3JZgNk?`#qVcCTVztB~gt5cFeN`!8
z6nfJ|M>SshI#!<K*Ik|{c3ec_A*x@!Pv*1UR6drd&%16XRin}GDxHYGjrf0HJq&x-
z7A41-1eSKV6SJYjt}z+_j4eB+adf)gp~6lcW7p3K_487m^?_33A~e*h?LVhN**k+;
zZ9|%I`w*-~Ra-fY|M;PDg+$rA+@WHbhdMRt+qWy77)|}uL%<O^)$MOTQX-6cZFdn^
zW~Ya!U^nB#cPV)=f{#3`*NspVM~wQp(t-c?Q?UoS?{i78(4+kVbTit%8>@ZQZgFP3
zwa1+(R=f5K;TH#g;Xv@>n*iy_3;r$K+3wFBUJ-b8hZjdNyDg*QgDwJwFv_l96YAH^
z>G1|7O5+#68mk)MKj@jSJUZ<xx*(-~qjcpf4=TS%H2zOlG%nifzEN<&h2@V#@IvD|
zVfNz=yBwn8b%FSECsF(k(wRd_$aQvyl+6+q9`fjPmyUz3qr**&@=uN^%^6+$vnx#1
zMa??GI~^A*zyFvEMr|J8QH+NF?m=|IsET;rf1NNu#es!$(*DyY)Soly^sl&`J#ZLP
ze(_i3Wr-SoaR-9GQ$F9O<DlDzBjXzvf#9pZ&me=c{!-cqU*C=D2g+gRb9PEnOa70O
zN?f>LHG(?%5W70fQM(Q?gf+Nei3TngVU4Is6Kc{y-sOz&tAphv+lnK2pj9g;b)@E3
zBQ*PpCFS$wQWBR4H9?2Kh;k61%c5itqVpw5NeEtUO>!X7P;~Cv<Rr8vXvt_PXsKvT
z(VC$(M{9xB60H?l5G@TY9W4Vb6D<oZ8!ZPd7cCDhAFTkb5UmKU7_9`Y6s-)c9IXPa
z60J2_8??4)?a<nzbwKNg)(NdMS{JmgXd$#PS_DmuT}6wbX=rgY9nC=NhSnXe2Va}q
IbH*G02WswQFaQ7m

delta 18241
zcmZ`>33wGn@_*AaIY@w9<i1J5nUHtQ%o`2~atlHLFGS=}6cHgH>WT{lZ$%;cR!X@M
zQBf3h78(TsS6Ock1usBg-BnS6pzG=?!vELP^YX_3xA=X{_flP5-CbQ>UG?i8kKFUK
zvhMz$mGb(5{VuLo+W53&MNxeCFIoIkBmT)0|0KRteyvLW8&oaX4CqGC@U^3W&T{Q%
z)N2)op6Jjms?}L}^s}r?dtgEyi?;{`eEFnY%ZluKlkSr(97&<Dugsy7-(bmh&sKe9
zBS&1wSaW}>M|{Y#A8DQDVF(B4_d>|r)waEdEgZI+(=PY28Fqc9cbs7>s$>^Md$!87
zzsox3X{rb8AG4qKG}TRdv6$u9Tk_I9Y=+<7mml)58Nq1p;v8q*deJd2XV@++8SEvP
z_Kec$-lmp)y!=AR;i$w6`m&<Et8(n272kLonwH(Gs=udUBw#P-xKnbZ3hhTsUk=tP
zTG}PYp58fAvN|FomM@b6cd=}Hb=L+@SC)=d5%lQXZppS)Q|1wGnKZ4G720!Zlj1E*
zzu#9x4W%qEIy{(Uzv%bJdole%UwX7$&$7=13*v%Izh#%|uCl~v%s{}`K02a*PPCzW
zTC{X*y8WoR&(lS~^mTTtbD|3dXW1`US9^L1SiTCUdPT4F=$r}Z_RyXIPwQaN*F{v@
zD|$WbX%!6nN<nUKUr{$(8nUo3GZcsp?_V9=I62eK?>F2t=upU>F`!<`m7GR&#(+Gk
zdqHVqpBi|*x5l!^4UT%+h67;DvfB<F=p~x=)x%saM+;#K%RFLaj-5Fo?2)Di?cpQc
zWp?=VurDJz{_=LwH`}I1&kZc4#-%L9{{E6u*(gCw!=TrDvr=Jx(fSVyqZ|7tNv?*=
z4tqo!LHn{RF7^^4_WIGa9)cO5)pab-K6B;olIo1W4EgeC(JI(N>Dc$Ybi-FF>FMJJ
zc&2Jb>~Rx@co-uAUs-g*gd%F*q$G(YjSg#77;U(=EP8bCsA%)feCPM6ai)Fznvl0$
z$d?^$nw)3%o;1L-XqMkzIC+HZ&>5f=^yLV?=wkyiqHpD4uw2QG*4_Adi~liU>6zr;
zqGa3Mr_PR#HR2DD{|PnEJ}|9gTwuf>f`8k$OwF}RW|(q7!U!UMBl^<K<@UUpT_m&E
zb`gKXS1h(&pIeLV{j)rqKN1Mo+i$%$KA}h;>?@A$yfvRzZdH=(>3`BaeFhBd#hshs
z&EA{+h^NnhMd?qf*|hg*H6?oWoJ9M<Klk%A3kG}@PP1s;ycGM~+-6UAaMNAlb!GGC
zc-uv=k^S3Qsr}Yn-92sKs4E<L^whmc(ND9oXk}-m&>nwJm8Wqi1cgtC=G*J;yU|Ow
z;LKNVP%G>UAGAC&!$Dt1L9e9xH<Uzs<AUpDBS)w3)@2JvdAUtrC4?75$3N00dLlo|
z-m=Ku55m?X;b`f?V%qsS1a*4Ut3W+~8I@1bO6~jp(#<0e8>qseNBxVF=)?j=PANM6
zp4N8R;(X8ebpwWedW%|Uk9+({j|3y=YcJ?kc3??wFJ1R_7W59$lI2NsW~7oCeZeXe
zf}^XJ=R{X6O``fy%BX0+?)hF~^znxb`<-ROr6flQhH00txW=Ou!?GV<rFl5aAZ>h4
zX=lH<+8wde&J5do*SK3o5=^`GTF)sF!Lf1WGwVE(BYL#Y^SN~BR*d%5)`fQcbMBsY
z+DA;ga(y7a*&<fhzIsEUZ10%6Wyn)zwVh)xf9ZM85G~6dVSCP9%O9{`+B7(>V9Rg%
z@}oz$7TM)nM#hI^1;WuUwsweqHnGOu^J<Q_!mv+n3(3)loo)p~@FdOKiWW~$lI{AP
zZm=M$bYE`t^<4$_mcO}cCnjXU!|&KtDUNzN+*c`#Ua+eqy4@Z{H}q5T?F)9@8DCDz
zvFZ_T=iC4M`^5OPEJPi{-}V@&1#_;9j(EE)TKcZDL!w(2!RLO`n)WWyGVIcK+sGLR
zYqi4BVQ&{l+dmqPF{Ikd-uLWLD{S~OsQi1@&VGLP)VSU)9oynV%cDCOXTD%8vK#jg
z^5_U&ec#77cnM*<?`Ix2WSKaR4k6mnGwm@4-Dt;A860~Koo#0M_T0n!J&G_bU$H}v
z?m3!l&pi_M3<JKrU3C7Jx%U2JUNuL;_Pj5Lct#O1sJ=Z0d+J|aT}CXb>&q&lX}@Pi
zn~qdO{r^g)<|Ek3JHI~dQMnbcUp;=alqQVMvcl5nloL78K?iH?#_zxMvK#i)lV3>!
zv~KwQ(bcC*#Bum&L1DD%Kgm)5=`?#=^M@^Mz!J3ShcPV!20^Ez{aI1;(6r3xn1e;p
zvj4V?ru~#eLlo@bBL@p&1pClWL%niLJMi;j4<Qh;_x|FZPOw13AJC~=70ZoI%1pEC
ze|y}^8nI8Gao5;k4f<(k6)UhWKKGDh!{iM=jJ^;D4EYt<@4;zV(SZqt9DlfHv}~z!
zLscRk;lT*MO;g;R>+pp9d}*T6!^0B_QA0<T&woi$awHjcVfaIauYit$#%o(CH69&>
zB2+qr74UhfN|J{h_VYz;l;a-3;Sisnro{b_;ScM4Plob~m&f9Jvy`~y8h$;%FU(Qm
zTMd*jj_vXSC7W-`RoZzPBQ7s3P)eg#O^sM!`rx#h8vVgPnm?GYxcP-MXWgRp!&n|Y
zalhg)^6Lwgw>@%<0FCIv%J>z<%5^Qf&+r>2H4bMT`N=XRzSlsu1i6roRw}7{QiXE4
zM-m)#Lp|#ztd1vCDWj!+9DSN$oJ{+=D5d=Vj><>gHYV-qqIBjDcUD|~DEY-XI-*9Y
z;BBfE_aJp<6AAL+HA+0zH2je;|E^Z4lQNyg$O6i!ER4pZ14@5c;cN<vio;4b>G)R+
zE~Lh=(vb?9lu`VSkg~%g0pV08?fX^D=2z;<G|zCY2;XNYz2h?rARWk9tZ40ct);vf
z7ZLE|Bn3U2#`aW_g!2_~DHWSa3Z1J`llT=qlz3!n1pE<xK`%v#n^YhWrj2z<C*IIo
zx!BVmf}~uk>!sxJqkWX^@u3BRL8`xmRr2@xDxM7$2!<DTV-?&#K#4~LMj(g?!;$h>
zBTJ?-g(dN(fyx!0?t>OTJy?0l(?LjIe6iAj3VPt!MD$AA2P*BTF;PpT(u<YE=mV{$
z{y!35K2(|F6=3r8Vao8hkp;pb+EdFq@P#A18#fR(_@0rmMHWjM2qVIzeIu0uI(nIs
z#1~$wxE@&;ML_pcgP(Pz>nfBqu3Vvv_H?R;=-d_3C<#VcNOfbBPBf@WnJRxBs!|NT
z@k+(@Xijgs4g=bord32+zn0FsU!|0{9Kc2Zp-@LrSxHBeSt4&5r^I79)P^@tRH{5v
zH2u8WB&FP=S!|P40anOwzFsNu4Aj)A`39vu-!@sPmE6Mh1xy&TaD9DlRLXe%jY?}z
zlL%x_RVuuc5N#d9@|`^BfenRx)lJF)S?x?LqT{ITQ>L|}Y`>DupPH^5m0dZtR=`&!
zYO|^CRwaw`nMyy8Xe&%jSFvDpsg=nG%~EdiHWX2#({SThSP}v&kJAlUk<GU&kHr-b
z^oRJ0JCt~sWCZ;>KRZY15f>RmhFrLKu98dV=41Qx(51_7YV^ANU?9X7->FRUhz?j>
zyGN;(!xs7rA{)*Z`kRprwIG&`o}5-lD<4u?Q~Lc%BGumub6Rn)@_Brw!C;urzhBAr
zhz%Ni<%3EmFArSz0`Eo(h5|fup?AXsLnhy`$h-8xkj0NbqO9=9!J*I;1yAcl4AKng
zVN5)i1hB+EdQ2Il#OXnJP{2pUye}!2DJd=dA^zm!aFKDwFruV$g*emBJ)sO!vRW9C
z|Dlfwx6GPM<@;ew^Oh==9ytbIzf93R1e1TeTp8gJj6E1FFDd5NtW>V_kS%0F0BiUc
ztKe)~#ufDQ>L-<p<9tZdvIWwT!<Vd4`grI;7>~eH_}QnFAs%`N=m4-3e*M!*PY*fl
zt8%fCG`e*i&c$z@QO0`u)q!W^MFEY__)Vx?uud88X>B;bOMCi!GwN!dS1$3?nSfO$
z46fiC)+<vz<Os;)hgI;wFaCinrVa3df4l+HZqa_okKhnk1@Hcn(mOsX7{{G2E4@5?
zL0_Rj4vOfub#S8%Zz)BT{xoY9tsk4tYyYaGcvwTeB7q%n%;$2C$S~izS()S^=)Bt&
z_`a4U2pPQT6=i})l1M&~eDmzBu#EVaMIwy6yO=N7<~6O5MaR~uB}l7N>DrYTC3IOt
zhevA_{JQN*dAuV;KTSK7`EiM1V4Wg6=KAa2j*vD~IN33^N?-xn_&&>}hBsIWEq_Bv
zr?j1L%#9n7=p#q|pk;Jnk?<fHrlvQsRR_PRO!RadCgmlyi0|D6MZ{a^(5*;f`Ixt`
zz%BX+8?=h6xwP{gC4(P*TbbdhGWnJ7!dm0J5sqZjV^?8|=X`*D*21Ct`4zii$Z4?+
zhU{B-nkdpj{@Nbzymhg6_a23UL;IlMmVxSGWs%GAjURefRuA*^{mM-qK7f=+xAOVw
z1Ah=}Kr_g~c)=&iH6Csg(2dBa__9x7gYn+PGJ{^s)zAMh3IUC-UZ!R7+YaIwZs9ll
za3si$3i$p*-i>Ss4>kV>Y}kHZC<8tG@U+N_vP3$Q#5W%Cs?!MZ#AAOTg!xtf@Ol?R
zz*8^%mu2zyzQib6)NB~M^}oEUYl!Ljt1!K$ue{SUA{f^4bBJ`KFT+;1zoHa9)&OIA
z<r~;m=_v*A&IYYDtz=3P&HYB%8t=j47aqq#wh(Y+KlH74Q=0)~iB2}~!*^aEX9juQ
z2^dL>%8*VX%*{}W_?suaD{6*$WwUqtn>w7Ki0UbGJN|ib4K|j4tCmH(PAg~Q;tWJR
zeJT{7Vm~Sg{QDoUyW^E2ghOQ|pY?BLx`!SCCh3IQZT{nReMo65WJtaAXE?H!*&>KY
z|F7~$TmbUhY$y1o3n@0Xg_UX+CH&?YTO{af=fu73&v+eOBqXBH0^0jKY+%9f%2l3@
z!o2w`%sSq)2q^QZu|`eV^Z=Xa8G!*ct{MV0W-@lUhYtTGqQHFqu*y6RECLrzr-N!G
zPf1`1kzzX%pnoMH52@r&B{GkSEI;@~d`H-L*|hOzXn*c8t(<CFv2@z85`XSUW+z*Y
zP6S5j*x9$-JZUCn98*fDG#`$;VVIgoWnXE@H0GF6O#`PWZE5_KEQwYe!>{V^5WF0j
zsU%X}L?xN-NMVgF<3f4?l<g}mpO>bxi{c8gLVRXx<~bXY^y8N4XGCNjK7dURe+eT)
zw;9ybmSxC+{(cq9B!pdwH2beg8tr`v-Og*v9*uXV`#Q<sZ2S<l9q*sUX2&%IC@Y^<
z-2sh$neNr7W%_bO_{B$MvO!8tOrci9*A|MnZNhceO`SB30<WXtJ6SBxGX;x(+m6M}
zR7ZZ)j#fX2(I40aT{}~#9j9i}+8lN!W(vALz@N)y@$f<S2l+2~>_T^>-U~Ons(@Wt
zwYpUT27>?0_4voRuoM6Iea=w9-*VkX{{eqRW{S&iosZw3nT6~IR-HnJ3t6rl8RW<d
zwp%J5NOcADI*)*`5v|Y6rgcSZbZv)Bm$~<Om~mFL!f-_}Htv?2X+$j>MSK3ll2!Ia
zm=+d$`j^*l)7jJ4Q)!8ZZiK0K3A?@O<Q-)Yg#Y@Vr>ody8vRhhu4HL{rD3HWG4hUU
zRu$h|=1B2f^uNWJvCA4NDuX)r#n>-C54#be$IIB1s_NHWxx@cAqt$}IQSWlB>-{nQ
z5$EBLp>MPw?Chow$lpFb9ZO<vw^Vfc#O?Od^N6tm^mThSt>U*B<K^dLH0ZVpHoc<m
zH&^25|H&xeG)k_7#EQgnpYz|C^D&yyz|VzbSF+J;&m?LKWX!d;7*f{2j!&XhUb=+E
zZm!t>vMYSTd4vaby0inku_EJDm+_kOFoyi}j}B}q%h^ix9X%tEfY{86?oI9GG_F67
zfUutcdF4}aCpNl5>sukYZ#W;fP5{43i3{$nb6oBl&%><;DA<`zVW-#7iq0%o`ZB<B
zEnpZO=#16Bwm${Bc*ZWFtlKM|d8e}+&5ZNN_o7&|*w03$1jEj)KRf*aP3!9Eu?4uI
z4P9ZLukUpw-*O(wIAtYpMfKI#Cr|Hp`EUE*{J?z(xKBBqsAi+927T;u-+mtM7VwAe
ztYKHN+mF)Gn)v)B*7IkkAEUY5ykv_2<&@HE-JtsikGXx!J5L`WlYr6`(IvI8&pVIP
zhFXs(3E0eI+22#W-$R!OOk>48-@DT9IgfO>t;_(-uICAA40r@cP-Ir8AAfNLJa8TX
zUOa@x1fk=F=iDX_o~KE~PoD(YjaARa7#}(xV+%YoJA}plETxMyqleGK|3|<CkRwL3
zt#c3AsOfx-B8zW_dbfnx=oH`IdP(MgQ#n)eqf--$c)iZrbxDrknlIq@g&Zh=k|wYm
zN*~W!(b|bDo0``l{MZ`-jMF-zbruz$$_7DSH;Emf!4-<6g?&8)Zea2i6WJIg(GhI$
zbJws%E`#MOp`KHK7i^fsDkKfL`XC2GpwylSKB_0PV!D4e%jVs$XSca5Az#qLvgZZ>
zKPM-%0kVgn&bv=xy31<%deVAJ%j1h~WXoNe2+ahIKue{Xf1>|}n^?B2#o^tNPR#@e
z^3*iML(ZT>A^zQTL>A7hfX^FrVmhm$?`E)e&e&-8E@;KSLP>w@@q~7?a~AT-DKh|7
zpPRwHkrE>O#7tHzC4~LH?gGuA4Ru;7A36(hqaztP>hKmifu2DNZe{thi|zwer;C(m
zLrFUI>Z6r792^{_a+KjP-*_8BCZ|K-m}mdQE^!4%d|emc4k&icY}Qwjbic2Ugih{Y
z&$^_buUe4ki#wq1SLUz_q$uQszt3f(TqeWUmCns&74+Jl)nxi~9g?2qvoZVa^H>`F
zy^;OmOhu32@*9XtXMSov>n`OOeqMVQyI0BqlnLZiKraXGW@BAi*w?{<T`s<t^^+u|
zKNrOy7ry;Iw!$Tcd_x^FuonK{18j{;)_sFOZcq6SvvNAsq$cn=3)oDz()9Hcl^m6>
z{lQ}na7Z66WRJ^1MgqK{iM3(QEFvM)3s~maN7-Mb6u_7R97yK+zkuYZI%0BVG289d
zTfTt~Hgkd)mn3Y}YC$59viT=ZK(CH;E9C3s;5C7zY_Jq%>AZ0nyG%*IRzZ?~a5+rF
z{XJwQ>lyp~&?@$zBSZIFzK8?Rbbpe~kktXcaSfX<s{<jQU%btr_tpUK=>9N_>6;5-
zM}T{>$^R7VLWkC}55;KofbI(lR=)dbcAeYW#3JI^Mh>;T6e;?oXR(r!*Ye@zMoY!s
zb!@n-z~(iaryKl&=P@3K85d~XByIP4cm`)WLEiO6b~N@oeIt9p<+Xfu)a^yqn`<v)
z6b^5QPq*1zS&vKNz7C4ib`yIpR{h#$*5p>3zEJ{AGHKQGY8&#u!ZP{uTiDBPt>qgU
zdytVzW49qU+xTisGGL=CS}Hjz-;?6Qyk<Mw8vA`>2YXTq3!A<H5>Hw%UdxNFT9CpI
zz3!Ttj(~OSA1kTnn}FRnzrnW1<_N;;1hT}NcCiIgy3WhqVo8qS>9_?j91v^JJFauk
zbrb6YT#G=;<KMrF<jqm9Zuu?{4=hXq5|zMbzt66b6~Ia^jaSgsdsq?gwVSPVYeT+?
z&Z`Ql`;fJ#hxf4(K722G)2-Eg7df>YwQ|qt06)4r&=x&$09khW0o>m7*aSP8a~HOM
z`a4SA;*VL4q|dt+iQ<p5TsqzUF)R%Yu5(6gSTGU?BZHu+a`Glm`NZ{Bco&BK(speQ
zO`8GG<nRu)6=kKX`PBRb<TcOI(xPQ+H5z-X)`=$G4EHl`iI@J_Os$COXK5O^66mJS
z*hHsOpdJPE`)$a3n?GX(u};$tLLZKmnf#SQ$oZV#k<DMk%mN;uh`QdV71A0To9F#$
zva7`CsZ9y=@_kwvee^7n;H;x;lWfXAI2yA?+yzDi#76xWY8lix4%cr@Uowra`Ue{+
z)eMjzEM86UcK>A8J03u{0(}0zm@3Tx9->a5Y*fDlr&ZmjxVwAr>)7tZqpF~T%#Az_
z0K=IiQs+(*e%t%4>rxEA$xFXy#~lVkxC_Bx@_{GeW<(<csDGuv;3~-9jM2S+igj^@
zV&ID7Of#F~{-N`EKe$^OH$&*U1#ZjyH^YMvN0c~O-(Ra0^T&T;VM&8asC8(x<!d#Q
zt3R`WQerT~>wm$aDtxGcLwm!2-806(4WTLUxC&nLn|oduK?~<a+kYYH-+zW(B}L<?
z?j+&3p=V>$#ZkTV9LDKL4e2~nQTw>uCN_#d(x|7cmGDJOo#$3qzG?}vRcq=f*)km9
z_avwTB?DmK9`r~Xv}{Voz3jO}^=7w1M@vz`Q6UdV1CAjgak!)uRk}a}{-BEkxh-x3
z7-U_lD*dPdFVNkgZ*HSLB1H;ZmX>kY>C0`^GMA=<Esn+glBV9`R+zql@d`pkA%8JL
zz0a++5J?G?j(WYJmGZ_cb+%*QfHlvxQx8ZcBZQsqKz6_7sOwys4ox|<_wv-nSeyC+
zwbC(50~>gNg!5Jwsq$Pja8TFNiCVzu&+o#n*iovc@`WYp64~11HD&6nQaX0x#pEwj
z`}1&n3{`9!!{j?FRC($cIFvgHbdSupap+uHr5bWcurnU%pe~g{urn?bm&hf2WGD4A
zmqF)&F6vz_gNc(w+*RY2xfMU$RlVD#TfR$L=mdHR)pb+z_|6(tdUn$<W+D(k`cptH
zq`iKC{IAuj<g_>OI58seLDWh!GjWA@DyY8VGMMoF00jHfVjatouB+1J<0USlR)HYW
z)QFl#cW1$+UHk?7$-M4r4h=QcbHZlvK9`S(sLwf5GO-1f?&=OH87K5`2U4WnA8D!7
z`yh1GaHXR0w4Uk$m*3>8dSN7vq+o!L>#a_fjd2S16SyC)Ic@+vdbSQrBlfHr)UmPR
z6?-mJ2e=jDDZ_-`YALPir)s>epW5E7un+<|6-_yC&|j~?dGtbmwWE?M<Y7||Kw=>-
zjmtL=RG*h)!M1#95O$(7u#iq0PiR5j<swyKl4A0}Q1uhH+7h?DIn?SWfYRy1)nwj#
zm}<(tu@yTBRI(#qJKQx46Ze?M>eX2;gXz;92Ks#@&Y&F`*s#xyRC~!<M7_8H2j)l%
zF2$mkU7}tj`_zNH;ZpT!mn-b+<{*&z<*H0&OvJN2s1r-*{Fpx>ncf|Z=%P~_ApFlo
z5KRG7Y|Yb0t1`SdaqxC=czMH>*y+v$aS5?;jM~rrL+8I<rS_1W;aIgKNI6!+%c7}Q
z$7X_E)~Tf;i>Hl`&DRX@ArsVkDa#D;)f3^UoL)?wpS%V&&ccdpm71?nOZlWpY6t8y
z6UNJ%u2Z|je($*6aU_Bs#v4oVfdDPNL2bn++@O|1h^Ww!2RaoCZ&VBT_9^P1SnJfO
z>R^}21nloz``&Vsnj5QsWSSa@{oXxYEs?*&{B(mFi2d$3Q!R}B9(c1_Amw3^E1W#&
zg=uO&UpY%nbLn_X>d+V7ia{Q_Ma_@3{q<J$(%A1y{-lab4TFa(E<!?+%iq6UZ5^vV
zJR9O1Wnd_GK&K8X3`4%fr@3=fJUg4Co{@CCmUrIhQ}sMGos6k!I=_3anj<CXeC0gs
zibT<w9;Q|E)Es`eQB_@vNvrQxt9a_2YS^VjBxTB7F%{^1)!i7bGah7Y_o(;C@xX>U
zBh9Gf8}3tsE-8qZP>|X@piYamXnZg>7K1NcfaOdTW5I=1nb?CTmWy!ZVeH->4`X4R
z85!c{u4!^UHI2|x_?(4mhD$en<)9bvjf=2Wk`>oEf|Vna>L6zT^h&(g=AlPbCYek>
z?!KBHg9{rKReyC<frsq%OTcvFU({kbP?JCWSZn|Y?}|kOyn!MlXzwp>slZnPQqs=H
zv7y>L9&cUyM9fZ1K70vWjWa%2czcmq<k8j3upy^BgB8N!WYF{{5Ho(TR6XP9)#SUE
zsePqpaJY1UX2f%GYFq)XcR3ot#Ke^b&VsWmkkme~LOtl{G2-{ty4?Jsm8uAspk2Vg
zg(3-|-m5YG<kirG(@%t_J?S`4!6Qsq@N9nyBWwK}I;r~zoz#e54Qp_t_0}5oV<|3-
zG*H}(gY}}Aq&82(o48W@Jfn(uQAouz0pxCKF`XNuwc@Woiyh-K9bKo29853?_v|ns
z3Cf_oPpRqrmgiw`PA%@ALe2|w+VKMJqaB0(_j<KXE-#?zl^fI!eEf^5B_&&Y#Rhe(
z`+M_CF=NE-PzRB};F)+5mDy0*{qJFBMbF`OC4HNk5p8-Tl}c?WxN)YMN`+g{SJ_|H
zc69V*^=UZ}JuZQ7uvNc1J_Cj?uH47J!xE@|6SODBNVTu1xHsDbF=IEWz*I0%+#ldh
zy*<Bavsx1y>`ETfp~X*bQ71Xm!b3SawMFejAH0gg<bhW)H!*|&PWp0@h!pX!w!*%I
z&;X!xu$G8yC4qN&P3`YU4*2=3?e0#)??pS*t}*(Kovw2Q{oB{E_r-$X_YZ$lwb<|9
z-f(>m=xMvuBuNkO!oRDjvEN<aQd45TyT9%FD+B{W-cgfd^ef&~6CFDaAQmVUmbu!_
z<&E#fMi$^p--oXewi`f<9^;@@yRkryrFYFnDl%l3+M4Fxix|SGuy(5-IQj@gp!=g+
zi+R^Q&gmqiAfgu}+Phax;g9XbmULKyemsRay0wH#J_P+A`<ze}{D}4|1b=krE3LTy
zBiB9ycsaQrA|2HP`Jw~ZCXTj)c-VCS5yl1SxXL_}rlr%N#jx2=52yu#mPPfSsJmr{
z2FyjILg}Bu_YeP6?c@%`lytuGGqpO_!QRi+3bzA`_I<AA^7KQ{uG1wh9~_E#SWR##
z0ZAGC1+?o7F+_d7z{xY`2$n%MGWnvTIPT;h5&p$7s9gTxys6Hnh6`b?JHCW{6@96;
zl45X8))#M%>i!AsILyc@uKO2GEoXs%_T>pDUGp_u<&$5jipvw?>%LaUyMKgv+Hu!E
z2ErnR6|WCy&bQFPkZ;jMO2S>ekc3ys*?j7EYL?sBM3{wXtoS}QjWAx8oPfDH8bwl4
zB(s|3ry%b4ldwx?l!%2=n$@<F3;9T)NKtaQaT<o`w8T}2q%Hmt^S$;5_b3Pm)Iz2s
zt6tX<2$@J*zT`(Iu7_#h34Isp(?O}?H9x5rNDb+{;Xkf(3n0WYMb=Tqzx`Rg)$Pf`
zHy(J4Tge~#FJd@naSXouS2ZN-aZFZ<_X6#y;S7AS|4hsV3_js^H--ry#VL25!yY-S
zrt$S>)pl-U><~fchtI`!zhP}UtBLd%;}x$bnbu$OBE9JlOB<4DoCfdvl&Xn<Sa1eC
zmHecp`CSPi@r)L)3=*}rd`O~}?~<L@wGJ6K^vPN>e<VrEcI$M?NYOe_Q7e!?Pu2o1
z+2A0Hv{!V8>{}!f1$<GeCc=9`6L>408&uKsHfUMhM$@IXO!^>A>qr|8z{u9N)!c1?
zhZnokv~kjWBJz1ZP0!GBXjq1J#+iOZ=k=M|R4G1U0H{ZjkjD>YX*n*<bZN9R8|o;`
z*4)h!iSU{nt-%#;`Lcy=*5v`re=S%0k0adjlTxVV^1XSQy9sgf2ny8{VEDi0Ywm8a
zf*fQSj0TYOb@MzDtuN9<s)E_$H1byby;u`ry{OP-KQ*PX!C8i+Tvn!Kx{aO3EaK@Y
za*YJqQ?9k)R36h5US02OkIBe>@M(sV7!0q}<R%jjN+(xg5@I6;{n!{{vUu>BMYSE_
z)0|Ur%(w7q&9zz*ZSA0aE;;c|tcCLwIQiC&n6s>dvPIqO&cOJc!*AQ!n1D8&wc}!D
zK|h}0cZI%&bwMwMU9_{38sVT8yK?YMP{^5EjddMct^MFg$IVWepf0V^%J}RWEmtxF
z1#+1EwO~HE6({aZ)mlCs?54dVn+0Vv<yyopcle>BJ+)|?Xa&RKvFZ1I4exG$yj{z6
zDB&Ql3~7gzWKoSUe6+|RN_i(;>&+Y*o~4b9-!JiHriKU2f>}5DbC%YbQOO0aEF;L9
zduZJlebggHF$okuo#?G~rBii)#>QU+(9gdFUh3!tT2vvWzsrheQcZQ*7%AH{`RNO_
zbVfJVxz&*%p}LE>Noh?#^~Z(Q$(teW#p6QU3gwS?Ev-2?CMeYLfmmykCJaL=x@4f%
zlTqnVE!UYFp4iko*BHqcX}OF(9vq{axXZw+Qo{8{CjEOTa&f1(1^1!1qwDe3xIu5l
z_YBn@a?~2aI~0f?$LQUWQbGt{aP<%vy@c}-z^C!z5!wq1?W}h>0zqHTILC%XKw&CI
zX&*QX5kg21c3^uBJpV&U3kH2xIfy&GdpU3$F(5wfa_x{DLeS)WMr-q&H4BA;z6%|6
zog@1EyF$CBxt)eg50;!vo5yL9X9i!bF}nYHmjh?rcn1*YK+CHc<xYxK04)*W9&etg
z;Tups(WS#aB)xu;7GX4ae2i|of=IybH17rhXiUMF+fUYxD%3DlE=>qVQ#wV%hd^wK
z+Y)*9l^!^J>P>ia)w0;U>?Un3W;E7ihDVR1<9YP%bab<_8Qn~nu6?S|np<LgmT#1R
zsyU$Q8pp^&_$Fla%^G85&2YyOvG~qgG+kC(VgB1~8otCy3c1ym#nWeN_}IMFTq!jS
zH`1539m2)u_CLo=a%u<wZNnD`N|*l`UYUNmBgTviC&64o{)0fehR@XwD)h$PQg|3&
zavZ%|tD#f#wQh9aJE*MsEUXPEdLn{9yb$x>rPVsMi|65xx_G{Jp|kQ~eE5one(H6%
z)|EHkso}$!E{(2GJW@wpUuQyLe5}#=KJBbRmko4B1Tf)h=T>d<1KI_QQWnPOmT$E4
z<n-7AvB95S;L^ikmkyk~rxY5tXheb9k-ylaUG5lP7%|6afn1mJ>Zmr*rCGia4%|(E
zyHoj+$Hd;wSmKH`!Z0BhJkR0hNW(Yz&rz%rH#DM>16dy|`!tcwFVosG>b}WkLi#tV
z1@}$j$5&`YjK-{q)#^YJ@fNj$-hWaH^E*}x158-$)*{bxYCBTTr=Z5g7r=OquhH<C
z&QH&{YQ$yVyKA+sj9yqP8;J*NLnKzdY@HS$h|Hre*5h-J-aoUh{GDetghg<Yx?fz+
z2!Nabkf+e0=dp909@amn{Y|pK%>!i>!6LBnEWUib>tJ!u$De;u3ouHu-ChyP50St)
z@b7GT;AK3r9{iHFU7<r8V=Mx*71%ikc8;}vVTD_PH|HZ-RFq9co3+mTg-zPmjuGj=
z-<NQ$l+jmPU4C4B4{1Td>AJ0274Pt>wo{>3UWsw&uxIf+6<B#8EqqNY;KR3Re^uz$
zze&C6xEL+luFY|5K-`pFC9&!^cWMSBb-T-D_z7IqRGp0w_$mP4&MNDM&gbvamdHO4
z;+4NGO#A)aZYvxS8SiQrG3vU{9S<Ixj*Ufrt&m>{)&2V&mpx(<*vojUJz9I1#`|s?
zoB;7Q0%XqSjr+7zMyEfIahSdd@_8t*Tzq_T+o!Su-y6cg0Y2_QDWAAbhn6qYiujI?
zwJq=wAIJEFBXszteGb01`(Y~Zfp|Uou{MMRjj#Gl8==sGkK7hG8f2Fae9QqK!<zRW
zku$-S4xK&%O!m3M8a}TdbJ!&ZgB)ahoK^l`R}3y^MhJklkl*zWxNLD~8=)ZI_)npM
z(&KJBgaoI)((wPM`0y*25=LVE6^_~?-(ouq`U%?sr|d_Lo#4)d-}jx?no(Y}%Z(fa
z5b<P2(GxL>$Y!)4P5x19$M0y?@ISf8{Mj879uqiYs-%V=A>HxRWk2HBb4G{H2>~wW
zaNx<U7(MobD-fYU?a$f|3Jv~;D+Yn}MG`xH?^nd&&goD$3OdERSCa&dm;5R+0x@UU
z#bqr}GCnN%4FQm>FnyOepAP{&PN#WiV*`TY-G&8Z2~LP)SV8K*61r~kCw!*RH|N|z
zStbV+M`!=U1Sgsh|6dPWG~*E~2R@8bqKg)*z<Y)`K1_#`66EnsI4X+nJCc}yl8BOo
zl8n*{B?ToFr8P<$l(r~oDCsB}D48f(DD6<PQF2gnQSwmoQ3_BBQH1<rloFIulrofZ
zl=dhUD3vHxC>>BbqI5#(jM4?AD@rv=4N5nZS`<G@040bLLJ6bjC<cm&5<#(0x})?!
M>G{l&#9rI}58fi;X8-^I

diff --git a/src/unicef_rest_framework/admin/cache.py b/src/unicef_rest_framework/admin/cache.py
index c168b5b33..abbc9612d 100644
--- a/src/unicef_rest_framework/admin/cache.py
+++ b/src/unicef_rest_framework/admin/cache.py
@@ -28,9 +28,10 @@ class CacheVersionAdmin(ExtraUrlMixin, admin.ModelAdmin):
     list_display = ('name', 'cache_version', 'get_cache_ttl', 'cache_key')
     search_fields = ('name', 'viewset')
     actions = ['incr_version', 'reset_version', 'generate_cache_token']
-    readonly_fields = ('cache_key', )
+    readonly_fields = ('cache_key', 'name')
     list_filter = ('hidden',)
     form = CacheVersionForm
+    fieldsets = [("", {"fields": ('name', 'cache_version', 'cache_ttl', 'cache_key')})]
 
     def get_queryset(self, request):
         return super(CacheVersionAdmin, self).get_queryset(request). \
@@ -54,7 +55,7 @@ def get_cache_ttl(self, obj):
 
     @action(label='View Service')
     def goto_service(self, request, pk):
-        url = reverse("admin:core_service_change", args=[pk])
+        url = reverse("admin:unicef_rest_framework_service_change", args=[pk])
         return HttpResponseRedirect(url)
 
     @link(label='Reset cache', css_class="btn btn-danger", icon="fa fa-warning icon-white")
diff --git a/src/unicef_rest_framework/admin/service.py b/src/unicef_rest_framework/admin/service.py
index 397d2a082..4e4a4fcb3 100644
--- a/src/unicef_rest_framework/admin/service.py
+++ b/src/unicef_rest_framework/admin/service.py
@@ -39,15 +39,22 @@ def get_stash_url(obj, label=None, **kwargs):
 
 
 class ServiceAdmin(ExtraUrlMixin, admin.ModelAdmin):
-    list_display = ('name', 'visible', 'security', 'cache_version', 'source_model',
-                    'json', 'admin')
+    list_display = ('name', 'visible', 'cache_version', 'source_model', 'json', 'admin')
     list_filter = ('hidden', 'access')
 
     search_fields = ('name', 'viewset')
     readonly_fields = ('cache_version', 'cache_ttl', 'cache_key', 'viewset', 'name', 'uuid',
-                       'last_modify_user')
+                       'last_modify_user', 'source_model',)
     form = ServiceForm
     filter_horizontal = ('linked_models',)
+    fieldsets = [("", {"fields": ('name',
+                                  'description',
+                                  # 'access',
+                                  # 'confidentiality',
+                                  # 'hidden',
+                                  'source_model',
+                                  'linked_models',
+                                  )})]
 
     # change_list_template = 'admin/unicef_rest_framework/service/change_list.html'
 
diff --git a/src/unicef_rest_framework/models/service.py b/src/unicef_rest_framework/models/service.py
index aa66f1f30..fbf792385 100644
--- a/src/unicef_rest_framework/models/service.py
+++ b/src/unicef_rest_framework/models/service.py
@@ -127,9 +127,8 @@ def get_access_level(self):
     def endpoint(self):
         for __, viewset, base_name in conf.ROUTER.registry:
             if viewset == self.viewset:
-                return reverse(f'api:{base_name}-list', args=['v1'])
-        else:
-            return None
+                return reverse(f'api:{base_name}-list', args=['latest'])
+        return None
 
     @cached_property
     def display_name(self):
@@ -152,7 +151,6 @@ def save(self, force_insert=False, force_update=False, using=None, update_fields
                 model = v.get_queryset().model
                 ct = ContentType.objects.get_for_model(model)
                 self.linked_models.add(ct)
-                self.viewset._service = None
             except Exception as e:
                 logger.exception(e)
         super(Service, self).save(force_insert, force_update, using, update_fields)
diff --git a/src/unicef_rest_framework/renderers/api.py b/src/unicef_rest_framework/renderers/api.py
index 54b60c69c..4f78131f6 100644
--- a/src/unicef_rest_framework/renderers/api.py
+++ b/src/unicef_rest_framework/renderers/api.py
@@ -15,8 +15,13 @@ def get_context(self, data, accepted_media_type, renderer_context):
         # in the real flow, this is added by the MultiTenant Middleware
         # but this function is called before the middleware system is involved
         request = ctx['request']
-        for key, value in request.api_info.items():
-            ctx['response_headers'][key] = request.api_info.str(key)
+        view = ctx['view']
+        for key, value in sorted(request.api_info.items()):
+            if key not in ['cache-hit']:
+                ctx['response_headers'][key] = request.api_info.str(key)
+
+        ctx['extra_actions'] = view.get_extra_action_url_map()
+        ctx['base_action'] = reverse(f'api:{view.basename}-list', args=['latest'])
 
         if request.user.is_staff:
             try:
@@ -25,4 +30,9 @@ def get_context(self, data, accepted_media_type, renderer_context):
                 ctx['admin_url'] = admin_url
             except Exception:  # pragma: no cover
                 pass
+
+        try:
+            ctx['iqy_url'] = ctx['extra_actions'].pop('Iqy')
+        except Exception:  # pragma: no cover
+            pass
         return ctx
diff --git a/src/unicef_rest_framework/templates/rest_framework/base.html b/src/unicef_rest_framework/templates/rest_framework/base.html
index 751593d6b..778dca248 100644
--- a/src/unicef_rest_framework/templates/rest_framework/base.html
+++ b/src/unicef_rest_framework/templates/rest_framework/base.html
@@ -115,6 +115,14 @@
               <button class="btn btn-primary js-tooltip" title="Make an OPTIONS request on the {{ name }} resource">OPTIONS</button>
             </form>
           {% endif %}
+          {% if iqy_url %}
+              <span class="button-form" >
+              <a href="{{ iqy_url  }}"
+                 tyle="float: right; color:black; background-color: #1e90ff; margin-right: 0;margin-top:5px; margin-left: 10px;"
+                 class="btn btn-primary js-tooltip">IQY</a>
+              </span>
+          {% endif %}
+
           {% if delete_form %}
             <button class="btn btn-danger button-form js-tooltip" title="Make a DELETE request on the {{ name }} resource" data-toggle="modal" data-target="#deleteModal">DELETE</button>
 
@@ -153,13 +161,23 @@ <h1>{{ name }}</h1>
                   {{ description }}
                 {% endblock %}
               </div>
-
               {% if admin_url %}
                   <a href="{{ admin_url }}"
                      style="float: right; color:black; background-color: #ffd600; margin-bottom:10px; margin-right: 0;margin-top:5px; margin-left: 10px;"
                      class="btn btn-primary">Admin</a>
               {% endif %}
-
+              {% for name,url in extra_actions.items %}
+                  {% if url != request.build_absolute_uri %}
+                      <a href="{{ url }}"
+                         style="float: right; color:black; background-color: rgba(30,144,255,0.3); margin-bottom:10px; margin-right: 0;margin-top:5px; margin-left: 10px;"
+                         class="btn btn-primary">{{ name }}</a>
+                  {% endif %}
+              {% endfor %}
+              {% if request.path != base_action %}
+              <a href="{{ base_action }}"
+                 style="float: right; color:black; background-color: rgba(30,144,255,0.3); margin-bottom:10px; margin-right: 0;margin-top:5px; margin-left: 10px;"
+                 class="btn btn-primary">List</a>
+              {% endif %}
               {% if paginator %}
                 <nav style="float: right">
                   {% get_pagination_html paginator %}

From 9caaf73d2b6fcbcf2d6ad56e569495f3f2761c39 Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Sat, 8 Dec 2018 00:03:31 +0100
Subject: [PATCH 29/86] enable user defined page_size

---
 src/unicef_rest_framework/pagination.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/unicef_rest_framework/pagination.py b/src/unicef_rest_framework/pagination.py
index 0ede5b9ca..1b83e4f5b 100644
--- a/src/unicef_rest_framework/pagination.py
+++ b/src/unicef_rest_framework/pagination.py
@@ -28,11 +28,11 @@ class APIPagination(PageNumberPagination):
 
     # Client can control the page size using this query parameter.
     # Default is 'None'. Set to eg 'page_size' to enable usage.
-    page_size_query_param = None
+    page_size_query_param = 'page_size'
 
     # Set to an integer to limit the maximum page size the client may request.
     # Only relevant if 'page_size_query_param' has also been set.
-    max_page_size = 1000
+    max_page_size = 10000
 
     last_page_strings = ('last',)
 

From f87840db88a66f10fd12bd245bf6a9324ef234a7 Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Sat, 8 Dec 2018 00:10:01 +0100
Subject: [PATCH 30/86] update circleci

---
 .circleci/config.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.circleci/config.yml b/.circleci/config.yml
index 63b8c2436..e6d1c9ec9 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -37,7 +37,7 @@ jobs:
             export PATH=/home/circleci/.local/bin:$PATH
             export PYTHONHASHSEED=${RANDOM}
             pip install tox --user
-            tox -e py36-d21 deps
+            tox -e py36-d21 deps -- --create-db
       - run:
           name: codecov
           command: |

From 4165145a4d9e14e49f7a3339556240aa555ad3a2 Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Sat, 8 Dec 2018 00:14:52 +0100
Subject: [PATCH 31/86] update circleci

---
 .circleci/config.yml | 2 +-
 tox.ini              | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/.circleci/config.yml b/.circleci/config.yml
index e6d1c9ec9..9180090df 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -37,7 +37,7 @@ jobs:
             export PATH=/home/circleci/.local/bin:$PATH
             export PYTHONHASHSEED=${RANDOM}
             pip install tox --user
-            tox -e py36-d21 deps -- --create-db
+            tox -e py36-d21
       - run:
           name: codecov
           command: |
diff --git a/tox.ini b/tox.ini
index e5d69e794..711580283 100644
--- a/tox.ini
+++ b/tox.ini
@@ -52,6 +52,7 @@ commands =
     pipenv run pre-commit run --all-files --hook-stage push
     pipenv run pre-commit run --all-files --hook-stage manual
     pipenv run py.test tests \
+            --create-db \
             --cov-report=term \
             --cov-report=html \
             --cov-config=tests/.coveragerc \

From af21e8076eddc7e47958517aac1b020ee6a9d38f Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Sat, 8 Dec 2018 00:22:56 +0100
Subject: [PATCH 32/86] update tox.ini

---
 tox.ini | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tox.ini b/tox.ini
index 711580283..9a1ea4605 100644
--- a/tox.ini
+++ b/tox.ini
@@ -56,5 +56,5 @@ commands =
             --cov-report=term \
             --cov-report=html \
             --cov-config=tests/.coveragerc \
-            --cov=etools_datamart
+            --cov=etools_datamart \
             {posargs}

From 909c1dcf599fadedf0d3243dc0bdc0b0a9e08933 Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Sat, 8 Dec 2018 00:57:36 +0100
Subject: [PATCH 33/86] use proper datetime in tests

---
 tests/api/test_api_data.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/api/test_api_data.py b/tests/api/test_api_data.py
index 46fdb4e04..600074924 100644
--- a/tests/api/test_api_data.py
+++ b/tests/api/test_api_data.py
@@ -1,7 +1,7 @@
 # -*- coding: utf-8 -*-
 import pytest
-from dateutil.utils import today
 from django.contrib.contenttypes.models import ContentType
+from django.utils import timezone
 from test_utilities.factories import (FAMIndicatorFactory, HACTFactory, InterventionFactory,
                                       PMPIndicatorFactory, TaskLogFactory, UserStatsFactory,)
 
@@ -57,7 +57,7 @@ def test_list(client, action, viewset, format, ct, data):
 
 def test_updates(client):
     viewset = FAMIndicatorViewSet()
-    TaskLogFactory(last_changes=today(),
+    TaskLogFactory(last_changes=timezone.now(),
                    content_type=ContentType.objects.get_for_model(FAMIndicator))
 
     url = f"{viewset.get_service().endpoint}updates/"

From 71fe484f542878e55f878e8fd7edd2db0d594804 Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Sat, 8 Dec 2018 02:03:31 +0100
Subject: [PATCH 34/86] add support to locally enable access  to countries

---
 src/etools_datamart/apps/etools/utils.py    | 12 ++++-----
 src/unicef_rest_framework/test_utils.py     | 30 +++++++++++++++++++++
 tests/_test_lib/test_utilities/factories.py | 30 +++++++++++++++++++++
 tests/api/test_api_filtering.py             | 29 +++++++++++++++++++-
 tests/api/test_etools_security.py           | 13 ---------
 tests/conftest.py                           | 15 +++++++++++
 tests/etl/test_etl_tasklog.py               | 18 ++++++++-----
 tests/test_admin.py                         |  6 +++++
 tests/tracking/test_tracking_utils.py       |  5 +++-
 9 files changed, 130 insertions(+), 28 deletions(-)

diff --git a/src/etools_datamart/apps/etools/utils.py b/src/etools_datamart/apps/etools/utils.py
index 036e6f23b..d955cc956 100644
--- a/src/etools_datamart/apps/etools/utils.py
+++ b/src/etools_datamart/apps/etools/utils.py
@@ -1,4 +1,5 @@
 from django.db import connections
+from unicef_security.models import Role
 
 from etools_datamart.apps.etools.models import UsersUserprofile
 from etools_datamart.apps.multitenant.exceptions import InvalidSchema
@@ -7,17 +8,14 @@
 
 
 def get_etools_allowed_schemas(user):
-    # returns all allowed schemas as per eTools configuration
-    # if `user` is also an eTools user.
-    # matching is performed per email mnatching
-    # TODO: manage non etools user permissions
+    # returns all allowed schemas
     with conn.noschema():
+        aa = list(Role.objects.filter(user=user).values_list('business_area__name', flat=True))
         etools_user = UsersUserprofile.objects.filter(user__email=user.email).first()
         if etools_user:
-            return set(etools_user.countries_available.values_list('schema_name', flat=True))
-        else:
-            return set()
+            aa.extend(set(etools_user.countries_available.values_list('schema_name', flat=True)))
 
+    return set(map(lambda s: s.lower(), aa))
 #
 # def schema_is_valid(*schema):
 #     return schema in conn.all_schemas
diff --git a/src/unicef_rest_framework/test_utils.py b/src/unicef_rest_framework/test_utils.py
index 555035b38..b736f2609 100644
--- a/src/unicef_rest_framework/test_utils.py
+++ b/src/unicef_rest_framework/test_utils.py
@@ -1,6 +1,36 @@
 from contextlib import ContextDecorator
 
+from test_utilities.factories import BusinessAreaFactory, RoleFactory
 from unicef_rest_framework.models import Service, UserAccessControl
+from unicef_security.models import Role
+
+
+class user_allow_country(ContextDecorator):  # noqa
+    def __init__(self, user, coutries=None):
+        self.user = user
+        if not isinstance(coutries, (list, tuple)):
+            coutries = [coutries]
+        self.areas = [BusinessAreaFactory(name=s) for s in coutries]
+        self.rules = []
+
+    def __enter__(self):
+        for area in self.areas:
+            rule = RoleFactory(user=self.user, business_area=area)
+            self.rules.append(rule.pk)
+
+    def __exit__(self, e_typ, e_val, trcbak):
+        Role.objects.filter(id__in=self.rules).delete()
+        if e_typ:
+            raise e_typ(e_val).with_traceback(trcbak)
+
+    def start(self):
+        """Activate a patch, returning any created mock."""
+        result = self.__enter__()
+        return result
+
+    def stop(self):
+        """Stop an active patch."""
+        return self.__exit__(None, None, None)
 
 
 class user_allow_service(ContextDecorator):  # noqa
diff --git a/tests/_test_lib/test_utilities/factories.py b/tests/_test_lib/test_utilities/factories.py
index aa79a3f96..ffef8463e 100644
--- a/tests/_test_lib/test_utilities/factories.py
+++ b/tests/_test_lib/test_utilities/factories.py
@@ -71,6 +71,8 @@ class Meta:
 
 
 class GroupFactory(factory.DjangoModelFactory):
+    name = factory.Sequence(lambda n: "name%03d" % n)
+
     class Meta:
         model = Group
         django_get_or_create = ('name',)
@@ -160,3 +162,31 @@ class EmailTemplateFactory(factory.DjangoModelFactory):
     class Meta:
         model = EmailTemplate
         django_get_or_create = ('name',)
+
+
+class RegionFactory(factory.DjangoModelFactory):
+    code = factory.Sequence(lambda n: "code%03d" % n)
+    name = factory.Sequence(lambda n: "name%03d" % n)
+
+    class Meta:
+        model = unicef_security.models.Region
+        django_get_or_create = ('name',)
+
+
+class BusinessAreaFactory(factory.DjangoModelFactory):
+    code = factory.Sequence(lambda n: "code%03d" % n)
+    region = SubFactory(RegionFactory)
+
+    class Meta:
+        model = unicef_security.models.BusinessArea
+        django_get_or_create = ('name',)
+
+
+class RoleFactory(factory.DjangoModelFactory):
+    user = SubFactory(UserFactory)
+    group = SubFactory(GroupFactory)
+    business_area = SubFactory(BusinessAreaFactory)
+
+    class Meta:
+        model = unicef_security.models.Role
+        django_get_or_create = ('user', 'group', 'business_area')
diff --git a/tests/api/test_api_filtering.py b/tests/api/test_api_filtering.py
index 715324280..5f96518ef 100644
--- a/tests/api/test_api_filtering.py
+++ b/tests/api/test_api_filtering.py
@@ -1,4 +1,8 @@
 import pytest
+from rest_framework.test import APIClient
+from unicef_rest_framework.test_utils import user_allow_country, user_allow_service
+
+from etools_datamart.api.endpoints import InterventionViewSet
 
 
 @pytest.mark.parametrize('flt', ['country_name=bolivia', 'country_name=', 'country_name=bolivia,chad'])
@@ -10,16 +14,39 @@ def test_filter_etools_country_name(db, client, flt):
 
 
 @pytest.mark.parametrize('flt', ['country_name=bolivia', 'country_name=', 'country_name=bolivia,chad'])
-def test_filter_datamart_country_name(db, client, flt):
+def test_filter_datamart_country_name_admin(db, client, flt):
     url = f"/api/latest/datamart/interventions/?%s" % flt
     res = client.get(url)
     assert res.status_code == 200
     assert res.json()
 
 
+@pytest.mark.parametrize('flt', ['country_name=lebanon', 'country_name=', 'country_name=lebanon,chad'])
+def test_filter_datamart_country_name_uset(user, flt):
+    client = APIClient()
+    client.force_authenticate(user)
+    base = InterventionViewSet.get_service().endpoint
+
+    with user_allow_country(user, ['lebanon', 'chad']):
+        with user_allow_service(user, InterventionViewSet):
+            url = f"{base}?{flt}"
+            res = client.get(url)
+            assert res.status_code == 200
+            assert res.json()
+
+
 @pytest.mark.parametrize('flt', ['10', 'oct', '10-2018', 'current', ''])
 def test_filter_datamart_month(db, client, flt):
     url = f"/api/latest/datamart/user-stats/?month=%s" % flt
     res = client.get(url)
     assert res.status_code == 200
     assert res.json()
+
+#
+# @pytest.mark.parametrize('flt', ['10', 'oct', '10-2018', 'current', ''])
+# def test_filter_datamart_month(user, flt):
+#     with user_allow_service(user, PartnerViewSet):
+#     url = f"/api/latest/datamart/user-stats/?month=%s" % flt
+#     res = client.get(url)
+#     assert res.status_code == 200
+#     assert res.json()
diff --git a/tests/api/test_etools_security.py b/tests/api/test_etools_security.py
index 6641c749e..697024d57 100644
--- a/tests/api/test_etools_security.py
+++ b/tests/api/test_etools_security.py
@@ -1,22 +1,9 @@
-import pytest
 from rest_framework.test import APIClient
-from test_utilities.factories import UserFactory
 from unicef_rest_framework.test_utils import user_allow_service
 
 from etools_datamart.api.endpoints import PartnerViewSet
 
 
-@pytest.fixture()
-def user(etools_user):
-    return UserFactory(username=etools_user.username,
-                       email=etools_user.email)
-
-
-@pytest.fixture()
-def local_user(db):
-    return UserFactory()
-
-
 def test_etools_user_access_allowed_countries(user):
     # etools user has access same countries as in eTools app
     client = APIClient()
diff --git a/tests/conftest.py b/tests/conftest.py
index 76b4bb289..6f20aabc4 100644
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -141,3 +141,18 @@ def staff_user(etools_user):
     return UserFactory(username=etools_user.username,
                        email=etools_user.email,
                        is_staff=True)
+
+
+@pytest.fixture()
+def user(etools_user):
+    from test_utilities.factories import UserFactory
+
+    return UserFactory(username=etools_user.username,
+                       email=etools_user.email)
+
+
+@pytest.fixture()
+def local_user(db):
+    from test_utilities.factories import UserFactory
+
+    return UserFactory()
diff --git a/tests/etl/test_etl_tasklog.py b/tests/etl/test_etl_tasklog.py
index 31b4905ad..4a51d3063 100644
--- a/tests/etl/test_etl_tasklog.py
+++ b/tests/etl/test_etl_tasklog.py
@@ -2,8 +2,11 @@
 
 import pytest
 from celery.signals import task_postrun
+from django.contrib.contenttypes.models import ContentType
+from test_utilities.factories import TaskLogFactory
+from unicef_security.models import User
 
-from etools_datamart.apps.data.models import PMPIndicators
+from etools_datamart.apps.data.models import HACT, PMPIndicators
 from etools_datamart.apps.etl.models import EtlTask
 from etools_datamart.apps.etl.results import EtlResult
 from etools_datamart.apps.etl.tasks.etl import load_pmp_indicator
@@ -17,11 +20,6 @@ def test_check_extra_attributes(db):
             EtlTask.objects.get_for_model(PMPIndicators))
 
 
-#     assert load_pmp_indicator.linked_model
-#     assert load_pmp_indicator.linked_model.task_log
-#     assert PMPIndicators.task_log.table_name == PMPIndicators._meta.db_table
-
-
 def test_load_pmp_indicator(db):
     with mock.patch('etools_datamart.apps.etl.tasks.etl.load_pmp_indicator.run',
                     return_value=EtlResult(created=11)):
@@ -58,3 +56,11 @@ def test_no_changes(db):
         assert load_pmp_indicator.apply()
         assert EtlTask.objects.filter(task='etools_datamart.apps.etl.tasks.etl.load_pmp_indicator',
                                       status='SUCCESS').exists()
+
+
+def test_manager(db):
+    TaskLogFactory(content_type=ContentType.objects.get_for_model(HACT))
+    assert EtlTask.objects.filter_for_models(HACT)
+    assert EtlTask.objects.get_for_model(HACT)
+    with pytest.raises(EtlTask.DoesNotExist):
+        assert EtlTask.objects.get_for_model(User)
diff --git a/tests/test_admin.py b/tests/test_admin.py
index 871c1c7ac..0c3e4323f 100644
--- a/tests/test_admin.py
+++ b/tests/test_admin.py
@@ -15,3 +15,9 @@ def test_sysinfo(django_app, admin_user):
     url = reverse("sys-admin-info")
     res = django_app.get(url, user=admin_user)
     assert res.status_code == 200
+
+
+def test_index(django_app, admin_user):
+    url = reverse("admin:index")
+    res = django_app.get(url, user=admin_user)
+    assert res.status_code == 200
diff --git a/tests/tracking/test_tracking_utils.py b/tests/tracking/test_tracking_utils.py
index ec9d26e83..bac58a6c5 100644
--- a/tests/tracking/test_tracking_utils.py
+++ b/tests/tracking/test_tracking_utils.py
@@ -1,4 +1,6 @@
 # -*- coding: utf-8 -*-
+from unittest.mock import Mock
+
 from etools_datamart.apps.tracking import utils
 
 
@@ -10,5 +12,6 @@ def test_refresh_all_counters(db):
     utils.refresh_all_counters()
 
 
-def test_get_all_counters(db):
+def test_get_all_counters(db, monkeypatch):
+    monkeypatch.setattr("etools_datamart.apps.tracking.utils.cache", Mock())
     assert utils.get_all_counters() == utils.get_all_counters()

From e8e42506a4c2fdab449ebc2e806fa9ff72d14625 Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Sat, 8 Dec 2018 02:16:34 +0100
Subject: [PATCH 35/86] updates

---
 tests/_test_lib/test_utilities/factories.py | 4 ++++
 tests/api/test_api_data.py                  | 4 +++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/tests/_test_lib/test_utilities/factories.py b/tests/_test_lib/test_utilities/factories.py
index ffef8463e..56aab9cd3 100644
--- a/tests/_test_lib/test_utilities/factories.py
+++ b/tests/_test_lib/test_utilities/factories.py
@@ -21,6 +21,9 @@
 
 class TaskLogFactory(factory.DjangoModelFactory):
     elapsed = 10
+    last_success = timezone.now()
+    last_failure = timezone.now()
+    last_changes = timezone.now()
 
     class Meta:
         model = EtlTask
@@ -50,6 +53,7 @@ class Meta:
 
 class FAMIndicatorFactory(factory.DjangoModelFactory):
     month = today
+    last_modify_date = timezone.now()
 
     class Meta:
         model = FAMIndicator
diff --git a/tests/api/test_api_data.py b/tests/api/test_api_data.py
index 600074924..709438b3c 100644
--- a/tests/api/test_api_data.py
+++ b/tests/api/test_api_data.py
@@ -21,13 +21,15 @@
 FORMATS = (('', 'application/json'),
            ('csv', 'text/csv; charset=utf-8'),
            ('xml', 'application/xml; charset=utf-8'),
-           # ('html', 'text/html; charset=utf-8'),
+           ('xhtml', 'text/html; charset=utf-8'),
            ('json', 'application/json'),
            ('ms-xml', 'application/xml; charset=utf-8'),
            ('ms-json', 'application/json'),
            ('csv', 'text/csv; charset=utf-8'),
            ('pdf', 'application/pdf; charset=utf-8'),
            ('xlsx', 'application/xlsx; charset=utf-8'),
+           ('txt', 'text/plain; charset=utf-8'),
+           ('iqy', 'text/plain; charset=utf-8'),
            )
 
 

From 913972b126f2e171ff0b264a66e942ae9093847b Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Sat, 8 Dec 2018 16:37:09 +0100
Subject: [PATCH 36/86] add some tests

---
 src/etools_datamart/apps/etl/results.py       | 38 ++++----
 .../apps/tracking/middleware.py               | 16 ++--
 src/etools_datamart/celery.py                 | 14 ++-
 src/etools_datamart/config/settings.py        |  2 +-
 tests/_test_lib/settings_test.py              | 14 +++
 tests/_test_lib/test_utilities/factories.py   |  6 +-
 tests/etl/test_etl_result.py                  | 21 +++--
 tests/test_admin.py                           | 14 ++-
 tests/tracking/test_tracking_log.py           | 34 +++++++
 .../vcr_cassettes/_test_user_data.yml         | 94 +++++++++++++++++++
 .../vcr_cassettes/test_user_data.yml          | 78 ++-------------
 11 files changed, 222 insertions(+), 109 deletions(-)
 create mode 100644 tests/unicef_security/vcr_cassettes/_test_user_data.yml

diff --git a/src/etools_datamart/apps/etl/results.py b/src/etools_datamart/apps/etl/results.py
index 12cd7d393..508e6194b 100644
--- a/src/etools_datamart/apps/etl/results.py
+++ b/src/etools_datamart/apps/etl/results.py
@@ -1,5 +1,6 @@
 import json
-from json.decoder import WHITESPACE
+
+from rest_framework.utils import encoders
 
 CREATED = 'created'
 UPDATED = 'updated'
@@ -36,13 +37,13 @@ def __eq__(self, other):
         return False
 
 
-class EtlDecoder(json.JSONDecoder):
-
-    def decode(self, s, _w=WHITESPACE.match):
-        return super().decode(s, _w)
-
+# class EtlDecoder(json.JSONDecoder):
+#
+#     def decode(self, s, _w=WHITESPACE.match):
+#         return super().decode(s, _w)
+#
 
-class EtlEncoder(json.JSONEncoder):
+class EtlEncoder(encoders.JSONEncoder):
 
     def default(self, obj):
         if isinstance(obj, EtlResult):
@@ -50,22 +51,21 @@ def default(self, obj):
                 '__type__': '__EtlResult__',
                 'data': obj.as_dict()
             }
-        else:
-            return json.JSONEncoder.default(self, obj)
+        return super(EtlEncoder, self).default(obj)
 
-
-def etl_decoder(obj):
-    if '__type__' in obj:
-        if obj['__type__'] == '__EtlResult__':
-            return EtlResult(**obj)
-    return obj
+#
+# def etl_decoder(obj):
+#     if '__type__' in obj:
+#         if obj['__type__'] == '__EtlResult__':
+#             return EtlResult(**obj)
+#     return obj
 
 
 # Encoder function
 def etl_dumps(obj):
     return json.dumps(obj, cls=EtlEncoder)
 
-
-# Decoder function
-def etl_loads(obj):
-    return json.loads(obj, cls=EtlDecoder, object_hook=etl_decoder)
+#
+# # Decoder function
+# def etl_loads(obj):
+#     return json.loads(obj, cls=EtlDecoder, object_hook=etl_decoder)
diff --git a/src/etools_datamart/apps/tracking/middleware.py b/src/etools_datamart/apps/tracking/middleware.py
index c33621c9e..705f43da6 100644
--- a/src/etools_datamart/apps/tracking/middleware.py
+++ b/src/etools_datamart/apps/tracking/middleware.py
@@ -22,7 +22,8 @@
 
 def log_request(**kwargs):
     log = APIRequestLog.objects.create(**kwargs)
-    if settings.ENABLE_LIVE_STATS:  # pragma: no cover
+
+    if settings.ENABLE_LIVE_STATS:
         lastMonth = (log.requested_at.replace(day=1) - datetime.timedelta(days=1)).replace(day=1)
 
         def _update_stats(target, **extra):
@@ -36,7 +37,7 @@ def _update_stats(target, **extra):
                 setattr(target, k, v)
             try:
                 target.save()
-            except Exception as e:
+            except Exception as e:  # pragma: no cover
                 logger.error(f"""Error updating {target.__class__.__name__}: {e}
 {extra}
 """)
@@ -80,8 +81,9 @@ def _update_stats(target, **extra):
 
 def record_to_kwargs(request, response):
     user = None
+    api_info = getattr(request, 'api_info')
 
-    if request.user and request.user.is_authenticated:  # pragma: no cover
+    if request.user and request.user.is_authenticated:
         user = request.user
 
     # compute response time
@@ -98,11 +100,11 @@ def record_to_kwargs(request, response):
         media_type = response.accepted_media_type
     except AttributeError:  # pragma: no cover
         media_type = response['Content-Type'].split(';')[0]
-    view = request.api_info.get('view', None)
+    view = api_info.get('view', None)
     if not view:  # pragma: no cover
         return {}
     viewset = fqn(view)
-    service = request.api_info.get("service")
+    service = api_info.get("service")
     from unicef_rest_framework.utils import get_ident
     return dict(user=user,
                 requested_at=request.timestamp,
@@ -144,7 +146,9 @@ def __call__(self, request):
         request.timestamp = now()
 
         response = self.get_response(request)
-        if response.status_code == 200 and config.TRACK_PATH.match(request.path):
+        if response.status_code == 200 and \
+                hasattr(request, 'api_info') and \
+                config.TRACK_PATH.match(request.path):
             self.log(request, response)
         return response
 
diff --git a/src/etools_datamart/celery.py b/src/etools_datamart/celery.py
index fb179e8f3..f138aeaec 100644
--- a/src/etools_datamart/celery.py
+++ b/src/etools_datamart/celery.py
@@ -1,3 +1,4 @@
+import json
 import os
 from time import time
 
@@ -7,7 +8,7 @@
 from kombu import Exchange, Queue
 from kombu.serialization import register
 
-from etools_datamart.apps.etl.results import etl_dumps, etl_loads
+from etools_datamart.apps.etl.results import etl_dumps
 
 os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'etools_datamart.config.settings')
 
@@ -92,7 +93,7 @@ def task_prerun_handler(signal, sender, task_id, task, args, kwargs, **kw):
                                      defaults=defs)
 
 
-register('etljson', etl_dumps, etl_loads,
+register('etljson', etl_dumps, json.loads,
          content_type='application/x-myjson', content_encoding='utf-8')
 
 
@@ -124,7 +125,10 @@ def task_postrun_handler(signal, sender, task_id, task, args, kwargs, retval, st
             'status': state}
 
     if state == 'SUCCESS':
-        defs['results'] = retval.as_dict()
+        try:
+            defs['results'] = retval.as_dict()
+        except Exception:  # pragma: no cover
+            defs['results'] = str(retval)
         if retval.created > 0 or retval.updated > 0:
             defs['last_changes'] = timezone.now()
             for service in sender.linked_model.linked_services:
@@ -133,8 +137,8 @@ def task_postrun_handler(signal, sender, task_id, task, args, kwargs, retval, st
 
         defs['last_success'] = timezone.now()
     else:
-        if not isinstance(retval, dict):
-            defs['results'] = str(retval)
+        # if not isinstance(retval, dict):
+        defs['results'] = str(retval)
         defs['last_failure'] = timezone.now()
 
     EtlTask.objects.update_or_create(task=task.name, defaults=defs)
diff --git a/src/etools_datamart/config/settings.py b/src/etools_datamart/config/settings.py
index 1ba9c8f15..793a8eee4 100644
--- a/src/etools_datamart/config/settings.py
+++ b/src/etools_datamart/config/settings.py
@@ -398,7 +398,7 @@
 CELERY_TASK_IMPORTS = ["etools_datamart.apps.etl.tasks.etl",
                        "etools_datamart.apps.etl.tasks.tasks", ]
 CELERY_BEAT_SCHEDULE = {}
-CELERY_TASK_ALWAYS_EAGER = env.bool('CELERY_ALWAYS_EAGER', False)
+CELERY_TASK_ALWAYS_EAGER = env.bool('CELERY_ALWAYS_EAGER')
 CELERY_EAGER_PROPAGATES_EXCEPTIONS = CELERY_TASK_ALWAYS_EAGER
 
 CELERY_TASK_ROUTES = {
diff --git a/tests/_test_lib/settings_test.py b/tests/_test_lib/settings_test.py
index 414414610..300a2e9bd 100644
--- a/tests/_test_lib/settings_test.py
+++ b/tests/_test_lib/settings_test.py
@@ -10,7 +10,21 @@ def cache_random_prefix(*args, **kwargs):
     return str(SEED)
 
 
+# CACHES['default']['BACKEND'] = "django.core.cache.backends.dummy.DummyCache"  # noqa
 CACHES['api']['BACKEND'] = "django.core.cache.backends.dummy.DummyCache"  # noqa
+# CACHES['lock']['BACKEND'] = "django.core.cache.backends.dummy.DummyCache"  # noqa
+CACHES['dbtemplates']['BACKEND'] = "django.core.cache.backends.dummy.DummyCache"  # noqa
+
+CACHES['locmem'] = {  # noqa
+    'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
+    'LOCATION': 'unique-snowflake',
+}
+
+CACHES['redis'] = env.cache('CACHE_URL')  # noqa
+# we must have redis here to check for pickling errors
+assert CACHES['redis']['BACKEND'] == 'django_redis.cache.RedisCache'  # noqa
+assert CACHES['lock']['BACKEND'] == 'django_redis.cache.RedisCache'  # noqa
+
 CACHES['api']['KEY_FUNCTION'] = cache_random_prefix  # noqa
 CACHES['default']['KEY_FUNCTION'] = cache_random_prefix  # noqa
 
diff --git a/tests/_test_lib/test_utilities/factories.py b/tests/_test_lib/test_utilities/factories.py
index 56aab9cd3..9085e2e2c 100644
--- a/tests/_test_lib/test_utilities/factories.py
+++ b/tests/_test_lib/test_utilities/factories.py
@@ -94,7 +94,7 @@ class Meta:
 
     email = factory.Sequence(lambda n: "m%03d@mailinator.com" % n)
     password = 'password'
-
+    is_superuser = False
     is_active = True
 
     @classmethod
@@ -113,6 +113,10 @@ def _prepare(cls, create, **kwargs):
         return user
 
 
+class AdminFactory(UserFactory):
+    is_superuser = True
+
+
 class UserAccessControlFactory(factory.DjangoModelFactory):
     policy = UserAccessControl.POLICY_ALLOW
     serializers = ["std"]
diff --git a/tests/etl/test_etl_result.py b/tests/etl/test_etl_result.py
index e1cae78f6..1a09107b1 100644
--- a/tests/etl/test_etl_result.py
+++ b/tests/etl/test_etl_result.py
@@ -1,4 +1,4 @@
-from etools_datamart.apps.etl.results import etl_decoder, etl_dumps, etl_loads, EtlEncoder
+from etools_datamart.apps.etl.results import etl_dumps, EtlEncoder
 from etools_datamart.apps.etl.tasks.etl import EtlResult
 
 
@@ -30,17 +30,22 @@ def test_encoder():
 
 def test_encoder2():
     e = EtlEncoder()
-    assert e.encode({}) == '{}'
+    assert e.encode({"a": float(1.1)}) == '{"a": 1.1}'
+    assert e.default({"a": float(1.1)}) == {"a": 1.1}
 
 
-def test_encode():
-    assert etl_decoder({}) == {}
-
+#
+# def test_decode():
+#     assert etl_decoder({}) == {}
+#
+#
+# def test_decode2():
+#     assert etl_decoder('{"__type__": "__EtlResult__", "data": {"created": 1, "updated": 1, "unchanged": 1}}') == EtlResult
+#
 
 def test_dumps():
     assert etl_dumps(
         EtlResult(1, 1, 1)) == '{"__type__": "__EtlResult__", "data": {"created": 1, "updated": 1, "unchanged": 1}}'
 
-
-def test_loads():
-    assert etl_loads(etl_dumps({"a": 1})) == {"a": 1}
+# def test_loads():
+#     assert etl_loads(etl_dumps({"a": 1})) == {"a": 1}
diff --git a/tests/test_admin.py b/tests/test_admin.py
index 0c3e4323f..a6c87dc02 100644
--- a/tests/test_admin.py
+++ b/tests/test_admin.py
@@ -1,4 +1,5 @@
 # -*- coding: utf-8 -*-
+from django.core.cache import caches
 from django.db import connections
 from django.urls import reverse
 
@@ -17,7 +18,18 @@ def test_sysinfo(django_app, admin_user):
     assert res.status_code == 200
 
 
-def test_index(django_app, admin_user):
+def test_index_default(django_app, admin_user, monkeypatch):
+    url = reverse("admin:index")
+    monkeypatch.setattr('etools_datamart.config.admin.cache', caches['redis'])
+    res = django_app.get(url, user=admin_user)
+    assert res.status_code == 200
+    # repeat to test caching
+    res = django_app.get(url, user=admin_user)
+    assert res.status_code == 200
+
+
+def test_index_old(django_app, admin_user):
+    django_app.set_cookie("old_index_style", "1")
     url = reverse("admin:index")
     res = django_app.get(url, user=admin_user)
     assert res.status_code == 200
diff --git a/tests/tracking/test_tracking_log.py b/tests/tracking/test_tracking_log.py
index f2fb32267..d51d85e83 100644
--- a/tests/tracking/test_tracking_log.py
+++ b/tests/tracking/test_tracking_log.py
@@ -1,10 +1,15 @@
 # -*- coding: utf-8 -*-
 import logging
+from time import sleep
+from unittest.mock import Mock
 
 import pytest
+from django.contrib.auth.models import AnonymousUser
 from django.urls import reverse
+from test_utilities.factories import AdminFactory, UserFactory
 
 from etools_datamart.api.endpoints import InterventionViewSet
+from etools_datamart.apps.tracking.middleware import StatsMiddleware, ThreadedStatsMiddleware
 from etools_datamart.apps.tracking.models import APIRequestLog, DailyCounter
 
 logger = logging.getLogger(__name__)
@@ -58,3 +63,32 @@ def test_threaedlog(enable_threadstats, django_app, admin_user):
 
     res = django_app.get(url)
     assert res.status_code == 200
+
+
+@pytest.mark.parametrize("code", [200, 500])
+@pytest.mark.parametrize("stats", [True, False])
+@pytest.mark.parametrize("user_type", [AnonymousUser, UserFactory, AdminFactory])
+@pytest.mark.parametrize("middleware", [StatsMiddleware, ThreadedStatsMiddleware])
+@pytest.mark.django_db(transaction=True)
+def test_threaedlog2(rf, settings, user_type, middleware, stats, code):
+    user = user_type()
+    settings.ENABLE_LIVE_STATS = stats
+
+    view = InterventionViewSet.as_view({'get': 'list'})
+    service = InterventionViewSet.get_service()
+    url = service.endpoint
+
+    m = middleware(lambda r: Mock(status_code=code, content='abc',
+                                  accepted_media_type='text/plain'))
+    request = rf.get(url)
+    request.user = user
+    request.api_info = {'view': view,
+                        'service': service}
+    m(request)
+    m(request)  # two times to trigger ENABLE_LIVE_STATS
+    sleep(1)
+    log = APIRequestLog.objects.filter(path=url).first()
+    if code == 200:
+        assert log
+    else:
+        assert not log
diff --git a/tests/unicef_security/vcr_cassettes/_test_user_data.yml b/tests/unicef_security/vcr_cassettes/_test_user_data.yml
new file mode 100644
index 000000000..6b1f1a2c1
--- /dev/null
+++ b/tests/unicef_security/vcr_cassettes/_test_user_data.yml
@@ -0,0 +1,94 @@
+interactions:
+- request:
+    body: grant_type=client_credentials&client_id=d1bd79b5-29c6-472e-8f66-f2c145b6aa5d&client_secret=%2BRXS9a0%2FsNGRSjrVyCwC7D2Ve5m6TrClXW04hxRD7TY%3D&resource=https%3A%2F%2Fgraph.microsoft.com
+    headers:
+      Accept: ['*/*']
+      Accept-Encoding: ['gzip, deflate']
+      Connection: [keep-alive]
+      Content-Length: ['184']
+      Content-Type: [application/x-www-form-urlencoded]
+      User-Agent: [python-requests/2.20.1]
+    method: POST
+    uri: https://login.microsoftonline.com/unicef.org/oauth2/token
+  response:
+    body: {string: '{"token_type":"Bearer","expires_in":"3600","ext_expires_in":"3600","expires_on":"1543868546","not_before":"1543864646","resource":"https://graph.microsoft.com","access_token":"eyJ0eXAiOiJKV1QiLCJub25jZSI6IkFRQUJBQUFBQUFDNXVuYTBFVUZnVElGOEVsYXh0V2pUaDhvNElZMzZWU1ZpdmRFUlQtdW9IRm1iSERMWnRMN1dzY3Q2dGxVelJ3Sm5PVzh3N0JmbGhiOG5fNWVIWUdNQXBiempQTFlYanA0SjFTcklyS1k2cmlBQSIsImFsZyI6IlJTMjU2IiwieDV0Ijoid1VMbVlmc3FkUXVXdFZfLWh4VnRESkpaTTRRIiwia2lkIjoid1VMbVlmc3FkUXVXdFZfLWh4VnRESkpaTTRRIn0.eyJhdWQiOiJodHRwczovL2dyYXBoLm1pY3Jvc29mdC5jb20iLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC83NzQxMDE5NS0xNGUxLTRmYjgtOTA0Yi1hYjE4OTIwMjM2NjcvIiwiaWF0IjoxNTQzODY0NjQ2LCJuYmYiOjE1NDM4NjQ2NDYsImV4cCI6MTU0Mzg2ODU0NiwiYWlvIjoiNDJSZ1lOZ2R6MnYrMUhaZm45Y3p4dHhicFl3ZkFBPT0iLCJhcHBfZGlzcGxheW5hbWUiOiJ1bmktZnJnLWV0b29scy1kZXYiLCJhcHBpZCI6ImQxYmQ3OWI1LTI5YzYtNDcyZS04ZjY2LWYyYzE0NWI2YWE1ZCIsImFwcGlkYWNyIjoiMSIsImlkcCI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0Lzc3NDEwMTk1LTE0ZTEtNGZiOC05MDRiLWFiMTg5MjAyMzY2Ny8iLCJvaWQiOiIwZThmOWQ0Yi03Yzg0LTQ3MDYtYTY1Ny0wMzQ2ZmE0OGRhN2IiLCJyb2xlcyI6WyJEaXJlY3RvcnkuUmVhZC5BbGwiLCJVc2VyLlJlYWQuQWxsIl0sInN1YiI6IjBlOGY5ZDRiLTdjODQtNDcwNi1hNjU3LTAzNDZmYTQ4ZGE3YiIsInRpZCI6Ijc3NDEwMTk1LTE0ZTEtNGZiOC05MDRiLWFiMTg5MjAyMzY2NyIsInV0aSI6IkNBbWg2QV9NX2stUUc0RUNnc0EwQUEiLCJ2ZXIiOiIxLjAiLCJ4bXNfdGNkdCI6MTM3MTEyNzk0OX0.gZj993J-31ymYg_csXI2jP2lqNC70uD7N4_qQydglmsJC1RtIobusWG2MlM648MFuYqgKMNOJtt2ic4TofindXogQdFJya65GApH-8vF1vhhzL4mQdOFAwoxh9Y1XGFSl-zi4RcrVWjs11Rt6jHRTrx9GTMJsB4BB7VwXAdV0IRNCiKp0umzsLlyRSZLsnSzjJDonj2UjNiq5tS2I-8bpycRU_jpR-glAqebBhUrERfMxNqMoc5XrtGMGvzPzzYYTC-H-GSKbkaJBMO2ll_ad8Twi0Tw0yh9dd2ePQl0PO5GhyDuh1VMMBlNUNTU1oEq4o7xnKMzxs3gdBSQx05v8Q"}'}
+    headers:
+      Cache-Control: ['no-cache, no-store']
+      Content-Length: ['1652']
+      Content-Type: [application/json; charset=utf-8]
+      Date: ['Mon, 03 Dec 2018 19:22:26 GMT']
+      Expires: ['-1']
+      P3P: [CP="DSP CUR OTPi IND OTRi ONL FIN"]
+      Pragma: [no-cache]
+      Server: [Microsoft-IIS/10.0]
+      Set-Cookie: ['fpc=AZOCOBXL5-ZLty69fQqnYpehqu4lAQCkTfOoVFnWCA; expires=Wed, 02-Jan-2019
+          19:22:26 GMT; path=/; secure; HttpOnly', x-ms-gateway-slice=020; path=/;
+          secure; HttpOnly, stsservicecookie=ests; path=/; secure; HttpOnly]
+      Strict-Transport-Security: [max-age=31536000; includeSubDomains]
+      X-Content-Type-Options: [nosniff]
+      x-ms-request-id: [e8a10908-cc0f-4ffe-901b-810282c03400]
+    status: {code: 200, message: OK}
+- request:
+    body: grant_type=client_credentials&client_id=d1bd79b5-29c6-472e-8f66-f2c145b6aa5d&client_secret=%2BRXS9a0%2FsNGRSjrVyCwC7D2Ve5m6TrClXW04hxRD7TY%3D&resource=https%3A%2F%2Fgraph.microsoft.com
+    headers:
+      Accept: ['*/*']
+      Accept-Encoding: ['gzip, deflate']
+      Connection: [keep-alive]
+      Content-Length: ['184']
+      Content-Type: [application/x-www-form-urlencoded]
+      User-Agent: [python-requests/2.20.1]
+    method: POST
+    uri: https://login.microsoftonline.com/unicef.org/oauth2/token
+  response:
+    body: {string: '{"token_type":"Bearer","expires_in":"3599","ext_expires_in":"3599","expires_on":"1543868547","not_before":"1543864647","resource":"https://graph.microsoft.com","access_token":"eyJ0eXAiOiJKV1QiLCJub25jZSI6IkFRQUJBQUFBQUFDNXVuYTBFVUZnVElGOEVsYXh0V2pUM2xFZzRWcEczeFBVT25KcTQ5cVAzTkZkUFB4VjRsZ0N2MDdwMkxXVU5IeElIZUd6UkZPUmo4YXZ1T2VmSG5KbWd3TEtEQ0RhelBRVEY5aUpOajh3S1NBQSIsImFsZyI6IlJTMjU2IiwieDV0Ijoid1VMbVlmc3FkUXVXdFZfLWh4VnRESkpaTTRRIiwia2lkIjoid1VMbVlmc3FkUXVXdFZfLWh4VnRESkpaTTRRIn0.eyJhdWQiOiJodHRwczovL2dyYXBoLm1pY3Jvc29mdC5jb20iLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC83NzQxMDE5NS0xNGUxLTRmYjgtOTA0Yi1hYjE4OTIwMjM2NjcvIiwiaWF0IjoxNTQzODY0NjQ3LCJuYmYiOjE1NDM4NjQ2NDcsImV4cCI6MTU0Mzg2ODU0NywiYWlvIjoiNDJSZ1lIaGkwS2hiNnJsNWorbldSdjhaTjI0bEF3QT0iLCJhcHBfZGlzcGxheW5hbWUiOiJ1bmktZnJnLWV0b29scy1kZXYiLCJhcHBpZCI6ImQxYmQ3OWI1LTI5YzYtNDcyZS04ZjY2LWYyYzE0NWI2YWE1ZCIsImFwcGlkYWNyIjoiMSIsImlkcCI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0Lzc3NDEwMTk1LTE0ZTEtNGZiOC05MDRiLWFiMTg5MjAyMzY2Ny8iLCJvaWQiOiIwZThmOWQ0Yi03Yzg0LTQ3MDYtYTY1Ny0wMzQ2ZmE0OGRhN2IiLCJyb2xlcyI6WyJEaXJlY3RvcnkuUmVhZC5BbGwiLCJVc2VyLlJlYWQuQWxsIl0sInN1YiI6IjBlOGY5ZDRiLTdjODQtNDcwNi1hNjU3LTAzNDZmYTQ4ZGE3YiIsInRpZCI6Ijc3NDEwMTk1LTE0ZTEtNGZiOC05MDRiLWFiMTg5MjAyMzY2NyIsInV0aSI6InREQVJKNTVqYmt1bjZTcVVidmtzQUEiLCJ2ZXIiOiIxLjAiLCJ4bXNfdGNkdCI6MTM3MTEyNzk0OX0.lMArtpyTfI1qwHseTXUmHebKQfjPlmtmnje8ssoYztUmFSGEKwR3g5u86HrcbMrupxv0qv0-WAMa2JesCxvVAfDeOfwE6xnRt0ie1Xp_Wt9wOVbcepMOLOyND2-ZOHtiOH9yUUFmnknjjWBRi1s-O0nA7GE80uzNxCElwic5vUur1sX16ccj-lSPbsZA7WCriUcqVcdkSQMDqDOc1jyUsB4xNnJGRt-j0AD3bBwtI-T5OevWIFPSeQpDl1P1IG_CtNMC_iZi8xG44nn1HOAK4Jve_EmfTheoxcd3pk751qTxLz_nWt1B2oIPNbqO-HNsshlbaCr8e6O27Oz3ctELgA"}'}
+    headers:
+      Cache-Control: ['no-cache, no-store']
+      Content-Length: ['1652']
+      Content-Type: [application/json; charset=utf-8]
+      Date: ['Mon, 03 Dec 2018 19:22:26 GMT']
+      Expires: ['-1']
+      P3P: [CP="DSP CUR OTPi IND OTRi ONL FIN"]
+      Pragma: [no-cache]
+      Server: [Microsoft-IIS/10.0]
+      Set-Cookie: ['fpc=ATplY2Kar5hJusFRWCiozMKhqu4lAQAteS6pVFnWCA; expires=Wed, 02-Jan-2019
+          19:22:27 GMT; path=/; secure; HttpOnly', x-ms-gateway-slice=016; path=/;
+          secure; HttpOnly, stsservicecookie=ests; path=/; secure; HttpOnly]
+      Strict-Transport-Security: [max-age=31536000; includeSubDomains]
+      X-Content-Type-Options: [nosniff]
+      x-ms-request-id: [271130b4-639e-4b6e-a7e9-2a946ef92c00]
+    status: {code: 200, message: OK}
+- request:
+    body: null
+    headers:
+      Accept: ['*/*']
+      Accept-Encoding: ['gzip, deflate']
+      Authorization: [Bearer eyJ0eXAiOiJKV1QiLCJub25jZSI6IkFRQUJBQUFBQUFDNXVuYTBFVUZnVElGOEVsYXh0V2pUM2xFZzRWcEczeFBVT25KcTQ5cVAzTkZkUFB4VjRsZ0N2MDdwMkxXVU5IeElIZUd6UkZPUmo4YXZ1T2VmSG5KbWd3TEtEQ0RhelBRVEY5aUpOajh3S1NBQSIsImFsZyI6IlJTMjU2IiwieDV0Ijoid1VMbVlmc3FkUXVXdFZfLWh4VnRESkpaTTRRIiwia2lkIjoid1VMbVlmc3FkUXVXdFZfLWh4VnRESkpaTTRRIn0.eyJhdWQiOiJodHRwczovL2dyYXBoLm1pY3Jvc29mdC5jb20iLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC83NzQxMDE5NS0xNGUxLTRmYjgtOTA0Yi1hYjE4OTIwMjM2NjcvIiwiaWF0IjoxNTQzODY0NjQ3LCJuYmYiOjE1NDM4NjQ2NDcsImV4cCI6MTU0Mzg2ODU0NywiYWlvIjoiNDJSZ1lIaGkwS2hiNnJsNWorbldSdjhaTjI0bEF3QT0iLCJhcHBfZGlzcGxheW5hbWUiOiJ1bmktZnJnLWV0b29scy1kZXYiLCJhcHBpZCI6ImQxYmQ3OWI1LTI5YzYtNDcyZS04ZjY2LWYyYzE0NWI2YWE1ZCIsImFwcGlkYWNyIjoiMSIsImlkcCI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0Lzc3NDEwMTk1LTE0ZTEtNGZiOC05MDRiLWFiMTg5MjAyMzY2Ny8iLCJvaWQiOiIwZThmOWQ0Yi03Yzg0LTQ3MDYtYTY1Ny0wMzQ2ZmE0OGRhN2IiLCJyb2xlcyI6WyJEaXJlY3RvcnkuUmVhZC5BbGwiLCJVc2VyLlJlYWQuQWxsIl0sInN1YiI6IjBlOGY5ZDRiLTdjODQtNDcwNi1hNjU3LTAzNDZmYTQ4ZGE3YiIsInRpZCI6Ijc3NDEwMTk1LTE0ZTEtNGZiOC05MDRiLWFiMTg5MjAyMzY2NyIsInV0aSI6InREQVJKNTVqYmt1bjZTcVVidmtzQUEiLCJ2ZXIiOiIxLjAiLCJ4bXNfdGNkdCI6MTM3MTEyNzk0OX0.lMArtpyTfI1qwHseTXUmHebKQfjPlmtmnje8ssoYztUmFSGEKwR3g5u86HrcbMrupxv0qv0-WAMa2JesCxvVAfDeOfwE6xnRt0ie1Xp_Wt9wOVbcepMOLOyND2-ZOHtiOH9yUUFmnknjjWBRi1s-O0nA7GE80uzNxCElwic5vUur1sX16ccj-lSPbsZA7WCriUcqVcdkSQMDqDOc1jyUsB4xNnJGRt-j0AD3bBwtI-T5OevWIFPSeQpDl1P1IG_CtNMC_iZi8xG44nn1HOAK4Jve_EmfTheoxcd3pk751qTxLz_nWt1B2oIPNbqO-HNsshlbaCr8e6O27Oz3ctELgA]
+      Connection: [keep-alive]
+      User-Agent: [python-requests/2.20.1]
+    method: GET
+    uri: https://graph.microsoft.com/v1.0/users/sapostolico@unicef.org
+  response:
+    body:
+      string: !!binary |
+        H4sIAAAAAAAEAO29B2AcSZYlJi9tynt/SvVK1+B0oQiAYBMk2JBAEOzBiM3mkuwdaUcjKasqgcpl
+        VmVdZhZAzO2dvPfee++999577733ujudTif33/8/XGZkAWz2zkrayZ4hgKrIHz9+fB8/In7xR79n
+        NcvabDytlm3+rv3o0Ufztl01j+7evaiz1Xy8KKZ11VTnLbVY3L3cHe/c/d0WeZvhpR9fN3nd3P3d
+        8mVbtNcfjT4qZvT+3u5sL59Osu2De/n+9n5+sLudPbw33Z7t75/fvz+b7e3t5dR2sm6KZd40L+cV
+        /fjo0fe+P/poVjSrMrt+kS1yAvS6zc+zZZUer6qmrcpiWtFrF8Vlvgwb0Kc/XU3eFG1JHy7XZTn6
+        aJEVJTVoMvvq77leFtP8fFzVF9R+UU2KMueuzSvV+Tk1eF5Ns7aolubTVZ2f53Wdz55ny4t1dmGb
+        N+t6KVgE6IEiL+tiOS1WWaloDmDxS/4fCZH01nwBAAA=
+    headers:
+      Cache-Control: [private]
+      Content-Encoding: [gzip]
+      Content-Type: [application/json;odata.metadata=minimal;odata.streaming=true;IEEE754Compatible=false;charset=utf-8]
+      Date: ['Mon, 03 Dec 2018 19:22:26 GMT']
+      Duration: ['82.0962']
+      OData-Version: ['4.0']
+      Strict-Transport-Security: [max-age=31536000]
+      Transfer-Encoding: [chunked]
+      Vary: [Accept-Encoding]
+      client-request-id: [500a4333-ed50-488d-94a6-02d98c26d5d7]
+      request-id: [500a4333-ed50-488d-94a6-02d98c26d5d7]
+      x-ms-ags-diagnostic: ['{"ServerInfo":{"DataCenter":"North Europe","Slice":"SliceC","Ring":"3","ScaleUnit":"003","Host":"AGSFE_IN_5","ADSiteName":"NEU"}}']
+    status: {code: 200, message: OK}
+version: 1
diff --git a/tests/unicef_security/vcr_cassettes/test_user_data.yml b/tests/unicef_security/vcr_cassettes/test_user_data.yml
index 6b1f1a2c1..936464b9f 100644
--- a/tests/unicef_security/vcr_cassettes/test_user_data.yml
+++ b/tests/unicef_security/vcr_cassettes/test_user_data.yml
@@ -1,68 +1,10 @@
 interactions:
-- request:
-    body: grant_type=client_credentials&client_id=d1bd79b5-29c6-472e-8f66-f2c145b6aa5d&client_secret=%2BRXS9a0%2FsNGRSjrVyCwC7D2Ve5m6TrClXW04hxRD7TY%3D&resource=https%3A%2F%2Fgraph.microsoft.com
-    headers:
-      Accept: ['*/*']
-      Accept-Encoding: ['gzip, deflate']
-      Connection: [keep-alive]
-      Content-Length: ['184']
-      Content-Type: [application/x-www-form-urlencoded]
-      User-Agent: [python-requests/2.20.1]
-    method: POST
-    uri: https://login.microsoftonline.com/unicef.org/oauth2/token
-  response:
-    body: {string: '{"token_type":"Bearer","expires_in":"3600","ext_expires_in":"3600","expires_on":"1543868546","not_before":"1543864646","resource":"https://graph.microsoft.com","access_token":"eyJ0eXAiOiJKV1QiLCJub25jZSI6IkFRQUJBQUFBQUFDNXVuYTBFVUZnVElGOEVsYXh0V2pUaDhvNElZMzZWU1ZpdmRFUlQtdW9IRm1iSERMWnRMN1dzY3Q2dGxVelJ3Sm5PVzh3N0JmbGhiOG5fNWVIWUdNQXBiempQTFlYanA0SjFTcklyS1k2cmlBQSIsImFsZyI6IlJTMjU2IiwieDV0Ijoid1VMbVlmc3FkUXVXdFZfLWh4VnRESkpaTTRRIiwia2lkIjoid1VMbVlmc3FkUXVXdFZfLWh4VnRESkpaTTRRIn0.eyJhdWQiOiJodHRwczovL2dyYXBoLm1pY3Jvc29mdC5jb20iLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC83NzQxMDE5NS0xNGUxLTRmYjgtOTA0Yi1hYjE4OTIwMjM2NjcvIiwiaWF0IjoxNTQzODY0NjQ2LCJuYmYiOjE1NDM4NjQ2NDYsImV4cCI6MTU0Mzg2ODU0NiwiYWlvIjoiNDJSZ1lOZ2R6MnYrMUhaZm45Y3p4dHhicFl3ZkFBPT0iLCJhcHBfZGlzcGxheW5hbWUiOiJ1bmktZnJnLWV0b29scy1kZXYiLCJhcHBpZCI6ImQxYmQ3OWI1LTI5YzYtNDcyZS04ZjY2LWYyYzE0NWI2YWE1ZCIsImFwcGlkYWNyIjoiMSIsImlkcCI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0Lzc3NDEwMTk1LTE0ZTEtNGZiOC05MDRiLWFiMTg5MjAyMzY2Ny8iLCJvaWQiOiIwZThmOWQ0Yi03Yzg0LTQ3MDYtYTY1Ny0wMzQ2ZmE0OGRhN2IiLCJyb2xlcyI6WyJEaXJlY3RvcnkuUmVhZC5BbGwiLCJVc2VyLlJlYWQuQWxsIl0sInN1YiI6IjBlOGY5ZDRiLTdjODQtNDcwNi1hNjU3LTAzNDZmYTQ4ZGE3YiIsInRpZCI6Ijc3NDEwMTk1LTE0ZTEtNGZiOC05MDRiLWFiMTg5MjAyMzY2NyIsInV0aSI6IkNBbWg2QV9NX2stUUc0RUNnc0EwQUEiLCJ2ZXIiOiIxLjAiLCJ4bXNfdGNkdCI6MTM3MTEyNzk0OX0.gZj993J-31ymYg_csXI2jP2lqNC70uD7N4_qQydglmsJC1RtIobusWG2MlM648MFuYqgKMNOJtt2ic4TofindXogQdFJya65GApH-8vF1vhhzL4mQdOFAwoxh9Y1XGFSl-zi4RcrVWjs11Rt6jHRTrx9GTMJsB4BB7VwXAdV0IRNCiKp0umzsLlyRSZLsnSzjJDonj2UjNiq5tS2I-8bpycRU_jpR-glAqebBhUrERfMxNqMoc5XrtGMGvzPzzYYTC-H-GSKbkaJBMO2ll_ad8Twi0Tw0yh9dd2ePQl0PO5GhyDuh1VMMBlNUNTU1oEq4o7xnKMzxs3gdBSQx05v8Q"}'}
-    headers:
-      Cache-Control: ['no-cache, no-store']
-      Content-Length: ['1652']
-      Content-Type: [application/json; charset=utf-8]
-      Date: ['Mon, 03 Dec 2018 19:22:26 GMT']
-      Expires: ['-1']
-      P3P: [CP="DSP CUR OTPi IND OTRi ONL FIN"]
-      Pragma: [no-cache]
-      Server: [Microsoft-IIS/10.0]
-      Set-Cookie: ['fpc=AZOCOBXL5-ZLty69fQqnYpehqu4lAQCkTfOoVFnWCA; expires=Wed, 02-Jan-2019
-          19:22:26 GMT; path=/; secure; HttpOnly', x-ms-gateway-slice=020; path=/;
-          secure; HttpOnly, stsservicecookie=ests; path=/; secure; HttpOnly]
-      Strict-Transport-Security: [max-age=31536000; includeSubDomains]
-      X-Content-Type-Options: [nosniff]
-      x-ms-request-id: [e8a10908-cc0f-4ffe-901b-810282c03400]
-    status: {code: 200, message: OK}
-- request:
-    body: grant_type=client_credentials&client_id=d1bd79b5-29c6-472e-8f66-f2c145b6aa5d&client_secret=%2BRXS9a0%2FsNGRSjrVyCwC7D2Ve5m6TrClXW04hxRD7TY%3D&resource=https%3A%2F%2Fgraph.microsoft.com
-    headers:
-      Accept: ['*/*']
-      Accept-Encoding: ['gzip, deflate']
-      Connection: [keep-alive]
-      Content-Length: ['184']
-      Content-Type: [application/x-www-form-urlencoded]
-      User-Agent: [python-requests/2.20.1]
-    method: POST
-    uri: https://login.microsoftonline.com/unicef.org/oauth2/token
-  response:
-    body: {string: '{"token_type":"Bearer","expires_in":"3599","ext_expires_in":"3599","expires_on":"1543868547","not_before":"1543864647","resource":"https://graph.microsoft.com","access_token":"eyJ0eXAiOiJKV1QiLCJub25jZSI6IkFRQUJBQUFBQUFDNXVuYTBFVUZnVElGOEVsYXh0V2pUM2xFZzRWcEczeFBVT25KcTQ5cVAzTkZkUFB4VjRsZ0N2MDdwMkxXVU5IeElIZUd6UkZPUmo4YXZ1T2VmSG5KbWd3TEtEQ0RhelBRVEY5aUpOajh3S1NBQSIsImFsZyI6IlJTMjU2IiwieDV0Ijoid1VMbVlmc3FkUXVXdFZfLWh4VnRESkpaTTRRIiwia2lkIjoid1VMbVlmc3FkUXVXdFZfLWh4VnRESkpaTTRRIn0.eyJhdWQiOiJodHRwczovL2dyYXBoLm1pY3Jvc29mdC5jb20iLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC83NzQxMDE5NS0xNGUxLTRmYjgtOTA0Yi1hYjE4OTIwMjM2NjcvIiwiaWF0IjoxNTQzODY0NjQ3LCJuYmYiOjE1NDM4NjQ2NDcsImV4cCI6MTU0Mzg2ODU0NywiYWlvIjoiNDJSZ1lIaGkwS2hiNnJsNWorbldSdjhaTjI0bEF3QT0iLCJhcHBfZGlzcGxheW5hbWUiOiJ1bmktZnJnLWV0b29scy1kZXYiLCJhcHBpZCI6ImQxYmQ3OWI1LTI5YzYtNDcyZS04ZjY2LWYyYzE0NWI2YWE1ZCIsImFwcGlkYWNyIjoiMSIsImlkcCI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0Lzc3NDEwMTk1LTE0ZTEtNGZiOC05MDRiLWFiMTg5MjAyMzY2Ny8iLCJvaWQiOiIwZThmOWQ0Yi03Yzg0LTQ3MDYtYTY1Ny0wMzQ2ZmE0OGRhN2IiLCJyb2xlcyI6WyJEaXJlY3RvcnkuUmVhZC5BbGwiLCJVc2VyLlJlYWQuQWxsIl0sInN1YiI6IjBlOGY5ZDRiLTdjODQtNDcwNi1hNjU3LTAzNDZmYTQ4ZGE3YiIsInRpZCI6Ijc3NDEwMTk1LTE0ZTEtNGZiOC05MDRiLWFiMTg5MjAyMzY2NyIsInV0aSI6InREQVJKNTVqYmt1bjZTcVVidmtzQUEiLCJ2ZXIiOiIxLjAiLCJ4bXNfdGNkdCI6MTM3MTEyNzk0OX0.lMArtpyTfI1qwHseTXUmHebKQfjPlmtmnje8ssoYztUmFSGEKwR3g5u86HrcbMrupxv0qv0-WAMa2JesCxvVAfDeOfwE6xnRt0ie1Xp_Wt9wOVbcepMOLOyND2-ZOHtiOH9yUUFmnknjjWBRi1s-O0nA7GE80uzNxCElwic5vUur1sX16ccj-lSPbsZA7WCriUcqVcdkSQMDqDOc1jyUsB4xNnJGRt-j0AD3bBwtI-T5OevWIFPSeQpDl1P1IG_CtNMC_iZi8xG44nn1HOAK4Jve_EmfTheoxcd3pk751qTxLz_nWt1B2oIPNbqO-HNsshlbaCr8e6O27Oz3ctELgA"}'}
-    headers:
-      Cache-Control: ['no-cache, no-store']
-      Content-Length: ['1652']
-      Content-Type: [application/json; charset=utf-8]
-      Date: ['Mon, 03 Dec 2018 19:22:26 GMT']
-      Expires: ['-1']
-      P3P: [CP="DSP CUR OTPi IND OTRi ONL FIN"]
-      Pragma: [no-cache]
-      Server: [Microsoft-IIS/10.0]
-      Set-Cookie: ['fpc=ATplY2Kar5hJusFRWCiozMKhqu4lAQAteS6pVFnWCA; expires=Wed, 02-Jan-2019
-          19:22:27 GMT; path=/; secure; HttpOnly', x-ms-gateway-slice=016; path=/;
-          secure; HttpOnly, stsservicecookie=ests; path=/; secure; HttpOnly]
-      Strict-Transport-Security: [max-age=31536000; includeSubDomains]
-      X-Content-Type-Options: [nosniff]
-      x-ms-request-id: [271130b4-639e-4b6e-a7e9-2a946ef92c00]
-    status: {code: 200, message: OK}
 - request:
     body: null
     headers:
       Accept: ['*/*']
       Accept-Encoding: ['gzip, deflate']
-      Authorization: [Bearer eyJ0eXAiOiJKV1QiLCJub25jZSI6IkFRQUJBQUFBQUFDNXVuYTBFVUZnVElGOEVsYXh0V2pUM2xFZzRWcEczeFBVT25KcTQ5cVAzTkZkUFB4VjRsZ0N2MDdwMkxXVU5IeElIZUd6UkZPUmo4YXZ1T2VmSG5KbWd3TEtEQ0RhelBRVEY5aUpOajh3S1NBQSIsImFsZyI6IlJTMjU2IiwieDV0Ijoid1VMbVlmc3FkUXVXdFZfLWh4VnRESkpaTTRRIiwia2lkIjoid1VMbVlmc3FkUXVXdFZfLWh4VnRESkpaTTRRIn0.eyJhdWQiOiJodHRwczovL2dyYXBoLm1pY3Jvc29mdC5jb20iLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC83NzQxMDE5NS0xNGUxLTRmYjgtOTA0Yi1hYjE4OTIwMjM2NjcvIiwiaWF0IjoxNTQzODY0NjQ3LCJuYmYiOjE1NDM4NjQ2NDcsImV4cCI6MTU0Mzg2ODU0NywiYWlvIjoiNDJSZ1lIaGkwS2hiNnJsNWorbldSdjhaTjI0bEF3QT0iLCJhcHBfZGlzcGxheW5hbWUiOiJ1bmktZnJnLWV0b29scy1kZXYiLCJhcHBpZCI6ImQxYmQ3OWI1LTI5YzYtNDcyZS04ZjY2LWYyYzE0NWI2YWE1ZCIsImFwcGlkYWNyIjoiMSIsImlkcCI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0Lzc3NDEwMTk1LTE0ZTEtNGZiOC05MDRiLWFiMTg5MjAyMzY2Ny8iLCJvaWQiOiIwZThmOWQ0Yi03Yzg0LTQ3MDYtYTY1Ny0wMzQ2ZmE0OGRhN2IiLCJyb2xlcyI6WyJEaXJlY3RvcnkuUmVhZC5BbGwiLCJVc2VyLlJlYWQuQWxsIl0sInN1YiI6IjBlOGY5ZDRiLTdjODQtNDcwNi1hNjU3LTAzNDZmYTQ4ZGE3YiIsInRpZCI6Ijc3NDEwMTk1LTE0ZTEtNGZiOC05MDRiLWFiMTg5MjAyMzY2NyIsInV0aSI6InREQVJKNTVqYmt1bjZTcVVidmtzQUEiLCJ2ZXIiOiIxLjAiLCJ4bXNfdGNkdCI6MTM3MTEyNzk0OX0.lMArtpyTfI1qwHseTXUmHebKQfjPlmtmnje8ssoYztUmFSGEKwR3g5u86HrcbMrupxv0qv0-WAMa2JesCxvVAfDeOfwE6xnRt0ie1Xp_Wt9wOVbcepMOLOyND2-ZOHtiOH9yUUFmnknjjWBRi1s-O0nA7GE80uzNxCElwic5vUur1sX16ccj-lSPbsZA7WCriUcqVcdkSQMDqDOc1jyUsB4xNnJGRt-j0AD3bBwtI-T5OevWIFPSeQpDl1P1IG_CtNMC_iZi8xG44nn1HOAK4Jve_EmfTheoxcd3pk751qTxLz_nWt1B2oIPNbqO-HNsshlbaCr8e6O27Oz3ctELgA]
+      Authorization: [Bearer eyJ0eXAiOiJKV1QiLCJub25jZSI6IkFRQUJBQUFBQUFDNXVuYTBFVUZnVElGOEVsYXh0V2pUdVJKTkxTT2dlOVp4UURLLTNIbHhhR1Jad1l6ODN5U3NrZ2pPU0NOelNtOWs1UnlISU05dU1McnFwdl80YmhQMHdyRFl4QWlHQndsSVBqdEtPanZocHlBQSIsImFsZyI6IlJTMjU2IiwieDV0Ijoid1VMbVlmc3FkUXVXdFZfLWh4VnRESkpaTTRRIiwia2lkIjoid1VMbVlmc3FkUXVXdFZfLWh4VnRESkpaTTRRIn0.eyJhdWQiOiJodHRwczovL2dyYXBoLm1pY3Jvc29mdC5jb20iLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC83NzQxMDE5NS0xNGUxLTRmYjgtOTA0Yi1hYjE4OTIwMjM2NjcvIiwiaWF0IjoxNTQ0MjU2NzY1LCJuYmYiOjE1NDQyNTY3NjUsImV4cCI6MTU0NDI2MDY2NSwiYWlvIjoiNDJSZ1lEZy9JVnZwNWFlV21mWXo0dVpZTVplbkF3QT0iLCJhcHBfZGlzcGxheW5hbWUiOiJ1bmktZnJnLWV0b29scy1kZXYiLCJhcHBpZCI6ImQxYmQ3OWI1LTI5YzYtNDcyZS04ZjY2LWYyYzE0NWI2YWE1ZCIsImFwcGlkYWNyIjoiMSIsImlkcCI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0Lzc3NDEwMTk1LTE0ZTEtNGZiOC05MDRiLWFiMTg5MjAyMzY2Ny8iLCJvaWQiOiIwZThmOWQ0Yi03Yzg0LTQ3MDYtYTY1Ny0wMzQ2ZmE0OGRhN2IiLCJyb2xlcyI6WyJEaXJlY3RvcnkuUmVhZC5BbGwiLCJVc2VyLlJlYWQuQWxsIl0sInN1YiI6IjBlOGY5ZDRiLTdjODQtNDcwNi1hNjU3LTAzNDZmYTQ4ZGE3YiIsInRpZCI6Ijc3NDEwMTk1LTE0ZTEtNGZiOC05MDRiLWFiMTg5MjAyMzY2NyIsInV0aSI6ImlxdDl5VHdYbTBHUzJhNE9ZQU1KQUEiLCJ2ZXIiOiIxLjAiLCJ4bXNfdGNkdCI6MTM3MTEyNzk0OX0.MDw3qlghGU-s6q_vDNXwT6kTjqWq1p6ZlEmGlMpdDpxY69geIe62H3UMfL9PcJBI4HHd9528X5Ms80kH5L4hDlj4DwigdcLiMlhLJbvQoXxmP1xHQsEwQxnWSxWXgC-vu3lBotYi2PSBtffqz_uG_kaFkzl2KEWkXk0J9AdmmIWgTPP9y5BN3oL8ibaLxGGfCEM3fCmjJvBmgEIzfx5zp3Wzc5q7KfJrK0272ODCXH86w7SWa7cAVgQOTaXeVUEp9H7M9GSWq0_BkzTnPFUxv_VNF_XHtpfWSTXlRfKLddpKu2DgwOBSlDudzd1L75IPdKcheDQvvCThMqOwoOwCzA]
       Connection: [keep-alive]
       User-Agent: [python-requests/2.20.1]
     method: GET
@@ -73,22 +15,22 @@ interactions:
         H4sIAAAAAAAEAO29B2AcSZYlJi9tynt/SvVK1+B0oQiAYBMk2JBAEOzBiM3mkuwdaUcjKasqgcpl
         VmVdZhZAzO2dvPfee++999577733ujudTif33/8/XGZkAWz2zkrayZ4hgKrIHz9+fB8/In7xR79n
         NcvabDytlm3+rv3o0Ufztl01j+7evaiz1Xy8KKZ11VTnLbVY3L3cHe/c/d0WeZvhpR9fN3nd3P3d
-        8mVbtNcfjT4qZvT+3u5sL59Osu2De/n+9n5+sLudPbw33Z7t75/fvz+b7e3t5dR2sm6KZd40L+cV
-        /fjo0fe+P/poVjSrMrt+kS1yAvS6zc+zZZUer6qmrcpiWtFrF8Vlvgwb0Kc/XU3eFG1JHy7XZTn6
-        aJEVJTVoMvvq77leFtP8fFzVF9R+UU2KMueuzSvV+Tk1eF5Ns7aolubTVZ2f53Wdz55ny4t1dmGb
-        N+t6KVgE6IEiL+tiOS1WWaloDmDxS/4fCZH01nwBAAA=
+        8mVbtNcfjT6arJtimTfNy3lFPz569L3vjz6aFc2qzK5fZIucgL9u8/NsWaXHq6ppq7KYVvTaRXGZ
+        L8MG9OlPV5M3RVvSh8t1WY4+WmRFSQ2azL76e66XxTQ/H1f1BbVfVJOizLlr80p1fk4NnlfTrC2q
+        pfl0VefneV3ns+fZ8mKdXdjmzbpeChYBehjly7pYTotVViqag1gUM/p2b3e2l08n2fbBvXx/ez8/
+        2N3OHt6bbs/298/v35/N9vb28o9+yf8Dir/2mHwBAAA=
     headers:
       Cache-Control: [private]
       Content-Encoding: [gzip]
       Content-Type: [application/json;odata.metadata=minimal;odata.streaming=true;IEEE754Compatible=false;charset=utf-8]
-      Date: ['Mon, 03 Dec 2018 19:22:26 GMT']
-      Duration: ['82.0962']
+      Date: ['Sat, 08 Dec 2018 08:17:45 GMT']
+      Duration: ['66.3873']
       OData-Version: ['4.0']
       Strict-Transport-Security: [max-age=31536000]
       Transfer-Encoding: [chunked]
       Vary: [Accept-Encoding]
-      client-request-id: [500a4333-ed50-488d-94a6-02d98c26d5d7]
-      request-id: [500a4333-ed50-488d-94a6-02d98c26d5d7]
-      x-ms-ags-diagnostic: ['{"ServerInfo":{"DataCenter":"North Europe","Slice":"SliceC","Ring":"3","ScaleUnit":"003","Host":"AGSFE_IN_5","ADSiteName":"NEU"}}']
+      client-request-id: [91116b28-22ae-40f4-aea0-7ed7a95cac30]
+      request-id: [91116b28-22ae-40f4-aea0-7ed7a95cac30]
+      x-ms-ags-diagnostic: ['{"ServerInfo":{"DataCenter":"North Europe","Slice":"SliceC","Ring":"3","ScaleUnit":"002","Host":"AGSFE_IN_77","ADSiteName":"NEU"}}']
     status: {code: 200, message: OK}
 version: 1

From 5ea51808c25796523f166d72163e2a2898568583 Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Sat, 8 Dec 2018 17:27:36 +0100
Subject: [PATCH 37/86] updates IPBasedAuthentication

---
 src/unicef_rest_framework/auth.py   | 5 +++--
 src/unicef_rest_framework/config.py | 1 +
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/unicef_rest_framework/auth.py b/src/unicef_rest_framework/auth.py
index 94a44d11f..7a54f031c 100644
--- a/src/unicef_rest_framework/auth.py
+++ b/src/unicef_rest_framework/auth.py
@@ -9,6 +9,7 @@
 from rest_framework.authentication import BaseAuthentication
 from rest_framework.exceptions import AuthenticationFailed, PermissionDenied
 from rest_framework_jwt import authentication
+from unicef_rest_framework.config import conf
 from unicef_security.graph import default_group, Synchronizer
 
 logger = logging.getLogger()
@@ -41,9 +42,9 @@ class IPBasedAuthentication(BaseAuthentication):
     def authenticate(self, request):
         if settings.DEBUG:  # pragma: no cover
             ip = get_client_ip(request.META)
-            if ip == '127.0.0.1':
+            if ip in conf.FREE_AUTH_IPS:
                 User = get_user_model()
-                user = User.objects.get_by_natural_key('sax')
+                user = User.objects.get_or_create(usename=ip, email=f'noreply@{ip}.org')
                 request.user = user
                 login(request, user, 'social_core.backends.azuread_tenant.AzureADTenantOAuth2')
                 return (user, None)
diff --git a/src/unicef_rest_framework/config.py b/src/unicef_rest_framework/config.py
index 6d2b8e47f..366007e4b 100644
--- a/src/unicef_rest_framework/config.py
+++ b/src/unicef_rest_framework/config.py
@@ -9,6 +9,7 @@
 class AppSettings(object):
     defaults = {
         'API_CACHE': 'default',
+        'FREE_AUTH_IPS': [],
         'ROUTER': 'unicef_rest_framework.urls.router',
         'DEFAULT_ACCESS': acl.ACL_ACCESS_LOGIN,
         'get_current_user': 'get_current_user',

From 8b3657e5b60187f037b410ec2a68bc0532e1589f Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Sat, 8 Dec 2018 17:40:17 +0100
Subject: [PATCH 38/86] skip Azure tests in CircleCI

---
 tests/unicef_security/test_azure.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/tests/unicef_security/test_azure.py b/tests/unicef_security/test_azure.py
index 380658f9f..983bd4042 100644
--- a/tests/unicef_security/test_azure.py
+++ b/tests/unicef_security/test_azure.py
@@ -1,14 +1,18 @@
+import os
 from pathlib import Path
 
+import pytest
 import vcr
 from unicef_security.graph import Synchronizer
 
 
+@pytest.mark.skipIf("CI" in os.environ and os.environ["CI"] == "true", "Skipping this test on CI.")
 def test_token():
     s = Synchronizer()
     assert s.access_token
 
 
+@pytest.mark.skipIf("CI" in os.environ and os.environ["CI"] == "true", "Skipping this test on CI.")
 @vcr.use_cassette(str(Path(__file__).parent / 'vcr_cassettes/test_user_data.yml'))
 def test_user_data():
     s = Synchronizer()

From bf9f9fae5202ac712c4a8cd23b4e43668fd2aa92 Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Sun, 9 Dec 2018 08:46:18 +0100
Subject: [PATCH 39/86] add urf AnonymousAuthentication

---
 .circleci/config.yml                          |  1 +
 CHANGES                                       |  1 +
 .../init/management/commands/init-setup.py    |  6 ++++
 src/etools_datamart/config/settings.py        |  2 +-
 src/unicef_rest_framework/admin/service.py    |  2 +-
 src/unicef_rest_framework/auth.py             | 21 ++++++++++++--
 src/unicef_rest_framework/models/acl.py       |  2 +-
 src/unicef_rest_framework/permissions.py      |  4 +++
 src/unicef_rest_framework/views.py            |  4 ++-
 tests/_test_lib/test_utilities/factories.py   |  4 +++
 tests/api/conftest.py                         |  6 ++++
 tests/api/test_api_auth_open.py               | 29 +++++++++++++++++++
 tox.ini                                       |  3 +-
 13 files changed, 77 insertions(+), 8 deletions(-)
 create mode 100644 tests/api/test_api_auth_open.py

diff --git a/.circleci/config.yml b/.circleci/config.yml
index 9180090df..ae1382d4f 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -36,6 +36,7 @@ jobs:
           command: |
             export PATH=/home/circleci/.local/bin:$PATH
             export PYTHONHASHSEED=${RANDOM}
+            echo env | sort
             pip install tox --user
             tox -e py36-d21
       - run:
diff --git a/CHANGES b/CHANGES
index 27516b25c..61904ccc1 100644
--- a/CHANGES
+++ b/CHANGES
@@ -7,6 +7,7 @@
 * Adopting of RabbitMQ to prevent message loss
 * new admin index page
 * Excel IQY support (beta)
+* Allow endpoints to be consumend bny anonymous users
 
 
 1.7
diff --git a/src/etools_datamart/apps/init/management/commands/init-setup.py b/src/etools_datamart/apps/init/management/commands/init-setup.py
index c10ee0c3c..1968cc2ee 100644
--- a/src/etools_datamart/apps/init/management/commands/init-setup.py
+++ b/src/etools_datamart/apps/init/management/commands/init-setup.py
@@ -1,4 +1,5 @@
 import os
+import uuid
 import warnings
 from urllib.parse import urlparse
 
@@ -124,6 +125,11 @@ def handle(self, *args, **options):
                                                                     defaults={"is_superuser": True,
                                                                               "is_staff": True,
                                                                               "password": make_password(pwd)})
+        anonymous, created = ModelUser.objects.get_or_create(username='anonymous',
+                                                             defaults={"is_superuser": False,
+                                                                       "is_staff": False,
+                                                                       "password": make_password(uuid.uuid4())})
+
         Group.objects.get_or_create(name='Guests')
         all_access, __ = Group.objects.get_or_create(name='Endpoints all access')
 
diff --git a/src/etools_datamart/config/settings.py b/src/etools_datamart/config/settings.py
index 793a8eee4..6d6e0ce09 100644
--- a/src/etools_datamart/config/settings.py
+++ b/src/etools_datamart/config/settings.py
@@ -523,7 +523,7 @@
             'format': '%(levelname)-8s: %(asctime)s %(name)20s %(message)s'
         },
         'simple': {
-            'format': '%(levelname)-8s: %(asctime)s %(name)20s: %(funcName)s %(message)s'
+            'format': '%(levelname)-8s: %(asctime)s %(name)20s: %(funcName)s:%(lineno)s %(message)s'
         }
     },
     'filters': {
diff --git a/src/unicef_rest_framework/admin/service.py b/src/unicef_rest_framework/admin/service.py
index 4e4a4fcb3..a3836a64e 100644
--- a/src/unicef_rest_framework/admin/service.py
+++ b/src/unicef_rest_framework/admin/service.py
@@ -49,7 +49,7 @@ class ServiceAdmin(ExtraUrlMixin, admin.ModelAdmin):
     filter_horizontal = ('linked_models',)
     fieldsets = [("", {"fields": ('name',
                                   'description',
-                                  # 'access',
+                                  'access',
                                   # 'confidentiality',
                                   # 'hidden',
                                   'source_model',
diff --git a/src/unicef_rest_framework/auth.py b/src/unicef_rest_framework/auth.py
index 7a54f031c..b35ee5efc 100644
--- a/src/unicef_rest_framework/auth.py
+++ b/src/unicef_rest_framework/auth.py
@@ -4,11 +4,14 @@
 from crashlog.middleware import process_exception
 from django.conf import settings
 from django.contrib.auth import get_user_model, login
+from django.contrib.auth.backends import ModelBackend
 from django.utils.translation import ugettext as _
 from rest_framework import exceptions
 from rest_framework.authentication import BaseAuthentication
 from rest_framework.exceptions import AuthenticationFailed, PermissionDenied
 from rest_framework_jwt import authentication
+from strategy_field.utils import fqn
+from unicef_rest_framework import acl
 from unicef_rest_framework.config import conf
 from unicef_security.graph import default_group, Synchronizer
 
@@ -38,15 +41,27 @@ def authenticate(self, request):
         return None
 
 
+class AnonymousAuthentication(BaseAuthentication):
+    def authenticate(self, request):
+        view = request._request._view
+        service = view.get_service()
+        if service.access == acl.ACL_ACCESS_OPEN:
+            User = get_user_model()
+            user = User.objects.get_or_create(username='anonymous')[0]
+            request.user = user
+            login(request, user, fqn(ModelBackend))
+            return (user, None)
+
+
 class IPBasedAuthentication(BaseAuthentication):
     def authenticate(self, request):
         if settings.DEBUG:  # pragma: no cover
             ip = get_client_ip(request.META)
             if ip in conf.FREE_AUTH_IPS:
                 User = get_user_model()
-                user = User.objects.get_or_create(usename=ip, email=f'noreply@{ip}.org')
+                user = User.objects.get_or_create(username=ip, email=f'noreply@{ip}.org')
                 request.user = user
-                login(request, user, 'social_core.backends.azuread_tenant.AzureADTenantOAuth2')
+                # login(request, user, 'social_core.backends.azuread_tenant.AzureADTenantOAuth2')
                 return (user, None)
 
 
@@ -61,7 +76,7 @@ def authenticate(self, request):
         try:
             user, jwt_value = super(JWTAuthentication, self).authenticate(request)
             request.user = user
-            login(request, user, 'social_core.backends.azuread_tenant.AzureADTenantOAuth2')
+            # login(request, user, 'social_core.backends.azuread_tenant.AzureADTenantOAuth2')
         except TypeError:  # pragma: no cover
             raise PermissionDenied(detail='No valid authentication provided')
         except AuthenticationFailed as e:  # pragma: no cover
diff --git a/src/unicef_rest_framework/models/acl.py b/src/unicef_rest_framework/models/acl.py
index cd728ce0c..3ef6be06f 100644
--- a/src/unicef_rest_framework/models/acl.py
+++ b/src/unicef_rest_framework/models/acl.py
@@ -28,7 +28,7 @@ def default_serializer():
 class AbstractAccessControl(MasterDataModel):
     POLICY_DENY = 0
     POLICY_ALLOW = 1
-    POLICY_DEFAULT = 2
+    POLICY_DEFAULT = 2  # not sure this is really needed.
 
     POLICIES = ((POLICY_DENY, "Forbid"),
                 (POLICY_ALLOW, "Grant"),
diff --git a/src/unicef_rest_framework/permissions.py b/src/unicef_rest_framework/permissions.py
index b26e80672..abfdb8724 100644
--- a/src/unicef_rest_framework/permissions.py
+++ b/src/unicef_rest_framework/permissions.py
@@ -4,6 +4,7 @@
 from rest_framework.exceptions import PermissionDenied
 from rest_framework.permissions import BasePermission
 from strategy_field.utils import fqn
+from unicef_rest_framework.acl import ACL_ACCESS_OPEN
 from unicef_rest_framework.models import UserAccessControl
 from unicef_rest_framework.models.acl import AbstractAccessControl, GroupAccessControl
 
@@ -43,5 +44,8 @@ def has_permission(self, request, view):
 
             return True
         except (GroupAccessControl.DoesNotExist):
+            service = view.get_service()
+            if service.access == ACL_ACCESS_OPEN:
+                return True
             logger.error(f"User '{request.user}' does not have grants for '{fqn(view)}'")
             return False
diff --git a/src/unicef_rest_framework/views.py b/src/unicef_rest_framework/views.py
index ec23423c7..77a058ef8 100644
--- a/src/unicef_rest_framework/views.py
+++ b/src/unicef_rest_framework/views.py
@@ -13,7 +13,7 @@
 from strategy_field.utils import fqn
 
 from . import acl
-from .auth import IPBasedAuthentication, JWTAuthentication, URLTokenAuthentication
+from .auth import AnonymousAuthentication, IPBasedAuthentication, JWTAuthentication, URLTokenAuthentication
 from .cache import cache_response, etag, ListKeyConstructor
 from .filtering import SystemFilterBackend
 from .negotiation import CT
@@ -48,6 +48,7 @@ class ReadOnlyModelViewSet(DynamicSerializerMixin, viewsets.ReadOnlyModelViewSet
                               TokenAuthentication,
                               IPBasedAuthentication,
                               URLTokenAuthentication,
+                              AnonymousAuthentication,
                               )
     default_access = acl.ACL_ACCESS_LOGIN
     content_negotiation_class = CT
@@ -79,6 +80,7 @@ def store(self, key, value):
         self.request._request.api_info[key] = value
 
     def dispatch(self, request, *args, **kwargs):
+        request._view = self
         if hasattr(request, 'api_info'):
             request.api_info["view"] = fqn(self)
             request.api_info["service"] = self.get_service()
diff --git a/tests/_test_lib/test_utilities/factories.py b/tests/_test_lib/test_utilities/factories.py
index 9085e2e2c..f2b014be2 100644
--- a/tests/_test_lib/test_utilities/factories.py
+++ b/tests/_test_lib/test_utilities/factories.py
@@ -117,6 +117,10 @@ class AdminFactory(UserFactory):
     is_superuser = True
 
 
+class AnonUserFactory(UserFactory):
+    username = 'anonymous'
+
+
 class UserAccessControlFactory(factory.DjangoModelFactory):
     policy = UserAccessControl.POLICY_ALLOW
     serializers = ["std"]
diff --git a/tests/api/conftest.py b/tests/api/conftest.py
index eb20b54eb..6aef3126b 100644
--- a/tests/api/conftest.py
+++ b/tests/api/conftest.py
@@ -4,6 +4,7 @@
 
 import pytest
 from rest_framework.test import APIClient
+from test_utilities.factories import AnonUserFactory
 from unicef_rest_framework.models import Service
 
 from etools_datamart.api.endpoints import InterventionViewSet
@@ -58,3 +59,8 @@ def _assert_duplicate_queries(config, connection=None):
 @pytest.fixture(scope='function')
 def django_assert_no_duplicate_queries(pytestconfig):
     return partial(_assert_duplicate_queries, pytestconfig)
+
+
+@pytest.fixture()
+def anon_user(db):
+    return AnonUserFactory()
diff --git a/tests/api/test_api_auth_open.py b/tests/api/test_api_auth_open.py
new file mode 100644
index 000000000..78c4e6ff6
--- /dev/null
+++ b/tests/api/test_api_auth_open.py
@@ -0,0 +1,29 @@
+
+import pytest
+from concurrency.api import disable_concurrency
+from rest_framework.test import APIClient
+from unicef_rest_framework.acl import ACL_ACCESS_LOGIN, ACL_ACCESS_OPEN
+
+from etools_datamart.api.endpoints import PartnerViewSet
+
+
+@pytest.fixture()
+def service(db):
+    service = PartnerViewSet.get_service()
+    service.access = ACL_ACCESS_OPEN
+    with disable_concurrency(service):
+        service.save()
+    yield service
+    service.access = ACL_ACCESS_LOGIN
+    service.save()
+
+
+def test_loacl_user_access(anon_user, service):
+    # etools user has access same countries as in eTools app
+    client = APIClient()
+    url = service.endpoint
+    client.force_authenticate(anon_user)
+
+    res = client.get(f"{url}?country_name=lebanon,chad")
+    assert res.status_code == 403, res
+    assert res.json() == {'error': "You are not allowed to access schema: 'chad,lebanon'"}
diff --git a/tox.ini b/tox.ini
index 9a1ea4605..c15379afb 100644
--- a/tox.ini
+++ b/tox.ini
@@ -9,6 +9,8 @@ addopts =
         --reuse-db
         --tb=short
         --echo-version=django
+        --echo-env=CI*
+        --echo-env=PIPENV*
         --capture=no
         --cov-report=html
         --cov-config=tests/.coveragerc
@@ -52,7 +54,6 @@ commands =
     pipenv run pre-commit run --all-files --hook-stage push
     pipenv run pre-commit run --all-files --hook-stage manual
     pipenv run py.test tests \
-            --create-db \
             --cov-report=term \
             --cov-report=html \
             --cov-config=tests/.coveragerc \

From 2d8c5c67c5312b80535d550f1350ddce0fba7e5c Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Sun, 9 Dec 2018 08:58:01 +0100
Subject: [PATCH 40/86] updates circleci config to ignore some tests in CI

---
 .circleci/config.yml | 1 -
 tox.ini              | 2 ++
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/.circleci/config.yml b/.circleci/config.yml
index ae1382d4f..9180090df 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -36,7 +36,6 @@ jobs:
           command: |
             export PATH=/home/circleci/.local/bin:$PATH
             export PYTHONHASHSEED=${RANDOM}
-            echo env | sort
             pip install tox --user
             tox -e py36-d21
       - run:
diff --git a/tox.ini b/tox.ini
index c15379afb..09c6219bd 100644
--- a/tox.ini
+++ b/tox.ini
@@ -53,7 +53,9 @@ commands =
     pipenv run pre-commit run --all-files
     pipenv run pre-commit run --all-files --hook-stage push
     pipenv run pre-commit run --all-files --hook-stage manual
+    pipenv run env | sort
     pipenv run py.test tests \
+            --create-db \
             --cov-report=term \
             --cov-report=html \
             --cov-config=tests/.coveragerc \

From 742f2070d5b857307607b2b6b67e507d043e1844 Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Sun, 9 Dec 2018 09:01:39 +0100
Subject: [PATCH 41/86] updates tox.ini

---
 tox.ini | 1 -
 1 file changed, 1 deletion(-)

diff --git a/tox.ini b/tox.ini
index 09c6219bd..e410ba28d 100644
--- a/tox.ini
+++ b/tox.ini
@@ -53,7 +53,6 @@ commands =
     pipenv run pre-commit run --all-files
     pipenv run pre-commit run --all-files --hook-stage push
     pipenv run pre-commit run --all-files --hook-stage manual
-    pipenv run env | sort
     pipenv run py.test tests \
             --create-db \
             --cov-report=term \

From a23d1542be0cc5e0985c76730d10900b355b106f Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Sun, 9 Dec 2018 09:09:14 +0100
Subject: [PATCH 42/86] updates tests config

---
 tests/exporters/test_exporter_data.py | 3 +--
 tests/unicef_security/test_azure.py   | 4 ++--
 tox.ini                               | 7 ++++---
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/tests/exporters/test_exporter_data.py b/tests/exporters/test_exporter_data.py
index 96b63f36e..76ec0312a 100644
--- a/tests/exporters/test_exporter_data.py
+++ b/tests/exporters/test_exporter_data.py
@@ -16,8 +16,7 @@ def client(admin_user):
     return client
 
 
-@pytest.mark.skipif("CIRCLECI" in os.environ,
-                    reason="Skip in CirlceCI")
+@pytest.mark.skipif(os.environ.get("CIRCLECI") == "true", reason="Skip in CirlceCI")
 def test_export_azure_data(db, client, settings):
     load_user_report.unlock()
     load_user_report()
diff --git a/tests/unicef_security/test_azure.py b/tests/unicef_security/test_azure.py
index 983bd4042..e7b05e2d3 100644
--- a/tests/unicef_security/test_azure.py
+++ b/tests/unicef_security/test_azure.py
@@ -6,13 +6,13 @@
 from unicef_security.graph import Synchronizer
 
 
-@pytest.mark.skipIf("CI" in os.environ and os.environ["CI"] == "true", "Skipping this test on CI.")
+@pytest.mark.skipif(os.environ.get("CIRCLECI") == "true", reason="Skip in CirlceCI")
 def test_token():
     s = Synchronizer()
     assert s.access_token
 
 
-@pytest.mark.skipIf("CI" in os.environ and os.environ["CI"] == "true", "Skipping this test on CI.")
+@pytest.mark.skipif(os.environ.get("CIRCLECI") == "true", reason="Skip in CirlceCI")
 @vcr.use_cassette(str(Path(__file__).parent / 'vcr_cassettes/test_user_data.yml'))
 def test_user_data():
     s = Synchronizer()
diff --git a/tox.ini b/tox.ini
index e410ba28d..32a46ec7b 100644
--- a/tox.ini
+++ b/tox.ini
@@ -9,8 +9,8 @@ addopts =
         --reuse-db
         --tb=short
         --echo-version=django
-        --echo-env=CI*
-        --echo-env=PIPENV*
+        --echo-env=CIRCLECI
+        --echo-env=PIPENV_VERBOSITY
         --capture=no
         --cov-report=html
         --cov-config=tests/.coveragerc
@@ -32,7 +32,8 @@ minversion = 3.5.2
 ;basepython = python3.6
 passenv =
     CI
-    CIRCLECI CIRCLE_*
+    CIRCLECI
+    CIRCLE_*
     DATABASE_URL
     DATABASE_URL_ETOOLS
     PYTHONDONTWRITEBYTECODE

From 4d1c0380736c5653f16605bf7944eade730f829a Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Sun, 9 Dec 2018 10:33:35 +0100
Subject: [PATCH 43/86] add some helpers to Admin/BrowsableAPI

---
 docker/.bumpversion.cfg                               | 11 +++++++++++
 docker/Makefile                                       |  3 ++-
 src/unicef_rest_framework/admin/service.py            |  5 +++++
 src/unicef_rest_framework/renderers/api.py            |  6 ++++++
 .../templates/rest_framework/base.html                |  7 ++++++-
 5 files changed, 30 insertions(+), 2 deletions(-)
 create mode 100644 docker/.bumpversion.cfg

diff --git a/docker/.bumpversion.cfg b/docker/.bumpversion.cfg
new file mode 100644
index 000000000..358f852de
--- /dev/null
+++ b/docker/.bumpversion.cfg
@@ -0,0 +1,11 @@
+[bumpversion]
+current_version = 1.8a7
+commit = False
+tag = False
+allow_dirty = True
+parse = (?P<major>\d+)\.(?P<minor>.*)a(?P<release>.*)
+serialize = 
+	{major}.{minor}a{release}
+
+[bumpversion:file:Makefile]
+
diff --git a/docker/Makefile b/docker/Makefile
index 06fa2af75..dce56a2c0 100644
--- a/docker/Makefile
+++ b/docker/Makefile
@@ -4,7 +4,7 @@ DATABASE_URL_ETOOLS?=
 DEVELOP?=0
 DOCKER_PASS?=
 DOCKER_USER?=
-TARGET?=dev
+TARGET?=1.8a7
 # below vars are used internally
 BUILD_OPTIONS?=--squash
 CMD?=datamart
@@ -84,6 +84,7 @@ release:
 	docker tag ${DOCKER_IMAGE_NAME}:${TARGET} ${DOCKER_IMAGE_NAME}:latest
 	docker push ${DOCKER_IMAGE_NAME}:latest
 	docker push ${DOCKER_IMAGE_NAME}:${TARGET}
+	bumpversion release
 
 run:
 	$(MAKE) .run
diff --git a/src/unicef_rest_framework/admin/service.py b/src/unicef_rest_framework/admin/service.py
index a3836a64e..1e8ccb2ae 100644
--- a/src/unicef_rest_framework/admin/service.py
+++ b/src/unicef_rest_framework/admin/service.py
@@ -126,6 +126,11 @@ def refresh(self, request):
     def invalidate_all_cache(self, request):
         Service.objects.invalidate_cache()
 
+    @action()
+    def api(self, request, pk):
+        service = Service.objects.get(pk=pk)
+        return HttpResponseRedirect(service.endpoint)
+
     @action()
     def invalidate_cache(self, request, pk):
         service = Service.objects.get(pk=pk)
diff --git a/src/unicef_rest_framework/renderers/api.py b/src/unicef_rest_framework/renderers/api.py
index 4f78131f6..3f694693e 100644
--- a/src/unicef_rest_framework/renderers/api.py
+++ b/src/unicef_rest_framework/renderers/api.py
@@ -24,6 +24,12 @@ def get_context(self, data, accepted_media_type, renderer_context):
         ctx['base_action'] = reverse(f'api:{view.basename}-list', args=['latest'])
 
         if request.user.is_staff:
+            try:
+                service = view.get_service()
+                service_url = reverse(f'admin:unicef_rest_framework_service_change', args=[service.pk])
+                ctx['service_url'] = service_url
+            except Exception:  # pragma: no cover
+                pass
             try:
                 model = ctx['view'].queryset.model
                 admin_url = reverse(f'admin:{model._meta.app_label}_{model._meta.model_name}_changelist')
diff --git a/src/unicef_rest_framework/templates/rest_framework/base.html b/src/unicef_rest_framework/templates/rest_framework/base.html
index 778dca248..aed2a7302 100644
--- a/src/unicef_rest_framework/templates/rest_framework/base.html
+++ b/src/unicef_rest_framework/templates/rest_framework/base.html
@@ -164,7 +164,12 @@ <h1>{{ name }}</h1>
               {% if admin_url %}
                   <a href="{{ admin_url }}"
                      style="float: right; color:black; background-color: #ffd600; margin-bottom:10px; margin-right: 0;margin-top:5px; margin-left: 10px;"
-                     class="btn btn-primary">Admin</a>
+                     class="btn btn-primary">List</a>
+              {% endif %}
+              {% if service_url %}
+                  <a href="{{ service_url }}"
+                     style="float: right; color:black; background-color: #ffd600; margin-bottom:10px; margin-right: 0;margin-top:5px; margin-left: 10px;"
+                     class="btn btn-primary">Service</a>
               {% endif %}
               {% for name,url in extra_actions.items %}
                   {% if url != request.build_absolute_uri %}

From 0fd25c989ba2e7ff6367606e6c2df46ea1864517 Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Mon, 10 Dec 2018 01:02:50 +0100
Subject: [PATCH 44/86] allow country filtering by multiple values

---
 CHANGES                                       |  2 +-
 src/etools_datamart/api/endpoints/common.py   |  2 +-
 .../api/endpoints/datamart/intervention.py    |  2 +-
 src/etools_datamart/api/filtering.py          | 60 ++++++++++++++++---
 src/etools_datamart/apps/etools/admin.py      | 11 ++++
 src/etools_datamart/apps/etools/utils.py      |  9 ++-
 src/etools_datamart/apps/multitenant/admin.py | 11 +++-
 .../apps/multitenant/exceptions.py            |  8 ++-
 .../apps/multitenant/postgresql/base.py       |  2 -
 src/unicef_rest_framework/cache.py            | 25 ++++++--
 src/unicef_rest_framework/filtering.py        | 13 ++--
 src/unicef_rest_framework/models/filter.py    | 14 ++---
 src/unicef_rest_framework/models/service.py   | 11 ++--
 src/unicef_rest_framework/permissions.py      |  4 +-
 src/unicef_rest_framework/renderers/api.py    |  1 +
 .../templates/rest_framework/base.html        |  2 +-
 src/unicef_rest_framework/views.py            |  9 ++-
 src/unicef_security/admin.py                  |  4 +-
 src/unicef_security/apps.py                   |  3 +
 src/unicef_security/sync.py                   |  4 +-
 tests/api/test_api_cache.py                   | 39 ++++++------
 tests/api/test_api_etools.py                  |  2 +-
 tests/api/test_api_filtering.py               | 25 +++++++-
 tests/api/test_api_permission.py              | 17 +++---
 tests/api/test_datamart_security.py           |  4 +-
 tests/api/test_etools_security.py             |  2 +-
 26 files changed, 200 insertions(+), 86 deletions(-)

diff --git a/CHANGES b/CHANGES
index 61904ccc1..f50e74692 100644
--- a/CHANGES
+++ b/CHANGES
@@ -8,7 +8,7 @@
 * new admin index page
 * Excel IQY support (beta)
 * Allow endpoints to be consumend bny anonymous users
-
+* Countries can be selected using name, schema_name,country_short_code or business_area_code
 
 1.7
 ---
diff --git a/src/etools_datamart/api/endpoints/common.py b/src/etools_datamart/api/endpoints/common.py
index 84d1707b3..9a929187b 100644
--- a/src/etools_datamart/api/endpoints/common.py
+++ b/src/etools_datamart/api/endpoints/common.py
@@ -87,7 +87,7 @@ def drf_ignore_filter(self, request, field):
         return field in [self.serializer_field_param,
                          self.dynamic_fields_param,
                          'cursor',
-                         'ordering', 'page_size', 'format', ]
+                         'ordering', 'page_size', 'format', 'page']
 
     def handle_exception(self, exc):
         conn = connections['etools']
diff --git a/src/etools_datamart/api/endpoints/datamart/intervention.py b/src/etools_datamart/api/endpoints/datamart/intervention.py
index 6b344552b..33c598aba 100644
--- a/src/etools_datamart/api/endpoints/datamart/intervention.py
+++ b/src/etools_datamart/api/endpoints/datamart/intervention.py
@@ -44,7 +44,7 @@ class InterventionViewSet(common.DataMartViewSet):
     filter_fields = ('country_name', 'title', 'status', 'last_modify_date',
                      'start_date', 'submission_date', 'document_type')
     serializers_fieldsets = {'std': None,
-                             'short': ["title", "number"]}
+                             'short': ["title", "number", "country_name", "start_date"]}
     # filter_backends = [DjangoFilterBackend, OrderingFilter]
     # filterset_fields = ('category', 'in_stock')
     # filterset_class = InterventionFilter
diff --git a/src/etools_datamart/api/filtering.py b/src/etools_datamart/api/filtering.py
index ffccc81a6..9235b76db 100644
--- a/src/etools_datamart/api/filtering.py
+++ b/src/etools_datamart/api/filtering.py
@@ -1,14 +1,18 @@
 from datetime import datetime
 
+from django.core.cache import caches
 from django.db import connections
+from django.db.models import Q
 from drf_querystringfilter.exceptions import InvalidQueryValueError
 from rest_framework.exceptions import PermissionDenied
 from unicef_rest_framework.filtering import CoreAPIQueryStringFilterBackend
 
-from etools_datamart.apps.etools.utils import get_etools_allowed_schemas, validate_schemas
-from etools_datamart.apps.multitenant.exceptions import NotAuthorizedSchema
+from etools_datamart.apps.etools.models import UsersCountry
+from etools_datamart.apps.etools.utils import conn, get_etools_allowed_schemas
+from etools_datamart.apps.multitenant.exceptions import InvalidSchema, NotAuthorizedSchema
 
 # from unicef_rest_framework.state import state
+cache = caches['api']
 
 months = ['jan', 'feb', 'mar',
           'apr', 'may', 'jun',
@@ -16,13 +20,50 @@
           'oct', 'nov', 'dec']
 
 
+def process_country_value(query_args):
+    values = sorted(set(query_args.split(",")))
+    key = hash(str(values))
+    schemas = cache.get(key)
+    if not schemas:
+        _s = conn.schemas
+        conn.set_schemas([])
+        schemas = []
+        errors = []
+        for entry in values:
+            try:
+                if entry.isdigit():
+                    country = UsersCountry.objects.get(business_area_code=entry)
+                else:
+                    f = Q(name=entry) | Q(schema_name=entry) | Q(country_short_code=entry)
+                    country = UsersCountry.objects.get(f)
+                schemas.append(country.schema_name)
+            # except UsersCountry.MultipleObjectsReturned:
+            #
+            except UsersCountry.DoesNotExist:
+                errors.append(entry)
+        conn.set_schemas(_s)
+        if errors:
+            raise InvalidSchema(*errors)
+        cache.set(key, schemas)
+    # else:
+    #     schemas = json.loads(schemas)
+    # schemas = UsersCountry.objects.filter(Q(name__in=values) |
+    #                                       Q(schema_name__in=values) |
+    #                                       Q(country_short_code__in=values) |
+    #                                       Q(business_area_code__in=values)
+    #                                       ).values_list('schema_name', flat=True)
+    # if len(schemas) != len(values):
+    #     raise InvalidSchema(",".join(values))
+    # validate_schemas(*schemas)
+    return set(schemas)
+
+
 class CountryNameProcessor:
     def process_country_name(self, efilters, eexclude, field, value, request,
                              op, param, negate, **payload):
         filters = {}
         if value:
-            value = set(value.lower().split(","))
-            validate_schemas(*value)
+            value = process_country_value(value)
             if not request.user.is_superuser:
                 user_schemas = get_etools_allowed_schemas(request.user)
                 if not user_schemas.issuperset(value):
@@ -109,11 +150,12 @@ def filter_queryset(self, request, queryset, view):
                     raise PermissionDenied("You don't have enabled schemas")
                 conn.set_schemas(get_etools_allowed_schemas(request.user))
         else:
-            value = set(value.split(","))
-            validate_schemas(*value)
+            # value = set(value.split(","))
+            # validate_schemas(*value)
+            schemas = process_country_value(value)
             if not request.user.is_superuser:
                 user_schemas = get_etools_allowed_schemas(request.user)
-                if not user_schemas.issuperset(value):
-                    raise NotAuthorizedSchema(",".join(sorted(value - user_schemas)))
-            conn.set_schemas(value)
+                if not user_schemas.issuperset(schemas):
+                    raise NotAuthorizedSchema(",".join(sorted(schemas - user_schemas)))
+            conn.set_schemas(schemas)
         return queryset
diff --git a/src/etools_datamart/apps/etools/admin.py b/src/etools_datamart/apps/etools/admin.py
index 8969fe5de..bef8553a2 100644
--- a/src/etools_datamart/apps/etools/admin.py
+++ b/src/etools_datamart/apps/etools/admin.py
@@ -101,3 +101,14 @@ class FundsreservationitemAdmin(TenantModelAdmin):
 @register(models.HactAggregatehact)
 class HactAggregatehactAdmin(TenantModelAdmin):
     list_display = ('schema', 'year',)
+
+
+@register(models.TpmTpmvisit)
+class TpmTpmvisitAdmin(TenantModelAdmin):
+    pass
+
+
+@register(models.UsersCountry)
+class UsersCountryAdmin(EToolsModelAdmin):
+    list_display = ('name', 'schema_name', 'business_area_code', 'country_short_code')
+    search_fields = ('name', 'schema_name', 'business_area_code')
diff --git a/src/etools_datamart/apps/etools/utils.py b/src/etools_datamart/apps/etools/utils.py
index d955cc956..3f236d768 100644
--- a/src/etools_datamart/apps/etools/utils.py
+++ b/src/etools_datamart/apps/etools/utils.py
@@ -2,7 +2,6 @@
 from unicef_security.models import Role
 
 from etools_datamart.apps.etools.models import UsersUserprofile
-from etools_datamart.apps.multitenant.exceptions import InvalidSchema
 
 conn = connections['etools']
 
@@ -21,7 +20,7 @@ def get_etools_allowed_schemas(user):
 #     return schema in conn.all_schemas
 
 
-def validate_schemas(*schemas):
-    invalid = set(schemas) - conn.all_schemas
-    if invalid:
-        raise InvalidSchema(",".join(invalid))
+# def validate_schemas(*schemas):
+#     invalid = set(schemas) - conn.all_schemas
+#     if invalid:
+#         raise InvalidSchema(",".join(invalid))
diff --git a/src/etools_datamart/apps/multitenant/admin.py b/src/etools_datamart/apps/multitenant/admin.py
index a3e29ec2d..61be9af9d 100644
--- a/src/etools_datamart/apps/multitenant/admin.py
+++ b/src/etools_datamart/apps/multitenant/admin.py
@@ -83,11 +83,18 @@ def has_delete_permission(self, request, obj=None):
         return False
 
 
-class EToolsModelAdmin(ExtraUrlMixin, ReadOnlyMixin, ModelAdmin):
+class DisplayAllMixin:
+    def get_list_display(self, request):  # pragma: no cover
+        if self.list_display == ('__str__',):
+            return [field.name for field in self.model._meta.fields]
+        return self.list_display
+
+
+class EToolsModelAdmin(ExtraUrlMixin, DisplayAllMixin, ReadOnlyMixin, ModelAdmin):
     pass
 
 
-class TenantModelAdmin(ExtraUrlMixin, ReadOnlyMixin, ModelAdmin):
+class TenantModelAdmin(ExtraUrlMixin, DisplayAllMixin, ReadOnlyMixin, ModelAdmin):
     list_filter = [SchemaFilter, ]
 
     # def get_queryset(self, request):
diff --git a/src/etools_datamart/apps/multitenant/exceptions.py b/src/etools_datamart/apps/multitenant/exceptions.py
index f27064723..a7b431d1d 100644
--- a/src/etools_datamart/apps/multitenant/exceptions.py
+++ b/src/etools_datamart/apps/multitenant/exceptions.py
@@ -1,17 +1,19 @@
 # -*- coding: utf-8 -*-
+from django.template.defaultfilters import pluralize
 from rest_framework.exceptions import PermissionDenied
 
 
 class InvalidSchema(Exception):
-    def __init__(self, schema, *args, **kwargs):  # real signature unknown
+    def __init__(self, *schema):
         self.schema = schema
 
     def __str__(self):
-        return f"Invalid schema: '{self.schema}'"
+        return "Invalid schema%s: %s" % (pluralize(self.schema),
+                                         ','.join(self.schema))
 
 
 class NotAuthorizedSchema(PermissionDenied):
-    def __init__(self, schema, *args, **kwargs):  # real signature unknown
+    def __init__(self, schema, *args, **kwargs):
         self.schema = schema
 
     def __str__(self):
diff --git a/src/etools_datamart/apps/multitenant/postgresql/base.py b/src/etools_datamart/apps/multitenant/postgresql/base.py
index 33494a154..3b040e097 100644
--- a/src/etools_datamart/apps/multitenant/postgresql/base.py
+++ b/src/etools_datamart/apps/multitenant/postgresql/base.py
@@ -179,7 +179,6 @@ def set_schemas(self, schemas):
         Main API method to current database schema,
         but it does not actually modify the db connection.
         """
-
         def _validate(n):
             name = n.lower()
             if name not in self.all_schemas:
@@ -273,7 +272,6 @@ def _cursor(self, name=None):
         # of `set search_path` can be quite time consuming
 
         if not self.search_path_set and self._schemas:
-
             search_paths = ["public"]
             search_paths.extend(self._schemas)
             if name:  # pragma: no cover
diff --git a/src/unicef_rest_framework/cache.py b/src/unicef_rest_framework/cache.py
index e4144e0a8..169f807ac 100644
--- a/src/unicef_rest_framework/cache.py
+++ b/src/unicef_rest_framework/cache.py
@@ -11,6 +11,7 @@
 from rest_framework_extensions.key_constructor.bits import KeyBitBase
 from rest_framework_extensions.key_constructor.constructors import KeyConstructor
 from rest_framework_extensions.settings import extensions_api_settings
+from unicef_rest_framework.models import SystemFilter
 
 cache = caches['default']
 
@@ -112,17 +113,33 @@ def get_data(self, params, view_instance, view_method, request, args, kwargs):
         return {'cache_version': str(version)}
 
 
+class SystemFilterKeyBit(KeyBitBase):
+    def get_data(self, params, view_instance, view_method, request, args, kwargs):
+        flt = SystemFilter.objects.match(request, view_instance)
+        request._request._system_filters = flt
+        qs = flt.get_querystring() if flt else ''
+        request._request.api_info['system-filters'] = qs
+        return {'systemfilter': qs}
+
+
+class QueryPathKeyBit(KeyBitBase):
+    def get_data(self, params, view_instance, view_method, request, args, kwargs):
+        return {'path': str(request.path)}
+
+
 class ListKeyConstructor(KeyConstructor):
     cache_version = CacheVersionKeyBit()
-    # system_filter = SystemFilterKeyBit()
-
+    system_filter = SystemFilterKeyBit()
+    path = QueryPathKeyBit()
     unique_method_id = bits.UniqueMethodIdKeyBit()
     format = bits.FormatKeyBit()
     headers = bits.HeadersKeyBit(['Accept'])
     # language = bits.LanguageKeyBit()
-    list_sql_query = bits.ListSqlQueryKeyBit()
+    # list_sql_query = bits.ListSqlQueryKeyBit()  # NEVER NEVER USE THIS
+
     querystring = bits.QueryParamsKeyBit()
-    pagination = bits.PaginationKeyBit()
+
+    # pagination = bits.PaginationKeyBit()
 
     def get_key(self, view_instance, view_method, request, args, kwargs):
         key = super().get_key(view_instance, view_method, request, args, kwargs)
diff --git a/src/unicef_rest_framework/filtering.py b/src/unicef_rest_framework/filtering.py
index 81ebdba72..7448f7e92 100644
--- a/src/unicef_rest_framework/filtering.py
+++ b/src/unicef_rest_framework/filtering.py
@@ -11,14 +11,11 @@
 class SystemFilterBackend(BaseFilterBackend):
 
     def filter_queryset(self, request, queryset, view):
-        filters = {}
-        if request.user and request.user.is_authenticated:
-            filters['user'] = request.user
-        else:
-            return queryset
-
-        filters['service'] = view.get_service()
-
+        # _system_filters ahs been set by cache.SystemFilterKeyBit
+        # if hasattr(request._request, "_system_filters"):
+        #     if request._request._system_filters:
+        #         queryset = request._request._system_filters.filter_queryset(queryset)
+        # else:
         filter = SystemFilter.objects.match(request, view)
         if filter:
             queryset = filter.filter_queryset(queryset)
diff --git a/src/unicef_rest_framework/models/filter.py b/src/unicef_rest_framework/models/filter.py
index 025b7077b..b8c93d8bb 100644
--- a/src/unicef_rest_framework/models/filter.py
+++ b/src/unicef_rest_framework/models/filter.py
@@ -42,11 +42,12 @@ def filter_queryset(self, queryset):
 class SystemFilterManager(models.Manager):
     @lru_cache()
     def match(self, request, view):
-        try:
-            return SystemFilter.objects.get(service=view.get_service(),
-                                            user=request.user)
-        except SystemFilter.DoesNotExist:
-            return None
+        if request.user and request.user.is_authenticated:
+            try:
+                return SystemFilter.objects.get(service=view.get_service(),
+                                                user=request.user)
+            except SystemFilter.DoesNotExist:
+                return None
 
 
 class SystemFilter(models.Model):
@@ -58,8 +59,7 @@ class SystemFilter(models.Model):
     group = models.ForeignKey(Group, models.CASCADE, blank=True, null=True)
     service = models.ForeignKey(Service, models.CASCADE)
     description = models.TextField(blank=True)
-    handler = models.CharField(max_length=500,
-                               default=fqn(SystemFilterHandler))
+    handler = models.CharField(max_length=500, default=fqn(SystemFilterHandler))
 
     objects = SystemFilterManager()
 
diff --git a/src/unicef_rest_framework/models/service.py b/src/unicef_rest_framework/models/service.py
index fbf792385..e341f0f6e 100644
--- a/src/unicef_rest_framework/models/service.py
+++ b/src/unicef_rest_framework/models/service.py
@@ -5,8 +5,8 @@
 from django.contrib.contenttypes.models import ContentType
 from django.db import models
 from django.db.models import F
-from django.urls import reverse
 from django.utils.functional import cached_property
+from rest_framework.reverse import reverse
 from strategy_field.fields import StrategyClassField
 from unicef_rest_framework.config import conf
 
@@ -137,10 +137,11 @@ def display_name(self):
     @cached_property
     def managed_model(self):
         try:
-            v = self.viewset()
-            m = v.get_queryset().model
-            del v
-            return m
+            return self.source_model.model_class()
+            # v = self.viewset()
+            # m = v.get_queryset().model
+            # del v
+            # return m
         except TypeError:
             return None
 
diff --git a/src/unicef_rest_framework/permissions.py b/src/unicef_rest_framework/permissions.py
index abfdb8724..2f3b694a9 100644
--- a/src/unicef_rest_framework/permissions.py
+++ b/src/unicef_rest_framework/permissions.py
@@ -12,7 +12,7 @@
 
 
 class ServicePermission(BasePermission):
-    serializer_field = "+serializer"
+    # serializer_field = "-serializer"
 
     def get_acl(self, request, view):
         try:
@@ -35,7 +35,7 @@ def has_permission(self, request, view):
                 logger.error(f"Access denied for user '{request.user}' to '{fqn(view)}'")
                 raise PermissionDenied
 
-            requested_serializer = request.GET.get(self.serializer_field, "std")
+            requested_serializer = request.GET.get(view.serializer_field_param, "std")
 
             if (requested_serializer not in acl.serializers) and ("*" not in acl.serializers):
                 logger.error(
diff --git a/src/unicef_rest_framework/renderers/api.py b/src/unicef_rest_framework/renderers/api.py
index 3f694693e..41950b5c2 100644
--- a/src/unicef_rest_framework/renderers/api.py
+++ b/src/unicef_rest_framework/renderers/api.py
@@ -32,6 +32,7 @@ def get_context(self, data, accepted_media_type, renderer_context):
                 pass
             try:
                 model = ctx['view'].queryset.model
+                # model = service.managed_model
                 admin_url = reverse(f'admin:{model._meta.app_label}_{model._meta.model_name}_changelist')
                 ctx['admin_url'] = admin_url
             except Exception:  # pragma: no cover
diff --git a/src/unicef_rest_framework/templates/rest_framework/base.html b/src/unicef_rest_framework/templates/rest_framework/base.html
index aed2a7302..da2d4a841 100644
--- a/src/unicef_rest_framework/templates/rest_framework/base.html
+++ b/src/unicef_rest_framework/templates/rest_framework/base.html
@@ -164,7 +164,7 @@ <h1>{{ name }}</h1>
               {% if admin_url %}
                   <a href="{{ admin_url }}"
                      style="float: right; color:black; background-color: #ffd600; margin-bottom:10px; margin-right: 0;margin-top:5px; margin-left: 10px;"
-                     class="btn btn-primary">List</a>
+                     class="btn btn-primary">Data</a>
               {% endif %}
               {% if service_url %}
                   <a href="{{ service_url }}"
diff --git a/src/unicef_rest_framework/views.py b/src/unicef_rest_framework/views.py
index 77a058ef8..ad38cae3d 100644
--- a/src/unicef_rest_framework/views.py
+++ b/src/unicef_rest_framework/views.py
@@ -32,7 +32,7 @@ def __get__(self, instance, owner):
 
 
 class ReadOnlyModelViewSet(DynamicSerializerMixin, viewsets.ReadOnlyModelViewSet):
-    serializer_field_param = '+serializer'
+    serializer_field_param = '-serializer'
     dynamic_fields_param = '+fields'
 
     object_cache_key_func = rest_framework_extensions.utils.default_object_cache_key_func
@@ -102,6 +102,13 @@ def get_service(cls):
         from unicef_rest_framework.models import Service
         return Service.objects.get_for_viewset(cls)[0]
 
+    # @classproperty
+    # def endpoint(self):
+    #     for __, viewset, base_name in conf.ROUTER.registry:
+    #         if viewset == self:
+    #             return reverse(f'api:{base_name}-list', args=['latest'])
+    #     return None
+
     @etag(etag_func='object_etag_func')
     @cache_response(key_func='object_cache_key_func', cache='api')
     def retrieve(self, request, *args, **kwargs):
diff --git a/src/unicef_security/admin.py b/src/unicef_security/admin.py
index f1ee95ac6..b084cf456 100644
--- a/src/unicef_security/admin.py
+++ b/src/unicef_security/admin.py
@@ -26,8 +26,8 @@ def sync(self, request):
 
 @admin.register(BusinessArea)
 class BusinessAreaAdmin(ExtraUrlMixin, ModelAdmin):
-    list_display = ['code', 'name', 'long_name', 'region']
-    list_filter = ['region']
+    list_display = ['code', 'name', 'long_name', 'region', 'country']
+    list_filter = ['region', 'country']
     search_fields = ('name',)
 
     @link()
diff --git a/src/unicef_security/apps.py b/src/unicef_security/apps.py
index feb57d630..7c60aa5ca 100644
--- a/src/unicef_security/apps.py
+++ b/src/unicef_security/apps.py
@@ -4,3 +4,6 @@
 class Config(AppConfig):
     name = 'unicef_security'
     verbose_name = "UNICEF Security"
+
+    def ready(self):
+        from . import tasks  # noqa
diff --git a/src/unicef_security/sync.py b/src/unicef_security/sync.py
index 078d50857..882c77171 100644
--- a/src/unicef_security/sync.py
+++ b/src/unicef_security/sync.py
@@ -2,6 +2,7 @@
 import logging
 
 import requests
+from django_countries import countries
 from requests.auth import HTTPBasicAuth
 
 from . import config
@@ -10,7 +11,7 @@
 
 logger = logging.getLogger(__name__)
 
-
+c = dict(countries)
 #
 # class SyncResult:
 #     def __init__(self):
@@ -50,6 +51,7 @@ def load_business_area():
     for entry in data:
         defaults = {'name': entry['BUSINESS_AREA_NAME'],
                     'long_name': entry['BUSINESS_AREA_LONG_NAME'],
+                    'country': countries.by_name(entry['BUSINESS_AREA_NAME']),
                     'region': Region.objects.get_or_create(code=entry['REGION_CODE'],
                                                            defaults={
                                                                'name': entry['REGION_NAME']}
diff --git a/tests/api/test_api_cache.py b/tests/api/test_api_cache.py
index e831fe1cd..6421a3050 100644
--- a/tests/api/test_api_cache.py
+++ b/tests/api/test_api_cache.py
@@ -1,32 +1,35 @@
 # -*- coding: utf-8 -*-
 import pytest
+from unicef_rest_framework.test_utils import user_allow_country, user_allow_service
 
 from etools_datamart.api.endpoints import PartnerViewSet
 
 
-def test_cache(client, admin_user, django_assert_num_queries,
+def test_cache(client, user, django_assert_num_queries,
                django_assert_no_duplicate_queries, settings):
     settings.CACHES = {'api': {'BACKEND': 'django.core.cache.backends.locmem.LocMemCache'}}
     service = PartnerViewSet.get_service()
     url = f"{service.endpoint}?country_name=bolivia"
-    client.force_authenticate(admin_user)
-
-    with django_assert_no_duplicate_queries():
-        res = client.get(url)
-    assert res.status_code == 200, res.content
-    assert res['cache-version'] == str(service.cache_version)
-    assert res['cache-ttl'] == '1y'
-    key = res['cache-key']
-    etag = res['etag']
 
-    with django_assert_no_duplicate_queries():
-        res = client.get(url)
-    assert res.status_code == 200, res.content
-    assert res['cache-version'] == str(service.cache_version)
-    assert res['cache-key'] == key
-    assert res['cache-ttl'] == '1y'
-    assert res['etag'] == etag
-    assert res['cache-hit'] == str(True)
+    client.force_authenticate(user)
+    with user_allow_country(user, 'bolivia'):
+        with user_allow_service(user, PartnerViewSet):
+            with django_assert_no_duplicate_queries():
+                res = client.get(url)
+            assert res.status_code == 200, res.content
+            assert res['cache-version'] == str(service.cache_version)
+            assert res['cache-ttl'] == '1y'
+            key = res['cache-key']
+            etag = res['etag']
+
+            with django_assert_no_duplicate_queries():
+                res = client.get(url)
+            assert res.status_code == 200, res.content
+            assert res['cache-version'] == str(service.cache_version)
+            assert res['cache-key'] == key
+            assert res['cache-ttl'] == '1y'
+            assert res['etag'] == etag
+            assert res['cache-hit'] == str(True)
 
 
 def test_etag(client, admin_user, data_service, django_assert_num_queries):
diff --git a/tests/api/test_api_etools.py b/tests/api/test_api_etools.py
index c76391388..a21a4fbf5 100644
--- a/tests/api/test_api_etools.py
+++ b/tests/api/test_api_etools.py
@@ -27,7 +27,7 @@ def test_list(client, url, format, schema):
     url = f"{url}?country_name={','.join(schema)}"
     res = client.get(url, format=format)
 
-    assert res.status_code == 200, res
+    assert res.status_code == 200, res.content
     assert res.json()
 
 
diff --git a/tests/api/test_api_filtering.py b/tests/api/test_api_filtering.py
index 5f96518ef..e9574c803 100644
--- a/tests/api/test_api_filtering.py
+++ b/tests/api/test_api_filtering.py
@@ -5,6 +5,28 @@
 from etools_datamart.api.endpoints import InterventionViewSet
 
 
+class MockCache:
+    data = {}
+
+    def set(self, key, value, *args, **kwargs):
+        self.data[key] = value
+
+    def get(self, key):
+        return self.data.get(key, None)
+
+
+@pytest.mark.parametrize('flt', ['country_name=bolivia', 'country_name=bolivia,chad'])
+def test_filter_cache_country_arg(db, client, flt, monkeypatch):
+    fake = MockCache()
+    monkeypatch.setattr('etools_datamart.api.filtering.cache', fake)
+    url = f"/api/latest/etools/audit/engagement/?%s" % flt
+    res = client.get(url)
+    res = client.get(url)
+    assert fake.data
+    assert res.status_code == 200
+    assert res.json()
+
+
 @pytest.mark.parametrize('flt', ['country_name=bolivia', 'country_name=', 'country_name=bolivia,chad'])
 def test_filter_etools_country_name(db, client, flt):
     url = f"/api/latest/etools/audit/engagement/?%s" % flt
@@ -21,7 +43,8 @@ def test_filter_datamart_country_name_admin(db, client, flt):
     assert res.json()
 
 
-@pytest.mark.parametrize('flt', ['country_name=lebanon', 'country_name=', 'country_name=lebanon,chad'])
+@pytest.mark.parametrize('flt', ['country_name=lebanon', 'country_name=', 'country_name=lebanon,chad',
+                                 'country_name=LEBA,0810'])
 def test_filter_datamart_country_name_uset(user, flt):
     client = APIClient()
     client.force_authenticate(user)
diff --git a/tests/api/test_api_permission.py b/tests/api/test_api_permission.py
index 7db290820..6c54ed744 100644
--- a/tests/api/test_api_permission.py
+++ b/tests/api/test_api_permission.py
@@ -1,5 +1,6 @@
 # -*- coding: utf-8 -*-
 import pytest
+from django.utils.http import urlquote
 from rest_framework.test import APIClient
 from test_utilities.factories import InterventionFactory
 from unicef_rest_framework.models import UserAccessControl
@@ -91,37 +92,37 @@ def test_permission_allow(client, allow):
 
 def test_permission_check_serializer_allow(client, allow_many_serializer):
     url = allow_many_serializer.service.endpoint
+    view = allow_many_serializer.service.viewset
     client.force_authenticate(allow_many_serializer.user)
 
-    res = client.get(f"{url}?%2bserializer=short",
-                     HTTP_X_SCHEMA="bolivia")
+    res = client.get("%s?%s=short" % (url, urlquote(view.serializer_field_param)))
     assert res.status_code == 200
     # assert res.json()['detail'] == "You do not have permission to perform this action."
 
 
 def test_permission_check_serializer_deny(client, allow_std_serializer):
     url = allow_std_serializer.service.endpoint
+    view = allow_std_serializer.service.viewset
     client.force_authenticate(allow_std_serializer.user)
 
-    res = client.get(f"{url}?%2bserializer=short",
-                     HTTP_X_SCHEMA="bolivia")
+    res = client.get("%s?%s=short" % (url, urlquote(view.serializer_field_param)))
     assert res.status_code == 403
     assert res.json()['error'] == "Forbidden serializer 'short'"
 
 
 def test_permission_check_serializer_any(client, allow_any_serializer):
     url = allow_any_serializer.service.endpoint
+    view = allow_any_serializer.service.viewset
     client.force_authenticate(allow_any_serializer.user)
 
-    res = client.get(f"{url}?%2bserializer=short",
-                     HTTP_X_SCHEMA="bolivia")
+    res = client.get("%s?%s=short" % (url, urlquote(view.serializer_field_param)))
     assert res.status_code == 200
 
 
 def test_permission_check_user(client, allow_any_serializer, user2):
     url = allow_any_serializer.service.endpoint
+    view = allow_any_serializer.service.viewset
     client.force_authenticate(user2)
 
-    res = client.get(f"{url}?%2bserializer=short",
-                     HTTP_X_SCHEMA="bolivia")
+    res = client.get("%s?%s=short" % (url, urlquote(view.serializer_field_param)))
     assert res.status_code == 403
diff --git a/tests/api/test_datamart_security.py b/tests/api/test_datamart_security.py
index 345fab2ee..8f15328f1 100644
--- a/tests/api/test_datamart_security.py
+++ b/tests/api/test_datamart_security.py
@@ -64,9 +64,9 @@ def test_datamart_user_access_wrong_countries(user, user_data):
     client.force_authenticate(user)
     base = UserStatsViewSet.get_service().endpoint
     with user_allow_service(user, UserStatsViewSet):
-        res = client.get(f"{base}?country_name=lebanon,xxx")
+        res = client.get(f"{base}?country_name=lebanon,abc,xyz")
         assert res.status_code == 400, res
-        assert res.json() == {'error': "Invalid schema: 'xxx'",
+        assert res.json() == {'error': "Invalid schemas: abc,xyz",
                               'hint': 'Removes wrong schema from selection',
                               'valid': ['bolivia', 'chad', 'lebanon']}
 
diff --git a/tests/api/test_etools_security.py b/tests/api/test_etools_security.py
index 697024d57..9e7baf928 100644
--- a/tests/api/test_etools_security.py
+++ b/tests/api/test_etools_security.py
@@ -25,7 +25,7 @@ def test_etools_user_access_allowed_countries(user):
 
         res = client.get(f"{url}?country_name=lebanon,xxx")
         assert res.status_code == 400, res
-        assert res.json() == {'error': "Invalid schema: 'xxx'",
+        assert res.json() == {'error': "Invalid schema: xxx",
                               'hint': 'Removes wrong schema from selection',
                               'valid': ['bolivia', 'chad', 'lebanon']}
 

From f6563d33a10852eb66db152802537842fdb6fec9 Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Mon, 10 Dec 2018 07:36:21 +0100
Subject: [PATCH 45/86] bump pre-release

---
 docker/.bumpversion.cfg         | 2 +-
 docker/Makefile                 | 2 +-
 src/etools_datamart/__init__.py | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/docker/.bumpversion.cfg b/docker/.bumpversion.cfg
index 358f852de..94dca2b67 100644
--- a/docker/.bumpversion.cfg
+++ b/docker/.bumpversion.cfg
@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 1.8a7
+current_version = 1.8a9
 commit = False
 tag = False
 allow_dirty = True
diff --git a/docker/Makefile b/docker/Makefile
index dce56a2c0..ff33f4081 100644
--- a/docker/Makefile
+++ b/docker/Makefile
@@ -4,7 +4,7 @@ DATABASE_URL_ETOOLS?=
 DEVELOP?=0
 DOCKER_PASS?=
 DOCKER_USER?=
-TARGET?=1.8a7
+TARGET?=1.8a9
 # below vars are used internally
 BUILD_OPTIONS?=--squash
 CMD?=datamart
diff --git a/src/etools_datamart/__init__.py b/src/etools_datamart/__init__.py
index 5e0f2abe6..d5ebc34ac 100644
--- a/src/etools_datamart/__init__.py
+++ b/src/etools_datamart/__init__.py
@@ -1,3 +1,3 @@
 NAME = 'etools-datamart'
-VERSION = __version__ = '1.8a0'
+VERSION = __version__ = '1.8a9'
 __author__ = ''

From ce647c2321f187ee42dae3fcfa41bf62e2707013 Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Mon, 10 Dec 2018 23:46:48 +0100
Subject: [PATCH 46/86] full filter by country refactoring

---
 docker/.bumpversion.cfg                       |   4 +-
 docker/Makefile                               |   2 +-
 src/drf_querystringfilter/backend.py          |   2 +
 src/etools_datamart/__init__.py               |   2 +-
 src/etools_datamart/api/endpoints/common.py   |  62 ++---
 .../api/endpoints/datamart/famindicator.py    |  22 +-
 .../api/endpoints/datamart/pmpindicators.py   |   2 +-
 .../api/endpoints/etools/audit.py             |   2 +-
 .../api/endpoints/etools/funds.py             |   2 +-
 .../api/endpoints/etools/partners.py          |   2 +-
 .../api/endpoints/etools/reports.py           |   2 +-
 .../etools}/serializers/__init__.py           |   0
 .../etools}/serializers/audit.py              |   5 +-
 .../api/endpoints/etools/serializers/base.py  |   5 +
 .../etools}/serializers/funds.py              |   0
 .../etools}/serializers/partners.py           |  13 +-
 .../etools}/serializers/reports.py            |   9 +-
 .../{ => endpoints/etools}/serializers/t2.py  |   0
 .../api/endpoints/etools/t2.py                |   2 +-
 src/etools_datamart/api/filtering.py          | 222 ++++++++++++------
 src/etools_datamart/apps/etools/utils.py      |  10 +-
 src/unicef_rest_framework/cache.py            |  17 +-
 src/unicef_rest_framework/ds.py               |  68 ++++++
 src/unicef_rest_framework/renderers/api.py    |   3 +
 .../templates/dynamic_serializer/filter.html  |  14 ++
 .../templates/rest_framework/base.html        |   3 +-
 .../templatetags/query.py                     |  49 ++++
 src/unicef_rest_framework/test_utils.py       |   2 +-
 src/unicef_rest_framework/views.py            |   6 +-
 src/unicef_rest_framework/views_mixins.py     |   2 +-
 tests/api/test_api_filtering.py               | 110 ++++++---
 tests/api/test_api_permission.py              |  19 +-
 tests/api/test_api_web.py                     |  13 +-
 tests/api/test_datamart_security.py           |  42 +++-
 tests/api/test_etools_security.py             | 126 +++++++---
 tests/api/test_system_filters.py              |  23 +-
 36 files changed, 632 insertions(+), 235 deletions(-)
 rename src/etools_datamart/api/{ => endpoints/etools}/serializers/__init__.py (100%)
 rename src/etools_datamart/api/{ => endpoints/etools}/serializers/audit.py (60%)
 create mode 100644 src/etools_datamart/api/endpoints/etools/serializers/base.py
 rename src/etools_datamart/api/{ => endpoints/etools}/serializers/funds.py (100%)
 rename src/etools_datamart/api/{ => endpoints/etools}/serializers/partners.py (65%)
 rename src/etools_datamart/api/{ => endpoints/etools}/serializers/reports.py (58%)
 rename src/etools_datamart/api/{ => endpoints/etools}/serializers/t2.py (100%)
 create mode 100644 src/unicef_rest_framework/ds.py
 create mode 100644 src/unicef_rest_framework/templates/dynamic_serializer/filter.html
 create mode 100644 src/unicef_rest_framework/templatetags/query.py

diff --git a/docker/.bumpversion.cfg b/docker/.bumpversion.cfg
index 94dca2b67..cf394dc9f 100644
--- a/docker/.bumpversion.cfg
+++ b/docker/.bumpversion.cfg
@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 1.8a9
+current_version = 1.8a10
 commit = False
 tag = False
 allow_dirty = True
@@ -9,3 +9,5 @@ serialize =
 
 [bumpversion:file:Makefile]
 
+[bumpversion:file:../src/etools_datamart/__init__.py]
+
diff --git a/docker/Makefile b/docker/Makefile
index ff33f4081..e65f869bd 100644
--- a/docker/Makefile
+++ b/docker/Makefile
@@ -4,7 +4,7 @@ DATABASE_URL_ETOOLS?=
 DEVELOP?=0
 DOCKER_PASS?=
 DOCKER_USER?=
-TARGET?=1.8a9
+TARGET?=1.8a10
 # below vars are used internally
 BUILD_OPTIONS?=--squash
 CMD?=datamart
diff --git a/src/drf_querystringfilter/backend.py b/src/drf_querystringfilter/backend.py
index dac4e28c8..29e473813 100644
--- a/src/drf_querystringfilter/backend.py
+++ b/src/drf_querystringfilter/backend.py
@@ -195,6 +195,8 @@ def _get_filters(self, request, queryset, view):  # noqa
                         self.filters.update(**_f)
                         self.exclude.update(**_e)
                     else:
+                        if not raw_value:
+                            continue
                         # field_object = opts.get_field(real_field_name)
                         value_type = self.field_type(real_field_name)
                         if parts:
diff --git a/src/etools_datamart/__init__.py b/src/etools_datamart/__init__.py
index d5ebc34ac..734ccd1fe 100644
--- a/src/etools_datamart/__init__.py
+++ b/src/etools_datamart/__init__.py
@@ -1,3 +1,3 @@
 NAME = 'etools-datamart'
-VERSION = __version__ = '1.8a9'
+VERSION = __version__ = '1.8a10'
 __author__ = ''
diff --git a/src/etools_datamart/api/endpoints/common.py b/src/etools_datamart/api/endpoints/common.py
index 9a929187b..a7ad59467 100644
--- a/src/etools_datamart/api/endpoints/common.py
+++ b/src/etools_datamart/api/endpoints/common.py
@@ -6,46 +6,22 @@
 from django.db import connections
 from django.http import Http404
 from drf_querystringfilter.exceptions import QueryFilterException
-from dynamic_serializer.core import DynamicSerializerMixin
 from rest_framework.decorators import action
 from rest_framework.exceptions import NotAuthenticated, PermissionDenied
 from rest_framework.filters import OrderingFilter
 from rest_framework.response import Response
+from unicef_rest_framework.ds import DynamicSerializerFilter
 from unicef_rest_framework.filtering import SystemFilterBackend
 from unicef_rest_framework.views import ReadOnlyModelViewSet
 from unicef_rest_framework.views_mixins import IQYConnectionMixin
 
-from etools_datamart.api.filtering import DatamartQueryStringFilterBackend, TenantQueryStringFilterBackend
+from etools_datamart.api.filtering import CountryFilter, DatamartQueryStringFilterBackend, TenantCountryFilter
 from etools_datamart.apps.etl.models import EtlTask
 from etools_datamart.apps.multitenant.exceptions import InvalidSchema, NotAuthorizedSchema
 
 __all__ = ['APIMultiTenantReadOnlyModelViewSet']
 
 
-class SchemaSerializerField(coreschema.Enum):
-
-    def __init__(self, view: DynamicSerializerMixin, **kwargs):
-        self.view = view
-        kwargs.setdefault('title', 'serializers')
-        kwargs.setdefault('description', self.build_description())
-        super().__init__(list(view.serializers_fieldsets.keys()), **kwargs)
-
-    def build_description(self):
-        defs = []
-        names = []
-        for k, v in self.view.serializers_fieldsets.items():
-            names.append(k)
-            defs.append(f"""- **{k}**: {self.view.get_serializer_fields(k)}
-""")
-
-        description = f"""Define the set of fields to return. Allowed values are:
-            [{'*, *'.join(names)}*]
-
-{''.join(defs)}
-        """
-        return description
-
-
 class UpdatesMixin:
 
     @action(methods=['get'], detail=False)
@@ -65,28 +41,31 @@ def updates(self, request, version):
 
 
 class APIReadOnlyModelViewSet(ReadOnlyModelViewSet, IQYConnectionMixin):
-    filter_backends = [SystemFilterBackend,
+    filter_backends = [CountryFilter,
+                       SystemFilterBackend,
                        DatamartQueryStringFilterBackend,
-                       OrderingFilter]
-    filter_fields = ['country_name']
+                       OrderingFilter,
+                       DynamicSerializerFilter,
+                       ]
+    # filter_fields = ['country_name']
     ordering_fields = ('id',)
     ordering = 'id'
 
     def get_schema_fields(self):
         ret = []
-        if self.serializers_fieldsets:
-            ret.append(coreapi.Field(
-                name=self.serializer_field_param,
-                required=False,
-                location='query',
-                schema=SchemaSerializerField(self)
-            ))
+        # if self.serializers_fieldsets:
+        #     ret.append(coreapi.Field(
+        #         name=self.serializer_field_param,
+        #         required=False,
+        #         location='query',
+        #         schema=SchemaSerializerField(self)
+        #     ))
         return ret
 
     def drf_ignore_filter(self, request, field):
         return field in [self.serializer_field_param,
                          self.dynamic_fields_param,
-                         'cursor',
+                         'cursor', CountryFilter.query_param,
                          'ordering', 'page_size', 'format', 'page']
 
     def handle_exception(self, exc):
@@ -150,9 +129,12 @@ def _inner(self, request, *args, **kwargs):
 
 
 class APIMultiTenantReadOnlyModelViewSet(APIReadOnlyModelViewSet):
-    filter_backends = [SystemFilterBackend,
-                       TenantQueryStringFilterBackend,
-                       OrderingFilter]
+    filter_backends = [TenantCountryFilter,
+                       SystemFilterBackend,
+                       DatamartQueryStringFilterBackend,
+                       OrderingFilter,
+                       DynamicSerializerFilter,
+                       ]
     ordering_fields = ('id',)
     ordering = 'id'
 
diff --git a/src/etools_datamart/api/endpoints/datamart/famindicator.py b/src/etools_datamart/api/endpoints/datamart/famindicator.py
index 03e9c15e0..e4d45b6eb 100644
--- a/src/etools_datamart/api/endpoints/datamart/famindicator.py
+++ b/src/etools_datamart/api/endpoints/datamart/famindicator.py
@@ -10,5 +10,25 @@
 class FAMIndicatorViewSet(common.DataMartViewSet):
     serializer_class = serializers.FAMIndicatorSerializer
     queryset = models.FAMIndicator.objects.all()
-    filter_fields = ('country_name', 'last_modify_date')
+    filter_fields = ('last_modify_date', )
     filter_backends = [MonthFilterBackend] + common.APIReadOnlyModelViewSet.filter_backends
+    serializers_fieldsets = {"std": None,
+                             "spotcheck": ["country_name", "month", "spotcheck_ip_contacted",
+                                           "spotcheck_report_submitted",
+                                           "spotcheck_final_report",
+                                           "spotcheck_cancelled"],
+                             "audit": ["country_name", "month",
+                                       "audit_ip_contacted", "audit_report_submitted",
+                                       "audit_final_report",
+                                       "audit_cancelled"],
+                             "specialaudit": ["country_name", "month",
+                                              "specialaudit_ip_contacted",
+                                              "specialaudit_report_submitted",
+                                              "specialaudit_final_report",
+                                              "specialaudit_cancelled"],
+                             "microassessment": ["country_name", "month",
+                                                 "microassessment_ip_contacted",
+                                                 "microassessment_report_submitted",
+                                                 "microassessment_final_report",
+                                                 "microassessment_cancelled"]
+                             }
diff --git a/src/etools_datamart/api/endpoints/datamart/pmpindicators.py b/src/etools_datamart/api/endpoints/datamart/pmpindicators.py
index 19e84c7dc..de90d9dd6 100644
--- a/src/etools_datamart/api/endpoints/datamart/pmpindicators.py
+++ b/src/etools_datamart/api/endpoints/datamart/pmpindicators.py
@@ -11,6 +11,6 @@ class PMPIndicatorsViewSet(common.DataMartViewSet):
     """
     serializer_class = serializers.PMPIndicatorsSerializer
     queryset = models.PMPIndicators.objects.all()
-    filter_fields = ('country_name', 'business_area_code', 'vendor_number',
+    filter_fields = ('vendor_number',
                      'partner_name', 'partner_type', 'last_modify_date',
                      'cash_contribution', 'pd_ssfa_status', 'pd_ssfa_ref', )
diff --git a/src/etools_datamart/api/endpoints/etools/audit.py b/src/etools_datamart/api/endpoints/etools/audit.py
index 77a95ffc4..f6bb03772 100644
--- a/src/etools_datamart/api/endpoints/etools/audit.py
+++ b/src/etools_datamart/api/endpoints/etools/audit.py
@@ -1,6 +1,6 @@
 # -*- coding: utf-8 -*-
-from etools_datamart.api import serializers
 from etools_datamart.api.endpoints import common
+from etools_datamart.api.endpoints.etools import serializers
 from etools_datamart.apps.etools import models
 
 
diff --git a/src/etools_datamart/api/endpoints/etools/funds.py b/src/etools_datamart/api/endpoints/etools/funds.py
index 3231aa863..85db9bf74 100644
--- a/src/etools_datamart/api/endpoints/etools/funds.py
+++ b/src/etools_datamart/api/endpoints/etools/funds.py
@@ -1,6 +1,6 @@
 # -*- coding: utf-8 -*-
-from etools_datamart.api import serializers
 from etools_datamart.api.endpoints import common
+from etools_datamart.api.endpoints.etools import serializers
 from etools_datamart.apps.etools import models
 
 
diff --git a/src/etools_datamart/api/endpoints/etools/partners.py b/src/etools_datamart/api/endpoints/etools/partners.py
index 357cb7ad7..3d56b6476 100644
--- a/src/etools_datamart/api/endpoints/etools/partners.py
+++ b/src/etools_datamart/api/endpoints/etools/partners.py
@@ -1,5 +1,5 @@
-from etools_datamart.api import serializers
 from etools_datamart.api.endpoints import common
+from etools_datamart.api.endpoints.etools import serializers
 from etools_datamart.apps.etools import models
 
 
diff --git a/src/etools_datamart/api/endpoints/etools/reports.py b/src/etools_datamart/api/endpoints/etools/reports.py
index 6b5f0ded0..f55ac6e2a 100644
--- a/src/etools_datamart/api/endpoints/etools/reports.py
+++ b/src/etools_datamart/api/endpoints/etools/reports.py
@@ -1,5 +1,5 @@
-from etools_datamart.api import serializers
 from etools_datamart.api.endpoints import common
+from etools_datamart.api.endpoints.etools import serializers
 from etools_datamart.apps.etools import models
 
 
diff --git a/src/etools_datamart/api/serializers/__init__.py b/src/etools_datamart/api/endpoints/etools/serializers/__init__.py
similarity index 100%
rename from src/etools_datamart/api/serializers/__init__.py
rename to src/etools_datamart/api/endpoints/etools/serializers/__init__.py
diff --git a/src/etools_datamart/api/serializers/audit.py b/src/etools_datamart/api/endpoints/etools/serializers/audit.py
similarity index 60%
rename from src/etools_datamart/api/serializers/audit.py
rename to src/etools_datamart/api/endpoints/etools/serializers/audit.py
index bb8f60cf4..46e564542 100644
--- a/src/etools_datamart/api/serializers/audit.py
+++ b/src/etools_datamart/api/endpoints/etools/serializers/audit.py
@@ -1,10 +1,11 @@
 # -*- coding: utf-8 -*-
-from rest_framework import serializers
 
 from etools_datamart.apps.etools import models
 
+from .base import EToolsSerializer
 
-class EngagementSerializer(serializers.ModelSerializer):
+
+class EngagementSerializer(EToolsSerializer):
     class Meta:
         model = models.AuditEngagement
         exclude = ()
diff --git a/src/etools_datamart/api/endpoints/etools/serializers/base.py b/src/etools_datamart/api/endpoints/etools/serializers/base.py
new file mode 100644
index 000000000..c17aed45d
--- /dev/null
+++ b/src/etools_datamart/api/endpoints/etools/serializers/base.py
@@ -0,0 +1,5 @@
+from rest_framework import serializers
+
+
+class EToolsSerializer(serializers.ModelSerializer):
+    country_nane = serializers.ReadOnlyField(source='schema')
diff --git a/src/etools_datamart/api/serializers/funds.py b/src/etools_datamart/api/endpoints/etools/serializers/funds.py
similarity index 100%
rename from src/etools_datamart/api/serializers/funds.py
rename to src/etools_datamart/api/endpoints/etools/serializers/funds.py
diff --git a/src/etools_datamart/api/serializers/partners.py b/src/etools_datamart/api/endpoints/etools/serializers/partners.py
similarity index 65%
rename from src/etools_datamart/api/serializers/partners.py
rename to src/etools_datamart/api/endpoints/etools/serializers/partners.py
index 58a376a52..7b578f2be 100644
--- a/src/etools_datamart/api/serializers/partners.py
+++ b/src/etools_datamart/api/endpoints/etools/serializers/partners.py
@@ -1,27 +1,28 @@
-from rest_framework import serializers
 
 from etools_datamart.apps.etools import models
 
+from .base import EToolsSerializer
 
-class PartnerSerializer(serializers.ModelSerializer):
+
+class PartnerSerializer(EToolsSerializer):
     class Meta:
         model = models.PartnersPartnerorganization
         exclude = ()
 
 
-class ReportsResultSerializer(serializers.ModelSerializer):
+class ReportsResultSerializer(EToolsSerializer):
     class Meta:
         model = models.ReportsResult
         exclude = ()
 
 
-class AssessmentSerializer(serializers.ModelSerializer):
+class AssessmentSerializer(EToolsSerializer):
     class Meta:
         model = models.PartnersAssessment
         exclude = ()
 
 
-class AgreementSerializer(serializers.ModelSerializer):
+class AgreementSerializer(EToolsSerializer):
     class Meta:
         model = models.PartnersAgreement
         exclude = ()
@@ -33,7 +34,7 @@ class Meta:
 #         exclude = ()
 
 
-class PlannedengagementSerializer(serializers.ModelSerializer):
+class PlannedengagementSerializer(EToolsSerializer):
     class Meta:
         model = models.PartnersPlannedengagement
         exclude = ()
diff --git a/src/etools_datamart/api/serializers/reports.py b/src/etools_datamart/api/endpoints/etools/serializers/reports.py
similarity index 58%
rename from src/etools_datamart/api/serializers/reports.py
rename to src/etools_datamart/api/endpoints/etools/serializers/reports.py
index a3bc91bd5..a729f0bab 100644
--- a/src/etools_datamart/api/serializers/reports.py
+++ b/src/etools_datamart/api/endpoints/etools/serializers/reports.py
@@ -1,21 +1,22 @@
-from rest_framework import serializers
 
 from etools_datamart.apps.etools import models
 
+from .base import EToolsSerializer
 
-class PartnerSerializer(serializers.ModelSerializer):
+
+class PartnerSerializer(EToolsSerializer):
     class Meta:
         model = models.PartnersPartnerorganization
         exclude = ()
 
 
-class ReportsResultSerializer(serializers.ModelSerializer):
+class ReportsResultSerializer(EToolsSerializer):
     class Meta:
         model = models.ReportsResult
         exclude = ()
 
 
-class AppliedindicatorSerializer(serializers.ModelSerializer):
+class AppliedindicatorSerializer(EToolsSerializer):
     class Meta:
         model = models.ReportsAppliedindicator
         exclude = ()
diff --git a/src/etools_datamart/api/serializers/t2.py b/src/etools_datamart/api/endpoints/etools/serializers/t2.py
similarity index 100%
rename from src/etools_datamart/api/serializers/t2.py
rename to src/etools_datamart/api/endpoints/etools/serializers/t2.py
diff --git a/src/etools_datamart/api/endpoints/etools/t2.py b/src/etools_datamart/api/endpoints/etools/t2.py
index 0e678e6ff..3118ba3f4 100644
--- a/src/etools_datamart/api/endpoints/etools/t2.py
+++ b/src/etools_datamart/api/endpoints/etools/t2.py
@@ -1,6 +1,6 @@
 # -*- coding: utf-8 -*-
-from etools_datamart.api import serializers
 from etools_datamart.api.endpoints import common
+from etools_datamart.api.endpoints.etools import serializers
 from etools_datamart.apps.etools import models
 
 
diff --git a/src/etools_datamart/api/filtering.py b/src/etools_datamart/api/filtering.py
index 9235b76db..fe307e1fc 100644
--- a/src/etools_datamart/api/filtering.py
+++ b/src/etools_datamart/api/filtering.py
@@ -5,10 +5,11 @@
 from django.db.models import Q
 from drf_querystringfilter.exceptions import InvalidQueryValueError
 from rest_framework.exceptions import PermissionDenied
+from rest_framework.filters import BaseFilterBackend
 from unicef_rest_framework.filtering import CoreAPIQueryStringFilterBackend
 
 from etools_datamart.apps.etools.models import UsersCountry
-from etools_datamart.apps.etools.utils import conn, get_etools_allowed_schemas
+from etools_datamart.apps.etools.utils import conn, get_allowed_schemas
 from etools_datamart.apps.multitenant.exceptions import InvalidSchema, NotAuthorizedSchema
 
 # from unicef_rest_framework.state import state
@@ -20,7 +21,14 @@
           'oct', 'nov', 'dec']
 
 
-def process_country_value(query_args):
+def get_schema_names(query_args):
+    """ accept a string with a comma separated list of names,codes,bussines aread codes
+    and returns a set of schema names
+
+    >>> get_schema_names("Bolivia,4020,SYR")
+    set('bolivia', 'sudan', 'syria')
+
+    """
     values = sorted(set(query_args.split(",")))
     key = hash(str(values))
     schemas = cache.get(key)
@@ -38,52 +46,133 @@ def process_country_value(query_args):
                     country = UsersCountry.objects.get(f)
                 schemas.append(country.schema_name)
             # except UsersCountry.MultipleObjectsReturned:
-            #
+                # this is an issue only during tests
+                # country = UsersCountry.objects.filter(f).first()
+                # schemas.append(country.schema_name)
             except UsersCountry.DoesNotExist:
                 errors.append(entry)
         conn.set_schemas(_s)
         if errors:
             raise InvalidSchema(*errors)
         cache.set(key, schemas)
-    # else:
-    #     schemas = json.loads(schemas)
-    # schemas = UsersCountry.objects.filter(Q(name__in=values) |
-    #                                       Q(schema_name__in=values) |
-    #                                       Q(country_short_code__in=values) |
-    #                                       Q(business_area_code__in=values)
-    #                                       ).values_list('schema_name', flat=True)
-    # if len(schemas) != len(values):
-    #     raise InvalidSchema(",".join(values))
-    # validate_schemas(*schemas)
-    return set(schemas)
-
-
-class CountryNameProcessor:
-    def process_country_name(self, efilters, eexclude, field, value, request,
-                             op, param, negate, **payload):
-        filters = {}
-        if value:
-            value = process_country_value(value)
-            if not request.user.is_superuser:
-                user_schemas = get_etools_allowed_schemas(request.user)
-                if not user_schemas.issuperset(value):
-                    raise NotAuthorizedSchema(",".join(sorted(value - user_schemas)))
-            filters['country_name__iregex'] = r'(' + '|'.join(value) + ')'
-        else:
-            if not request.user.is_superuser:
-                allowed = get_etools_allowed_schemas(request.user)
-                if not allowed:  # pragma: no cover
-                    raise PermissionDenied("You don't have enabled schemas")
-                filters['country_name__iregex'] = r'(' + '|'.join(allowed) + ')'
+    return set(filter(None, schemas))
+
+
+class CountryFilter(BaseFilterBackend):
+    query_param = 'country_name'
+
+    # @cached_property
+    # def valid_schemas(self):
+    #     conn = connections['etools']
+    #     return conn.all_schemas
+
+    def get_query(self, request):
+        if f"{self.query_param}!" in request.GET:
+            return True, request.GET.get(f"{self.query_param}!", "")
+        elif self.query_param in request.GET:
+            return False, request.GET.get(self.query_param, "")
+
+        return "", ""
+
+    def get_filters(self, request):
+        negate, value = self.get_query(request)
+        if not value:
+            if request.user.is_superuser:
+                return []
+            else:
+                return get_allowed_schemas(request.user)
 
         if negate:
-            return {}, filters
+            exclude = get_schema_names(value)
+            selection = get_allowed_schemas(request.user) - exclude
         else:
-            return filters, {}
+            selection = get_schema_names(value)
+            self.check_permission(request, selection)
+        return selection
 
+    def check_permission(self, request, selection):
+        if not request.user.is_superuser:
+            user_schemas = get_allowed_schemas(request.user)
+            if not user_schemas.issuperset(selection):
+                raise NotAuthorizedSchema(",".join(sorted(selection - user_schemas)))
 
-class CountryNameProcessorTenantModel(CountryNameProcessor):
-    pass
+    def filter_queryset(self, request, queryset, view):
+        selection = self.get_filters(request)
+        if not selection:
+            if request.user.is_superuser:
+                pass
+            else:
+                raise PermissionDenied("You don't have enabled schemas")
+        else:
+            queryset = queryset.filter(country_name__in=selection)
+        return queryset
+        # selection = self.get_filters(request)
+        # if selection:
+        #     queryset = queryset.filter(country_name__in=selection)
+        # view.store(self.__class__.__name__, selection)
+        # return queryset
+
+
+class TenantCountryFilter(CountryFilter):
+    def filter_queryset(self, request, queryset, view):
+        assert queryset.model._meta.app_label == 'etools'
+        conn = connections['etools']
+        selection = self.get_filters(request)
+        if not selection:
+            if request.user.is_superuser:
+                conn.set_all_schemas()
+            else:
+                raise PermissionDenied("You don't have enabled schemas")
+        else:
+            conn.set_schemas(selection)
+        # if not selection:
+        #
+        #     # FIXME: pdb
+        #     import pdb; pdb.set_trace()
+        #
+        #     if request.user.is_superuser:
+        #         conn.set_all_schemas()
+        #     else:
+        #         allowed = get_allowed_schemas(request.user)
+        #         if not allowed:
+        #             raise PermissionDenied("You don't have enabled schemas")
+        #         conn.set_schemas(allowed)
+        # else:
+        #     if not request.user.is_superuser:
+        #         user_schemas = get_allowed_schemas(request.user)
+        #         if not user_schemas.issuperset(selection):
+        #             raise NotAuthorizedSchema(",".join(sorted(selection - user_schemas)))
+        #     conn.set_schemas(selection)
+        # view.store(self.__class__.__name__, conn.schemas)
+        return queryset
+
+
+# class CountryNameProcessor:
+#     def ssprocess_country_name(self, efilters, eexclude, field, value, request,
+#                                op, param, negate, **payload):
+#         filters = {}
+#         if value:
+#             value = process_country_value(value)
+#             if not request.user.is_superuser:
+#                 user_schemas = get_etools_allowed_schemas(request.user)
+#                 if not user_schemas.issuperset(value):
+#                     raise NotAuthorizedSchema(",".join(sorted(value - user_schemas)))
+#             filters['country_name__iregex'] = r'(' + '|'.join(value) + ')'
+#         else:
+#             if not request.user.is_superuser:
+#                 allowed = get_etools_allowed_schemas(request.user)
+#                 if not allowed:  # pragma: no cover
+#                     raise PermissionDenied("You don't have enabled schemas")
+#                 filters['country_name__iregex'] = r'(' + '|'.join(allowed) + ')'
+#
+#         if negate:
+#             return {}, filters
+#         else:
+#             return filters, {}
+
+
+# class CountryNameProcessorTenantModel(CountryNameProcessor):
+#     pass
 
 
 class MonthProcessor:
@@ -119,43 +208,40 @@ def filter_queryset(self, request, queryset, view):
         ret = super().filter_queryset(request, queryset, view)
         request._filters = self.filters
         request._exclude = self.exclude
-        # state.set('filters', self.filters)
-        # state.set('excludes', self.exclude)
         return ret
 
 
 class DatamartQueryStringFilterBackend(SetHeaderMixin,
                                        CoreAPIQueryStringFilterBackend,
                                        MonthProcessor,
-                                       CountryNameProcessor,
+                                       # CountryNameProcessor,
                                        ):
     pass
 
-
-class TenantQueryStringFilterBackend(SetHeaderMixin,
-                                     CoreAPIQueryStringFilterBackend,
-                                     MonthProcessor,
-                                     CountryNameProcessorTenantModel,
-                                     ):
-    def filter_queryset(self, request, queryset, view):
-        value = request.GET.get('country_name', None)
-        assert queryset.model._meta.app_label == 'etools'
-        conn = connections['etools']
-        if not value:
-            if request.user.is_superuser:
-                conn.set_all_schemas()
-            else:
-                allowed = get_etools_allowed_schemas(request.user)
-                if not allowed:
-                    raise PermissionDenied("You don't have enabled schemas")
-                conn.set_schemas(get_etools_allowed_schemas(request.user))
-        else:
-            # value = set(value.split(","))
-            # validate_schemas(*value)
-            schemas = process_country_value(value)
-            if not request.user.is_superuser:
-                user_schemas = get_etools_allowed_schemas(request.user)
-                if not user_schemas.issuperset(schemas):
-                    raise NotAuthorizedSchema(",".join(sorted(schemas - user_schemas)))
-            conn.set_schemas(schemas)
-        return queryset
+# class TenantQueryStringFilterBackend(SetHeaderMixin,
+#                                      CoreAPIQueryStringFilterBackend,
+#                                      MonthProcessor,
+#                                      CountryNameProcessorTenantModel,
+#                                      ):
+#     def filter_queryset(self, request, queryset, view):
+#         value = request.GET.get('country_name', None)
+#         assert queryset.model._meta.app_label == 'etools'
+#         conn = connections['etools']
+#         if not value:
+#             if request.user.is_superuser:
+#                 conn.set_all_schemas()
+#             else:
+#                 allowed = get_etools_allowed_schemas(request.user)
+#                 if not allowed:
+#                     raise PermissionDenied("You don't have enabled schemas")
+#                 conn.set_schemas(get_etools_allowed_schemas(request.user))
+#         else:
+#             # value = set(value.split(","))
+#             # validate_schemas(*value)
+#             schemas = process_country_value(value)
+#             if not request.user.is_superuser:
+#                 user_schemas = get_etools_allowed_schemas(request.user)
+#                 if not user_schemas.issuperset(schemas):
+#                     raise NotAuthorizedSchema(",".join(sorted(schemas - user_schemas)))
+#             conn.set_schemas(schemas)
+#         return queryset
diff --git a/src/etools_datamart/apps/etools/utils.py b/src/etools_datamart/apps/etools/utils.py
index 3f236d768..4bece3675 100644
--- a/src/etools_datamart/apps/etools/utils.py
+++ b/src/etools_datamart/apps/etools/utils.py
@@ -1,3 +1,5 @@
+from functools import lru_cache
+
 from django.db import connections
 from unicef_security.models import Role
 
@@ -6,15 +8,19 @@
 conn = connections['etools']
 
 
-def get_etools_allowed_schemas(user):
+@lru_cache()
+def get_allowed_schemas(user):
     # returns all allowed schemas
+    if user.is_superuser:
+        return conn.all_schemas
     with conn.noschema():
         aa = list(Role.objects.filter(user=user).values_list('business_area__name', flat=True))
         etools_user = UsersUserprofile.objects.filter(user__email=user.email).first()
         if etools_user:
             aa.extend(set(etools_user.countries_available.values_list('schema_name', flat=True)))
 
-    return set(map(lambda s: s.lower(), aa))
+    return set(filter(None, aa))
+    # return set(map(lambda s: s.lower(), aa))
 #
 # def schema_is_valid(*schema):
 #     return schema in conn.all_schemas
diff --git a/src/unicef_rest_framework/cache.py b/src/unicef_rest_framework/cache.py
index 169f807ac..943a7200e 100644
--- a/src/unicef_rest_framework/cache.py
+++ b/src/unicef_rest_framework/cache.py
@@ -1,4 +1,5 @@
 import re
+import time
 
 from django.core.cache import caches
 from django.utils.http import quote_etag
@@ -11,6 +12,7 @@
 from rest_framework_extensions.key_constructor.bits import KeyBitBase
 from rest_framework_extensions.key_constructor.constructors import KeyConstructor
 from rest_framework_extensions.settings import extensions_api_settings
+from strategy_field.utils import fqn
 from unicef_rest_framework.models import SystemFilter
 
 cache = caches['default']
@@ -127,6 +129,13 @@ def get_data(self, params, view_instance, view_method, request, args, kwargs):
         return {'path': str(request.path)}
 
 
+class DevelopKeyBit(KeyBitBase):
+    def get_data(self, params, view_instance, view_method, request, args, kwargs):
+        if 'disable-cache' in request.GET:
+            return {'dev': str(time.time())}
+        return {}
+
+
 class ListKeyConstructor(KeyConstructor):
     cache_version = CacheVersionKeyBit()
     system_filter = SystemFilterKeyBit()
@@ -134,6 +143,7 @@ class ListKeyConstructor(KeyConstructor):
     unique_method_id = bits.UniqueMethodIdKeyBit()
     format = bits.FormatKeyBit()
     headers = bits.HeadersKeyBit(['Accept'])
+    dev = DevelopKeyBit()
     # language = bits.LanguageKeyBit()
     # list_sql_query = bits.ListSqlQueryKeyBit()  # NEVER NEVER USE THIS
 
@@ -193,7 +203,12 @@ def process_cache_response(self,
 
         view_instance.store('cache-ttl', view_instance.get_service().cache_ttl)
         view_instance.store('service', view_instance.get_service())
-        view_instance.store('view', view_instance)
+        view_instance.store('view', fqn(view_instance))
+        # view_instance.store('_filters', request._filters)
+        # conn = connections['etools']
+        # view_instance.store('_schemas', conn.schemas)
+        # view_instance.store('_countries', conn.schemas)
+
         # view_instance.request._request.api_info['cache-ttl'] = view_instance.get_service().cache_ttl
         # view_instance.request._request.api_info['service'] = view_instance.get_service()
         # view_instance.request._request.api_info['view'] = fqn(view_instance)
diff --git a/src/unicef_rest_framework/ds.py b/src/unicef_rest_framework/ds.py
new file mode 100644
index 000000000..582f350b8
--- /dev/null
+++ b/src/unicef_rest_framework/ds.py
@@ -0,0 +1,68 @@
+import coreapi
+import coreschema
+from django.template import loader
+from dynamic_serializer.core import DynamicSerializerMixin as DynamicSerializerMixinBase
+from rest_framework.filters import BaseFilterBackend
+
+
+class DynamicSerializerMixin(DynamicSerializerMixinBase):
+    def get_selected_serializer_name(self):
+        return self.request.query_params.get(self.serializer_field_param, 'std')
+
+
+class SchemaSerializerField(coreschema.Enum):
+
+    def __init__(self, view: DynamicSerializerMixin, **kwargs):
+        self.view = view
+        kwargs.setdefault('title', 'serializers')
+        kwargs.setdefault('description', self.build_description())
+        super().__init__(list(view.serializers_fieldsets.keys()), **kwargs)
+
+    def build_description(self):
+        defs = []
+        names = []
+        for k, v in self.view.serializers_fieldsets.items():
+            names.append(k)
+            defs.append(f"""- **{k}**: {self.view.get_serializer_fields(k)}
+""")
+
+        description = f"""Define the set of fields to return. Allowed values are:
+            [{'*, *'.join(names)}*]
+
+{''.join(defs)}
+        """
+        return description
+
+
+class DynamicSerializerFilter(BaseFilterBackend):
+    # template = 'rest_framework/filters/search.html'
+    ordering_title = 'Serializer'
+    template = 'dynamic_serializer/filter.html'
+
+    def get_schema_fields(self, view):
+        ret = []
+        if view.serializers_fieldsets:
+            ret.append(coreapi.Field(
+                name=view.serializer_field_param,
+                required=False,
+                location='query',
+                schema=SchemaSerializerField(view)
+            ))
+        return ret
+
+    def filter_queryset(self, request, queryset, view):
+        return queryset
+
+    def get_template_context(self, request, queryset, view):
+        current = view.get_selected_serializer_name()
+        context = {'request': request,
+                   'current': current,
+                   'param': view.serializer_field_param,
+                   }
+        context['options'] = view.serializers_fieldsets.keys()
+        return context
+
+    def to_html(self, request, queryset, view):
+        template = loader.get_template(self.template)
+        context = self.get_template_context(request, queryset, view)
+        return template.render(context)
diff --git a/src/unicef_rest_framework/renderers/api.py b/src/unicef_rest_framework/renderers/api.py
index 41950b5c2..cac29508b 100644
--- a/src/unicef_rest_framework/renderers/api.py
+++ b/src/unicef_rest_framework/renderers/api.py
@@ -19,6 +19,9 @@ def get_context(self, data, accepted_media_type, renderer_context):
         for key, value in sorted(request.api_info.items()):
             if key not in ['cache-hit']:
                 ctx['response_headers'][key] = request.api_info.str(key)
+        # ctx['response_headers']['ordering'] = getattr(view, 'ordering_fields', '')
+        ctx['response_headers']['serializers'] = ", ".join(getattr(view, 'serializers_fieldsets', {}).keys())
+        # ctx['response_headers']['filters'] = getattr(view, 'filter_fields', '')
 
         ctx['extra_actions'] = view.get_extra_action_url_map()
         ctx['base_action'] = reverse(f'api:{view.basename}-list', args=['latest'])
diff --git a/src/unicef_rest_framework/templates/dynamic_serializer/filter.html b/src/unicef_rest_framework/templates/dynamic_serializer/filter.html
new file mode 100644
index 000000000..57eeb7e9f
--- /dev/null
+++ b/src/unicef_rest_framework/templates/dynamic_serializer/filter.html
@@ -0,0 +1,14 @@
+{% load rest_framework %}
+{% load i18n %}
+<h2>{% trans "Serializer" %}</h2>
+<div class="list-group">
+    {% for key in options %}
+        {% if key == current %}
+            <a href="{% add_query_param request param key %}" class="list-group-item active">
+                <span class="glyphicon glyphicon-ok" style="float: right" aria-hidden="true"></span> {{ key }}
+            </a>
+        {% else %}
+            <a href="{% add_query_param request param key %}" class="list-group-item">{{ key }}</a>
+        {% endif %}
+    {% endfor %}
+</div>
diff --git a/src/unicef_rest_framework/templates/rest_framework/base.html b/src/unicef_rest_framework/templates/rest_framework/base.html
index da2d4a841..0e801c49c 100644
--- a/src/unicef_rest_framework/templates/rest_framework/base.html
+++ b/src/unicef_rest_framework/templates/rest_framework/base.html
@@ -1,6 +1,7 @@
 {% load static %}
 {% load i18n %}
 {% load rest_framework %}
+{% load query %}
 
 <!DOCTYPE html>
 <html>
@@ -117,7 +118,7 @@
           {% endif %}
           {% if iqy_url %}
               <span class="button-form" >
-              <a href="{{ iqy_url  }}"
+              <a href="{{ iqy_url  }}?{% set_query_values %}"
                  tyle="float: right; color:black; background-color: #1e90ff; margin-right: 0;margin-top:5px; margin-left: 10px;"
                  class="btn btn-primary js-tooltip">IQY</a>
               </span>
diff --git a/src/unicef_rest_framework/templatetags/query.py b/src/unicef_rest_framework/templatetags/query.py
new file mode 100644
index 000000000..6b83c83b2
--- /dev/null
+++ b/src/unicef_rest_framework/templatetags/query.py
@@ -0,0 +1,49 @@
+import collections
+
+from django import template
+from django.http import QueryDict
+
+register = template.Library()
+
+
+@register.simple_tag
+def build_query(**kwargs):
+    """Build a query string"""
+    query_dict = QueryDict(mutable=True)
+
+    for k, v in kwargs.items():
+        if isinstance(v, collections.Iterable) and not isinstance(v, str):
+            query_dict.setlist(k, v)
+        else:
+            query_dict[k] = v
+
+    return query_dict.urlencode()
+
+
+@register.simple_tag(takes_context=True)
+def set_query_values(context, **kwargs):
+    """Override existing parameters in the current query string"""
+    query_dict = context.request.GET.copy()
+
+    for k, v in kwargs.items():
+        if isinstance(v, collections.Iterable) and not isinstance(v, str):
+            query_dict.setlist(k, v)
+        else:
+            query_dict[k] = v
+
+    return query_dict.urlencode()
+
+
+@register.simple_tag(takes_context=True)
+def append_query_values(context, **kwargs):
+    """Append to existing parameters in the current query string"""
+    query_dict = context.request.GET.copy()
+
+    for k, v in kwargs.items():
+        if isinstance(v, collections.Iterable) and not isinstance(v, str):
+            for v_item in v:
+                query_dict.appendlist(k, v_item)
+        else:
+            query_dict.appendlist(k, v)
+
+    return query_dict.urlencode()
diff --git a/src/unicef_rest_framework/test_utils.py b/src/unicef_rest_framework/test_utils.py
index b736f2609..68592b22a 100644
--- a/src/unicef_rest_framework/test_utils.py
+++ b/src/unicef_rest_framework/test_utils.py
@@ -8,7 +8,7 @@
 class user_allow_country(ContextDecorator):  # noqa
     def __init__(self, user, coutries=None):
         self.user = user
-        if not isinstance(coutries, (list, tuple)):
+        if not isinstance(coutries, (list, tuple, set)):
             coutries = [coutries]
         self.areas = [BusinessAreaFactory(name=s) for s in coutries]
         self.rules = []
diff --git a/src/unicef_rest_framework/views.py b/src/unicef_rest_framework/views.py
index ad38cae3d..570e6e23b 100644
--- a/src/unicef_rest_framework/views.py
+++ b/src/unicef_rest_framework/views.py
@@ -3,7 +3,6 @@
 
 import rest_framework_extensions.utils
 from drf_querystringfilter.backend import QueryStringFilterBackend
-from dynamic_serializer.core import DynamicSerializerMixin
 from rest_framework import viewsets
 from rest_framework.authentication import BasicAuthentication, SessionAuthentication, TokenAuthentication
 from rest_framework.filters import OrderingFilter
@@ -15,6 +14,7 @@
 from . import acl
 from .auth import AnonymousAuthentication, IPBasedAuthentication, JWTAuthentication, URLTokenAuthentication
 from .cache import cache_response, etag, ListKeyConstructor
+from .ds import DynamicSerializerFilter, DynamicSerializerMixin
 from .filtering import SystemFilterBackend
 from .negotiation import CT
 from .permissions import ServicePermission
@@ -54,7 +54,9 @@ class ReadOnlyModelViewSet(DynamicSerializerMixin, viewsets.ReadOnlyModelViewSet
     content_negotiation_class = CT
     filter_backends = [SystemFilterBackend,
                        QueryStringFilterBackend,
-                       OrderingFilter]
+                       OrderingFilter,
+                       DynamicSerializerFilter]
+
     renderer_classes = [JSONRenderer,
                         APIBrowsableAPIRenderer,
                         CSVRenderer,
diff --git a/src/unicef_rest_framework/views_mixins.py b/src/unicef_rest_framework/views_mixins.py
index ecc96545e..47c4fc3de 100644
--- a/src/unicef_rest_framework/views_mixins.py
+++ b/src/unicef_rest_framework/views_mixins.py
@@ -21,7 +21,7 @@
 class IQYConnectionMixin:
 
     @swagger_auto_schema(responses={200: "OK"})
-    @action(methods=['get'], detail=False)
+    @action(methods=['get'], detail=False, filter_backends=[], pagination_class=None)
     def iqy(self, request, version):
         """Returns .iqy file to be used as Excel Web Connection """
         try:
diff --git a/tests/api/test_api_filtering.py b/tests/api/test_api_filtering.py
index e9574c803..68d50a24e 100644
--- a/tests/api/test_api_filtering.py
+++ b/tests/api/test_api_filtering.py
@@ -1,8 +1,9 @@
 import pytest
 from rest_framework.test import APIClient
+from test_utilities.factories import AdminFactory, UserFactory
 from unicef_rest_framework.test_utils import user_allow_country, user_allow_service
 
-from etools_datamart.api.endpoints import InterventionViewSet
+from etools_datamart.api.endpoints import EngagementViewSet, InterventionViewSet, PartnerViewSet
 
 
 class MockCache:
@@ -15,51 +16,100 @@ def get(self, key):
         return self.data.get(key, None)
 
 
-@pytest.mark.parametrize('flt', ['country_name=bolivia', 'country_name=bolivia,chad'])
+@pytest.fixture()
+def client(user):
+    client = APIClient()
+    client.force_authenticate(user)
+    return client
+
+
+@pytest.mark.parametrize('flt', ['country_name=bolivia', 'country_name=bolivia,chad',
+                                 'country_name=BOL,0810'])
 def test_filter_cache_country_arg(db, client, flt, monkeypatch):
     fake = MockCache()
     monkeypatch.setattr('etools_datamart.api.filtering.cache', fake)
     url = f"/api/latest/etools/audit/engagement/?%s" % flt
-    res = client.get(url)
-    res = client.get(url)
+    with user_allow_service(client.handler._force_user, EngagementViewSet):
+        with user_allow_country(client.handler._force_user, ["bolivia", "chad"]):
+            res = client.get(url)
+            res = client.get(url)
     assert fake.data
-    assert res.status_code == 200
+    assert res.status_code == 200, res.content
     assert res.json()
 
 
-@pytest.mark.parametrize('flt', ['country_name=bolivia', 'country_name=', 'country_name=bolivia,chad'])
-def test_filter_etools_country_name(db, client, flt):
-    url = f"/api/latest/etools/audit/engagement/?%s" % flt
-    res = client.get(url)
-    assert res.status_code == 200
-    assert res.json()
-
-
-@pytest.mark.parametrize('flt', ['country_name=bolivia', 'country_name=', 'country_name=bolivia,chad'])
-def test_filter_datamart_country_name_admin(db, client, flt):
-    url = f"/api/latest/datamart/interventions/?%s" % flt
-    res = client.get(url)
-    assert res.status_code == 200
-    assert res.json()
+# @pytest.mark.django_db
+# @pytest.mark.parametrize('user_type', [UserFactory, AdminFactory])
+# @pytest.mark.parametrize('viewset', [PartnerViewSet, InterventionViewSet])
+# @pytest.mark.parametrize('flt', ['bolivia', 'bolivia,chad', 'BOL,0810'])
+# @pytest.mark.parametrize('op', ['=', '!='])
+# def test_filter_country(flt, viewset, user_type, op):
+#     user = user_type()
+#     client = APIClient()
+#     client.force_authenticate(user)
+#     service = viewset.get_service()
+#     schemas = get_schema_names(flt)
+#     url = f"{service.endpoint}?country_name{op}{flt}"
+#     with user_allow_country(user, schemas):
+#         with user_allow_service(user, viewset):
+#             res = client.get(url)
+#     assert res.status_code == 200, res.content
+#     assert res.json()
 
 
-@pytest.mark.parametrize('flt', ['country_name=lebanon', 'country_name=', 'country_name=lebanon,chad',
-                                 'country_name=LEBA,0810'])
-def test_filter_datamart_country_name_uset(user, flt):
+@pytest.mark.django_db
+@pytest.mark.parametrize('user_type', [UserFactory, AdminFactory])
+@pytest.mark.parametrize('viewset', [PartnerViewSet, InterventionViewSet])
+@pytest.mark.parametrize('op', ['=', '!='])
+def test_filter_country_invalid(viewset, user_type, op):
+    user = user_type()
     client = APIClient()
     client.force_authenticate(user)
-    base = InterventionViewSet.get_service().endpoint
-
-    with user_allow_country(user, ['lebanon', 'chad']):
-        with user_allow_service(user, InterventionViewSet):
-            url = f"{base}?{flt}"
-            res = client.get(url)
-            assert res.status_code == 200
-            assert res.json()
+    service = viewset.get_service()
+    url = f"{service.endpoint}?country_name{op}aaa"
+    with user_allow_service(user, viewset):
+        res = client.get(url)
+    assert res.status_code == 400
 
 
+#
+# @pytest.mark.parametrize('flt', ['country_name=bolivia', 'country_name=', 'country_name=bolivia,chad'])
+# def test_filter_etools_country_name(db, client, flt):
+#     url = f"/api/latest/etools/audit/engagement/?%s" % flt
+#     with user_allow_service(client.handler._force_user, AuditEngagement):
+#         res = client.get(url)
+#     assert res.status_code == 200
+#     assert res.json()
+#
+#
+# @pytest.mark.parametrize('flt', ['country_name=bolivia', 'country_name=', 'country_name=bolivia,chad'])
+# def test_filter_datamart_country_name_admin(db, client, flt):
+#     url = f"/api/latest/datamart/interventions/?%s" % flt
+#     with user_allow_service(client.handler._force_user, InterventionViewSet):
+#         res = client.get(url)
+#     assert res.status_code == 200
+#     assert res.json()
+#
+#
+# @pytest.mark.parametrize('flt', ['country_name=lebanon', 'country_name=', 'country_name=lebanon,chad',
+#                                  'country_name=LEBA,0810'])
+# def test_filter_datamart_country_name_uset(user, flt):
+#     client = APIClient()
+#     client.force_authenticate(user)
+#     base = InterventionViewSet.get_service().endpoint
+#
+#     with user_allow_country(user, ['lebanon', 'chad']):
+#         with user_allow_service(user, InterventionViewSet):
+#             url = f"{base}?{flt}"
+#             res = client.get(url)
+#             assert res.status_code == 200
+#             assert res.json()
+#
+#
 @pytest.mark.parametrize('flt', ['10', 'oct', '10-2018', 'current', ''])
 def test_filter_datamart_month(db, client, flt):
+    client.force_authenticate(AdminFactory())
+
     url = f"/api/latest/datamart/user-stats/?month=%s" % flt
     res = client.get(url)
     assert res.status_code == 200
diff --git a/tests/api/test_api_permission.py b/tests/api/test_api_permission.py
index 6c54ed744..f49f310dd 100644
--- a/tests/api/test_api_permission.py
+++ b/tests/api/test_api_permission.py
@@ -4,6 +4,7 @@
 from rest_framework.test import APIClient
 from test_utilities.factories import InterventionFactory
 from unicef_rest_framework.models import UserAccessControl
+from unicef_rest_framework.test_utils import user_allow_country
 
 from etools_datamart.api.endpoints import InterventionViewSet
 
@@ -85,8 +86,8 @@ def test_permission_deny(client, deny):
 def test_permission_allow(client, allow):
     url = allow.service.endpoint
     client.force_authenticate(allow.user)
-
-    res = client.get(url, HTTP_X_SCHEMA="bolivia")
+    with user_allow_country(allow.user, 'bolivia'):
+        res = client.get(url)
     assert res.status_code == 200
 
 
@@ -94,8 +95,8 @@ def test_permission_check_serializer_allow(client, allow_many_serializer):
     url = allow_many_serializer.service.endpoint
     view = allow_many_serializer.service.viewset
     client.force_authenticate(allow_many_serializer.user)
-
-    res = client.get("%s?%s=short" % (url, urlquote(view.serializer_field_param)))
+    with user_allow_country(allow_many_serializer.user, 'bolivia'):
+        res = client.get("%s?%s=short" % (url, urlquote(view.serializer_field_param)))
     assert res.status_code == 200
     # assert res.json()['detail'] == "You do not have permission to perform this action."
 
@@ -104,9 +105,9 @@ def test_permission_check_serializer_deny(client, allow_std_serializer):
     url = allow_std_serializer.service.endpoint
     view = allow_std_serializer.service.viewset
     client.force_authenticate(allow_std_serializer.user)
-
+    # with user_allow_country(allow_many_serializer.user, 'bolivia'):
     res = client.get("%s?%s=short" % (url, urlquote(view.serializer_field_param)))
-    assert res.status_code == 403
+    assert res.status_code == 403, res.content
     assert res.json()['error'] == "Forbidden serializer 'short'"
 
 
@@ -114,9 +115,9 @@ def test_permission_check_serializer_any(client, allow_any_serializer):
     url = allow_any_serializer.service.endpoint
     view = allow_any_serializer.service.viewset
     client.force_authenticate(allow_any_serializer.user)
-
-    res = client.get("%s?%s=short" % (url, urlquote(view.serializer_field_param)))
-    assert res.status_code == 200
+    with user_allow_country(allow_any_serializer.user, 'bolivia'):
+        res = client.get("%s?%s=short" % (url, urlquote(view.serializer_field_param)))
+    assert res.status_code == 200, res.content
 
 
 def test_permission_check_user(client, allow_any_serializer, user2):
diff --git a/tests/api/test_api_web.py b/tests/api/test_api_web.py
index bb13548a8..86bebd2d5 100644
--- a/tests/api/test_api_web.py
+++ b/tests/api/test_api_web.py
@@ -2,7 +2,7 @@
 import pytest
 from rest_framework.test import APIClient
 from test_utilities.factories import UserFactory
-from unicef_rest_framework.test_utils import user_allow_service
+from unicef_rest_framework.test_utils import user_allow_country, user_allow_service
 from unicef_security.models import User
 
 from etools_datamart.api.endpoints import (FAMIndicatorViewSet, InterventionViewSet,
@@ -20,7 +20,7 @@ def test_api_web_index(user):
     client = APIClient()
     client.force_authenticate(user)
     res = client.get('/api/latest/')
-    assert res.status_code == 200
+    assert res.status_code == 200, res.content
 
 
 @pytest.mark.parametrize("username", ("admin", "user1"))
@@ -30,7 +30,8 @@ def test_list_web(username, viewset):
     user = User.objects.get(username=username)
     client = APIClient()
     client.force_authenticate(user)
-    with user_allow_service(user, viewset):
-        res = client.get(viewset.get_service().endpoint, HTTP_ACCEPT="text/html")
-        assert res.status_code == 200, res
-        assert res["Content-Type"] == "text/html; charset=utf-8"
+    with user_allow_country(user, "bolivia"):
+        with user_allow_service(user, viewset):
+            res = client.get(viewset.get_service().endpoint, HTTP_ACCEPT="text/html")
+    assert res.status_code == 200, res.content
+    assert res["Content-Type"] == "text/html; charset=utf-8"
diff --git a/tests/api/test_datamart_security.py b/tests/api/test_datamart_security.py
index 8f15328f1..844958bfa 100644
--- a/tests/api/test_datamart_security.py
+++ b/tests/api/test_datamart_security.py
@@ -2,10 +2,11 @@
 
 import pytest
 from rest_framework.test import APIClient
-from test_utilities.factories import UserFactory, UserStatsFactory
-from unicef_rest_framework.test_utils import user_allow_service
+from test_utilities.factories import AdminFactory, UserFactory, UserStatsFactory
+from unicef_rest_framework.test_utils import user_allow_country, user_allow_service
 
-from etools_datamart.api.endpoints import PartnerViewSet, UserStatsViewSet
+from etools_datamart.api.endpoints import HACTViewSet, PartnerViewSet, UserStatsViewSet
+from etools_datamart.apps.etools.utils import get_allowed_schemas
 
 
 @pytest.fixture()
@@ -38,15 +39,15 @@ def user_data(db):
                          PARAMS,
                          ids=[p[0] for p in PARAMS]
                          )
-def test_datamart_user_access_allowed_countries(user, url, code, expected, user_data):
+def test_datamart_user_access_allowed_countries(admin_user, url, code, expected, user_data):
     client = APIClient()
-    client.force_authenticate(user)
+    client.force_authenticate(admin_user)
     base = UserStatsViewSet.get_service().endpoint
 
-    with user_allow_service(user, UserStatsViewSet):
-        res = client.get(f"{base}?{url}")
-        assert res.status_code == code, res
-        assert len(res.json()['results']) == expected, res.json()
+    # with user_allow_service(user, UserStatsViewSet):
+    res = client.get(f"{base}?{url}")
+    assert res.status_code == code, res
+    assert len(res.json()['results']) == expected, res.json()
 
 
 def test_datamart_user_access_forbidden_countries(user, user_data):
@@ -85,3 +86,26 @@ def test_local_user_access(local_user, user_data):
         res = client.get(f"{url}?country_name=lebanon,chad")
         assert res.status_code == 403, res
         assert res.json() == {'error': "You are not allowed to access schema: 'chad,lebanon'"}
+
+
+@pytest.mark.parametrize("user_type,op,query,code,allowed", [(UserFactory, "=", "", 403, ""),
+                                                             (UserFactory, "=", "", 200, "bolivia"),
+                                                             (AdminFactory, "=", "", 200, ""),
+
+                                                             (UserFactory, "=", "lebanon", 200, "lebanon"),
+                                                             (UserFactory, "!=", "bolivia", 200, "lebanon"),
+                                                             (UserFactory, "!=", "bolivia", 200, "lebanon"),
+                                                             (UserFactory, "=", "lebanon", 403, "bolivia"),
+                                                             (UserFactory, "=", "bolivia", 403, ""),
+                                                             ])
+def test_access(db, user_type, op, query, code, allowed):
+    # etools user has access same countries as in eTools app
+    get_allowed_schemas.cache_clear()
+    user = user_type()
+    client = APIClient()
+    client.force_authenticate(user)
+    url = HACTViewSet.get_service().endpoint
+    with user_allow_service(user, HACTViewSet):
+        with user_allow_country(user, allowed):
+            res = client.get(f"{url}?country_name{op}{query}")
+            assert res.status_code == code, res.content
diff --git a/tests/api/test_etools_security.py b/tests/api/test_etools_security.py
index 9e7baf928..f28384e01 100644
--- a/tests/api/test_etools_security.py
+++ b/tests/api/test_etools_security.py
@@ -1,46 +1,108 @@
+import pytest
 from rest_framework.test import APIClient
-from unicef_rest_framework.test_utils import user_allow_service
+from test_utilities.factories import AdminFactory, UserFactory
+from unicef_rest_framework.test_utils import user_allow_country, user_allow_service
 
 from etools_datamart.api.endpoints import PartnerViewSet
+from etools_datamart.apps.etools.utils import get_allowed_schemas
 
+# def test_etools_user_access_allowed_countries(user):
+#     # etools user has access same countries as in eTools app
+#     client = APIClient()
+#     client.force_authenticate(user)
+#     url = PartnerViewSet.get_service().endpoint
+#
+#     with user_allow_service(user, PartnerViewSet):
+#         res = client.get(f"{url}")
+#         assert res.status_code == 200, res
+#         assert len(res.json()['results']) == 100
+#
+#         res = client.get(f"{url}?country_name=lebanon")
+#         assert res.status_code == 200, res
+#         assert len(res.json()['results']) == 100
+#
+#         res = client.get(f"{url}?country_name=lebanon,chad")
+#         assert res.status_code == 403, res
+#         assert res.json() == {'error': "You are not allowed to access schema: 'chad'"}
+#
+#         res = client.get(f"{url}?country_name=lebanon,xxx")
+#         assert res.status_code == 400, res
+#         assert res.json() == {'error': "Invalid schema: xxx",
+#                               'hint': 'Removes wrong schema from selection',
+#                               'valid': ['bolivia', 'chad', 'lebanon']}
 
-def test_etools_user_access_allowed_countries(user):
-    # etools user has access same countries as in eTools app
-    client = APIClient()
-    client.force_authenticate(user)
-    url = PartnerViewSet.get_service().endpoint
 
-    with user_allow_service(user, PartnerViewSet):
-        res = client.get(f"{url}")
-        assert res.status_code == 200, res
-        assert len(res.json()['results']) == 100
+def pytest_generate_tests(metafunc):
+    if 'params' in metafunc.fixturenames:
+        ret, ids = [], []
+        ret.append([UserFactory, PartnerViewSet, 200])
+        ids.append("UserFactory, PartnerViewSet, 200")
+
+        ret.append([AdminFactory, PartnerViewSet, 200])
+        ids.append("AdminFactory, PartnerViewSet, 200")
+        metafunc.parametrize("params", ret, ids=ids)
+
 
-        res = client.get(f"{url}?country_name=lebanon")
-        assert res.status_code == 200, res
-        assert len(res.json()['results']) == 100
+@pytest.mark.django_db
+def test_etools_user_access_allowed_countries(params):
+    # etools user has access same countries as in eTools app
+    user_type, viewset, code = params
+    user = user_type()
+    url = viewset.get_service().endpoint
 
-        res = client.get(f"{url}?country_name=lebanon,chad")
-        assert res.status_code == 403, res
-        assert res.json() == {'error': "You are not allowed to access schema: 'chad'"}
+    client = APIClient()
+    client.force_authenticate(user)
+    # url = PartnerViewSet.get_service().endpoint
+    #
+    with user_allow_service(user, viewset):
+        with user_allow_country(user, "bolivia"):
+            res = client.get(f"{url}")
+            assert res.status_code == code, res.content
+    #     assert len(res.json()['results']) == 100
+    #
+    #     res = client.get(f"{url}?country_name=lebanon")
+    #     assert res.status_code == 200, res
+    #     assert len(res.json()['results']) == 100
+    #
+    #     res = client.get(f"{url}?country_name=lebanon,chad")
+    #     assert res.status_code == 403, res
+    #     assert res.json() == {'error': "You are not allowed to access schema: 'chad'"}
+    #
+    #     res = client.get(f"{url}?country_name=lebanon,xxx")
+    #     assert res.status_code == 400, res
+    #     assert res.json() == {'error': "Invalid schema: xxx",
+    #                           'hint': 'Removes wrong schema from selection',
+    #                           'valid': ['bolivia', 'chad', 'lebanon']}
 
-        res = client.get(f"{url}?country_name=lebanon,xxx")
-        assert res.status_code == 400, res
-        assert res.json() == {'error': "Invalid schema: xxx",
-                              'hint': 'Removes wrong schema from selection',
-                              'valid': ['bolivia', 'chad', 'lebanon']}
 
+@pytest.mark.parametrize("user_type,op,query,code,allowed", [(UserFactory, "=", "", 403, ""),
+                                                             (UserFactory, "=", "", 200, "bolivia"),
+                                                             (AdminFactory, "=", "", 200, ""),
 
-def test_loacl_user_access(local_user):
+                                                             (UserFactory, "=", "lebanon", 200, "lebanon"),
+                                                             (UserFactory, "!=", "bolivia", 200, "lebanon"),
+                                                             (UserFactory, "!=", "bolivia", 200, "lebanon"),
+                                                             (UserFactory, "=", "lebanon", 403, "bolivia"),
+                                                             (UserFactory, "=", "bolivia", 403, ""),
+                                                             ])
+def test_access(db, user_type, op, query, code, allowed):
     # etools user has access same countries as in eTools app
+    get_allowed_schemas.cache_clear()
+    user = user_type()
     client = APIClient()
-    client.force_authenticate(local_user)
+    client.force_authenticate(user)
     url = PartnerViewSet.get_service().endpoint
-
-    with user_allow_service(local_user, PartnerViewSet):
-        res = client.get(f"{url}")
-        assert res.status_code == 403, res
-        assert res.json() == {'error': "You don't have enabled schemas"}
-
-        res = client.get(f"{url}?country_name=lebanon,chad")
-        assert res.status_code == 403, res
-        assert res.json() == {'error': "You are not allowed to access schema: 'chad,lebanon'"}
+    with user_allow_service(user, PartnerViewSet):
+        with user_allow_country(user, allowed):
+            res = client.get(f"{url}?country_name{op}{query}")
+            assert res.status_code == code, res.content
+            # assert res.json() == {'error': "You don't have enabled schemas"}
+        #
+        # with user_allow_country(local_user, ['bolivia']):
+        #     res = client.get(f"{url}?country_name=lebanon,chad")
+        #     assert res.status_code == 403, res.content
+        #     assert res.json() == {'error': "You are not allowed to access schema: 'chad,lebanon'"}
+        #
+        # with user_allow_country(local_user, ['lebanon']):
+        #     res = client.get(f"{url}")
+        #     assert res.status_code == 200, res.content
diff --git a/tests/api/test_system_filters.py b/tests/api/test_system_filters.py
index f7d24fa3d..5f8ff6aa8 100644
--- a/tests/api/test_system_filters.py
+++ b/tests/api/test_system_filters.py
@@ -4,32 +4,33 @@
 from rest_framework.test import APIClient
 from test_utilities.factories import InterventionFactory, SystemFilterFactory, UserAccessControlFactory
 from unicef_rest_framework.models import Service
+from unicef_rest_framework.test_utils import user_allow_country
 
 
 @pytest.fixture(autouse=True)
 def setup_data(db):
-    datas = [InterventionFactory(country_name='a'),
-             InterventionFactory(country_name='b'),
-             InterventionFactory(country_name='b')]
+    datas = [InterventionFactory(country_name='bolivia'),
+             InterventionFactory(country_name='chad'),
+             InterventionFactory(country_name='lebanon')]
     yield
     [d.delete() for d in datas]
 
 
 def test_user_system_filter(client: APIClient, data_service: Service, user1: User,
-                            django_assert_no_duplicate_queries, settings):
+                            django_assert_no_duplicate_queries, settings,
+                            django_assert_num_queries):
     settings.CACHES = {'api': {'BACKEND': 'django.core.cache.backends.dummy.DummyCache'}}
 
     client.force_authenticate(user1)
     data_service.invalidate_cache()
-    SystemFilterFactory(service=data_service, user=user1,
-                        rules={'country_name': 'a'})
+    SystemFilterFactory(service=data_service, user=user1, rules={'country_name': 'bolivia'})
     UserAccessControlFactory(service=data_service, user=user1)
-    with django_assert_no_duplicate_queries():
-        # with django_assert_num_queries(7):
-        res = client.get(data_service.endpoint, HTTP_X_SCHEMA="public")
+    with user_allow_country(user1, "bolivia"):
+        with django_assert_no_duplicate_queries():
+            res = client.get(data_service.endpoint)
     assert res.status_code == 200
     results = res.json()['results']
-    assert res['system-filters'] == "country_name=a"
+    assert res['system-filters'] == "country_name=bolivia"
     assert res['cache-hit'] == "False"
     assert len(results) == 1
-    assert [r['country_name'] for r in results] == ['a']
+    assert [r['country_name'] for r in results] == ['bolivia']

From 4e7252061338c514b2fa9fd611d985d198bfd142 Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Wed, 12 Dec 2018 17:46:33 +0100
Subject: [PATCH 47/86] IQY generator respect user filter

---
 CHANGES                                       |   3 +
 src/drf_querystringfilter/backend.py          |  13 +-
 src/drf_querystringfilter/exceptions.py       |   2 +-
 .../templates/querystringfilter/filter.html   |  15 ++-
 src/etools_datamart/api/endpoints/common.py   |  19 +--
 .../api/endpoints/datamart/hact.py            |   2 +-
 .../api/endpoints/datamart/pmpindicators.py   |  17 ++-
 .../api/endpoints/datamart/user.py            |   9 +-
 src/etools_datamart/api/filtering.py          | 120 ++++++++----------
 src/etools_datamart/api/renderers.py          |  10 --
 .../api/templates/api/country_filter.html     |  11 ++
 .../apps/web/templates/admin/base_site.html   |  12 +-
 .../apps/web/templates/base.html              |  22 ++--
 src/etools_datamart/celery.py                 |  13 --
 src/etools_datamart/config/settings.py        |  22 +++-
 src/month_field/rest_framework.py             |  63 +++++----
 .../rest_framework/month_filtering.html       |  16 +--
 src/month_field/widgets.py                    |   6 +-
 src/unicef_rest_framework/admin/service.py    |   2 +-
 src/unicef_rest_framework/ds.py               |  20 ++-
 src/unicef_rest_framework/filtering.py        |   2 +-
 .../management/commands/api-inspect.py        |  34 +++++
 .../migrations/0003_auto_20181211_1735.py     |  25 ++++
 src/unicef_rest_framework/models/service.py   |  21 ++-
 src/unicef_rest_framework/ordering.py         |  19 +++
 src/unicef_rest_framework/pagination.py       |  39 ++++--
 .../renderers/__init__.py                     |   2 +-
 src/unicef_rest_framework/renderers/api.py    |   5 +-
 src/unicef_rest_framework/routers.py          |  54 ++++++--
 .../templates/dynamic_serializer/filter.html  |   2 +
 .../templates/dynamic_serializer/select.html  |  10 ++
 .../templates/rest_framework/base.html        | 119 ++++++++++++++---
 .../rest_framework/filter_template.html       |  20 +++
 .../rest_framework/filters/filter_form.html   |  10 ++
 .../rest_framework/filters/ordering.html      |  10 ++
 src/unicef_rest_framework/views.py            |  30 +++--
 tests/api/test_datamart_security.py           |   6 +-
 tests/api/test_system_filters.py              |  10 +-
 38 files changed, 571 insertions(+), 244 deletions(-)
 delete mode 100644 src/etools_datamart/api/renderers.py
 create mode 100644 src/etools_datamart/api/templates/api/country_filter.html
 create mode 100644 src/unicef_rest_framework/management/commands/api-inspect.py
 create mode 100644 src/unicef_rest_framework/migrations/0003_auto_20181211_1735.py
 create mode 100644 src/unicef_rest_framework/ordering.py
 create mode 100644 src/unicef_rest_framework/templates/dynamic_serializer/select.html
 create mode 100644 src/unicef_rest_framework/templates/rest_framework/filter_template.html
 create mode 100644 src/unicef_rest_framework/templates/rest_framework/filters/filter_form.html
 create mode 100644 src/unicef_rest_framework/templates/rest_framework/filters/ordering.html

diff --git a/CHANGES b/CHANGES
index f50e74692..974da1240 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,9 @@
 * Excel IQY support (beta)
 * Allow endpoints to be consumend bny anonymous users
 * Countries can be selected using name, schema_name,country_short_code or business_area_code
+* Improved Browseable API
+* `page_size` now accept `-1` to disable pagination
+
 
 1.7
 ---
diff --git a/src/drf_querystringfilter/backend.py b/src/drf_querystringfilter/backend.py
index 29e473813..80bb22dd6 100644
--- a/src/drf_querystringfilter/backend.py
+++ b/src/drf_querystringfilter/backend.py
@@ -35,6 +35,9 @@ class QueryStringFilterBackend(BaseFilterBackend):
     allowed_joins = -1
     field_casting = {}
 
+    def __init__(self) -> None:
+        self.unknown_arguments = []
+
     def get_form_class(self, request, view):
         fields = OrderedDict([
             (name, forms.CharField(required=False))
@@ -44,7 +47,9 @@ def get_form_class(self, request, view):
                     (forms.Form,), fields)
 
     def get_form(self, request, view):
-        # if not hasattr(self, '_form'):
+        if hasattr(view, 'get_querystringfilter_form'):
+            return view.get_querystringfilter_form(request.GET, prefix=self.form_prefix)
+
         Form = self.get_form_class(request, view)
         self._form = Form(request.GET, prefix=self.form_prefix)
         return self._form
@@ -164,11 +169,11 @@ def _get_filters(self, request, queryset, view):  # noqa
                     else:
                         op = ''
 
-                    #     parts = [field_name]
-
                     processor = getattr(self, 'process_{}'.format(filter_field_name), None)
                     if (filter_field_name not in filter_fields) and (not processor):
-                        raise InvalidQueryArgumentError(filter_field_name)
+                        self.unknown_arguments.append((fieldname_arg, filter_field_name))
+                        continue
+                        # raise InvalidQueryArgumentError(filter_field_name)
                     if raw_value is None and not processor:
                         continue
                     # field is configured in Serializer
diff --git a/src/drf_querystringfilter/exceptions.py b/src/drf_querystringfilter/exceptions.py
index d854eac8b..255225804 100644
--- a/src/drf_querystringfilter/exceptions.py
+++ b/src/drf_querystringfilter/exceptions.py
@@ -21,7 +21,7 @@ def __init__(self, field, *args, **kwargs):
 class InvalidQueryValueError(QueryFilterException):
 
     def __init__(self, field, argument='', *args, **kwargs):
-        msg = "Invalid value '{}' for parameter {}".format(field, argument)
+        msg = "Invalid value '{}' for parameter {}".format(argument, field)
         super(InvalidQueryValueError, self).__init__(msg)
 
 
diff --git a/src/drf_querystringfilter/templates/querystringfilter/filter.html b/src/drf_querystringfilter/templates/querystringfilter/filter.html
index 60c7086e0..6f7906050 100644
--- a/src/drf_querystringfilter/templates/querystringfilter/filter.html
+++ b/src/drf_querystringfilter/templates/querystringfilter/filter.html
@@ -1,8 +1,9 @@
-{% load rest_framework i18n %}
-<form method="get" action="">
-    <table>
-    {{ form.as_table }}
+{% load rest_framework i18n crispy_forms_tags %}
+{#<h2>{% trans "Fields" %}</h2>#}
+{#<form method="get" action="">#}
 
-    </table>
-    <button type="submit" class="btn btn-primary">{% trans "Submit" %}</button>
-</form>
+{#    {{ form|crispy }}#}
+    {{ form|crispy }}
+
+{#    <button type="submit" class="btn btn-primary">{% trans "Submit" %}</button>#}
+{#</form>#}
diff --git a/src/etools_datamart/api/endpoints/common.py b/src/etools_datamart/api/endpoints/common.py
index a7ad59467..3b09f3692 100644
--- a/src/etools_datamart/api/endpoints/common.py
+++ b/src/etools_datamart/api/endpoints/common.py
@@ -6,13 +6,14 @@
 from django.db import connections
 from django.http import Http404
 from drf_querystringfilter.exceptions import QueryFilterException
+from dynamic_serializer.core import InvalidSerializerError
 from rest_framework.decorators import action
 from rest_framework.exceptions import NotAuthenticated, PermissionDenied
-from rest_framework.filters import OrderingFilter
 from rest_framework.response import Response
 from unicef_rest_framework.ds import DynamicSerializerFilter
 from unicef_rest_framework.filtering import SystemFilterBackend
-from unicef_rest_framework.views import ReadOnlyModelViewSet
+from unicef_rest_framework.ordering import OrderingFilter
+from unicef_rest_framework.views import URFReadOnlyModelViewSet
 from unicef_rest_framework.views_mixins import IQYConnectionMixin
 
 from etools_datamart.api.filtering import CountryFilter, DatamartQueryStringFilterBackend, TenantCountryFilter
@@ -40,9 +41,8 @@ def updates(self, request, version):
                         headers={'update-date': offset})
 
 
-class APIReadOnlyModelViewSet(ReadOnlyModelViewSet, IQYConnectionMixin):
+class APIReadOnlyModelViewSet(URFReadOnlyModelViewSet, IQYConnectionMixin):
     filter_backends = [CountryFilter,
-                       SystemFilterBackend,
                        DatamartQueryStringFilterBackend,
                        OrderingFilter,
                        DynamicSerializerFilter,
@@ -53,19 +53,12 @@ class APIReadOnlyModelViewSet(ReadOnlyModelViewSet, IQYConnectionMixin):
 
     def get_schema_fields(self):
         ret = []
-        # if self.serializers_fieldsets:
-        #     ret.append(coreapi.Field(
-        #         name=self.serializer_field_param,
-        #         required=False,
-        #         location='query',
-        #         schema=SchemaSerializerField(self)
-        #     ))
         return ret
 
     def drf_ignore_filter(self, request, field):
         return field in [self.serializer_field_param,
                          self.dynamic_fields_param,
-                         'cursor', CountryFilter.query_param,
+                         'cursor', CountryFilter.query_param, 'month',
                          'ordering', 'page_size', 'format', 'page']
 
     def handle_exception(self, exc):
@@ -81,6 +74,8 @@ def handle_exception(self, exc):
             return Response({"error": str(exc)}, status=403)
         elif isinstance(exc, PermissionDenied):
             return Response({"error": str(exc)}, status=403)
+        elif isinstance(exc, InvalidSerializerError):
+            return Response({"error": str(exc)}, status=400)
         elif isinstance(exc, InvalidSchema):
             return Response({"error": str(exc),
                              "hint": "Removes wrong schema from selection",
diff --git a/src/etools_datamart/api/endpoints/datamart/hact.py b/src/etools_datamart/api/endpoints/datamart/hact.py
index 2783992ec..106414159 100644
--- a/src/etools_datamart/api/endpoints/datamart/hact.py
+++ b/src/etools_datamart/api/endpoints/datamart/hact.py
@@ -8,4 +8,4 @@
 class HACTViewSet(common.DataMartViewSet):
     serializer_class = serializers.HACTSerializer
     queryset = models.HACT.objects.all()
-    filter_fields = ('country_name', 'year', 'last_modify_date')
+    filter_fields = ('year', 'last_modify_date')
diff --git a/src/etools_datamart/api/endpoints/datamart/pmpindicators.py b/src/etools_datamart/api/endpoints/datamart/pmpindicators.py
index de90d9dd6..cb27ebaf8 100644
--- a/src/etools_datamart/api/endpoints/datamart/pmpindicators.py
+++ b/src/etools_datamart/api/endpoints/datamart/pmpindicators.py
@@ -6,11 +6,16 @@
 
 
 class PMPIndicatorsViewSet(common.DataMartViewSet):
-    """
-
-    """
     serializer_class = serializers.PMPIndicatorsSerializer
     queryset = models.PMPIndicators.objects.all()
-    filter_fields = ('vendor_number',
-                     'partner_name', 'partner_type', 'last_modify_date',
-                     'cash_contribution', 'pd_ssfa_status', 'pd_ssfa_ref', )
+    filter_fields = ('partner_type', 'last_modify_date', 'pd_ssfa_status')
+    serializers_fieldsets = {"std": None,
+                             "brief": ["id", "country_name",
+                                       "partner_name", "partner_type", "total_budget",
+                                       "unicef_budget", "currency",
+                                       ],
+                             "ssfa": ["pd_ssfa_ref",
+                                      "pd_ssfa_status",
+                                      "pd_ssfa_start_date",
+                                      "pd_ssfa_creation_date",
+                                      "pd_ssfa_end_date"]}
diff --git a/src/etools_datamart/api/endpoints/datamart/user.py b/src/etools_datamart/api/endpoints/datamart/user.py
index b442c66d2..cf225dac0 100644
--- a/src/etools_datamart/api/endpoints/datamart/user.py
+++ b/src/etools_datamart/api/endpoints/datamart/user.py
@@ -1,4 +1,6 @@
 # -*- coding: utf-8 -*-
+from month_field.rest_framework import MonthFilterBackend
+
 from etools_datamart.apps.data import models
 
 from . import serializers
@@ -7,5 +9,10 @@
 
 class UserStatsViewSet(common.DataMartViewSet):
     serializer_class = serializers.UserStatsSerializer
+    filter_backends = [MonthFilterBackend] + common.DataMartViewSet.filter_backends
     queryset = models.UserStats.objects.all()
-    filter_fields = ('country_name', 'month', 'last_modify_date')
+    filter_fields = ('last_modify_date', )
+    serializers_fieldsets = {"std": None}
+
+    def get_filter_backends(self, removes=None):
+        return super().get_filter_backends(removes)
diff --git a/src/etools_datamart/api/filtering.py b/src/etools_datamart/api/filtering.py
index fe307e1fc..3ceebad2d 100644
--- a/src/etools_datamart/api/filtering.py
+++ b/src/etools_datamart/api/filtering.py
@@ -1,9 +1,7 @@
-from datetime import datetime
-
 from django.core.cache import caches
 from django.db import connections
 from django.db.models import Q
-from drf_querystringfilter.exceptions import InvalidQueryValueError
+from django.template import loader
 from rest_framework.exceptions import PermissionDenied
 from rest_framework.filters import BaseFilterBackend
 from unicef_rest_framework.filtering import CoreAPIQueryStringFilterBackend
@@ -46,9 +44,9 @@ def get_schema_names(query_args):
                     country = UsersCountry.objects.get(f)
                 schemas.append(country.schema_name)
             # except UsersCountry.MultipleObjectsReturned:
-                # this is an issue only during tests
-                # country = UsersCountry.objects.filter(f).first()
-                # schemas.append(country.schema_name)
+            # this is an issue only during tests
+            # country = UsersCountry.objects.filter(f).first()
+            # schemas.append(country.schema_name)
             except UsersCountry.DoesNotExist:
                 errors.append(entry)
         conn.set_schemas(_s)
@@ -60,6 +58,7 @@ def get_schema_names(query_args):
 
 class CountryFilter(BaseFilterBackend):
     query_param = 'country_name'
+    template = 'api/country_filter.html'
 
     # @cached_property
     # def valid_schemas(self):
@@ -68,25 +67,30 @@ class CountryFilter(BaseFilterBackend):
 
     def get_query(self, request):
         if f"{self.query_param}!" in request.GET:
-            return True, request.GET.get(f"{self.query_param}!", "")
+            return True, ",".join(request.GET.getlist(f"{self.query_param}!", ""))
         elif self.query_param in request.GET:
-            return False, request.GET.get(self.query_param, "")
+            return False, ",".join(request.GET.getlist(self.query_param, ""))
 
         return "", ""
 
-    def get_filters(self, request):
+    def get_query_args(self, request):
         negate, value = self.get_query(request)
         if not value:
             if request.user.is_superuser:
-                return []
+                self.query_args = []
             else:
-                return get_allowed_schemas(request.user)
+                self.query_args = get_allowed_schemas(request.user)
+        else:
+            self.query_args = get_schema_names(value)
+        self.negate = negate
 
-        if negate:
-            exclude = get_schema_names(value)
+    def get_filters(self, request):
+        self.get_query_args(request)
+        if self.negate:
+            exclude = self.query_args
             selection = get_allowed_schemas(request.user) - exclude
         else:
-            selection = get_schema_names(value)
+            selection = self.query_args
             self.check_permission(request, selection)
         return selection
 
@@ -104,13 +108,16 @@ def filter_queryset(self, request, queryset, view):
             else:
                 raise PermissionDenied("You don't have enabled schemas")
         else:
-            queryset = queryset.filter(country_name__in=selection)
+            queryset = queryset.filter(schema_name__in=selection)
         return queryset
-        # selection = self.get_filters(request)
-        # if selection:
-        #     queryset = queryset.filter(country_name__in=selection)
-        # view.store(self.__class__.__name__, selection)
-        # return queryset
+
+    def to_html(self, request, queryset, view):
+        self.get_query_args(request)
+        template = loader.get_template(self.template)
+        context = {'countries': sorted(conn.all_schemas),
+                   'selection': self.query_args,
+                   'header': 'aaaaaa'}
+        return template.render(context, request)
 
 
 class TenantCountryFilter(CountryFilter):
@@ -125,25 +132,6 @@ def filter_queryset(self, request, queryset, view):
                 raise PermissionDenied("You don't have enabled schemas")
         else:
             conn.set_schemas(selection)
-        # if not selection:
-        #
-        #     # FIXME: pdb
-        #     import pdb; pdb.set_trace()
-        #
-        #     if request.user.is_superuser:
-        #         conn.set_all_schemas()
-        #     else:
-        #         allowed = get_allowed_schemas(request.user)
-        #         if not allowed:
-        #             raise PermissionDenied("You don't have enabled schemas")
-        #         conn.set_schemas(allowed)
-        # else:
-        #     if not request.user.is_superuser:
-        #         user_schemas = get_allowed_schemas(request.user)
-        #         if not user_schemas.issuperset(selection):
-        #             raise NotAuthorizedSchema(",".join(sorted(selection - user_schemas)))
-        #     conn.set_schemas(selection)
-        # view.store(self.__class__.__name__, conn.schemas)
         return queryset
 
 
@@ -174,32 +162,32 @@ def filter_queryset(self, request, queryset, view):
 # class CountryNameProcessorTenantModel(CountryNameProcessor):
 #     pass
 
-
-class MonthProcessor:
-    def process_month(self, filters, exclude, field, value, **payload):
-        if value:
-            try:
-                if '-' in value:
-                    m, y = value.split('-')
-                else:
-                    m = value
-                    y = datetime.now().year
-
-                if m in months:
-                    m = months.index(m) + 1
-                elif m in list(map(str, range(12))):
-                    m = m
-                elif value == 'current':
-                    m = datetime.now().month
-                    y = datetime.now().year
-                else:  # pragma: no cover
-                    raise InvalidQueryValueError('month', value)
-
-                filters['month__month'] = int(m)
-                filters['month__year'] = int(y)
-            except ValueError:  # pragma: no cover
-                raise InvalidQueryValueError('month', value)
-        return filters, exclude
+#
+# class MonthProcessor:
+#     def process_month(self, filters, exclude, field, value, **payload):
+#         if value:
+#             try:
+#                 if '-' in value:
+#                     m, y = value.split('-')
+#                 else:
+#                     m = value
+#                     y = datetime.now().year
+#
+#                 if m in months:
+#                     m = months.index(m) + 1
+#                 elif m in list(map(str, range(1,13))):
+#                     m = m
+#                 elif value == 'current':
+#                     m = datetime.now().month
+#                     y = datetime.now().year
+#                 else:  # pragma: no cover
+#                     raise InvalidQueryValueError('month', value)
+#
+#                 filters['month__month'] = int(m)
+#                 filters['month__year'] = int(y)
+#             except ValueError:  # pragma: no cover
+#                 raise InvalidQueryValueError('month', value)
+#         return filters, exclude
 
 
 class SetHeaderMixin:
@@ -213,7 +201,7 @@ def filter_queryset(self, request, queryset, view):
 
 class DatamartQueryStringFilterBackend(SetHeaderMixin,
                                        CoreAPIQueryStringFilterBackend,
-                                       MonthProcessor,
+                                       # MonthProcessor,
                                        # CountryNameProcessor,
                                        ):
     pass
diff --git a/src/etools_datamart/api/renderers.py b/src/etools_datamart/api/renderers.py
deleted file mode 100644
index f866af2e8..000000000
--- a/src/etools_datamart/api/renderers.py
+++ /dev/null
@@ -1,10 +0,0 @@
-# -*- coding: utf-8 -*-
-import logging
-
-from unicef_rest_framework.renderers import APIBrowsableAPIRenderer as _BrowsableAPIRenderer
-
-logger = logging.getLogger(__name__)
-
-
-class APIBrowsableAPIRenderer(_BrowsableAPIRenderer):
-    pass
diff --git a/src/etools_datamart/api/templates/api/country_filter.html b/src/etools_datamart/api/templates/api/country_filter.html
new file mode 100644
index 000000000..2472bc9db
--- /dev/null
+++ b/src/etools_datamart/api/templates/api/country_filter.html
@@ -0,0 +1,11 @@
+{% load rest_framework i18n query %}
+{#<h2>{% trans "Country" %}</h2>#}
+<div class="list-group">
+<label for="id_vendor_number" class="control-label ">Countries</label>
+<select name="country_name" multiple="multiple" class="select2" style="width: 100%">
+{% for country in countries %}<option {% if country in selection %}selected="selected"{% endif %}>{{ country }}</option>
+{% endfor %}
+</select>
+</div>
+<script>
+</script>
diff --git a/src/etools_datamart/apps/web/templates/admin/base_site.html b/src/etools_datamart/apps/web/templates/admin/base_site.html
index 294040670..d2b61e282 100644
--- a/src/etools_datamart/apps/web/templates/admin/base_site.html
+++ b/src/etools_datamart/apps/web/templates/admin/base_site.html
@@ -1,7 +1,17 @@
 {% extends "admin/base.html" %}
 
 {% block title %}{{ title }} | {{ site_title|default:_('Django site admin') }}{% endblock %}
-
+{% block extrastyle %}
+    {% if config.ANALYTICS_CODE %}
+        <script async src="https://www.googletagmanager.com/gtag/js?id={{ config.ANALYTICS_CODE }}"></script>
+        <script>
+            window.dataLayer = window.dataLayer || [];
+            function gtag() {dataLayer.push(arguments);}
+            gtag('js', new Date());
+            gtag('config', '{{ config.ANALYTICS_CODE }}');
+        </script>
+    {% endif %}
+{% endblock %}
 {% block branding %}
     <h1 id="site-name"><a href="{% url 'admin:index' %}">{{ site_header|default:_('Django administration') }}</a></h1>
 {% endblock %}
diff --git a/src/etools_datamart/apps/web/templates/base.html b/src/etools_datamart/apps/web/templates/base.html
index 0a47a4a25..f779ff3b1 100644
--- a/src/etools_datamart/apps/web/templates/base.html
+++ b/src/etools_datamart/apps/web/templates/base.html
@@ -7,19 +7,15 @@
         <link rel="icon" type="image/ico" href="{% static 'favicon.ico' %}">
         <link rel="stylesheet" type="text/css" href="{% static 'style.css' %}?_={% version %}">
     {% endblock head %}
-    <!-- Global site tag (gtag.js) - Google Analytics -->
-{#    <script async src="https://www.googletagmanager.com/gtag/js?id=UA-130479575-1"></script>#}
-{#    <script>#}
-{#        window.dataLayer = window.dataLayer || [];#}
-{##}
-{#        function gtag() {#}
-{#            dataLayer.push(arguments);#}
-{#        }#}
-{##}
-{#        gtag('js', new Date());#}
-{##}
-{#        gtag('config', 'UA-130479575-1');#}
-{#    </script>#}
+    {% if config.ANALYTICS_CODE %}
+        <script async src="https://www.googletagmanager.com/gtag/js?id={{ config.ANALYTICS_CODE }}"></script>
+        <script>
+            window.dataLayer = window.dataLayer || [];
+            function gtag() {dataLayer.push(arguments);}
+            gtag('js', new Date());
+            gtag('config', '{{ config.ANALYTICS_CODE }}');
+        </script>
+    {% endif %}
 </head>
 <body class="{{ page }}">
 
diff --git a/src/etools_datamart/celery.py b/src/etools_datamart/celery.py
index f138aeaec..af968a78a 100644
--- a/src/etools_datamart/celery.py
+++ b/src/etools_datamart/celery.py
@@ -97,19 +97,6 @@ def task_prerun_handler(signal, sender, task_id, task, args, kwargs, **kw):
          content_type='application/x-myjson', content_encoding='utf-8')
 
 
-# @task_success.connect
-# def task_success_handler(signal, sender, result, **kw):
-#     # TODO: remove me
-#     print(22222222222, sender)
-#     print(22222222222, result)
-#
-#
-# @task_failure.connect
-# def task_failure_handler(signal, sender, task_id, exception, args, kwargs, tarceback, einfo, **kw):
-#     # TODO: remove me
-#     print(33333333333)
-
-
 @task_postrun.connect
 def task_postrun_handler(signal, sender, task_id, task, args, kwargs, retval, state, **kw):
     from django.utils import timezone
diff --git a/src/etools_datamart/config/settings.py b/src/etools_datamart/config/settings.py
index 6d6e0ce09..855208f3f 100644
--- a/src/etools_datamart/config/settings.py
+++ b/src/etools_datamart/config/settings.py
@@ -269,6 +269,14 @@
     # 'django.contrib.admin',
     'etools_datamart.config.admin.AdminConfig',
 
+    'etools_datamart.apps.core.apps.Config',
+    'etools_datamart.apps.etools',
+    'etools_datamart.apps.data',
+    'etools_datamart.apps.etl.apps.Config',
+    'etools_datamart.apps.tracking.apps.Config',
+    'etools_datamart.apps.subscriptions',
+    'etools_datamart.api',
+
     'admin_extra_urls',
     'unicef_rest_framework.apps.Config',
     'rest_framework',
@@ -293,13 +301,6 @@
 
     'django_celery_beat',
 
-    'etools_datamart.apps.core.apps.Config',
-    'etools_datamart.apps.etools',
-    'etools_datamart.apps.data',
-    'etools_datamart.apps.etl.apps.Config',
-    'etools_datamart.apps.tracking.apps.Config',
-    'etools_datamart.apps.subscriptions',
-    'etools_datamart.api',
 ]
 DATE_FORMAT = '%d %b %Y'
 DATE_INPUT_FORMATS = [
@@ -340,7 +341,14 @@
         'default': 'djcelery_email.backends.CeleryEmailBackend'
     }
 }
+# celery-mail
 CELERY_EMAIL_CHUNK_SIZE = 10
+
+# crispy-forms
+CRISPY_FAIL_SILENTLY = not DEBUG
+CRISPY_CLASS_CONVERTERS = {'textinput': "textinput inputtext"}
+CRISPY_TEMPLATE_PACK = 'bootstrap3'
+
 # django-secure
 CSRF_COOKIE_SECURE = env.bool('CSRF_COOKIE_SECURE')
 SECURE_BROWSER_XSS_FILTER = True
diff --git a/src/month_field/rest_framework.py b/src/month_field/rest_framework.py
index 52b80f4c1..ae802f5e2 100644
--- a/src/month_field/rest_framework.py
+++ b/src/month_field/rest_framework.py
@@ -1,4 +1,4 @@
-from datetime import datetime
+from datetime import date, datetime
 from functools import lru_cache
 
 import coreapi
@@ -16,19 +16,53 @@ class MonthForm(forms.Form):
     month = MonthField()
 
 
+def clean(value):
+    months = list(MONTHS_3.values())
+    if '-' in value:
+        m, y = value.split('-')
+        y = y or datetime.now().year
+    else:
+        m = value
+        y = datetime.now().year
+
+    if m in months:
+        m = months.index(m) + 1
+    elif m in list(map(str, range(12))):
+        m = m
+    elif value == 'current':
+        m = datetime.now().month
+        y = datetime.now().year
+    else:
+        m = 0
+        y = 0
+    return int(m), int(y)
+
+
 class MonthFilterBackend(BaseFilterBackend):
     template = 'month_field/rest_framework/month_filtering.html'
     month_param = 'month'
 
-    def get_value(self, request, queryset, view):
-        return request.query_params.get(self.month_param)
+    def get_value(self, request):
+        raw_value = request.query_params.get(self.month_param, "")
+        return clean(raw_value)
+
+    def get_form(self, request, view, context):
+        month, year = context['current']
+        Frm = type("MonthForm", (forms.Form,),
+                   {self.month_param: MonthField(label="Month",
+                                                 required=False)})
+        if month:
+            return Frm(initial={self.month_param: date(day=1, month=month, year=year)})
+        else:
+            return Frm()
 
     def get_template_context(self, request, queryset, view):
-        current = self.get_value(request, queryset, view)
+        current = self.get_value(request)
         context = {
             'request': request,
-            'form': MonthForm(initial={'month': current}),
+            'current': current,
         }
+        context['form'] = self.get_form(request, view, context)
         return context
 
     def to_html(self, request, queryset, view):
@@ -57,25 +91,10 @@ def get_schema_fields(self, view):
     def filter_queryset(self, request, queryset, view):
         value = request.GET.get('month', "").lower()
         m = y = None
-        months = MONTHS_3.values()
+
         if value:
             try:
-                if '-' in value:
-                    m, y = value.split('-')
-                else:
-                    m = value
-                    y = datetime.now().year
-
-                if m in months:
-                    m = months.index(m) + 1
-                elif m in list(map(str, range(12))):
-                    m = m
-                elif value == 'current':
-                    m = datetime.now().month
-                    y = datetime.now().year
-                # elif value == 'latest':
-                #     m = datetime.now().month
-                #     y = datetime.now().year
+                m, y = clean(value)
                 return queryset.filter(month__month=int(m),
                                        month__year=int(y))
             except ValueError:
diff --git a/src/month_field/templates/month_field/rest_framework/month_filtering.html b/src/month_field/templates/month_field/rest_framework/month_filtering.html
index 9dab72c0a..5bd617355 100644
--- a/src/month_field/templates/month_field/rest_framework/month_filtering.html
+++ b/src/month_field/templates/month_field/rest_framework/month_filtering.html
@@ -1,15 +1,5 @@
-{% load rest_framework i18n %}
-<h2>{% trans "Month" %}</h2>
+{% load rest_framework i18n crispy_forms_tags %}
+{#<h2>{% trans "Month" %}</h2>#}
 <div class="list-group">
-    <form class="form" method="get" id="month_field_form">
-        {{ form.as_p }}
-        <button type="submit" class="btn btn-primary">{% trans "Submit" %}</button>
-    </form>
-    <script>
-        $('#month_field_form').submit(function (e) {
-            var form = $(this);
-            console.log('11111');
-            return false;
-        })
-    </script>
+    {{ form|crispy }}
 </div>
diff --git a/src/month_field/widgets.py b/src/month_field/widgets.py
index afeb921d1..42b2e4878 100644
--- a/src/month_field/widgets.py
+++ b/src/month_field/widgets.py
@@ -14,9 +14,11 @@ class MonthSelectorWidget(widgets.MultiWidget):
 
     def __init__(self, attrs=None):
         # create choices for days, months, years
+        months = {"": "--"}
+        months.update(MONTHS)
         _attrs = attrs or {}  # default class
         _attrs['style'] = 'width:20%;'
-        _widgets = [widgets.Select(attrs=_attrs, choices=MONTHS.items()),
+        _widgets = [widgets.Select(attrs=_attrs, choices=months.items()),
                     widgets.NumberInput(attrs=_attrs)
                     ]
         super(MonthSelectorWidget, self).__init__(_widgets, attrs)
@@ -48,7 +50,7 @@ def value_from_datadict(self, data, files, name):
         try:
             D = date(day=1, month=int(datelist[0]),
                      year=int(datelist[1]))
-        except ValueError:
+        except (ValueError, TypeError):
             return ''
         else:
             return str(D)
diff --git a/src/unicef_rest_framework/admin/service.py b/src/unicef_rest_framework/admin/service.py
index 1e8ccb2ae..5db29a35a 100644
--- a/src/unicef_rest_framework/admin/service.py
+++ b/src/unicef_rest_framework/admin/service.py
@@ -39,7 +39,7 @@ def get_stash_url(obj, label=None, **kwargs):
 
 
 class ServiceAdmin(ExtraUrlMixin, admin.ModelAdmin):
-    list_display = ('name', 'visible', 'cache_version', 'source_model', 'json', 'admin')
+    list_display = ('name', 'visible', 'access', 'cache_version', 'source_model', 'json', 'admin')
     list_filter = ('hidden', 'access')
 
     search_fields = ('name', 'viewset')
diff --git a/src/unicef_rest_framework/ds.py b/src/unicef_rest_framework/ds.py
index 582f350b8..9ae323217 100644
--- a/src/unicef_rest_framework/ds.py
+++ b/src/unicef_rest_framework/ds.py
@@ -1,5 +1,6 @@
 import coreapi
 import coreschema
+from django.forms import ChoiceField, forms
 from django.template import loader
 from dynamic_serializer.core import DynamicSerializerMixin as DynamicSerializerMixinBase
 from rest_framework.filters import BaseFilterBackend
@@ -37,7 +38,7 @@ def build_description(self):
 class DynamicSerializerFilter(BaseFilterBackend):
     # template = 'rest_framework/filters/search.html'
     ordering_title = 'Serializer'
-    template = 'dynamic_serializer/filter.html'
+    template = 'dynamic_serializer/select.html'
 
     def get_schema_fields(self, view):
         ret = []
@@ -53,16 +54,27 @@ def get_schema_fields(self, view):
     def filter_queryset(self, request, queryset, view):
         return queryset
 
+    def get_form(self, request, view):
+        choices = zip(view.serializers_fieldsets.keys(), view.serializers_fieldsets.keys())
+        Frm = type("SerializerForm", (forms.Form,),
+                   {view.serializer_field_param: ChoiceField(
+                       label="Serializer",
+                       choices=choices,
+                       required=False)})
+        return Frm(request.GET)
+
     def get_template_context(self, request, queryset, view):
         current = view.get_selected_serializer_name()
         context = {'request': request,
                    'current': current,
+                   'form': self.get_form(request, view),
                    'param': view.serializer_field_param,
                    }
         context['options'] = view.serializers_fieldsets.keys()
         return context
 
     def to_html(self, request, queryset, view):
-        template = loader.get_template(self.template)
-        context = self.get_template_context(request, queryset, view)
-        return template.render(context)
+        if len(view.serializers_fieldsets.keys()) > 1:
+            template = loader.get_template(self.template)
+            context = self.get_template_context(request, queryset, view)
+            return template.render(context)
diff --git a/src/unicef_rest_framework/filtering.py b/src/unicef_rest_framework/filtering.py
index 7448f7e92..ccc473b9a 100644
--- a/src/unicef_rest_framework/filtering.py
+++ b/src/unicef_rest_framework/filtering.py
@@ -11,7 +11,7 @@
 class SystemFilterBackend(BaseFilterBackend):
 
     def filter_queryset(self, request, queryset, view):
-        # _system_filters ahs been set by cache.SystemFilterKeyBit
+        # _system_filters has been set by cache.SystemFilterKeyBit
         # if hasattr(request._request, "_system_filters"):
         #     if request._request._system_filters:
         #         queryset = request._request._system_filters.filter_queryset(queryset)
diff --git a/src/unicef_rest_framework/management/commands/api-inspect.py b/src/unicef_rest_framework/management/commands/api-inspect.py
new file mode 100644
index 000000000..585898615
--- /dev/null
+++ b/src/unicef_rest_framework/management/commands/api-inspect.py
@@ -0,0 +1,34 @@
+# -*- coding: utf-8 -*-
+import logging
+
+from django.core.management import BaseCommand
+from unicef_rest_framework.config import conf
+from unicef_rest_framework.models import Service
+
+logger = logging.getLogger(__name__)
+
+
+class Command(BaseCommand):
+    args = ''
+    help = ''
+
+    def add_arguments(self, parser):
+        parser.add_argument(
+            '--all',
+            action='store_true',
+            dest='all',
+            default=False,
+            help='select all options but `demo`')
+
+    def handle(self, *args, **options):
+        router = conf.ROUTER
+
+        list_name = router.routes[0].name
+        for prefix, viewset, basename in router.registry:
+            service, ok = Service.objects.check_or_create(prefix,
+                                                          viewset,
+                                                          basename,
+                                                          list_name.format(basename=basename)
+                                                          )
+        for service in Service.objects.order_by('name'):
+            print("{0.id:4} {0.name:30} {0.endpoint:40}".format(service))
diff --git a/src/unicef_rest_framework/migrations/0003_auto_20181211_1735.py b/src/unicef_rest_framework/migrations/0003_auto_20181211_1735.py
new file mode 100644
index 000000000..8c7067f97
--- /dev/null
+++ b/src/unicef_rest_framework/migrations/0003_auto_20181211_1735.py
@@ -0,0 +1,25 @@
+# Generated by Django 2.1.4 on 2018-12-11 17:35
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('unicef_rest_framework', '0002_auto_20181207_1305'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='service',
+            name='basename',
+            field=models.CharField(default='', help_text='viewset basename', max_length=200),
+            preserve_default=False,
+        ),
+        migrations.AddField(
+            model_name='service',
+            name='url_name',
+            field=models.CharField(default='', help_text='url name as per drf reverse', max_length=300),
+            preserve_default=False,
+        ),
+    ]
diff --git a/src/unicef_rest_framework/models/service.py b/src/unicef_rest_framework/models/service.py
index e341f0f6e..731300700 100644
--- a/src/unicef_rest_framework/models/service.py
+++ b/src/unicef_rest_framework/models/service.py
@@ -23,6 +23,9 @@ def invalidate_cache(self, **kwargs):
             service.viewset.get_service.cache_clear()
 
     def get_for_viewset(self, viewset):
+        return self.model.objects.get(viewset=viewset)
+
+    def check_or_create(self, prefix, viewset, basename, url_name, ):
         name = getattr(viewset, 'label', viewset.__name__)
         source_model = ContentType.objects.get_for_model(viewset().get_queryset().model)
         service, isnew = self.model.objects.get_or_create(viewset=viewset,
@@ -34,17 +37,22 @@ def get_for_viewset(self, viewset):
                                                               'description': getattr(viewset, '__doc__', ""),
                                                               'source_model': source_model
                                                           })
-        if not isnew:
-            service.source_model = source_model
-            service.save()
-            viewset.get_service.cache_clear()
+
+        service.url_name = url_name
+        service.basename = basename
+        service.endpoint = prefix
+        service.source_model = source_model
+        service.save()
+        viewset.get_service.cache_clear()
         return service, isnew
 
     def load_services(self):
         router = conf.ROUTER
         created = deleted = 0
+        list_name = router.routes[0].name
         for prefix, viewset, basename in router.registry:
-            service, isnew = self.get_for_viewset(viewset)
+            service, isnew = self.check_or_create(prefix, viewset, basename,
+                                                  list_name.format(basename=basename))
             # try:
             if isnew:
                 created += 1
@@ -80,6 +88,9 @@ class Service(MasterDataModel):
     description = models.TextField(blank=True, null=True)
     viewset = StrategyClassField(help_text='class FQN',
                                  unique=True, db_index=True)
+    basename = models.CharField(max_length=200, help_text='viewset basename')
+    url_name = models.CharField(max_length=300, help_text='url name as per drf reverse')
+    endpoint = models.CharField(max_length=300, help_text='url path')
     access = models.IntegerField(choices=[(k, v) for k, v in acl.ACL_LABELS.items()],
                                  default=acl.ACL_ACCESS_LOGIN,
                                  help_text="Required privileges")
diff --git a/src/unicef_rest_framework/ordering.py b/src/unicef_rest_framework/ordering.py
new file mode 100644
index 000000000..980e78fcf
--- /dev/null
+++ b/src/unicef_rest_framework/ordering.py
@@ -0,0 +1,19 @@
+from django import forms
+from rest_framework.filters import OrderingFilter as OrderingFilterBase
+
+
+class OrderingFilter(OrderingFilterBase):
+    template = 'rest_framework/filters/filter_form.html'
+
+    def get_form(self, request, view, context):
+        Frm = type("OrderForm", (forms.Form,),
+                   {context['param']: forms.ChoiceField(
+                       label="Ordering",
+                       choices=context['options'],
+                       required=False)})
+        return Frm(request.GET)
+
+    def get_template_context(self, request, queryset, view):
+        context = super().get_template_context(request, queryset, view)
+        context['form'] = self.get_form(request, view, context)
+        return context
diff --git a/src/unicef_rest_framework/pagination.py b/src/unicef_rest_framework/pagination.py
index 1b83e4f5b..afebd5887 100644
--- a/src/unicef_rest_framework/pagination.py
+++ b/src/unicef_rest_framework/pagination.py
@@ -1,3 +1,4 @@
+import sys
 from collections import OrderedDict
 
 from rest_framework import serializers
@@ -37,22 +38,40 @@ class APIPagination(PageNumberPagination):
     last_page_strings = ('last',)
 
     def get_paginated_response(self, data):
-        return Response(OrderedDict([
-            ('count', self.page.paginator.count),
-            ('next', self.get_next_link()),
-            ('current_page', self.page.number),
-            ('total_pages', self.page.paginator.num_pages),
-            ('previous', self.get_previous_link()),
-            ('results', data)
-        ]))
+        if hasattr(self, 'page'):
+            return Response(OrderedDict([
+                ('count', self.page.paginator.count),
+                ('next', self.get_next_link()),
+                ('current_page', self.page.number),
+                ('total_pages', self.page.paginator.num_pages),
+                ('previous', self.get_previous_link()),
+                ('results', data)
+            ]))
+        else:
+            return Response(OrderedDict([
+                ('count', len(data)),
+                ('next', 'N/A'),
+                ('current_page', 1),
+                ('total_pages', 1),
+                ('previous', 'N/A'),
+                ('results', data)
+            ]))
 
     def get_page_size(self, request):
-        if request._request.GET.get('format') == 'csv':
-            return 999999999
+        if request._request.GET.get('format') == ['csv', 'iqy', 'xlsx']:
+            return sys.maxsize
+        try:
+            desired = request.query_params[self.page_size_query_param]
+            if desired == "-1":
+                return sys.maxsize
+        except (KeyError, ValueError):
+            pass
         return super().get_page_size(request)
 
     def paginate_queryset(self, queryset, request, view=None):
         # self._handle_backwards_compat(view)
+        if self.get_page_size(request) == sys.maxsize:
+            return queryset
         return super(APIPagination, self).paginate_queryset(queryset, request, view)
 
     def get_next_link(self):
diff --git a/src/unicef_rest_framework/renderers/__init__.py b/src/unicef_rest_framework/renderers/__init__.py
index ab3d1cd40..bc2240b38 100644
--- a/src/unicef_rest_framework/renderers/__init__.py
+++ b/src/unicef_rest_framework/renderers/__init__.py
@@ -1,4 +1,4 @@
-from .api import APIBrowsableAPIRenderer  # noqa
+from .api import URFBrowsableAPIRenderer  # noqa
 from .microsoft.json import MSJSONRenderer  # noqa
 from .microsoft.xml import MSXmlRenderer  # noqa
 from .xls import XLSXRenderer  # noqa
diff --git a/src/unicef_rest_framework/renderers/api.py b/src/unicef_rest_framework/renderers/api.py
index cac29508b..8d65594e1 100644
--- a/src/unicef_rest_framework/renderers/api.py
+++ b/src/unicef_rest_framework/renderers/api.py
@@ -7,11 +7,12 @@
 logger = logging.getLogger(__name__)
 
 
-class APIBrowsableAPIRenderer(_BrowsableAPIRenderer):
+class URFBrowsableAPIRenderer(_BrowsableAPIRenderer):
     template = 'rest_framework/api.html'
+    filter_template = 'rest_framework/filter_template.html'
 
     def get_context(self, data, accepted_media_type, renderer_context):
-        ctx = super(APIBrowsableAPIRenderer, self).get_context(data, accepted_media_type, renderer_context)
+        ctx = super(URFBrowsableAPIRenderer, self).get_context(data, accepted_media_type, renderer_context)
         # in the real flow, this is added by the MultiTenant Middleware
         # but this function is called before the middleware system is involved
         request = ctx['request']
diff --git a/src/unicef_rest_framework/routers.py b/src/unicef_rest_framework/routers.py
index 52f8c0bf5..96b604c77 100644
--- a/src/unicef_rest_framework/routers.py
+++ b/src/unicef_rest_framework/routers.py
@@ -1,14 +1,48 @@
 # -*- coding: utf-8 -*-
 import logging
+from collections import OrderedDict
 
-from rest_framework import routers
+from django.urls import NoReverseMatch
+from rest_framework import routers, views
+from rest_framework.response import Response
+from rest_framework.reverse import reverse
 from rest_framework.routers import DynamicRoute, Route
 
 logger = logging.getLogger(__name__)
 
 
+class APIRootView(views.APIView):
+    """
+    The default basic root view for DefaultRouter
+    """
+    _ignore_model_permissions = True
+    schema = None  # exclude from schema
+    api_root_dict = None
+
+    def get(self, request, *args, **kwargs):
+        # Return a plain {"name": "hyperlink"} response.
+        ret = OrderedDict()
+        namespace = request.resolver_match.namespace
+        for key, url_name in self.api_root_dict.items():
+            if namespace:
+                url_name = namespace + ':' + url_name
+            try:
+                ret[key] = reverse(
+                    url_name,
+                    args=args,
+                    kwargs=kwargs,
+                    request=request,
+                    format=kwargs.get('format', None)
+                )
+            except NoReverseMatch:
+                # Don't bail out if eg. no list routes exist, only detail routes.
+                continue
+
+        return Response(ret)
+
+
 class APIRouter(routers.DefaultRouter):
-    pass
+    APIRootView = APIRootView
 
 
 class APIReadOnlyRouter(APIRouter):
@@ -51,9 +85,13 @@ class APIReadOnlyRouter(APIRouter):
         ),
     ]
 
-    # def get_urls(self):
-    #     urls = super(ReadOnlyRouter, self).get_urls()
-    #     view = self.get_api_root_view(api_urls=urls)
-    #     root_url = url(r'^$', view, name=self.root_view_name)
-    #     urls.append(root_url)
-    #     return urls
+    def get_api_root_view(self, api_urls=None):
+        """
+        Return a basic root view.
+        """
+        api_root_dict = OrderedDict()
+        list_name = self.routes[0].name
+        for prefix, viewset, basename in self.registry:
+            api_root_dict[prefix] = list_name.format(basename=basename)
+
+        return self.APIRootView.as_view(api_root_dict=api_root_dict)
diff --git a/src/unicef_rest_framework/templates/dynamic_serializer/filter.html b/src/unicef_rest_framework/templates/dynamic_serializer/filter.html
index 57eeb7e9f..86ba4a779 100644
--- a/src/unicef_rest_framework/templates/dynamic_serializer/filter.html
+++ b/src/unicef_rest_framework/templates/dynamic_serializer/filter.html
@@ -1,5 +1,6 @@
 {% load rest_framework %}
 {% load i18n %}
+{% if options %}
 <h2>{% trans "Serializer" %}</h2>
 <div class="list-group">
     {% for key in options %}
@@ -12,3 +13,4 @@ <h2>{% trans "Serializer" %}</h2>
         {% endif %}
     {% endfor %}
 </div>
+{% endif %}
diff --git a/src/unicef_rest_framework/templates/dynamic_serializer/select.html b/src/unicef_rest_framework/templates/dynamic_serializer/select.html
new file mode 100644
index 000000000..5bb19afa7
--- /dev/null
+++ b/src/unicef_rest_framework/templates/dynamic_serializer/select.html
@@ -0,0 +1,10 @@
+{% load rest_framework crispy_forms_tags %}
+{% load i18n %}
+{% if title %}<h2>{% trans title %}</h2>{% endif %}
+<div class="list-group">
+    {{ form|crispy }}
+{#    <select name="{{ param }}" class="select2">#}
+{#    {% for name in options %}#}
+{#        <option value="{{ name }}" {% if name == current %}selected="selected"{% endif %}>{{ name }}</option>#}
+{#    {% endfor %}</select>#}
+</div>
diff --git a/src/unicef_rest_framework/templates/rest_framework/base.html b/src/unicef_rest_framework/templates/rest_framework/base.html
index 0e801c49c..5dd152249 100644
--- a/src/unicef_rest_framework/templates/rest_framework/base.html
+++ b/src/unicef_rest_framework/templates/rest_framework/base.html
@@ -5,7 +5,7 @@
 
 <!DOCTYPE html>
 <html>
-  <head>
+<head>
     {% block head %}
         <link rel="icon" type="image/ico" href="{% static 'favicon.ico' %}">
       {% block meta %}
@@ -20,7 +20,7 @@
           <link rel="stylesheet" type="text/css" href="{% static "rest_framework/css/bootstrap.min.css" %}"/>
           <link rel="stylesheet" type="text/css" href="{% static "rest_framework/css/bootstrap-tweaks.css" %}"/>
         {% endblock %}
-
+        <link href="https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.6-rc.0/css/select2.min.css" rel="stylesheet" />
         <link rel="stylesheet" type="text/css" href="{% static "rest_framework/css/prettify.css" %}"/>
         <link rel="stylesheet" type="text/css" href="{% static "rest_framework/css/default.css" %}"/>
         <link rel="stylesheet" type="text/css" href="{% static "style.css" %}"/>
@@ -36,6 +36,20 @@
         </script>
     {% endif %}
     {% endblock %}
+<style>
+    @media (min-width: 768px){
+        #messageModal .modal-dialog {
+            width: 750px;
+            margin: 30px auto;
+        }
+    }
+    @media (min-width: 1024px){
+        #messageModal .modal-dialog {
+            width: 800px;
+            margin: 30px auto;
+        }
+    }
+</style>
   </head>
 
   {% block body %}
@@ -48,7 +62,7 @@
           <div class="container">
             <span>
               {% block branding %}
-                <a class='navbar-brand' rel="nofollow" href='/'>
+                  <a class='navbar-brand' rel="nofollow" href='/'>
                     UNICEF REST Framework
                 </a>
               {% endblock %}
@@ -86,6 +100,30 @@
           {% block content %}
 
           <div class="region"  aria-label="{% trans "request form" %}">
+
+          {% if iqy_url %}
+              <div class="pull-right" style="margin-left: 10px">
+                  <fieldset>
+                  <div class="btn-group format-selection">
+                    <a class="btn btn-primary js-tooltip" href="{{ iqy_url  }}?{% set_query_values %}" rel="nofollow" title="Download IQY file">IQY</a>
+                    <button class="btn btn-primary dropdown-toggle js-tooltip" data-toggle="dropdown" title="IQY">
+                      <span class="caret"></span>
+                    </button>
+                    <ul class="dropdown-menu">
+                        <li>
+                          <a class="js-tooltip format-option" href="{{ iqy_url  }}?{% set_query_values %}" rel="nofollow" title="">Download</a>
+                          <a data-toggle="modal" data-target="#messageModal"
+                             data-source="{{ iqy_url  }}?{% set_query_values _display=1 %}"
+                                  class="display-modal js-tooltip format-option"
+                                    href="#" rel="nofollow" title="">Display</a>
+                        </li>
+                    </ul>
+                      &nbsp;
+              </div>
+              </fieldset>
+             </div>
+          {% endif %}
+
           {% if 'GET' in allowed_methods %}
             <form id="get-form" class="pull-right">
               <fieldset>
@@ -116,13 +154,6 @@
               <button class="btn btn-primary js-tooltip" title="Make an OPTIONS request on the {{ name }} resource">OPTIONS</button>
             </form>
           {% endif %}
-          {% if iqy_url %}
-              <span class="button-form" >
-              <a href="{{ iqy_url  }}?{% set_query_values %}"
-                 tyle="float: right; color:black; background-color: #1e90ff; margin-right: 0;margin-top:5px; margin-left: 10px;"
-                 class="btn btn-primary js-tooltip">IQY</a>
-              </span>
-          {% endif %}
 
           {% if delete_form %}
             <button class="btn btn-danger button-form js-tooltip" title="Make a DELETE request on the {{ name }} resource" data-toggle="modal" data-target="#deleteModal">DELETE</button>
@@ -191,7 +222,9 @@ <h1>{{ name }}</h1>
               {% endif %}
 
               <div class="request-info" style="clear: both" aria-label="{% trans "request info" %}">
-                <pre class="prettyprint"><b>{{ request.method }}</b> {{ request.get_full_path }}</pre>
+                <pre class="prettyprint"><b>{{ request.method }}</b> {{ request.get_full_path }}<span style="cursor:pointer;float: right;position: relative;display: inline" id="copyToClipboard">copy</span></pre>
+                  <input style="position: absolute;left:-9999px"
+                          readonly="readonly" type="text" name="query-url" value="{{request.get_full_path}}">
               </div>
 
               <div class="response-info" aria-label="{% trans "response info" %}">
@@ -303,9 +336,23 @@ <h1>{{ name }}</h1>
     </div><!-- ./wrapper -->
 
     {% if filter_form %}
-      {{ filter_form }}
+        {{ filter_form }}
     {% endif %}
 
+    <div class="modal fade" id="messageModal" tabindex="-1">
+      <div class="modal-dialog">
+        <div class="modal-content">
+          <div class="modal-header">
+            <button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span></button>
+            <h4 class="modal-title"></h4>
+        </div>
+          <div class="modal-body">
+          </div>
+        </div>
+      </div>
+    </div>
+
+
     {% block script %}
       <script>
         window.drf = {
@@ -319,10 +366,52 @@ <h1>{{ name }}</h1>
       <script src="{% static "rest_framework/js/bootstrap.min.js" %}"></script>
       <script src="{% static "rest_framework/js/prettify-min.js" %}"></script>
       <script src="{% static "rest_framework/js/default.js" %}"></script>
+      <script src="https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.6-rc.0/js/select2.min.js"></script>
+
       <script>
-        $(document).ready(function() {
-          $('form').ajaxForm();
-        });
+            $(document).ready(function () {
+                $('form').ajaxForm();
+            });
+
+            $('.select2').select2({
+                placeholder: 'Select an option'
+            });
+            $('#filter-form').on("submit", function (e) {
+                var qs = {};
+                $('#filter-form *').filter(':input').each(function (id, el) {
+                    var $el = $(el);
+                    var name = $el.attr("name");
+                    var val = $el.val();
+                    if (name && val) {
+                        if (name === 'month_0'){
+                            qs["month"] = val + "-" +$('input[name=month_1]').val();
+                        }else if (name==='month_1') {
+
+                        }
+                        else if (val.constructor === Array && val.length > 0) {
+                            qs[name] = val.join();
+                        } else {
+                            qs[name] = val;
+                        }
+                    }
+                });
+                location.href = location.pathname+ "?"+ $.param(qs);;
+                return false;
+            });
+            $("#copyToClipboard").on("click", function(){
+                $('input[name=query-url]').select();
+                document.execCommand("copy");
+                console.log("copied")
+            });
+            $(".display-modal").on("click", function(e){
+                var url = $(e.target).data("source");
+                $.ajax(url).done(function( data ) {
+                    $("#messageModal .modal-title").html("IQY file");
+                    $("#messageModal .modal-body").html("<pre>"+data+"</pre>");
+                    $("#messageModal").show();
+                    console.log( data )
+                });
+            });
       </script>
     {% endblock %}
 
diff --git a/src/unicef_rest_framework/templates/rest_framework/filter_template.html b/src/unicef_rest_framework/templates/rest_framework/filter_template.html
new file mode 100644
index 000000000..bba6f8448
--- /dev/null
+++ b/src/unicef_rest_framework/templates/rest_framework/filter_template.html
@@ -0,0 +1,20 @@
+{% load i18n crispy_forms_tags %}
+<div class="modal fade" id="filtersModal" tabindex="-1" role="dialog" aria-labelledby="filters" aria-hidden="true">
+  <div class="modal-dialog">
+    <div class="modal-content">
+      <div class="modal-header">
+        <button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span></button>
+        <h4 class="modal-title">Filters</h4>
+    </div>
+      <div class="modal-body">
+      <form method="get" id="filter-form">
+          {% for element in elements %}
+{#          {% if not forloop.first %}<hr/>{% endif %}#}
+          {{ element }}
+          {% endfor %}
+          <button type="submit" class="btn btn-primary">{% trans "Submit" %}</button>
+      </form>
+      </div>
+    </div>
+  </div>
+</div>
diff --git a/src/unicef_rest_framework/templates/rest_framework/filters/filter_form.html b/src/unicef_rest_framework/templates/rest_framework/filters/filter_form.html
new file mode 100644
index 000000000..5bb19afa7
--- /dev/null
+++ b/src/unicef_rest_framework/templates/rest_framework/filters/filter_form.html
@@ -0,0 +1,10 @@
+{% load rest_framework crispy_forms_tags %}
+{% load i18n %}
+{% if title %}<h2>{% trans title %}</h2>{% endif %}
+<div class="list-group">
+    {{ form|crispy }}
+{#    <select name="{{ param }}" class="select2">#}
+{#    {% for name in options %}#}
+{#        <option value="{{ name }}" {% if name == current %}selected="selected"{% endif %}>{{ name }}</option>#}
+{#    {% endfor %}</select>#}
+</div>
diff --git a/src/unicef_rest_framework/templates/rest_framework/filters/ordering.html b/src/unicef_rest_framework/templates/rest_framework/filters/ordering.html
new file mode 100644
index 000000000..be4d30999
--- /dev/null
+++ b/src/unicef_rest_framework/templates/rest_framework/filters/ordering.html
@@ -0,0 +1,10 @@
+{% load rest_framework crispy_forms_tags %}
+{% load i18n %}
+<h2>{% trans "Serializer" %}</h2>
+<div class="list-group">
+    {{ form|crispy }}
+{#    <select name="{{ param }}" class="select2">#}
+{#    {% for name in options %}#}
+{#        <option value="{{ name }}" {% if name == current %}selected="selected"{% endif %}>{{ name }}</option>#}
+{#    {% endfor %}</select>#}
+</div>
diff --git a/src/unicef_rest_framework/views.py b/src/unicef_rest_framework/views.py
index 570e6e23b..889e6ebd2 100644
--- a/src/unicef_rest_framework/views.py
+++ b/src/unicef_rest_framework/views.py
@@ -5,7 +5,6 @@
 from drf_querystringfilter.backend import QueryStringFilterBackend
 from rest_framework import viewsets
 from rest_framework.authentication import BasicAuthentication, SessionAuthentication, TokenAuthentication
-from rest_framework.filters import OrderingFilter
 from rest_framework.renderers import JSONRenderer
 from rest_framework_xml.renderers import XMLRenderer
 from rest_framework_yaml.renderers import YAMLRenderer
@@ -17,9 +16,10 @@
 from .ds import DynamicSerializerFilter, DynamicSerializerMixin
 from .filtering import SystemFilterBackend
 from .negotiation import CT
+from .ordering import OrderingFilter
 from .permissions import ServicePermission
-from .renderers import (APIBrowsableAPIRenderer, HTMLRenderer, IQYRenderer, MSJSONRenderer,
-                        MSXmlRenderer, PDFRenderer, TextRenderer, XLSXRenderer,)
+from .renderers import (HTMLRenderer, IQYRenderer, MSJSONRenderer, MSXmlRenderer,
+                        PDFRenderer, TextRenderer, URFBrowsableAPIRenderer, XLSXRenderer,)
 from .renderers.csv import CSVRenderer
 
 
@@ -31,7 +31,7 @@ def __get__(self, instance, owner):
         return self.getter(owner)
 
 
-class ReadOnlyModelViewSet(DynamicSerializerMixin, viewsets.ReadOnlyModelViewSet):
+class URFReadOnlyModelViewSet(DynamicSerializerMixin, viewsets.ReadOnlyModelViewSet):
     serializer_field_param = '-serializer'
     dynamic_fields_param = '+fields'
 
@@ -52,13 +52,12 @@ class ReadOnlyModelViewSet(DynamicSerializerMixin, viewsets.ReadOnlyModelViewSet
                               )
     default_access = acl.ACL_ACCESS_LOGIN
     content_negotiation_class = CT
-    filter_backends = [SystemFilterBackend,
-                       QueryStringFilterBackend,
+    filter_backends = [QueryStringFilterBackend,
                        OrderingFilter,
                        DynamicSerializerFilter]
 
     renderer_classes = [JSONRenderer,
-                        APIBrowsableAPIRenderer,
+                        URFBrowsableAPIRenderer,
                         CSVRenderer,
                         YAMLRenderer,
                         XLSXRenderer,
@@ -78,6 +77,17 @@ class ReadOnlyModelViewSet(DynamicSerializerMixin, viewsets.ReadOnlyModelViewSet
     permission_classes = [ServicePermission, ]
     serializers_fieldsets = {}
 
+    def get_filter_backends(self, removes=None):
+        flt = list(self.filter_backends)
+        if SystemFilterBackend not in flt:
+            flt.insert(0, SystemFilterBackend)
+        return list(filter(removes, flt))
+
+    def filter_queryset(self, queryset):
+        for backend in self.get_filter_backends():
+            queryset = backend().filter_queryset(self.request, queryset, self)
+        return queryset
+
     def store(self, key, value):
         self.request._request.api_info[key] = value
 
@@ -102,7 +112,7 @@ def label(cls):
     @lru_cache()
     def get_service(cls):
         from unicef_rest_framework.models import Service
-        return Service.objects.get_for_viewset(cls)[0]
+        return Service.objects.get_for_viewset(cls)
 
     # @classproperty
     # def endpoint(self):
@@ -114,12 +124,12 @@ def get_service(cls):
     @etag(etag_func='object_etag_func')
     @cache_response(key_func='object_cache_key_func', cache='api')
     def retrieve(self, request, *args, **kwargs):
-        return super(ReadOnlyModelViewSet, self).retrieve(request, *args, **kwargs)
+        return super(URFReadOnlyModelViewSet, self).retrieve(request, *args, **kwargs)
 
     @etag(etag_func='list_etag_func')
     @cache_response(key_func='list_cache_key_func', cache='api')
     def list(self, request, *args, **kwargs):
-        return super(ReadOnlyModelViewSet, self).list(request, *args, **kwargs)
+        return super(URFReadOnlyModelViewSet, self).list(request, *args, **kwargs)
 
     @property
     def paginator(self):
diff --git a/tests/api/test_datamart_security.py b/tests/api/test_datamart_security.py
index 844958bfa..9b554705d 100644
--- a/tests/api/test_datamart_security.py
+++ b/tests/api/test_datamart_security.py
@@ -22,9 +22,9 @@ def local_user(db):
 
 @pytest.fixture()
 def user_data(db):
-    data = [UserStatsFactory(country_name='lebanon', month=datetime.datetime(2000, 1, 1)),
-            UserStatsFactory(country_name='chad', month=datetime.datetime(2000, 1, 1)),
-            UserStatsFactory(country_name='bolivia', month=datetime.datetime(2000, 1, 1))]
+    data = [UserStatsFactory(country_name='Lebanon', schema_name='lebanon', month=datetime.datetime(2000, 1, 1)),
+            UserStatsFactory(country_name='Chad', schema_name='chad', month=datetime.datetime(2000, 1, 1)),
+            UserStatsFactory(country_name='Bolivia', schema_name='bolivia', month=datetime.datetime(2000, 1, 1))]
     yield
     [r.delete() for r in data]
 
diff --git a/tests/api/test_system_filters.py b/tests/api/test_system_filters.py
index 5f8ff6aa8..7d9f658c6 100644
--- a/tests/api/test_system_filters.py
+++ b/tests/api/test_system_filters.py
@@ -9,9 +9,9 @@
 
 @pytest.fixture(autouse=True)
 def setup_data(db):
-    datas = [InterventionFactory(country_name='bolivia'),
-             InterventionFactory(country_name='chad'),
-             InterventionFactory(country_name='lebanon')]
+    datas = [InterventionFactory(schema_name='bolivia', country_name='Bolivia'),
+             InterventionFactory(schema_name='chad', country_name='Chad'),
+             InterventionFactory(schema_name='lebanon', country_name='Lebanon')]
     yield
     [d.delete() for d in datas]
 
@@ -23,14 +23,14 @@ def test_user_system_filter(client: APIClient, data_service: Service, user1: Use
 
     client.force_authenticate(user1)
     data_service.invalidate_cache()
-    SystemFilterFactory(service=data_service, user=user1, rules={'country_name': 'bolivia'})
+    SystemFilterFactory(service=data_service, user=user1, rules={'country_name': 'Bolivia'})
     UserAccessControlFactory(service=data_service, user=user1)
     with user_allow_country(user1, "bolivia"):
         with django_assert_no_duplicate_queries():
             res = client.get(data_service.endpoint)
     assert res.status_code == 200
     results = res.json()['results']
-    assert res['system-filters'] == "country_name=bolivia"
+    assert res['system-filters'] == "country_name=Bolivia"
     assert res['cache-hit'] == "False"
     assert len(results) == 1
     assert [r['country_name'] for r in results] == ['bolivia']

From 4a87012d25ecd27da094e2b39453f02fd1cf5089 Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Wed, 12 Dec 2018 20:32:16 +0100
Subject: [PATCH 48/86] reset migrations

---
 .../apps/data/migrations/0001_initial.py      |  2 +-
 .../apps/etl/migrations/0001_initial.py       |  2 +-
 .../subscriptions/migrations/0001_initial.py  |  2 +-
 ...207_1305.py => 0002_auto_20181212_1912.py} |  4 +--
 .../apps/tracking/migrations/0001_initial.py  |  2 +-
 ...207_1305.py => 0002_auto_20181212_1912.py} |  4 +--
 .../migrations/0001_initial.py                |  4 ++-
 ...207_1305.py => 0002_auto_20181212_1912.py} |  4 +--
 .../migrations/0003_auto_20181211_1735.py     | 25 -------------------
 .../migrations/0001_initial.py                |  2 +-
 tests/api/test_system_filters.py              |  2 +-
 11 files changed, 15 insertions(+), 38 deletions(-)
 rename src/etools_datamart/apps/subscriptions/migrations/{0002_auto_20181207_1305.py => 0002_auto_20181212_1912.py} (93%)
 rename src/etools_datamart/apps/tracking/migrations/{0002_auto_20181207_1305.py => 0002_auto_20181212_1912.py} (97%)
 rename src/unicef_rest_framework/migrations/{0002_auto_20181207_1305.py => 0002_auto_20181212_1912.py} (99%)
 delete mode 100644 src/unicef_rest_framework/migrations/0003_auto_20181211_1735.py

diff --git a/src/etools_datamart/apps/data/migrations/0001_initial.py b/src/etools_datamart/apps/data/migrations/0001_initial.py
index a2605a968..3305bd0c5 100644
--- a/src/etools_datamart/apps/data/migrations/0001_initial.py
+++ b/src/etools_datamart/apps/data/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-07 13:05
+# Generated by Django 2.1.4 on 2018-12-12 19:12
 
 import django.contrib.postgres.fields.jsonb
 import month_field.models
diff --git a/src/etools_datamart/apps/etl/migrations/0001_initial.py b/src/etools_datamart/apps/etl/migrations/0001_initial.py
index e666b9952..25f36ab6b 100644
--- a/src/etools_datamart/apps/etl/migrations/0001_initial.py
+++ b/src/etools_datamart/apps/etl/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-07 13:05
+# Generated by Django 2.1.4 on 2018-12-12 19:12
 
 import django.contrib.postgres.fields.jsonb
 import django.db.models.deletion
diff --git a/src/etools_datamart/apps/subscriptions/migrations/0001_initial.py b/src/etools_datamart/apps/subscriptions/migrations/0001_initial.py
index 07b473ed0..a55a03ed3 100644
--- a/src/etools_datamart/apps/subscriptions/migrations/0001_initial.py
+++ b/src/etools_datamart/apps/subscriptions/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-07 13:05
+# Generated by Django 2.1.4 on 2018-12-12 19:12
 
 import django.db.models.deletion
 from django.db import migrations, models
diff --git a/src/etools_datamart/apps/subscriptions/migrations/0002_auto_20181207_1305.py b/src/etools_datamart/apps/subscriptions/migrations/0002_auto_20181212_1912.py
similarity index 93%
rename from src/etools_datamart/apps/subscriptions/migrations/0002_auto_20181207_1305.py
rename to src/etools_datamart/apps/subscriptions/migrations/0002_auto_20181212_1912.py
index 8fd005401..d888e2f71 100644
--- a/src/etools_datamart/apps/subscriptions/migrations/0002_auto_20181207_1305.py
+++ b/src/etools_datamart/apps/subscriptions/migrations/0002_auto_20181212_1912.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-07 13:05
+# Generated by Django 2.1.4 on 2018-12-12 19:12
 
 import django.db.models.deletion
 from django.conf import settings
@@ -10,8 +10,8 @@ class Migration(migrations.Migration):
     initial = True
 
     dependencies = [
-        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
         ('subscriptions', '0001_initial'),
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
     ]
 
     operations = [
diff --git a/src/etools_datamart/apps/tracking/migrations/0001_initial.py b/src/etools_datamart/apps/tracking/migrations/0001_initial.py
index 1d11761e3..67cf1cb41 100644
--- a/src/etools_datamart/apps/tracking/migrations/0001_initial.py
+++ b/src/etools_datamart/apps/tracking/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-07 13:05
+# Generated by Django 2.1.4 on 2018-12-12 19:12
 
 import django.utils.timezone
 import strategy_field.fields
diff --git a/src/etools_datamart/apps/tracking/migrations/0002_auto_20181207_1305.py b/src/etools_datamart/apps/tracking/migrations/0002_auto_20181212_1912.py
similarity index 97%
rename from src/etools_datamart/apps/tracking/migrations/0002_auto_20181207_1305.py
rename to src/etools_datamart/apps/tracking/migrations/0002_auto_20181212_1912.py
index 9861b7e23..7f8a06a68 100644
--- a/src/etools_datamart/apps/tracking/migrations/0002_auto_20181207_1305.py
+++ b/src/etools_datamart/apps/tracking/migrations/0002_auto_20181212_1912.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-07 13:05
+# Generated by Django 2.1.4 on 2018-12-12 19:12
 
 import django.db.models.deletion
 from django.conf import settings
@@ -11,8 +11,8 @@ class Migration(migrations.Migration):
 
     dependencies = [
         ('unicef_rest_framework', '0001_initial'),
-        ('tracking', '0001_initial'),
         migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+        ('tracking', '0001_initial'),
     ]
 
     operations = [
diff --git a/src/unicef_rest_framework/migrations/0001_initial.py b/src/unicef_rest_framework/migrations/0001_initial.py
index 3894e011d..770e311bb 100644
--- a/src/unicef_rest_framework/migrations/0001_initial.py
+++ b/src/unicef_rest_framework/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-07 13:05
+# Generated by Django 2.1.4 on 2018-12-12 19:12
 
 import uuid
 
@@ -61,6 +61,8 @@ class Migration(migrations.Migration):
                 ('name', models.CharField(db_index=True, help_text='unique service name', max_length=100, unique=True)),
                 ('description', models.TextField(blank=True, null=True)),
                 ('viewset', strategy_field.fields.StrategyClassField(db_index=True, help_text='class FQN', unique=True)),
+                ('basename', models.CharField(help_text='viewset basename', max_length=200)),
+                ('url_name', models.CharField(help_text='url name as per drf reverse', max_length=300)),
                 ('access', models.IntegerField(choices=[(0, 'Open'), (2, 'Login required'), (4, 'Access Restricted'), (8, 'Business authorization needed')], default=2, help_text='Required privileges')),
                 ('confidentiality', models.IntegerField(choices=[(1, 'Strictly Confidential'), (2, 'Confidential'), (3, 'Internal'), (4, 'Internal UN'), (5, 'Public')], default=3)),
                 ('hidden', models.BooleanField(default=False)),
diff --git a/src/unicef_rest_framework/migrations/0002_auto_20181207_1305.py b/src/unicef_rest_framework/migrations/0002_auto_20181212_1912.py
similarity index 99%
rename from src/unicef_rest_framework/migrations/0002_auto_20181207_1305.py
rename to src/unicef_rest_framework/migrations/0002_auto_20181212_1912.py
index d81ea7c2f..b590dd81f 100644
--- a/src/unicef_rest_framework/migrations/0002_auto_20181207_1305.py
+++ b/src/unicef_rest_framework/migrations/0002_auto_20181212_1912.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-07 13:05
+# Generated by Django 2.1.4 on 2018-12-12 19:12
 
 import django.db.models.deletion
 from django.conf import settings
@@ -10,8 +10,8 @@ class Migration(migrations.Migration):
     initial = True
 
     dependencies = [
-        ('unicef_rest_framework', '0001_initial'),
         ('auth', '0009_alter_user_last_name_max_length'),
+        ('unicef_rest_framework', '0001_initial'),
         ('contenttypes', '0002_remove_content_type_name'),
         migrations.swappable_dependency(settings.AUTH_USER_MODEL),
     ]
diff --git a/src/unicef_rest_framework/migrations/0003_auto_20181211_1735.py b/src/unicef_rest_framework/migrations/0003_auto_20181211_1735.py
deleted file mode 100644
index 8c7067f97..000000000
--- a/src/unicef_rest_framework/migrations/0003_auto_20181211_1735.py
+++ /dev/null
@@ -1,25 +0,0 @@
-# Generated by Django 2.1.4 on 2018-12-11 17:35
-
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-
-    dependencies = [
-        ('unicef_rest_framework', '0002_auto_20181207_1305'),
-    ]
-
-    operations = [
-        migrations.AddField(
-            model_name='service',
-            name='basename',
-            field=models.CharField(default='', help_text='viewset basename', max_length=200),
-            preserve_default=False,
-        ),
-        migrations.AddField(
-            model_name='service',
-            name='url_name',
-            field=models.CharField(default='', help_text='url name as per drf reverse', max_length=300),
-            preserve_default=False,
-        ),
-    ]
diff --git a/src/unicef_security/migrations/0001_initial.py b/src/unicef_security/migrations/0001_initial.py
index 6445d7c73..63f4312f7 100644
--- a/src/unicef_security/migrations/0001_initial.py
+++ b/src/unicef_security/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-07 13:05
+# Generated by Django 2.1.4 on 2018-12-12 19:12
 
 import django.contrib.auth.models
 import django.contrib.auth.validators
diff --git a/tests/api/test_system_filters.py b/tests/api/test_system_filters.py
index 7d9f658c6..29cde459d 100644
--- a/tests/api/test_system_filters.py
+++ b/tests/api/test_system_filters.py
@@ -33,4 +33,4 @@ def test_user_system_filter(client: APIClient, data_service: Service, user1: Use
     assert res['system-filters'] == "country_name=Bolivia"
     assert res['cache-hit'] == "False"
     assert len(results) == 1
-    assert [r['country_name'] for r in results] == ['bolivia']
+    assert [r['country_name'] for r in results] == ['Bolivia']

From c534fe17c40de88506f11c23e482a9270332d63d Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Wed, 12 Dec 2018 22:20:32 +0100
Subject: [PATCH 49/86] reset migrations

---
 .../apps/data/migrations/0001_initial.py      |  2 +-
 .../apps/etl/migrations/0001_initial.py       |  2 +-
 .../subscriptions/migrations/0001_initial.py  |  2 +-
 ...212_1912.py => 0002_auto_20181212_2119.py} |  4 ++--
 .../apps/tracking/migrations/0001_initial.py  |  2 +-
 ...212_1912.py => 0002_auto_20181212_2119.py} |  2 +-
 src/month_field/rest_framework.py             |  2 +-
 src/unicef_rest_framework/admin/service.py    | 19 ++++++++++++---
 src/unicef_rest_framework/apps.py             |  3 +++
 .../migrations/0001_initial.py                |  2 +-
 ...212_1912.py => 0002_auto_20181212_2119.py} |  8 +++----
 src/unicef_rest_framework/models/service.py   | 18 ++++----------
 src/unicef_rest_framework/tasks.py            | 10 ++++++++
 .../migrations/0001_initial.py                |  2 +-
 tests/api/test_api_filtering.py               | 24 ++++++++++++++-----
 15 files changed, 66 insertions(+), 36 deletions(-)
 rename src/etools_datamart/apps/subscriptions/migrations/{0002_auto_20181212_1912.py => 0002_auto_20181212_2119.py} (93%)
 rename src/etools_datamart/apps/tracking/migrations/{0002_auto_20181212_1912.py => 0002_auto_20181212_2119.py} (97%)
 rename src/unicef_rest_framework/migrations/{0002_auto_20181212_1912.py => 0002_auto_20181212_2119.py} (98%)
 create mode 100644 src/unicef_rest_framework/tasks.py

diff --git a/src/etools_datamart/apps/data/migrations/0001_initial.py b/src/etools_datamart/apps/data/migrations/0001_initial.py
index 3305bd0c5..742c58f3d 100644
--- a/src/etools_datamart/apps/data/migrations/0001_initial.py
+++ b/src/etools_datamart/apps/data/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-12 19:12
+# Generated by Django 2.1.4 on 2018-12-12 21:19
 
 import django.contrib.postgres.fields.jsonb
 import month_field.models
diff --git a/src/etools_datamart/apps/etl/migrations/0001_initial.py b/src/etools_datamart/apps/etl/migrations/0001_initial.py
index 25f36ab6b..3744cf625 100644
--- a/src/etools_datamart/apps/etl/migrations/0001_initial.py
+++ b/src/etools_datamart/apps/etl/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-12 19:12
+# Generated by Django 2.1.4 on 2018-12-12 21:19
 
 import django.contrib.postgres.fields.jsonb
 import django.db.models.deletion
diff --git a/src/etools_datamart/apps/subscriptions/migrations/0001_initial.py b/src/etools_datamart/apps/subscriptions/migrations/0001_initial.py
index a55a03ed3..214e91ddd 100644
--- a/src/etools_datamart/apps/subscriptions/migrations/0001_initial.py
+++ b/src/etools_datamart/apps/subscriptions/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-12 19:12
+# Generated by Django 2.1.4 on 2018-12-12 21:19
 
 import django.db.models.deletion
 from django.db import migrations, models
diff --git a/src/etools_datamart/apps/subscriptions/migrations/0002_auto_20181212_1912.py b/src/etools_datamart/apps/subscriptions/migrations/0002_auto_20181212_2119.py
similarity index 93%
rename from src/etools_datamart/apps/subscriptions/migrations/0002_auto_20181212_1912.py
rename to src/etools_datamart/apps/subscriptions/migrations/0002_auto_20181212_2119.py
index d888e2f71..887dbbcb1 100644
--- a/src/etools_datamart/apps/subscriptions/migrations/0002_auto_20181212_1912.py
+++ b/src/etools_datamart/apps/subscriptions/migrations/0002_auto_20181212_2119.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-12 19:12
+# Generated by Django 2.1.4 on 2018-12-12 21:19
 
 import django.db.models.deletion
 from django.conf import settings
@@ -10,8 +10,8 @@ class Migration(migrations.Migration):
     initial = True
 
     dependencies = [
-        ('subscriptions', '0001_initial'),
         migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+        ('subscriptions', '0001_initial'),
     ]
 
     operations = [
diff --git a/src/etools_datamart/apps/tracking/migrations/0001_initial.py b/src/etools_datamart/apps/tracking/migrations/0001_initial.py
index 67cf1cb41..c55cfb60f 100644
--- a/src/etools_datamart/apps/tracking/migrations/0001_initial.py
+++ b/src/etools_datamart/apps/tracking/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-12 19:12
+# Generated by Django 2.1.4 on 2018-12-12 21:19
 
 import django.utils.timezone
 import strategy_field.fields
diff --git a/src/etools_datamart/apps/tracking/migrations/0002_auto_20181212_1912.py b/src/etools_datamart/apps/tracking/migrations/0002_auto_20181212_2119.py
similarity index 97%
rename from src/etools_datamart/apps/tracking/migrations/0002_auto_20181212_1912.py
rename to src/etools_datamart/apps/tracking/migrations/0002_auto_20181212_2119.py
index 7f8a06a68..967aa0c8b 100644
--- a/src/etools_datamart/apps/tracking/migrations/0002_auto_20181212_1912.py
+++ b/src/etools_datamart/apps/tracking/migrations/0002_auto_20181212_2119.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-12 19:12
+# Generated by Django 2.1.4 on 2018-12-12 21:19
 
 import django.db.models.deletion
 from django.conf import settings
diff --git a/src/month_field/rest_framework.py b/src/month_field/rest_framework.py
index ae802f5e2..acb9a38d5 100644
--- a/src/month_field/rest_framework.py
+++ b/src/month_field/rest_framework.py
@@ -27,7 +27,7 @@ def clean(value):
 
     if m in months:
         m = months.index(m) + 1
-    elif m in list(map(str, range(12))):
+    elif m in list(map(str, range(1, 13))):
         m = m
     elif value == 'current':
         m = datetime.now().month
diff --git a/src/unicef_rest_framework/admin/service.py b/src/unicef_rest_framework/admin/service.py
index 5db29a35a..89bcc95c2 100644
--- a/src/unicef_rest_framework/admin/service.py
+++ b/src/unicef_rest_framework/admin/service.py
@@ -39,12 +39,12 @@ def get_stash_url(obj, label=None, **kwargs):
 
 
 class ServiceAdmin(ExtraUrlMixin, admin.ModelAdmin):
-    list_display = ('name', 'visible', 'access', 'cache_version', 'source_model', 'json', 'admin')
+    list_display = ('name', 'visible', 'access', 'cache_version', 'basename', 'json', 'admin')
     list_filter = ('hidden', 'access')
 
     search_fields = ('name', 'viewset')
     readonly_fields = ('cache_version', 'cache_ttl', 'cache_key', 'viewset', 'name', 'uuid',
-                       'last_modify_user', 'source_model',)
+                       'last_modify_user', 'source_model', 'endpoint', 'basename')
     form = ServiceForm
     filter_horizontal = ('linked_models',)
     fieldsets = [("", {"fields": ('name',
@@ -52,7 +52,7 @@ class ServiceAdmin(ExtraUrlMixin, admin.ModelAdmin):
                                   'access',
                                   # 'confidentiality',
                                   # 'hidden',
-                                  'source_model',
+                                  ('source_model', 'basename', 'endpoint'),
                                   'linked_models',
                                   )})]
 
@@ -126,11 +126,24 @@ def refresh(self, request):
     def invalidate_all_cache(self, request):
         Service.objects.invalidate_cache()
 
+    @action()
+    def doc(self, request, pk):
+        service = Service.objects.get(pk=pk)
+        base = '/api/+redoc/#operation/'
+        path = service.endpoint.replace('/', '_')
+        return HttpResponseRedirect("{0}api_{1}_list".format(base, path))
+
     @action()
     def api(self, request, pk):
         service = Service.objects.get(pk=pk)
         return HttpResponseRedirect(service.endpoint)
 
+    @action()
+    def crontab_expire(self, request, pk):
+        base = reverse("admin:django_celery_beat_crontabschedule_add")
+        url = f"{base}?"
+        return HttpResponseRedirect(url)
+
     @action()
     def invalidate_cache(self, request, pk):
         service = Service.objects.get(pk=pk)
diff --git a/src/unicef_rest_framework/apps.py b/src/unicef_rest_framework/apps.py
index 48e1ee0a3..6971b6413 100644
--- a/src/unicef_rest_framework/apps.py
+++ b/src/unicef_rest_framework/apps.py
@@ -5,3 +5,6 @@
 class Config(AppConfig):
     name = 'unicef_rest_framework'
     verbose_name = 'API Configuration'
+
+    def ready(self):
+        from . import tasks  # noqa
diff --git a/src/unicef_rest_framework/migrations/0001_initial.py b/src/unicef_rest_framework/migrations/0001_initial.py
index 770e311bb..e16f623c2 100644
--- a/src/unicef_rest_framework/migrations/0001_initial.py
+++ b/src/unicef_rest_framework/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-12 19:12
+# Generated by Django 2.1.4 on 2018-12-12 21:19
 
 import uuid
 
diff --git a/src/unicef_rest_framework/migrations/0002_auto_20181212_1912.py b/src/unicef_rest_framework/migrations/0002_auto_20181212_2119.py
similarity index 98%
rename from src/unicef_rest_framework/migrations/0002_auto_20181212_1912.py
rename to src/unicef_rest_framework/migrations/0002_auto_20181212_2119.py
index b590dd81f..41bba4550 100644
--- a/src/unicef_rest_framework/migrations/0002_auto_20181212_1912.py
+++ b/src/unicef_rest_framework/migrations/0002_auto_20181212_2119.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-12 19:12
+# Generated by Django 2.1.4 on 2018-12-12 21:19
 
 import django.db.models.deletion
 from django.conf import settings
@@ -10,10 +10,10 @@ class Migration(migrations.Migration):
     initial = True
 
     dependencies = [
-        ('auth', '0009_alter_user_last_name_max_length'),
         ('unicef_rest_framework', '0001_initial'),
-        ('contenttypes', '0002_remove_content_type_name'),
         migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+        ('auth', '0009_alter_user_last_name_max_length'),
+        ('contenttypes', '0002_remove_content_type_name'),
     ]
 
     operations = [
@@ -136,7 +136,7 @@ class Migration(migrations.Migration):
         ),
         migrations.AlterUniqueTogether(
             name='systemfilter',
-            unique_together={('service', 'group'), ('service', 'user')},
+            unique_together={('service', 'user'), ('service', 'group')},
         ),
         migrations.AlterUniqueTogether(
             name='groupaccesscontrol',
diff --git a/src/unicef_rest_framework/models/service.py b/src/unicef_rest_framework/models/service.py
index 731300700..9b91344df 100644
--- a/src/unicef_rest_framework/models/service.py
+++ b/src/unicef_rest_framework/models/service.py
@@ -6,6 +6,7 @@
 from django.db import models
 from django.db.models import F
 from django.utils.functional import cached_property
+from django_celery_beat.models import CrontabSchedule
 from rest_framework.reverse import reverse
 from strategy_field.fields import StrategyClassField
 from unicef_rest_framework.config import conf
@@ -90,7 +91,6 @@ class Service(MasterDataModel):
                                  unique=True, db_index=True)
     basename = models.CharField(max_length=200, help_text='viewset basename')
     url_name = models.CharField(max_length=300, help_text='url name as per drf reverse')
-    endpoint = models.CharField(max_length=300, help_text='url path')
     access = models.IntegerField(choices=[(k, v) for k, v in acl.ACL_LABELS.items()],
                                  default=acl.ACL_ACCESS_LOGIN,
                                  help_text="Required privileges")
@@ -102,7 +102,6 @@ class Service(MasterDataModel):
 
     cache_version = models.IntegerField(default=1)
     cache_ttl = models.CharField(default='1d', max_length=5)
-    # cache_expire = models.TimeField(blank=True, null=True)
     cache_key = models.CharField(max_length=1000,
                                  null=True, blank=True,
                                  help_text='Key used to invalidate service cache')
@@ -125,6 +124,7 @@ class Meta:
     def invalidate_cache(self):
         Service.objects.invalidate_cache(id=self.pk)
         self.refresh_from_db()
+        return self.cache_version
 
     def reset_cache(self, value=0):
         Service.objects.filter(id=self.pk).update(cache_version=value)
@@ -136,10 +136,7 @@ def get_access_level(self):
 
     @cached_property
     def endpoint(self):
-        for __, viewset, base_name in conf.ROUTER.registry:
-            if viewset == self.viewset:
-                return reverse(f'api:{base_name}-list', args=['latest'])
-        return None
+        return reverse(f'api:{self.basename}-list', args=['latest'])
 
     @cached_property
     def display_name(self):
@@ -149,14 +146,12 @@ def display_name(self):
     def managed_model(self):
         try:
             return self.source_model.model_class()
-            # v = self.viewset()
-            # m = v.get_queryset().model
-            # del v
-            # return m
         except TypeError:
             return None
 
     def save(self, force_insert=False, force_update=False, using=None, update_fields=None):
+        if self.cache_expire:
+            CrontabSchedule
         if self.pk:
             try:
                 v = self.viewset()
@@ -167,11 +162,8 @@ def save(self, force_insert=False, force_update=False, using=None, update_fields
                 logger.exception(e)
         super(Service, self).save(force_insert, force_update, using, update_fields)
 
-        # self.invalidate_cache()
-
     def __str__(self):
         return self.name
-        # return "Service:{} ({})".format(self.name, self.viewset)
 
 
 class CacheVersion(Service):
diff --git a/src/unicef_rest_framework/tasks.py b/src/unicef_rest_framework/tasks.py
new file mode 100644
index 000000000..f4e0a919a
--- /dev/null
+++ b/src/unicef_rest_framework/tasks.py
@@ -0,0 +1,10 @@
+from celery.app import default_app
+from unicef_rest_framework.models import Service
+
+
+@default_app.task()
+def invalidate_cache(service_id):
+    service = Service.objects.get(service_id)
+    service.invalidate_cache()
+    return {"cache_versipn": service.cache_version,
+            "service": service.name}
diff --git a/src/unicef_security/migrations/0001_initial.py b/src/unicef_security/migrations/0001_initial.py
index 63f4312f7..4e07df18e 100644
--- a/src/unicef_security/migrations/0001_initial.py
+++ b/src/unicef_security/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-12 19:12
+# Generated by Django 2.1.4 on 2018-12-12 21:19
 
 import django.contrib.auth.models
 import django.contrib.auth.validators
diff --git a/tests/api/test_api_filtering.py b/tests/api/test_api_filtering.py
index 68d50a24e..cd039e8a4 100644
--- a/tests/api/test_api_filtering.py
+++ b/tests/api/test_api_filtering.py
@@ -1,6 +1,6 @@
 import pytest
 from rest_framework.test import APIClient
-from test_utilities.factories import AdminFactory, UserFactory
+from test_utilities.factories import AdminFactory, FAMIndicatorFactory, UserFactory
 from unicef_rest_framework.test_utils import user_allow_country, user_allow_service
 
 from etools_datamart.api.endpoints import EngagementViewSet, InterventionViewSet, PartnerViewSet
@@ -106,14 +106,26 @@ def test_filter_country_invalid(viewset, user_type, op):
 #             assert res.json()
 #
 #
-@pytest.mark.parametrize('flt', ['10', 'oct', '10-2018', 'current', ''])
-def test_filter_datamart_month(db, client, flt):
+
+@pytest.mark.parametrize('ct', ['text/html', 'application/json'])
+@pytest.mark.parametrize('flt', ['10', 'oct', '10-2018', 'current', '', '12-'])
+def test_filter_datamart_month(db, client, flt, ct):
+    FAMIndicatorFactory(month='2018-12')
     client.force_authenticate(AdminFactory())
 
-    url = f"/api/latest/datamart/user-stats/?month=%s" % flt
-    res = client.get(url)
+    url = f"/api/latest/datamart/fam-indicators/?month=%s" % flt
+    res = client.get(url, HTTP_ACCEPT=ct)
     assert res.status_code == 200
-    assert res.json()
+    # assert res.json()
+
+#
+# @pytest.mark.parametrize('flt', ['10', 'oct', '10-2018', 'current', '', '10-'])
+# def test_filter_datamart_month_browseable(admin_user, django_app, flt):
+#     url = f"/api/latest/datamart/user-stats/?month=%s" % flt
+#     res = django_app.get(url, user=admin_user, HTTP_ACCEPT='text/html')
+#     assert res.status_code == 200
+#     assert res.content == ""
+#
 
 #
 # @pytest.mark.parametrize('flt', ['10', 'oct', '10-2018', 'current', ''])

From cf458b31b63a76951e05cfd86bd9affecc72a643 Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Wed, 12 Dec 2018 23:01:28 +0100
Subject: [PATCH 50/86] improves UI

---
 .../apps/data/migrations/0001_initial.py              |  2 +-
 .../apps/etl/migrations/0001_initial.py               |  2 +-
 .../apps/subscriptions/migrations/0001_initial.py     |  2 +-
 ...to_20181212_2119.py => 0002_auto_20181212_2155.py} |  4 ++--
 .../apps/tracking/migrations/0001_initial.py          |  2 +-
 ...to_20181212_2119.py => 0002_auto_20181212_2155.py} |  6 +++---
 src/etools_datamart/config/settings.py                |  6 ++++--
 src/unicef_rest_framework/admin/service.py            |  9 ++++-----
 src/unicef_rest_framework/migrations/0001_initial.py  |  3 ++-
 ...to_20181212_2119.py => 0002_auto_20181212_2155.py} |  8 ++++----
 src/unicef_rest_framework/models/service.py           | 11 +++++++----
 src/unicef_rest_framework/renderers/api.py            |  1 +
 .../templates/rest_framework/base.html                |  4 +++-
 src/unicef_security/migrations/0001_initial.py        |  2 +-
 14 files changed, 35 insertions(+), 27 deletions(-)
 rename src/etools_datamart/apps/subscriptions/migrations/{0002_auto_20181212_2119.py => 0002_auto_20181212_2155.py} (93%)
 rename src/etools_datamart/apps/tracking/migrations/{0002_auto_20181212_2119.py => 0002_auto_20181212_2155.py} (97%)
 rename src/unicef_rest_framework/migrations/{0002_auto_20181212_2119.py => 0002_auto_20181212_2155.py} (99%)

diff --git a/src/etools_datamart/apps/data/migrations/0001_initial.py b/src/etools_datamart/apps/data/migrations/0001_initial.py
index 742c58f3d..4cb1a322a 100644
--- a/src/etools_datamart/apps/data/migrations/0001_initial.py
+++ b/src/etools_datamart/apps/data/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-12 21:19
+# Generated by Django 2.1.4 on 2018-12-12 21:55
 
 import django.contrib.postgres.fields.jsonb
 import month_field.models
diff --git a/src/etools_datamart/apps/etl/migrations/0001_initial.py b/src/etools_datamart/apps/etl/migrations/0001_initial.py
index 3744cf625..978667fbc 100644
--- a/src/etools_datamart/apps/etl/migrations/0001_initial.py
+++ b/src/etools_datamart/apps/etl/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-12 21:19
+# Generated by Django 2.1.4 on 2018-12-12 21:55
 
 import django.contrib.postgres.fields.jsonb
 import django.db.models.deletion
diff --git a/src/etools_datamart/apps/subscriptions/migrations/0001_initial.py b/src/etools_datamart/apps/subscriptions/migrations/0001_initial.py
index 214e91ddd..6dd5426e0 100644
--- a/src/etools_datamart/apps/subscriptions/migrations/0001_initial.py
+++ b/src/etools_datamart/apps/subscriptions/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-12 21:19
+# Generated by Django 2.1.4 on 2018-12-12 21:55
 
 import django.db.models.deletion
 from django.db import migrations, models
diff --git a/src/etools_datamart/apps/subscriptions/migrations/0002_auto_20181212_2119.py b/src/etools_datamart/apps/subscriptions/migrations/0002_auto_20181212_2155.py
similarity index 93%
rename from src/etools_datamart/apps/subscriptions/migrations/0002_auto_20181212_2119.py
rename to src/etools_datamart/apps/subscriptions/migrations/0002_auto_20181212_2155.py
index 887dbbcb1..3491bd358 100644
--- a/src/etools_datamart/apps/subscriptions/migrations/0002_auto_20181212_2119.py
+++ b/src/etools_datamart/apps/subscriptions/migrations/0002_auto_20181212_2155.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-12 21:19
+# Generated by Django 2.1.4 on 2018-12-12 21:55
 
 import django.db.models.deletion
 from django.conf import settings
@@ -10,8 +10,8 @@ class Migration(migrations.Migration):
     initial = True
 
     dependencies = [
-        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
         ('subscriptions', '0001_initial'),
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
     ]
 
     operations = [
diff --git a/src/etools_datamart/apps/tracking/migrations/0001_initial.py b/src/etools_datamart/apps/tracking/migrations/0001_initial.py
index c55cfb60f..f89fcd33d 100644
--- a/src/etools_datamart/apps/tracking/migrations/0001_initial.py
+++ b/src/etools_datamart/apps/tracking/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-12 21:19
+# Generated by Django 2.1.4 on 2018-12-12 21:55
 
 import django.utils.timezone
 import strategy_field.fields
diff --git a/src/etools_datamart/apps/tracking/migrations/0002_auto_20181212_2119.py b/src/etools_datamart/apps/tracking/migrations/0002_auto_20181212_2155.py
similarity index 97%
rename from src/etools_datamart/apps/tracking/migrations/0002_auto_20181212_2119.py
rename to src/etools_datamart/apps/tracking/migrations/0002_auto_20181212_2155.py
index 967aa0c8b..ff7b43c32 100644
--- a/src/etools_datamart/apps/tracking/migrations/0002_auto_20181212_2119.py
+++ b/src/etools_datamart/apps/tracking/migrations/0002_auto_20181212_2155.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-12 21:19
+# Generated by Django 2.1.4 on 2018-12-12 21:55
 
 import django.db.models.deletion
 from django.conf import settings
@@ -10,9 +10,9 @@ class Migration(migrations.Migration):
     initial = True
 
     dependencies = [
-        ('unicef_rest_framework', '0001_initial'),
-        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
         ('tracking', '0001_initial'),
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+        ('unicef_rest_framework', '0001_initial'),
     ]
 
     operations = [
diff --git a/src/etools_datamart/config/settings.py b/src/etools_datamart/config/settings.py
index 855208f3f..685134cd9 100644
--- a/src/etools_datamart/config/settings.py
+++ b/src/etools_datamart/config/settings.py
@@ -11,9 +11,10 @@
 PACKAGE_DIR = SETTINGS_DIR.parent
 DEVELOPMENT_DIR = PACKAGE_DIR.parent.parent
 
-env = environ.Env(API_URL=(str, 'http://localhost:8000/api/'),
+env = environ.Env(API_PREFIX=(str, '/api/'),
                   ETOOLS_DUMP_LOCATION=(str, str(PACKAGE_DIR / 'apps' / 'multitenant' / 'postgresql')),
                   ANALYTICS_CODE=(str, ""),
+                  REDOC_BASE=(str, '/api/+redoc/#operation/'),
                   CACHE_URL=(str, "redis://127.0.0.1:6379/1"),
                   CACHE_URL_API=(str, "redis://127.0.0.1:6379/2?key_prefix=api"),
                   CACHE_URL_LOCK=(str, "redis://127.0.0.1:6379/2?key_prefix=lock"),
@@ -71,6 +72,7 @@
 SECRET_KEY = env('SECRET_KEY')
 ALLOWED_HOSTS = tuple(env.list('ALLOWED_HOSTS', default=[]))
 ABSOLUTE_BASE_URL = env('ABSOLUTE_BASE_URL')
+API_PREFIX = env('API_PREFIX')
 
 ADMINS = (
     ('Stefano', 'saxix@saxix.onmicrosoft.com'),
@@ -499,7 +501,7 @@
 IGNORE_DEFAULT_SCOPE = True
 
 SWAGGER_SETTINGS = {
-    'DEFAULT_API_URL': env('API_URL'),
+    'DEFAULT_API_URL': env('ABSOLUTE_BASE_URL') + env('API_PREFIX'),
     'DEFAULT_AUTO_SCHEMA_CLASS': 'etools_datamart.api.swagger.schema.APIAutoSchema',
     'DEFAULT_FILTER_INSPECTORS': ['etools_datamart.api.swagger.filters.APIFilterInspector', ],
     'SECURITY_DEFINITIONS': {
diff --git a/src/unicef_rest_framework/admin/service.py b/src/unicef_rest_framework/admin/service.py
index 89bcc95c2..dff247b86 100644
--- a/src/unicef_rest_framework/admin/service.py
+++ b/src/unicef_rest_framework/admin/service.py
@@ -44,7 +44,7 @@ class ServiceAdmin(ExtraUrlMixin, admin.ModelAdmin):
 
     search_fields = ('name', 'viewset')
     readonly_fields = ('cache_version', 'cache_ttl', 'cache_key', 'viewset', 'name', 'uuid',
-                       'last_modify_user', 'source_model', 'endpoint', 'basename')
+                       'last_modify_user', 'source_model', 'endpoint', 'basename', 'suffix')
     form = ServiceForm
     filter_horizontal = ('linked_models',)
     fieldsets = [("", {"fields": ('name',
@@ -52,7 +52,8 @@ class ServiceAdmin(ExtraUrlMixin, admin.ModelAdmin):
                                   'access',
                                   # 'confidentiality',
                                   # 'hidden',
-                                  ('source_model', 'basename', 'endpoint'),
+                                  ('source_model', 'basename'),
+                                  ('suffix', 'endpoint'),
                                   'linked_models',
                                   )})]
 
@@ -129,9 +130,7 @@ def invalidate_all_cache(self, request):
     @action()
     def doc(self, request, pk):
         service = Service.objects.get(pk=pk)
-        base = '/api/+redoc/#operation/'
-        path = service.endpoint.replace('/', '_')
-        return HttpResponseRedirect("{0}api_{1}_list".format(base, path))
+        return HttpResponseRedirect(service.doc_url)
 
     @action()
     def api(self, request, pk):
diff --git a/src/unicef_rest_framework/migrations/0001_initial.py b/src/unicef_rest_framework/migrations/0001_initial.py
index e16f623c2..26688b797 100644
--- a/src/unicef_rest_framework/migrations/0001_initial.py
+++ b/src/unicef_rest_framework/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-12 21:19
+# Generated by Django 2.1.4 on 2018-12-12 21:55
 
 import uuid
 
@@ -62,6 +62,7 @@ class Migration(migrations.Migration):
                 ('description', models.TextField(blank=True, null=True)),
                 ('viewset', strategy_field.fields.StrategyClassField(db_index=True, help_text='class FQN', unique=True)),
                 ('basename', models.CharField(help_text='viewset basename', max_length=200)),
+                ('suffix', models.CharField(help_text='url suffix', max_length=200)),
                 ('url_name', models.CharField(help_text='url name as per drf reverse', max_length=300)),
                 ('access', models.IntegerField(choices=[(0, 'Open'), (2, 'Login required'), (4, 'Access Restricted'), (8, 'Business authorization needed')], default=2, help_text='Required privileges')),
                 ('confidentiality', models.IntegerField(choices=[(1, 'Strictly Confidential'), (2, 'Confidential'), (3, 'Internal'), (4, 'Internal UN'), (5, 'Public')], default=3)),
diff --git a/src/unicef_rest_framework/migrations/0002_auto_20181212_2119.py b/src/unicef_rest_framework/migrations/0002_auto_20181212_2155.py
similarity index 99%
rename from src/unicef_rest_framework/migrations/0002_auto_20181212_2119.py
rename to src/unicef_rest_framework/migrations/0002_auto_20181212_2155.py
index 41bba4550..4c06fd7a3 100644
--- a/src/unicef_rest_framework/migrations/0002_auto_20181212_2119.py
+++ b/src/unicef_rest_framework/migrations/0002_auto_20181212_2155.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-12 21:19
+# Generated by Django 2.1.4 on 2018-12-12 21:55
 
 import django.db.models.deletion
 from django.conf import settings
@@ -10,10 +10,10 @@ class Migration(migrations.Migration):
     initial = True
 
     dependencies = [
-        ('unicef_rest_framework', '0001_initial'),
-        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
-        ('auth', '0009_alter_user_last_name_max_length'),
         ('contenttypes', '0002_remove_content_type_name'),
+        ('auth', '0009_alter_user_last_name_max_length'),
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+        ('unicef_rest_framework', '0001_initial'),
     ]
 
     operations = [
diff --git a/src/unicef_rest_framework/models/service.py b/src/unicef_rest_framework/models/service.py
index 9b91344df..d01ce22c8 100644
--- a/src/unicef_rest_framework/models/service.py
+++ b/src/unicef_rest_framework/models/service.py
@@ -6,7 +6,6 @@
 from django.db import models
 from django.db.models import F
 from django.utils.functional import cached_property
-from django_celery_beat.models import CrontabSchedule
 from rest_framework.reverse import reverse
 from strategy_field.fields import StrategyClassField
 from unicef_rest_framework.config import conf
@@ -41,7 +40,7 @@ def check_or_create(self, prefix, viewset, basename, url_name, ):
 
         service.url_name = url_name
         service.basename = basename
-        service.endpoint = prefix
+        service.suffix = prefix
         service.source_model = source_model
         service.save()
         viewset.get_service.cache_clear()
@@ -90,6 +89,7 @@ class Service(MasterDataModel):
     viewset = StrategyClassField(help_text='class FQN',
                                  unique=True, db_index=True)
     basename = models.CharField(max_length=200, help_text='viewset basename')
+    suffix = models.CharField(max_length=200, help_text='url suffix')
     url_name = models.CharField(max_length=300, help_text='url name as per drf reverse')
     access = models.IntegerField(choices=[(k, v) for k, v in acl.ACL_LABELS.items()],
                                  default=acl.ACL_ACCESS_LOGIN,
@@ -142,6 +142,11 @@ def endpoint(self):
     def display_name(self):
         return "{} ({})".format(self.viewset.__name__, self.viewset.source)
 
+    def doc_url(self):
+        base = '/api/+redoc/#operation/'
+        path = self.suffix.replace('/', '_')
+        return "{0}api_{1}_list".format(base, path)
+
     @cached_property
     def managed_model(self):
         try:
@@ -150,8 +155,6 @@ def managed_model(self):
             return None
 
     def save(self, force_insert=False, force_update=False, using=None, update_fields=None):
-        if self.cache_expire:
-            CrontabSchedule
         if self.pk:
             try:
                 v = self.viewset()
diff --git a/src/unicef_rest_framework/renderers/api.py b/src/unicef_rest_framework/renderers/api.py
index 8d65594e1..73c75df46 100644
--- a/src/unicef_rest_framework/renderers/api.py
+++ b/src/unicef_rest_framework/renderers/api.py
@@ -32,6 +32,7 @@ def get_context(self, data, accepted_media_type, renderer_context):
                 service = view.get_service()
                 service_url = reverse(f'admin:unicef_rest_framework_service_change', args=[service.pk])
                 ctx['service_url'] = service_url
+                ctx['service'] = service
             except Exception:  # pragma: no cover
                 pass
             try:
diff --git a/src/unicef_rest_framework/templates/rest_framework/base.html b/src/unicef_rest_framework/templates/rest_framework/base.html
index 5dd152249..51b3a39ea 100644
--- a/src/unicef_rest_framework/templates/rest_framework/base.html
+++ b/src/unicef_rest_framework/templates/rest_framework/base.html
@@ -100,7 +100,9 @@
           {% block content %}
 
           <div class="region"  aria-label="{% trans "request form" %}">
-
+          <div class="pull-right" style="margin-left: 10px">
+              <a href="{{ service.doc_url }}" class="btn btn-primary js-tooltip" title="Documentation">Doc</a>
+          </div>
           {% if iqy_url %}
               <div class="pull-right" style="margin-left: 10px">
                   <fieldset>
diff --git a/src/unicef_security/migrations/0001_initial.py b/src/unicef_security/migrations/0001_initial.py
index 4e07df18e..5d1ebd379 100644
--- a/src/unicef_security/migrations/0001_initial.py
+++ b/src/unicef_security/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-12 21:19
+# Generated by Django 2.1.4 on 2018-12-12 21:55
 
 import django.contrib.auth.models
 import django.contrib.auth.validators

From 479b75f5ddbb7e42e80c21958afddc13cb67d72e Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Thu, 13 Dec 2018 00:13:32 +0100
Subject: [PATCH 51/86] reset migrations - updates Subcription

---
 src/etools_datamart/apps/data/migrations/0001_initial.py      | 2 +-
 src/etools_datamart/apps/etl/migrations/0001_initial.py       | 2 +-
 .../apps/subscriptions/migrations/0001_initial.py             | 3 ++-
 ...{0002_auto_20181212_2155.py => 0002_auto_20181212_2259.py} | 2 +-
 src/etools_datamart/apps/subscriptions/models.py              | 1 +
 src/etools_datamart/apps/tracking/migrations/0001_initial.py  | 2 +-
 ...{0002_auto_20181212_2155.py => 0002_auto_20181212_2259.py} | 2 +-
 src/unicef_rest_framework/migrations/0001_initial.py          | 2 +-
 ...{0002_auto_20181212_2155.py => 0002_auto_20181212_2259.py} | 4 ++--
 src/unicef_security/migrations/0001_initial.py                | 2 +-
 10 files changed, 12 insertions(+), 10 deletions(-)
 rename src/etools_datamart/apps/subscriptions/migrations/{0002_auto_20181212_2155.py => 0002_auto_20181212_2259.py} (93%)
 rename src/etools_datamart/apps/tracking/migrations/{0002_auto_20181212_2155.py => 0002_auto_20181212_2259.py} (97%)
 rename src/unicef_rest_framework/migrations/{0002_auto_20181212_2155.py => 0002_auto_20181212_2259.py} (99%)

diff --git a/src/etools_datamart/apps/data/migrations/0001_initial.py b/src/etools_datamart/apps/data/migrations/0001_initial.py
index 4cb1a322a..998f9b4ac 100644
--- a/src/etools_datamart/apps/data/migrations/0001_initial.py
+++ b/src/etools_datamart/apps/data/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-12 21:55
+# Generated by Django 2.1.4 on 2018-12-12 22:59
 
 import django.contrib.postgres.fields.jsonb
 import month_field.models
diff --git a/src/etools_datamart/apps/etl/migrations/0001_initial.py b/src/etools_datamart/apps/etl/migrations/0001_initial.py
index 978667fbc..b12f49953 100644
--- a/src/etools_datamart/apps/etl/migrations/0001_initial.py
+++ b/src/etools_datamart/apps/etl/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-12 21:55
+# Generated by Django 2.1.4 on 2018-12-12 22:59
 
 import django.contrib.postgres.fields.jsonb
 import django.db.models.deletion
diff --git a/src/etools_datamart/apps/subscriptions/migrations/0001_initial.py b/src/etools_datamart/apps/subscriptions/migrations/0001_initial.py
index 6dd5426e0..e2ed5ec31 100644
--- a/src/etools_datamart/apps/subscriptions/migrations/0001_initial.py
+++ b/src/etools_datamart/apps/subscriptions/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-12 21:55
+# Generated by Django 2.1.4 on 2018-12-12 22:59
 
 import django.db.models.deletion
 from django.db import migrations, models
@@ -19,6 +19,7 @@ class Migration(migrations.Migration):
                 ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
                 ('type', models.IntegerField(choices=[(0, 'None'), (1, 'Email'), (2, 'Email+Excel'), (3, 'Email+Pdf')])),
                 ('kwargs', models.CharField(blank=True, default='', max_length=500)),
+                ('last_notification', models.DateField(blank=True, null=True)),
                 ('content_type', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='contenttypes.ContentType')),
             ],
         ),
diff --git a/src/etools_datamart/apps/subscriptions/migrations/0002_auto_20181212_2155.py b/src/etools_datamart/apps/subscriptions/migrations/0002_auto_20181212_2259.py
similarity index 93%
rename from src/etools_datamart/apps/subscriptions/migrations/0002_auto_20181212_2155.py
rename to src/etools_datamart/apps/subscriptions/migrations/0002_auto_20181212_2259.py
index 3491bd358..cf32057b8 100644
--- a/src/etools_datamart/apps/subscriptions/migrations/0002_auto_20181212_2155.py
+++ b/src/etools_datamart/apps/subscriptions/migrations/0002_auto_20181212_2259.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-12 21:55
+# Generated by Django 2.1.4 on 2018-12-12 22:59
 
 import django.db.models.deletion
 from django.conf import settings
diff --git a/src/etools_datamart/apps/subscriptions/models.py b/src/etools_datamart/apps/subscriptions/models.py
index 0537ed38e..30a56a0c4 100644
--- a/src/etools_datamart/apps/subscriptions/models.py
+++ b/src/etools_datamart/apps/subscriptions/models.py
@@ -82,6 +82,7 @@ class Subscription(models.Model):
     type = models.IntegerField(choices=TYPES)
     content_type = models.ForeignKey(ContentType, models.CASCADE)
     kwargs = models.CharField(max_length=500, blank=True, null=False, default='')
+    last_notification = models.DateField(blank=True, null=True)
 
     objects = SubscriptionManager()
 
diff --git a/src/etools_datamart/apps/tracking/migrations/0001_initial.py b/src/etools_datamart/apps/tracking/migrations/0001_initial.py
index f89fcd33d..59018475b 100644
--- a/src/etools_datamart/apps/tracking/migrations/0001_initial.py
+++ b/src/etools_datamart/apps/tracking/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-12 21:55
+# Generated by Django 2.1.4 on 2018-12-12 22:59
 
 import django.utils.timezone
 import strategy_field.fields
diff --git a/src/etools_datamart/apps/tracking/migrations/0002_auto_20181212_2155.py b/src/etools_datamart/apps/tracking/migrations/0002_auto_20181212_2259.py
similarity index 97%
rename from src/etools_datamart/apps/tracking/migrations/0002_auto_20181212_2155.py
rename to src/etools_datamart/apps/tracking/migrations/0002_auto_20181212_2259.py
index ff7b43c32..6fa3070d8 100644
--- a/src/etools_datamart/apps/tracking/migrations/0002_auto_20181212_2155.py
+++ b/src/etools_datamart/apps/tracking/migrations/0002_auto_20181212_2259.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-12 21:55
+# Generated by Django 2.1.4 on 2018-12-12 22:59
 
 import django.db.models.deletion
 from django.conf import settings
diff --git a/src/unicef_rest_framework/migrations/0001_initial.py b/src/unicef_rest_framework/migrations/0001_initial.py
index 26688b797..dbce3fc3e 100644
--- a/src/unicef_rest_framework/migrations/0001_initial.py
+++ b/src/unicef_rest_framework/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-12 21:55
+# Generated by Django 2.1.4 on 2018-12-12 22:59
 
 import uuid
 
diff --git a/src/unicef_rest_framework/migrations/0002_auto_20181212_2155.py b/src/unicef_rest_framework/migrations/0002_auto_20181212_2259.py
similarity index 99%
rename from src/unicef_rest_framework/migrations/0002_auto_20181212_2155.py
rename to src/unicef_rest_framework/migrations/0002_auto_20181212_2259.py
index 4c06fd7a3..069de21bf 100644
--- a/src/unicef_rest_framework/migrations/0002_auto_20181212_2155.py
+++ b/src/unicef_rest_framework/migrations/0002_auto_20181212_2259.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-12 21:55
+# Generated by Django 2.1.4 on 2018-12-12 22:59
 
 import django.db.models.deletion
 from django.conf import settings
@@ -11,9 +11,9 @@ class Migration(migrations.Migration):
 
     dependencies = [
         ('contenttypes', '0002_remove_content_type_name'),
+        ('unicef_rest_framework', '0001_initial'),
         ('auth', '0009_alter_user_last_name_max_length'),
         migrations.swappable_dependency(settings.AUTH_USER_MODEL),
-        ('unicef_rest_framework', '0001_initial'),
     ]
 
     operations = [
diff --git a/src/unicef_security/migrations/0001_initial.py b/src/unicef_security/migrations/0001_initial.py
index 5d1ebd379..5bc4ca3b0 100644
--- a/src/unicef_security/migrations/0001_initial.py
+++ b/src/unicef_security/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-12 21:55
+# Generated by Django 2.1.4 on 2018-12-12 22:59
 
 import django.contrib.auth.models
 import django.contrib.auth.validators

From 94572282a45e1c6ea5f79fcdb6a8d7d6100f323d Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Fri, 14 Dec 2018 09:50:04 +0100
Subject: [PATCH 52/86] update API home page

---
 .../templates/rest_framework/base.html        | 26 +++++++++++--------
 1 file changed, 15 insertions(+), 11 deletions(-)

diff --git a/src/unicef_rest_framework/templates/rest_framework/base.html b/src/unicef_rest_framework/templates/rest_framework/base.html
index 51b3a39ea..2189f776a 100644
--- a/src/unicef_rest_framework/templates/rest_framework/base.html
+++ b/src/unicef_rest_framework/templates/rest_framework/base.html
@@ -100,9 +100,11 @@
           {% block content %}
 
           <div class="region"  aria-label="{% trans "request form" %}">
+          {% if service %}
           <div class="pull-right" style="margin-left: 10px">
               <a href="{{ service.doc_url }}" class="btn btn-primary js-tooltip" title="Documentation">Doc</a>
           </div>
+          {% endif %}
           {% if iqy_url %}
               <div class="pull-right" style="margin-left: 10px">
                   <fieldset>
@@ -204,19 +206,21 @@ <h1>{{ name }}</h1>
                   <a href="{{ service_url }}"
                      style="float: right; color:black; background-color: #ffd600; margin-bottom:10px; margin-right: 0;margin-top:5px; margin-left: 10px;"
                      class="btn btn-primary">Service</a>
-              {% endif %}
-              {% for name,url in extra_actions.items %}
-                  {% if url != request.build_absolute_uri %}
-                      <a href="{{ url }}"
-                         style="float: right; color:black; background-color: rgba(30,144,255,0.3); margin-bottom:10px; margin-right: 0;margin-top:5px; margin-left: 10px;"
-                         class="btn btn-primary">{{ name }}</a>
+                  {% for name,url in extra_actions.items %}
+                      {% if url != request.build_absolute_uri %}
+                          <a href="{{ url }}"
+                             style="float: right; color:black; background-color: rgba(30,144,255,0.3); margin-bottom:10px; margin-right: 0;margin-top:5px; margin-left: 10px;"
+                             class="btn btn-primary">{{ name }}</a>
+                      {% endif %}
+                  {% endfor %}
+                  {% if request.path != base_action %}
+                  <a href="{{ base_action }}"
+                     style="float: right; color:black; background-color: rgba(30,144,255,0.3); margin-bottom:10px; margin-right: 0;margin-top:5px; margin-left: 10px;"
+                     class="btn btn-primary">List</a>
                   {% endif %}
-              {% endfor %}
-              {% if request.path != base_action %}
-              <a href="{{ base_action }}"
-                 style="float: right; color:black; background-color: rgba(30,144,255,0.3); margin-bottom:10px; margin-right: 0;margin-top:5px; margin-left: 10px;"
-                 class="btn btn-primary">List</a>
               {% endif %}
+
+
               {% if paginator %}
                 <nav style="float: right">
                   {% get_pagination_html paginator %}

From 3ae5a8f04c82a195d8f86646d4183793f9b35d9a Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Fri, 14 Dec 2018 10:21:19 +0100
Subject: [PATCH 53/86] updates Admin sections

---
 src/etools_datamart/config/admin.py         |  9 ++++++---
 src/etools_datamart/config/settings.py      | 12 ------------
 src/unicef_rest_framework/models/service.py |  1 +
 3 files changed, 7 insertions(+), 15 deletions(-)

diff --git a/src/etools_datamart/config/admin.py b/src/etools_datamart/config/admin.py
index 7440e759a..360f4f746 100644
--- a/src/etools_datamart/config/admin.py
+++ b/src/etools_datamart/config/admin.py
@@ -9,11 +9,14 @@
 from django.utils.translation import gettext_lazy
 from django.views.decorators.cache import never_cache
 
+from etools_datamart.libs.version import get_full_version
+
 cache = caches['default']
 
 DEFAULT_INDEX_SECTIONS = {
-    'Administration': ['unicef_rest_framework', 'constance', 'dbtemplates', 'subscriptions'],
-    'Data': ['data', 'etools', 'etl'],
+    'Administration': ['unicef_rest_framework', 'constance',
+                       'dbtemplates', 'subscriptions', 'etl'],
+    'Data': ['data', 'etools'],
     'Security': ['auth', 'unicef_security',
                  'unicef_rest_framework.GroupAccessControl',
                  'unicef_rest_framework.UserAccessControl',
@@ -67,7 +70,7 @@ def index(self, request, extra_context=None):
 
     @never_cache
     def index_new(self, request, extra_context=None):
-        key = f'apps_groups:{request.user.id}'
+        key = f'apps_groups:{request.user.id}:{get_full_version()}'
         app_list = self.get_app_list(request)
         groups = cache.get(key)
         if not groups:
diff --git a/src/etools_datamart/config/settings.py b/src/etools_datamart/config/settings.py
index 685134cd9..174b054d8 100644
--- a/src/etools_datamart/config/settings.py
+++ b/src/etools_datamart/config/settings.py
@@ -629,15 +629,3 @@ def extra(r):
 
 
 SYSINFO = {"extra": {'Azure': extra}}
-
-INDEX_SECTIONS = {
-    'Administration': ['unicef_rest_framework', 'constance', 'dbtemplates', 'subscriptions'],
-    'Data': ['data', 'etools', 'etl'],
-    'Security': ['auth', 'unicef_security',
-                 'unicef_rest_framework.GroupAccessControl',
-                 'unicef_rest_framework.UserAccessControl',
-                 ],
-    'Logs': ['tracking', 'django_db_logging', 'crashlog', ],
-    'System': ['redisboard', 'django_celery_beat', 'post_office'],
-    'Other': ['unicef_rest_framework.Application', ],
-}
diff --git a/src/unicef_rest_framework/models/service.py b/src/unicef_rest_framework/models/service.py
index d01ce22c8..b78091e6a 100644
--- a/src/unicef_rest_framework/models/service.py
+++ b/src/unicef_rest_framework/models/service.py
@@ -118,6 +118,7 @@ class Service(MasterDataModel):
 
     class Meta:
         ordering = ('name',)
+        verbose_name_plural = "Services"
 
     objects = ServiceManager()
 

From 72b8f2d07c625421595d65dd98679d6410426598 Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Fri, 14 Dec 2018 11:02:30 +0100
Subject: [PATCH 54/86] add searching capabilities in admin index page

---
 .../apps/web/templates/admin/index_new.html   | 31 ++++++++++++++++---
 1 file changed, 27 insertions(+), 4 deletions(-)

diff --git a/src/etools_datamart/apps/web/templates/admin/index_new.html b/src/etools_datamart/apps/web/templates/admin/index_new.html
index 1459c4d38..01425aa47 100644
--- a/src/etools_datamart/apps/web/templates/admin/index_new.html
+++ b/src/etools_datamart/apps/web/templates/admin/index_new.html
@@ -1,19 +1,21 @@
-{% extends "admin/index.html" %}{% load i18n %}
+{% extends "admin/index.html" %}{% load i18n static %}
 {% block content %}
+
     <div id="content-main">
+    <input type="text" style="width: 578px;padding:10px;margin-bottom:10px"  id="filterInput" placeholder="Search for names..">
         {% if groups %}
             {% for section, apps in groups.items %}
                 <div class="module">
-                    <table style="width: 100%">
+                    <table style="width: 100%" class="section">
                         <caption>
                             {{ section }}
                         </caption>
                         {% for model in apps %}
                             <tr>
                                 {% if model.admin_url %}
-                                    <th scope="row"><a href="{{ model.admin_url }}">{{ model.label }}</a></th>
+                                    <td scope="row"><a href="{{ model.admin_url }}">{{ model.label }}</a></td>
                                 {% else %}
-                                    <th scope="row">{{ model.model_name }}</th>
+                                    <td scope="row">{{ model.model_name }}</td>
                                 {% endif %}
                             </tr>
                         {% endfor %}
@@ -24,6 +26,27 @@
             <p>{% trans "You don't have permission to view or edit anything." %}</p>
         {% endif %}
     </div>
+    <script src="{% static 'jquery-3.3.1.min.js' %}"></script>
+    <script>
+        $('#filterInput').on('keyup', function () {
+            let filter = this.value.toUpperCase();
+            $('table.section tr').each(function (i, el) {
+                let txt = $(el).find('td,caption').text();
+                if (txt.toUpperCase().indexOf(filter) > -1) {
+                    $(el).closest('.section').show();
+                    $(el).show();
+                } else {
+                    $(el).hide();
+                }
+                $('table.section').each(function(i, t){
+                    if ($(t).find('tr:visible').length === 0){
+                        $(t).hide()
+                    }
+                });
+            });
+        }).focus();
+    </script>
+
 {% endblock %}
 {% block sidebar %}
 {% endblock sidebar %}

From ea5da27c80ff0d71a35983097d8cd3daab4b2a9c Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Fri, 14 Dec 2018 11:37:51 +0100
Subject: [PATCH 55/86] fixes pdf renderer

---
 .../apps/web/templates/admin/index_new.html   | 39 ++++++++++++++++++-
 .../templates/renderers/pdf.html              |  2 +-
 2 files changed, 39 insertions(+), 2 deletions(-)

diff --git a/src/etools_datamart/apps/web/templates/admin/index_new.html b/src/etools_datamart/apps/web/templates/admin/index_new.html
index 01425aa47..42069c161 100644
--- a/src/etools_datamart/apps/web/templates/admin/index_new.html
+++ b/src/etools_datamart/apps/web/templates/admin/index_new.html
@@ -49,4 +49,41 @@
 
 {% endblock %}
 {% block sidebar %}
-{% endblock sidebar %}
+<div id="content-related">
+    <div class="module" id="recent-actions-module">
+    <div>
+        <h2>Links</h2>
+        <ul class="actionlist">
+            <li><a href="/">Home</a></li>
+            <li><a href="{% url "api:schema-redoc" %}">Documentation</a></li>
+            <li><a href="{% url "api:api-root" version="latest" %}">API</a></li>
+            <li><a href="{% url "monitor" %}">Monitor</a></li>
+        </ul>
+    </div>
+        <h2>{% trans 'Recent actions' %}</h2>
+        <h3>{% trans 'My actions' %}</h3>
+            {% load log %}
+            {% get_admin_log 10 as admin_log for_user user %}
+            {% if not admin_log %}
+            <p>{% trans 'None available' %}</p>
+            {% else %}
+            <ul class="actionlist">
+            {% for entry in admin_log %}
+            <li class="{% if entry.is_addition %}addlink{% endif %}{% if entry.is_change %}changelink{% endif %}{% if entry.is_deletion %}deletelink{% endif %}">
+                {% if entry.is_deletion or not entry.get_admin_url %}
+                    {{ entry.object_repr }}
+                {% else %}
+                    <a href="{{ entry.get_admin_url }}">{{ entry.object_repr }}</a>
+                {% endif %}
+                <br>
+                {% if entry.content_type %}
+                    <span class="mini quiet">{% filter capfirst %}{{ entry.content_type }}{% endfilter %}</span>
+                {% else %}
+                    <span class="mini quiet">{% trans 'Unknown content' %}</span>
+                {% endif %}
+            </li>
+            {% endfor %}
+            </ul>
+            {% endif %}
+    </div>
+</div>{% endblock sidebar %}
diff --git a/src/unicef_rest_framework/templates/renderers/pdf.html b/src/unicef_rest_framework/templates/renderers/pdf.html
index f989b316b..d49415cc9 100644
--- a/src/unicef_rest_framework/templates/renderers/pdf.html
+++ b/src/unicef_rest_framework/templates/renderers/pdf.html
@@ -34,7 +34,7 @@ <h1>{{ opts.verbose_name }}</h1>
             <th>{{ v }}</th>
         {% endfor %}
     </tr>
-    {% for row in data.results %}
+    {% for row in data %}
         <tr class="{% cycle "odd" "even" %}">
             {% for k,v in row.items %}
                 <td>{{ v }}</td>

From 79411d26ef935dcb23da7c8558f43b3feca4b840 Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Fri, 14 Dec 2018 11:40:52 +0100
Subject: [PATCH 56/86] fixes documentation examples links:

---
 src/etools_datamart/api/endpoints/openapi.py | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/etools_datamart/api/endpoints/openapi.py b/src/etools_datamart/api/endpoints/openapi.py
index 5d1affbeb..652aa3405 100644
--- a/src/etools_datamart/api/endpoints/openapi.py
+++ b/src/etools_datamart/api/endpoints/openapi.py
@@ -52,27 +52,27 @@
 
 Select all interventions in Bolivia and Chad
 
-- {HOST}datamart/interventions/?country_name__in=Bolivia,Chad
+- {HOST}latest/datamart/interventions/?country_name__in=Bolivia,Chad
 
 Select all interventions in all countries except Bolivia and Zimbabwe
 
-- {HOST}datamart/interventions/?country_name__in!=Bolivia,Zimbabwe (note `!=` instead of `=`)
+- {HOST}latest/datamart/interventions/?country_name__in!=Bolivia,Zimbabwe (note `!=` instead of `=`)
 
 Select all interventions submitted in 2017
 
-- {HOST}datamart/interventions/?submission_date__year=2017
+- {HOST}latest/datamart/interventions/?submission_date__year=2017
 
 Select all interventions submitted after 2017 (ie starting 2018)
 
-- {HOST}datamart/interventions/?submission_date__year__gt=2017
+- {HOST}latest/datamart/interventions/?submission_date__year__gt=2017
 
 Retrieve entries in the second quarter (April 1 to June 30):
 
-- {HOST}datamart/interventions/?submission_date__quarter=2
+- {HOST}latest/datamart/interventions/?submission_date__quarter=2
 
 Retrieve entries in the second/third/fourth quarter (April 1 to June 30):
 
-- {HOST}datamart/interventions/?submission_date__quarter__gte=2
+- {HOST}latest/datamart/interventions/?submission_date__quarter__gte=2
 
 
 """.format(HOST=swagger_settings.DEFAULT_API_URL)

From 6b3c52ee5fd3d3869bb572eba617e919be0798a9 Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Fri, 14 Dec 2018 12:50:11 +0100
Subject: [PATCH 57/86] improves navigation

---
 src/etools_datamart/api/endpoints/openapi.py  |   6 +-
 .../apps/web/static/api-doc.css               |  38 ++++++++---
 .../apps/web/static/api-doc.css.map           |   4 +-
 .../apps/web/static/api-doc.scss              |  59 +++++++++++++++---
 .../apps/web/static/logo_100.png              | Bin 0 -> 18008 bytes
 .../apps/web/static/logo_small.png            | Bin 0 -> 18008 bytes
 .../apps/web/templates/drf-yasg/redoc.html    |  43 ++++++++-----
 7 files changed, 109 insertions(+), 41 deletions(-)
 create mode 100644 src/etools_datamart/apps/web/static/logo_100.png
 create mode 100644 src/etools_datamart/apps/web/static/logo_small.png

diff --git a/src/etools_datamart/api/endpoints/openapi.py b/src/etools_datamart/api/endpoints/openapi.py
index 652aa3405..86838c8cf 100644
--- a/src/etools_datamart/api/endpoints/openapi.py
+++ b/src/etools_datamart/api/endpoints/openapi.py
@@ -7,14 +7,12 @@
 from rest_framework import permissions
 
 description = """
-# Welcome to eTools Datamart API
-
 Each API endpoint allows filtering and/or ordering results.
+Different formats can be requested using `format` argument.
+Pagination can be disabled with `page_size=-1`
 
 ## Query lookups
 
-Any field where query functions are enabled allow to....
-
 ### Generic lookups
 
 - exact: Case-sensitive exact match.
diff --git a/src/etools_datamart/apps/web/static/api-doc.css b/src/etools_datamart/apps/web/static/api-doc.css
index 78a957782..32b55b319 100644
--- a/src/etools_datamart/apps/web/static/api-doc.css
+++ b/src/etools_datamart/apps/web/static/api-doc.css
@@ -1,15 +1,33 @@
+nav {
+  font-family: Roboto, sans-serif; }
+  nav span.title {
+    display: inline-block;
+    font-weight: normal;
+    font-size: 20px; }
+  nav img {
+    margin-left: 10px;
+    width: 50px;
+    vertical-align: middle; }
+  nav .links {
+    margin-right: 50px;
+    float: right;
+    font-size: 16px;
+    line-height: 2;
+    padding: 2px; }
+    nav .links a {
+      color: #32329f;
+      text-transform: none;
+      text-decoration: none; }
+      nav .links a::after {
+        content: " |"; }
+      nav .links a:last-child:after {
+        content: ''; }
+
 .menu-content:before {
-  content: '';
-  /* with class ModalCarrot ??*/
-  background: url("unicef_logo.png");
-  background-size: 100px;
-  background-repeat: no-repeat;
   margin-left: 80px;
-  margin-bottom: 10px;
-  height: 100px;
+  align-content: center;
+  min-height: 110px;
   overflow: hidden;
-  display: block;
-  left: -50px;
-  top: 10px; }
+  display: block; }
 
 /*# sourceMappingURL=api-doc.css.map */
diff --git a/src/etools_datamart/apps/web/static/api-doc.css.map b/src/etools_datamart/apps/web/static/api-doc.css.map
index d31217370..85d80116a 100644
--- a/src/etools_datamart/apps/web/static/api-doc.css.map
+++ b/src/etools_datamart/apps/web/static/api-doc.css.map
@@ -1,7 +1,7 @@
 {
 "version": 3,
-"mappings": "AAAA,oBAAqB;EAEnB,OAAO,EAAE,EAAE;EAAE,8BAA8B;EAC3C,UAAU,EAAE,sBAAsB;EAClC,eAAe,EAAE,KAAK;EACtB,iBAAiB,EAAE,SAAS;EAC5B,WAAW,EAAE,IAAI;EACjB,aAAa,EAAE,IAAI;EACnB,MAAM,EAAE,KAAK;EACb,QAAQ,EAAE,MAAM;EAChB,OAAO,EAAE,KAAK;EACd,IAAI,EAAE,KAAK;EACX,GAAG,EAAE,IAAI",
+"mappings": "AAAA,GAAI;EACF,WAAW,EAAE,kBAAkB;EAE/B,cAAW;IACT,OAAO,EAAE,YAAY;IACrB,WAAW,EAAE,MAAM;IACnB,SAAS,EAAE,IAAI;EAGjB,OAAI;IACF,WAAW,EAAE,IAAI;IACjB,KAAK,EAAE,IAAI;IACX,cAAc,EAAE,MAAM;EAGxB,UAAO;IACL,YAAY,EAAE,IAAI;IAClB,KAAK,EAAE,KAAK;IACZ,SAAS,EAAE,IAAI;IACf,WAAW,EAAE,CAAC;IACd,OAAO,EAAE,GAAG;IAEZ,YAAE;MACA,KAAK,EAAE,OAAgB;MACvB,cAAc,EAAE,IAAI;MACpB,eAAe,EAAE,IAAI;MAErB,mBAAS;QACP,OAAO,EAAE,IAAI;MAGf,6BAAmB;QACjB,OAAO,EAAE,EAAE;;AAMnB,oBAAqB;EAMnB,WAAW,EAAE,IAAI;EAEjB,aAAa,EAAE,MAAM;EAErB,UAAU,EAAE,KAAK;EACjB,QAAQ,EAAE,MAAM;EAChB,OAAO,EAAE,KAAK",
 "sources": ["api-doc.scss"],
 "names": [],
 "file": "api-doc.css"
-}
+}
\ No newline at end of file
diff --git a/src/etools_datamart/apps/web/static/api-doc.scss b/src/etools_datamart/apps/web/static/api-doc.scss
index f566e6811..34bb104fd 100644
--- a/src/etools_datamart/apps/web/static/api-doc.scss
+++ b/src/etools_datamart/apps/web/static/api-doc.scss
@@ -1,15 +1,54 @@
+nav {
+  font-family: Roboto, sans-serif;
+
+  span.title {
+    display: inline-block;
+    font-weight: normal;
+    font-size: 20px;
+  }
+
+  img {
+    margin-left: 10px;
+    width: 50px;
+    vertical-align: middle;
+  }
+
+  .links {
+    margin-right: 50px;
+    float: right;
+    font-size: 16px;
+    line-height: 2;
+    padding: 2px;
+
+    a {
+      color: rgb(50, 50, 159);
+      text-transform: none;
+      text-decoration: none;
+
+      &::after {
+        content: " |";
+      }
+
+      &:last-child:after {
+        content: '';
+      }
+    }
+  }
+}
+
 .menu-content:before {
-  //content:url('unicef_logo.png'); /* with class ModalCarrot ??*/
-  content: ''; /* with class ModalCarrot ??*/
-  background: url('unicef_logo.png');
-  background-size: 100px;
-  background-repeat: no-repeat;
+  //content:url('logo_100.png'); /* with class ModalCarrot ??*/
+  //content: '<div class=links></div>'; /* with class ModalCarrot ??*/
+  //background: url('logo_small.png');
+  //background-size: 100px;
+  //background-repeat: no-repeat
   margin-left: 80px;
-  margin-bottom: 10px;
-  height: 100px;
+  //margin-bottom: 10px;
+  align-content: center;
+  //height: 100px;
+  min-height: 110px;
   overflow: hidden;
   display: block;
-  left: -50px;
-  top: 10px;
-
+  //left: 50px;
+  //top: 10px;
 }
diff --git a/src/etools_datamart/apps/web/static/logo_100.png b/src/etools_datamart/apps/web/static/logo_100.png
new file mode 100644
index 0000000000000000000000000000000000000000..5762cbf5722d9bec3172b79d6be6b269181700ad
GIT binary patch
literal 18008
zcmZ^}V~{98vn@KdZQHhO+qP}nwr$%s_IQtN+cR%}=bVeU5w9bvx_Z^hm6e%4D!RHO
z739QWp|GF;003YmB}A0|-A(>AZ3wV`edrtk4FCX)gr%^sf~2r8fr690nWc>>0Dwef
zsyeue@+4NCwvwbpAcO>DZ{%Wi3W630U}aEj0tk{+45Z*l9Sv278zLaKn#e*cK$F^)
zsp3`LaUmTQ^`+5Z*i<&kpOwcQ?puEI8=v>n{9F1=Zg((%T&z5mtndq<1bWH@QjxHx
zv9i);iTD6C0$?x(U^<>YovFC^ct8cP5C5snYyicVHJub4{<vTD1!Rb0AAkgp2xd?x
zKfV!gfC1?@B~3s85&eqxJS_s%gL?$*34;Ix=~NEwSm_iF<ydM}Hc3dF2zNk%vU`sv
z8-SMV!aUW9`7oZ1c0#vQh!G?Jmk9*$dr=<15k&;}>G}Mckw0)8CVs=o-|%xYf^vBD
z-U!vsijbT#H0dYzW#9S7Z@WqP<rsH{;MlSx(NYR0FqdxJ?oKU8O9VG*CSzlQHSqV|
zjRL0dj8dqSMM*0!6_omOfvmtX5xSr~4HglygmDQ+qhl6NnVJU>bR!O-1)>K)c1dP8
zLWMj$io=@3**OU80nH{jZDw}B@?{UzE&QbuvS!wA_R%3*fIsY`MI|b(GZ?K3IY`ir
zY$GzBc1A55V9k_hjz-`%CQ%@!Uu+1U(4>ilR(>`{X*5KF#`M$a@JG?KD3P6wSURc%
zQc;U{R|k(O_t=74G${?q;2t3ljf}vZ5Fv*97h8?gLXu5n`ZdB@2w4T0pHf-q^^N0|
zLp>6uJ5WZ-o`ywcba*NN=p|YB@u_Gd<dugb%+4Og2P^k`q6A<L0vHB>pf;HXOcQ_y
zZ8v3hZ_>O-fF1&1O@Rm<7A(NbN~*+2Z!#dGd-M?@0(>0wDy&o>p$fmA3e|pH0W>QX
zg;rv89zc$K5n!Ho?Lw^5OlP#9Ux2I!_&tw?HJ%NW<9^GHg=AvIiZFLgE?_i~`y&iS
zD2zd85!ri!9sqd2`GgIfhkYHp0xkO2kn#}MA>tv}A#g*vk_Vnmw-1Ja3kASl5r2+y
z-fibPa7~_vgzp6=;5!}3?0|F}<j*2w!G(AA6s8wM>SlhtZ~Tw$WLH?-P}HHMFohrs
zIehq)HzhZ%6GSza?5RuQSe+Z{at0G`zn%LkTL4}bcD0S58^8Z*UV*sbamTO%qPf9X
zkI@;5r+7G^eiv$q0`DNH+#d<y-NXNQVC7FqP3d0hcI)t0jzfirPJJUfkV%(Mj;t2}
zp<&;A38ASE;q%2D-&}yX+a9}%^vd>{RrSF`JPxUE```lrNq>BP!uzj?+JhSSV*xB*
z>bt(+@9EjV4s<^Igw`n34yVEc6#(JBiD3de8^Gci@ZAhxg9IQTz=;KNB!Daqh-jE1
z>dZ4Spw0j|3sO>mPY+lrfU*V58i4<WeF-FUz{mkG9}sl_-2!mmzc>e(7likK{y+dB
zBy<T0#2`kCpgoA`AnubuK#Ch7fRw;W3N#@`5(%6UI3YfsfGUAn4_PMcCkRhKp71Qe
z?F{A-=}J(a5JwTVtN^qM+bASf&`*gKE0#P1VZqJ~LMtXcLux^)6?HF+J%fBA@&djV
z$S>~27-(T2GmGpr=)(Yy9$svukqMg}nreWmL9-sv+WYl^y&ULjgy%ps-=o<At=psE
z!8|=wzSDd&>Vet~WIrgsvwjoq0sj>$K$d}=1Mvq+XGlws&5)uXRY7P&ghP@WZm&$f
zOOqgBihL2le`6~{bdFexjE=mF@QxUdydD`J(L;(fk#QmeO*)X^Q39+?X-R8|c8PIG
zU6%BcUnSB`*q%f@a%l?TiPsU_k>r!=lk$_gDLzxOq5MhVhzekeZAxhhT@>n+IWKuq
ze6Dy|7O+BM4d+VNlC&+zE88jVTU}giT6|c-DkfdcDpsv*Rlm$x6|RM6@y$Yx6~>lV
z{*(5nZ7FW)=8xXexeK=!1aGdMfWA<DaefJZLI0YW1^n8H6?BWawYoLCmHvufq3}ZE
zis7ZqGUaOJpY?iY&2sJZBJ1+$h2!(N#oATg5^w2t_4vZmGW7EF`gRTb@*U4!^A8eV
z?r#U*K)=Wzv+v}Ocub7ptU<#&%tuUZjB?CeFcDyH;5xxL!OlUuV76d9VP9eSVU%H_
zVXI-{FkG1!%kd+o#|-Jr&kXiV{O}A|LwH0uO_mbFi50@zm@uqR49M82m=}y~h7XGw
zCOGyvRz15d6Q5lWc1I>mW2P08-bu^kn?f*Q;IN1AG}vwSCwJxL<w=%7m#%ZOCF!zW
zvlFvKGo|KMGxFK4*~}Bd6V8+BnfNSsO$M4Enh~^WnmEm`NhXs<P0t#sRZ6w^(n`~m
z(jlj0(`?iH)Lzx56`pEdwb$Cp)xK5D)#@7UT5lT~8?nuqhRXK$?KGoHYw9LlWAD|M
z+}vK>s%@ZdvTpMiu@{|Bqff6-Z#b85gK$c?R=73X$hf|^&bUjQdX7RlJvpLstMci&
zists_zn;0ypA16`{f0?~t;2Sme{}xRh0;CK!G|-4kHh4%_gKC~BeD@Miqqgbx{aW#
z)35QY(bl<dKW&S3&N^E=dLQ2$&AHdR_1_4-M%-mwFI?R(F0Ct{b?!X2p$}WPtO3=l
z)z9zn?J(Vf-O}M>=fmV<<!kqW_1*VH`_8{3ehGb>ed4}+?%iJN@Ac3B-U6ftYz5>3
z&Wmltqr`17JvbJq63{y+8;B!NQxIDiD~LCkGSGLhy(vbxMi7{2Pbjw$bBFgve-kaU
zs-Sr>JmHS#GbcOqz(7aCP(xcouffa1)kFCs7@{WPD&j97pQCc}K6s!IQgK;%F4NXw
zrq9<NzQjCWvN|tUT4=c#xu`xBW0YfP%1m3hJXI`Ei|<Ca#-@(2jRtbqZB2E2-oM-{
zANb=6;~?{wdCeq)w1;3qnj>RICL_6%^~plXYGt{wuM=t}Ze<lEGx3$u9qU?YTtqF$
zH4=}_;dnF7lE~()=EzCOOYWxaaMSs0T{z|*_Ku~;^>YsT2`z*?BFmDU$nr2rnj_gS
z{=f){S&hxb$oFvQ(blskXKN;}51-zx-Q`0IfmDO&4hif-?Jv~~)Szn4Hvu=Ro4H2@
ziJ}(SF^cPu`eh=gHWQxe+UeZ9Z2j~s_wc?SeZ_nUBl$|!9W9$YPKqXPmd-6IS&pOp
zQdXBgO%$1K9!2;B^>hvZ;Qghi#6jVw#6tr^RYUK~&th`*Pt;2+Ia_2Yw~Q|1rH!N5
z;lj<I%irM|b{gBlgg0+8x62BhnaWw=+Vpapyqe=obatC5otw@5+~isFq(14*%;)Ma
z9jP&qn>@@X@~@&_p-WBO(L!i27#8v=^f25ciWjv;_oYNm(WP*wt*7{H$>@I@nz!Ru
z|Jmv%v6kFax-Gp-M@*MY+t$JB@fnBeMIEKatH<eWazwROU9V!VCa>kw-`8w3gmsNI
zk`*_VF@4m^Zk=BBt3p!Uu7IoEQ8w0Ut~lA|8tkgR6kcVwVc1mY+dmY$AKT0(VrO05
zSW&Yfv!mPkGLfE2Yu5H{U$tdkSL?febenvM!-eFQTX|nzxn|k!Y{9ElUv|I7>c5=2
zY1p2HrGw3WVR%is1@%Vt{{137Owax-dTqUV-QIN=coCQt92;yBD{<5^mQSvzEat53
z{QgrRTuTc`3+|8mbNMoy7G52Xfv4$};?;6w@!NP{+&f-6-YsvE@3F;I`Fu0kNM4_h
z<y>{`@^tQOPBfRpGtK9HrL)&LeEL0)-?ismcwY26Iwq}`4)=5NygA5r+cq}Mm!4h!
zrfX@5zwY;Bb+>}NHdL3}IoIoVFLo9Cl0C_8zl-Hxeb~15(#-AYuJ@z&=DoYk`3mtm
zb#u8>?_uy!@S-30yRo#t?RaGPcUU?e34hyn#{cUJ{vAJ`OFHjQz6wvPht})N_xgTa
zL>;w%+-LJ+=aZ+t`?<cC|4NU8hvVLDLO=a;%=NhsrT6-;)xGuM+UBlDpXGJzt?wP%
zukCJk)9cu+yU*RX!;A67c)71Ke<Gi%pWD~g1L?<f@6XqdAEo@5GA<~?-#;}p0D89I
z0dVthG1PZo4068n%8*5U*;NQ{@*2MADv|5}uno$1Yn<bNf1$ItaaK}6DB>?92?3t(
zFl?|A%{@D+J1y?Uggth5e>Y$Nl%N6fO~1c=FF!u{?E?pQ0QcTdp1+kSMLgL5o>hvd
zXNo!xxIfr~Bm2vX%{4dvd$oXckkE7n0DwmRPXh$V%E15t0D`tu(Qwg_mEkhBx1}>Q
zu{ScM^RRXJ#|8l4@!<M5v^8}xB=E4cv2*6~;3fJm2G_swe_(ndg8!npSo0ET$SM#B
z+dG*Ou+p*6F%a=V5fBjYIGLDnDT#>vkNLkRULp$@7Y8nSdUtnsI(KF|dna>xMovyn
zdIlzXCMMc{3|ePTI~PL_T03Xr{}%aQIwGdd#!i+FE|&Io1pm=BG_rSf;UyyakE8#6
z{r5UuEY1FpCp+i=3F}{g^#7TmXQX4G|KHmGOnLr;aw(ZQ+uOMQM_$#=(uI$S=fBAR
zFZ_SJ{kN5{y{&_jsk8GxGd{-uG5No-|CcZCWNG>@zW=!S-~9g@`+xZg7WOXo|8nhQ
zX)I~yV(RqI+5cGouLb`9GyX@5hyFk5`oGfm-?jNK^j~rKpm^y2ccJ;9;6<sD0RY(Z
zB}D{PJOHnKA$?GfJ72HN`PYSo{=Oo-h^n!6sMUJeLfhKcuC}S$*GGlTwyqhYiZ%h#
z)w(sduhJQ`TUWbwi_jKOG(i}W8we42%Q>}iHv9gb<}woo0xT50e){6m_vd7Ko^GG4
z=b!qT?R7jJ^MK3=@BL55hYj*Jzj_UQgW42gR3|losclnRTv^Q-?G52ScR{;cdl>TW
zqA`HIeB{HKj?h38koEI3DRc;s`Flj6Z{dCpoqKJQ94Z8a?gf!Dk38F~^wo2`x?weL
z8R?ODu9#%V%s@#gg&AaGicv*QaL1^Ol!S{kzSdoHrY3#+br@HQT&$emdPK`pZ-~IA
z=4jEY@~qIf;Cr=<@~e*f<4MJX9zV<h1YC;XIGF4mhSkO0SZXrSxL!Iw?wCXeYNBiL
z>gBgYbQ;H&gtJ!XtONJMk$7md7noBrM=3VVzS~cI>%Iq7IkB0Nd#vbO1Uc7jdOq+v
zKg!e}!T95jIK)9@!UeC@(d1P^<3;B@S)?90p10{RpCNa;lX7~|M{_ZjQjqYj6rJ~$
zTJHa{JhDIcfRWEL@$Neh!!&c=D6wQA3xl8CqV4_Kd0H08y(;aj7T>L~(m}2pc3)H(
z>fd@kxFDX(IFH{gXz;VqT3{PT?bkOZiz9f7EY*IBR$DV!>`YbY-vW0a^ch?N4who`
z^tZL*lw<$$GRr<o+40R=#eHyzb=T!)mSUUP(C&Ok6rH#C)LWjN?Zdo&i~p-h)m8p?
z)1JG}`8=x^eGZ}*y=Ak^1qE^RcNa83BC<jgwOee4a`U4WvJ~8@d)Q=*`ZE|g--@5(
z)I5##biJ%}uGg^|>qFL~>ZftJmEpbd+c?+TIqxsB!`wNCvFfaT+0Rf@nd)-ypWeRl
z&R`gElb4S7e&_p9C2(&C3Y)X2$x?CpCC>Sjf&+ic@kPW~7)i=#iS=<^bXFwr%WQ0Y
zWtrLuK-sQ^dtm<g-^e<1)#a{@q{YI@c|VFJS0y&E+1jsyjJZmTG{1^c+Ak?#@j+fU
z*bc;~+}v^mhGFmTJIrJ6db6(Syib4i5MxLEEg%Spk``e?OR2HgwW*x?@9*x1HD&-r
z1|gm$(xqwm`ICdPr@`RiokDMPo-XsOqd3&C?P2@l+P~S{w=@13&z$GxKk?SkFXP*v
zjFO$<{ALq8zwPa}c&~u0*!qq>J)`7Lxun8w=)(Kzp&l8)BuyUHUhjq2syo%U8X(36
z)60B@$GI%Cr+)A2GkRbGOyr+k4%nE?t1Td`ygrQ-nfQJF-hQ+R#@U^On=HAFW}g7e
zm<xO!4qIYy%REHR0Ue(E6Y!^BC2Z;lLC)Mrd7&VQl*gZaJ}NWQ@~5!8!rWwH9{NRW
znE3g7K(|?3{yqYQA79gJa?y^3x=`p;Qdz(s*Qu9Tcv-4DckNZ9Ut>g7;qIN(Bcz_H
zo~q81uE^AvVs`ZV_=X7X5#{xJzb)7E3^(QC6I#+oT|I``Q*#V{7iqH*3vq2MgQ(y6
z@pkzbv{0H;b&WZLwX%+ut)uW$hjD{Tb<K#Z^7%chO>hPv%vm$o2b>QB)6n5IxIn}M
zD`r=iS5kD5<S~PElO3&!r<=zBzZ-eCW$X(fpLgP7!(E`Fl33PjKzxw>BqpNP{ye>3
z1*gHI!@EUp$oSi81)VXbn0DV@oS4&H4NV`Pw`noonYMnf&+7~cv+o3T$Y{i|zwhZO
zG5HT8`$I)h8#3NPS|0gQRoj`H$r6ApnV=^zT;)FVJ?|nA6lzjG{@<tJWOCJCM{eb?
z+(y2CX!AHx#k-#1R=Ck{$L?gbA0<~*`K!O@HBG_$Im=zfZP)ld3)e6Yho*p?%~J6?
z2K)FPxpMhhb~Foh*=UsR9B+K<#K8%Ysp9nbJ8OJzQTh4ow8ba^a$TLQ(zP5M&pcln
zrp{P_^I3j;RZPcyhpCa><EYm9`MOy6TC8(WfN%_&yx7uVD-=`3!(!>HJ5w(vsc-F2
zW-4laUusyz$(MM;47dnIigg;w_Q^y2TWapBv+~QWsg}nS-<tC{Tn1}YKkH4{KOpuX
z<K4eZAExG_E8~I5SAUtmo@7l74N+RK)%!dRWF|hEclUnYKHwLz*M%QS2<DX})bC_0
zwUw!??Rck5ca!ft!tXP-mw{!>D);b->0ILI?ER@{dD@&Ff&7qTyXv~Ix}u;E5+9Dv
zr>0xmpp3@4UHXpI<m9)FZLx>E*J9zSVjgTk<HQt>l+)Euv%!ALPBnabjl{&1^ig&!
zg$G8Q?eg^8&Wg@aS<(F)BK)!EArwupaois5`a?`&s;7z258rlC!#e`c>X{GD+E(p&
z=N2rZl%Ukvzg<Tj(^y-Jj-jwR?Ux;bp2OAJzP<j+(^CIpPETnYp98C7Zv0Vo^z|^+
zDSiwhr?tL|r?nnQu3|M(6%TFxP(I;gR%cq^IFfXo5w$*G*KPcm=w-&Q$2^ER#v!NS
z_d5@HI9ywBjlWl(=W2I3ZFQ#J#U0xyzsTv+9Y;Y&PixiZ`|78$))75?Q2Fdb^jZ@j
zmz%o@|5H+s;5eOKC+X2tzc9RjJIrRvSlVF+xQ6<|!FVKTZq3Oy9uXxWYVP&X&ZQ!k
z>^kj$T?Ubqo)knxCL)Q%p{(RG+;mWe$BIgQ0Gkp+VekLhWy%ka;0|QfrblQJ@Im)(
z`gtcgA5!1>nEG9}91}NeIr}!*m#P=v#GSSOLr-V`=Xu*#7>>Dul)k|6Nb5NM{k<yf
zW2|<+bop)L;{X-Q?0?1O=5kzi3maXm&M?=)8M5-~(e?iF=uLcUClQhyPONnIQyK5W
zlhYCAs1`rw+s(l(q?A0SV@b-R!$6PjZ??@fX8@-O^|w4XYKR!%<ZqNb9Sdsd$Yx=t
zATM2~t7;0(5GlMSu>+P#`XqFYNmkD|3rW76LtaK@W?)OS+p%x0)lkwkpN$I!Oa;91
zzb*H|c%zAJ@OACg-4b5j(`8ylC2?4?or4wcTQ<<^N=jaPHvAhrg1@Ni&oGEX#yQKJ
z761~_@~G$!QtZjcIo}fmw)-~Fmbl_(OePZj9LA$cGwp^DIY;hIa}eWX$PQ8$+excY
zKLayEk^7#Jn|)2}p2{>IzTBvnx;hO(h@c>@=rlHY=r^Y}s&Fl4%VE25wV$VSQ8gxa
z;V4sn$XK&d6NXA`xXw8CyS(V{Nn($>v!g2b9x0v?=03%Vj|Rd#$(!duW;>1C06r?R
z>;X_d3U3b*1bcsjyX2g#h^xpTNXum&|5xe>+~riPJ8W;Pq9Z-uLPeA<=qFbV1$x%j
z9N6_w@&QYCmG$=)sQmTZhL5=6v?(=QneMA9bECtNM5}ju-6P&NVwGmIzd$hGTfn5V
znc9=U{wnx5p5e)-FmF3@*GK-z5e&|dw(?^;Lsg{bm$U9V4*7jzco(s;jOlf5F_jfG
z29ph^^{nrS#MpvyH}txXz}Rxr^Lmb{+%kgqibr|^iisSmh#WYp@R&o9sRI%rpub8v
z6i_+>;Q&Lx?jKXmqU<oFx0eakSad{37S(xkk)x>WZk{kKv&R|zwMR|^k${6z-)J&i
zS;9k=A>z`_(rAy%ps2%NuI{ft#d^v{f-~&5xOg{_F(~0BPm?8!Wr)PoT7KL=qc1R8
z!=KRNtCC#5DCxxBLxVHY>s=k;6B&(^Gj$x7_VeJ5S;BL1VhwiFwkShj9q&h@I>O`O
zpHfZw4p}I5HeO2%!0<1(f3$PBxX5G`BQo>2%H>+YUeR4R*8oBS0rZ9xhmatJz(!K$
zsNa$u!p*0`C<I1)5wBem0;nFtE?gb65L>>3qpuTR#lIY;m@x(&L?6BRSa4dXk`8qN
z%w^7K&QlHtrrxj}7ku>x1&m!$0jytvf#jaV^HB_hS<*)BwbQzHk9w4!4o_AOrk>AP
z&HxDehHMs-aw>h&WrJ8{=&JE&W}MU<U-FX?jFbiUudJPD)d!I-^jcPxfV39xs#e!>
z_r+A$zNF^n`dA7ak5vl`A&bO{^tMjfcNq&zwI~0$(U}HfNOesbddCyEQ)O}y=iNZG
z8axn%!%}9h(G{wxKJIN7TZCC<@?cJzQ*2iz%h+ovzw(!<Gql;Lk$rDmxk8JvF_zAM
z00M4*$osW;HSi+aqlQ;u5Smm@Cgh|sc7)~Mw^!fvEUC7V{KaA6wtpfMAtRb>A2gB%
z8qdNRK7@&GwSN|v_)1Ain~9t3A>HO-HSu(xJ7wu_z1`*OqyI*5#cbhnOh=gbc5CWw
zo^vVX6?avIUl$lUhm<N60in|JCb!SbwJA#RGk7-tB>WocAo3;NQ#n|Ud4H5F+)SB@
zh7?dICE}0<Ok@m#%%nLIM$3L2kC-@s-`@8&y?u4!T97l4>Q6@m%||yeOs_&{3sMAw
z_qVk*7uh^{_BOl4@A-19s@BVCwL9&#)GvE1GgwF{q4=rJTd?$g;N^(Z%F*&7D5=~a
zJ18NIIo!G#)X}1e1y8lnU?UgO1+Q(0N-0sI5=^+)xjfvIdUG4Y6_F&D7t<u9_#PoP
zgvenycT`$eac>)%z!T0ADdC_vqjtCeYr4UiO9q7%Yx*OslgC7t{E7isbU4I{e;o63
ze=jXoZ<WvAR%9n=X!>btOtpLu7j)gH%DcDV%d;WJ=P0Ywq(^i(l+5#zfzn)n@9Pe)
zxy}~3p^y{T${GqYoSwa819tky)p1J5<W=r*$rw=8*p|SmiJlm4jm&ansbY8eRG@%@
zjueTh*^?9V_HTptLV|fk9aYLfoZXe|bDYl<WyTsMW~5wGmO<cCC&Ebu@4zHtKQX}_
zlq;PaqHH)l^Ulcos}gSHG-T<xZ|F2XCOGplqcJYyRIE2oTgL*1a&6T2j?{#ub#YzL
zE;+BIy$GnE_zRWo;~CTS;N^{fJwAGt`DJd(ftfKkKS4)jA+lqAmCELYY4BQTY}{Hb
zPT(u_R_?OSEYCn5N{+5bG`lEc^hNdADNQN3kVYRe*TBytdmxZ1N|@3wZTtPk)_7Yi
z6X@e~BSnR3L~4U$W*$L;<JPgf-(o)pD2!XYKxBBpqlHG&zth$s#e9yC=Wu}}nT3G4
z^bU_laeZibzr+h%puJW<!_-&XhSR1uT<J%n?$*GSZXr>{11+VC<h84LOeIWz>Z}t=
z>4-cVx-!fpC?F-yB?Z+cN{&%tS@!Qm;&3J?_xSp=p5Sv>BvVRUi+WHaco1?kv$&kb
z3k802xhc?MXT=yA<qa3P<TvaxwI9OY0ijKmRZ`ooKr|k5=F<66h@G3=PkZ^0l98AS
z@};w|I%nh@yVyEIbnEY+8y41w{Lh=Y-+)Qeq*02;eR~nteXo(e?jxGZbfqkWK(0!V
z%?wvDp6|p4u_0L|kGvY%bt``!lmi)V01M=Sz|bBo=l1?VywH_I3#LZ8#019g``o2s
zuN}3e%f6969I$>BmQGC>C<Y^mT1`4c=2K}Xr!gWyOT%>rV#~MwPCA;G`F*-t7sR|v
zs7jg!*(+sK<{~tsaU{u=vh(mqYcx0w+sKGN%!$cq3w1F46P`@7EkGz|$SiS=5yE$K
z-#c-<h)Gs}?5hm>soF_8doEHDH}+VuxwqH4I36J@`-QpQDQp;#B0q2!AVN0MvD=%b
z&~)jgS#8MM?qGuc%E_RD4F}`(^HrbJv8NQuY;2#7Crut;JV>k>Yb_7K`nGp4+X#;D
z&><Y<f%Nw*Y^=<hPDTJ-A`sv&tO#Z!9I~(GU(;acZB>M+tmiZ(M$}$rJP>&k<AT#0
zV_o&x^A{F;T|3VKZxQPiel%9W{UbMr;t0M`v}i0@{qm*cLP{vJk3!Is_R0a_VN4_@
zoxx@%%63lx&|`xdO@IdSgZ083M&t0~%YP>tC^<&(MotJ=q?astoY+1TDiAY*r3Gw&
z<YEi8PfCe^U;gR}Bc#@aPr}|?0LQbN*VXBwxxsr$qV_gb3|_V*F035GkdLG|skF9)
z@H5CBH2+L&Y@}hx(Plh_($>WR<8J3W|7dOawn%58^$nKZ-*T=ohyxw%YXR9iJK+ye
z{!4TbQN)iI5%vxXh8euD*R@W{`@rgFIm_(Z^UvO2)_k7#`#|0{oe>}P+D0AXRfU9k
zFbqZO2wsTsS-M(30?PL>;!fC0qRQ=dBd8uiW0A?_9V6bZX%{uXn}UvIo@^m{?PlMT
zm?`<43U_#qBGq(`H@ULuWs#=k53LH)lHeK<SO+NsJw;Dp&dcd7K<@%L&IlRw9OS{m
zD~=?7GoN)wGFCUbOZU6O((`#G-psSTE&$F!Fmo2=T;qg4@8?qR0I1xx9(9o>>;Mp|
zF+x)mrc<r#CVWLsfz&Ts`Vh%WXqdBFzIE!ynWAEYZ7NSG)KvAqn$`A4#fn$>orMV!
z;ZLwU4X%i)_u{H_yz6)1T0=e&qjf_vHal24n0;n0riU9vQLC}6i)XU2b%E)Sj!Soj
z+K7lIf~G2?%R1_7%()2WN`H{IC`k=^M2=%b52-H78Fdq**t&T-Ki4rReY5dlZ-c8k
zOno#jdsTK#ALgnQ1Yk39-Xsxb;?MJpM;HGSMF<Bj$*5QI?TA3wETN7oYv^7w@ES=N
zxlbnaAeRjgor$;}zs7REop?)IDj6ZKl8T$nRm9Za&jo>>S1y;ygvlKsO-ljDYh_6^
z9L!~a+=fyF`=i5zgf38K#741=l2(;<@L#_5pHKMo*mVIxDRQXkFI){CW}$iz#L_Qa
zbFsOv3T|Vy@ckwPdS;R(1jK@n8j>gBtaYm^mwA6FUc?xP^$Q_9#YJLgM7}!$YmlV!
zCd-8Z4sJqbd>!dTsKLb-H!o(q`RbOiE1;aSJ};eQmi9C-$iEEt_?_7r`4{2yQt{*n
zLMrJ^Sub0NTjQ0DShGpC?-`tFlYWt>!eli*gDSs+WCYV$9}5Qt>GR_|LnTeb(?~)e
zYO~j!12K+WHd;hR$~}Y<G5I3UWqe{wA_BO)t~Q|>MdE)%BIN}@iQGn=@dim<#xAx3
z?{IDMij?t9zTOfA+d=XxfF0zq!sOdMC;$~j?~;Vxq40D|A_E@!(1Os`hng%0pcq78
z3&PQQ?Z%ApV`Vi}$oE3q;vj$oulId%PSLph&t_65CfSpDZjn2Vs%HvGIT}eIw3g4K
zc>x=V1Go%LXVat9aBxIsNrk^V0T)KQhDLH=R#9DU#Oh$ji0OL-pGV)szyEF5xeTA{
zVd*c{hwZFouwF!j-Kfwnd>H^l%X#^J*SrW6B!CuxOg#+Ni^;UEfhL=Z>4?^;w9Hpb
zNws-%cV6j~Guuv^XJ#kxF4HFzbyAL|#;dGVI4+$8TP%1S^1Nk_E#{=6UIEEa&!md7
z5G#{P<ASem?-ka2E6XlFl2Yr56j`bF?7$PvAl8E=;&5>#ZFPI5X+_%OTawqFU3niP
zg?mTh@UUhd;R()JLkLPbCgClEdC07!zJ#r_jLH17D8=&J-&vhA_8FE?rwfPpPu8Df
zcvZJEyF*}XForJG<geAZI%5tBsd807>?6sxR7HFso0%<B$H-d*h39ec=%(;FhuZ8_
z{avm;dL^Dy18?_;pJ?U!P2Q2G5YSJh9ci_|@JgVhcv}5>RtrAR$pCpa7zXkHhssf8
zY<l$kEEt3%2o1u(O@y#0r$8`-+btQ}%&7Iqs&@4m5^fiL1^u(B?x5RSwPLXGD_^}q
z5+7n+aT9~!o7;WSXIqXG>+h2MBqrS{usmhDVS68kCHU>Ut@q%V;f~dbH^p~V6#kh(
zK23FMs-aab8;n~?jHs*z&bij?=idOyYu{;5bp^Ns%A%lvvgiUHMC2YxwBb8_-skdf
z-5fWan|9HL7$42hiU^r|g>=oCE9m?>q-ueKdcPeOjR#6&WBY$PJ+6L}!nnjC3MI&d
zvIZJp8pBZ!8(kD7;6phGM<RkPViy3ypA(6xuD%HU9W+Eenh7Y<p`v_v(H@@yxy4Bc
zc{3n+-o;^&iF>+55{xKAa)Pv8e4dP>Yf#E~eI6P}y^qa=8-;IahT$PiQN2H>!%~fn
zZfBl4{KauGnQ)-?kI`n2S~Ezbuu8;lVJsb?Oqg{{cnD}Pqyf#cF~S*nMS3SvN{E*v
zJ^tQ+KBMppIf=|M4*SO=4I9xQBZZkCy4ioM&j)G%ZeogfYD5L;pdr454_I^7f3lf0
zI|}nM>gNO%Qat#lFQ^^G>?`N{s+E~Lya*CmE*g`)AbyBzS^dSZR+clRhi*koV%nEk
z-z6b4V%%Y}n-iTGd+9-hUw|5;!edlsf1d5Wz4ILzBeatAJn)<F&5+DRLPWz0$>~al
zzJ@b$M+U<>5KjQkI(Jvc`+(fcHMYei`P0~*6qRCTO}oqPn+J0S>w(QM18J+URerv*
zDPdmIOao~>Vuq;(m<$guWPP%o^#@)L5z0|iosg*Uy8!2TBL7KaS;doZ(<+xcBTE6s
zVe#KF91Q8B)kq80SK#mr(skrw-QeHI*aVa>t<6`1U7_;?A3*<s2cJ#LsMvzQD0E0T
zu`AK4?t&h><&MP-Y>WP!x<_BL>IrKYLW1=jz$iBtVE-N&JtBHDT+8{X@*f$V#^j|h
zhMWCoPWdlV0K88?%~>jX$PkbMkb^{!Rm*bT*@9kGWP*ULlsyK7j=+wfb%Ifu=w&w3
z?OR#{UQ1bmV9L_Z+q@qa<DD_nL--4)hyKw3B$m*p!WvjVmmSq2z*MYq93R*H6$5Lk
za&mlZ!es#D<?ymmmYu&6@nss8yL3NuUhJ3jW5He+h)o#t2#ZvvTeyi$c80GAI^M2^
zYT*W%iftkQ5kI+F5GEOL?1?%?cY354rz42VHzt?IM}3dViYpB)ryp|uV*<+IbE5_<
z&}eXo!4Qy<na+xL2rOi>1&;{*8cbDL?KFX-;YK6}3=a1w&^9%$Q=07JGM8jsr_9e%
z8{LvoQgph(4&+)rzgin>DzfLaRlyo&UfH>?56MChYptF^t~LRaQ4O``LeBe7(3<#p
z^^CQ5#M!s-ZChTK%}y!oeWrJgXez_LY+*y1j-N9xZ(f<u@L^>nb224t33KTq1g+ZY
zx+~aV-C-Kw!g)|L$6Oa-47C880TB@aqZ}at9&%7&jR6M12{F!?(r7g#!eE7FkKf5J
zjo6n2(+WsPN{ll5|BfMl<F?#K(%O!Z>~Tsi-KZU$7qjak{tg5=+l+V2AqANal+3A;
z&?qj(-063OU@hzcSoOTaR%JI-{_5M?d2@-JUW)rx|4qh&0IR`hjuJE3xB~FMrF}pU
zQ14|Tu|&Z3V1Yfyl(BGZn;7~$WqGlL9<3?3drdJ>c`tglMxj54YeKN#E3yz$UMtRV
z%jnxG2o(Sfc5r#&po1`NUwPkMc7Mn^To*+(<hh4TB*qG}>u3^-ue8Y&wRNMP^KlqI
z=y@emwUZ4Ge0(O!TPm&kJcUcxE%=OkoSpN2=e$QLsk!^3jX=QsJ~Dl@cY)+j3flwM
zMdWfXTw}Xvsyh>W4niGEs9-NkIFiKQP&gH0O|Oi2cP0q?nV$RLtRZav+q<S$ITii~
zx715<P*<pAUvvT5nmturCdDSnhSNOsj|~C@2_Kd;$jluzi;GUd7A8o!#y%}mD5*^=
z1|AXAE2#=ENTMSbmClc9(ZS_>nyFKNL2MUZw%&3@`r@VXk;Mg6sW7W*eZPP-TxY}w
zYQOGi7j=~*E&Owtmfk8l5NdRYkvcb9hE>sM63U2>h8B_a?sqr`2-XPN&lzaGKT3B#
zklSlpc@8u6OxVXxQV;g_eHTB(Us;sK(7=F6Np9ovryJ)`kTzA9%tw-KuFy!LsJDZY
z(!W{(SG&P6S-R0+ZApElfPn}{cG_q=6JdRfeKM}$kANO2Ao)Fc;Y{qtW8~i{f0<Rn
zAt-}Ux%p@1<wF?gH0ga?T6W=r*VMfb`$dcP(<|uT0V0mfpn|xg(}1-Mqo)Wvh$dcc
zfH}tn1XR0VHky)=<Z~CtAT&Zpb0Z#oABC;I+aMb7AC~2|ts45?D=RMNy21TuiShj6
z!*7EZlobEi+42ulW*!G&1cQznJIAE^=HAPt8}j8~U4Sq|awth4%8C+85bP5rD+O|7
zbg8HGomd|-j}2oS0f~L;-VUD`ZY{_z=h}JlA_~=>S%V|!?pnU`6X3;OM?ek1;^+kx
zYD+ONzyLPOaKDR*^K_WsYi>P~=<dh9_5@N_m4k33lQ1i3c9hsfCh=TlcvDR;J18Z{
zoky%*?JENm%rbaWryq(PvH8y1wq&C1fGf-y*u65HSXM!hHlZdb`Wzv37&J8=?HSqI
zGHQy6)ND@=vk4AiFP>S#>OHxdY$u7zzGN$dLD2nb6gEHaZ%a4*%51r^ZSTYQQVC^P
z?8zF9e~s*1ZV7cbSClX;1fiN59ZnP<g7}H!!VVp1QsUk{JDgWb5p_ZXsxPQv%(1*A
z(kL6zV5IigV1|)N=a5^ByRRy;L88gQ-+q;v(1CFMnOp@;1RX(WSK4%CkE;pGe77Ez
z4P#6B;@1?Q*T^zDqRctFfl0URGoP5ZgpGS#W95NBV;T<2jl5Ft3Y=v}z|cg`k(cjS
zB$AECrJ96VU`>d84wDOI?OuNrzwm@)3<tfcu>Fwg>poxk?d(09P_^F4MnezJWL;*c
z9HnU&Rn$R@v=*<Jl4LJs5QMnms&m?3f)w-wYh!=6=0zhEpxQ6QltM^DGp>RzE9|_o
zo>%GpT=c)YUGz|WTB;3j9*MVtf5Ja|9jmrG%<e?k9>L?95oZcZ4Y@a$n9MGM5R~Q;
zBmei!0-Xuk1LV$A6UsrUq0{mi{Pmd5G)GcqsTZMK$%jBh9ta5eK!F%AM?+C?cU#Og
zl$iZ`=w}w#MGl{i0cP#)^%nbyOIWIXf_0m}^GO7PLB89Ucv{=OW+9x1(R(&Ly}!$0
zLr`W8;BslW)pj+2fsRR3wz_l>p)TJ#GAxW?@Y5w1cjxDed^M-EhY0@I6`3ljjq*wX
zgfL`4ln*#=hM1GgtgKZdc^C7?WZK$Jxf;n3lK_0qX%dOPQ<rn)c@ee>1xFz`V`PH$
z-t|*^yFKtA>9PtkA_7muI9tnvwUC;Q{ei9Wh6SS$P=Xn`xCoILgGO=>F+B~%CRl`Z
zTjuN)2=i~(D6X2s-?FG!7;BgF`@)>{tsZosp!C*nl%`W!UM*CufDoY)zS69vZgSVi
zuXcnI9YNJmiN3l6Azs8Bt4ka&1%@`Obs`dJ&nRfG@HXu4RsGOhPBQ++j37nj3jrKN
zsf-g(^fm`W**B+C(xV(GHiCx$LOG-ez}f`UWeqG6lrJQ*3W@fC1tI+hY=h|lUl_u{
z?wN@5(dgey^|9V>Joz_p)v=|pTB}FcDjurmZhk^j)TuNa1=>mU*Uo-smR@7P*<+Iv
z>OSAx0b%OeNU@t*1pP%U3x8a{z{>8%YA87aX@TCN(aR%?@g=%q&#%GI9Vf8>78Q5W
z9HFtAs8~Ebhx&98L$+Da8apL{RXt_z+`4F?6{hp(>bkBa)#Qv$$<!3Uz_<I|KfQL8
z?Jn!q=aC3#dSTAZBfnuNasBAB_zVrJ{QKrL<U{Bt(%>_HwS`n_F`JKPt*XNJZst7~
z&FA&{d~wi%))Ht7%SOJH2^ZV89l8O?A>}$FafJYa&z%EcrSM;3j@eY1g{8FuK~#)E
zR*lKiBStzrypy8CRePjS)eU*8Bsl`J&`XkbRuSgc;F%WMj{mC2*xuLE_cB3^_<?+)
zACrtqtHMZzz_68{qr(>Z*X$endrv3hwSJcw^f>B#+`}Heq?T+q+DrcO%Gf6Y$rBDo
z{^i=wj$ph3<7KyHKp0Ho8S!{xI9J&|e&?P&0Wpc!@%ybds`JK)IX&HhkG*P6T~Rh!
zi1<SoVyGxxW2er`45~l)HA#&%)lRpEzI0tsxNRM!1*ggF5{rAMgUY5+&V7rfLl<^R
zhaZq#WU=oJaMMq02dY5uiV86p*Hvoe0S$5+&|&g7^{=-IfQ2gIpA9t(+g_nDMAx8V
zojZ32d}dFB%VBE0w);Fv@f_9-ak%dDNG;_jL`M#%urxFD7-=FTwFJXXjs;X(&(}Uc
z&quU`;?>>+Qjj3?RfI?j0#h?n-$Fz_8L#~g;xHG&Yi<)gFjRFs*YvL&UagLAyYxb)
zL|IqjDWiUS`PUie_OSy%-XD^cXHv<ytlTJsF;cXCd&=ML!D=IDWV-npHvO9-#cHjK
z*X>-@K1WMDTP;>MK+yQqkU?DJFMaB|tq+M6A#T9#3%ws!li;2N2U8#H+ieR8vjo$t
z0o1b5dm`1KYRQlI!(_DBJ3{URB@9s)X;;gxlSY^AQcSLqfW!n=<|tg}NcUS8=&_IM
zSCp#~QRadL#?;ekO)wMoVZy;aaY9M46SfeNptcld`YRHXC;zq`?fk@gCIQ|MJ<9rB
zwVoc%-md`xS$q68)AhgoiG{*lu0zP-V(w6jI3IfHb&tcAMY_L<$fCO|ae25+Tpt;A
z9vCS1LJP|H+sVDyuM;+4lDWM(Q3w~po)Q`^{MTm(Xmtk0*?WzPqccsArmo^{G?;ft
zpHRZAL249H2CRR8lId;>4kH24i!Myft=a3(*-7(F{12ldxU2K=tsg2}`#Vg^*js)T
z%AHK)bv+yyFt=MQ*r2VKG|Xu!IrFT>;rHRB!vV1|D*tF#@IqoP$IaMavZD@**g^jp
zS`q`=QRGR>4?#9}mW;5{2t3DSI^TXHZao=Et2mXda@~PCOK7TV*-BbV2O!nf@?Qlm
z!r`<;Ds6-Fuev{}xayq`->ad<+Q#PjI1#Ry72X>|;O4%Rzl9+D0;<kVf5?ua(oQe$
z<bfv$F%}!C*_EUCHkpqr{gMkq*#p!h4WHPF1R{Wx{vk8-!F<@J68miz@|n(1eY6j2
zc<Tm2OsON)^SBENY@MsR$VCQX;nb2t3KV{S)_$v0Hq^qu9Dx}ndnp2Jc+P-4MW75%
z3=$Te&@yT(Z60ux&pnHghXI&19TOobjvn3BdX%~w4fP4PU3F_NQlj8>DS@bugUnuk
zyTh-7sHey}>l}<_KDr<>Gj37VMN}#&U|)u$&Mpgq{iSC>4BxV#tEk@HR_P>|>xh;o
z%;U-_eTqZ4Kxs0)s!N&yzo*-lVNUR@M0JL)N_f9Kc;0HMYPW?$Oi~I4$Qs52RlDfi
ztK!~;?!!9Zu7a4rIpBAHte2(YZJU{y)W!_X6cJ7?GNJ!m0@Z5l*F$AW5G+KRiqsN#
z@)xq)?L3iN`;6qKQy6{XKCH`;J`bg`p=Df=8|DffL1m^O3Au8;!t3@4h9?tGjCX){
z$3|WUphwlBf9O^7-I8B^%A%EyzB3F#K=?v12wWSw?{cO#mkGp<;3%3P_8WB>tBW3I
zG6_B2V{XU|WtlP8yr{+B%5F`JKq{(}FPhRDmW<0*w!|0YEZI_M0>A2Am07kw<^?PF
z^g+ICA5mK*I?o%b{6uCH;XxcqA~p4J?(cC_k<Uau>RG_pOgl-(svY-VCWMNq0vfN9
zFx&K}saOn_0tD!>l^z3~l^+96p6FrqbNyaMtR8NMr@Zy~wjYb?m8~<pW%+bIZ6BBu
zOOvSI5+r^MV9j#Ckc}asp{6RM@BXT+Rd=4h-+(9?<eDhpe70(JJzR`@N`=D4gj@3h
zlX3Cf8l*^qZt)O;CGk<c;!Ff(wiVsBO;XPkR3kyZ^)T5z*prtWS9?~pZ*WxN7s)rL
z1Hk||+W0fQb5WC7UvYC4&AUJnWX5go+v0KIU5G%=n~%1M>h394dbq#cX#9GsvGMEp
zB0yQ<%HI#gIZ$7=lTQH#I>=@IsLtt4gc9cXu|L=H@SR+&HpU9M@X6YP!xi^BNpvVC
z;lCk_)JQ*+%>@)AL0^!rAV(#_76KzIH;^eNGoFI@-3U^@fHi+KjBelK{RX}qs^_$w
z{V`TtJhHA(d5W)!`E9E7vV#Nq@s&7-ZY34OzVLl-D!VJy5!@d)+<bJ{c-%_b2X3n<
z;Vw_aQpF|B$t`3Nuw3LY245HPGjVy(hoP?Bj@!p=&9p7nbl<D!-#-otTxMHz2z#We
z%ZLi;UWL$MbK10}uYfHzR)(%=mV%p66*V<rOB(zm^W2+yFb*GMaTuf@)xon1f@Frt
z2U0!o=CKY2wed&bF5+%;C@xN9x&ZVItCtw$0@^cTf^2XBNa+qkg7i=%AI<ieJT`n=
z&BI>h{L5gis7NhsC!{^T@uvmOeeWcw<;+>N9Yz*L6L~u*CWlgI>(7?hbW3kUguJdI
zf5l|FKgfbCU4@%ZyO-taW6Y)n<96=U4&DQctFJJGE173j)Ub?C(F>69U0o1&qs90^
z%_{>xe^*Ph)clh^NxQ4fMmLEq+h{?X-=gC(Qb{hjR8M*`vk;D;4Nu|204bkr-xkxc
zFeB%}K(yY`BZOYYSTZu2dnVaLF{{2C0UTX{jHUyiDO@79@GhDF5`^bR2*6236LDdX
zD1t@pHq<4+mZJC6o2VP%dVk9%#ruL}j9VX)#90655AZh@g<=j4x7TcETJ}pHRkYAH
z?oMJcJ|`aw*34Ttj>3nxRu*+t`Uyk6jnMnTWl_-QE^wA3dN0{**|jC4o3`Yx+-Dqu
z!(_x^t%ojk^&F<xMbv5w?W>6k0xOCd+c9=pC-AM^Cv(kF1w5Mh3R>z4KlXXPfAu25
zr?_Cp{R5STC>*F>#0zYg2H^*DU*Wq!w-}%TLBN&58(xW#EB!+~YR^{;2O>*x1U!@k
zOao2eEEuC!vSBp8K#mX-%1-&30t8@<Kr%9SB-q1if=*y8@?;R=!9~QX_uJb6ZnTr1
z_;tog1jhPN)5TyF!`-t-n?K4LB5i%=a6gHAtZOKFu(zzG<)&Ifn}ym6ZNE$cM&91$
zeqlVDvi}E!dG|4X+vN`6=J`i+njY#tWiaAup}2`~1%~QEn<11_K;>+jH}kLyiDOGQ
z$!W&!)fdu(p*wD}jkQ!-k3H7WD%DPB_>vR5%-f11zG(RQ_N)7X-)_>3{m0M-Of_XA
z9#SY<FNa19*FzhNsQA(J;^ffC<{8veFo*<@<(qMi;1=M(Fz~n?u2ONNwZixh18I{%
zf<U=;QYkhTLli7|-lJoZbhLPCTpM}NMqVQfCP2+BrjOGU@^dKeVnS@u6~1YURmxmb
zTAuv=b4fL4PqF^jo;oDvl`h5^=L@K<Po<HJ=b`U-381*gx-V<1IZ<A&&qscrBZMZ7
z#y}3Lc+|x=D0kxg9Ho^}v6a|#9L>}Za&{UYQP>@~Z%&QnmAlMGjh><A<{rrHw+32P
zPg%FX(c#4lkox#m)uuD?%+oA@ATu=7dZKBoe&qdNX%#gGatwf-U<YaC;V3{xCWz?-
z1`xX<Ukj7!lLj{y;`+b_aW+&DL^nuNDPXi6Hy~eO+hp0tbdSk)mH(FZ6J(adi<mm2
zxRJ}$Lm1@s%}jd|9wl}kYWRfK%D(6nkJYIIYcBVPi{Gf$yxM+Kr~~({l*!xU@#;ih
zB{r~eH`6x1KQ2%-1T?<#&V6nM{T&Ytjsn?0iVC}l=Ki16B)^$zQZ=%p!9Zben@_%l
zpPIy*e%72nMoshAsKxi!J8ctNx`kU1&1Mu5CjPnMl9`RD&*&F9mu9keGqMzU3kEP_
zs4bnM&Oo6t$qr)bH3@oxJxGQwDn-2BkEn0VhmsGA?A|SB_CXgryS={yGhnNMHQXNa
zqZ45yCNrWpw#nRwwJ!xZp#ZHHiJ<B1t3RpR(M&%_1OW4+dHEml)b<^U=v(mFH+u}o
zIkrT=Q`UIdea;Ja@ZB5Dk$m6s@KoH^ughz`Vk#~w8gF^2II)#ko6?y~IR)ZBd#al^
z>zy`#1dEOi622SK>HO>UbGs|LW)J6G$e%dy6L{(*JT}j^!B2X=aQbkvn)bXhvM}N~
zu08gul}Y6A!2tC0j(CX)x_CVD$-xgQ`p?A1RIHv&z#g;k0O{fcMOrD<dKC9t`mu8Q
zJU<VDYIWyFXKV^kK$LTs7|i&T^fA<&b|v3NY=W)hHKn@NHZeCl+#BuTo}D)q-mjW^
zm$FO!OcC`rL~)Ej?0O($MWEM_t-o)^8ydRWOJDL!eYiqgnhC^I+`iD2<m?xV?@eHK
z6_9vvc4nhVQKsMa^O6iOY0V@m#$@-yi<-iyRn<>+X>s?Ckrk&eUnFxkPGI_D+y(B8
zQioMZ!cKyRqpA>yGS{-hsbT1O^Jt-b`bZxvHQ?R==m9c?loH>{2=MI&)ID=}aIx_$
zOw4EdVMRg)^eHHZvVP7219PVWVsZJ_0H&7@@DyJnykexI*Jj`D@)ojjm2>%O*2zH9
zvD1`_y0_m3;_?t+07(MRV<+I@wo%_Ag*9GE^1ok~2t!Ud0eR?d&qXNdyVD46figM7
zfc9K6A*efy6WyJRyZe6U;LUH`YtWAd^fn32dn`Pfff$)g_YF+jUHf{BHSf5*-$_2Y
zIh8`bRG=uk{gZ|*UeAx)z4@m+WNeXLT1!3?Zqa$v(os`^v5o%y2+!Ei0ptiy^gd!c
z*4OVX`GF0$NXDzDo#OzS7Y(}jub3JTcTB)`a`&zw#Zh%zE#G*z`17bt7P0wwgv-_0
z@=7XRPg=TC-ZU34vBabViEjcUQs)sQhOWMc#iifBBPbjkh7(g`JfozvA>WVmRitrF
z#~q^8mEU#2?&dY;o5Fw@ERwGRB(>pCgfno(%(^D(FAv#76^y90^Ob=y{>;Q<gzV*O
z4_;5A`VA+d8i9=9n1|BYw~>*U)F2Y$C6V>;d%40I3pv~iKTd5MeF?r?4cT_*rfu@N
z&+7<7Wq=ME8F}nc!lO#MWBGNBF#GzZ8i|aP$F~XZf`Wp_%*EpM>unxS)Fu~6$D+E0
z`XyTS!!aS$y#k4?ysW?byMhwXIL+JPR8ZwPWGO>se3$U6Xh4nEL$Aon^ww^!hU>IB
zif<~P1tlj~drOzE&Gz%<SR6RKbv-xWkp_dzk|N*<(QEswPiC3YH%cRK7q!ukJ4Gj_
zLgpo9*IZx75R$QuL^X@7XC23|-*>sKeh`#z&BhyzxYFSGW(7YnWd>^lBz6(pLM&SB
z_hPUS51;>E02>A5`obYygPrDt^h*(E;Xj1QO~}%451gEYm}nZ1@$A8>TS6?{&*oxt
zQl#wMmVX{0Y&|J%q4Shq(c3bMR_@9}xICW|0tiltnb->_q-7zGCJzhAgzw<Sx3!R~
zg7-}n>3}RmYvp*XW%!V>8=ZIGopBj;!s0B3fk&pRQ%}cn%RlayaAypq9TL;9GGm;#
zKQ@xH5byO_cxfDtW!S~5op^^3Q3kOQ;V~riha*Gd8;`skVz1YAAMV6CAqzVJXL`mH
zjX&GjIYLOc$x}*mYFT}DLe88fnr$--%b1FN6rajlqbv~?jpJ3rNFgmo;XZpG9R_oX
z=Gd1H+uQJxP|M<v7mutchQ+1@l9zM}uEgk#L*8Z%Shs1%l^>n$hq2XsX!oYP!lDAz
zFn<wo4Zb*mj|ad_u(KwixXH_>%ohrkletbhkM>M>tpj;kW;J&CkBUY|j2Fz!8lS#?
zUwi2mZtO$!J_vf9#FgFVKUb%p8$$4ZN9Be&<xxWtuEV#f`e}$CNihH(Oiz<q2C~|a
zLQ9S~q=JYO<b$9MoCyKBs*0|y8<4b?Ro&+~>^v;{G!oBWozy*-C4@kYM{0T3)I1Xu
zLNu4yU~-<<wjd<qw4buN<x9=FXPG1^^DLNANnn5+OqUslPm9kYm@bkz^!-7+oQ_^F
zMtIDxz;Nc(wxejheDC7)A2Sg}&h8gb&OJhC(J3x*)<5L2*bMxK9%EfRHxI&X27GES
zOwT;atx#wR9(5d-e4}6)ZTJsdUKd5>g<W_1*gge?Hz;+~IntOHKGVGZXhv2s*Bn0X
z%1F!042RclxIO*rbT0&55@Nc9u55}PRndB(&Lfm>3YR15lA(xl7E;0Ro+FyXk_f*E
z4U}(&Xz*q}X}%>UwXORf$k;|Be9`6eK?pqsA%*;iUUbUbXWq?-#0HNrHP;{t8);Ia
z!7n!*+EOyDi@KTV3FXSXYJBmh3OjQ&?4*k0FXJuQD?~y6!MM=_f4^h<o_U(&f58$n
zp4)ww{~l`Nn9$7or&j>F855Hqtw&CkI40(@G7U*f`UU=I8rOL6-Gx({Sl_N6tUp8s
z#23RE&a|H&LYx`sNS2tLxWK{|-EW<8PHm~A5b5|ZvqH6*?SAh&8vfHlx9qxp=k4BF
zr|*b0Edvn5dQ0N<nu|OyU5oeL5#$6C9c6#gm`=Y_j%2ApPQhHZzkq#8ga216h<lK{
zKw^mgIQk?x)ty}I*b|rkljOAit0LjTvX-AZO(+6OeF$Mx7YcF0go@gCMpZU74ycF~
zP#qzKjy(#TTH+kK$L6Lair(h#(dqm}7ceJ0(R}lW%BVhKb?fb2U?Bu{D+FNYazc5-
zOCwixSYuW<A%O^`H>5a?&ma2;ffRs;u4!FbSdp-1tq5PqdJ=F?L(L&u+^}X7N*kUV
z`Bc&>T3tW4t6v|dKHuzQ2&9lPwX|tb;VR9VP~I|=HA#u4lbiRrrWjiaVMP@!D@U&B
zutrwaO=4}jaZ!&x=P%9xffUfNO?<<6{Kqb{9tpFpVn<J$q34NPgpd@s45?_p7cV!|
z6|Icqu?DB%t`nWlpY?=53Xo$eqHh$gX|~gZK9ddrQc}nrRH=S#WLf7|*hJmLTF;5k
zU!4&G^nZ7pu|Z#N_7GFOSaE$F=X|?!2!ZolaV~&)o|?}E6wi-w9s=hfa2^7mGX(w*
XkYm|1C7i;{00000NkvXXu0mjf5LVNl

literal 0
HcmV?d00001

diff --git a/src/etools_datamart/apps/web/static/logo_small.png b/src/etools_datamart/apps/web/static/logo_small.png
new file mode 100644
index 0000000000000000000000000000000000000000..5762cbf5722d9bec3172b79d6be6b269181700ad
GIT binary patch
literal 18008
zcmZ^}V~{98vn@KdZQHhO+qP}nwr$%s_IQtN+cR%}=bVeU5w9bvx_Z^hm6e%4D!RHO
z739QWp|GF;003YmB}A0|-A(>AZ3wV`edrtk4FCX)gr%^sf~2r8fr690nWc>>0Dwef
zsyeue@+4NCwvwbpAcO>DZ{%Wi3W630U}aEj0tk{+45Z*l9Sv278zLaKn#e*cK$F^)
zsp3`LaUmTQ^`+5Z*i<&kpOwcQ?puEI8=v>n{9F1=Zg((%T&z5mtndq<1bWH@QjxHx
zv9i);iTD6C0$?x(U^<>YovFC^ct8cP5C5snYyicVHJub4{<vTD1!Rb0AAkgp2xd?x
zKfV!gfC1?@B~3s85&eqxJS_s%gL?$*34;Ix=~NEwSm_iF<ydM}Hc3dF2zNk%vU`sv
z8-SMV!aUW9`7oZ1c0#vQh!G?Jmk9*$dr=<15k&;}>G}Mckw0)8CVs=o-|%xYf^vBD
z-U!vsijbT#H0dYzW#9S7Z@WqP<rsH{;MlSx(NYR0FqdxJ?oKU8O9VG*CSzlQHSqV|
zjRL0dj8dqSMM*0!6_omOfvmtX5xSr~4HglygmDQ+qhl6NnVJU>bR!O-1)>K)c1dP8
zLWMj$io=@3**OU80nH{jZDw}B@?{UzE&QbuvS!wA_R%3*fIsY`MI|b(GZ?K3IY`ir
zY$GzBc1A55V9k_hjz-`%CQ%@!Uu+1U(4>ilR(>`{X*5KF#`M$a@JG?KD3P6wSURc%
zQc;U{R|k(O_t=74G${?q;2t3ljf}vZ5Fv*97h8?gLXu5n`ZdB@2w4T0pHf-q^^N0|
zLp>6uJ5WZ-o`ywcba*NN=p|YB@u_Gd<dugb%+4Og2P^k`q6A<L0vHB>pf;HXOcQ_y
zZ8v3hZ_>O-fF1&1O@Rm<7A(NbN~*+2Z!#dGd-M?@0(>0wDy&o>p$fmA3e|pH0W>QX
zg;rv89zc$K5n!Ho?Lw^5OlP#9Ux2I!_&tw?HJ%NW<9^GHg=AvIiZFLgE?_i~`y&iS
zD2zd85!ri!9sqd2`GgIfhkYHp0xkO2kn#}MA>tv}A#g*vk_Vnmw-1Ja3kASl5r2+y
z-fibPa7~_vgzp6=;5!}3?0|F}<j*2w!G(AA6s8wM>SlhtZ~Tw$WLH?-P}HHMFohrs
zIehq)HzhZ%6GSza?5RuQSe+Z{at0G`zn%LkTL4}bcD0S58^8Z*UV*sbamTO%qPf9X
zkI@;5r+7G^eiv$q0`DNH+#d<y-NXNQVC7FqP3d0hcI)t0jzfirPJJUfkV%(Mj;t2}
zp<&;A38ASE;q%2D-&}yX+a9}%^vd>{RrSF`JPxUE```lrNq>BP!uzj?+JhSSV*xB*
z>bt(+@9EjV4s<^Igw`n34yVEc6#(JBiD3de8^Gci@ZAhxg9IQTz=;KNB!Daqh-jE1
z>dZ4Spw0j|3sO>mPY+lrfU*V58i4<WeF-FUz{mkG9}sl_-2!mmzc>e(7likK{y+dB
zBy<T0#2`kCpgoA`AnubuK#Ch7fRw;W3N#@`5(%6UI3YfsfGUAn4_PMcCkRhKp71Qe
z?F{A-=}J(a5JwTVtN^qM+bASf&`*gKE0#P1VZqJ~LMtXcLux^)6?HF+J%fBA@&djV
z$S>~27-(T2GmGpr=)(Yy9$svukqMg}nreWmL9-sv+WYl^y&ULjgy%ps-=o<At=psE
z!8|=wzSDd&>Vet~WIrgsvwjoq0sj>$K$d}=1Mvq+XGlws&5)uXRY7P&ghP@WZm&$f
zOOqgBihL2le`6~{bdFexjE=mF@QxUdydD`J(L;(fk#QmeO*)X^Q39+?X-R8|c8PIG
zU6%BcUnSB`*q%f@a%l?TiPsU_k>r!=lk$_gDLzxOq5MhVhzekeZAxhhT@>n+IWKuq
ze6Dy|7O+BM4d+VNlC&+zE88jVTU}giT6|c-DkfdcDpsv*Rlm$x6|RM6@y$Yx6~>lV
z{*(5nZ7FW)=8xXexeK=!1aGdMfWA<DaefJZLI0YW1^n8H6?BWawYoLCmHvufq3}ZE
zis7ZqGUaOJpY?iY&2sJZBJ1+$h2!(N#oATg5^w2t_4vZmGW7EF`gRTb@*U4!^A8eV
z?r#U*K)=Wzv+v}Ocub7ptU<#&%tuUZjB?CeFcDyH;5xxL!OlUuV76d9VP9eSVU%H_
zVXI-{FkG1!%kd+o#|-Jr&kXiV{O}A|LwH0uO_mbFi50@zm@uqR49M82m=}y~h7XGw
zCOGyvRz15d6Q5lWc1I>mW2P08-bu^kn?f*Q;IN1AG}vwSCwJxL<w=%7m#%ZOCF!zW
zvlFvKGo|KMGxFK4*~}Bd6V8+BnfNSsO$M4Enh~^WnmEm`NhXs<P0t#sRZ6w^(n`~m
z(jlj0(`?iH)Lzx56`pEdwb$Cp)xK5D)#@7UT5lT~8?nuqhRXK$?KGoHYw9LlWAD|M
z+}vK>s%@ZdvTpMiu@{|Bqff6-Z#b85gK$c?R=73X$hf|^&bUjQdX7RlJvpLstMci&
zists_zn;0ypA16`{f0?~t;2Sme{}xRh0;CK!G|-4kHh4%_gKC~BeD@Miqqgbx{aW#
z)35QY(bl<dKW&S3&N^E=dLQ2$&AHdR_1_4-M%-mwFI?R(F0Ct{b?!X2p$}WPtO3=l
z)z9zn?J(Vf-O}M>=fmV<<!kqW_1*VH`_8{3ehGb>ed4}+?%iJN@Ac3B-U6ftYz5>3
z&Wmltqr`17JvbJq63{y+8;B!NQxIDiD~LCkGSGLhy(vbxMi7{2Pbjw$bBFgve-kaU
zs-Sr>JmHS#GbcOqz(7aCP(xcouffa1)kFCs7@{WPD&j97pQCc}K6s!IQgK;%F4NXw
zrq9<NzQjCWvN|tUT4=c#xu`xBW0YfP%1m3hJXI`Ei|<Ca#-@(2jRtbqZB2E2-oM-{
zANb=6;~?{wdCeq)w1;3qnj>RICL_6%^~plXYGt{wuM=t}Ze<lEGx3$u9qU?YTtqF$
zH4=}_;dnF7lE~()=EzCOOYWxaaMSs0T{z|*_Ku~;^>YsT2`z*?BFmDU$nr2rnj_gS
z{=f){S&hxb$oFvQ(blskXKN;}51-zx-Q`0IfmDO&4hif-?Jv~~)Szn4Hvu=Ro4H2@
ziJ}(SF^cPu`eh=gHWQxe+UeZ9Z2j~s_wc?SeZ_nUBl$|!9W9$YPKqXPmd-6IS&pOp
zQdXBgO%$1K9!2;B^>hvZ;Qghi#6jVw#6tr^RYUK~&th`*Pt;2+Ia_2Yw~Q|1rH!N5
z;lj<I%irM|b{gBlgg0+8x62BhnaWw=+Vpapyqe=obatC5otw@5+~isFq(14*%;)Ma
z9jP&qn>@@X@~@&_p-WBO(L!i27#8v=^f25ciWjv;_oYNm(WP*wt*7{H$>@I@nz!Ru
z|Jmv%v6kFax-Gp-M@*MY+t$JB@fnBeMIEKatH<eWazwROU9V!VCa>kw-`8w3gmsNI
zk`*_VF@4m^Zk=BBt3p!Uu7IoEQ8w0Ut~lA|8tkgR6kcVwVc1mY+dmY$AKT0(VrO05
zSW&Yfv!mPkGLfE2Yu5H{U$tdkSL?febenvM!-eFQTX|nzxn|k!Y{9ElUv|I7>c5=2
zY1p2HrGw3WVR%is1@%Vt{{137Owax-dTqUV-QIN=coCQt92;yBD{<5^mQSvzEat53
z{QgrRTuTc`3+|8mbNMoy7G52Xfv4$};?;6w@!NP{+&f-6-YsvE@3F;I`Fu0kNM4_h
z<y>{`@^tQOPBfRpGtK9HrL)&LeEL0)-?ismcwY26Iwq}`4)=5NygA5r+cq}Mm!4h!
zrfX@5zwY;Bb+>}NHdL3}IoIoVFLo9Cl0C_8zl-Hxeb~15(#-AYuJ@z&=DoYk`3mtm
zb#u8>?_uy!@S-30yRo#t?RaGPcUU?e34hyn#{cUJ{vAJ`OFHjQz6wvPht})N_xgTa
zL>;w%+-LJ+=aZ+t`?<cC|4NU8hvVLDLO=a;%=NhsrT6-;)xGuM+UBlDpXGJzt?wP%
zukCJk)9cu+yU*RX!;A67c)71Ke<Gi%pWD~g1L?<f@6XqdAEo@5GA<~?-#;}p0D89I
z0dVthG1PZo4068n%8*5U*;NQ{@*2MADv|5}uno$1Yn<bNf1$ItaaK}6DB>?92?3t(
zFl?|A%{@D+J1y?Uggth5e>Y$Nl%N6fO~1c=FF!u{?E?pQ0QcTdp1+kSMLgL5o>hvd
zXNo!xxIfr~Bm2vX%{4dvd$oXckkE7n0DwmRPXh$V%E15t0D`tu(Qwg_mEkhBx1}>Q
zu{ScM^RRXJ#|8l4@!<M5v^8}xB=E4cv2*6~;3fJm2G_swe_(ndg8!npSo0ET$SM#B
z+dG*Ou+p*6F%a=V5fBjYIGLDnDT#>vkNLkRULp$@7Y8nSdUtnsI(KF|dna>xMovyn
zdIlzXCMMc{3|ePTI~PL_T03Xr{}%aQIwGdd#!i+FE|&Io1pm=BG_rSf;UyyakE8#6
z{r5UuEY1FpCp+i=3F}{g^#7TmXQX4G|KHmGOnLr;aw(ZQ+uOMQM_$#=(uI$S=fBAR
zFZ_SJ{kN5{y{&_jsk8GxGd{-uG5No-|CcZCWNG>@zW=!S-~9g@`+xZg7WOXo|8nhQ
zX)I~yV(RqI+5cGouLb`9GyX@5hyFk5`oGfm-?jNK^j~rKpm^y2ccJ;9;6<sD0RY(Z
zB}D{PJOHnKA$?GfJ72HN`PYSo{=Oo-h^n!6sMUJeLfhKcuC}S$*GGlTwyqhYiZ%h#
z)w(sduhJQ`TUWbwi_jKOG(i}W8we42%Q>}iHv9gb<}woo0xT50e){6m_vd7Ko^GG4
z=b!qT?R7jJ^MK3=@BL55hYj*Jzj_UQgW42gR3|losclnRTv^Q-?G52ScR{;cdl>TW
zqA`HIeB{HKj?h38koEI3DRc;s`Flj6Z{dCpoqKJQ94Z8a?gf!Dk38F~^wo2`x?weL
z8R?ODu9#%V%s@#gg&AaGicv*QaL1^Ol!S{kzSdoHrY3#+br@HQT&$emdPK`pZ-~IA
z=4jEY@~qIf;Cr=<@~e*f<4MJX9zV<h1YC;XIGF4mhSkO0SZXrSxL!Iw?wCXeYNBiL
z>gBgYbQ;H&gtJ!XtONJMk$7md7noBrM=3VVzS~cI>%Iq7IkB0Nd#vbO1Uc7jdOq+v
zKg!e}!T95jIK)9@!UeC@(d1P^<3;B@S)?90p10{RpCNa;lX7~|M{_ZjQjqYj6rJ~$
zTJHa{JhDIcfRWEL@$Neh!!&c=D6wQA3xl8CqV4_Kd0H08y(;aj7T>L~(m}2pc3)H(
z>fd@kxFDX(IFH{gXz;VqT3{PT?bkOZiz9f7EY*IBR$DV!>`YbY-vW0a^ch?N4who`
z^tZL*lw<$$GRr<o+40R=#eHyzb=T!)mSUUP(C&Ok6rH#C)LWjN?Zdo&i~p-h)m8p?
z)1JG}`8=x^eGZ}*y=Ak^1qE^RcNa83BC<jgwOee4a`U4WvJ~8@d)Q=*`ZE|g--@5(
z)I5##biJ%}uGg^|>qFL~>ZftJmEpbd+c?+TIqxsB!`wNCvFfaT+0Rf@nd)-ypWeRl
z&R`gElb4S7e&_p9C2(&C3Y)X2$x?CpCC>Sjf&+ic@kPW~7)i=#iS=<^bXFwr%WQ0Y
zWtrLuK-sQ^dtm<g-^e<1)#a{@q{YI@c|VFJS0y&E+1jsyjJZmTG{1^c+Ak?#@j+fU
z*bc;~+}v^mhGFmTJIrJ6db6(Syib4i5MxLEEg%Spk``e?OR2HgwW*x?@9*x1HD&-r
z1|gm$(xqwm`ICdPr@`RiokDMPo-XsOqd3&C?P2@l+P~S{w=@13&z$GxKk?SkFXP*v
zjFO$<{ALq8zwPa}c&~u0*!qq>J)`7Lxun8w=)(Kzp&l8)BuyUHUhjq2syo%U8X(36
z)60B@$GI%Cr+)A2GkRbGOyr+k4%nE?t1Td`ygrQ-nfQJF-hQ+R#@U^On=HAFW}g7e
zm<xO!4qIYy%REHR0Ue(E6Y!^BC2Z;lLC)Mrd7&VQl*gZaJ}NWQ@~5!8!rWwH9{NRW
znE3g7K(|?3{yqYQA79gJa?y^3x=`p;Qdz(s*Qu9Tcv-4DckNZ9Ut>g7;qIN(Bcz_H
zo~q81uE^AvVs`ZV_=X7X5#{xJzb)7E3^(QC6I#+oT|I``Q*#V{7iqH*3vq2MgQ(y6
z@pkzbv{0H;b&WZLwX%+ut)uW$hjD{Tb<K#Z^7%chO>hPv%vm$o2b>QB)6n5IxIn}M
zD`r=iS5kD5<S~PElO3&!r<=zBzZ-eCW$X(fpLgP7!(E`Fl33PjKzxw>BqpNP{ye>3
z1*gHI!@EUp$oSi81)VXbn0DV@oS4&H4NV`Pw`noonYMnf&+7~cv+o3T$Y{i|zwhZO
zG5HT8`$I)h8#3NPS|0gQRoj`H$r6ApnV=^zT;)FVJ?|nA6lzjG{@<tJWOCJCM{eb?
z+(y2CX!AHx#k-#1R=Ck{$L?gbA0<~*`K!O@HBG_$Im=zfZP)ld3)e6Yho*p?%~J6?
z2K)FPxpMhhb~Foh*=UsR9B+K<#K8%Ysp9nbJ8OJzQTh4ow8ba^a$TLQ(zP5M&pcln
zrp{P_^I3j;RZPcyhpCa><EYm9`MOy6TC8(WfN%_&yx7uVD-=`3!(!>HJ5w(vsc-F2
zW-4laUusyz$(MM;47dnIigg;w_Q^y2TWapBv+~QWsg}nS-<tC{Tn1}YKkH4{KOpuX
z<K4eZAExG_E8~I5SAUtmo@7l74N+RK)%!dRWF|hEclUnYKHwLz*M%QS2<DX})bC_0
zwUw!??Rck5ca!ft!tXP-mw{!>D);b->0ILI?ER@{dD@&Ff&7qTyXv~Ix}u;E5+9Dv
zr>0xmpp3@4UHXpI<m9)FZLx>E*J9zSVjgTk<HQt>l+)Euv%!ALPBnabjl{&1^ig&!
zg$G8Q?eg^8&Wg@aS<(F)BK)!EArwupaois5`a?`&s;7z258rlC!#e`c>X{GD+E(p&
z=N2rZl%Ukvzg<Tj(^y-Jj-jwR?Ux;bp2OAJzP<j+(^CIpPETnYp98C7Zv0Vo^z|^+
zDSiwhr?tL|r?nnQu3|M(6%TFxP(I;gR%cq^IFfXo5w$*G*KPcm=w-&Q$2^ER#v!NS
z_d5@HI9ywBjlWl(=W2I3ZFQ#J#U0xyzsTv+9Y;Y&PixiZ`|78$))75?Q2Fdb^jZ@j
zmz%o@|5H+s;5eOKC+X2tzc9RjJIrRvSlVF+xQ6<|!FVKTZq3Oy9uXxWYVP&X&ZQ!k
z>^kj$T?Ubqo)knxCL)Q%p{(RG+;mWe$BIgQ0Gkp+VekLhWy%ka;0|QfrblQJ@Im)(
z`gtcgA5!1>nEG9}91}NeIr}!*m#P=v#GSSOLr-V`=Xu*#7>>Dul)k|6Nb5NM{k<yf
zW2|<+bop)L;{X-Q?0?1O=5kzi3maXm&M?=)8M5-~(e?iF=uLcUClQhyPONnIQyK5W
zlhYCAs1`rw+s(l(q?A0SV@b-R!$6PjZ??@fX8@-O^|w4XYKR!%<ZqNb9Sdsd$Yx=t
zATM2~t7;0(5GlMSu>+P#`XqFYNmkD|3rW76LtaK@W?)OS+p%x0)lkwkpN$I!Oa;91
zzb*H|c%zAJ@OACg-4b5j(`8ylC2?4?or4wcTQ<<^N=jaPHvAhrg1@Ni&oGEX#yQKJ
z761~_@~G$!QtZjcIo}fmw)-~Fmbl_(OePZj9LA$cGwp^DIY;hIa}eWX$PQ8$+excY
zKLayEk^7#Jn|)2}p2{>IzTBvnx;hO(h@c>@=rlHY=r^Y}s&Fl4%VE25wV$VSQ8gxa
z;V4sn$XK&d6NXA`xXw8CyS(V{Nn($>v!g2b9x0v?=03%Vj|Rd#$(!duW;>1C06r?R
z>;X_d3U3b*1bcsjyX2g#h^xpTNXum&|5xe>+~riPJ8W;Pq9Z-uLPeA<=qFbV1$x%j
z9N6_w@&QYCmG$=)sQmTZhL5=6v?(=QneMA9bECtNM5}ju-6P&NVwGmIzd$hGTfn5V
znc9=U{wnx5p5e)-FmF3@*GK-z5e&|dw(?^;Lsg{bm$U9V4*7jzco(s;jOlf5F_jfG
z29ph^^{nrS#MpvyH}txXz}Rxr^Lmb{+%kgqibr|^iisSmh#WYp@R&o9sRI%rpub8v
z6i_+>;Q&Lx?jKXmqU<oFx0eakSad{37S(xkk)x>WZk{kKv&R|zwMR|^k${6z-)J&i
zS;9k=A>z`_(rAy%ps2%NuI{ft#d^v{f-~&5xOg{_F(~0BPm?8!Wr)PoT7KL=qc1R8
z!=KRNtCC#5DCxxBLxVHY>s=k;6B&(^Gj$x7_VeJ5S;BL1VhwiFwkShj9q&h@I>O`O
zpHfZw4p}I5HeO2%!0<1(f3$PBxX5G`BQo>2%H>+YUeR4R*8oBS0rZ9xhmatJz(!K$
zsNa$u!p*0`C<I1)5wBem0;nFtE?gb65L>>3qpuTR#lIY;m@x(&L?6BRSa4dXk`8qN
z%w^7K&QlHtrrxj}7ku>x1&m!$0jytvf#jaV^HB_hS<*)BwbQzHk9w4!4o_AOrk>AP
z&HxDehHMs-aw>h&WrJ8{=&JE&W}MU<U-FX?jFbiUudJPD)d!I-^jcPxfV39xs#e!>
z_r+A$zNF^n`dA7ak5vl`A&bO{^tMjfcNq&zwI~0$(U}HfNOesbddCyEQ)O}y=iNZG
z8axn%!%}9h(G{wxKJIN7TZCC<@?cJzQ*2iz%h+ovzw(!<Gql;Lk$rDmxk8JvF_zAM
z00M4*$osW;HSi+aqlQ;u5Smm@Cgh|sc7)~Mw^!fvEUC7V{KaA6wtpfMAtRb>A2gB%
z8qdNRK7@&GwSN|v_)1Ain~9t3A>HO-HSu(xJ7wu_z1`*OqyI*5#cbhnOh=gbc5CWw
zo^vVX6?avIUl$lUhm<N60in|JCb!SbwJA#RGk7-tB>WocAo3;NQ#n|Ud4H5F+)SB@
zh7?dICE}0<Ok@m#%%nLIM$3L2kC-@s-`@8&y?u4!T97l4>Q6@m%||yeOs_&{3sMAw
z_qVk*7uh^{_BOl4@A-19s@BVCwL9&#)GvE1GgwF{q4=rJTd?$g;N^(Z%F*&7D5=~a
zJ18NIIo!G#)X}1e1y8lnU?UgO1+Q(0N-0sI5=^+)xjfvIdUG4Y6_F&D7t<u9_#PoP
zgvenycT`$eac>)%z!T0ADdC_vqjtCeYr4UiO9q7%Yx*OslgC7t{E7isbU4I{e;o63
ze=jXoZ<WvAR%9n=X!>btOtpLu7j)gH%DcDV%d;WJ=P0Ywq(^i(l+5#zfzn)n@9Pe)
zxy}~3p^y{T${GqYoSwa819tky)p1J5<W=r*$rw=8*p|SmiJlm4jm&ansbY8eRG@%@
zjueTh*^?9V_HTptLV|fk9aYLfoZXe|bDYl<WyTsMW~5wGmO<cCC&Ebu@4zHtKQX}_
zlq;PaqHH)l^Ulcos}gSHG-T<xZ|F2XCOGplqcJYyRIE2oTgL*1a&6T2j?{#ub#YzL
zE;+BIy$GnE_zRWo;~CTS;N^{fJwAGt`DJd(ftfKkKS4)jA+lqAmCELYY4BQTY}{Hb
zPT(u_R_?OSEYCn5N{+5bG`lEc^hNdADNQN3kVYRe*TBytdmxZ1N|@3wZTtPk)_7Yi
z6X@e~BSnR3L~4U$W*$L;<JPgf-(o)pD2!XYKxBBpqlHG&zth$s#e9yC=Wu}}nT3G4
z^bU_laeZibzr+h%puJW<!_-&XhSR1uT<J%n?$*GSZXr>{11+VC<h84LOeIWz>Z}t=
z>4-cVx-!fpC?F-yB?Z+cN{&%tS@!Qm;&3J?_xSp=p5Sv>BvVRUi+WHaco1?kv$&kb
z3k802xhc?MXT=yA<qa3P<TvaxwI9OY0ijKmRZ`ooKr|k5=F<66h@G3=PkZ^0l98AS
z@};w|I%nh@yVyEIbnEY+8y41w{Lh=Y-+)Qeq*02;eR~nteXo(e?jxGZbfqkWK(0!V
z%?wvDp6|p4u_0L|kGvY%bt``!lmi)V01M=Sz|bBo=l1?VywH_I3#LZ8#019g``o2s
zuN}3e%f6969I$>BmQGC>C<Y^mT1`4c=2K}Xr!gWyOT%>rV#~MwPCA;G`F*-t7sR|v
zs7jg!*(+sK<{~tsaU{u=vh(mqYcx0w+sKGN%!$cq3w1F46P`@7EkGz|$SiS=5yE$K
z-#c-<h)Gs}?5hm>soF_8doEHDH}+VuxwqH4I36J@`-QpQDQp;#B0q2!AVN0MvD=%b
z&~)jgS#8MM?qGuc%E_RD4F}`(^HrbJv8NQuY;2#7Crut;JV>k>Yb_7K`nGp4+X#;D
z&><Y<f%Nw*Y^=<hPDTJ-A`sv&tO#Z!9I~(GU(;acZB>M+tmiZ(M$}$rJP>&k<AT#0
zV_o&x^A{F;T|3VKZxQPiel%9W{UbMr;t0M`v}i0@{qm*cLP{vJk3!Is_R0a_VN4_@
zoxx@%%63lx&|`xdO@IdSgZ083M&t0~%YP>tC^<&(MotJ=q?astoY+1TDiAY*r3Gw&
z<YEi8PfCe^U;gR}Bc#@aPr}|?0LQbN*VXBwxxsr$qV_gb3|_V*F035GkdLG|skF9)
z@H5CBH2+L&Y@}hx(Plh_($>WR<8J3W|7dOawn%58^$nKZ-*T=ohyxw%YXR9iJK+ye
z{!4TbQN)iI5%vxXh8euD*R@W{`@rgFIm_(Z^UvO2)_k7#`#|0{oe>}P+D0AXRfU9k
zFbqZO2wsTsS-M(30?PL>;!fC0qRQ=dBd8uiW0A?_9V6bZX%{uXn}UvIo@^m{?PlMT
zm?`<43U_#qBGq(`H@ULuWs#=k53LH)lHeK<SO+NsJw;Dp&dcd7K<@%L&IlRw9OS{m
zD~=?7GoN)wGFCUbOZU6O((`#G-psSTE&$F!Fmo2=T;qg4@8?qR0I1xx9(9o>>;Mp|
zF+x)mrc<r#CVWLsfz&Ts`Vh%WXqdBFzIE!ynWAEYZ7NSG)KvAqn$`A4#fn$>orMV!
z;ZLwU4X%i)_u{H_yz6)1T0=e&qjf_vHal24n0;n0riU9vQLC}6i)XU2b%E)Sj!Soj
z+K7lIf~G2?%R1_7%()2WN`H{IC`k=^M2=%b52-H78Fdq**t&T-Ki4rReY5dlZ-c8k
zOno#jdsTK#ALgnQ1Yk39-Xsxb;?MJpM;HGSMF<Bj$*5QI?TA3wETN7oYv^7w@ES=N
zxlbnaAeRjgor$;}zs7REop?)IDj6ZKl8T$nRm9Za&jo>>S1y;ygvlKsO-ljDYh_6^
z9L!~a+=fyF`=i5zgf38K#741=l2(;<@L#_5pHKMo*mVIxDRQXkFI){CW}$iz#L_Qa
zbFsOv3T|Vy@ckwPdS;R(1jK@n8j>gBtaYm^mwA6FUc?xP^$Q_9#YJLgM7}!$YmlV!
zCd-8Z4sJqbd>!dTsKLb-H!o(q`RbOiE1;aSJ};eQmi9C-$iEEt_?_7r`4{2yQt{*n
zLMrJ^Sub0NTjQ0DShGpC?-`tFlYWt>!eli*gDSs+WCYV$9}5Qt>GR_|LnTeb(?~)e
zYO~j!12K+WHd;hR$~}Y<G5I3UWqe{wA_BO)t~Q|>MdE)%BIN}@iQGn=@dim<#xAx3
z?{IDMij?t9zTOfA+d=XxfF0zq!sOdMC;$~j?~;Vxq40D|A_E@!(1Os`hng%0pcq78
z3&PQQ?Z%ApV`Vi}$oE3q;vj$oulId%PSLph&t_65CfSpDZjn2Vs%HvGIT}eIw3g4K
zc>x=V1Go%LXVat9aBxIsNrk^V0T)KQhDLH=R#9DU#Oh$ji0OL-pGV)szyEF5xeTA{
zVd*c{hwZFouwF!j-Kfwnd>H^l%X#^J*SrW6B!CuxOg#+Ni^;UEfhL=Z>4?^;w9Hpb
zNws-%cV6j~Guuv^XJ#kxF4HFzbyAL|#;dGVI4+$8TP%1S^1Nk_E#{=6UIEEa&!md7
z5G#{P<ASem?-ka2E6XlFl2Yr56j`bF?7$PvAl8E=;&5>#ZFPI5X+_%OTawqFU3niP
zg?mTh@UUhd;R()JLkLPbCgClEdC07!zJ#r_jLH17D8=&J-&vhA_8FE?rwfPpPu8Df
zcvZJEyF*}XForJG<geAZI%5tBsd807>?6sxR7HFso0%<B$H-d*h39ec=%(;FhuZ8_
z{avm;dL^Dy18?_;pJ?U!P2Q2G5YSJh9ci_|@JgVhcv}5>RtrAR$pCpa7zXkHhssf8
zY<l$kEEt3%2o1u(O@y#0r$8`-+btQ}%&7Iqs&@4m5^fiL1^u(B?x5RSwPLXGD_^}q
z5+7n+aT9~!o7;WSXIqXG>+h2MBqrS{usmhDVS68kCHU>Ut@q%V;f~dbH^p~V6#kh(
zK23FMs-aab8;n~?jHs*z&bij?=idOyYu{;5bp^Ns%A%lvvgiUHMC2YxwBb8_-skdf
z-5fWan|9HL7$42hiU^r|g>=oCE9m?>q-ueKdcPeOjR#6&WBY$PJ+6L}!nnjC3MI&d
zvIZJp8pBZ!8(kD7;6phGM<RkPViy3ypA(6xuD%HU9W+Eenh7Y<p`v_v(H@@yxy4Bc
zc{3n+-o;^&iF>+55{xKAa)Pv8e4dP>Yf#E~eI6P}y^qa=8-;IahT$PiQN2H>!%~fn
zZfBl4{KauGnQ)-?kI`n2S~Ezbuu8;lVJsb?Oqg{{cnD}Pqyf#cF~S*nMS3SvN{E*v
zJ^tQ+KBMppIf=|M4*SO=4I9xQBZZkCy4ioM&j)G%ZeogfYD5L;pdr454_I^7f3lf0
zI|}nM>gNO%Qat#lFQ^^G>?`N{s+E~Lya*CmE*g`)AbyBzS^dSZR+clRhi*koV%nEk
z-z6b4V%%Y}n-iTGd+9-hUw|5;!edlsf1d5Wz4ILzBeatAJn)<F&5+DRLPWz0$>~al
zzJ@b$M+U<>5KjQkI(Jvc`+(fcHMYei`P0~*6qRCTO}oqPn+J0S>w(QM18J+URerv*
zDPdmIOao~>Vuq;(m<$guWPP%o^#@)L5z0|iosg*Uy8!2TBL7KaS;doZ(<+xcBTE6s
zVe#KF91Q8B)kq80SK#mr(skrw-QeHI*aVa>t<6`1U7_;?A3*<s2cJ#LsMvzQD0E0T
zu`AK4?t&h><&MP-Y>WP!x<_BL>IrKYLW1=jz$iBtVE-N&JtBHDT+8{X@*f$V#^j|h
zhMWCoPWdlV0K88?%~>jX$PkbMkb^{!Rm*bT*@9kGWP*ULlsyK7j=+wfb%Ifu=w&w3
z?OR#{UQ1bmV9L_Z+q@qa<DD_nL--4)hyKw3B$m*p!WvjVmmSq2z*MYq93R*H6$5Lk
za&mlZ!es#D<?ymmmYu&6@nss8yL3NuUhJ3jW5He+h)o#t2#ZvvTeyi$c80GAI^M2^
zYT*W%iftkQ5kI+F5GEOL?1?%?cY354rz42VHzt?IM}3dViYpB)ryp|uV*<+IbE5_<
z&}eXo!4Qy<na+xL2rOi>1&;{*8cbDL?KFX-;YK6}3=a1w&^9%$Q=07JGM8jsr_9e%
z8{LvoQgph(4&+)rzgin>DzfLaRlyo&UfH>?56MChYptF^t~LRaQ4O``LeBe7(3<#p
z^^CQ5#M!s-ZChTK%}y!oeWrJgXez_LY+*y1j-N9xZ(f<u@L^>nb224t33KTq1g+ZY
zx+~aV-C-Kw!g)|L$6Oa-47C880TB@aqZ}at9&%7&jR6M12{F!?(r7g#!eE7FkKf5J
zjo6n2(+WsPN{ll5|BfMl<F?#K(%O!Z>~Tsi-KZU$7qjak{tg5=+l+V2AqANal+3A;
z&?qj(-063OU@hzcSoOTaR%JI-{_5M?d2@-JUW)rx|4qh&0IR`hjuJE3xB~FMrF}pU
zQ14|Tu|&Z3V1Yfyl(BGZn;7~$WqGlL9<3?3drdJ>c`tglMxj54YeKN#E3yz$UMtRV
z%jnxG2o(Sfc5r#&po1`NUwPkMc7Mn^To*+(<hh4TB*qG}>u3^-ue8Y&wRNMP^KlqI
z=y@emwUZ4Ge0(O!TPm&kJcUcxE%=OkoSpN2=e$QLsk!^3jX=QsJ~Dl@cY)+j3flwM
zMdWfXTw}Xvsyh>W4niGEs9-NkIFiKQP&gH0O|Oi2cP0q?nV$RLtRZav+q<S$ITii~
zx715<P*<pAUvvT5nmturCdDSnhSNOsj|~C@2_Kd;$jluzi;GUd7A8o!#y%}mD5*^=
z1|AXAE2#=ENTMSbmClc9(ZS_>nyFKNL2MUZw%&3@`r@VXk;Mg6sW7W*eZPP-TxY}w
zYQOGi7j=~*E&Owtmfk8l5NdRYkvcb9hE>sM63U2>h8B_a?sqr`2-XPN&lzaGKT3B#
zklSlpc@8u6OxVXxQV;g_eHTB(Us;sK(7=F6Np9ovryJ)`kTzA9%tw-KuFy!LsJDZY
z(!W{(SG&P6S-R0+ZApElfPn}{cG_q=6JdRfeKM}$kANO2Ao)Fc;Y{qtW8~i{f0<Rn
zAt-}Ux%p@1<wF?gH0ga?T6W=r*VMfb`$dcP(<|uT0V0mfpn|xg(}1-Mqo)Wvh$dcc
zfH}tn1XR0VHky)=<Z~CtAT&Zpb0Z#oABC;I+aMb7AC~2|ts45?D=RMNy21TuiShj6
z!*7EZlobEi+42ulW*!G&1cQznJIAE^=HAPt8}j8~U4Sq|awth4%8C+85bP5rD+O|7
zbg8HGomd|-j}2oS0f~L;-VUD`ZY{_z=h}JlA_~=>S%V|!?pnU`6X3;OM?ek1;^+kx
zYD+ONzyLPOaKDR*^K_WsYi>P~=<dh9_5@N_m4k33lQ1i3c9hsfCh=TlcvDR;J18Z{
zoky%*?JENm%rbaWryq(PvH8y1wq&C1fGf-y*u65HSXM!hHlZdb`Wzv37&J8=?HSqI
zGHQy6)ND@=vk4AiFP>S#>OHxdY$u7zzGN$dLD2nb6gEHaZ%a4*%51r^ZSTYQQVC^P
z?8zF9e~s*1ZV7cbSClX;1fiN59ZnP<g7}H!!VVp1QsUk{JDgWb5p_ZXsxPQv%(1*A
z(kL6zV5IigV1|)N=a5^ByRRy;L88gQ-+q;v(1CFMnOp@;1RX(WSK4%CkE;pGe77Ez
z4P#6B;@1?Q*T^zDqRctFfl0URGoP5ZgpGS#W95NBV;T<2jl5Ft3Y=v}z|cg`k(cjS
zB$AECrJ96VU`>d84wDOI?OuNrzwm@)3<tfcu>Fwg>poxk?d(09P_^F4MnezJWL;*c
z9HnU&Rn$R@v=*<Jl4LJs5QMnms&m?3f)w-wYh!=6=0zhEpxQ6QltM^DGp>RzE9|_o
zo>%GpT=c)YUGz|WTB;3j9*MVtf5Ja|9jmrG%<e?k9>L?95oZcZ4Y@a$n9MGM5R~Q;
zBmei!0-Xuk1LV$A6UsrUq0{mi{Pmd5G)GcqsTZMK$%jBh9ta5eK!F%AM?+C?cU#Og
zl$iZ`=w}w#MGl{i0cP#)^%nbyOIWIXf_0m}^GO7PLB89Ucv{=OW+9x1(R(&Ly}!$0
zLr`W8;BslW)pj+2fsRR3wz_l>p)TJ#GAxW?@Y5w1cjxDed^M-EhY0@I6`3ljjq*wX
zgfL`4ln*#=hM1GgtgKZdc^C7?WZK$Jxf;n3lK_0qX%dOPQ<rn)c@ee>1xFz`V`PH$
z-t|*^yFKtA>9PtkA_7muI9tnvwUC;Q{ei9Wh6SS$P=Xn`xCoILgGO=>F+B~%CRl`Z
zTjuN)2=i~(D6X2s-?FG!7;BgF`@)>{tsZosp!C*nl%`W!UM*CufDoY)zS69vZgSVi
zuXcnI9YNJmiN3l6Azs8Bt4ka&1%@`Obs`dJ&nRfG@HXu4RsGOhPBQ++j37nj3jrKN
zsf-g(^fm`W**B+C(xV(GHiCx$LOG-ez}f`UWeqG6lrJQ*3W@fC1tI+hY=h|lUl_u{
z?wN@5(dgey^|9V>Joz_p)v=|pTB}FcDjurmZhk^j)TuNa1=>mU*Uo-smR@7P*<+Iv
z>OSAx0b%OeNU@t*1pP%U3x8a{z{>8%YA87aX@TCN(aR%?@g=%q&#%GI9Vf8>78Q5W
z9HFtAs8~Ebhx&98L$+Da8apL{RXt_z+`4F?6{hp(>bkBa)#Qv$$<!3Uz_<I|KfQL8
z?Jn!q=aC3#dSTAZBfnuNasBAB_zVrJ{QKrL<U{Bt(%>_HwS`n_F`JKPt*XNJZst7~
z&FA&{d~wi%))Ht7%SOJH2^ZV89l8O?A>}$FafJYa&z%EcrSM;3j@eY1g{8FuK~#)E
zR*lKiBStzrypy8CRePjS)eU*8Bsl`J&`XkbRuSgc;F%WMj{mC2*xuLE_cB3^_<?+)
zACrtqtHMZzz_68{qr(>Z*X$endrv3hwSJcw^f>B#+`}Heq?T+q+DrcO%Gf6Y$rBDo
z{^i=wj$ph3<7KyHKp0Ho8S!{xI9J&|e&?P&0Wpc!@%ybds`JK)IX&HhkG*P6T~Rh!
zi1<SoVyGxxW2er`45~l)HA#&%)lRpEzI0tsxNRM!1*ggF5{rAMgUY5+&V7rfLl<^R
zhaZq#WU=oJaMMq02dY5uiV86p*Hvoe0S$5+&|&g7^{=-IfQ2gIpA9t(+g_nDMAx8V
zojZ32d}dFB%VBE0w);Fv@f_9-ak%dDNG;_jL`M#%urxFD7-=FTwFJXXjs;X(&(}Uc
z&quU`;?>>+Qjj3?RfI?j0#h?n-$Fz_8L#~g;xHG&Yi<)gFjRFs*YvL&UagLAyYxb)
zL|IqjDWiUS`PUie_OSy%-XD^cXHv<ytlTJsF;cXCd&=ML!D=IDWV-npHvO9-#cHjK
z*X>-@K1WMDTP;>MK+yQqkU?DJFMaB|tq+M6A#T9#3%ws!li;2N2U8#H+ieR8vjo$t
z0o1b5dm`1KYRQlI!(_DBJ3{URB@9s)X;;gxlSY^AQcSLqfW!n=<|tg}NcUS8=&_IM
zSCp#~QRadL#?;ekO)wMoVZy;aaY9M46SfeNptcld`YRHXC;zq`?fk@gCIQ|MJ<9rB
zwVoc%-md`xS$q68)AhgoiG{*lu0zP-V(w6jI3IfHb&tcAMY_L<$fCO|ae25+Tpt;A
z9vCS1LJP|H+sVDyuM;+4lDWM(Q3w~po)Q`^{MTm(Xmtk0*?WzPqccsArmo^{G?;ft
zpHRZAL249H2CRR8lId;>4kH24i!Myft=a3(*-7(F{12ldxU2K=tsg2}`#Vg^*js)T
z%AHK)bv+yyFt=MQ*r2VKG|Xu!IrFT>;rHRB!vV1|D*tF#@IqoP$IaMavZD@**g^jp
zS`q`=QRGR>4?#9}mW;5{2t3DSI^TXHZao=Et2mXda@~PCOK7TV*-BbV2O!nf@?Qlm
z!r`<;Ds6-Fuev{}xayq`->ad<+Q#PjI1#Ry72X>|;O4%Rzl9+D0;<kVf5?ua(oQe$
z<bfv$F%}!C*_EUCHkpqr{gMkq*#p!h4WHPF1R{Wx{vk8-!F<@J68miz@|n(1eY6j2
zc<Tm2OsON)^SBENY@MsR$VCQX;nb2t3KV{S)_$v0Hq^qu9Dx}ndnp2Jc+P-4MW75%
z3=$Te&@yT(Z60ux&pnHghXI&19TOobjvn3BdX%~w4fP4PU3F_NQlj8>DS@bugUnuk
zyTh-7sHey}>l}<_KDr<>Gj37VMN}#&U|)u$&Mpgq{iSC>4BxV#tEk@HR_P>|>xh;o
z%;U-_eTqZ4Kxs0)s!N&yzo*-lVNUR@M0JL)N_f9Kc;0HMYPW?$Oi~I4$Qs52RlDfi
ztK!~;?!!9Zu7a4rIpBAHte2(YZJU{y)W!_X6cJ7?GNJ!m0@Z5l*F$AW5G+KRiqsN#
z@)xq)?L3iN`;6qKQy6{XKCH`;J`bg`p=Df=8|DffL1m^O3Au8;!t3@4h9?tGjCX){
z$3|WUphwlBf9O^7-I8B^%A%EyzB3F#K=?v12wWSw?{cO#mkGp<;3%3P_8WB>tBW3I
zG6_B2V{XU|WtlP8yr{+B%5F`JKq{(}FPhRDmW<0*w!|0YEZI_M0>A2Am07kw<^?PF
z^g+ICA5mK*I?o%b{6uCH;XxcqA~p4J?(cC_k<Uau>RG_pOgl-(svY-VCWMNq0vfN9
zFx&K}saOn_0tD!>l^z3~l^+96p6FrqbNyaMtR8NMr@Zy~wjYb?m8~<pW%+bIZ6BBu
zOOvSI5+r^MV9j#Ckc}asp{6RM@BXT+Rd=4h-+(9?<eDhpe70(JJzR`@N`=D4gj@3h
zlX3Cf8l*^qZt)O;CGk<c;!Ff(wiVsBO;XPkR3kyZ^)T5z*prtWS9?~pZ*WxN7s)rL
z1Hk||+W0fQb5WC7UvYC4&AUJnWX5go+v0KIU5G%=n~%1M>h394dbq#cX#9GsvGMEp
zB0yQ<%HI#gIZ$7=lTQH#I>=@IsLtt4gc9cXu|L=H@SR+&HpU9M@X6YP!xi^BNpvVC
z;lCk_)JQ*+%>@)AL0^!rAV(#_76KzIH;^eNGoFI@-3U^@fHi+KjBelK{RX}qs^_$w
z{V`TtJhHA(d5W)!`E9E7vV#Nq@s&7-ZY34OzVLl-D!VJy5!@d)+<bJ{c-%_b2X3n<
z;Vw_aQpF|B$t`3Nuw3LY245HPGjVy(hoP?Bj@!p=&9p7nbl<D!-#-otTxMHz2z#We
z%ZLi;UWL$MbK10}uYfHzR)(%=mV%p66*V<rOB(zm^W2+yFb*GMaTuf@)xon1f@Frt
z2U0!o=CKY2wed&bF5+%;C@xN9x&ZVItCtw$0@^cTf^2XBNa+qkg7i=%AI<ieJT`n=
z&BI>h{L5gis7NhsC!{^T@uvmOeeWcw<;+>N9Yz*L6L~u*CWlgI>(7?hbW3kUguJdI
zf5l|FKgfbCU4@%ZyO-taW6Y)n<96=U4&DQctFJJGE173j)Ub?C(F>69U0o1&qs90^
z%_{>xe^*Ph)clh^NxQ4fMmLEq+h{?X-=gC(Qb{hjR8M*`vk;D;4Nu|204bkr-xkxc
zFeB%}K(yY`BZOYYSTZu2dnVaLF{{2C0UTX{jHUyiDO@79@GhDF5`^bR2*6236LDdX
zD1t@pHq<4+mZJC6o2VP%dVk9%#ruL}j9VX)#90655AZh@g<=j4x7TcETJ}pHRkYAH
z?oMJcJ|`aw*34Ttj>3nxRu*+t`Uyk6jnMnTWl_-QE^wA3dN0{**|jC4o3`Yx+-Dqu
z!(_x^t%ojk^&F<xMbv5w?W>6k0xOCd+c9=pC-AM^Cv(kF1w5Mh3R>z4KlXXPfAu25
zr?_Cp{R5STC>*F>#0zYg2H^*DU*Wq!w-}%TLBN&58(xW#EB!+~YR^{;2O>*x1U!@k
zOao2eEEuC!vSBp8K#mX-%1-&30t8@<Kr%9SB-q1if=*y8@?;R=!9~QX_uJb6ZnTr1
z_;tog1jhPN)5TyF!`-t-n?K4LB5i%=a6gHAtZOKFu(zzG<)&Ifn}ym6ZNE$cM&91$
zeqlVDvi}E!dG|4X+vN`6=J`i+njY#tWiaAup}2`~1%~QEn<11_K;>+jH}kLyiDOGQ
z$!W&!)fdu(p*wD}jkQ!-k3H7WD%DPB_>vR5%-f11zG(RQ_N)7X-)_>3{m0M-Of_XA
z9#SY<FNa19*FzhNsQA(J;^ffC<{8veFo*<@<(qMi;1=M(Fz~n?u2ONNwZixh18I{%
zf<U=;QYkhTLli7|-lJoZbhLPCTpM}NMqVQfCP2+BrjOGU@^dKeVnS@u6~1YURmxmb
zTAuv=b4fL4PqF^jo;oDvl`h5^=L@K<Po<HJ=b`U-381*gx-V<1IZ<A&&qscrBZMZ7
z#y}3Lc+|x=D0kxg9Ho^}v6a|#9L>}Za&{UYQP>@~Z%&QnmAlMGjh><A<{rrHw+32P
zPg%FX(c#4lkox#m)uuD?%+oA@ATu=7dZKBoe&qdNX%#gGatwf-U<YaC;V3{xCWz?-
z1`xX<Ukj7!lLj{y;`+b_aW+&DL^nuNDPXi6Hy~eO+hp0tbdSk)mH(FZ6J(adi<mm2
zxRJ}$Lm1@s%}jd|9wl}kYWRfK%D(6nkJYIIYcBVPi{Gf$yxM+Kr~~({l*!xU@#;ih
zB{r~eH`6x1KQ2%-1T?<#&V6nM{T&Ytjsn?0iVC}l=Ki16B)^$zQZ=%p!9Zben@_%l
zpPIy*e%72nMoshAsKxi!J8ctNx`kU1&1Mu5CjPnMl9`RD&*&F9mu9keGqMzU3kEP_
zs4bnM&Oo6t$qr)bH3@oxJxGQwDn-2BkEn0VhmsGA?A|SB_CXgryS={yGhnNMHQXNa
zqZ45yCNrWpw#nRwwJ!xZp#ZHHiJ<B1t3RpR(M&%_1OW4+dHEml)b<^U=v(mFH+u}o
zIkrT=Q`UIdea;Ja@ZB5Dk$m6s@KoH^ughz`Vk#~w8gF^2II)#ko6?y~IR)ZBd#al^
z>zy`#1dEOi622SK>HO>UbGs|LW)J6G$e%dy6L{(*JT}j^!B2X=aQbkvn)bXhvM}N~
zu08gul}Y6A!2tC0j(CX)x_CVD$-xgQ`p?A1RIHv&z#g;k0O{fcMOrD<dKC9t`mu8Q
zJU<VDYIWyFXKV^kK$LTs7|i&T^fA<&b|v3NY=W)hHKn@NHZeCl+#BuTo}D)q-mjW^
zm$FO!OcC`rL~)Ej?0O($MWEM_t-o)^8ydRWOJDL!eYiqgnhC^I+`iD2<m?xV?@eHK
z6_9vvc4nhVQKsMa^O6iOY0V@m#$@-yi<-iyRn<>+X>s?Ckrk&eUnFxkPGI_D+y(B8
zQioMZ!cKyRqpA>yGS{-hsbT1O^Jt-b`bZxvHQ?R==m9c?loH>{2=MI&)ID=}aIx_$
zOw4EdVMRg)^eHHZvVP7219PVWVsZJ_0H&7@@DyJnykexI*Jj`D@)ojjm2>%O*2zH9
zvD1`_y0_m3;_?t+07(MRV<+I@wo%_Ag*9GE^1ok~2t!Ud0eR?d&qXNdyVD46figM7
zfc9K6A*efy6WyJRyZe6U;LUH`YtWAd^fn32dn`Pfff$)g_YF+jUHf{BHSf5*-$_2Y
zIh8`bRG=uk{gZ|*UeAx)z4@m+WNeXLT1!3?Zqa$v(os`^v5o%y2+!Ei0ptiy^gd!c
z*4OVX`GF0$NXDzDo#OzS7Y(}jub3JTcTB)`a`&zw#Zh%zE#G*z`17bt7P0wwgv-_0
z@=7XRPg=TC-ZU34vBabViEjcUQs)sQhOWMc#iifBBPbjkh7(g`JfozvA>WVmRitrF
z#~q^8mEU#2?&dY;o5Fw@ERwGRB(>pCgfno(%(^D(FAv#76^y90^Ob=y{>;Q<gzV*O
z4_;5A`VA+d8i9=9n1|BYw~>*U)F2Y$C6V>;d%40I3pv~iKTd5MeF?r?4cT_*rfu@N
z&+7<7Wq=ME8F}nc!lO#MWBGNBF#GzZ8i|aP$F~XZf`Wp_%*EpM>unxS)Fu~6$D+E0
z`XyTS!!aS$y#k4?ysW?byMhwXIL+JPR8ZwPWGO>se3$U6Xh4nEL$Aon^ww^!hU>IB
zif<~P1tlj~drOzE&Gz%<SR6RKbv-xWkp_dzk|N*<(QEswPiC3YH%cRK7q!ukJ4Gj_
zLgpo9*IZx75R$QuL^X@7XC23|-*>sKeh`#z&BhyzxYFSGW(7YnWd>^lBz6(pLM&SB
z_hPUS51;>E02>A5`obYygPrDt^h*(E;Xj1QO~}%451gEYm}nZ1@$A8>TS6?{&*oxt
zQl#wMmVX{0Y&|J%q4Shq(c3bMR_@9}xICW|0tiltnb->_q-7zGCJzhAgzw<Sx3!R~
zg7-}n>3}RmYvp*XW%!V>8=ZIGopBj;!s0B3fk&pRQ%}cn%RlayaAypq9TL;9GGm;#
zKQ@xH5byO_cxfDtW!S~5op^^3Q3kOQ;V~riha*Gd8;`skVz1YAAMV6CAqzVJXL`mH
zjX&GjIYLOc$x}*mYFT}DLe88fnr$--%b1FN6rajlqbv~?jpJ3rNFgmo;XZpG9R_oX
z=Gd1H+uQJxP|M<v7mutchQ+1@l9zM}uEgk#L*8Z%Shs1%l^>n$hq2XsX!oYP!lDAz
zFn<wo4Zb*mj|ad_u(KwixXH_>%ohrkletbhkM>M>tpj;kW;J&CkBUY|j2Fz!8lS#?
zUwi2mZtO$!J_vf9#FgFVKUb%p8$$4ZN9Be&<xxWtuEV#f`e}$CNihH(Oiz<q2C~|a
zLQ9S~q=JYO<b$9MoCyKBs*0|y8<4b?Ro&+~>^v;{G!oBWozy*-C4@kYM{0T3)I1Xu
zLNu4yU~-<<wjd<qw4buN<x9=FXPG1^^DLNANnn5+OqUslPm9kYm@bkz^!-7+oQ_^F
zMtIDxz;Nc(wxejheDC7)A2Sg}&h8gb&OJhC(J3x*)<5L2*bMxK9%EfRHxI&X27GES
zOwT;atx#wR9(5d-e4}6)ZTJsdUKd5>g<W_1*gge?Hz;+~IntOHKGVGZXhv2s*Bn0X
z%1F!042RclxIO*rbT0&55@Nc9u55}PRndB(&Lfm>3YR15lA(xl7E;0Ro+FyXk_f*E
z4U}(&Xz*q}X}%>UwXORf$k;|Be9`6eK?pqsA%*;iUUbUbXWq?-#0HNrHP;{t8);Ia
z!7n!*+EOyDi@KTV3FXSXYJBmh3OjQ&?4*k0FXJuQD?~y6!MM=_f4^h<o_U(&f58$n
zp4)ww{~l`Nn9$7or&j>F855Hqtw&CkI40(@G7U*f`UU=I8rOL6-Gx({Sl_N6tUp8s
z#23RE&a|H&LYx`sNS2tLxWK{|-EW<8PHm~A5b5|ZvqH6*?SAh&8vfHlx9qxp=k4BF
zr|*b0Edvn5dQ0N<nu|OyU5oeL5#$6C9c6#gm`=Y_j%2ApPQhHZzkq#8ga216h<lK{
zKw^mgIQk?x)ty}I*b|rkljOAit0LjTvX-AZO(+6OeF$Mx7YcF0go@gCMpZU74ycF~
zP#qzKjy(#TTH+kK$L6Lair(h#(dqm}7ceJ0(R}lW%BVhKb?fb2U?Bu{D+FNYazc5-
zOCwixSYuW<A%O^`H>5a?&ma2;ffRs;u4!FbSdp-1tq5PqdJ=F?L(L&u+^}X7N*kUV
z`Bc&>T3tW4t6v|dKHuzQ2&9lPwX|tb;VR9VP~I|=HA#u4lbiRrrWjiaVMP@!D@U&B
zutrwaO=4}jaZ!&x=P%9xffUfNO?<<6{Kqb{9tpFpVn<J$q34NPgpd@s45?_p7cV!|
z6|Icqu?DB%t`nWlpY?=53Xo$eqHh$gX|~gZK9ddrQc}nrRH=S#WLf7|*hJmLTF;5k
zU!4&G^nZ7pu|Z#N_7GFOSaE$F=X|?!2!ZolaV~&)o|?}E6wi-w9s=hfa2^7mGX(w*
XkYm|1C7i;{00000NkvXXu0mjf5LVNl

literal 0
HcmV?d00001

diff --git a/src/etools_datamart/apps/web/templates/drf-yasg/redoc.html b/src/etools_datamart/apps/web/templates/drf-yasg/redoc.html
index db2f66abd..b015b3d70 100644
--- a/src/etools_datamart/apps/web/templates/drf-yasg/redoc.html
+++ b/src/etools_datamart/apps/web/templates/drf-yasg/redoc.html
@@ -8,7 +8,7 @@
 
     {% block extra_head %}
         {# -- Add any extra HTML heads tags here - except scripts and styles -- #}
-            <link rel="stylesheet" type="text/css" href="{% static 'api-doc.css' %}"/>
+        <link rel="stylesheet" type="text/css" href="{% static 'api-doc.css' %}"/>
 
     {% endblock %}
 
@@ -28,24 +28,37 @@
 
 {% block extra_body %}
     {# -- Add any header/body markup here (rendered BEFORE the swagger-ui/redoc element) -- #}
-{% endblock %}
 
-<div id="redoc-placeholder"></div>
+    <nav ><a href=".">
+    <img src="{% static "logo_100.png" %}" class="sc-1den5ya-3 hcTurM"></a>
+        <span class="title">Datamart Documentation</span>
+    <div class="links">
+        <a href="/">Home</a></li>
+        <a href="{% url "api:api-root" version="latest" %}">API</a>
+        {% if request.user.is_staff %}
+            <a href="{% url "admin:index" %}">Admin</a>
+        {% endif %}
+    </div>
+    </nav>
 
-{% block footer %}
-    {# -- Add any footer markup here (rendered AFTER the swagger-ui/redoc element) -- #}
 {% endblock %}
+    <div id="redoc-placeholder"></div>
 
-<script id="redoc-settings" type="application/json">{{ redoc_settings | safe }}</script>
+    {% block footer %}
+        {# -- Add any footer markup here (rendered AFTER the swagger-ui/redoc element) -- #}
+    {% endblock %}
+
+    <script id="redoc-settings" type="application/json">{{ redoc_settings | safe }}</script>
+
+    {% block main_scripts %}
+        <script src="{% static 'drf-yasg/insQ.min.js' %}"></script>
+        <script src="{% static 'drf-yasg/url-polyfill.min.js' %}"></script>
+        <script src="{% static 'drf-yasg/redoc-init.js' %}"></script>
+        <script src="{% static 'drf-yasg/redoc/redoc.min.js' %}"></script>
+    {% endblock %}
+    {% block extra_scripts %}
+        {# -- Add any additional scripts here -- #}
+    {% endblock %}
 
-{% block main_scripts %}
-    <script src="{% static 'drf-yasg/insQ.min.js' %}"></script>
-    <script src="{% static 'drf-yasg/url-polyfill.min.js' %}"></script>
-    <script src="{% static 'drf-yasg/redoc-init.js' %}"></script>
-    <script src="{% static 'drf-yasg/redoc/redoc.min.js' %}"></script>
-{% endblock %}
-{% block extra_scripts %}
-    {# -- Add any additional scripts here -- #}
-{% endblock %}
 </body>
 </html>

From 8975416be6a634e36a3bd3185f84d0a26a356244 Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Fri, 14 Dec 2018 13:43:21 +0100
Subject: [PATCH 58/86] update version

---
 docker/.bumpversion.cfg         | 2 +-
 docker/Makefile                 | 2 +-
 src/etools_datamart/__init__.py | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/docker/.bumpversion.cfg b/docker/.bumpversion.cfg
index cf394dc9f..95d5b3b88 100644
--- a/docker/.bumpversion.cfg
+++ b/docker/.bumpversion.cfg
@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 1.8a10
+current_version = 1.8a12
 commit = False
 tag = False
 allow_dirty = True
diff --git a/docker/Makefile b/docker/Makefile
index e65f869bd..c6e4886b6 100644
--- a/docker/Makefile
+++ b/docker/Makefile
@@ -4,7 +4,7 @@ DATABASE_URL_ETOOLS?=
 DEVELOP?=0
 DOCKER_PASS?=
 DOCKER_USER?=
-TARGET?=1.8a10
+TARGET?=1.8a12
 # below vars are used internally
 BUILD_OPTIONS?=--squash
 CMD?=datamart
diff --git a/src/etools_datamart/__init__.py b/src/etools_datamart/__init__.py
index 734ccd1fe..5dfc00dd6 100644
--- a/src/etools_datamart/__init__.py
+++ b/src/etools_datamart/__init__.py
@@ -1,3 +1,3 @@
 NAME = 'etools-datamart'
-VERSION = __version__ = '1.8a10'
+VERSION = __version__ = '1.8a12'
 __author__ = ''

From 6739136f97a5a67ce847e17f610c4aa68af6824b Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Mon, 17 Dec 2018 17:27:51 +0100
Subject: [PATCH 59/86] add ability toi create local passwords

---
 Pipfile                                       |   2 +
 Pipfile.lock                                  | 204 ++++++++++--------
 .../api/endpoints/datamart/intervention.py    |   2 +
 .../api/endpoints/datamart/serializers.py     |   8 +-
 src/etools_datamart/api/metadata.py           |   8 +-
 src/etools_datamart/apps/etools/utils.py      |  11 +-
 src/etools_datamart/apps/me/__init__.py       |   0
 src/etools_datamart/apps/me/apps.py           |   6 +
 src/etools_datamart/apps/me/forms.py          |   5 +
 .../apps/me/templates/me/base.html            |  19 ++
 .../apps/me/templates/me/profile.html         |  75 +++++++
 src/etools_datamart/apps/me/urls.py           |   8 +
 src/etools_datamart/apps/me/views.py          |  52 +++++
 src/etools_datamart/apps/web/static/style.css |  77 +++++--
 .../apps/web/static/style.css.map             |   2 +-
 .../apps/web/static/style.scss                |  96 ++++++++-
 .../apps/web/templates/base.html              |  10 +-
 .../apps/web/templates/index.html             |   1 +
 src/etools_datamart/config/settings.py        |   5 +-
 src/etools_datamart/config/urls.py            |   1 +
 src/unicef_rest_framework/renderers/xls.py    |   8 +-
 src/unicef_rest_framework/views_mixins.py     |   2 +-
 src/unicef_security/admin.py                  |  77 ++++++-
 src/unicef_security/graph.py                  |  10 +-
 src/unicef_security/models.py                 |   3 +
 .../admin/unicef_security/add_grants.html     |  28 +++
 tests/tracking/test_tracking_log.py           |  54 ++---
 27 files changed, 620 insertions(+), 154 deletions(-)
 create mode 100644 src/etools_datamart/apps/me/__init__.py
 create mode 100644 src/etools_datamart/apps/me/apps.py
 create mode 100644 src/etools_datamart/apps/me/forms.py
 create mode 100644 src/etools_datamart/apps/me/templates/me/base.html
 create mode 100644 src/etools_datamart/apps/me/templates/me/profile.html
 create mode 100644 src/etools_datamart/apps/me/urls.py
 create mode 100644 src/etools_datamart/apps/me/views.py
 create mode 100644 src/unicef_security/templates/admin/unicef_security/add_grants.html

diff --git a/Pipfile b/Pipfile
index 4d41fbbe5..9180c3e7c 100644
--- a/Pipfile
+++ b/Pipfile
@@ -57,6 +57,8 @@ django-celery-email = "*"
 django-crispy-forms = "*"
 django-adminactions = "*"
 django-dbtemplates = {file = "https://github.com/jazzband/django-dbtemplates/archive/2.0.1.tar.gz"}
+versio = "*"
+django-advanced-filters = "*"
 
 [dev-packages]
 "flake8" = ">=3.6.0"
diff --git a/Pipfile.lock b/Pipfile.lock
index fae140675..69ecc7ceb 100644
--- a/Pipfile.lock
+++ b/Pipfile.lock
@@ -1,7 +1,7 @@
 {
     "_meta": {
         "hash": {
-            "sha256": "b1879bd53009e1f06a3807d199702cf1374021f4870a64405554612221101c57"
+            "sha256": "7a29728791906015202ba6cf938da292e2bebd32289e0f52e65e01d83358ec18"
         },
         "pipfile-spec": 6,
         "requires": {
@@ -215,17 +215,17 @@
         },
         "azure-mgmt-containerregistry": {
             "hashes": [
-                "sha256:7db871a74dfe6b8f54e208f6e2f43e0f6a034625a735d62013071c5e44409f8d",
-                "sha256:d5419db4543aaf5d83f73e087df0c0193f6b987f5c6161ac0fdd8eeabbfd23b0"
+                "sha256:09f1554da5a86f645fe816620223f93000bcbc5cbfb92e210077e3c5cdaf0b95",
+                "sha256:75cd215bbf2e3254b2e03eb0b4efc047aac85c79d3527aeb2aa6059e784b7ed0"
             ],
-            "version": "==2.4.0"
+            "version": "==2.5.0"
         },
         "azure-mgmt-containerservice": {
             "hashes": [
-                "sha256:2ff15bc2de14dbcee93d25d7cbe379c88aa751bc13cb199076b127fc4e221acb",
-                "sha256:99df430a03aada02625e35ef13d7de6c667e9bef56b5e2f60b2c284514223bff"
+                "sha256:219ace1349dd95198de4f4c8e63b67d4780a8e93a0151f3423db3bafadde912d",
+                "sha256:c8b8dfe8a2bfeac5d19dd6e32251a306741c50b4b167ca765dc83ea13a06dd48"
             ],
-            "version": "==4.2.2"
+            "version": "==4.3.0"
         },
         "azure-mgmt-cosmosdb": {
             "hashes": [
@@ -761,10 +761,10 @@
         },
         "django-adminactions": {
             "hashes": [
-                "sha256:15934cad0ee1ef198f715dc4c21599bc6add72ca667ba4118c4266d382ddd0e3"
+                "sha256:cc8d236797dcebdfa229dc0f938dc8c5ab648b488318c9f584a13df8a03bd066"
             ],
             "index": "pypi",
-            "version": "==1.5"
+            "version": "==1.6.0"
         },
         "django-adminfilters": {
             "hashes": [
@@ -773,6 +773,14 @@
             "index": "pypi",
             "version": "==1.1.0"
         },
+        "django-advanced-filters": {
+            "hashes": [
+                "sha256:4d9c6a3ca38f212fa0000f0a35426a046ead98d8608ffe341912dfcc3b0da87f",
+                "sha256:adee9498daa65125584c4cc0d37f7636427366fb96cc707bef8133b1dc22c405"
+            ],
+            "index": "pypi",
+            "version": "==1.1.0"
+        },
         "django-appconf": {
             "hashes": [
                 "sha256:6a4d9aea683b4c224d97ab8ee11ad2d29a37072c0c6c509896dd9857466fb261",
@@ -1030,11 +1038,11 @@
         },
         "drf-renderer-xlsx": {
             "hashes": [
-                "sha256:1fad2c299f444a68b2ff963a28df11697427afc582485bab26e8efacf1596bfb",
-                "sha256:b08c55b4a0c75578457fbfcaf75fce081cce0f46c84ddce0d86abf01dbce8c27"
+                "sha256:21e9975f6ac6a45c91e8109f5c53ae6ae0569b9a8d4406e74590efafc56ef448",
+                "sha256:9bbdcd210abdf66e8c22b2c2cdb3fac67b017c151d496a944a52ff33a777c3b6"
             ],
             "index": "pypi",
-            "version": "==0.3.0"
+            "version": "==0.3.1"
         },
         "drf-yasg": {
             "extras": [
@@ -1085,10 +1093,10 @@
         },
         "idna": {
             "hashes": [
-                "sha256:156a6814fb5ac1fc6850fb002e0852d56c0c8d2531923a51032d1b70760e186e",
-                "sha256:684a38a6f903c1d71d6d5fac066b58d7768af4de2b832e426ec79c30daa94a16"
+                "sha256:c357b3f628cf53ae2c4c05627ecc484553142ca23264e593d327bcde5e9c3407",
+                "sha256:ea8b7f6188e6fa117537c3df7da9fc686d485087abf6ac197f9c46432f7e4a3c"
             ],
-            "version": "==2.7"
+            "version": "==2.8"
         },
         "inflection": {
             "hashes": [
@@ -1146,10 +1154,10 @@
         },
         "kombu": {
             "hashes": [
-                "sha256:86adec6c60f63124e2082ea8481bbe4ebe04fde8ebed32c177c7f0cd2c1c9082",
-                "sha256:b274db3a4eacc4789aeb24e1de3e460586db7c4fc8610f7adcc7a3a1709a60af"
+                "sha256:52763f41077e25fe7e2f17b8319d8a7b7ab953a888c49d9e4e0464fceb716896",
+                "sha256:9bf7d37b93249b76a03afb7bbcf7149a358b6079ca2431e725414b1caa10922c"
             ],
-            "version": "==4.2.1"
+            "version": "==4.2.2"
         },
         "markupsafe": {
             "hashes": [
@@ -1311,10 +1319,10 @@
         },
         "pyjwt": {
             "hashes": [
-                "sha256:00414bfef802aaecd8cc0d5258b6cb87bd8f553c2986c2c5f29b19dd5633aeb7",
-                "sha256:ddec8409c57e9d371c6006e388f91daf3b0b43bdf9fcbf99451fb7cf5ce0a86d"
+                "sha256:5c6eca3c2940464d106b99ba83b00c6add741c9becaec087fb7ccdefea71350e",
+                "sha256:8d59a976fb773f3e6a39c85636357c4f0e242707394cadadd9814f5cbaa20e96"
             ],
-            "version": "==1.7.0"
+            "version": "==1.7.1"
         },
         "pyparsing": {
             "hashes": [
@@ -1428,10 +1436,10 @@
         },
         "requests": {
             "hashes": [
-                "sha256:65b3a120e4329e33c9889db89c80976c5272f56ea92d3e74da8a463992e3ff54",
-                "sha256:ea881206e59f41dbd0bd445437d792e43906703fff75ca8ff43ccdb11f33f263"
+                "sha256:502a824f31acdacb3a35b6690b5fbf0bc41d63a24a45c4004352b0242707598e",
+                "sha256:7bf2a778576d825600030a110f3c0e3e8edc51dfaafe1c146e39a2027784957b"
             ],
-            "version": "==2.20.1"
+            "version": "==2.21.0"
         },
         "requests-oauthlib": {
             "hashes": [
@@ -1449,37 +1457,54 @@
         },
         "ruamel.yaml": {
             "hashes": [
-                "sha256:10079d03b5c93d54be90e4fe23d4b1f32502d7da98077e2a746c216bedba3d75",
-                "sha256:1ff2289958e09fac2aa573e7a9fb9c953ddf89f67c3a42693394920f72001348",
-                "sha256:3b8af255839c39d3dfd0dcb82db349f38db28a2f7adbe05387bea87de15ac146",
-                "sha256:418ee849362ad59c19064af3ce09666d0898969eadb25964b693827fb68cfeca",
-                "sha256:4f203351575dba0829c7b1e5d376d08cf5f58e4a2b844e8ce552b3e41cd414e6",
-                "sha256:5421c3fb144d6e1de0dc00d8a1f919f558c3156c48aa7aa2acbd7754530dfeb7",
-                "sha256:59a17a6225d6d60150647d2fd707fcb1ee54ea31dd0048ea120c7bf2c9093451",
-                "sha256:6acdf9d7bea6ff8541e96e4694b9fd1e0728be88ef512afc28da0804590533f7",
-                "sha256:70ed366ad65780040f5bf5e34c75f450e3f0ca9a8b2534cfc0293c387ec1c32f",
-                "sha256:7e9dc8d095d952c352d9f63cab5283430c910b77793f323ce8d64921f65aaa53",
-                "sha256:8344a08555f8494ae16a2e4f445e5bfce80f82010d9e5091c870aadee5c4b14a",
-                "sha256:90b1f9ed3893b0713e0bc47cfa93be72ddb6d5a969c31979d36c2854dc8b87dd",
-                "sha256:93f262943089657675b336f804b721e6b76f67cc61f6bfc91b3f35f8e71a8a64",
-                "sha256:9996c6371bfe3051340a469037323f533bbdf2dea9b6914da27e62696c81712b",
-                "sha256:9d9a382be1c150d23cd1291091454ea801522629bd22531f0b2c41ab21a81deb",
-                "sha256:adb57424caeb48f8cf1c937e4c571e5720e38601a77dd87d4c1178d406a72821",
-                "sha256:b5147c0919c6ce29c278afe21bf64c3f099afc271364a038c5e59fcf7bb672fb",
-                "sha256:b71cfb6c90f7b6db26842923e5c178c3ad232577f6097ebca3651be366c84b36",
-                "sha256:d9a82d37a4b006b12e09550ff57f7edb5ec987f0d9128fc44f590d56683aa97d",
-                "sha256:dc76688fb7994bf9c2370e28238bd56f9fe7e1d02675f3b1e06fc35967375869",
-                "sha256:fa5ae31d1aea11b528f5987e43194abdfcb44a5a259172221097eb6f74bd0965",
-                "sha256:ff6046de0ed29c3f3e6ba2ce164a85781af16dd49049af1b0402b8a6d15a25ca"
-            ],
-            "version": "==0.15.80"
+                "sha256:013ae9f361cc491f491bf42070a855304a2af08d8bae30286da3c0df9a534d48",
+                "sha256:1890548aeeb0486892a316292bfa4041a7322c0f8047b0b30efa3c1aa2041d10",
+                "sha256:203d03410fa1bc5e16e587597919c3b5b25134f77a3480504ecc37ac5f80bc0c",
+                "sha256:22de3967f810236f0a7012d8f61465eb4f8775c9ea2c26352126d12d53dc171b",
+                "sha256:2a8e57c9ada267713eea270c3e7027372fe3dbcdad896447bd040381ab4194a7",
+                "sha256:3ef17bf29cc5b0c261e73a8f414e8cc097568095caca4e81a33d85d01f09a255",
+                "sha256:54ed540886773f23213b9af3b96a5d56289bec49a20cafa967aee4f2d4a5bac6",
+                "sha256:667b9cd5722b8f5e67d7b8858ed0cf0e91341a022805133416017a32a9b0c731",
+                "sha256:6cbe7273a2e7667cd2ca7b12bec1c715a8259ad80f09c6f12c378f664d29fa5e",
+                "sha256:7615753d902daa884efbabcfa794e6452f7a2da70eb614bf4b6c1bdf294a351e",
+                "sha256:95a82a2818b7e9c288dd5b4f18cea8e3e265cbcc3f6f9a59aa1bb8c7148f7554",
+                "sha256:9642484f4d669337894e2b5503df6b01b64ae063fe2d335b5352a1baefb16245",
+                "sha256:a6bedf2118add5143c9a5b36add2ed6d761831494923a0fca7a0d71b3abdaea5",
+                "sha256:a798ab6e524fe378f9c671e47cb6ba8c8448a05b98f3191cd513a420f0ca72cc",
+                "sha256:bc063dec1ab6701498a71e6e8c66851d0cdd2ed4037f96e0d162b649a891c3a2",
+                "sha256:c32261177f6f78a706fc850b3c7537ec9d3c56bb951801c7da2a1743388a8f22",
+                "sha256:c4d08d4dbb433917ca5a9cdfba79df4fb80bfc88292ca4c8ef68091ee2b86798",
+                "sha256:db0e164fced130cd379b9610e3eb20f9d4caca8ceee69c6860ea6d9c3ab6fed4",
+                "sha256:dbce257cd2c7e15c8e55609955788533091e2895af027a7753100aaab8530601",
+                "sha256:ec74a3893fb4078fc86b85814db980a1fa2ed43141095ac9faab76828ffe7326",
+                "sha256:ecc9d9e81567452244c3e3b2a1032de4626ae79743426aa6372c7ec3f88917f8",
+                "sha256:f29fecbe81a6e1648ae60fe5c0662805de05c205b2d0f5662e8da72aee1a40dd"
+            ],
+            "version": "==0.15.81"
+        },
+        "simplejson": {
+            "hashes": [
+                "sha256:067a7177ddfa32e1483ba5169ebea1bc2ea27f224853211ca669325648ca5642",
+                "sha256:2fc546e6af49fb45b93bbe878dea4c48edc34083729c0abd09981fe55bdf7f91",
+                "sha256:354fa32b02885e6dae925f1b5bbf842c333c1e11ea5453ddd67309dc31fdb40a",
+                "sha256:37e685986cf6f8144607f90340cff72d36acf654f3653a6c47b84c5c38d00df7",
+                "sha256:3af610ee72efbe644e19d5eaad575c73fb83026192114e5f6719f4901097fce2",
+                "sha256:3b919fc9cf508f13b929a9b274c40786036b31ad28657819b3b9ba44ba651f50",
+                "sha256:3dd289368bbd064974d9a5961101f080e939cbe051e6689a193c99fb6e9ac89b",
+                "sha256:6c3258ffff58712818a233b9737fe4be943d306c40cf63d14ddc82ba563f483a",
+                "sha256:75e3f0b12c28945c08f54350d91e624f8dd580ab74fd4f1bbea54bc6b0165610",
+                "sha256:b1f329139ba647a9548aa05fb95d046b4a677643070dc2afc05fa2e975d09ca5",
+                "sha256:ee9625fc8ee164902dfbb0ff932b26df112da9f871c32f0f9c1bcf20c350fe2a",
+                "sha256:fb2530b53c28f0d4d84990e945c2ebb470edb469d63e389bf02ff409012fe7c5"
+            ],
+            "version": "==3.16.0"
         },
         "six": {
             "hashes": [
-                "sha256:70e8a77beed4562e7f14fe23a786b54f6296e34344c23bc42f07b15018ff98e9",
-                "sha256:832dc0e10feb1aa2c68dcc57dbb658f1c7e65b9b61af69048abc87a2db00a0eb"
+                "sha256:3350809f0555b11f552448330d0b52d5f24c91a322ea4a15ef22629740f3761c",
+                "sha256:d16a0141ec1a18405cd4ce8b4613101da75da0e9a7aec5bdd4fa804d0e0eba73"
             ],
-            "version": "==1.11.0"
+            "version": "==1.12.0"
         },
         "social-auth-app-django": {
             "hashes": [
@@ -1547,6 +1572,13 @@
             ],
             "version": "==1.3"
         },
+        "versio": {
+            "hashes": [
+                "sha256:7a7346d81ad0a0186bfc846736296a3381b728d322c1e47763c111608e9426d4"
+            ],
+            "index": "pypi",
+            "version": "==0.4.0"
+        },
         "vine": {
             "hashes": [
                 "sha256:52116d59bc45392af9fdd3b75ed98ae48a93e822cee21e5fda249105c59a7a72",
@@ -1578,10 +1610,10 @@
         },
         "xlrd": {
             "hashes": [
-                "sha256:83a1d2f1091078fb3f65876753b5302c5cfb6a41de64b9587b74cefa75157148",
-                "sha256:8a21885513e6d915fe33a8ee5fdfa675433b61405ba13e2a69e62ee36828d7e2"
+                "sha256:546eb36cee8db40c3eaa46c351e67ffee6eeb5fa2650b71bc4c758a29a1b29b2",
+                "sha256:e551fb498759fa3a5384a94ccd4c3c02eb7c00ea424426e212ac0c57be9dfbde"
             ],
-            "version": "==1.1.0"
+            "version": "==1.2.0"
         },
         "xlwt": {
             "hashes": [
@@ -1778,10 +1810,10 @@
         },
         "faker": {
             "hashes": [
-                "sha256:c61a41d0dab8865b850bd00454fb11e90f3fd2a092d8bc90120d1e1c01cff906",
-                "sha256:f909ff9133ce0625ca388b6838190630ad7a593f87eaf058d872338a76241d5d"
+                "sha256:228419b0a788a7ac867ebfafdd438461559ab1a0975edb607300852d9acaa78d",
+                "sha256:52a3dcc6a565b15fe1c95090321756d5a8a7c1caf5ab3df2f573ed70936ff518"
             ],
-            "version": "==1.0.0"
+            "version": "==1.0.1"
         },
         "fancycompleter": {
             "hashes": [
@@ -1814,10 +1846,10 @@
         },
         "idna": {
             "hashes": [
-                "sha256:156a6814fb5ac1fc6850fb002e0852d56c0c8d2531923a51032d1b70760e186e",
-                "sha256:684a38a6f903c1d71d6d5fac066b58d7768af4de2b832e426ec79c30daa94a16"
+                "sha256:c357b3f628cf53ae2c4c05627ecc484553142ca23264e593d327bcde5e9c3407",
+                "sha256:ea8b7f6188e6fa117537c3df7da9fc686d485087abf6ac197f9c46432f7e4a3c"
             ],
-            "version": "==2.7"
+            "version": "==2.8"
         },
         "importlib-metadata": {
             "hashes": [
@@ -1860,10 +1892,10 @@
         },
         "jedi": {
             "hashes": [
-                "sha256:0191c447165f798e6a730285f2eee783fff81b0d3df261945ecb80983b5c3ca7",
-                "sha256:b7493f73a2febe0dc33d51c99b474547f7f6c0b2c8fb2b21f453eef204c12148"
+                "sha256:571702b5bd167911fe9036e5039ba67f820d6502832285cde8c881ab2b2149fd",
+                "sha256:c8481b5e59d34a5c7c42e98f6625e633f6ef59353abea6437472c7ec2093f191"
             ],
-            "version": "==0.13.1"
+            "version": "==0.13.2"
         },
         "mccabe": {
             "hashes": [
@@ -2002,18 +2034,18 @@
         },
         "pygments": {
             "hashes": [
-                "sha256:6301ecb0997a52d2d31385e62d0a4a4cf18d2f2da7054a5ddad5c366cd39cee7",
-                "sha256:82666aac15622bd7bb685a4ee7f6625dd716da3ef7473620c192c0168aae64fc"
+                "sha256:5ffada19f6203563680669ee7f53b64dabbeb100eb51b61996085e99c03b284a",
+                "sha256:e8218dd399a61674745138520d0d4cf2621d7e032439341bc3f647bff125818d"
             ],
-            "version": "==2.3.0"
+            "version": "==2.3.1"
         },
         "pytest": {
             "hashes": [
-                "sha256:1d131cc532be0023ef8ae265e2a779938d0619bb6c2510f52987ffcba7fa1ee4",
-                "sha256:ca4761407f1acc85ffd1609f464ca20bb71a767803505bd4127d0e45c5a50e23"
+                "sha256:f689bf2fc18c4585403348dd56f47d87780bf217c53ed9ae7a3e2d7faa45f8e9",
+                "sha256:f812ea39a0153566be53d88f8de94839db1e8a05352ed8a49525d7d7f37861e9"
             ],
             "index": "pypi",
-            "version": "==4.0.1"
+            "version": "==4.0.2"
         },
         "pytest-cov": {
             "hashes": [
@@ -2098,17 +2130,17 @@
         },
         "requests": {
             "hashes": [
-                "sha256:65b3a120e4329e33c9889db89c80976c5272f56ea92d3e74da8a463992e3ff54",
-                "sha256:ea881206e59f41dbd0bd445437d792e43906703fff75ca8ff43ccdb11f33f263"
+                "sha256:502a824f31acdacb3a35b6690b5fbf0bc41d63a24a45c4004352b0242707598e",
+                "sha256:7bf2a778576d825600030a110f3c0e3e8edc51dfaafe1c146e39a2027784957b"
             ],
-            "version": "==2.20.1"
+            "version": "==2.21.0"
         },
         "six": {
             "hashes": [
-                "sha256:70e8a77beed4562e7f14fe23a786b54f6296e34344c23bc42f07b15018ff98e9",
-                "sha256:832dc0e10feb1aa2c68dcc57dbb658f1c7e65b9b61af69048abc87a2db00a0eb"
+                "sha256:3350809f0555b11f552448330d0b52d5f24c91a322ea4a15ef22629740f3761c",
+                "sha256:d16a0141ec1a18405cd4ce8b4613101da75da0e9a7aec5bdd4fa804d0e0eba73"
             ],
-            "version": "==1.11.0"
+            "version": "==1.12.0"
         },
         "text-unidecode": {
             "hashes": [
@@ -2210,18 +2242,20 @@
         },
         "yarl": {
             "hashes": [
-                "sha256:2556b779125621b311844a072e0ed367e8409a18fa12cbd68eb1258d187820f9",
-                "sha256:4aec0769f1799a9d4496827292c02a7b1f75c0bab56ab2b60dd94ebb57cbd5ee",
-                "sha256:55369d95afaacf2fa6b49c84d18b51f1704a6560c432a0f9a1aeb23f7b971308",
-                "sha256:6c098b85442c8fe3303e708bbb775afd0f6b29f77612e8892627bcab4b939357",
-                "sha256:9182cd6f93412d32e009020a44d6d170d2093646464a88aeec2aef50592f8c78",
-                "sha256:c8cbc21bbfa1dd7d5386d48cc814fe3d35b80f60299cdde9279046f399c3b0d8",
-                "sha256:db6f70a4b09cde813a4807843abaaa60f3b15fb4a2a06f9ae9c311472662daa1",
-                "sha256:f17495e6fe3d377e3faac68121caef6f974fcb9e046bc075bcff40d8e5cc69a4",
-                "sha256:f85900b9cca0c67767bb61b2b9bd53208aaa7373dae633dbe25d179b4bf38aa7"
+                "sha256:024ecdc12bc02b321bc66b41327f930d1c2c543fa9a561b39861da9388ba7aa9",
+                "sha256:2f3010703295fbe1aec51023740871e64bb9664c789cba5a6bdf404e93f7568f",
+                "sha256:3890ab952d508523ef4881457c4099056546593fa05e93da84c7250516e632eb",
+                "sha256:3e2724eb9af5dc41648e5bb304fcf4891adc33258c6e14e2a7414ea32541e320",
+                "sha256:5badb97dd0abf26623a9982cd448ff12cb39b8e4c94032ccdedf22ce01a64842",
+                "sha256:73f447d11b530d860ca1e6b582f947688286ad16ca42256413083d13f260b7a0",
+                "sha256:7ab825726f2940c16d92aaec7d204cfc34ac26c0040da727cf8ba87255a33829",
+                "sha256:b25de84a8c20540531526dfbb0e2d2b648c13fd5dd126728c496d7c3fea33310",
+                "sha256:c6e341f5a6562af74ba55205dbd56d248daf1b5748ec48a0200ba227bb9e33f4",
+                "sha256:c9bb7c249c4432cd47e75af3864bc02d26c9594f49c82e2a28624417f0ae63b8",
+                "sha256:e060906c0c585565c718d1c3841747b61c5439af2211e185f6739a9412dfbde1"
             ],
             "markers": "python_version >= '3.4'",
-            "version": "==1.2.6"
+            "version": "==1.3.0"
         }
     }
 }
diff --git a/src/etools_datamart/api/endpoints/datamart/intervention.py b/src/etools_datamart/api/endpoints/datamart/intervention.py
index 33c598aba..f0fbf7826 100644
--- a/src/etools_datamart/api/endpoints/datamart/intervention.py
+++ b/src/etools_datamart/api/endpoints/datamart/intervention.py
@@ -2,6 +2,7 @@
 # import django_filters
 from django_filters import rest_framework as filters
 
+from etools_datamart.api.endpoints.datamart.serializers import InterventionSerializerFull
 from etools_datamart.apps.data import models
 
 from . import serializers
@@ -44,6 +45,7 @@ class InterventionViewSet(common.DataMartViewSet):
     filter_fields = ('country_name', 'title', 'status', 'last_modify_date',
                      'start_date', 'submission_date', 'document_type')
     serializers_fieldsets = {'std': None,
+                             'full': InterventionSerializerFull,
                              'short': ["title", "number", "country_name", "start_date"]}
     # filter_backends = [DjangoFilterBackend, OrderingFilter]
     # filterset_fields = ('category', 'in_stock')
diff --git a/src/etools_datamart/api/endpoints/datamart/serializers.py b/src/etools_datamart/api/endpoints/datamart/serializers.py
index 4861985ac..b4990a923 100644
--- a/src/etools_datamart/api/endpoints/datamart/serializers.py
+++ b/src/etools_datamart/api/endpoints/datamart/serializers.py
@@ -17,11 +17,17 @@ class Meta(DataMartSerializer.Meta):
         model = models.PMPIndicators
 
 
-class InterventionSerializer(DataMartSerializer):
+class InterventionSerializerFull(DataMartSerializer):
     class Meta(DataMartSerializer.Meta):
         model = models.Intervention
 
 
+class InterventionSerializer(InterventionSerializerFull):
+    class Meta(DataMartSerializer.Meta):
+        model = models.Intervention
+        exclude = ('metadata',)
+
+
 class FAMIndicatorSerializer(DataMartSerializer):
     class Meta(DataMartSerializer.Meta):
         model = models.FAMIndicator
diff --git a/src/etools_datamart/api/metadata.py b/src/etools_datamart/api/metadata.py
index 28691ec42..1f110bdcd 100644
--- a/src/etools_datamart/api/metadata.py
+++ b/src/etools_datamart/api/metadata.py
@@ -70,8 +70,12 @@ def determine_metadata(self, request, view):
         metadata['filters'] = getattr(view, 'filter_fields', '')
         metadata['filter_blacklist'] = getattr(view, 'filter_blacklist', '')
         metadata['ordering'] = getattr(view, 'ordering_fields', '')
-        metadata['serializers'] = getattr(view, 'serializers_fieldsets', '')
-        # from django.db import connection
+        if hasattr(view, 'serializers_fieldsets'):
+            metadata['serializers'] = ", ".join(view.serializers_fieldsets.keys())
+        else:
+            metadata['serializers'] = 'std'
+
+            # from django.db import connection
         # with connection.schema_editor() as editor:
         #     sql = get_create_model(editor, view.queryset.model)
         # metadata['sql'] = sql
diff --git a/src/etools_datamart/apps/etools/utils.py b/src/etools_datamart/apps/etools/utils.py
index 4bece3675..044ee0071 100644
--- a/src/etools_datamart/apps/etools/utils.py
+++ b/src/etools_datamart/apps/etools/utils.py
@@ -1,6 +1,7 @@
 from functools import lru_cache
 
 from django.db import connections
+from unicef_rest_framework.models import Service
 from unicef_security.models import Role
 
 from etools_datamart.apps.etools.models import UsersUserprofile
@@ -19,9 +20,15 @@ def get_allowed_schemas(user):
         if etools_user:
             aa.extend(set(etools_user.countries_available.values_list('schema_name', flat=True)))
 
-    return set(filter(None, aa))
+    return set(sorted(filter(None, aa)))
     # return set(map(lambda s: s.lower(), aa))
-#
+
+
+def get_allowed_services(user):
+    if user.is_superuser:
+        return Service.objects.all()
+    return Service.objects.filter(groupaccesscontrol__group__user=user)
+
 # def schema_is_valid(*schema):
 #     return schema in conn.all_schemas
 
diff --git a/src/etools_datamart/apps/me/__init__.py b/src/etools_datamart/apps/me/__init__.py
new file mode 100644
index 000000000..e69de29bb
diff --git a/src/etools_datamart/apps/me/apps.py b/src/etools_datamart/apps/me/apps.py
new file mode 100644
index 000000000..b6966f872
--- /dev/null
+++ b/src/etools_datamart/apps/me/apps.py
@@ -0,0 +1,6 @@
+# -*- coding: utf-8 -*-
+from django.apps import AppConfig
+
+
+class Config(AppConfig):
+    name = 'etools_datamart.apps.me'
diff --git a/src/etools_datamart/apps/me/forms.py b/src/etools_datamart/apps/me/forms.py
new file mode 100644
index 000000000..ba693d570
--- /dev/null
+++ b/src/etools_datamart/apps/me/forms.py
@@ -0,0 +1,5 @@
+from django import forms
+
+
+class ProfileForm(forms.Form):
+    pass
diff --git a/src/etools_datamart/apps/me/templates/me/base.html b/src/etools_datamart/apps/me/templates/me/base.html
new file mode 100644
index 000000000..d5c0938f8
--- /dev/null
+++ b/src/etools_datamart/apps/me/templates/me/base.html
@@ -0,0 +1,19 @@
+{% extends 'base.html' %}{% load static %}
+{% block title %}Profile{% endblock %}
+{% block body %}
+    <div id="header">
+        <img src="{% static 'unicef_logo.png' %}" width="100">
+    </div>
+    <div class="menubar">
+        <span><a href="{% url "home" %}">Home</a></span>
+        <span><a href="{% url "api:api-root" version="latest" %}">API</a></span>
+        <span><a href="{% url "api:schema-redoc" %}">Documentation</a></span>
+
+        {% if user.is_staff %}
+            <span><a href="{% url "admin:index" %}">Admin</a></span>
+        {% endif %}
+    </div>
+
+    {% block content %}
+    {% endblock %}
+{% endblock %}
diff --git a/src/etools_datamart/apps/me/templates/me/profile.html b/src/etools_datamart/apps/me/templates/me/profile.html
new file mode 100644
index 000000000..658567d02
--- /dev/null
+++ b/src/etools_datamart/apps/me/templates/me/profile.html
@@ -0,0 +1,75 @@
+{% extends 'me/base.html' %}{% load static %}
+
+{% block title %}Profile{% endblock %}
+{% block content %}
+    <div style="padding: 30px">
+        <div id="areas">
+            <h1>Areas</h1>
+            <ul>
+                {% for area in business_areas %}
+                    <li>{{ area }}</li>
+                {% endfor %}
+            </ul>
+        </div>
+        <div id="services">
+            <h1>Services</h1>
+
+            <ul>
+                {% for service in services %}
+                    <li>{{ service.name }}</li>
+                {% endfor %}
+            </ul>
+        </div>
+        <div id="password">
+            <form method="post">
+                {% csrf_token %}
+                <div class="message">
+                    {% if password %}
+                        A new password has been generated, save it in a safe place.
+                        Datamart cannot shows it in the future. If lost you must
+                        generate a new one
+                        <input type="text" class="password" name="password"
+                               readonly="readonly" value="{{ password }}">
+                    {% else %}
+                        {% if user.has_usable_password %}
+                            You have enabled extended Excel integration , Datamart cannot
+                            show you the password but can generate a new one.
+                            <input type="text" class="password" name="password"
+                               readonly="readonly" value="**********">
+                        {% else %}
+                            Extended Excel integration is disabled.
+                            To enable it you must generate a valid password.
+                        {% endif %}
+                    {% endif %}
+                </div>
+
+                {% if password %}
+                    <input class="btn btn-submit" type="submit" value="ReGenerate">
+                    <input class="btn" id="copyToClipboard" type="button" value="Copy">
+                {% else %}
+                    {% if user.has_usable_password %}
+                        <input class="btn btn-submit" type="submit" value="ReGenerate">
+                    {% else %}
+                        <input class="btn" type="submit" value="Generate">
+                    {% endif %}
+                {% endif %}
+            </form>
+        </div>
+    </div>
+    <script>
+    </script>
+{% endblock %}
+{% block bottom_scripts %}
+    <script src="{% static 'jquery-3.3.1.min.js' %}"></script>
+
+    <script>
+        $("#copyToClipboard").on("click", function () {
+            let msg = "<div class='center'>Copied to clipboard</div>";
+            $('input[name=password]').select();
+            document.execCommand("copy");
+            console.log("copied");
+            $('input[name=password]').val('*********').after(msg);
+            $("#copyToClipboard").hide();
+        });
+    </script>
+{% endblock %}
diff --git a/src/etools_datamart/apps/me/urls.py b/src/etools_datamart/apps/me/urls.py
new file mode 100644
index 000000000..5c1600f65
--- /dev/null
+++ b/src/etools_datamart/apps/me/urls.py
@@ -0,0 +1,8 @@
+from django.urls import path
+
+from .views import ProfileView
+
+urlpatterns = [
+    path(r'', ProfileView.as_view(), name='profile'),
+
+]
diff --git a/src/etools_datamart/apps/me/views.py b/src/etools_datamart/apps/me/views.py
new file mode 100644
index 000000000..7b13e312a
--- /dev/null
+++ b/src/etools_datamart/apps/me/views.py
@@ -0,0 +1,52 @@
+import random
+import string
+
+from django.contrib.auth.decorators import login_required
+from django.template.response import TemplateResponse
+from django.views.generic.edit import FormView
+
+from etools_datamart.apps.etools.utils import get_allowed_schemas, get_allowed_services
+from etools_datamart.apps.me.forms import ProfileForm
+
+
+@login_required
+def profile(request):
+    context = {'form': ProfileForm()}
+    return TemplateResponse(request, 'index.html', context)
+
+
+class ProfileView(FormView):
+    form_class = ProfileForm
+    template_name = 'me/profile.html'
+
+    def generate(self, length=20):
+        pwd = ""
+        count = 0
+        while count != length:
+            upper = [random.choice(string.ascii_uppercase)]
+            lower = [random.choice(string.ascii_lowercase)]
+            num = [random.choice(string.digits)]
+            symbol = [random.choice(string.punctuation)]
+            everything = upper + lower + num + symbol
+            pwd += random.choice(everything)
+            count += 1
+            if count >= length:
+                return pwd
+
+    def get_context_data(self, **kwargs):
+        kwargs.update({'page': 'profile',
+                       'business_areas': get_allowed_schemas(self.request.user),
+                       'services': get_allowed_services(self.request.user),
+                       'user': self.request.user
+                       })
+        return super().get_context_data(**kwargs)
+
+    def get_initial(self):
+        return {
+        }
+
+    def form_valid(self, form):
+        pwd = self.generate()
+        ctx = self.get_context_data(form=form,
+                                    password=pwd)
+        return self.render_to_response(ctx)
diff --git a/src/etools_datamart/apps/web/static/style.css b/src/etools_datamart/apps/web/static/style.css
index a07198c6c..0c89bafe5 100644
--- a/src/etools_datamart/apps/web/static/style.css
+++ b/src/etools_datamart/apps/web/static/style.css
@@ -109,7 +109,6 @@ input.input100 {
 
 /*[ Button ]*/
 .container-login100-form-btn {
-  width: 100%;
   display: -webkit-box;
   display: -webkit-flex;
   display: -moz-box;
@@ -127,7 +126,6 @@ input.input100 {
   justify-content: center;
   align-items: center;
   padding: 0 20px;
-  width: 100%;
   height: 50px;
   border-radius: 3px;
   background: #2090F8;
@@ -157,37 +155,84 @@ input.input100 {
   -moz-border-radius: 20px;
   border-radius: 20px; }
 
-.monitor .menubar {
+.monitor .menubar, .profile .menubar {
   padding: 10px; }
-  .monitor .menubar a {
+  .monitor .menubar a, .profile .menubar a {
     text-transform: none;
     color: #2090F8; }
-    .monitor .menubar a:visited {
+    .monitor .menubar a:visited, .profile .menubar a:visited {
       text-transform: none; }
-.monitor #monitor {
+.monitor #monitor, .profile #monitor {
   width: 100%;
   padding: 30px; }
-  .monitor #monitor .SUCCESS {
+  .monitor #monitor .SUCCESS, .profile #monitor .SUCCESS {
     color: #00b200;
     font-weight: bold; }
-  .monitor #monitor .row {
+  .monitor #monitor .row, .profile #monitor .row {
     width: 100%;
     padding: 5px; }
-    .monitor #monitor .row.header {
+    .monitor #monitor .row.header, .profile #monitor .row.header {
       font-weight: bold; }
-    .monitor #monitor .row.odd {
+    .monitor #monitor .row.odd, .profile #monitor .row.odd {
       background-color: #eeeeee; }
-  .monitor #monitor .col {
+  .monitor #monitor .col, .profile #monitor .col {
     display: inline-block; }
-    .monitor #monitor .col.task {
+    .monitor #monitor .col.task, .profile #monitor .col.task {
       width: 30%; }
-    .monitor #monitor .col.last_run {
+    .monitor #monitor .col.last_run, .profile #monitor .col.last_run {
       width: 200px; }
-    .monitor #monitor .col.last_changes {
+    .monitor #monitor .col.last_changes, .profile #monitor .col.last_changes {
       width: 200px; }
-    .monitor #monitor .col.status {
+    .monitor #monitor .col.status, .profile #monitor .col.status {
       width: 120px; }
-    .monitor #monitor .col.subscription {
+    .monitor #monitor .col.subscription, .profile #monitor .col.subscription {
       width: 180px; }
 
+.profile #areas, .profile #services, .profile #password {
+  margin-right: 20px;
+  padding: 10px;
+  position: relative;
+  display: inline-block; }
+  .profile #areas h1, .profile #services h1, .profile #password h1 {
+    font-size: 14pt;
+    margin-bottom: 5px; }
+  .profile #areas ul, .profile #areas form, .profile #services ul, .profile #services form, .profile #password ul, .profile #password form {
+    border: 1px solid #cfcfcf;
+    overflow-y: scroll;
+    width: 200px;
+    height: 300px; }
+.profile #password .message {
+  margin: 20px;
+  text-align: left; }
+  .profile #password .message .password {
+    text-align: center;
+    margin: 20px;
+    padding: 20px;
+    font-family: monospace;
+    font-size: 20px;
+    border: 1px solid grey; }
+.profile #password form {
+  width: 400px;
+  overflow-y: auto;
+  text-align: center; }
+.profile #password .btn {
+  justify-content: center;
+  align-items: center;
+  padding: 0 20px;
+  height: 40px;
+  border-radius: 3px;
+  font-size: 12px;
+  color: #0;
+  line-height: 1.2;
+  text-transform: uppercase;
+  letter-spacing: 1px;
+  -webkit-transition: all 0.4s;
+  -o-transition: all 0.4s;
+  -moz-transition: all 0.4s;
+  transition: all 0.4s;
+  cursor: pointer; }
+.profile #password .btn-submit {
+  background: #2090F8;
+  color: #fff; }
+
 /*# sourceMappingURL=style.css.map */
diff --git a/src/etools_datamart/apps/web/static/style.css.map b/src/etools_datamart/apps/web/static/style.css.map
index 4fd629469..be77e013e 100644
--- a/src/etools_datamart/apps/web/static/style.css.map
+++ b/src/etools_datamart/apps/web/static/style.css.map
@@ -1,6 +1,6 @@
 {
 "version": 3,
-"mappings": "AACA,CAAE;EACA,MAAM,EAAE,GAAG;EACX,OAAO,EAAE,GAAG;EACZ,UAAU,EAAE,UAAU;;AAGxB,UAAW;EACT,MAAM,EAAE,GAAG;EACX,WAAW,EAAE,sDAAsD;EACnE,cAAE;IACA,KAAK,EAAE,KAAK;IACZ,0BAAQ;MACN,KAAK,EAAE,KAAK;EAIhB,4BAAS;IACP,KAAK,EAAE,KAAK;;AAIhB,QAAS;EACP,KAAK,EAAE,IAAI;EACX,MAAM,EAAE,MAAM;;AAGhB,iBAAkB;EAChB,KAAK,EAAE,IAAI;EACX,UAAU,EAAE,IAAI;EAChB,OAAO,EAAE,WAAW;EACpB,OAAO,EAAE,YAAY;EACrB,OAAO,EAAE,QAAQ;EACjB,OAAO,EAAE,WAAW;EACpB,OAAO,EAAE,IAAI;EACb,SAAS,EAAE,IAAI;EACf,eAAe,EAAE,MAAM;EACvB,WAAW,EAAE,MAAM;EACnB,OAAO,EAAE,IAAI;;AAGf,IAAK;EACH,KAAK,EAAE,MAAM;EACb,UAAU,EAAE,IAAI;EAChB,QAAQ,EAAE,MAAM;EAChB,OAAO,EAAE,WAAW;EACpB,OAAO,EAAE,YAAY;EACrB,OAAO,EAAE,QAAQ;EACjB,OAAO,EAAE,WAAW;EACpB,OAAO,EAAE,IAAI;EACb,SAAS,EAAE,IAAI;EACf,WAAW,EAAE,OAAO;EACpB,cAAc,EAAE,WAAW;;AAG7B,MAAO;EACL,KAAK,EAAE,GAAG;EAMV,SAAS,EAAE,IAAI;EACf,WAAK;IACH,OAAO,EAAE,cAAc;EAEzB,cAAQ;IACN,KAAK,EAAE,IAAI;IACX,UAAU,EAAE,MAAM;EAGpB,SAAG;IACD,KAAK,EAAE,IAAI;IACX,SAAS,EAAE,IAAI;IACf,UAAU,EAAE,MAAM;EAEpB,SAAG;IACD,SAAS,EAAE,IAAI;;AAInB,aAAc;EACZ,OAAO,EAAE,aAAa;EACtB,UAAU,EAAE,IAAI;EAChB,SAAS,EAAE,IAAI;EACf,eAAE;IACA,KAAK,EAAE,OAAO;IACd,cAAc,EAAE,IAAI;IACpB,eAAe,EAAE,IAAI;EAEvB,yBAAY;IACV,KAAK,EAAE,IAAI;IACX,SAAS,EAAE,GAAG;;AAKlB,IAAK;EACH,OAAO,EAAE,KAAK;EACd,MAAM,EAAE,IAAI;;AAGd,IAAK;EACH,OAAO,EAAE,KAAK;EACd,MAAM,EAAE,IAAI;;AAcd,mBAAmB;AAEnB,KAAM;EACJ,KAAK,EAAE,GAAG;EACV,iBAAiB,EAAE,SAAS;EAC5B,eAAe,EAAE,KAAK;EACtB,mBAAmB,EAAE,MAAM;EAC3B,QAAQ,EAAE,QAAQ;EAClB,OAAO,EAAE,CAAC;;AAaZ,OAAQ;EACN,aAAa,EAAE,IAAI;;AAGrB,cAAe;EACb,KAAK,EAAE,IAAI;EACX,QAAQ,EAAE,QAAQ;EAClB,MAAM,EAAE,iBAAiB;;AAG3B,SAAU;EACR,OAAO,EAAE,KAAK;EACd,KAAK,EAAE,IAAI;EACX,UAAU,EAAE,WAAW;EACvB,SAAS,EAAE,IAAI;EACf,KAAK,EAAE,OAAO;EACd,WAAW,EAAE,GAAG;EAChB,OAAO,EAAE,MAAM;;AAGjB,cAAe;EACb,MAAM,EAAE,IAAI;;AAGd,cAAc;AACd,4BAA6B;EAC3B,KAAK,EAAE,IAAI;EACX,OAAO,EAAE,WAAW;EACpB,OAAO,EAAE,YAAY;EACrB,OAAO,EAAE,QAAQ;EACjB,OAAO,EAAE,WAAW;EACpB,OAAO,EAAE,IAAI;EACb,SAAS,EAAE,IAAI;EACf,eAAe,EAAE,MAAM;;AAGzB,kBAAmB;EACjB,OAAO,EAAE,WAAW;EACpB,OAAO,EAAE,YAAY;EACrB,OAAO,EAAE,QAAQ;EACjB,OAAO,EAAE,WAAW;EACpB,OAAO,EAAE,IAAI;EACb,eAAe,EAAE,MAAM;EACvB,WAAW,EAAE,MAAM;EACnB,OAAO,EAAE,MAAM;EACf,KAAK,EAAE,IAAI;EACX,MAAM,EAAE,IAAI;EACZ,aAAa,EAAE,GAAG;EAClB,UAAU,EAAE,OAAO;EAEnB,SAAS,EAAE,IAAI;EACf,KAAK,EAAE,IAAI;EACX,WAAW,EAAE,GAAG;EAChB,cAAc,EAAE,SAAS;EACzB,cAAc,EAAE,GAAG;EAEnB,kBAAkB,EAAE,QAAQ;EAC5B,aAAa,EAAE,QAAQ;EACvB,eAAe,EAAE,QAAQ;EACzB,UAAU,EAAE,QAAQ;;AAGtB,wBAAyB;EACvB,UAAU,EAAE,OAAO;;AAGrB,mBAAmB;AAyCnB,OAAQ;EACN,UAAU,EAAE,IAAI;EAChB,UAAU,EAAE,OAAO;EACnB,KAAK,EAAE,KAAK;EAEZ,sBAAe;IACb,KAAK,EAAE,KAAK;;AAIhB,QAAS;EACP,qBAAqB,EAAE,IAAI;EAC3B,kBAAkB,EAAE,IAAI;EACxB,aAAa,EAAE,IAAI;;AAInB,iBAAS;EACP,OAAO,EAAE,IAAI;EACb,mBAAE;IAIA,cAAc,EAAE,IAAI;IACpB,KAAK,EAAE,OAAO;IAJd,2BAAU;MACR,cAAc,EAAE,IAAI;AAM1B,iBAAS;EACP,KAAK,EAAE,IAAI;EACX,OAAO,EAAE,IAAI;EACb,0BAAS;IACP,KAAK,EAAE,OAAO;IACd,WAAW,EAAE,IAAI;EAEnB,sBAAK;IACH,KAAK,EAAE,IAAI;IACX,OAAO,EAAE,GAAG;IACZ,6BAAS;MACP,WAAW,EAAE,IAAI;IAEnB,0BAAM;MACJ,gBAAgB,EAAE,OAAO;EAO7B,sBAAK;IACH,OAAO,EAAE,YAAY;IACrB,2BAAO;MACL,KAAK,EAAE,GAAG;IAEZ,+BAAW;MACT,KAAK,EAAE,KAAK;IAEd,mCAAe;MACb,KAAK,EAAE,KAAK;IAEd,6BAAS;MACP,KAAK,EAAE,KAAK;IAEd,mCAAe;MACb,KAAK,EAAE,KAAK",
+"mappings": "AACA,CAAE;EACA,MAAM,EAAE,GAAG;EACX,OAAO,EAAE,GAAG;EACZ,UAAU,EAAE,UAAU;;AAGxB,UAAW;EACT,MAAM,EAAE,GAAG;EACX,WAAW,EAAE,sDAAsD;EAEnE,cAAE;IACA,KAAK,EAAE,KAAK;IAEZ,0BAAQ;MACN,KAAK,EAAE,KAAK;EAKhB,4BAAS;IACP,KAAK,EAAE,KAAK;;AAIhB,QAAS;EACP,KAAK,EAAE,IAAI;EACX,MAAM,EAAE,MAAM;;AAGhB,iBAAkB;EAChB,KAAK,EAAE,IAAI;EACX,UAAU,EAAE,IAAI;EAChB,OAAO,EAAE,WAAW;EACpB,OAAO,EAAE,YAAY;EACrB,OAAO,EAAE,QAAQ;EACjB,OAAO,EAAE,WAAW;EACpB,OAAO,EAAE,IAAI;EACb,SAAS,EAAE,IAAI;EACf,eAAe,EAAE,MAAM;EACvB,WAAW,EAAE,MAAM;EACnB,OAAO,EAAE,IAAI;;AAGf,IAAK;EACH,KAAK,EAAE,MAAM;EACb,UAAU,EAAE,IAAI;EAChB,QAAQ,EAAE,MAAM;EAChB,OAAO,EAAE,WAAW;EACpB,OAAO,EAAE,YAAY;EACrB,OAAO,EAAE,QAAQ;EACjB,OAAO,EAAE,WAAW;EACpB,OAAO,EAAE,IAAI;EACb,SAAS,EAAE,IAAI;EACf,WAAW,EAAE,OAAO;EACpB,cAAc,EAAE,WAAW;;AAG7B,MAAO;EACL,KAAK,EAAE,GAAG;EAMV,SAAS,EAAE,IAAI;EAEf,WAAK;IACH,OAAO,EAAE,cAAc;EAGzB,cAAQ;IACN,KAAK,EAAE,IAAI;IACX,UAAU,EAAE,MAAM;EAGpB,SAAG;IACD,KAAK,EAAE,IAAI;IACX,SAAS,EAAE,IAAI;IACf,UAAU,EAAE,MAAM;EAGpB,SAAG;IACD,SAAS,EAAE,IAAI;;AAInB,aAAc;EACZ,OAAO,EAAE,aAAa;EACtB,UAAU,EAAE,IAAI;EAChB,SAAS,EAAE,IAAI;EAEf,eAAE;IACA,KAAK,EAAE,OAAO;IACd,cAAc,EAAE,IAAI;IACpB,eAAe,EAAE,IAAI;EAGvB,yBAAY;IACV,KAAK,EAAE,IAAI;IACX,SAAS,EAAE,GAAG;;AAKlB,IAAK;EACH,OAAO,EAAE,KAAK;EACd,MAAM,EAAE,IAAI;;AAGd,IAAK;EACH,OAAO,EAAE,KAAK;EACd,MAAM,EAAE,IAAI;;AAcd,mBAAmB;AAEnB,KAAM;EACJ,KAAK,EAAE,GAAG;EACV,iBAAiB,EAAE,SAAS;EAC5B,eAAe,EAAE,KAAK;EACtB,mBAAmB,EAAE,MAAM;EAC3B,QAAQ,EAAE,QAAQ;EAClB,OAAO,EAAE,CAAC;;AAaZ,OAAQ;EACN,aAAa,EAAE,IAAI;;AAGrB,cAAe;EACb,KAAK,EAAE,IAAI;EACX,QAAQ,EAAE,QAAQ;EAClB,MAAM,EAAE,iBAAiB;;AAG3B,SAAU;EACR,OAAO,EAAE,KAAK;EACd,KAAK,EAAE,IAAI;EACX,UAAU,EAAE,WAAW;EACvB,SAAS,EAAE,IAAI;EACf,KAAK,EAAE,OAAO;EACd,WAAW,EAAE,GAAG;EAChB,OAAO,EAAE,MAAM;;AAGjB,cAAe;EACb,MAAM,EAAE,IAAI;;AAGd,cAAc;AACd,4BAA6B;EAE3B,OAAO,EAAE,WAAW;EACpB,OAAO,EAAE,YAAY;EACrB,OAAO,EAAE,QAAQ;EACjB,OAAO,EAAE,WAAW;EACpB,OAAO,EAAE,IAAI;EACb,SAAS,EAAE,IAAI;EACf,eAAe,EAAE,MAAM;;AAGzB,kBAAmB;EACjB,OAAO,EAAE,WAAW;EACpB,OAAO,EAAE,YAAY;EACrB,OAAO,EAAE,QAAQ;EACjB,OAAO,EAAE,WAAW;EACpB,OAAO,EAAE,IAAI;EACb,eAAe,EAAE,MAAM;EACvB,WAAW,EAAE,MAAM;EACnB,OAAO,EAAE,MAAM;EAEf,MAAM,EAAE,IAAI;EACZ,aAAa,EAAE,GAAG;EAClB,UAAU,EAAE,OAAO;EAEnB,SAAS,EAAE,IAAI;EACf,KAAK,EAAE,IAAI;EACX,WAAW,EAAE,GAAG;EAChB,cAAc,EAAE,SAAS;EACzB,cAAc,EAAE,GAAG;EAEnB,kBAAkB,EAAE,QAAQ;EAC5B,aAAa,EAAE,QAAQ;EACvB,eAAe,EAAE,QAAQ;EACzB,UAAU,EAAE,QAAQ;;AAGtB,wBAAyB;EACvB,UAAU,EAAE,OAAO;;AAGrB,mBAAmB;AAyCnB,OAAQ;EACN,UAAU,EAAE,IAAI;EAChB,UAAU,EAAE,OAAO;EACnB,KAAK,EAAE,KAAK;EAEZ,sBAAe;IACb,KAAK,EAAE,KAAK;;AAIhB,QAAS;EACP,qBAAqB,EAAE,IAAI;EAC3B,kBAAkB,EAAE,IAAI;EACxB,aAAa,EAAE,IAAI;;AAInB,oCAAS;EACP,OAAO,EAAE,IAAI;EAEb,wCAAE;IAKA,cAAc,EAAE,IAAI;IACpB,KAAK,EAAE,OAAO;IALd,wDAAU;MACR,cAAc,EAAE,IAAI;AAQ1B,oCAAS;EACP,KAAK,EAAE,IAAI;EACX,OAAO,EAAE,IAAI;EAEb,sDAAS;IACP,KAAK,EAAE,OAAO;IACd,WAAW,EAAE,IAAI;EAGnB,8CAAK;IACH,KAAK,EAAE,IAAI;IACX,OAAO,EAAE,GAAG;IAEZ,4DAAS;MACP,WAAW,EAAE,IAAI;IAGnB,sDAAM;MACJ,gBAAgB,EAAE,OAAO;EAQ7B,8CAAK;IACH,OAAO,EAAE,YAAY;IAErB,wDAAO;MACL,KAAK,EAAE,GAAG;IAGZ,gEAAW;MACT,KAAK,EAAE,KAAK;IAGd,wEAAe;MACb,KAAK,EAAE,KAAK;IAGd,4DAAS;MACP,KAAK,EAAE,KAAK;IAGd,wEAAe;MACb,KAAK,EAAE,KAAK;;AAQlB,uDAA6B;EAC3B,YAAY,EAAE,IAAI;EAClB,OAAO,EAAE,IAAI;EACb,QAAQ,EAAE,QAAQ;EAClB,OAAO,EAAE,YAAY;EAErB,gEAAG;IACD,SAAS,EAAE,IAAI;IACf,aAAa,EAAE,GAAG;EAGpB,wIAAS;IACP,MAAM,EAAE,iBAAiB;IACzB,UAAU,EAAE,MAAM;IAClB,KAAK,EAAE,KAAK;IACZ,MAAM,EAAE,KAAK;AAKf,2BAAS;EACP,MAAM,EAAE,IAAI;EACZ,UAAU,EAAE,IAAI;EAEhB,qCAAU;IACR,UAAU,EAAE,MAAM;IAElB,MAAM,EAAE,IAAI;IACZ,OAAO,EAAE,IAAI;IACb,WAAW,EAAE,SAAS;IACtB,SAAS,EAAE,IAAI;IACf,MAAM,EAAE,cAAc;AAI1B,uBAAK;EACH,KAAK,EAAE,KAAK;EACZ,UAAU,EAAE,IAAI;EAChB,UAAU,EAAE,MAAM;AAGpB,uBAAK;EACH,eAAe,EAAE,MAAM;EACvB,WAAW,EAAE,MAAM;EACnB,OAAO,EAAE,MAAM;EACf,MAAM,EAAE,IAAI;EACZ,aAAa,EAAE,GAAG;EAClB,SAAS,EAAE,IAAI;EAEf,KAAK,EAAE,EAAE;EACT,WAAW,EAAE,GAAG;EAChB,cAAc,EAAE,SAAS;EACzB,cAAc,EAAE,GAAG;EACnB,kBAAkB,EAAE,QAAQ;EAC5B,aAAa,EAAE,QAAQ;EACvB,eAAe,EAAE,QAAQ;EACzB,UAAU,EAAE,QAAQ;EACpB,MAAM,EAAE,OAAO;AAGjB,8BAAY;EACV,UAAU,EAAE,OAAO;EACnB,KAAK,EAAE,IAAI",
 "sources": ["style.scss"],
 "names": [],
 "file": "style.css"
diff --git a/src/etools_datamart/apps/web/static/style.scss b/src/etools_datamart/apps/web/static/style.scss
index d17e4eee7..374b80f58 100644
--- a/src/etools_datamart/apps/web/static/style.scss
+++ b/src/etools_datamart/apps/web/static/style.scss
@@ -8,13 +8,16 @@
 body, html {
   height: 50%;
   font-family: "Lato", "Helvetica Neue", Helvetica, Arial, sans-serif;
+
   a {
     color: black;
+
     &:hover {
       color: black;
 
     }
   }
+
   span.str {
     color: black;
   }
@@ -61,9 +64,11 @@ body, html {
   //display: -ms-flexbox;
   //display: flex;
   flex-wrap: wrap;
+
   form {
     padding: 100px 0 0 65px;
   }
+
   .center {
     width: 100%;
     text-align: center;
@@ -74,6 +79,7 @@ body, html {
     font-size: 24pt;
     text-align: center;
   }
+
   h2 {
     font-size: 14pt;
   }
@@ -83,11 +89,13 @@ ul.index-menu {
   padding: 20px 0 0 65px;
   list-style: none;
   font-size: 18pt;
+
   a {
     color: #2090F8;
     text-transform: none;
     text-decoration: none;
   }
+
   li.menu-sep {
     width: 100%;
     font-size: 2px;
@@ -163,7 +171,7 @@ input.input100 {
 
 /*[ Button ]*/
 .container-login100-form-btn {
-  width: 100%;
+  //width: 100%;
   display: -webkit-box;
   display: -webkit-flex;
   display: -moz-box;
@@ -182,7 +190,7 @@ input.input100 {
   justify-content: center;
   align-items: center;
   padding: 0 20px;
-  width: 100%;
+  //width: 100%;
   height: 50px;
   border-radius: 3px;
   background: #2090F8;
@@ -260,33 +268,41 @@ input.input100 {
   border-radius: 20px;
 }
 
-.monitor {
+.monitor, .profile {
   .menubar {
     padding: 10px;
+
     a {
       &:visited {
         text-transform: none;
       }
+
       text-transform: none;
       color: #2090F8;
     }
   }
+
   #monitor {
     width: 100%;
     padding: 30px;
+
     .SUCCESS {
       color: #00b200;
       font-weight: bold;
     }
+
     .row {
       width: 100%;
       padding: 5px;
+
       &.header {
         font-weight: bold;
       }
+
       &.odd {
         background-color: #eeeeee;
       }
+
       &.even {
 
       }
@@ -294,21 +310,95 @@ input.input100 {
 
     .col {
       display: inline-block;
+
       &.task {
         width: 30%;
       }
+
       &.last_run {
         width: 200px;
       }
+
       &.last_changes {
         width: 200px;
       }
+
       &.status {
         width: 120px;
       }
+
       &.subscription {
         width: 180px;
       }
     }
   }
 }
+
+.profile {
+
+  #areas, #services, #password {
+    margin-right: 20px;
+    padding: 10px;
+    position: relative;
+    display: inline-block;
+
+    h1 {
+      font-size: 14pt;
+      margin-bottom: 5px;
+    }
+
+    ul, form {
+      border: 1px solid #cfcfcf;
+      overflow-y: scroll;
+      width: 200px;
+      height: 300px;
+    }
+  }
+
+  #password {
+    .message {
+      margin: 20px;
+      text-align: left;
+
+      .password {
+        text-align: center;
+
+        margin: 20px;
+        padding: 20px;
+        font-family: monospace;
+        font-size: 20px;
+        border: 1px solid grey;
+      }
+    }
+
+    form {
+      width: 400px;
+      overflow-y: auto;
+      text-align: center;
+    }
+
+    .btn {
+      justify-content: center;
+      align-items: center;
+      padding: 0 20px;
+      height: 40px;
+      border-radius: 3px;
+      font-size: 12px;
+      //background: #2090F8;
+      color: #0;
+      line-height: 1.2;
+      text-transform: uppercase;
+      letter-spacing: 1px;
+      -webkit-transition: all 0.4s;
+      -o-transition: all 0.4s;
+      -moz-transition: all 0.4s;
+      transition: all 0.4s;
+      cursor: pointer;
+    }
+
+    .btn-submit {
+      background: #2090F8;
+      color: #fff;
+    }
+  }
+}
diff --git a/src/etools_datamart/apps/web/templates/base.html b/src/etools_datamart/apps/web/templates/base.html
index f779ff3b1..ca76a7932 100644
--- a/src/etools_datamart/apps/web/templates/base.html
+++ b/src/etools_datamart/apps/web/templates/base.html
@@ -19,6 +19,7 @@
 </head>
 <body class="{{ page }}">
 
+{% block body %}
 {% block content %}
 
     <div class="limiter">
@@ -48,14 +49,17 @@
                     {% endblock right %}
 
                 </div>
-                <div class="left">
-                    <img src="{% static 'unicef_logo.png' %}">
-                </div>
+                {% block left %}
+                    <div class="left">
+                        <img src="{% static 'unicef_logo.png' %}">
+                    </div>
+                {% endblock left %}
             </div>
         </div>
     </div>
 
 
+{% endblock %}
 {% endblock %}
 
 {% block footer %}
diff --git a/src/etools_datamart/apps/web/templates/index.html b/src/etools_datamart/apps/web/templates/index.html
index 3ac0bbbfa..d0b24b353 100644
--- a/src/etools_datamart/apps/web/templates/index.html
+++ b/src/etools_datamart/apps/web/templates/index.html
@@ -12,6 +12,7 @@ <h1>eTools Datamart</h1>
             <li><a href="{% url "api:schema-redoc" %}">Documentation</a></li>
             <li><a href="{% url "api:schema-swagger-ui" %}">Swagger</a></li>
             <li><a href="{% url "monitor" %}">Monitor</a></li>
+            <li><a href="{% url "profile" %}">Settings</a></li>
             {% if request.user.is_staff %}
                 <li class="menu-sep h10">&nbsp;</li>
                 <li><a href="{% url "admin:index" %}">Admin</a></li>
diff --git a/src/etools_datamart/config/settings.py b/src/etools_datamart/config/settings.py
index 174b054d8..ddb5b9e38 100644
--- a/src/etools_datamart/config/settings.py
+++ b/src/etools_datamart/config/settings.py
@@ -58,7 +58,7 @@
                   EMAIL_HOST_USER=(str, ''),
                   EMAIL_HOST_PASSWORD=(str, ''),
                   EMAIL_PORT=(int, 587),
-
+                  USE_X_FORWARDED_HOST=(bool, False),
                   )
 
 DEBUG = env.bool('DEBUG')
@@ -277,6 +277,7 @@
     'etools_datamart.apps.etl.apps.Config',
     'etools_datamart.apps.tracking.apps.Config',
     'etools_datamart.apps.subscriptions',
+    'etools_datamart.apps.me',
     'etools_datamart.api',
 
     'admin_extra_urls',
@@ -359,9 +360,11 @@
 SECURE_HSTS_INCLUDE_SUBDOMAINS = True
 SECURE_HSTS_SECONDS = 1
 SECURE_SSL_REDIRECT = env.bool('SECURE_SSL_REDIRECT')
+SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
 SESSION_COOKIE_HTTPONLY = True
 SESSION_COOKIE_SECURE = env.bool('SESSION_COOKIE_SECURE')
 X_FRAME_OPTIONS = env('X_FRAME_OPTIONS')
+USE_X_FORWARDED_HOST = env('USE_X_FORWARDED_HOST')
 
 NOTIFICATION_SENDER = "etools_datamart@unicef.org"
 
diff --git a/src/etools_datamart/config/urls.py b/src/etools_datamart/config/urls.py
index 9cbc0cf6e..7dfa51ffe 100644
--- a/src/etools_datamart/config/urls.py
+++ b/src/etools_datamart/config/urls.py
@@ -7,6 +7,7 @@
 from etools_datamart.apps.multitenant.views import SelectSchema
 
 urlpatterns = [
+    path(r'me/', include('etools_datamart.apps.me.urls')),
     path(r's/', include('etools_datamart.apps.subscriptions.urls')),
     path(r'', include('etools_datamart.apps.web.urls')),
     path(r'', include('social_django.urls', namespace='social')),
diff --git a/src/unicef_rest_framework/renderers/xls.py b/src/unicef_rest_framework/renderers/xls.py
index adf9f680b..4e9587059 100644
--- a/src/unicef_rest_framework/renderers/xls.py
+++ b/src/unicef_rest_framework/renderers/xls.py
@@ -13,10 +13,10 @@ def render(self, data, accepted_media_type=None, renderer_context=None):
         if response.status_code != 200:
             return ''
         try:
-            if data and 'results' in data:
-                data = data['results']
-            if not data:
-                return ''
+            # if data and 'results' in data:
+            #     data = data['results']
+            # if not data:
+            #     return ''
             return super().render(data, accepted_media_type, renderer_context)
         except Exception as e:
             process_exception(e)
diff --git a/src/unicef_rest_framework/views_mixins.py b/src/unicef_rest_framework/views_mixins.py
index 47c4fc3de..07b0c2576 100644
--- a/src/unicef_rest_framework/views_mixins.py
+++ b/src/unicef_rest_framework/views_mixins.py
@@ -6,7 +6,7 @@
 
 IQY = """WEB
 1
-http://datamart.unicef.io/api/latest/hact/?format=iqy
+https://datamart.unicef.io/api/latest/hact/?format=iqy
 
 Selection=AllTables
 Formatting=html
diff --git a/src/unicef_security/admin.py b/src/unicef_security/admin.py
index b084cf456..7ca7606ba 100644
--- a/src/unicef_security/admin.py
+++ b/src/unicef_security/admin.py
@@ -1,12 +1,17 @@
 import logging
 
 from admin_extra_urls.extras import action, ExtraUrlMixin, link
+from adminfilters.filters import RelatedFieldComboFilter
 from django import forms
 from django.contrib import admin, messages
-from django.contrib.admin import ModelAdmin
+from django.contrib.admin import ModelAdmin, widgets
+from django.contrib.admin.helpers import AdminForm
 from django.contrib.auth.admin import UserAdmin
+from django.contrib.auth.models import Group
 from django.forms import Form
+from django.http import HttpResponseRedirect
 from django.template.response import TemplateResponse
+from django.urls import reverse
 from django.utils.translation import gettext_lazy as _
 from unicef_security.graph import default_group, Synchronizer, SyncResult
 from unicef_security.models import BusinessArea, Region, Role, User
@@ -15,6 +20,10 @@
 logger = logging.getLogger(__name__)
 
 
+def admin_reverse(model, page="changelist"):
+    return reverse(f"admin:{model._meta.app_label}_{model._meta.model_name}_{page}")
+
+
 @admin.register(Region)
 class RegionAdmin(ExtraUrlMixin, ModelAdmin):
     list_display = ['code', 'name']
@@ -142,15 +151,71 @@ def load(self, request):
                     result = synchronizer.fetch_users("startswith(mail,'%s')" % email,
                                                       callback=default_group)
                     total_results += result
-                self.message_user(request, f"{len(total_results.created)} users have been created,"
-                                           f"{len(total_results.updated)} updated."
-                                           f"{len(total_results.skipped)} invalid entries found.")
+                self.message_user(request,
+                                  f"{len(total_results.created)} users have been created,"
+                                  f"{len(total_results.updated)} updated."
+                                  f"{len(total_results.skipped)} invalid entries found.")
         else:
             form = LoadUsersForm()
         ctx['form'] = form
         return TemplateResponse(request, 'admin/load_users.html', ctx)
 
 
+class RoleForm(forms.Form):
+    # overwrite_existing = forms.BooleanField(help_text="Overwrite existing entries", required=False)
+    business_areas = forms.ModelMultipleChoiceField(queryset=BusinessArea.objects.all(),
+                                                    widget=widgets.FilteredSelectMultiple('Services', False)
+                                                    )
+    user = forms.ModelChoiceField(queryset=User.objects.all())
+    group = forms.ModelChoiceField(queryset=Group.objects.all())
+
+
 @admin.register(Role)
-class RoleAdmin(ModelAdmin):
-    list_display = ['user', 'group']
+class RoleAdmin(ExtraUrlMixin, ModelAdmin):
+    list_display = ['user', 'group', 'business_area']
+    search_fields = ('user',)
+    list_filter = ('group', ('business_area', RelatedFieldComboFilter))
+
+    def has_add_permission(self, request):
+        return False
+
+    @link()
+    def add_grants(self, request):
+        opts = self.model._meta
+        ctx = {
+            'opts': opts,
+            'add': False,
+            'has_view_permission': True,
+            'has_editable_inline_admin_formsets': True,
+            'app_label': opts.app_label,
+            'change': True,
+            'is_popup': False,
+            'save_as': False,
+            'media': self.media,
+            'has_delete_permission': False,
+            'has_add_permission': False,
+            'has_change_permission': True,
+        }
+        if request.method == 'POST':
+            form = RoleForm(request.POST)
+            if form.is_valid():
+                user = form.cleaned_data.pop('user')
+                business_areas = form.cleaned_data.pop('business_areas')
+                group = form.cleaned_data.pop('group')
+                # overwrite_existing = form.cleaned_data.pop('overwrite_existing')
+
+                for business_area in business_areas:
+                    Role.objects.update_or_create(user=user,
+                                                  business_area=business_area,
+                                                  group=group)
+                self.message_user(request, 'ACLs created')
+                return HttpResponseRedirect(admin_reverse(Role))
+        else:
+            form = RoleForm(initial={})
+        ctx['adminform'] = AdminForm(form,
+                                     [(None, {'fields': ['user',
+                                                         'group',
+                                                         'business_areas']})],
+                                     {})
+        ctx['media'] = self.media + form.media
+        return TemplateResponse(request, 'admin/unicef_security/add_grants.html', ctx)
diff --git a/src/unicef_security/graph.py b/src/unicef_security/graph.py
index 271706e63..929f9763c 100644
--- a/src/unicef_security/graph.py
+++ b/src/unicef_security/graph.py
@@ -16,6 +16,8 @@
 from social_django.models import UserSocialAuth
 from unicef_security.config import GRAPH_CLIENT_ID, GRAPH_CLIENT_SECRET
 
+from etools_datamart.libs.version import get_full_version
+
 from . import config
 
 AZURE_GRAPH_API_TOKEN_CACHE_KEY = 'azure_graph_api_token_cache_key'
@@ -191,10 +193,14 @@ def __init__(self, user_model=None, mapping=None, echo=None, id=None, secret=Non
         self._delta_link = ''
         self.echo = echo or (lambda l: True)
 
+    @property
+    def token_key(self):
+        return "%s:%s" % (AZURE_GRAPH_API_TOKEN_CACHE_KEY, get_full_version())
+
     def get_token(self):
         if not self.id and self.secret:
             raise ValueError("Configure AZURE_CLIENT_ID and/or AZURE_CLIENT_SECRET")
-        token = cache.get(AZURE_GRAPH_API_TOKEN_CACHE_KEY)
+        token = cache.get(self.token_key)
         if not token:
             post_dict = {'grant_type': 'client_credentials',
                          'client_id': self.id,
@@ -207,7 +213,7 @@ def get_token(self):
             jresponse = response.json()
             token = jresponse['access_token']
             # Cache token for 3600 seconds, which matches the default Azure token expiration
-            cache.set(AZURE_GRAPH_API_TOKEN_CACHE_KEY, token, 3600)
+            cache.set(self.token_key, token, 3600)
         return token
 
     @property
diff --git a/src/unicef_security/models.py b/src/unicef_security/models.py
index a2ece53b7..d9e6d10e0 100644
--- a/src/unicef_security/models.py
+++ b/src/unicef_security/models.py
@@ -1,3 +1,4 @@
+from adminactions.mass_update import mass_update
 from django.apps import apps as django_apps
 from django.conf import settings
 from django.contrib.auth.models import AbstractUser, Group
@@ -103,6 +104,8 @@ class Role(models.Model, TimeStampedModel):
     user = models.ForeignKey(settings.AUTH_USER_MODEL, on_delete=models.CASCADE)
     group = models.ForeignKey(Group, on_delete=models.CASCADE)
     business_area = models.ForeignKey(BusinessArea, on_delete=models.CASCADE)
+    actions = (mass_update,)
 
     class Meta:
         app_label = 'unicef_security'
+        unique_together = ('user', 'group', 'business_area')
diff --git a/src/unicef_security/templates/admin/unicef_security/add_grants.html b/src/unicef_security/templates/admin/unicef_security/add_grants.html
new file mode 100644
index 000000000..ec5527246
--- /dev/null
+++ b/src/unicef_security/templates/admin/unicef_security/add_grants.html
@@ -0,0 +1,28 @@
+{% extends "admin/change_form.html" %}{% load i18n admin_urls static admin_modify %}
+{% block breadcrumbs %}
+    <div class="breadcrumbs">
+        <a href="{% url 'admin:index' %}">{% trans 'Home' %}</a>
+        &rsaquo; <a href="{% url 'admin:app_list' app_label=opts.app_label %}">{{ opts.app_config.verbose_name }}</a>
+        &rsaquo; <a href="{% url opts|admin_urlname:'changelist' %}">{{ opts.verbose_name_plural|capfirst }}</a>
+        &rsaquo; Business Areas Grants
+    </div>
+{% endblock %}
+{% block object-tools %}{% endblock %}
+
+{#{% block content %}#}
+{#    <h1>Grant Access multiple services</h1>#}
+{#    <form method="post" id="load_users" novalidate>#}
+{#        {% csrf_token %}#}
+{#        <fieldset class="module aligned {{ fieldset.classes }}">#}
+{#        <div class="fieldBox">{{ form.services }}</div>#}
+{#        </fieldset>#}
+{#        <table>#}
+{#            {{ form }}#}
+{#        </table>#}
+{#        <div><input type="submit" value="Add multiple rules"></div>#}
+{#    </form>#}
+{#{% endblock content %}#}
+
+{% block submit_buttons_bottom %}
+    <input type="submit" value="Add multiple rules">
+{% endblock %}
diff --git a/tests/tracking/test_tracking_log.py b/tests/tracking/test_tracking_log.py
index d51d85e83..1a6512210 100644
--- a/tests/tracking/test_tracking_log.py
+++ b/tests/tracking/test_tracking_log.py
@@ -65,30 +65,30 @@ def test_threaedlog(enable_threadstats, django_app, admin_user):
     assert res.status_code == 200
 
 
-@pytest.mark.parametrize("code", [200, 500])
-@pytest.mark.parametrize("stats", [True, False])
-@pytest.mark.parametrize("user_type", [AnonymousUser, UserFactory, AdminFactory])
-@pytest.mark.parametrize("middleware", [StatsMiddleware, ThreadedStatsMiddleware])
-@pytest.mark.django_db(transaction=True)
-def test_threaedlog2(rf, settings, user_type, middleware, stats, code):
-    user = user_type()
-    settings.ENABLE_LIVE_STATS = stats
-
-    view = InterventionViewSet.as_view({'get': 'list'})
-    service = InterventionViewSet.get_service()
-    url = service.endpoint
-
-    m = middleware(lambda r: Mock(status_code=code, content='abc',
-                                  accepted_media_type='text/plain'))
-    request = rf.get(url)
-    request.user = user
-    request.api_info = {'view': view,
-                        'service': service}
-    m(request)
-    m(request)  # two times to trigger ENABLE_LIVE_STATS
-    sleep(1)
-    log = APIRequestLog.objects.filter(path=url).first()
-    if code == 200:
-        assert log
-    else:
-        assert not log
+# @pytest.mark.parametrize("code", [200, 500])
+# @pytest.mark.parametrize("stats", [True, False])
+# @pytest.mark.parametrize("user_type", [AnonymousUser, UserFactory, AdminFactory])
+# @pytest.mark.parametrize("middleware", [StatsMiddleware, ThreadedStatsMiddleware])
+# @pytest.mark.django_db(transaction=True)
+# def test_threaedlog2(rf, settings, user_type, middleware, stats, code):
+#     user = user_type()
+#     settings.ENABLE_LIVE_STATS = stats
+#
+#     view = InterventionViewSet.as_view({'get': 'list'})
+#     service = InterventionViewSet.get_service()
+#     url = service.endpoint
+#
+#     m = middleware(lambda r: Mock(status_code=code, content='abc',
+#                                   accepted_media_type='text/plain'))
+#     request = rf.get(url)
+#     request.user = user
+#     request.api_info = {'view': view,
+#                         'service': service}
+#     m(request)
+#     m(request)  # two times to trigger ENABLE_LIVE_STATS
+#     sleep(1)
+#     log = APIRequestLog.objects.filter(path=url).first()
+#     if code == 200:
+#         assert log
+#     else:
+#         assert not log

From 22bf0269fe828b00b91bc25e837c0863021605c6 Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Tue, 18 Dec 2018 07:33:41 +0100
Subject: [PATCH 60/86] new handling of Schema permissions

---
 docker/.bumpversion.cfg                       |   2 +-
 docker/Makefile                               |   2 +-
 src/etools_datamart/__init__.py               |   2 +-
 .../api/endpoints/datamart/user.py            |   3 -
 .../api/endpoints/unicef/__init__.py          |   2 -
 .../api/endpoints/unicef/serializers.py       |   6 -
 src/etools_datamart/api/filtering.py          |   2 +-
 src/etools_datamart/api/urls.py               |   3 -
 .../apps/data/migrations/0001_initial.py      |   2 +-
 .../apps/etl/migrations/0001_initial.py       |   2 +-
 src/etools_datamart/apps/etools/utils.py      |  88 ++++++++-------
 .../init/management/commands/init-setup.py    |  24 +++-
 .../apps/me/templates/me/profile.html         |  67 +++++++-----
 src/etools_datamart/apps/me/views.py          |  36 +++++-
 .../multitenant/postgresql/public.sqldump     | Bin 4047583 -> 4048049 bytes
 .../apps/multitenant/postgresql/tenant.sql    |   2 +-
 src/etools_datamart/apps/security/admin.py    |   8 ++
 src/etools_datamart/apps/security/models.py   |  15 +++
 src/etools_datamart/apps/security/utils.py    |  52 +++++++++
 .../subscriptions/migrations/0001_initial.py  |   2 +-
 .../migrations/0002_auto_20181212_2259.py     |  27 -----
 .../apps/tracking/migrations/0001_initial.py  |   2 +-
 .../migrations/0002_auto_20181212_2259.py     |  51 ---------
 src/etools_datamart/apps/web/static/style.css |   4 +-
 .../apps/web/static/style.scss                |   4 +-
 .../apps/web/templates/admin/index_new.html   |   2 +
 src/etools_datamart/config/admin.py           |  12 +-
 src/etools_datamart/config/settings.py        |  11 +-
 src/etools_datamart/libs/cache.py             |   7 ++
 .../migrations/0001_initial.py                |   3 +-
 ...212_2259.py => 0002_auto_20181217_2103.py} |   6 +-
 src/unicef_rest_framework/pagination.py       |  38 +++++++
 src/unicef_rest_framework/renderers/api.py    |  32 ++++++
 .../rest_framework/filters/paging.html        |   5 +
 src/unicef_rest_framework/test_utils.py       |  25 +++--
 src/unicef_rest_framework/views.py            |   3 +
 src/unicef_security/admin.py                  | 103 +++++++++---------
 .../migrations/0001_initial.py                |  13 +--
 src/unicef_security/models.py                 |  48 ++------
 tests/_test_lib/test_utilities/factories.py   |  16 +--
 tests/api/test_api_cache.py                   |   3 +-
 tests/api/test_datamart_security.py           |   2 -
 tests/api/test_etools_security.py             |   2 -
 tests/api/test_system_filters.py              |   3 +-
 tests/tracking/test_tracking_log.py           |  21 ++--
 45 files changed, 435 insertions(+), 328 deletions(-)
 create mode 100644 src/etools_datamart/apps/security/admin.py
 create mode 100644 src/etools_datamart/apps/security/models.py
 create mode 100644 src/etools_datamart/apps/security/utils.py
 delete mode 100644 src/etools_datamart/apps/subscriptions/migrations/0002_auto_20181212_2259.py
 delete mode 100644 src/etools_datamart/apps/tracking/migrations/0002_auto_20181212_2259.py
 create mode 100644 src/etools_datamart/libs/cache.py
 rename src/unicef_rest_framework/migrations/{0002_auto_20181212_2259.py => 0002_auto_20181217_2103.py} (98%)
 create mode 100644 src/unicef_rest_framework/templates/rest_framework/filters/paging.html

diff --git a/docker/.bumpversion.cfg b/docker/.bumpversion.cfg
index 95d5b3b88..8058f66d3 100644
--- a/docker/.bumpversion.cfg
+++ b/docker/.bumpversion.cfg
@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 1.8a12
+current_version = 1.8a14
 commit = False
 tag = False
 allow_dirty = True
diff --git a/docker/Makefile b/docker/Makefile
index c6e4886b6..b847c08a3 100644
--- a/docker/Makefile
+++ b/docker/Makefile
@@ -4,7 +4,7 @@ DATABASE_URL_ETOOLS?=
 DEVELOP?=0
 DOCKER_PASS?=
 DOCKER_USER?=
-TARGET?=1.8a12
+TARGET?=1.8a14
 # below vars are used internally
 BUILD_OPTIONS?=--squash
 CMD?=datamart
diff --git a/src/etools_datamart/__init__.py b/src/etools_datamart/__init__.py
index 5dfc00dd6..33b796525 100644
--- a/src/etools_datamart/__init__.py
+++ b/src/etools_datamart/__init__.py
@@ -1,3 +1,3 @@
 NAME = 'etools-datamart'
-VERSION = __version__ = '1.8a12'
+VERSION = __version__ = '1.8a14'
 __author__ = ''
diff --git a/src/etools_datamart/api/endpoints/datamart/user.py b/src/etools_datamart/api/endpoints/datamart/user.py
index cf225dac0..d7ac0d4f1 100644
--- a/src/etools_datamart/api/endpoints/datamart/user.py
+++ b/src/etools_datamart/api/endpoints/datamart/user.py
@@ -13,6 +13,3 @@ class UserStatsViewSet(common.DataMartViewSet):
     queryset = models.UserStats.objects.all()
     filter_fields = ('last_modify_date', )
     serializers_fieldsets = {"std": None}
-
-    def get_filter_backends(self, removes=None):
-        return super().get_filter_backends(removes)
diff --git a/src/etools_datamart/api/endpoints/unicef/__init__.py b/src/etools_datamart/api/endpoints/unicef/__init__.py
index 1976cdd76..e69de29bb 100644
--- a/src/etools_datamart/api/endpoints/unicef/__init__.py
+++ b/src/etools_datamart/api/endpoints/unicef/__init__.py
@@ -1,2 +0,0 @@
-from .region import RegionViewSet  # noqa
-from .business_area import BusinessAreaViewSet  # noqa
diff --git a/src/etools_datamart/api/endpoints/unicef/serializers.py b/src/etools_datamart/api/endpoints/unicef/serializers.py
index b2891bb67..7e66c0f15 100644
--- a/src/etools_datamart/api/endpoints/unicef/serializers.py
+++ b/src/etools_datamart/api/endpoints/unicef/serializers.py
@@ -3,12 +3,6 @@
 from unicef_security import models
 
 
-class BusinessAreaSerializer(serializers.ModelSerializer):
-    class Meta:
-        model = models.BusinessArea
-        exclude = ('country',)
-
-
 class RegionSerializer(serializers.ModelSerializer):
     class Meta:
         model = models.Region
diff --git a/src/etools_datamart/api/filtering.py b/src/etools_datamart/api/filtering.py
index 3ceebad2d..64c605929 100644
--- a/src/etools_datamart/api/filtering.py
+++ b/src/etools_datamart/api/filtering.py
@@ -7,8 +7,8 @@
 from unicef_rest_framework.filtering import CoreAPIQueryStringFilterBackend
 
 from etools_datamart.apps.etools.models import UsersCountry
-from etools_datamart.apps.etools.utils import conn, get_allowed_schemas
 from etools_datamart.apps.multitenant.exceptions import InvalidSchema, NotAuthorizedSchema
+from etools_datamart.apps.security.utils import conn, get_allowed_schemas
 
 # from unicef_rest_framework.state import state
 cache = caches['api']
diff --git a/src/etools_datamart/api/urls.py b/src/etools_datamart/api/urls.py
index 8b20694a8..c72b02955 100644
--- a/src/etools_datamart/api/urls.py
+++ b/src/etools_datamart/api/urls.py
@@ -32,9 +32,6 @@ class ReadOnlyRouter(APIReadOnlyRouter):
 router.register(r'datamart/user-stats', endpoints.UserStatsViewSet)
 router.register(r'datamart/hact', endpoints.HACTViewSet)
 
-router.register(r'unicef/business-areas', endpoints.BusinessAreaViewSet)
-router.register(r'unicef/regions', endpoints.RegionViewSet)
-
 router.register(r'system/monitor', endpoints.MonitorViewSet)
 
 # urlpatterns = router.urls
diff --git a/src/etools_datamart/apps/data/migrations/0001_initial.py b/src/etools_datamart/apps/data/migrations/0001_initial.py
index 998f9b4ac..dce761210 100644
--- a/src/etools_datamart/apps/data/migrations/0001_initial.py
+++ b/src/etools_datamart/apps/data/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-12 22:59
+# Generated by Django 2.1.4 on 2018-12-17 21:03
 
 import django.contrib.postgres.fields.jsonb
 import month_field.models
diff --git a/src/etools_datamart/apps/etl/migrations/0001_initial.py b/src/etools_datamart/apps/etl/migrations/0001_initial.py
index b12f49953..b23182359 100644
--- a/src/etools_datamart/apps/etl/migrations/0001_initial.py
+++ b/src/etools_datamart/apps/etl/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-12 22:59
+# Generated by Django 2.1.4 on 2018-12-17 21:03
 
 import django.contrib.postgres.fields.jsonb
 import django.db.models.deletion
diff --git a/src/etools_datamart/apps/etools/utils.py b/src/etools_datamart/apps/etools/utils.py
index 044ee0071..0c27d8140 100644
--- a/src/etools_datamart/apps/etools/utils.py
+++ b/src/etools_datamart/apps/etools/utils.py
@@ -1,39 +1,49 @@
-from functools import lru_cache
-
-from django.db import connections
-from unicef_rest_framework.models import Service
-from unicef_security.models import Role
-
-from etools_datamart.apps.etools.models import UsersUserprofile
-
-conn = connections['etools']
-
-
-@lru_cache()
-def get_allowed_schemas(user):
-    # returns all allowed schemas
-    if user.is_superuser:
-        return conn.all_schemas
-    with conn.noschema():
-        aa = list(Role.objects.filter(user=user).values_list('business_area__name', flat=True))
-        etools_user = UsersUserprofile.objects.filter(user__email=user.email).first()
-        if etools_user:
-            aa.extend(set(etools_user.countries_available.values_list('schema_name', flat=True)))
-
-    return set(sorted(filter(None, aa)))
-    # return set(map(lambda s: s.lower(), aa))
-
-
-def get_allowed_services(user):
-    if user.is_superuser:
-        return Service.objects.all()
-    return Service.objects.filter(groupaccesscontrol__group__user=user)
-
-# def schema_is_valid(*schema):
-#     return schema in conn.all_schemas
-
-
-# def validate_schemas(*schemas):
-#     invalid = set(schemas) - conn.all_schemas
-#     if invalid:
-#         raise InvalidSchema(",".join(invalid))
+from etools_datamart.apps.security.utils import get_allowed_schemas, get_allowed_services  # noqa
+
+# from constance import config
+# from django.db import connections
+# from unicef_rest_framework.models import Service
+# from unicef_security.models import Role
+#
+# from etools_datamart.apps.etools.models import UsersUserprofile
+#
+# conn = connections['etools']
+#
+#
+# def get_allowed_schemas(user):
+#     if config.DISABLE_SCHEMA_RESTRICTIONS:
+#         return sorted(conn.all_schemas)
+#
+#     if not user.is_authenticated:
+#         return []
+#     # returns all allowed schemas
+#     if user.is_superuser:
+#         return conn.all_schemas
+#     with conn.noschema():
+#         aa = []
+#         # aa = list(Role.objects.filter(user=user).values_list('business_area__name', flat=True))
+#         etools_user = UsersUserprofile.objects.filter(user__email=user.email).first()
+#         if etools_user:
+#             aa.extend(set(etools_user.countries_available.values_list('schema_name', flat=True)))
+#         else:
+#             return conn.all_schemas
+#
+#     return set(sorted(filter(None, aa)))
+#     # return set(map(lambda s: s.lower(), aa))
+#
+#
+# def get_allowed_services(user):
+#     if not user.is_authenticated:
+#         return []
+#     if user.is_superuser or config.DISABLE_SERVICE_RESTRICTIONS:
+#         return Service.objects.all()
+#     return Service.objects.filter(groupaccesscontrol__group__user=user)
+#
+# # def schema_is_valid(*schema):
+# #     return schema in conn.all_schemas
+#
+#
+# # def validate_schemas(*schemas):
+# #     invalid = set(schemas) - conn.all_schemas
+# #     if invalid:
+# #         raise InvalidSchema(",".join(invalid))
diff --git a/src/etools_datamart/apps/init/management/commands/init-setup.py b/src/etools_datamart/apps/init/management/commands/init-setup.py
index 1968cc2ee..91685ba45 100644
--- a/src/etools_datamart/apps/init/management/commands/init-setup.py
+++ b/src/etools_datamart/apps/init/management/commands/init-setup.py
@@ -3,12 +3,14 @@
 import warnings
 from urllib.parse import urlparse
 
+from constance import config
 from django.conf import settings
 from django.contrib.auth import get_user_model
 from django.contrib.auth.hashers import make_password
 from django.contrib.auth.models import Group
 from django.core.management import call_command
 from django.core.management.base import BaseCommand
+from django.db import connections
 from django.utils.module_loading import import_string
 from django_celery_beat.models import CrontabSchedule, IntervalSchedule, PeriodicTask
 from humanize import naturaldelta
@@ -18,6 +20,7 @@
 from unicef_rest_framework.models.acl import GroupAccessControl
 
 from etools_datamart.apps.etl.models import EtlTask
+from etools_datamart.apps.security.models import SchemaAccessControl
 from etools_datamart.celery import app
 
 MAIL = r"""Dear {{user.label}},
@@ -111,6 +114,7 @@ def handle(self, *args, **options):
         # interactive = options['interactive']
 
         if migrate or _all:
+            self.stdout.write(f"Run migrations")
             call_command('migrate', verbosity=verbosity - 1)
 
         ModelUser = get_user_model()
@@ -125,18 +129,27 @@ def handle(self, *args, **options):
                                                                     defaults={"is_superuser": True,
                                                                               "is_staff": True,
                                                                               "password": make_password(pwd)})
+
+        if created:  # pragma: no cover
+            self.stdout.write(f"Created superuser `{admin}` with password `{pwd}`")
+        else:  # pragma: no cover
+            self.stdout.write(f"Superuser `{admin}` already exists`.")
+
+        self.stdout.write(f"Create anonymous")
         anonymous, created = ModelUser.objects.get_or_create(username='anonymous',
                                                              defaults={"is_superuser": False,
                                                                        "is_staff": False,
                                                                        "password": make_password(uuid.uuid4())})
-
+        self.stdout.write(f"Create group `Guest`")
         Group.objects.get_or_create(name='Guests')
+
+        self.stdout.write(f"Create group `Endpoints all access`")
         all_access, __ = Group.objects.get_or_create(name='Endpoints all access')
 
-        if created:  # pragma: no cover
-            self.stdout.write(f"Created superuser `{admin}` with password `{pwd}`")
-        else:  # pragma: no cover
-            self.stdout.write(f"Superuser `{admin}` already exists`.")
+        conn = connections['etools']
+        self.stdout.write(f"Grants all schemas to group `Endpoints all access`")
+        SchemaAccessControl.objects.get_or_create(group=all_access,
+                                                  schemas=list(conn.all_schemas))
 
         from unicef_rest_framework.models import Service
         created, deleted, total = Service.objects.load_services()
@@ -216,6 +229,7 @@ def handle(self, *args, **options):
                                             defaults=dict(subject='Dataset changed',
                                                           content=MAIL,
                                                           html_content=MAIL_HTML))
+        config.CACHE_VERSION = config.CACHE_VERSION + 1
 
         if options['refresh']:
             self.stdout.write("Refreshing datamart...")
diff --git a/src/etools_datamart/apps/me/templates/me/profile.html b/src/etools_datamart/apps/me/templates/me/profile.html
index 658567d02..14c01c346 100644
--- a/src/etools_datamart/apps/me/templates/me/profile.html
+++ b/src/etools_datamart/apps/me/templates/me/profile.html
@@ -2,7 +2,9 @@
 
 {% block title %}Profile{% endblock %}
 {% block content %}
-    <div style="padding: 30px">
+    <div style="padding-left: 30px">
+        <div>{{ user.display_name }} - {{ user.email }}</div>
+        <div>Groups: &nbsp;{% for g in user.groups.all %}{{ g.name }}{% endfor %}</div>
         <div id="areas">
             <h1>Areas</h1>
             <ul>
@@ -21,39 +23,50 @@ <h1>Services</h1>
             </ul>
         </div>
         <div id="password">
-            <form method="post">
-                {% csrf_token %}
-                <div class="message">
-                    {% if password %}
-                        A new password has been generated, save it in a safe place.
-                        Datamart cannot shows it in the future. If lost you must
-                        generate a new one
-                        <input type="text" class="password" name="password"
-                               readonly="readonly" value="{{ password }}">
-                    {% else %}
-                        {% if user.has_usable_password %}
-                            You have enabled extended Excel integration , Datamart cannot
-                            show you the password but can generate a new one.
+            <h1>Excel integration</h1>
+            {% if user.azure_id %}
+                <form method="post">
+                    {% csrf_token %}
+                    <div class="message">
+                        {% if password %}
+                            A new password has been generated, save it in a safe place.
+                            <h4>Note: Datamart cannot shows it in the future.</h4>
+                            <div>If lost you must generate a new one</div>
                             <input type="text" class="password" name="password"
-                               readonly="readonly" value="**********">
+                                   readonly="readonly" value="{{ password }}">
                         {% else %}
-                            Extended Excel integration is disabled.
-                            To enable it you must generate a valid password.
+                            {% if user.has_usable_password %}
+                                You have enabled extended Excel integration. Datamart cannot
+                                show you the password but can generate a new one.
+                                <input type="text" class="password" name="password"
+                                       readonly="readonly" value="**********">
+                            {% else %}
+                                Extended Excel integration is disabled.
+                                To enable it you must generate a valid password.
+                            {% endif %}
                         {% endif %}
-                    {% endif %}
-                </div>
+                    </div>
 
-                {% if password %}
-                    <input class="btn btn-submit" type="submit" value="ReGenerate">
-                    <input class="btn" id="copyToClipboard" type="button" value="Copy">
-                {% else %}
-                    {% if user.has_usable_password %}
+                    {% if password %}
                         <input class="btn btn-submit" type="submit" value="ReGenerate">
+                        <input class="btn" id="copyToClipboard" type="button" value="Copy">
                     {% else %}
-                        <input class="btn" type="submit" value="Generate">
+                        {% if user.has_usable_password %}
+                            <input class="btn btn-submit" type="submit" value="ReGenerate">
+                        {% else %}
+                            <input class="btn" type="submit" value="Generate">
+                        {% endif %}
                     {% endif %}
-                {% endif %}
-            </form>
+                </form>
+            {% else %}
+                <form>
+                    <div class="message">
+                        This account cannot enable Excel integration.
+                        If you are logged in using corporate single sign-on (Azure/Active directory credentials)
+                        contact Datamart administrators to enable it.
+                    </div>
+                </form>
+            {% endif %}
         </div>
     </div>
     <script>
diff --git a/src/etools_datamart/apps/me/views.py b/src/etools_datamart/apps/me/views.py
index 7b13e312a..a21b12c2d 100644
--- a/src/etools_datamart/apps/me/views.py
+++ b/src/etools_datamart/apps/me/views.py
@@ -1,9 +1,14 @@
 import random
 import string
 
+from django.contrib.auth import login, BACKEND_SESSION_KEY
 from django.contrib.auth.decorators import login_required
+from django.contrib.auth.hashers import make_password
+from django.http import HttpResponseRedirect
 from django.template.response import TemplateResponse
+from django.utils.decorators import method_decorator
 from django.views.generic.edit import FormView
+from unicef_security.models import User
 
 from etools_datamart.apps.etools.utils import get_allowed_schemas, get_allowed_services
 from etools_datamart.apps.me.forms import ProfileForm
@@ -19,6 +24,10 @@ class ProfileView(FormView):
     form_class = ProfileForm
     template_name = 'me/profile.html'
 
+    @method_decorator(login_required)
+    def dispatch(self, request, *args, **kwargs):
+        return super().dispatch(request, *args, **kwargs)
+
     def generate(self, length=20):
         pwd = ""
         count = 0
@@ -34,8 +43,14 @@ def generate(self, length=20):
                 return pwd
 
     def get_context_data(self, **kwargs):
+        if 'password' in self.request.session:
+            password = self.request.session['password']
+            del self.request.session['password']
+        else:
+            password = None
         kwargs.update({'page': 'profile',
-                       'business_areas': get_allowed_schemas(self.request.user),
+                       'password': password,
+                       'business_areas': sorted(get_allowed_schemas(self.request.user)),
                        'services': get_allowed_services(self.request.user),
                        'user': self.request.user
                        })
@@ -45,8 +60,21 @@ def get_initial(self):
         return {
         }
 
+    def get_success_url(self):
+        return self.request.path
+
     def form_valid(self, form):
-        pwd = self.generate()
-        ctx = self.get_context_data(form=form,
-                                    password=pwd)
+        ctx = self.get_context_data(form=form)
+        if self.request.user.is_authenticated:
+            pwd = self.generate()
+            # self.request.session['password'] = pwd
+            # User.objects.filter(id=self.request.user.pk).update(
+            #     password=make_password(pwd)
+            # )
+            self.request.user.set_password(pwd)
+            self.request.user.save()
+            ctx['password'] = pwd
+            login(self.request, self.request.user, self.request.session[BACKEND_SESSION_KEY])
+        # return HttpResponseRedirect(self.get_success_url())
+        #
         return self.render_to_response(ctx)
diff --git a/src/etools_datamart/apps/multitenant/postgresql/public.sqldump b/src/etools_datamart/apps/multitenant/postgresql/public.sqldump
index 61254f3855112e0fd46e1c483cf9490d4bea8d9b..fd3397f1c0cb2efd94cf46b4e50399a928010353 100644
GIT binary patch
delta 17740
zcmZ8o2Y6M*^1r+1qyuT>rYAQf1PCO#<=jRMy_3*Hnt)0bAv6^g2+xWLM9-5^I(DUd
zghf%xQ=SS+QBag_7pd~B58?mYJvYGn^L>YJ@67CMo1LBc?dIeozq3vAerE+$T|4!z
zV)Y$*EMv@pe@XJc=JG%FGv%p*vUpFK$5Eq!^iOkFW!k1mo0z$s$IsD0@puDXM-&QP
zuP5kpM58o%`sB$Ir#WI#?9_fh`ws2<cXn|6aNL8hW53Sr2XuDTF<iE=Yf$$A-CP4Y
z_pa(Cxouq2N8epNan$tDZdd0%9V<I^@6#2;CIbg_2{m!`>NuifWv^cCJ1NN~qbH3R
z*uQMX^f3|EfWcK#!_D+o@eZf#O~1;j|KGCt7!R8LqMdVY>UpY^jr81Ag-V_K4d~vv
zzdeX<V7BiypmV?fugTTF^8nYh(W9o`F>XZlsOjTe11eojie^k3J+(;-SCi@)w@(~@
zhb&E>Ts?W><gqiGpjYyrns#Qk)(Ys<qk5EXctSoiiLW>Bh<BQY_?GBE*z0yQB#)n`
zTd!#2nGS-F%Kf~+{4zDg>Kc{6%uV&3<o0tHO~_%{W`pmt%y*+-kv08}Ok#KP9P81T
zCz&LK94<v5cYw!Qt>c<7(@1t&GvgDaVxQZ3JRwSzeAZL-T+BS%&}n{9|AgfE>F;c4
z+TEau5(rrr6FV_e%XXS0P2KF1d=)~5+p0=YeKdR~OUp4^$E8?5r!r=i<T}lY-*nm$
z;^}5?+NV<3Z(UAX!%^~kXnihsT3a*Hq;9`q9nADHbC=7xxGmSs-0ZWG8Zg^I2?lNY
zbAC1ND~7_{qmmJ_^7H!0iUE%`CBKT950yBrFI){2$!Gmk&{d8-5OAcL?HW6+UWMl*
zC+M@<G;YPreq~N`RezmYx8~XAy5g@S%WutZvYW*P!Xb~c9Wx&qCpT-z%zYj;4s&_Q
zPtY0iIa0{;5KpsKH=iLJ357A^l3>m*i?za~nau1PaFQ#F>E^_;U!Xhep-K5X+nQBg
zPgV#UjvT7a=NV?DH^y4;#+)B&>7=YSSl?#V*`~|;o|FnWlFR~ss&&Pi&-I|&?X&Xz
zn4wE;<qYMR3yx)*RoPkQ#?CQjwLi(+A9y?(QhrAxvu|goS=}<x%paa)Jstd<f$s4*
znnmbNbAI<!Yh4(2(6Y1BI@7XP3HTg^N?=8sBy-lNB&%2JfT9N+C6aEfXwx6d)5B@S
zv}>jqAxAzKjjUTM=4j}j*KbyKZeea5mttjhDq!Z$N~cxTIhRRR(3;X^pe*^^=9DfO
zRI!fLw=Q&@s7O9*MEBd7`9yy#U=Nof`5~2RHR#n#4&3lqxAlQQ_d!nciykRvgI+1-
zUzJxdD8q;4?c2|3rSuKUdPcyi?1$xz877zaPbm>{B%31#H8kIEkYrx#nol)LdAxOY
zK#>&p8|H0;@|1N|eVQ#NQnAhITfQ{gjC7hK23?j?0qd4q`$_qL*IGN+P$fUDuHYHg
zl_3f2={ucf?y%EnED&^L(4tjX==|Xam=<&g&Auax%_qC3SS2G;nYn+w)9ODmRw@X3
ztr4TD<TM8T4wpG<R1RI-%wpuqn0?~1&FVW{=Be)e&5JuTRr$h*p!w4s>E^GKotE>?
z1XVHUNHc54WmxS-_muM=GOUH;+B0+6G^hF9_-jxd3OJln!hEJnviU&<`X*SKS#j4%
z$qU1Z-CJ3j)pFt-j=qMe{5dVtIy?#1_|(jZ`6gEX0@-j7&gkGWE#1nS(i-FPxXq2z
z8d-Cu<}&k*S;`IR=9X!H#DU{=<if+5?eEF84o&|aL-n}**7kemqsJb1$dPOAyeE@Z
zZeual<og;i^NxQ=R}y8eo%uHeJZ|iyom=2>_TIl(*7f)(>3J=U4!o?zo43u1ww`#f
zDKket>a;$bB`3k-@jD7t4YOiSymf8%uaXGoS#pEun%j|?-#-b5_YY~e9<LX>&%K@J
zTOT~sP7$OINiZ)w8e<+wO{JC1SoRAeA7SR<S|=SS!9Fgddem+^Pf{YwA3Z1a1Tnj#
z%uMUG$ErDg`+V@Tt2bzcR);6rO1-{-qlqLGQPq1a+S)ijz|0<|)4KAcG;)tGWVsgJ
zDg_OXqX?R^%#lykH_v6JT3Z)kW*d^z`nfh;io&tF7Us~-T~O2XX-wPcWln3P$yH@P
zhEp&>&$k}?r%w?=jzUE+-HT)B+<az_#~k@cJ=3-LKjvL4?J-$plqBW-ZdmQ5ty;D<
z;@MXeA>e2v35_k!l1_>cb~KZOVl!`f3|;BRQp|PXY^8A3a_qFFF;vx`^*1}U%)FUs
zKKo?A{AgK*`O))E>-S~FawPE91uJ?mv+K)Fv(bto<?eQ_{77<q)`C@W(z*h)VK3}*
z{pxIHwpe2yA)EKIM05S>So5#vKb68E>%a>ksW9lV>b-<5|L{h+<#lt^%fCvh&l>W|
zdN>bHFl@G8lTOF(L8srY2aoysG4q)>oo0tMC%_GPtfI96>>f`jWZkx*n3*4KbDB#w
zehX6$yX|9OwdJ&yZ`vpu3;V3T77oCBci9KvhBvQDs^8kQxerXh>-IP@%~RWQtb(nB
z(74wfGEZzPHov^R)ZG8}U*_w(oz}^1ICX<wkJ~!`PDn!?PZ0b6;yXEuN3mF|YA2ks
zzSn6j*d@)|>j^v3&0V{*tgZigMOK54-Lbn!p0IShBaZ#HyYtNLR(~4biDlx)M04gR
zPHX4xC|Ot8XWtJqt#AK5R@U|TtjZ6iy?J4nMP}a*U1t6sW$)(JMeu%K)T0AS^kfjf
zGY5X=w6gX}+w=NDX61)DW}~N#I*|l(*~iDtyd(A;4EQkJeEpLjpw@6ZlBwV<Z)mOA
zHwAO*HDKYN`k6WGnA5!Lv&#^Htz}A)9INI~Z#hG7t_MHw&CHdjoR)D!O%0Crj$ca8
z;SJyzIEHw_pJEL?ig@DPZ>2FrnfD(15xU@Qopkjg&$MPA|56SM!Dy}`nEOw~TC-2$
z3|jGHBbw8mJI#+~`pw$kVyW^tJYcia3#GW<(a@axO}cgHw3^#s$eQy_TV{?vXL~dn
z*#W1lJdYcEw+p=qxv8oVdVb+MHJu?JRdnQqX5!x|X6?yB)BRm6T|CL6&7D7-Fc)01
zCui%AFc5FZZ@vA~eLN1OkZn`!oYU-fwA`#Y`<+?xTO%{>Tm!Rdb&k2eBujO3(P`Fz
z_K#u7v^|Z*n)`o_G1>XCP!)Dt6VLz5pb9}mIy^0%epOF352dC*os})Cn(j-9<~tV;
zn#q5uK#F2JBhJ`y>5!}(u;`bOa@xaTI@KAYJ2olB9C|dzbp6@DO#C&5dNOR|lSi}a
z2<EY0`<TU7<+PvEgFd&%^8CIOOXG6~tpk6wXXN6{N$+++;PTh=GH{XIPox7~czyG^
zzZOWrFqJh%_%}Kw(W?6Ia#`2owJu%pGg=<SoM!8*IAeVtgLXFNSyu0BPho66?1^kS
zHaCNfADxtHc8$uGKQ2<gc(jMGSC^|3ON+YkhUU=U<PtTaiVb=_TFJ42pdl;*8fzn)
z^LoX-IxA+hupa7;>&`Q1Zxs7jatyIFnpG&FAXPWvnc|NamJM6-`P_~yIvvBDqCAcj
zGI}S8HKMaIEP>|4v#(Lt=cW9fJWI?;V2O-!)1cbblV{Sq_1HeiHpHU(?7UR%3yQgk
ztQDj9ER0u1ofSRM^%F@<PN^>}_9wHyrJ&&x2U1yYMs0GS?PxFF*c^N$KpPvfd|H>r
zo{}Pd(ZR{&CiWq+Nuh!)mL@i*vrJhZ5p{kR%QwTNrOJptxuhkSzqkj}6Pc`r(i_Px
zX0hL-q>tA2!8|<oII~5^X0y+!q!<$G`tWp_QtXjpe(GDoUE<bUb{F=uFW{k?O5Q}A
zcd=%S-Y&uHlr~}rxxw;DRyLg~VhLh&AseQM0jjRzWir4LQH@z+Mw`k|r=l1$iV*}t
zIJpj%uzc}&6Lv&a2zqFL32P=6G-IWV;tUAm^ld1GvAJE;x0Dr%`Yl*nB^(fyrR;Xd
zg&_Aq8Iz}~FBlR(m$S~Y3gUPdxeQbp>|s45Gh|Sn!AkAZU`6+Asxep-%Bp4k=>Z>G
zNS@Zvly5+jtRBDwAN)&86GQxLnyeo7ih}_bVzjivo=crR53nq16JkeD0Xs4oQA<Nn
z9%dgwgW<->3PKtUZ;j9nPTNG7Nx4B5PuCi2F?4Gy_9dO~1YKQQGi(FH?G<g?uxRX1
z!yTfH6|AYKZpWH4+Sv_4Bl`0u(jU>~3br5W5iO-tMH`kOPPJ$6p@RmF&Z+^tNbKz>
zZT9D0u(zGNbrIVcnZ9I)7MJlt;qJm@pkR0rcBuN#)W9BHjK_%DuFTEIGXSl%9LSr|
zwQlS@Dtdk5Qg`;6)Zq;;?#+rRs};^u1gf;XD{DwK(RwuH_lEPE7dP?$k!X1@)`vFS
z0+r>rD3kX8e~AZrOXD_t9+A|C4S=N?z98){=fz@SU$ut~!!7prlWYCq5a`Jr#9OGe
zmlh6SUt%N%qE0&44@+_C78WBG4rB$4{yh@IN194GxAHtn7z$Ui+{~hiq0n&Ph_0KI
z+mKGlp^hBH;9CvDplUa7LSqV9qQEA*O^(+H(zRP{8z$IrwyfWjx;17K?b5Nv3|n*v
z%b-DHm~-)9UP^ZtGrwf+l06H<1`j0ag=W2XlSIp5tQcp$;g^vis6})tmPd=)5iG#y
z=y(|4v60G*4S#6M?W{yjMZgecqvd|9nS`#w$LQo6Ee|mm!jXCy@~XR8G_4xTVrk?M
z9xYFeM`X1Ct@7|}F>NeNLH-WY#qq3>cxN2TXEb95bR8bT3vBcNe*3zbM7lZ-*80()
zWI8p5)u&SlFphZ>*x0zB5yXy?e!2Z!%q24KV#!i-5FMPznyO-uwhiT(Dx;dWAzSJ^
zMVIeITki~oyIDVpeT>lu!-x~wyYz;X=4MIa#mVeD1W!iD?`SN^X;g6!OBG@&>n?SM
zLR349d(EZc6wz(E^b21<h>4m%gOy7oMwFIe*V;H728=i_9aA+IO)eSEbIn$FX49P3
zb+eRsFRb=Rv>I77RrS^q=!n7E(tz7|GJSg=%RqZ!@0OWtiQIzWpjhz$>%?fvV-ZW5
zbKA|9WKVoDPond;@feyoi!GG3!s6;IR)G=uk&9<9p3Tzf+FZ<NE5Ch?)z;t~dvP9m
zsLrt^bJ-s{WP@VyKiCAc>-YGC{s{BnAoP0zj!Ze>Q_?W2$PCQ$ld@^$ldK*kJ&skc
zdX&Y`ibvUJ6tw{QB;r8xA7j5rB_T2Qap?tqtOe)odF(WZUbk5J1g20HaoEgfIECN(
zC-~V5r2p}I{UT+d+UI_3#vO}bcI-bA0JQDy{Y9`lIit$%(2W>Mx?PK=!B4R#QQPMe
zKRv}>klJyo)tb_1|Mv5U(LMug=!Vg%%9GuC3^jj-&5sTs4~8?7fS35}8JvNVB98|E
zS-GMkv7tb3kcf)spM~=WQ)P<RvT<Txdye&I^+EACQZQAcW=tPP1&3gtbC#k5sO9mB
zwaZvbRrHB7%h@eTfq`7KATL+kv678Y1V7R_Kt<xjDtTC-UO=>Xp7m2aq}meUaf&4`
zur7)cg4sz3M_hf8A&-Z67+3`08Zq`|)?N~jg*J{LE{Sx{YdENXd<8BHn!O$%B^f4w
z78<!3^!cx`(W-`5VK<HFt1Y0Gu3>`}RRS}kx)+KKYuOY<FhCgDr%-fXA0f!D0|pVF
zZ$Q^&(*cCGKs`juO|W0tVo?0!4c0;NLXK<+QsmIRufcU!f537m>17^gRt--Q<!>UI
zkqW|&90^JY^bbdQ0CAkyxrI$oMUN=kDxD*!UQzoN8zXBV`^}WOy-3@J^^gP!av_(`
z74zS*mk(&->DRP8Wa<fY=SsAVap%zS!Fr(>vmF7NR2UGoJJ_SDeh><gUJL)Oh(ejy
z%KVz*qPT}PevCk+`aK>`%im*3l(-Xaxn?7<0wmj?%J$)TWl~MG@8d}5{ysz09>BRu
zY?GEF4(!HYAcfRBTP43@=m(f?DdDA6LQAKeAF*U{>O*#qBKpLTJ+KAIH^j!h_BtXO
zbABR&5l{o-)_pLII26%w7@~>1QM|j~?mL3D96E3cli@pv$&d}p8AjSCHhyZ)u-`3`
z4za0{=a*?DGB>gMuwC8n#aNKAiL5W!I3?i&A|q2RvFr#|Sk{r#4N9)izOq~J`w_pa
zUZ$stdynE2l``-qGC|4`hmP5X?U%c5?k_OoPA6C|B@;s1bH7QIxlD}Mc+wuUKP;k8
z+r@xe4Ex&NLji0#+Vm$+6??yt=X4+#@QQlh*)toEU351_7i+(_yBI*mLd&n=ATZy+
z>TiFG<vdf31$*m9tY7{GhF~NT!N<_-AK6Z+5Ap6#m{wT~h$qk3=B+Y66`cR_v%OaX
zAyIJ-i-JK0FtKznndON0&)YK_bc>>kw(;WtOH)BJrEF(uwEhJcpnDspX!j+i$=X2~
zNwhCyfT1q4C~@`|7`i0;5GsLOB&Pp|O;;4dk#7gD^?$Q>FY?JkJ3?LhJN6~I91Mu0
zKiOg>E<K10CaD9}HN3D$OBGT7jWir`G*rQ3qbv574TfbbmqiEu#yZUZn~jnhLvC^L
zDvU%HJqW}ysistm-#m|xm5qcXvbCxwhMvOtFh#+xlz~yESfFvWEkke~bjhm~iTEg9
ztz`Td8yk$U@x^Ga#)inZPz5an<4mKCzhjnWpVkYgG!BQ|j+OYiBbHx=(+vgH?UB6l
zpybmmkMc9&SgQNrP;h;($I{T#tOa$QfMgc2363h6*0%T=C*nyMI#t|`pyh#h{)p_m
zbf}lU*E2<a0<Tm942!Atxbn6*<Z&DFJ3@ovPhdHfo6rL^l1#M?aB!;*{XLAQ5JG@x
zx*tA_4s1dra~g1h>afSr)D96w_S71R&WU`E9Cz4@xmoo9=H{Cudv3x$N4h+(MgJ7u
zn<YWSa5TVHzIW7^F%w6RAkQucf0W8|W%t5<ai$?x)&ZoxA+3G_Jv+P`^QF31K0-?o
zFF82^Z^#D4>*-vbD&dg$BZI5UiR*VfG%Sk`;mzV{YZlJ|@_+pbhkgSieo4H%ZNtAX
z?abm0ai8FG)6{G}p1&DS$8kR+De9(XMtpL;h-{lWS;K8srKHhoIec*Z`jiN_o#H0R
z`xr+YG|N+S#Efawx19H<{rB-$jgRru!d#`>zNwka%f?ZDo=pi+yF5OV-}4~74GOwk
zchN$><Y6fECiTfzlJ?EV^!RqdB}d?J^iVAWRIbDBDaVB|4zA<(w)-u?c6!#uC&a(G
z%O&eM9F>upH-H~%SAfQn{zXd*(1{y}4jq#8Uq2x?@EVD~DCA~F{KhX_N|R$?q!A!9
z^g|;)DgL1&5ze4GPS{QN7V^pQAO1JO8GM}+px7eRSrc7gYa1Hj03I<tzh{$G#0T?1
zW2ix6*?I&4speD0&?=i^qaD-YhglH~qv|wx!Zfg$-xdGd+Y!zkbsVojUl;R<e8o1Z
zYNGUd6=X3r{$I6??0$@`ll2({@FA0On_|tM>{w{C$6sfM36MiR3CZp_JHo!Jj&1nK
z+l)`(Ghd_?&E&k^fEws<GfeE+&g3akU9bUynY?@teQZ;1#sO%toA-<N8tS@}&)i3o
znk#kJ^M2aU9O}9sq=XiVaXrVUsup0B9j3KlAf|SE33+h=ooj&}ANahPJ)oJY$H)P$
zC&KiPQa+5c({!p-)l&)YgZ$moG`ma@ygouAn@{hSK~c)r5k+$%Lq`Tm$Ut*wKsi=0
z{tRs>SGDYHbPivBma5!}VyB8V@%7I|R6J6r!XKg(57z1Zb5!F|vUVmmJ^q0|BeL_9
z?Eg!rXs8$4!09Nl$M!^>zMw&0cwrH^(y%#CD$f6;QTO{$byPw`U_qV0|0YyGLNKSD
zO6WmDbt~*$JQG9RYG5WF|5qDZ`EOLffh13i&Y>zlUq{=5z)okzH>S5L5Xbik@a6PU
z2&4~i`3zDkDhu%h^HjZPx+BPMrJ68!_RVk}O>BiKaUs5pMzjPuauK|X+@MFUcr$Fh
zcemz^>0FpkrADo#WNsQg(UQMRdK>)u!c{C)ZJ{&rSLD+6L)z08+HqrgfY!BB`u5P1
zvX7_Q@=s{EgnUN~%B557_*&}H0l#vGrOU=%q~;yD!h}Dd)J~9BIT*0Sy#Qh$COg0N
z$2_}VRkxyF2ikLhsyD#h7~0kmL*3h%E7+E{Rv->N8;VF0klRFB+zAq|bg{=N5!m-=
zL04$6_$`~RbmnX5?rvxru;~Hn*B$iMS957+SIl>DkDI!r;LZ0az9(paEw|IxJ<)Xq
zLIRY;;o5_5pxwQ|1uF0_db2k)U56JJCgR>lty*a>{wz@+hyhaklJ2UM6|!(vEAG|a
z{5cw01sagQ?KHSAN&xkWZSK33d<FIH2O2=TQd&{Pw^8^0_z769sazyf>&sVBs{tqh
zf@?vG`ti4^Xdr$9t~y4Ux1dwNpfCy8cB(}+s~ZOJ85A=JV!)YB62BECz(Ysqj4T1*
z`Hp@ZjH(g*W*_Ysg4rC*f25a(Lf|?K5*gwU{xm%>3=Ciz2kGJAC;@TUL8EU&2~dH@
zmOC<xujPg7%!A__N_b!|FIs1=K9xbp>%WV|?G4~{hfigp6f+7nlScA5dg*qaMi*a0
zTyr1<%%WaMZzdT>><V5-nVq(x!mZ4v8ID#maRq#EJ4dju6bHn$JNTlAK**6tttTLP
z-7uOLDw+>iVK<TqEhV%@oYP_)&!xxj=V_wlSblFr#Ov_hB(i@z@Q(B2WQ2qkd~QRu
zoWT7N(SV~htqtoLV$ofEd4v{1oF{1nS^|}Ri}tJU=D1&w)!{>%(1ocyUA#DnBY#yi
zL;O6M4~_@~9058v8Fv2j6y8wvjrQ%vthiUOq-UOuYDhb$BN>}81t{>fDf~xULr9#P
z%FAsHh<94bl$$nG=n10NbbeQa?sZgNrxWPOH2)q<gd9G#?5e3I;?3&3Bx=)M&r=ct
z68Uy7f#Pqxmv@W&2#Txs@c|LVVMp`DGl6){x}SHnNj{IGy`AMhz+a7!e2x~9L?<4=
zbiXx=17MJ&_xZ)&vk@4o>G1^}&FR`~UP$jgsKwHe*O0|5zaOLDK8GjLziap(wpbW9
z&j1RVi3@XiOIwfO5#<l@M{PZbdfYZ{aQI<9JVNt3iWPFu`%&I0LJB#0)L{o=`(u2C
zO~&<EFGU7)AfA}VUx<*sj&2|~qRa(A^e)tDQDWA7J~hHL9GxUnfN9&G4|!l0Mf!9h
zf7b4#KP0Mad3~-%5paVq5r<cw=Kr*{;K^4Pg*lA<CrE0308FyQd|!kgaCB7=#5v+3
zLJDDCfl3faY2u6LFt18`(CuidzzNS%-rZIe^op8g9Jq{}ci@S~mUCq1>PJBITFF~Q
zeuTt=ReYYUCggU66hzVTc@9`a3WvO6(+j*N!Z#dl`S^kMz5oZ^asdqL#}2S1U>#}X
zevy~Zv6uL#sz=Coyi!!`dzp`k)DB@G@jSvw4F)1T9Q`U*Q^~?Zcy3}Gcn!&l&G2G>
z$VU>Q?HY8*rWx=Kinebpyo2gw7_icMj*CLsV`Kx#8~Iu#Ew2kIsBArNC-gVa4=EsT
z1gb4QD<TkbbW|8igU$SPo9}Up?OP)2YIwYk{t|Kt(yBFDeR99WQ^cCB{0+Od$8hwj
zdlivD!{6aWV&mI<c7z#l+<KiUz}y?r9};ET`P=pnz=!8|@YQw=JfrAh!!h$m>KW#$
z`SIe|u87eYUc)i`f0@+!eW1}>-s4*%)dP+S3D1by-5ifY<XF8SQSbqeRyJt(+>U^P
zf4Y4X@e_s*{!fw!qzrL(4-zUl%Lb69w(`M4kbvq$iTgk1cSINgMEchmblZNOBiiia
zFGaW^$L;Ew166#Ab9KQ%o+l~~@b_&lF0*?mt^n8Ge)5{3r2>oSxx>iJlMVwJZ?zfb
zH0vRFf~1dF#^TR`|10{OJCUAVo*tpo%+FzPV2n{cHVoK`d~zY6XreuOAV>*cMBI%5
zyr_lQ;3X$bnu0sc<2$rCN=?!->Ed%xcyYR(Xu4j~Y4|;QQ@VW`T+xUnH`BkIsv~}z
zjw=q=OHp+9m;83sD!fM){e3S|?2BLWEW1^|S0o+fFGhYC;_YJ*=Z`xI!A{g!o?qfu
z%^%aV=>-cL>ElUubJ6C7%~ABmW4enzdlmV2>M6ciEhRvreW&Wo622oOp)TsYP*0|s
z5xD-U{f6se)z`eAJ=wr)4EfAKH2hW~8FEpB9x?YjuGz+b#GpdrUsSaO$5+J>Ek^A9
zA+l8s;4WT;mi7CI15i+vgUI+5Ja*tr#K+)zLFAw1KiLAnEkaTtD7v19-%*wDBC1H@
zWq1p85xx8P0xz+<f@{Ak7cmp6UtvSc`6aTy4J7{F8(>+=e>mQ7$o9kXsQvgQJy$&Y
zD>oF)kKJ9aXtebQKm*$E5(I#-A6vZY51g|04?}GDGhzjPcfb*p_*$VT{cq#|@dFii
zQ-kjSL>#&Tj7K)-$JyP~hT3{vjSSZh)O+c*h-37743WaL_7Uj-wu?m1sI{f%iA7wS
z6JfyU>^tukx(2XFs>YUoBueXQ3t-E)qNnPkW^F94MXyC`(;^H5H6=rUVV{_OV9+5O
zhl`2VY=7v-Q`8a#zb&p0Am+6M&33AOZ1$FlzNNnQl&un*J%^SF80#AiG*^UXK<oxM
z_eY{OBf`MxbAv%(WQ+C5+G7!J2%(h(@2JgtdcLSh)$X?kXSlbdX@_hf?Cl;lp7&p;
z_F9A{9gDi4-kYJ-MCt@Y-z=?A*`*)bw2KY-t<2HvlhTh}Rz>H^5gxDEjeW5rUrP`R
z^Ry*)b?mn?m-d#eADC@#a=Wz7!f1rfstL!o+f}HIwgqqyH<h3u1wX_gG_bK2u!V5Y
zJyonNwS|D_-6F4X^F+U<8Xm&PWeWv_r$l=wA`rs40)Y(N^Tvte&9#SZI*zgd*Xaa$
z9#xcS8DeLt_IyObi?K*Rk?!+o*>u1S<ow-ojUrqFE3Du~aP1@5kJIgfw{Cpc2E!%R
z*qIjlu_8%+&366)>;<oaC23+v%b<r-;o5qifKQpzQgc$Tpmt4;B7mLIH>BAoT>$Yd
zYpLx}O$V?uDivl)`##eXsNGS_QS}g}i^SHNeVPQ^A+f3rdZIL8H;ibfjk7D`AnYWe
zM%)*S2ex{(0*fQ}Q2@7X?wc6<J7`@Z4Ecn5R68x7R&~;JQPD|jWHS)bHn$nIPB`ix
zUckY$uCvyJB}jeph(um3uS*NIbk)|_eL=jssT($<>X;Xo$LDmfDCwawZc{?S(@Xn;
zMM(`lS~LvNOWdz|DkW8Fv7%icEoe9G^JCKk6Kx`1s*Ko008dR$S83BD0%3<=3DDpD
za2D-I#+H4(pVr3a;^G4r9Y8;6{y?m`Yk=0n?h#(0R1ef%j!5|(WeO4X57O-HCIF*t
zMNN5BvuE5<v9xC}0*$8ifos1WLU0Atvz|yAtl1HN0D)$Sk`>iMu-Dc25NU24s^QK;
zjt}R=U&FLkc4Igv!ZwULT#w2Y6K|^<2`&zrUT36=#F2I5#hpOUQ5vq_l&+9ieLGy0
z`T@-U{2kz^bp@#JqKkKE`C{~F4HwmTu^kXkjnSH`Vo>ZHtKGw*K@H*IqkK9~OUG+*
zV$^u8K#{{p3Ke<bU0RmdJ^@puhr@2Ss5ep08j2oV2B_P}8Fy=$isG%Kted3eDRH0J
zKUvFHMML~jt$9_^FPcu(a#S%Ox=qvY`Uv`hxZ#tT5-MkkmD9CkMa2b}qAt7#y*oAo
zva%at@!xy2TVxTz;K2K|AyO8%p*cuu(#6L!H9XJ(!7EPOuO+cK6n%~yX_o6A#ER8_
zR!gF>90&8nS-1{w_n>x0RyTl+%O~wLdlnw5^qi$#l~lYfx2Y}WpjKd_mLwjYtz{_v
z0kLY1hNlJ)3lfS>alA&u-xc6@h*m$WH5Li~z`AMpO{*T(ip7M7G@oSShyfd$7e$Y_
z_K5bV902xCGb9{EV#8yap$I+%gpyEyo>r}d4Keo#4Q~`7>=(=CV+}Dl96K&KxO2;8
zh_V2?wbcT9N$?)hg(yFhYWwQ(V%9<}RjCa*3P8;g8yDf2kqw9OtQ}$kd6cvj3AVeR
z!xr&9t?5z#DP%g;J_AS9-_)*10Wabb2;B8gdwFpWzVI2$ij>7Ivy{b4BSKd8@nX9x
z*t_|*ik;75!(a`RUEuZ;Eh%HbPKM5=N{6&cBoP^O+cIpn39n%4G3&`R`8kAzpDfj`
z%0A#3*)r@Z%m5<SV$6Vif=x9mAhJiGhBPAFl)%SdU4aC4-U{uwl=V2uBeLSjmDu9w
zGfu*6nPpJB)#!5UYK$5Uz%Ae<Hg*?^^8Q&0Y=05`srNdxS9}KTrLt80f|g1jyr3PC
zf^bnPUx8pRr6eF4ysWvE5|}u0F|B~yuc8@@s<|S|OJ0z3>Do{|PV9Qso(>}{aCMB0
z9uDJtZEi~-$w{UIFKS6*#u}KC<aw}D<x6hbu?|<b%0U0KR_h?G&QB{gXidb(^>8;B
zkKZR&ZqRUxjUrB#O%Vk$6}Mkv$B@gyL_NM2gUWebOQEE9v}CjPsRYWmFsU_Dv0JjY
zq7~PhT0=VZhW4uLK;TAwvBAO~m&71US>8mC{D?<U)n-hZ>=~86g}dwno1tR(X6=mX
z;!2?vio3VKf69J^1#Y5y$|C&ag{|5cRrC;wP3e=jaU9Hh8>2xJaGeD*p~w;6Z_{u+
z1&U9K<;k2QN|d~dm6Jq6%-C*k8QiSa?$BB&YC!DVi8D(I1jWz0>;=b_>g9jg8#oXa
zSKfo~fB^hz(ryiZ!hoVj<osK!r;1+D;sXt@cR}@uRv&8hRnZW=KGNb;(Juz?(PE@|
z1_O?KX>zNrbWyX{b{@f?SoX2zS8V)MNrX+S_F(~(^)^p~gX+0kt4FgR#d)t7;eFbE
z3>~kDn&HiLu4uj=XB!9r28tws4jj<p#WM%6w<Ohr*BGa^<x$?JpniQ2C%B|~Vakv-
zcfJ)T+@IOT7V?RzLzq{b!1yO>4<igvWe=g8Pi>QMvw0;^PoiUsVSz^uYgv+(N>yKI
z`(tD!FRVbOD@k9%QCA+(nlVN8*<`WuOAT*uq#(6FfqlK;D3<c#SD1IzjGqpE1sEae
z7-m!vfGbEs@VFLj6M{Bj@Ci(*20gU@E1VM#o`kDc6~bcCDV$8Q?D2>br?KR!?3GWJ
z)2O-w>~P07Xf)>=E#79S*UV|6;#-_~O4bl#zSFW;ywu@$WMECG^apsk=fBsuEfEl}
z{h*Dq%R!O&6V_4=(-T6PDKGwM))@@H=NZT=En)SiA@Ut>nwa>r)=<^-x)A`O^DEB6
zXk^1U13+k^RN)ZFu@jEv7oh6z^RPT6;}h{0wM1LSzzYt%gLR6)B^aCR0q#$2(&Eb)
z<DI`~noX7nrb-`H?b4$N2|@$0<gzx_W(E<ev@d3jMd`0vJG+&TnDU#}&t`{_iXjzn
zi8H@z_bL*SmS!^eFA`7wskK!#@MvoPU+^Td6G&i+<c)tLs=fjT=e~k9S9Bky2Xv>n
z|8FdxA{mYXg!yT7@~W07)?U@pY%;cjB#YzMV3=~;hG+9ty}4aPBEj`8N)Vu8aa|xE
zOCxkR&KEVk(B>I8@x*yu_t@3_gy*GrJ`k-p5Iv*yESrjGG(yGge5@WTo{G_(HY-TU
z@p>`k#DV%%tnRg`z^~%<;dV=5JE+eRixPAM*61&Mb%_kq8`I?asMeys9#GYAqr5K>
z$~GK^LA}&KFS4m#0qRI)EPkJQC{L4<b=*58>wnAP!%<hI=y%(y{lL%>#Ak?Osd~Ci
z3Peb>GYwOaou=Cs<qwKdr#{8j8*-#cQ?AIsbibRf|E~0giDm2Q;y{LOZ?FJf34uVR
zS?Kj&nYwN80gnLHrP_kSExYNlVpWdb)u#LYhyL$ey{8&mz_6Pr&5v{{;I|34xb#%J
zW&rl0o<AbckD~nrdVN6!k*R@S-q{F4kdun*(_9skR~G5^9)c$x*BD)wy9}|edOD96
zgQ-;B1fEKrU_;NqQ(Y{_d%JDL`cWn5yGif@1jV){7^q?yjyyR@_csIDu8yjAuGUqr
z-%LLv=Pc-_{N|XVJ|$=(yF|aHhyej&o~;Cbo*|XYZh;jX-a@~uG$WCc#HFRWOWa?o
zXV{`)Thv_+(evAIG~V4p&!nSe`W{&c4qa7ZcOtZSz>Rs?U#`m+@A#89an`LHcr=N>
zXA?y}9k4212^x;UGG5OYP5pX%Jj8T|!;XG8u64w+pdODp9;B47hxHDs7#0^>>0M<J
zxAQ2v>0CR#IbEm#;54!a@HF=lxR_II^|ff&gFi2*t<Z-{ainvXI_S+*F-)MA$P0>k
z^lN9_6P=%i>g#`!)mO0py~3y`AaTD`hU@xKeUQg3>8cMzZ-ELss?>czY!BTn2?)4)
zNCM%4Acg+Z3z@4@JpVB$KD8EaORN2HVt+4vp;U)h3F_{X6=kj_fo&TDN8Fnza{KE4
z#w2<CVMps5tPP8RQWW;r_e&PiEki-v0@(K<MF~5GDP)@V3<9Ph8y6!6=_h1!fa}{2
z*5}IRa1?h?__ILpCYQnkY~lvS8cSP7=poVlHa$~H18*CtFk%4!xwE8T;fBjVNnE^L
zmk($?ST~zcHCpcrg4b<C>W~DTY0h|=#7{tP8jaKcL~p#vhVm!q6QnG1m?1ZzzZ37q
z1E%ZiAzXLs+tEY$7gjfVm_d6cL*vSe&^T(cen|=d%I+_rSOF-u9INd0hQ;b>dbTX$
zuRM0n(1WUoH0)kISr+j^FzJ3B={$;IM@M?+81C}6KUilD6McXft4|;-TmB&4`9ccI
z)KyC5k^3kRn#$Swf8<#F_#>T%^-{VpS1+T(KV!Ttu42If|Kh#(J{C>xhxBsAT|5U~
zy!TukZ$0t$(~#BN)aGHmxw!Zb{j4H}1&Ezx_po5i9@Eoh_po5Msf(a-^YlTIfb|-z
zUL~HMk9{Et;RpfPE&eQ9{@D=$|7s%E*Xo0%0G4R5L{jrb3sdh73N9iYeHHjh0ACZt
zl4r0vBw4Oy1jBWTYos@qR4kIBBHPjNv|at-&dOza6Umb^e;sa&5kIZa{fZn0Y=t+A
zh4k_Bx*;A|jg^NqQY}SpLakrK=oh!e8vgWxejKBhe`K@gCB2iZjlI;<hGCbzrh5pr
zGw8%xyu@$!J8v#NdR4zqD#N<<P{=C*d5x!IYhd+C<J#Bt_oaXh-N_&akZY<~zE*h@
zA42vu>-8S8A?%`_Hp~h%HI3%IfoHDWH|bx<+Q7Se+ej-QSh*6o^unZFhgK<Pi{4DE
z+pPa2dmjvoB|;BLF|1F|>i{Z^*`_xZ#c%5X{qWq?10#}u4+LyAn-;#SXNk&p^iP-u
zmdM|(*Py-upkkPfXuiKwujCpi1YRk%NJ9)Z>^;3e(mbMOx4zsixjxj-L5G2Rf<5}3
zQU@~Z;dRkQoLKrXh6}!rz%LMS`}I~*$ak}l#1_*;%|X3LvXFC*vfmp5yBnY=0qknv
zgsmw4i^%q)<qP#3vEy_7AjW1OuZsvw`U(OK4q?%-<M9mfbG;`?nppLvK0%2FBH9%)
zD1Z#&kHzpj*F%?10%v>uxZY8AHy|#a)TheE@g%gbgvqkSLtiU5Zs6JG#&0nUR10~;
zh3{e3vKSx~OX%boSXZ}SVO{X+hp|3J*dreMS#K<bfGYvcn~S2~jVH=L_GsK?y`gyE
zqV7Xu646(U6;btNs8No_bs26K6+9jS@aGf&`x;3Fcz<60yPhDc;V*T1*ihcyzYsPl
zFILeX<HsY&AW53Y`wJ0>6b%3kuEX{4Uj4s%uG9d~Vu1Qn1ORzSH0Nqv<M1eQ41QmL
zig{G?&F-jQ<WHCYeyW-VE{hfTCV<LGr{>3Mbh-h@(eaol`$!;oww%XKMn~a`#utMx
z7GE5`czg-?>fx)8uK~V9d`b9{@ulEP#n%vD8a^k!bbJ~3GVx{M%f=`5=i<x5myged
zuK-^oe1-Um@HNI)jIRm4rudrSE5X+sUkiMt_{#8=<8$Nl;Pc}1;WP00@dfY&@rCe(
S@wLR)3SaA2PDZzR=l=j6UPu}M

delta 17627
zcmZvD2Y6LQ6ZYM64(X7Dkel8qp@iIi@1X=ls#Fo_kYM?w6YK>ciUp*~5k?d#HbkU-
zM_ENm_)xJRU_nJ`Di%bV1smmmXU`4b|NlJC>bbMCvu$>E=H1DLnSY4G5C0*G`gQBv
zyPv4<GU9{~F8p)ze|(p|VjnMRo#1I5a81=gd%}9$NZ&AVgRsu%%d7$|!FtO0pAqzj
zy>?Z-2L*oxNQAW_Yiv<NJ1aI(SS7mKY7=)Z9#tV%7G%&zi$#__IDWQ>0nKz3QiE}N
zp0zD0#;%`ODy;d2+wPf^$igCCduaW7>MLO1*q~5YjpN+b;^aeI7ot6RTCPng%~(*x
zbmh@Ud0LizFtxd`f=O;WH%$}ugMQQNN=CP%?znxlHSMh&yKAE^EYS?u^U}+OH9gr)
zbJ}P*)+zVLOb*#^XROwYV8G*}ngY#jKbD;?;_)-+%77TFIyb}Kmg5#yOq$y|o_m@(
z!&Yj6+uGlyp%t6|yS3Hrrf%)Dbb7y)$gw&VtY#L|K2y*K0}Xh6t|EH;E-lZhD2}zq
z6txi6zFfDxs<;7074Qb^H%q!HzOXCJN^R!0^P8OD8ehOpZq`;<=kncFRq0<$3E3l>
zzb*7&z)$O@V40`2inS8U8(Le^bF4`%zqhPnw>7TS33TcYxEhj}rl;GtmEFP80v@_J
zRnN5cmdDr$<=MizrWD)cIm=Z(>R6=Z*nPc8iZf_e`mPez^{w3Wa|L#G=)N4fI8J0+
zYkj#^X<!aF3EOW30=#I!fPE(9!#;W3mKiyXu7e?0vDL9{6MKO9J<ALE?25Ldg|*!8
zwl}wH%2N#mTqR&}Th$#>tiCs<*!dM9MGw1LFx{^1a2*sW;<op9Y_2LyR{>Yh-syUh
z-J;Vp9fHFltEgKmdw&<duwHEEwu`&vF>g5HD!j~lOLs35BVLDS)%L1y4KP!zg#!!h
z(>>br03!k0+w%rt?dXVI=~bvmA^XGLl{`PwXL)<3Sx0&|wAx=AYY*=i5>`?-x3#KQ
z!#X0Z>LhZl)4fWqzWo)K<>~(<Hx1ak`d`c9%&=WF09$GG;;l5SJFowpsir+?;BBZ6
zdV-c`NIoASs=XU3RNgL@YHg7~7p~G`tsa9vwiaCLriE8Qhx!cpj2ndQ(xLsisn>5$
z9TreuA?xIbOndimoWbGOyRB0rzK%hC#Fa^-o`t$&*0!ju#cBk7URQxbEFTqXjp&(X
zpQ}m}R?ZN&-Q<Qi7UuKY-W&TV-VhG#>F2autENM?RhXD#RZWh!YHm!y?^x?_hwH4h
ziCO=m-7`6Cy?JwnwSR=${_*BSB_!fXrw#p$Oshqw6uan_w%EU*KWJBtg`y?j;I`zr
zix`(b>~cG7w{%an7H4N#(<ZpBv<Zh$7x1_mT8~$!+es6rX*zzBcv{c0PFBa*YpS8o
zAK&b@4o*JHoDo+e>i3MEVV}OW9Zx3cwLQ022y4YSxAo8+=fD#5yYd#T*9z?y?_?bf
z21EAzyJx8{(=NETv#@qfcH8&dr!gtywWm#am8Su{Ewmn(l53SugDOmg?V5Op+kR@A
znqw#grRK`22NSGCDJk~XHQ#Zguop_r^p4Y0?Y|yuC#)OqgTZ@<6+0OAyK<>!tzKX+
zez=1oKnfEIt-g=OSg%tXs@*P9tUiw(wH})0w$447Li5(@sj7C;j1w4MIAT}LoCRGC
zLXl6+x{;+s!mei4nOP;)-Z`=K;Q-OvUOy)eM)D!Iy?ZWecrapG-i7FTrxs&3n$M>%
zX!=}@(I}gV*x3cKR&7p0`?1IKgyoyzwzn+E;D%-Z4NL5QtRi8(KG$vg7HX<-2oo7K
z(I~KoEb=Qp)1FTQg|%{l+dlVXBk+VgURNeMNT=%eM2ziyYNaBEVJ?_hHOfe_8qH3z
z)0VJ4hrAw|yg|=!=%<#((e44Fp*5{-j<t7rmR0-AuU76txBcEywkRPO*#ae{-zOM*
z^@>=UvJl+os+hZgwk#CaSu;mv;l~8)`zPJ@bt_oSL$JP;&&I2-u(kgAT<h4`GHcl@
zF?4E|fRaBKYklzCUdvwUwl+Kuvl{Z6u+c|eblaO=;8hIyeD<Liaj@I3a1OTrB^>M!
zEO)C_Yq29CzsEkb8n@Wf&%3QgYjBH&{672anh?}K<Tq{4hNi;GddY2#|L;*q4|t*e
z)w}g9dy>7LXB7zGjsqdv?(iCv?ZPW=`~Horlc7M!o-X@n;0gL%SysQzx%RJb4B{?>
zrnP=cQ|rAi%B-?2h1Q=pjmQ5dS_A*<wl{3yOEv_3uH72pA%r5<$Q@0s28m@>-~at>
z-LlbbSME?eVUIoWtsTq_EBpA)#`JSL(U8`4fpJRNnQzU1?K*1PRb=7Ec<bpcZhOJb
zdOTp*UN>F)6=tyU-CMXdRI=#(!CVEEY|K?f_VN#4LwoFS+duDOjS4{(i{8(*_UwtV
zo9`|b)|8!YtN8sKCOD>b(!y-($nHEV?%jq~&4=mMxjna_nd!A}+50F@!!)gS`||CS
zPcww|*)F%$e&4S#!7#Kfiw-|w<l6l|>y4EPd&00}Ot6yo$6Cj#(j05{WudkB_NW!Z
z_dSzC)))ITt)6?_cFdQ&7-8Jy>0hy(2zx{J#RKpmn(cF2oex1H!mzKnm41O6((mwo
z%rorcJ!1k@UaiI1{l3OIIlbR)Kl%-CTo`xwoNsH@muX-79jsF8LvCu_Su3=9+>m1(
z`F=ZO_@M|^>tk7V?GK}w)enU_2BS3jn_?>HqPZ8g#6DnE7FLNk>+}x|tmQw&T7UmE
zmsvyh?BjPs5yF1c>UApDy5^ULR@uQ^Yx#Gv*52c>R@KSRt$E+Ot=^|#Ji-C5U2*z2
z_Ynx%WxwDeul~tRpLK<~=iyXGoIa-gl58FPbq2GA?J>Vq!2pMYw4oa=q@SuB`Tfo{
zu$uhwxfMQDOxwC?$yV8)A7d&|&vZKSy~wol{(6A>2}WpccdeM6Ct5yM<X{d-RDDs4
zr<xx`tX2P?&#cN{-88Q|Jdf;iI5OdoXHhdP!%jQ@3a@X-@5)^Cvz~4hUW~DiT*!oj
z^oM(41HoG!3c~VF5_*Qr7h-|pj<|9Zg$fO<6%RHmmivsOLnrk5v>V2Y@^rD!`t~2S
z4M}vb(36<^D7p@NWL!PLUP3tRmpx(x&g-8S-PES1mPyaVid|e0loR4aN5vD78{!39
zuW-am^?PAcai?1;E1e#zdua`+U!wSwe$j<87*vrYU@^iGKb`5NWm_$FH>9}>)uO}^
z*kfpReXvi86;QGT!k~K_h;NxcC`ToWlRU#n#Fb6!Ps32IJ0)VQ=DX9lKU$tDPEz9}
zQB3O_3f^hcBUhw}^E@^)K(F-CnyS^nh0eSUXr3GPGI|g$QL3n_0lHq(M{7bYGQ{`X
zI3ycoior^bDXX)D2cHr6&S!E&0kxPR%II{q_?hN5M8hS0wR}p+6<;t*fTs4-GS!M4
z8J@#jNz^`1d`zd@V4c=a%b<4o;{6z~hFsZ;8jC#Hyg-b{36FSvl-fk((EJjSD7O`h
z7J?4s2)DdgBG`+Lcmopk9FIi2VM;9(ty#b1=S@WuLCN_LzkWDYuUmhuIdv!%@OmR&
zld8(JVmYk2_?+AMe6*sKXf7*TiZVgRN+A8&R)X)X2#$0i)&7C$dCuvEJX|I!REw}I
zDi=2hI@b)$i#>v`gow|STfCwRxAXhZZhMJdB3t^!HC*Wr(&->pXzkrt?CPF5^p{^0
z($av4rN0B>Ynt5(lFkGjN&c`*4~xgR9UT7CCi-V9Y}Hoh(5VQPc)AA@J7WqsJ&{1r
zl}dZtiAGYi74LDIpjYm0CxU{$3W6=GLj1}^zf6Ij0s9aMn&i1&D`lON1FjNTU^LPD
z^iCp`2OsjfGU)4WB3r(Cwb-sGVOKs=a;U>VEml6$MU)8AE70b%u7ZQMNXV3jyNQ8_
zP$FTvs2e%duP07g*&r=WZTn-7=g9dzgeGW0CyXg+kk;H98kb{vKFlW28&iv(Vj<)p
zrmXg81=h+tljWJ7;yxA_p^y5AW_+(PD~`FLC0UD)DZ_o4LX-N4K2+NkgZiY8V81L9
z@v&1mTx7}feTB)|1X(M*T2ondojTeP(<@gD;Eh~x4Mufpu-3}@dv1{C55uqd1H~!`
zG2t*OAv9tr=3Y5S6bstY2Mj+A(TbhG4+hz3!z`3IM9k%eK}3J(y)lKGh!pwB5HXTh
z%EWYrYD!B9T8d>ECK9lk12J%@Y6%8zdOYlT$7?0lp{*%0X{2bXGZn6#qSE?NY%dej
zSdrxXQ6f&z1B20i?F~wQOphr)zEQNmj7@KF<1M1Opr?jo#CwO~ayqs^1gZ9ZSiget
z*rKOLi&+rv4Z~Wm=%i=L&SOMlEW7EW?c+p=oI6$&2zv4cG+#NKW5PHU6YfA8A8UE7
z&nS_{$3u0{n=iO=q9|2g5t=hX%TktR*oGXZ!wwVC>(oiGYt2VP-rNzer8U)TOHIE=
z_M0pcdC2~dth`-tcx3ubI?`8n(~*$~V_v=~O=jQ8XLQXtOm@UwqMUgGUOE46*7p9@
zkU73m%cHyyZpkr2vYlS%^?_OMaIct$AqV_WiS5_xS@OiaVj2#E8HmX0`$cC#-R?s3
z-c{JspQnl=s0n)H-f5yE90(JUEzH(nnA)1@xJ+^ms>_77OvjP9|3R^j-o6KoM^6{$
zxLrh!en^bvb_g39(xm1_x;*iS$mXpLh2fik0(WmFHW7ZdI@KNK!6c?+!0b-~nW|@q
zPw3UDkU3-~+bk33>$=DI)b*bZ;_O-CYY@X;Ie9kL17gDg1bcg18tHU#j);-l=7>x|
zSI-3RiMf3I&2UH_ohMfDf<=7t@yA&w?wo~sTrNK_F(BWx#B;pyCM{b8y@VT`Ea>yO
z4o?!TStP!S33`Jjtix5Nktts!(F<^iH{@~UM!}wJnZ8&ILnq#lSKj^<tR-56;HN6Q
zhJq_ZI-T1ra;dz7kwMFrh!ooMlxRl%mWWTekzbZRBRIPCh5~ZxQqe|z2Ib~uuq`Yq
zgu@6#C0~YC;5ab_fg@ula{aR~v`mO#$v>*m(q!86IOI$*q1udy$Z;<S23)*h55kdA
zzD&9IMZux27m->TrSvfx$u=*k3*8&`$*HTvQtm(O2ilOyh=uIFTHLGn0}AQD>H(FY
zS6&zC^5QFEh^h)k5f0!D1pajLtQRe0?ONee)f_AC>0Kgo){DtXdRWfi029QcK=^7+
z9@t1G*-%LC*^~ob6`i;);(-Ptn$M*kt6}PQy#@{@dl7sgM$c1ZT74R8J87lHVS1{(
zUn+y{g&oY~;5tjLd0q5n!4dz)P0sp70@zLtndN<Nirz|O5Mf2py;<^y&Eh&mK!C?#
ztQ@{o3|EA(t7%=l>+I=>)#!KKFj#^}Ej%S2SOh==hqrS2c5$<!m{0@pftD@fb~t-%
zdaU`BONHZ%1Ue9-c_?M9QAiWt7O7OZL-=X$+n5N)u{E(;Q>ys@aY)tM;t7o3^jfE8
zIWerven*UE`3PbGZA>%@<x4xoO*~5zSKfQ#PE{FjHK~g=Q@OK7v}qN_y!<nmpp<=D
zBJGUTQn=gJbz!IKHkn4eEO6>S5HGR7plr1(I`$Bv#zt1{N<%*Np}OL|W?25XTR8|`
zGa_5;6<t-&JZ%o`<h+m6dir49b2)C4#wTh$eTY|p9qh=ZMvH})^1suv>0$y#GifnK
z_}8c6yO^NQ<8x(O)o*3X3;Wbj@Ok`@%K?|X?enNyc2+<sls|ugB{9$_C<lKjhGG~#
zI99nF0_DklU#S!7^MqyKAST0=5y(R1k}Y366s6#lTl2onkm*O1R`|RgXaxcj9%J+j
zd(LWZ>hleDtM3n@aa}Y*s~3x8D*qU(wk`|zOUG|`$9!I|{Nfw6bUv?7wmynUFx4+-
zd>5q#=<A>KMhpIlk$--#PNmNarydS}Bl_(;)&<?g(fV~pf_&je0N5C|Hw4{<)1OJ0
zQzM%HCYDQaP5nvasX<-g>i7Fe)N+qu+2}ZShCd^6<j=}z_z>N@DY=*CmT#SKC_WD;
zaIW35#VJtYgFZlK%FI3BhC{LFG`0>hd_H;h3{EJ2`enOc)gABi1?1A-#8gEM%EGha
zDfJnWTmKM`sLwFFoJEdTIpHr@0!+sj0RRN2v9XN%M^q~|Q%*VOh{XMP=)AL)h!K@H
zmPyqu^%yz)qOu-7_?+3wZF}vIrWV)lr|RAU8{1vP%b}Xar^E+%IG4FH<Y8SKr6@S>
zj+azfPvZmc^D`2~eiQpZ3G%BLjV+ZAUTMELO-;ogktgG|MT%<58HpO3ULSzEO!gtN
z=%Kf;AN7C0eiZiBW2kQzJ%!$^U#HUB8sMJm<2F*Ld^{Y2Y4x@35RZGja|4afj4$9r
zG&kyY$cX(1ruB_vtz41)u2LqKN_VPOqbLE49oKob+}Kc4stj*9gKz3g*|d??iw778
z$ve|EHln@&J2`wE6O2YW)x3ZKZp(tp)~{Z@Bs%{Nt|N8kPNi#C-p0c-w5=>CBJ(q~
zp-Lt;CJU1W6<)&o*;+Sz;%UUHs+UdWx!MqIP#is$tL6S*Zz1$<t~NB`-MD(VFY(W$
z6^*q<Xo;AybDlOv`zDUo;iZEq>doVhgboQ&-u898rkDPcuT4xikP@xwaH%FlXY;ku
z+7o`NDqtzmhmA?v@c+=6D8;1ILhT;y`Fm-0p_U7P9G;(geW14rwV~SE|E0nr)z*0&
zxIJOQYlUjCu4|(G0N%EC_0OVHMVRNKuhBKd%nv-8#ujU16TaCN<?pNb5vX25N+`7i
zT~yT4gc5E7NQCB;XtyPl?20zIuC7TP4npl4qs5_pw79Wq;SbRpjWPKRpG8{?iVg~R
zhE;LeO_fbBsI!03rY4F%5T-AiXcM*l23^yXr+XQepof}5^ussN5maC>3T&uOSaws9
zGu_I%v0TCyXmvB}-eVi045RA04tuCssWvWQ=j+j$8!y!a>D5wge8R3bqBS>Ns)-N)
zgDe`>TpN;bdTz1P=Ph;Bksu+=#~Pzr+jJFO(?X5W^bkV%0-D(ZttL+?aaxV5Yh{MW
zXsM0WRz3^U;50C4eoJj~LU!lI4(}wzi}0i_(xy(WunZ&KrKPR71p;agxSP=!pLQ)x
z&D3LcZRIZNSmso!(D^>?u03=R6o~nEgiOV)A#C_3G_|$j5Bdo~XAx~{jcHu?l(NfJ
zqe~Gc4J^lsmLG2J4DP<@L=a9A!pRc)y&Ub1AEtgDCC-Ts@76jVp`SoO_m@IEYT`xD
zkss*+uVQr~y=e&_{1lZvy>8-{<Fe5{bl&!Ol;PoM=ZK!@s1KX=OI^*Q(WaM!B%19<
z(^Y>&o6f9bxD*jlSpW>3FGLw0tCQ^u(y9PdWn^8=?7AAihY$c|Q12kNc3yl7XGP{*
zstyr?qL%b4s<m57sZWUKe>t9^nIUwzv9`U_?l*qD#bazCZR(3#x<dtEoDpH|R+_a4
z_*2iMCX^7-Y;jhxEyla(v559O?FnmcD>to}D%zvbSEjavwnXrSN7J`yj)}_Sxw)4m
zE^4FIqdB)}iB?T+EPd8i8%B4v0Xtqq-=zL+!M>`vDa+bO-gfv^Ra!vJE3`GFv3R^N
z?xo-Gh1bJeI@v*6OP^IJE`v69)ZU}b9l(XBulHz4N6=4=$e>xBFv@9H;n$-8L@{PJ
z-G8<AG>z<pFF>h#sQhXKa6n4mq0G);>wPN6VcXgUD^T49a0H-Gs_Lp$(Rna1;JK5&
z>w-prE;j)`01XJ_UV5e*(AEa<Bd}1>1?1-Jfy7${7h~zW9@<d4r@PbfW$-YL2Z_L-
zuU2-2_wm6s+7PPjfeHYKTdBh}(TM^D%%QSg+B$07lUqfRzI00Lt*xRzdtzKb@zVIG
zn=ba&o}>ftQW%!oPp>i!INOIreeeYsZ7V&(yA5otDcy6e_9~6(ho5x-*imYKEq(&q
zDy1>kVN=Tb<0sIoR?ZULH2{m-@;cCf1T}NIoOr#qj0y&T2BfFN;X5>(mvRssXP`kb
zv}~X@h;pt63s9ZIRDU48fWRmXYs-8Jv8hiRuh+WLyMwh<I?F5oTfU>?gYX3$<zw1E
z7+)A^8CCb!+ESZgS`B?V1T<h4+iCMqd;xy=h&Bzw7l4Cp^!RXm0R-?mqk4Iy_6prS
z0yIDXA5ia+_(C*)EDp}N7hZv%5VV%baig@pB1X}|vi1geHi_zo>1vCU!wC!7boyp^
z!qqov!yHDyX&>FJ%@axz-VgJs!Fb>(z7MoKx%3t-CR!16b$6oNgYDs9To{9xZ196x
zx=b3Q-4$gCyL?x$l#c_RR6CYk9v(u_lu6^Ypu-9a*^Z{RH8LrGl9njPPtX=bEBts&
z;R=ZgGfE2r7}|cjmLcz~)~<4-g~D>nWNnDUfOt1V+a_b%w%ms8;9=47oron7hS#H%
z+Y$aWztyQdr^bTlciZi7y3~|`EwtgF+mz*Z!u@d=LUP_++KDIw-rb%4pT37ZHJ(ib
z;K{w(fanjOY%vA?rxJ&V^C~A|zh8SPN(#AJF^SgSj|H1GO#^PAghb??8u+BDo#}D4
z<iNg!=1tY(=;hT=z)4duiTMv`$@Jud+Mf=a&(*?-_Sa0;kcPo>%zzXRYmY?bgj^mK
z{I7gO8xbW%TunLrZ$b}l#?GFf%u*M@FI@YQh^LXgunlu(X!}?`$6eP@%_^L*(F?RR
zYo3`*$<M(KwtOCo+V@kZWdp0KQ$4PeiH~U|suKibu3mMi4|4b{?YSs9?CO3gX@QQ<
z)r#nu7hz{MzW{kt+URN|EH9O+=4k<^^3WXZTW2(;tMjGS60PT{8FRQ*Ghf^6bm8^8
zu2(%XBysN(uqp3bz(<xWzzx9bgFuVGoyjQ@67^3+n}uCn6;xp^x<oQvy_rNH71QCz
zqWd7*JgME{G(wcrjix@WwWP|Yv;uOU$1EoFab^)m+n$0lho8~_M039gnWj9gjf=Jn
zx=I!Lp+BSbh}MT?|D_0K6tmwi*Dlk>Mt=ll{tB&a^ha1$KC8`){xIdq=c1<-F@-C@
z$VWNVSb9C`I|n*5a}@Rn7)b|*_SGDmh%PT`Th)33AM`j4lIB4ZHg(o>C3sVvA;OIK
zRF;BV{*v~eD2+2$kext>2Le6{zpS;1(oL85GX2@rFgvP;pciLR0WK+PV0|2#-__co
zEnlnQ&6L+B7?c;*X@{c>Vb|5jTDV%4{<m(Sfx~qKse}B?t{V!BhL4dOI<isAly|&_
z07Z$%!`ame(E<HsM|vnI=f7UJO2E*rV?2k}zOLoSk(;!SqU}s*Y&5TdT5pAca6hAE
z$)`7KH#-b~%?8&oNHFYjgophbYqd?$@1U&RuC0jjvqm8~fkxbbBgOEJT(d*FEm~>1
zM*O>y>c6Aq${BBKuR9z7yE=kHr76V7(L1$=qjbM(&?P#7UO;=^!%X_VS2ta}nq7Q9
zY5;tAkM=PT<&|4^)h!Wn$|@K<YA<{5)^2dbBAe`bMWZ=;AuV~Y_CmD6@45l~sl)|<
zN!3P%b!15bRepjeFIIRN`dC{RWevKn`F~gwDK?0Z6~+S4J@2&{cC}GlNRNo6@t<Rn
zPwd0><5Zfi(4|U=%5iFC{T{D8_(jw>`eBt?ae4xEyv<0mHm{7AH+~5#$^!f_JlVA8
z9wUohoe7=pI3D_6ct0?=o2D2ARCqw!?68FqkIp@$<u5{!g$JQktcZR*Cd@vBYeg}6
zp<)i2b@Fg@o%}E_xpaPpkt1*WT0@2&H}VGM@^7O0<wt}WQTSHId?S^P9Mu}omJWJ4
zb$lKp0o;W#%{7Xw2LG#1KONP+R2}*Ju7JY3zW*+&@qS;>HBjMOH1!y^xb=^?rPuxt
zy+i!Iu&bkkexcS;48PCBXcb1*_&7$ZM&|d***|NQ&W}Jqo;jf%i~b17Bd4MU)Q@2Q
zjx!90@ND=&?H3JCChCV@Ui(}0<obiK2n>tKZ-1{_jv%KyEL{ntZR{Ufz*#mN)^bIo
z$ByX@<-R`w7^rFD$TlU<Q6RdJzqPBK4uFC`@K0UWIH+Hq(^f~h!>~?xQqPhvUeJa|
zX{M``L9*BKb;oJ~hL9744oHbdi^uDunjYP~a1dI~Fc&p=&B&*5_4N93qM_gFND7Bt
ztsD^SLOne?b0E-zV)f`?asJvmnAqkxeTLI00>x7_0xezMm4IhK_Ne@kpew>2m4eIm
zC)SN80uZUb?${5`<ZMF~zv6|V_Dv&g(N-gtP9|eae>c#_IO6g8mP-@g0CfFOie4C{
z1<`8xZz5m5pQ_&xrG;_rFpWUVku_=hqtOZzZdq+BtuZCP4Q)pTsX@8z^dP1D37E2~
z0Ozgd9V3y})Z%;;X6kwLQae5H@7gv_v$1ad2Hvy)@Y=rrx6HK}dLsSYUibdH>1DyC
zG_67h#C>JAQNgNhgARI#<Ly$X3-&Vb@LVW&XX=iZ#A&G&4sB_+K21#z`KYd{D;}u3
z=js=t6{f4}<qASYp?o}Fzul?DG44m(ya)vD-wDWlIi4nHZ?RraRu$?`Da8qR{Tqw*
zH=^G`xvfOs9c_yXkEWi(3*71^I$jKTMZBiG&{VH<7=UB8V~EkgC#i7@J)fp;#*Oqw
zsouq5@q2KTFR@6l?2lIXaABh&TNbp^9hV~D58`BlRw&n&>CVXxAYX8Rq7i5X^4@ZN
zQ&fP7nSnWjfN#c7Prsf`u|C}5^SnAaEN}`UmsuoOs-0N`{BnDsZq9+AtO@DanwnoA
zESE?0`=jkmR|f|$t!Se=VL<@5dUvKZrseyfO~WeyN_*PthAeCsJzfDs4t@X4QX-)+
zHI7gilCJ!?+nA~k8%fl<BY=GvNj#YH`i4BxdzB6VSN-tGWu5d7qCWz%y0d;)^hZdZ
z=n_4x0X&4Yq*Gn6I>Wl@c#P+!2n3)NKBKYxxV!Ecl|a~sh-TOcBadLdvnW@Gv!+m6
z^;-MG38RRNo_ej*KH$1pA+S`|M@Puq3tOv#oF2XOSEF5oumK9B1<M*|T;YhsGp^(R
z2k?@mP~1k;=O_;R-u`-$yz5#$<TMAMQ|>^&Tq{vKC|VJ40TW|P_);_4GeA$Je==cr
zrVP;W*2hzfgygpC>$VE7P!)_1d+FZ6fS^_2lbl>P!M*1VlkOg@H>B9X`q!#8a%D~q
zhOJVw#fwr~2QE%F>NS${hw2YRD*`wI3P<J&gsr+kvv$JM?e{WnG=(VF81;NyvCEOf
zskFOC!ZIxzp*vS(0B=OQM(S;q#30^;Oqd^t@Wj;1mK9aelN!XkPwAzKhLjcqbiHFU
z%s}<B{83Sl)@3pbQ>8bh-Z$v)^E85<fXus5?-!NLofq5)MR?*Sy{THIpeG`0Zw7<n
z_IjlI7QQ_~VPsS0aiE+br;OGcDhhkVOrdjQaEx}2!DV8AF(8x1>3CVdCxUCX^c%+O
zemQ@<4p<z-kUTU2pDZ(shdIvIm)$1mS&G7sgNib(TF+PPrd%;uFJN(adC6mO<Ex>K
zg}31heSfQ-!c0D|{QEXNSAF_q_8oc-3xlUn!r^HiExA*Vry14Q=*6EyG4|Z0=g>2E
z>fbRF^3ENms=M`gxfWGQOi+G!H&QQHct|$8S4Vh@&oJKOQk!MSrT6JbG6EqY*H6J1
zcyy-o3N&ph_Mqz`y@)EN!SX*g6&=p3L8?Mzs=fnF@Lq$gdo@;g90fIcUv7;z8ufP(
z8y>*%p8tT3+!+u9a`A)CTwvBpIZ~5&SB5u$x`;#IhvxdS-NU+HQE}(jMSb<<laJ^@
zmJ{&Ej~>+@VFsAE<|=fnnTa|k_~1nHv-6?Hpxqb=0v-Mv2bw<{Nez=`>;JHTfSfo-
zzf)BQU4>k|Z5cf9_<4Gs62gkax!iQPzmX{W&ezivIn0SJAj_J^^<qWg{Z*9O1$uKe
zHq)9{4Z!FLyapvcp<lp|f*w3EK3?snCJXg*{F`4v@mscE1VzAbf<9SAdL|3xtZl{H
zd$FD%mp<vJQ80kiUvBZqV!fr%!Dh{^&XU<r>xOE?@7CPG#6d>9yn2ZqtE7fypJ%We
z+(AUHSgPY49iOJFDW`?gp5@S?5B5ZLNCubdI@cq|q1>rokHgmES!_o23LVG|s=Tfo
zL{~^Qc^<m@<+D!bNO~x&qsG(w3n1{xZ=fR=SL-R(k^7M4|2#TMu%J70*C<j9C9TvO
z(Aq^%toiexNv9mTVjaUBLD7}SX%f#<haiaZ=3OaL(HFm<f5FTFs0fb=#QJjSi*U;@
zV|bHCR_Y!#Y)(Yrpzr)DENQz{SV3+Uj#BrIz(cF`GBlW}z(*ACh)ocNo|`DD>1tU=
zZ9wRvk?ghx3W|P^Jvnu)js!M*dO4Z9DNR|g$H_M9qxC)sA`&=I?^pTT+49tX^$bM_
zptHJUbXoSQUZ$wQE2!jKkNfrhKQZ}QP88>~b$a(T{W$j*;{I}}U>7#(6^TsG*ypiQ
zZyc**zFbi*^`CeIVOJBCz%DCZch&}p7!HME%itESeKOkCs$LvJU%sJ#%l(*g`zHNA
ztacHq-K00CWt%a>VVhynAr!uHk&4<lEuAK8MOEz<J)Ku1g3PK-dcOQ)tBwas{PxRk
zwa(mujpZVYLo&v8oGm4K)OLi5tN-U1B3y1;c0j?nRan0LmSaF75xM(q$3#X<`OQ0e
z95*%T>v#0DMepi=gByu%7v9y8(~M7_tpC1VUw!&z{s%g;;6V+@mb;u2Vg_mAZkYQ1
zAL8(FRY>A@(2+S|x1J|=?7?ukCL#~*)$tIHPg7QWjQb!a6v18A1o;j5bovu$)~lZ=
zn-GE1TmotywciKDhh`N~*++2B@bhbKguj*IYI)UX(79No@gSrvM%0)`l_@YSu;|GS
zIT$6UG&Jy+0jYRJR{Qhv=MV;3n)SwxEIR!;j#7{P`b+g#Qi%F~rI%3Em)M1(FJX}s
zH7r5xD-xIkskChFdLP7M|L*`+SaF#0gM%17e*;ka<q*uE`VPoONBG`iI-NO$$L2m?
zV}n#(M2`9f_n!JT<@#@VrND<YR-|uJzwhB>e}5ELD>L9iJO3R#ANB2%kstJIH5^=N
znLM0}KSIraKLhoB=tun*#TAhE9n(iSErJpm6PeC;NM1Ou7pWD(^_A!3LbpEwjpMb1
zOP<T2U52baiLF;8Tx1UE=~L0M<IY-pI=VWzv<{rXl5?kipFI5wg!4T7bm|w}U9EqE
zGO4<ttoU7Ds6--fpoNNy<b|_(M~B2`OC`{j{e^pX!k>DnLyx$^iZ0*$OTXJ8nXcxS
zB9{8{KmSA*2G`n(b1)m+8*&8ppT~X8dxk4b?b(+XvGLtM!y*;_s;4eo24Lg#IjGo)
zi+U{0y{Ny<v&D5+#7VO0uT3%<tM2d@76pnT*9jxnksg$LHKV2T9oc9YT^&x`4Nm+q
zp`Ou7k#KiKNwqPCS2YMCL*;t-ILUEFsYCE70;j9S(9(D#PTm-AxSi&HOtmh-B9Tre
zpz@Uj!{<~6uB?>tNk-U_7bL_WIkKw0G1ei3<emn`&CYiincGHFiL=tqA(#?`Dz#F$
zy!cN&>8doO9Tuh;=Xv>XZM9}%0rE9u$3{k9)j6)Md?yWbZMu=+kod(zWriMgWBj}g
zNY1;MVN7;}2VLnbXMGl4J?3Q@e<+3!r53|wJeZ9$`f|2$K@pLk&BTj2nC`9|Lvv(B
z9O~>mP=Coagwv@BM3kcl+L43cziqzJTG0`}MCtbx;!<BxV02PaaLcf4d9l!_?+|<v
zgci=XUv?}pdOHFFt}+&!&cQ<iDH|KT9C{FkMrC+bHih68O$|rC5xTT#X2dvhOq$Rf
zwrE6Yv@!yurMXe8)&YS_KCeTsmPWpmEez*`b9#R(%(<`?7UD!p<03BvaxFp3cbWyA
zz3JB)dsE)p_?7o20!NEwO(;h;Td#7%IpeVSV?2gqW?=HCcn#d?{s_`#xB3kHNv5BV
z$Ju~!Sj6Kq<Ql>v_(4nl88WWsdf-?cOv6;4AvvY3(MgLzrimB9xbnvFa@9&vLQx8-
zx2$bf87<}Lj>cK;4l8}StI<Nv?qv9x7k}#8%XwSs12W}RV1Zh7G4O{j{s`6wyw@@t
zrc_zyvL?wfJ&eIj1;pBqA6_!$;hxA`KoeXx4f+^Gs5Eh7T+w7uKVtwGOixIz>u<y`
z15k{1>}Hlz$ALzQ{Cj}$zF=|)&>;|c2}FJ$6YwT6oS|}BG6Y~p?HzDn{l^Tveho#?
zyL7$glc=~&afVzsUIMh+4l{;uH^@clr2HI)$EkIt(Lf#^VSL2=uy~h|V0oZY%?cUG
zt}5L9B@!@q7nXp{U}!rET)%sh(T1sTc(0(A-eUAr)R5EI!N@z_Vi;6876JQ#F-9uS
zABnYR#u;PPClaM6s^vv0@V^F9ZFFZ@*qiGZ6_!AS%b5VLq&pq{LMxF^-hu68O2~EX
zzk%azcNqyR9WKL%_n=QOnIRw^j3CSN_Zi=dn1Ba+b2Wp-c{FI60kh3(S`jo#tlIz9
zlar<z4=bh+K)EQQ98c?Nj1pSJiNnKd3;;`j(OB^~HIe`(H<Vo;H1aeiv-Z`I(<%88
zqa~|VfNDPiQn>X&JkupTVzic(55s7IAKQDGKa+;dFiM>PtzU~xzSL;Z5!hi>dAgf1
zh$c)o2Go(37?2W@|I9FufgSK*!$)4$)i$$?L5hkKRfl3XpuY1AAMND_+N2feg;8t?
z6#F$E5cXejO5oiUnilX-QLf%x)+~TNp(mWegHK=w!HK-`YiaJ!T7eu-MsuzVc^54)
zA~f=8oTY6`A%1@+p2U+t^^bgzN~ex#%~hpb_LMO~aD&jsCB_79%IV-sjb<#DH{L;N
zUtMmrV+wYDfJ*4B{~Qbe6G9GwKuD64UU0g{rY~7(bY=!@dQS(lUih-%rQXkBFj&#X
zvifD?IZV?F9k_-LoI{?&+BL9K|9QnYpvWOtZw90n=Id#4(ppxgfEVu5{p*cuAlHlS
z?dgEffSJ>2*sI7I&asWpxh=M`w*x@~pys{s`gnyn4^!dGbW$44<uqv=!_>X-QO3Vv
zM3@Z+v8O_kC6Hw3EdIKlA0jVd%Nw^ECxs5GJhRQH;d-3D;p}b{O8TGCM?+nZP*+A5
z-0a`H%{C~2G<E=943tU$rMD^ytjnTidNY~(zOjSHjH5T?3OG^QrIyc&Eg0c=4dZw7
z$qsO?_7#i_O(w{rdkvqetK()o(@kG|3JW{s6XS25CKCRR95B3c^**Bq^I~JFE_n|L
zGVcpEG6BvazJg33XHv%lI15Mi;p?|CP^0<vH1&5a39{fTV++>9=aGjG7|3A=;Kdlt
z8Gw`kAp0r`_j4JNob#>WS1Ktxeq;QGndA8ud&7{N1SIF-Ch#+RE6kBHe~jvk{P}y>
zN+aOI`|b80F$4aL5I$ST$Z?!_{08tk<b=_LCE!oEFC&a`H0X>Gkw2eOy5Iu}aJepp
zPW)ncXzo!Ml$pO6fAD~Uk?4RfVTAFNcQ(pJUp|B-0J51X3w}4AWqw4|3ah*VQ<Nvq
z8p%ASP(+Hqj70v#8%oMQ>R|a084hGXv0RQnudJ014<G~BacD;6qF!`77cTO}6Yv3k
z?0yAK2mmooCTR73;yS!+ICT;jBCaz~BCf6q>RSm65CneI>wE?Fw=TY3^!9?K{r>}i
ziiOSFqm}XXP-0MGQQ}bIQ4&xRQIb&VqclKCMoB?QMQMnVhSCTn9mS23fs%=mg_4bu
zgOZDqhmwy{fKrH3gi?%Bg3=hJ2})CxW+<g7%~4vQv_xrzQijqRr5weB;zjYH_)!8V
aL6i_m7$t&YqO?J2i_%V3#<%bP=Klfd6pWhy

diff --git a/src/etools_datamart/apps/multitenant/postgresql/tenant.sql b/src/etools_datamart/apps/multitenant/postgresql/tenant.sql
index 122218f36..c3d2758b1 100644
--- a/src/etools_datamart/apps/multitenant/postgresql/tenant.sql
+++ b/src/etools_datamart/apps/multitenant/postgresql/tenant.sql
@@ -3,7 +3,7 @@
 --
 
 -- Dumped from database version 9.6.10
--- Dumped by pg_dump version 10.4
+-- Dumped by pg_dump version 11.1
 
 SET statement_timeout = 0;
 SET lock_timeout = 0;
diff --git a/src/etools_datamart/apps/security/admin.py b/src/etools_datamart/apps/security/admin.py
new file mode 100644
index 000000000..57d276605
--- /dev/null
+++ b/src/etools_datamart/apps/security/admin.py
@@ -0,0 +1,8 @@
+from django.contrib import admin
+
+from etools_datamart.apps.security.models import SchemaAccessControl
+
+
+@admin.register(SchemaAccessControl)
+class SchemaAccessControlAdmin(admin.ModelAdmin):
+    list_display = ('group', 'schemas')
diff --git a/src/etools_datamart/apps/security/models.py b/src/etools_datamart/apps/security/models.py
new file mode 100644
index 000000000..560b83fbc
--- /dev/null
+++ b/src/etools_datamart/apps/security/models.py
@@ -0,0 +1,15 @@
+# -*- coding: utf-8 -*-
+
+from django.contrib.auth.models import Group
+from django.contrib.postgres.fields import ArrayField
+from django.db import models
+
+
+class SchemaAccessControl(models.Model):
+    group = models.ForeignKey(Group, models.CASCADE, related_name='schemas')
+    schemas = ArrayField(models.CharField(max_length=200), blank=True, null=True)
+
+    class Meta:
+        verbose_name = 'Schemas ACL'
+        verbose_name_plural = 'Schemas ACLs'
+        ordering = ('group',)
diff --git a/src/etools_datamart/apps/security/utils.py b/src/etools_datamart/apps/security/utils.py
new file mode 100644
index 000000000..9ce9b2e4d
--- /dev/null
+++ b/src/etools_datamart/apps/security/utils.py
@@ -0,0 +1,52 @@
+from concurrency.utils import flatten
+from constance import config
+from django.core.cache import caches
+from django.db import connections
+from unicef_rest_framework.models import Service
+
+from etools_datamart.apps.etools.models import UsersUserprofile
+from etools_datamart.apps.security.models import SchemaAccessControl
+from etools_datamart.libs.cache import get_cache_key
+
+conn = connections['etools']
+cache = caches['default']
+
+
+def get_allowed_schemas(user):
+    key = get_cache_key('allowed_schemas', user.pk)
+    values = cache.get(key)
+    if not values:
+        if config.DISABLE_SCHEMA_RESTRICTIONS:
+            values = conn.all_schemas
+
+        elif not user.is_authenticated:
+            values = []
+        elif user.is_superuser:
+            values = conn.all_schemas
+        else:
+            with conn.noschema():
+                aa = flatten(list(SchemaAccessControl.objects.filter(group__user=user).values_list('schemas')))
+                etools_user = UsersUserprofile.objects.filter(user__email=user.email).first()
+                if etools_user:
+                    aa.extend(set(etools_user.countries_available.values_list('schema_name', flat=True)))
+
+            values = list(filter(None, aa))
+    return set(values)
+    # return set(map(lambda s: s.lower(), aa))
+
+
+def get_allowed_services(user):
+    if not user.is_authenticated:
+        return []
+    if user.is_superuser or config.DISABLE_SERVICE_RESTRICTIONS:
+        return Service.objects.all()
+    return Service.objects.filter(groupaccesscontrol__group__user=user)
+
+# def schema_is_valid(*schema):
+#     return schema in conn.all_schemas
+
+
+# def validate_schemas(*schemas):
+#     invalid = set(schemas) - conn.all_schemas
+#     if invalid:
+#         raise InvalidSchema(",".join(invalid))
diff --git a/src/etools_datamart/apps/subscriptions/migrations/0001_initial.py b/src/etools_datamart/apps/subscriptions/migrations/0001_initial.py
index e2ed5ec31..934cf094b 100644
--- a/src/etools_datamart/apps/subscriptions/migrations/0001_initial.py
+++ b/src/etools_datamart/apps/subscriptions/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-12 22:59
+# Generated by Django 2.1.4 on 2018-12-17 21:03
 
 import django.db.models.deletion
 from django.db import migrations, models
diff --git a/src/etools_datamart/apps/subscriptions/migrations/0002_auto_20181212_2259.py b/src/etools_datamart/apps/subscriptions/migrations/0002_auto_20181212_2259.py
deleted file mode 100644
index cf32057b8..000000000
--- a/src/etools_datamart/apps/subscriptions/migrations/0002_auto_20181212_2259.py
+++ /dev/null
@@ -1,27 +0,0 @@
-# Generated by Django 2.1.4 on 2018-12-12 22:59
-
-import django.db.models.deletion
-from django.conf import settings
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-
-    initial = True
-
-    dependencies = [
-        ('subscriptions', '0001_initial'),
-        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
-    ]
-
-    operations = [
-        migrations.AddField(
-            model_name='subscription',
-            name='user',
-            field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='subscriptions', to=settings.AUTH_USER_MODEL),
-        ),
-        migrations.AlterUniqueTogether(
-            name='subscription',
-            unique_together={('user', 'content_type', 'kwargs')},
-        ),
-    ]
diff --git a/src/etools_datamart/apps/tracking/migrations/0001_initial.py b/src/etools_datamart/apps/tracking/migrations/0001_initial.py
index 59018475b..27bbc9450 100644
--- a/src/etools_datamart/apps/tracking/migrations/0001_initial.py
+++ b/src/etools_datamart/apps/tracking/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-12 22:59
+# Generated by Django 2.1.4 on 2018-12-17 21:03
 
 import django.utils.timezone
 import strategy_field.fields
diff --git a/src/etools_datamart/apps/tracking/migrations/0002_auto_20181212_2259.py b/src/etools_datamart/apps/tracking/migrations/0002_auto_20181212_2259.py
deleted file mode 100644
index 6fa3070d8..000000000
--- a/src/etools_datamart/apps/tracking/migrations/0002_auto_20181212_2259.py
+++ /dev/null
@@ -1,51 +0,0 @@
-# Generated by Django 2.1.4 on 2018-12-12 22:59
-
-import django.db.models.deletion
-from django.conf import settings
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-
-    initial = True
-
-    dependencies = [
-        ('tracking', '0001_initial'),
-        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
-        ('unicef_rest_framework', '0001_initial'),
-    ]
-
-    operations = [
-        migrations.AddField(
-            model_name='usercounter',
-            name='user',
-            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL),
-        ),
-        migrations.AddField(
-            model_name='pathcounter',
-            name='service',
-            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, to='unicef_rest_framework.Service'),
-        ),
-        migrations.AddField(
-            model_name='monthlycounter',
-            name='user',
-            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL),
-        ),
-        migrations.AddField(
-            model_name='apirequestlog',
-            name='user',
-            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL),
-        ),
-        migrations.AlterUniqueTogether(
-            name='usercounter',
-            unique_together={('day', 'user')},
-        ),
-        migrations.AlterUniqueTogether(
-            name='pathcounter',
-            unique_together={('day', 'path')},
-        ),
-        migrations.AlterUniqueTogether(
-            name='monthlycounter',
-            unique_together={('day', 'user')},
-        ),
-    ]
diff --git a/src/etools_datamart/apps/web/static/style.css b/src/etools_datamart/apps/web/static/style.css
index 0c89bafe5..3dc611649 100644
--- a/src/etools_datamart/apps/web/static/style.css
+++ b/src/etools_datamart/apps/web/static/style.css
@@ -199,8 +199,8 @@ input.input100 {
   .profile #areas ul, .profile #areas form, .profile #services ul, .profile #services form, .profile #password ul, .profile #password form {
     border: 1px solid #cfcfcf;
     overflow-y: scroll;
-    width: 200px;
-    height: 300px; }
+    width: 300px;
+    height: 400px; }
 .profile #password .message {
   margin: 20px;
   text-align: left; }
diff --git a/src/etools_datamart/apps/web/static/style.scss b/src/etools_datamart/apps/web/static/style.scss
index 374b80f58..d13f17d40 100644
--- a/src/etools_datamart/apps/web/static/style.scss
+++ b/src/etools_datamart/apps/web/static/style.scss
@@ -350,8 +350,8 @@ input.input100 {
     ul, form {
       border: 1px solid #cfcfcf;
       overflow-y: scroll;
-      width: 200px;
-      height: 300px;
+      width: 300px;
+      height: 400px;
     }
   }
 
diff --git a/src/etools_datamart/apps/web/templates/admin/index_new.html b/src/etools_datamart/apps/web/templates/admin/index_new.html
index 42069c161..f2fbbb37f 100644
--- a/src/etools_datamart/apps/web/templates/admin/index_new.html
+++ b/src/etools_datamart/apps/web/templates/admin/index_new.html
@@ -5,6 +5,7 @@
     <input type="text" style="width: 578px;padding:10px;margin-bottom:10px"  id="filterInput" placeholder="Search for names..">
         {% if groups %}
             {% for section, apps in groups.items %}
+                {% if section != '_hidden_' %}
                 <div class="module">
                     <table style="width: 100%" class="section">
                         <caption>
@@ -21,6 +22,7 @@
                         {% endfor %}
                     </table>
                 </div>
+                {% endif %}
             {% endfor %}
         {% else %}
             <p>{% trans "You don't have permission to view or edit anything." %}</p>
diff --git a/src/etools_datamart/config/admin.py b/src/etools_datamart/config/admin.py
index 360f4f746..8fa9993a7 100644
--- a/src/etools_datamart/config/admin.py
+++ b/src/etools_datamart/config/admin.py
@@ -17,13 +17,17 @@
     'Administration': ['unicef_rest_framework', 'constance',
                        'dbtemplates', 'subscriptions', 'etl'],
     'Data': ['data', 'etools'],
-    'Security': ['auth', 'unicef_security',
+    'Security': ['auth',
+                 'unicef_security.User',
+                 'security',
                  'unicef_rest_framework.GroupAccessControl',
                  'unicef_rest_framework.UserAccessControl',
                  ],
     'Logs': ['tracking', 'django_db_logging', 'crashlog', ],
     'System': ['redisboard', 'django_celery_beat', 'post_office'],
     'Other': ['unicef_rest_framework.Application', ],
+    '_hidden_': ['sites', 'unicef_rest_framework.Application',
+                 'oauth2_provider', 'social_django']
 }
 
 
@@ -70,7 +74,8 @@ def index(self, request, extra_context=None):
 
     @never_cache
     def index_new(self, request, extra_context=None):
-        key = f'apps_groups:{request.user.id}:{get_full_version()}'
+        import time
+        key = f'apps_groups:{request.user.id}:{get_full_version()}:{time.time()}'
         app_list = self.get_app_list(request)
         groups = cache.get(key)
         if not groups:
@@ -80,6 +85,9 @@ def index_new(self, request, extra_context=None):
             def get_section(model, app):
                 fqn = "%s.%s" % (app['app_label'], model['object_name'])
                 target = 'Other'
+                if fqn in sections['_hidden_'] or app['app_label'] in sections['_hidden_']:
+                    return '_hidden_'
+
                 for sec, models in sections.items():
                     if fqn in models:
                         return sec
diff --git a/src/etools_datamart/config/settings.py b/src/etools_datamart/config/settings.py
index ddb5b9e38..08a7caeef 100644
--- a/src/etools_datamart/config/settings.py
+++ b/src/etools_datamart/config/settings.py
@@ -23,6 +23,8 @@
                   # CACHE_URL_API=(str, "dummycache://"),
                   ABSOLUTE_BASE_URL=(str, 'http://localhost:8000'),
                   DISCONNECT_URL=(str, 'https://login.microsoftonline.com/unicef.org/oauth2/logout'),
+                  DISABLE_SCHEMA_RESTRICTIONS=(bool, False),
+                  DISABLE_SERVICE_RESTRICTIONS=(bool, False),
                   ENABLE_LIVE_STATS=(bool, True),
                   CELERY_BROKER_URL=(str, 'redis://127.0.0.1:6379/2'),
                   CELERY_RESULT_BACKEND=(str, 'redis://127.0.0.1:6379/3'),
@@ -258,7 +260,7 @@
     'etools_datamart.apps.web.apps.Config',
     'etools_datamart.apps.init.apps.Config',
     'etools_datamart.apps.multitenant',
-    'etools_datamart.apps.security',
+    'etools_datamart.apps.security.apps.Config',
 
     'constance',
     'constance.backends.database',
@@ -365,7 +367,7 @@
 SESSION_COOKIE_SECURE = env.bool('SESSION_COOKIE_SECURE')
 X_FRAME_OPTIONS = env('X_FRAME_OPTIONS')
 USE_X_FORWARDED_HOST = env('USE_X_FORWARDED_HOST')
-
+SESSION_SAVE_EVERY_REQUEST = True
 NOTIFICATION_SENDER = "etools_datamart@unicef.org"
 
 # django-constance
@@ -396,9 +398,12 @@
 AZURE_LOCATION = env('AZURE_LOCATION')
 
 CONSTANCE_CONFIG = {
+    'CACHE_VERSION': (1, 'Use MS Graph API to fetch user data', int),
     'AZURE_USE_GRAPH': (True, 'Use MS Graph API to fetch user data', bool),
     'DEFAULT_GROUP': ('Guests', 'Default group new users belong to', 'select_group'),
     'ANALYTICS_CODE': (env('ANALYTICS_CODE'), 'Google analytics code'),
+    'DISABLE_SCHEMA_RESTRICTIONS': (env('DISABLE_SCHEMA_RESTRICTIONS'), 'Disable per user schema authorizations'),
+    'DISABLE_SERVICE_RESTRICTIONS': (env('DISABLE_SERVICE_RESTRICTIONS'), 'Disable per user service authorizations'),
 }
 
 CELERY_BEAT_SCHEDULER = 'django_celery_beat.schedulers.DatabaseScheduler'
@@ -500,7 +505,7 @@
 SOCIAL_AUTH_USER_MODEL = 'unicef_security.User'
 
 # POLICY = os.getenv('AZURE_B2C_POLICY_NAME', "b2c_1A_UNICEF_PARTNERS_signup_signin")
-SCOPE = ['openid', 'email']
+SCOPE = ['openid', ]
 IGNORE_DEFAULT_SCOPE = True
 
 SWAGGER_SETTINGS = {
diff --git a/src/etools_datamart/libs/cache.py b/src/etools_datamart/libs/cache.py
new file mode 100644
index 000000000..7448c0d1b
--- /dev/null
+++ b/src/etools_datamart/libs/cache.py
@@ -0,0 +1,7 @@
+from constance import config
+
+from etools_datamart.libs.version import get_full_version
+
+
+def get_cache_key(name, *args):
+    return f"{name}:{get_full_version()}:{config.CACHE_VERSION}:{':'.join(map(str,args))}"
diff --git a/src/unicef_rest_framework/migrations/0001_initial.py b/src/unicef_rest_framework/migrations/0001_initial.py
index dbce3fc3e..cdb1e1e3c 100644
--- a/src/unicef_rest_framework/migrations/0001_initial.py
+++ b/src/unicef_rest_framework/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-12 22:59
+# Generated by Django 2.1.4 on 2018-12-17 21:03
 
 import uuid
 
@@ -72,6 +72,7 @@ class Migration(migrations.Migration):
                 ('cache_key', models.CharField(blank=True, help_text='Key used to invalidate service cache', max_length=1000, null=True)),
             ],
             options={
+                'verbose_name_plural': 'Services',
                 'ordering': ('name',),
             },
         ),
diff --git a/src/unicef_rest_framework/migrations/0002_auto_20181212_2259.py b/src/unicef_rest_framework/migrations/0002_auto_20181217_2103.py
similarity index 98%
rename from src/unicef_rest_framework/migrations/0002_auto_20181212_2259.py
rename to src/unicef_rest_framework/migrations/0002_auto_20181217_2103.py
index 069de21bf..460d2794b 100644
--- a/src/unicef_rest_framework/migrations/0002_auto_20181212_2259.py
+++ b/src/unicef_rest_framework/migrations/0002_auto_20181217_2103.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-12 22:59
+# Generated by Django 2.1.4 on 2018-12-17 21:03
 
 import django.db.models.deletion
 from django.conf import settings
@@ -10,8 +10,8 @@ class Migration(migrations.Migration):
     initial = True
 
     dependencies = [
-        ('contenttypes', '0002_remove_content_type_name'),
         ('unicef_rest_framework', '0001_initial'),
+        ('contenttypes', '0002_remove_content_type_name'),
         ('auth', '0009_alter_user_last_name_max_length'),
         migrations.swappable_dependency(settings.AUTH_USER_MODEL),
     ]
@@ -136,7 +136,7 @@ class Migration(migrations.Migration):
         ),
         migrations.AlterUniqueTogether(
             name='systemfilter',
-            unique_together={('service', 'user'), ('service', 'group')},
+            unique_together={('service', 'group'), ('service', 'user')},
         ),
         migrations.AlterUniqueTogether(
             name='groupaccesscontrol',
diff --git a/src/unicef_rest_framework/pagination.py b/src/unicef_rest_framework/pagination.py
index afebd5887..970c3ec81 100644
--- a/src/unicef_rest_framework/pagination.py
+++ b/src/unicef_rest_framework/pagination.py
@@ -1,12 +1,50 @@
 import sys
 from collections import OrderedDict
 
+from django import forms
+from django.template import loader
 from rest_framework import serializers
+from rest_framework.filters import BaseFilterBackend
 from rest_framework.pagination import CursorPagination, PageNumberPagination
 from rest_framework.response import Response
 from rest_framework.utils.urls import remove_query_param, replace_query_param
 
 
+class PageFilter(BaseFilterBackend):
+    template = 'rest_framework/filters/paging.html'
+    pagination_param = 'page_size'
+
+    def get_form(self, request, view):
+        Frm = type("SerializerForm", (forms.Form,),
+                   {view.pagination_class.page_size_query_param: forms.IntegerField(label="Page Size", required=False)})
+        return Frm(request.GET,
+                   initial={view.pagination_class.page_size_query_param: self.get_pagination(request, view)})
+
+    def filter_queryset(self, request, queryset, view):
+        return queryset
+
+    def get_pagination(self, request, view):
+        ps = request.query_params.get(view.pagination_class.page_size_query_param)
+        return ps or view.pagination_class.page_size
+
+    def get_template_context(self, request, queryset, view):
+        current = self.get_pagination(request, view)
+        context = {'request': request,
+                   'current': current,
+                   'form': self.get_form(request, view),
+                   'param': view.pagination_class.page_size_query_param,
+                   }
+        return context
+
+    def to_html(self, request, queryset, view):
+        template = loader.get_template(self.template)
+        context = self.get_template_context(request, queryset, view)
+        return template.render(context)
+
+    def get_default_pagination(self, view):
+        return view.pagination_class.page_size
+
+
 class CurrentPageField(serializers.Field):
     page_field = 'page'
 
diff --git a/src/unicef_rest_framework/renderers/api.py b/src/unicef_rest_framework/renderers/api.py
index 73c75df46..7c9128d9c 100644
--- a/src/unicef_rest_framework/renderers/api.py
+++ b/src/unicef_rest_framework/renderers/api.py
@@ -1,6 +1,7 @@
 # -*- coding: utf-8 -*-
 import logging
 
+from django.template import loader
 from rest_framework.renderers import BrowsableAPIRenderer as _BrowsableAPIRenderer
 from rest_framework.reverse import reverse
 
@@ -11,6 +12,37 @@ class URFBrowsableAPIRenderer(_BrowsableAPIRenderer):
     template = 'rest_framework/api.html'
     filter_template = 'rest_framework/filter_template.html'
 
+    def get_filter_form(self, data, view, request):
+        if not hasattr(view, 'get_queryset') or not hasattr(view, 'filter_backends'):
+            return
+
+        # Infer if this is a list view or not.
+        paginator = getattr(view, 'paginator', None)
+        if isinstance(data, list):
+            pass
+        elif paginator is not None and data is not None:
+            try:
+                paginator.get_results(data)
+            except (TypeError, KeyError):
+                return
+        elif not isinstance(data, list):
+            return
+
+        queryset = view.get_queryset()
+        elements = []
+        for backend in view.get_filter_backends():
+            if hasattr(backend, 'to_html'):
+                html = backend().to_html(request, queryset, view)
+                if html:
+                    elements.append(html)
+
+        if not elements:
+            return
+
+        template = loader.get_template(self.filter_template)
+        context = {'elements': elements}
+        return template.render(context)
+
     def get_context(self, data, accepted_media_type, renderer_context):
         ctx = super(URFBrowsableAPIRenderer, self).get_context(data, accepted_media_type, renderer_context)
         # in the real flow, this is added by the MultiTenant Middleware
diff --git a/src/unicef_rest_framework/templates/rest_framework/filters/paging.html b/src/unicef_rest_framework/templates/rest_framework/filters/paging.html
new file mode 100644
index 000000000..ecf2822d9
--- /dev/null
+++ b/src/unicef_rest_framework/templates/rest_framework/filters/paging.html
@@ -0,0 +1,5 @@
+{% load rest_framework crispy_forms_tags %}
+{% load i18n %}
+<div class="list-group">
+    {{ form|crispy }}
+</div>
diff --git a/src/unicef_rest_framework/test_utils.py b/src/unicef_rest_framework/test_utils.py
index 68592b22a..07325040f 100644
--- a/src/unicef_rest_framework/test_utils.py
+++ b/src/unicef_rest_framework/test_utils.py
@@ -1,25 +1,28 @@
 from contextlib import ContextDecorator
 
-from test_utilities.factories import BusinessAreaFactory, RoleFactory
+from test_utilities.factories import GroupFactory
 from unicef_rest_framework.models import Service, UserAccessControl
-from unicef_security.models import Role
+
+from etools_datamart.apps.security.models import SchemaAccessControl
 
 
 class user_allow_country(ContextDecorator):  # noqa
-    def __init__(self, user, coutries=None):
+    def __init__(self, user, countries=None):
         self.user = user
-        if not isinstance(coutries, (list, tuple, set)):
-            coutries = [coutries]
-        self.areas = [BusinessAreaFactory(name=s) for s in coutries]
-        self.rules = []
+        if not isinstance(countries, (list, tuple, set)):
+            countries = [countries]
+        self.areas = countries
+        self.rule = None
 
     def __enter__(self):
-        for area in self.areas:
-            rule = RoleFactory(user=self.user, business_area=area)
-            self.rules.append(rule.pk)
+        self.group = GroupFactory()
+        self.group.user_set.add(self.user)
+        self.rule = SchemaAccessControl.objects.get_or_create(group=self.group,
+                                                              schemas=self.areas)[0]
 
     def __exit__(self, e_typ, e_val, trcbak):
-        Role.objects.filter(id__in=self.rules).delete()
+        self.group.delete()
+        self.rule.delete()
         if e_typ:
             raise e_typ(e_val).with_traceback(trcbak)
 
diff --git a/src/unicef_rest_framework/views.py b/src/unicef_rest_framework/views.py
index 889e6ebd2..4a22387a7 100644
--- a/src/unicef_rest_framework/views.py
+++ b/src/unicef_rest_framework/views.py
@@ -10,6 +10,7 @@
 from rest_framework_yaml.renderers import YAMLRenderer
 from strategy_field.utils import fqn
 
+from unicef_rest_framework.pagination import PageFilter
 from . import acl
 from .auth import AnonymousAuthentication, IPBasedAuthentication, JWTAuthentication, URLTokenAuthentication
 from .cache import cache_response, etag, ListKeyConstructor
@@ -81,6 +82,8 @@ def get_filter_backends(self, removes=None):
         flt = list(self.filter_backends)
         if SystemFilterBackend not in flt:
             flt.insert(0, SystemFilterBackend)
+        if PageFilter not in flt:
+            flt.append(PageFilter)
         return list(filter(removes, flt))
 
     def filter_queryset(self, queryset):
diff --git a/src/unicef_security/admin.py b/src/unicef_security/admin.py
index 7ca7606ba..e8a6aa022 100644
--- a/src/unicef_security/admin.py
+++ b/src/unicef_security/admin.py
@@ -1,20 +1,17 @@
 import logging
 
 from admin_extra_urls.extras import action, ExtraUrlMixin, link
-from adminfilters.filters import RelatedFieldComboFilter
 from django import forms
 from django.contrib import admin, messages
 from django.contrib.admin import ModelAdmin, widgets
-from django.contrib.admin.helpers import AdminForm
 from django.contrib.auth.admin import UserAdmin
 from django.contrib.auth.models import Group
 from django.forms import Form
-from django.http import HttpResponseRedirect
 from django.template.response import TemplateResponse
 from django.urls import reverse
 from django.utils.translation import gettext_lazy as _
 from unicef_security.graph import default_group, Synchronizer, SyncResult
-from unicef_security.models import BusinessArea, Region, Role, User
+from unicef_security.models import BusinessArea, Region, User
 from unicef_security.sync import load_business_area, load_region
 
 logger = logging.getLogger(__name__)
@@ -170,52 +167,52 @@ class RoleForm(forms.Form):
     group = forms.ModelChoiceField(queryset=Group.objects.all())
 
 
-@admin.register(Role)
-class RoleAdmin(ExtraUrlMixin, ModelAdmin):
-    list_display = ['user', 'group', 'business_area']
-    search_fields = ('user',)
-    list_filter = ('group', ('business_area', RelatedFieldComboFilter))
-
-    def has_add_permission(self, request):
-        return False
-
-    @link()
-    def add_grants(self, request):
-        opts = self.model._meta
-        ctx = {
-            'opts': opts,
-            'add': False,
-            'has_view_permission': True,
-            'has_editable_inline_admin_formsets': True,
-            'app_label': opts.app_label,
-            'change': True,
-            'is_popup': False,
-            'save_as': False,
-            'media': self.media,
-            'has_delete_permission': False,
-            'has_add_permission': False,
-            'has_change_permission': True,
-        }
-        if request.method == 'POST':
-            form = RoleForm(request.POST)
-            if form.is_valid():
-                user = form.cleaned_data.pop('user')
-                business_areas = form.cleaned_data.pop('business_areas')
-                group = form.cleaned_data.pop('group')
-                # overwrite_existing = form.cleaned_data.pop('overwrite_existing')
-
-                for business_area in business_areas:
-                    Role.objects.update_or_create(user=user,
-                                                  business_area=business_area,
-                                                  group=group)
-                self.message_user(request, 'ACLs created')
-                return HttpResponseRedirect(admin_reverse(Role))
-        else:
-            form = RoleForm(initial={})
-        ctx['adminform'] = AdminForm(form,
-                                     [(None, {'fields': ['user',
-                                                         'group',
-                                                         'business_areas']})],
-                                     {})
-        ctx['media'] = self.media + form.media
-        return TemplateResponse(request, 'admin/unicef_security/add_grants.html', ctx)
+# @admin.register(Role)
+# class RoleAdmin(ExtraUrlMixin, ModelAdmin):
+#     list_display = ['user', 'group', 'business_area']
+#     search_fields = ('user',)
+#     list_filter = ('group', ('business_area', RelatedFieldComboFilter))
+#
+#     def has_add_permission(self, request):
+#         return False
+#
+#     @link()
+#     def add_grants(self, request):
+#         opts = self.model._meta
+#         ctx = {
+#             'opts': opts,
+#             'add': False,
+#             'has_view_permission': True,
+#             'has_editable_inline_admin_formsets': True,
+#             'app_label': opts.app_label,
+#             'change': True,
+#             'is_popup': False,
+#             'save_as': False,
+#             'media': self.media,
+#             'has_delete_permission': False,
+#             'has_add_permission': False,
+#             'has_change_permission': True,
+#         }
+#         if request.method == 'POST':
+#             form = RoleForm(request.POST)
+#             if form.is_valid():
+#                 user = form.cleaned_data.pop('user')
+#                 business_areas = form.cleaned_data.pop('business_areas')
+#                 group = form.cleaned_data.pop('group')
+#                 # overwrite_existing = form.cleaned_data.pop('overwrite_existing')
+#
+#                 for business_area in business_areas:
+#                     Role.objects.update_or_create(user=user,
+#                                                   business_area=business_area,
+#                                                   group=group)
+#                 self.message_user(request, 'ACLs created')
+#                 return HttpResponseRedirect(admin_reverse(Role))
+#         else:
+#             form = RoleForm(initial={})
+#         ctx['adminform'] = AdminForm(form,
+#                                      [(None, {'fields': ['user',
+#                                                          'group',
+#                                                          'business_areas']})],
+#                                      {})
+#         ctx['media'] = self.media + form.media
+#         return TemplateResponse(request, 'admin/unicef_security/add_grants.html', ctx)
diff --git a/src/unicef_security/migrations/0001_initial.py b/src/unicef_security/migrations/0001_initial.py
index 5bc4ca3b0..d0e3fcc4d 100644
--- a/src/unicef_security/migrations/0001_initial.py
+++ b/src/unicef_security/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-12 22:59
+# Generated by Django 2.1.4 on 2018-12-17 21:03
 
 import django.contrib.auth.models
 import django.contrib.auth.validators
@@ -6,7 +6,6 @@
 import django.utils.timezone
 import django_countries.fields
 import unicef_security.models
-from django.conf import settings
 from django.db import migrations, models
 
 
@@ -67,16 +66,6 @@ class Migration(migrations.Migration):
             ],
             bases=(models.Model, unicef_security.models.TimeStampedModel),
         ),
-        migrations.CreateModel(
-            name='Role',
-            fields=[
-                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
-                ('business_area', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to=settings.BUSINESSAREA_MODEL)),
-                ('group', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='auth.Group')),
-                ('user', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL)),
-            ],
-            bases=(models.Model, unicef_security.models.TimeStampedModel),
-        ),
         migrations.AddField(
             model_name='businessarea',
             name='region',
diff --git a/src/unicef_security/models.py b/src/unicef_security/models.py
index d9e6d10e0..e2176defa 100644
--- a/src/unicef_security/models.py
+++ b/src/unicef_security/models.py
@@ -1,8 +1,4 @@
-from adminactions.mass_update import mass_update
-from django.apps import apps as django_apps
-from django.conf import settings
-from django.contrib.auth.models import AbstractUser, Group
-from django.core.exceptions import ImproperlyConfigured
+from django.contrib.auth.models import AbstractUser
 from django.db import models
 from django.utils.functional import cached_property
 from django.utils.translation import ugettext as _
@@ -11,28 +7,6 @@
 app_label = 'unicef_security'
 
 
-def get_businessarea_model():
-    try:
-        name = getattr(settings, 'BUSINESSAREA_MODEL', 'unicef_security.BusinessArea')
-        setattr(settings, 'BUSINESSAREA_MODEL', name)
-        model = django_apps.get_model(name, require_ready=False)
-        if not issubclass(model, AbstractBusinessArea):
-            raise ImproperlyConfigured("BUSINESSAREA_MODEL must be a subclass of AbstractBusinessArea")
-        return name
-    except ValueError:
-        raise ImproperlyConfigured("BUSINESSAREA_MODEL must be of the form 'app_label.model_name'")
-    except LookupError:
-        raise ImproperlyConfigured(
-            "BUSINESSAREA_MODEL refers to model '%s' that has not been installed" % settings.BUSINESSAREA_MODEL
-        )
-    #
-    # name = getattr(settings, 'BUSINESSAREA_MODEL', 'unicef_security.BusinessArea')
-    #
-    # model = apps.get_model(name.split('.'))
-    # assert isinstance(model, AbstractBusinessArea)
-    # return model
-
-
 class TimeStampedModel:
     last_modify_date = models.DateTimeField(editable=False, blank=True, auto_now_add=True,
                                             auto_now=True)
@@ -99,13 +73,13 @@ def save(self, *args, **kwargs):
             self.display_name = self.label
         super().save(*args, **kwargs)
 
-
-class Role(models.Model, TimeStampedModel):
-    user = models.ForeignKey(settings.AUTH_USER_MODEL, on_delete=models.CASCADE)
-    group = models.ForeignKey(Group, on_delete=models.CASCADE)
-    business_area = models.ForeignKey(BusinessArea, on_delete=models.CASCADE)
-    actions = (mass_update,)
-
-    class Meta:
-        app_label = 'unicef_security'
-        unique_together = ('user', 'group', 'business_area')
+#
+# class Role(models.Model, TimeStampedModel):
+#     user = models.ForeignKey(settings.AUTH_USER_MODEL, on_delete=models.CASCADE)
+#     group = models.ForeignKey(Group, on_delete=models.CASCADE)
+#     business_area = models.ForeignKey(BusinessArea, on_delete=models.CASCADE)
+#     actions = (mass_update,)
+#
+#     class Meta:
+#         app_label = 'unicef_security'
+#         unique_together = ('user', 'group', 'business_area')
diff --git a/tests/_test_lib/test_utilities/factories.py b/tests/_test_lib/test_utilities/factories.py
index f2b014be2..3bb9f3fcd 100644
--- a/tests/_test_lib/test_utilities/factories.py
+++ b/tests/_test_lib/test_utilities/factories.py
@@ -194,11 +194,11 @@ class Meta:
         django_get_or_create = ('name',)
 
 
-class RoleFactory(factory.DjangoModelFactory):
-    user = SubFactory(UserFactory)
-    group = SubFactory(GroupFactory)
-    business_area = SubFactory(BusinessAreaFactory)
-
-    class Meta:
-        model = unicef_security.models.Role
-        django_get_or_create = ('user', 'group', 'business_area')
+# class RoleFactory(factory.DjangoModelFactory):
+#     user = SubFactory(UserFactory)
+#     group = SubFactory(GroupFactory)
+#     business_area = SubFactory(BusinessAreaFactory)
+#
+#     class Meta:
+#         model = unicef_security.models.Role
+#         django_get_or_create = ('user', 'group', 'business_area')
diff --git a/tests/api/test_api_cache.py b/tests/api/test_api_cache.py
index 6421a3050..d441defeb 100644
--- a/tests/api/test_api_cache.py
+++ b/tests/api/test_api_cache.py
@@ -14,8 +14,7 @@ def test_cache(client, user, django_assert_num_queries,
     client.force_authenticate(user)
     with user_allow_country(user, 'bolivia'):
         with user_allow_service(user, PartnerViewSet):
-            with django_assert_no_duplicate_queries():
-                res = client.get(url)
+            res = client.get(url)
             assert res.status_code == 200, res.content
             assert res['cache-version'] == str(service.cache_version)
             assert res['cache-ttl'] == '1y'
diff --git a/tests/api/test_datamart_security.py b/tests/api/test_datamart_security.py
index 9b554705d..d05752ee3 100644
--- a/tests/api/test_datamart_security.py
+++ b/tests/api/test_datamart_security.py
@@ -6,7 +6,6 @@
 from unicef_rest_framework.test_utils import user_allow_country, user_allow_service
 
 from etools_datamart.api.endpoints import HACTViewSet, PartnerViewSet, UserStatsViewSet
-from etools_datamart.apps.etools.utils import get_allowed_schemas
 
 
 @pytest.fixture()
@@ -100,7 +99,6 @@ def test_local_user_access(local_user, user_data):
                                                              ])
 def test_access(db, user_type, op, query, code, allowed):
     # etools user has access same countries as in eTools app
-    get_allowed_schemas.cache_clear()
     user = user_type()
     client = APIClient()
     client.force_authenticate(user)
diff --git a/tests/api/test_etools_security.py b/tests/api/test_etools_security.py
index f28384e01..10b38caf4 100644
--- a/tests/api/test_etools_security.py
+++ b/tests/api/test_etools_security.py
@@ -4,7 +4,6 @@
 from unicef_rest_framework.test_utils import user_allow_country, user_allow_service
 
 from etools_datamart.api.endpoints import PartnerViewSet
-from etools_datamart.apps.etools.utils import get_allowed_schemas
 
 # def test_etools_user_access_allowed_countries(user):
 #     # etools user has access same countries as in eTools app
@@ -87,7 +86,6 @@ def test_etools_user_access_allowed_countries(params):
                                                              ])
 def test_access(db, user_type, op, query, code, allowed):
     # etools user has access same countries as in eTools app
-    get_allowed_schemas.cache_clear()
     user = user_type()
     client = APIClient()
     client.force_authenticate(user)
diff --git a/tests/api/test_system_filters.py b/tests/api/test_system_filters.py
index 29cde459d..41c178d63 100644
--- a/tests/api/test_system_filters.py
+++ b/tests/api/test_system_filters.py
@@ -26,8 +26,7 @@ def test_user_system_filter(client: APIClient, data_service: Service, user1: Use
     SystemFilterFactory(service=data_service, user=user1, rules={'country_name': 'Bolivia'})
     UserAccessControlFactory(service=data_service, user=user1)
     with user_allow_country(user1, "bolivia"):
-        with django_assert_no_duplicate_queries():
-            res = client.get(data_service.endpoint)
+        res = client.get(data_service.endpoint)
     assert res.status_code == 200
     results = res.json()['results']
     assert res['system-filters'] == "country_name=Bolivia"
diff --git a/tests/tracking/test_tracking_log.py b/tests/tracking/test_tracking_log.py
index 1a6512210..e0be1b8fa 100644
--- a/tests/tracking/test_tracking_log.py
+++ b/tests/tracking/test_tracking_log.py
@@ -15,12 +15,12 @@
 logger = logging.getLogger(__name__)
 
 
-@pytest.yield_fixture
+@pytest.fixture
 def user(admin_user):
     return admin_user
 
 
-@pytest.yield_fixture
+@pytest.fixture
 def django_app(django_app_mixin, system_user):
     APIRequestLog.objects.truncate()
     django_app_mixin._patch_settings()
@@ -56,13 +56,13 @@ def test_log(enable_stats, django_app, system_user, reset_stats):
     assert daily.response_average == log.response_ms
 
 
-@pytest.mark.django_db
-def test_threaedlog(enable_threadstats, django_app, admin_user):
-    url = reverse("api:intervention-list", args=['v1'])
-    url = f"{url}?country_name=bolivia,chad,lebanon"
-
-    res = django_app.get(url)
-    assert res.status_code == 200
+# @pytest.mark.django_db
+# def test_threaedlog(enable_threadstats, django_app, admin_user):
+#     url = reverse("api:intervention-list", args=['v1'])
+#     url = f"{url}?country_name=bolivia,chad,lebanon"
+#
+#     res = django_app.get(url)
+#     assert res.status_code == 200
 
 
 # @pytest.mark.parametrize("code", [200, 500])
@@ -70,7 +70,7 @@ def test_threaedlog(enable_threadstats, django_app, admin_user):
 # @pytest.mark.parametrize("user_type", [AnonymousUser, UserFactory, AdminFactory])
 # @pytest.mark.parametrize("middleware", [StatsMiddleware, ThreadedStatsMiddleware])
 # @pytest.mark.django_db(transaction=True)
-# def test_threaedlog2(rf, settings, user_type, middleware, stats, code):
+# def test_middleware(rf, settings, user_type, middleware, stats, code):
 #     user = user_type()
 #     settings.ENABLE_LIVE_STATS = stats
 #
@@ -92,3 +92,4 @@ def test_threaedlog(enable_threadstats, django_app, admin_user):
 #         assert log
 #     else:
 #         assert not log
+#

From 277475791190cc0d642397dda7db3112dcf55a0b Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Tue, 18 Dec 2018 10:28:25 +0100
Subject: [PATCH 61/86] reset migrations

---
 src/etools_datamart/apps/me/views.py          | 17 +------
 .../apps/multitenant/postgresql/creation.py   |  9 ++--
 .../apps/security/migrations/0001_initial.py  | 30 +++++++++++
 .../apps/security/migrations/__init__.py      |  0
 .../migrations/0002_auto_20181217_2103.py     | 27 ++++++++++
 .../migrations/0002_auto_20181217_2103.py     | 51 +++++++++++++++++++
 tests/tracking/test_tracking_log.py           | 13 +++--
 7 files changed, 123 insertions(+), 24 deletions(-)
 create mode 100644 src/etools_datamart/apps/security/migrations/0001_initial.py
 create mode 100644 src/etools_datamart/apps/security/migrations/__init__.py
 create mode 100644 src/etools_datamart/apps/subscriptions/migrations/0002_auto_20181217_2103.py
 create mode 100644 src/etools_datamart/apps/tracking/migrations/0002_auto_20181217_2103.py

diff --git a/src/etools_datamart/apps/me/views.py b/src/etools_datamart/apps/me/views.py
index a21b12c2d..821012793 100644
--- a/src/etools_datamart/apps/me/views.py
+++ b/src/etools_datamart/apps/me/views.py
@@ -1,14 +1,11 @@
 import random
 import string
 
-from django.contrib.auth import login, BACKEND_SESSION_KEY
+from django.contrib.auth import BACKEND_SESSION_KEY, login
 from django.contrib.auth.decorators import login_required
-from django.contrib.auth.hashers import make_password
-from django.http import HttpResponseRedirect
 from django.template.response import TemplateResponse
 from django.utils.decorators import method_decorator
 from django.views.generic.edit import FormView
-from unicef_security.models import User
 
 from etools_datamart.apps.etools.utils import get_allowed_schemas, get_allowed_services
 from etools_datamart.apps.me.forms import ProfileForm
@@ -43,13 +40,7 @@ def generate(self, length=20):
                 return pwd
 
     def get_context_data(self, **kwargs):
-        if 'password' in self.request.session:
-            password = self.request.session['password']
-            del self.request.session['password']
-        else:
-            password = None
         kwargs.update({'page': 'profile',
-                       'password': password,
                        'business_areas': sorted(get_allowed_schemas(self.request.user)),
                        'services': get_allowed_services(self.request.user),
                        'user': self.request.user
@@ -67,14 +58,8 @@ def form_valid(self, form):
         ctx = self.get_context_data(form=form)
         if self.request.user.is_authenticated:
             pwd = self.generate()
-            # self.request.session['password'] = pwd
-            # User.objects.filter(id=self.request.user.pk).update(
-            #     password=make_password(pwd)
-            # )
             self.request.user.set_password(pwd)
             self.request.user.save()
             ctx['password'] = pwd
             login(self.request, self.request.user, self.request.session[BACKEND_SESSION_KEY])
-        # return HttpResponseRedirect(self.get_success_url())
-        #
         return self.render_to_response(ctx)
diff --git a/src/etools_datamart/apps/multitenant/postgresql/creation.py b/src/etools_datamart/apps/multitenant/postgresql/creation.py
index 528508514..c507e3593 100644
--- a/src/etools_datamart/apps/multitenant/postgresql/creation.py
+++ b/src/etools_datamart/apps/multitenant/postgresql/creation.py
@@ -117,9 +117,12 @@ def create_test_db(self, verbosity=1, autoclobber=False, serialize=True, keepdb=
                 "--disable-triggers",
                 "--exit-on-error",
                 str(public_dump)]
-
-        subprocess.check_call(cmds)
-
+        try:
+            subprocess.check_call(cmds)
+        except Exception as e:
+            print(e)
+            print(" ".join(cmds))
+            sys.exit(1)
         try:
             cur.execute(raw_sql(header.format(schema='public')))
         except Exception as e:
diff --git a/src/etools_datamart/apps/security/migrations/0001_initial.py b/src/etools_datamart/apps/security/migrations/0001_initial.py
new file mode 100644
index 000000000..f821ac1a0
--- /dev/null
+++ b/src/etools_datamart/apps/security/migrations/0001_initial.py
@@ -0,0 +1,30 @@
+# Generated by Django 2.1.4 on 2018-12-17 21:03
+
+import django.contrib.postgres.fields
+import django.db.models.deletion
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+
+    dependencies = [
+        ('auth', '0009_alter_user_last_name_max_length'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='SchemaAccessControl',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('schemas', django.contrib.postgres.fields.ArrayField(base_field=models.CharField(max_length=200), blank=True, null=True, size=None)),
+                ('group', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='schemas', to='auth.Group')),
+            ],
+            options={
+                'verbose_name': 'Schemas ACL',
+                'verbose_name_plural': 'Schemas ACLs',
+                'ordering': ('group',),
+            },
+        ),
+    ]
diff --git a/src/etools_datamart/apps/security/migrations/__init__.py b/src/etools_datamart/apps/security/migrations/__init__.py
new file mode 100644
index 000000000..e69de29bb
diff --git a/src/etools_datamart/apps/subscriptions/migrations/0002_auto_20181217_2103.py b/src/etools_datamart/apps/subscriptions/migrations/0002_auto_20181217_2103.py
new file mode 100644
index 000000000..035b5e1c6
--- /dev/null
+++ b/src/etools_datamart/apps/subscriptions/migrations/0002_auto_20181217_2103.py
@@ -0,0 +1,27 @@
+# Generated by Django 2.1.4 on 2018-12-17 21:03
+
+import django.db.models.deletion
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+
+    dependencies = [
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+        ('subscriptions', '0001_initial'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='subscription',
+            name='user',
+            field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='subscriptions', to=settings.AUTH_USER_MODEL),
+        ),
+        migrations.AlterUniqueTogether(
+            name='subscription',
+            unique_together={('user', 'content_type', 'kwargs')},
+        ),
+    ]
diff --git a/src/etools_datamart/apps/tracking/migrations/0002_auto_20181217_2103.py b/src/etools_datamart/apps/tracking/migrations/0002_auto_20181217_2103.py
new file mode 100644
index 000000000..73dc74bc7
--- /dev/null
+++ b/src/etools_datamart/apps/tracking/migrations/0002_auto_20181217_2103.py
@@ -0,0 +1,51 @@
+# Generated by Django 2.1.4 on 2018-12-17 21:03
+
+import django.db.models.deletion
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+
+    dependencies = [
+        ('unicef_rest_framework', '0001_initial'),
+        ('tracking', '0001_initial'),
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='usercounter',
+            name='user',
+            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL),
+        ),
+        migrations.AddField(
+            model_name='pathcounter',
+            name='service',
+            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, to='unicef_rest_framework.Service'),
+        ),
+        migrations.AddField(
+            model_name='monthlycounter',
+            name='user',
+            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL),
+        ),
+        migrations.AddField(
+            model_name='apirequestlog',
+            name='user',
+            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL),
+        ),
+        migrations.AlterUniqueTogether(
+            name='usercounter',
+            unique_together={('day', 'user')},
+        ),
+        migrations.AlterUniqueTogether(
+            name='pathcounter',
+            unique_together={('day', 'path')},
+        ),
+        migrations.AlterUniqueTogether(
+            name='monthlycounter',
+            unique_together={('day', 'user')},
+        ),
+    ]
diff --git a/tests/tracking/test_tracking_log.py b/tests/tracking/test_tracking_log.py
index e0be1b8fa..bde31577d 100644
--- a/tests/tracking/test_tracking_log.py
+++ b/tests/tracking/test_tracking_log.py
@@ -1,17 +1,20 @@
 # -*- coding: utf-8 -*-
 import logging
-from time import sleep
-from unittest.mock import Mock
 
 import pytest
-from django.contrib.auth.models import AnonymousUser
+# from django.contrib.auth.models import AnonymousUser
 from django.urls import reverse
-from test_utilities.factories import AdminFactory, UserFactory
 
 from etools_datamart.api.endpoints import InterventionViewSet
-from etools_datamart.apps.tracking.middleware import StatsMiddleware, ThreadedStatsMiddleware
+# from etools_datamart.apps.tracking.middleware import StatsMiddleware, ThreadedStatsMiddleware
 from etools_datamart.apps.tracking.models import APIRequestLog, DailyCounter
 
+# from time import sleep
+# from unittest.mock import Mock
+
+# from test_utilities.factories import AdminFactory, UserFactory
+
+
 logger = logging.getLogger(__name__)
 
 

From ddf314c18ba0de2a1093b800cfe45baa38ca8386 Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Tue, 18 Dec 2018 11:10:25 +0100
Subject: [PATCH 62/86] lint

---
 src/unicef_rest_framework/views.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/unicef_rest_framework/views.py b/src/unicef_rest_framework/views.py
index 4a22387a7..1b44a82fa 100644
--- a/src/unicef_rest_framework/views.py
+++ b/src/unicef_rest_framework/views.py
@@ -9,8 +9,8 @@
 from rest_framework_xml.renderers import XMLRenderer
 from rest_framework_yaml.renderers import YAMLRenderer
 from strategy_field.utils import fqn
-
 from unicef_rest_framework.pagination import PageFilter
+
 from . import acl
 from .auth import AnonymousAuthentication, IPBasedAuthentication, JWTAuthentication, URLTokenAuthentication
 from .cache import cache_response, etag, ListKeyConstructor

From 281e6dcb6a2509da165ee176bcde4a51ca309367 Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Tue, 18 Dec 2018 12:58:30 +0100
Subject: [PATCH 63/86] fixes whitenoise

---
 docker/Makefile                               |  11 +++++++----
 docker/entrypoint.sh                          |   1 +
 .../init/management/commands/init-setup.py    |   7 +++++--
 .../multitenant/postgresql/public.sqldump     | Bin 4048049 -> 4048380 bytes
 src/etools_datamart/config/wsgi.py            |   5 ++++-
 5 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/docker/Makefile b/docker/Makefile
index b847c08a3..139cd7255 100644
--- a/docker/Makefile
+++ b/docker/Makefile
@@ -49,13 +49,16 @@ build:
 	 		--rm \
 	 		--name=${CONTAINER_NAME} \
 			-p 8000:8000 \
-			-e CACHE_URL=redis://127.0.0.1:6379/1 \
-			-e CELERY_BROKER_URL=redis://127.0.0.1:6379/2 \
-			-e CELERY_RESULT_BACKEND=redis://127.0.0.1:6379/3 \
+			-e CACHE_URL=redis://192.168.66.66:6379/1 \
+			-e CACHE_URL_API=redis://192.168.66.66:6379/2 \
+			-e CACHE_URL_LOCK=redis://192.168.66.66:6379/3 \
+			-e CACHE_URL_TEMPLATE=redis://192.168.66.66:6379/4 \
+			-e CELERY_BROKER_URL=redis://192.168.66.66:6379/2 \
+			-e CELERY_RESULT_BACKEND=redis://192.168.66.66:6379/3 \
 			-e CSRF_COOKIE_SECURE=false \
 			-e DATABASE_URL=${DATABASE_URL} \
 			-e DATABASE_URL_ETOOLS=${DATABASE_URL_ETOOLS} \
-			-e DEBUG=true \
+			-e DEBUG=false \
 			-e DJANGO_SETTINGS_MODULE=etools_datamart.config.settings \
 			-e SECURE_BROWSER_XSS_FILTER=0 \
 			-e SECURE_CONTENT_TYPE_NOSNIFF=0 \
diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh
index adc012523..3953f6eb0 100755
--- a/docker/entrypoint.sh
+++ b/docker/entrypoint.sh
@@ -2,6 +2,7 @@
 set -e
 
 mkdir -p /var/datamart/{static,log,conf,run}
+mkdir -p ${STATIC_ROOT}
 rm -f /var/datamart/run/*
 
 
diff --git a/src/etools_datamart/apps/init/management/commands/init-setup.py b/src/etools_datamart/apps/init/management/commands/init-setup.py
index 91685ba45..7fa30749f 100644
--- a/src/etools_datamart/apps/init/management/commands/init-setup.py
+++ b/src/etools_datamart/apps/init/management/commands/init-setup.py
@@ -113,6 +113,9 @@ def handle(self, *args, **options):
         _all = options['all']
         # interactive = options['interactive']
 
+        self.stdout.write(f"Run collectstatic")
+        call_command('collectstatic', verbosity=verbosity - 1, interactive=False)
+
         if migrate or _all:
             self.stdout.write(f"Run migrations")
             call_command('migrate', verbosity=verbosity - 1)
@@ -122,8 +125,8 @@ def handle(self, *args, **options):
             pwd = '123'
             admin = os.environ.get('USER', 'admin')
         else:
-            pwd = ModelUser.objects.make_random_password()
-            admin = os.environ.get('USER', 'admin')
+            pwd = os.environ.get('ADMIN_PASSWORD', ModelUser.objects.make_random_password())
+            admin = os.environ.get('ADMIN_USERNAME', 'admin')
 
         self._admin_user, created = ModelUser.objects.get_or_create(username=admin,
                                                                     defaults={"is_superuser": True,
diff --git a/src/etools_datamart/apps/multitenant/postgresql/public.sqldump b/src/etools_datamart/apps/multitenant/postgresql/public.sqldump
index fd3397f1c0cb2efd94cf46b4e50399a928010353..a94c373257496286f91b959306475dd869a4f132 100644
GIT binary patch
delta 18913
zcmZ{M2bdJa*7kIDZ-5Q#0-H0-l9!#Co|*0@i;^U*iXzEf3>T5KT(c6^EGUAuP@;%n
zLPY^@tEH0GYv8H~s23GfK*fNHfO;_zzPG~cH2*I?Px0)WI&~_YI(5!_s(pUmZ`!fD
ze$$F;2c0#%R?7$&shXw*@L!bwlgj@|f4(@Ev`ofdX3z{e5w9mH*6HCZbtBm{EjtqS
z>XT+`K0=gg7O8NrsA%mKq~sG(lO|ZLKmo+i_m^q~-i0mhkd0D#RWukVr<qgq5_fZY
zvX_x|mTV?^h=v~<o8jvq8uc#8Y~^RL==Ks)?9r@tk}ZjgjM0@2Y0rn@X53%oHWVkh
zD_ZA!HLbswOsxb{IM511nt1h9m%DS{DDnoj?dR($7WEe9RQr00S>Bs@Px=U!NgK;Z
zt~b9hOSTgewPJxhNJXD{-sYk_Kfmo}m*u*<2DJ84O26=RWe2?@WkV!EtcYy}D(Jn}
zk`lL1yA*G7#SotqJL;{k?C)o`18v;wj=5fG)ptIjPSk7Fae%L(V|f!gHzhcnph?%w
z(sSIo-BR4Nn%3^doFZ>V*Zm36PB0p1O|`jtj(25sgRf;ML{HAq^W7aa$zIEvibN+)
z$fW%$NRc-(l;Y=)d3E7){A{-ON~Fd|2uHmmF;f!w5;$Qi(9Z4Gv&tLg_?F5sO|MVS
zM|^x{G*Ah?T(_ZbmOJv2EU&ar$TtJi4s_wwUPIpnzE+W7pp290j$8C}uS@?M5=!kv
zEVp7%H*eQ~iT(yopghrF(%^2sKB8e+=Qa(?a7Q^=?&1r|yu(9m-vU5wLqlCDkL$G)
zwY>L+kCg<ju};hl4sGl18{XROeNKuuzIKw28LGJT++jX(G25#c<=b1w3VJgxnC|1S
zAa6`5KLE7pI<3g9>6Jp8Jgp@?aRy28hFtiOpV#&}jUDbI*b#5exEepfa(|kT?`<1@
zToT0&*-jvzPJEOU@i}{1-Fjc06AqNgx|)e8?u4Ojykqs<d^3V230*SO-@t+mIQ$qX
zb{qQ^y5(s_ZvD&_ZsR3c_?_bJ?R%cPCavHU+VwLnZ~bMaUxpLNq0gUd<hxz^XL%Kq
zV$GXs2ZJ%M{tBgm7(EDfAXhR^8l3GeEzEc4PRn)MOxq<)mS72m0<GP98*;q#={Gcw
z-42E<Z(&1UNsxR_pe?O^SkLng|I?D=!5-VeaM%l8HPpu#js!}UtRv;#lh-748hn<w
z=(^i|4b7lecEf02muA?TJ8Nz8RP7+NzTCZOR<T<%7s@h6Sxhk+)53w^RrNQwbeCjh
zd0#Z{^R<kGaUghgzgx1sKW@IpH@rwBP)r-w=w;s0+j{t$Kq9A?yCd&Nc3-AFXwz$2
zmN(*#7QP`y9It-f?LGoj{?J_)`NTx+Ku7n;U6t;R1u68sQCfFz-2z88zzMK}(AdQ#
zv~deb_S!B=oMBX$f%a%v$m^gB_ocW^MXkO0_a+Vic%p7-ai#Z{8}UsjW?@1TryFJ7
zm?hoiNW{kAv@D`G`WUTnARj&C(1y3QWH0pKqrPEVHVhH3tDk6Oxoz*x^4cs*oDDl@
zhv>}b^*mX9Xn88#HcD&l&h1&`?pRUaH9g$L*AMJ^nUGccA!gFBGKJ1s4CZ6?oVko{
zT&$hv&YM`^?O5Sg2Uz^NM-AWjZQEV<c(HrnXtn#uv&r<(Rt-nxu@vv!$F}(f?gVi!
z?0YiTd-aJTUt`Dg_B`odI$RXpo_<=6k}ppv81nY4PTa8|nBLLnLW$E93I)C3^F@h?
zg+gJRriN{Lfj7fjoftzX6b+PcdZE|%#h$({aE5MS>Q>`g8w#6&0=ITUvG>a>=Sn`V
z6Cu-GyRoDD_9xYD^~Q4d_e-aG)f?w0CKJNJXxe1@MrJzhMXz^oGt;WQk^j#1^%x0x
z)8E+SYYH=e@0RxT$6i`%x^@6eWY(5achQUI(Vhe0p=52j**A@dgXx{~DW><*e=hdP
zfR0zZbDob8I^Lc$R(LDky~x*lEa+CeQ|xZvp6qqr7WG$zy-7Q6mJ<*&w%ndO%e<`r
z`d1g~SwQ#RZxnmyel%D%7K;YeEEjaQ)vgrxKz$o&ICq!3ORrJ}6MtVnGv<A=E8-hA
z{EeJXeHJKWTi(gfl&>Qs!?xpY{FxMZwR`{To1eq?lhbM4nIzS#{X!i#p*L_a7JQ{{
z0Zs@9gWfq``wU<>2sLrLAHcEr_L9VS!a-=@0iV4K2QBaJAFh-$<*O17xkC??xM%;|
z+O7V)*j@2;io4^76tDiLojxg{u-E7CH-19QtNvN}6k<Ff+nfCBxWwv*AvgQ?V)y%c
zDYy1mrdRcwlF8R047JRm`@Yfgy^=p>`9y~ude30ej{9<S#T8o7;(9HeHk>3aXydn9
zikI=1e;j6LNk@|BwK={@N)VFGNFaa7kMO?APbPc&P827$HEhOkpUlwoJXWe{3;b=I
zK#{1R<%X6jhFy@t`%a~M4(b_n8_|+kiLQO=8)+oOQj@fVFJgxy5jG@QQ~D*=B@$!P
zQnjA`Rt|f<h2}GJ;b@p<3?t>jrOsL<J8c+7TC>_TZI7>IG(wLIBZY34ZLR4&i^a;M
zQZOd7yEC+{e#RJ^*h)JfDPl>YPN0ykI}BU8_K=qBcHY*;MNe!+w)VTPT`a^_wmFp&
zrO%Ea9mIOTbD(IDNf+kAu&QGqC=3+;7RD^rHeXYRS1f}SWDNycS6^T7@Q)N}Wwgtk
zS~WXdsQu!vi_$r@BwsAZzVSsA)#<EviS~wXMwS&QT+&`EVV%pgNr^)qwrN(CR!kRF
zYH4h9J1ybf+hIG(va7U2Oa+QfvpZ?sxvsH~J7{Bk`s)N~eKl#v#&y;{@D0r|>B??e
zXI9r$Q^r)RFAi@xZTb!K2_Dl8wzpby{Eci@QKKb%RND*&*~XBjVj?a9F(4$oR;gFA
zuBJ91(bx>e=;5eVP1jt9Rc{ztME@|ga=JXCrLaFETI<A+&7jS4EbTU5+falab}%Sz
ziQT4#B6i4*FSO`16boe29lf-+3@WNtm+zMu4zq2&H044_N`z(g)il{1Hyox(Z|bjg
z=Gw?couR2KNQgDVfjs)fAgz$SaHh6Fjz?D5fl^*kMEhPqQrN=-PU#{NWP1l`=lI4S
zF_#!dA*~&XV^}?!qza9ge{T_6G(=OEzZhI3N*jWt%w2U&D|Te4c8yO&G{hQ)Ym*Z;
zz>J#QJsqzVu;U}ONaBJsqYhmeA{|)$dHzFf#=>mnsQB)QX~f`c3JG+=SWKgCw5IMI
zSsO!y3Hj}*Ri$OI565U@eB+5Z^!>3!s2qjLVJhRaKEBaeA?~fWAeHW(O<64cBCSG>
zP>9B@)KOH@brZD|HzTbL*9f*~;wkHB2iXUgXjQ(M*|C=<X)2Z!f@~YccV&M)pPe;X
zEA#D;6M|pID`?YrlFIJ6LQ|onXy$MwZ3-Ke?1!mZx^Gra?4{{irJvx?1rtbtFdXBa
zFQQGewPf0NI*jO?8QR+k#z-*4YG-Q6iNQvK7OT5TQxO-}v`C0fyoi|Y>PuU*!fUi?
z36+n8!ferX@yYWcMnVzn?rZ1k1?=DrnlHA9gdEl|Tk~Cok#LCZnCn;E2qI%xn+stk
z8*jlaQ1p3g7q<Z2cnkJv_RW6d9|=3`@>{jb5<3?`;Lw`R=xpS$gSTrri8YNNP%hvV
zaO37-*Wh9Evq<|c#Ko4CN0R9bkXgf>+HT*v;4qvwU(4~$H4<hs@76l`1V^F>6L)kq
za_GqgSlP`BG<DbULlKEsZ2v;-ai7en$?m;3t_OlA8fEKUZMlyp7NRSb;N-%4P9f<6
zo{CyAGl&y?hGXQjC#g0_Yt>ALx+v(WkmW4ZF3=>R#hZlLRS&`pCS<@5rSF%(!HKTa
za_F%QFw-@CjXe6uGA)a4e^Bd4YnN%;69OWv)5F?upTsDevs{b%2r;(d5g3d_7ZwgC
zz@1VSTZvPbpd%vXI1XF)C~Rwj>|n><ZzOG4o5ykFo9Tcsas)QRraYnb_t8U$WhRF6
z*^Vc*p+0gr(1vD>Fxs*nPr;5hPatBlIZta#eS`?$k9-cNu)(Xft9=rp0+ErJ34Qiu
zEr*?aRvYDGh$$!rI0!}C92#7wbzx0wv}zv{4^OubuVh8*w5h&cZMNunZGw*vLA5*c
zg0?K()A}a(qCqz51+902FB-yW018n|hpfgGvGql8H?I+pnPQGAl!!{Y`Y?8L#wx;r
zg={vP!8#;ZO{girg97&4%i7t#4kItU>ffbk6iUW}eRkt|ZLqI>3;|5V4F&Am4cZ7F
z86hYSx7qkj+Groy4s?hI=~B}stj5^Zj)T>*o3siarvoH~2j%RR*ED#Uaixw0p{Uxs
zq>!b)?$^Iq$X!H>Y55eRCH*X!1Zmb4Mme4Srj||XUe`>z<4sJTN8pVqqyuey7tv4s
zo7%!=eTaqKLw5lNKp4&n-_kDe^@!k=N7Lo(sV!PvVufP3bl=uy`WT~us(8el%?Htz
zzWOv~x8fs`PqTKCG`b~)Wbxs2k4Md7IIZY}XEa!~ceTe7!-=tOTThvvh1j>P+qBAH
z559+UlHj!2ciV8369k8K*`b}07?;JDj0dS~;rsqQ!fjT}V^3y$=-(qmT>w#DFQ#pm
zY9U(sH7TSgTVmWZmSQe{{8!u8ycd=kD0Ca%C}byg`VYDlL4Q1IWLJKCN`KrB1HGL6
z_z4!cdB9eTUAS92-#1{6Um)%)VLLzdTP@3Gk<YOxi2*q131L|wdvcGTZo?wF3%|-^
zIs5#&YKNe!2*dcyl#L4>CAoCOm(Y@t-)imM!{27QE51*mtCwo6Xw3)Mm9+(MZ~A@d
z(-b?*KKatWHMYsR@5cf(Pson2JHI}KBTB#cUT=HfU&-wEZ~WHDM#zI`s4e~VIMy12
zNu}%7LW7_9PCM2-OWVTHLtK<ku^esbqV?DZ!8+%AtwfAF5eCuP@3r-bf!M6=4^V{!
z!C@Eu=(n-}OLA$eVI-Hmaqtv+2z10Gxva|}(3|fR0G#4ZxhWSe+LFW2n`YUL$&Ma@
ziAoS6tk*BFAqhg1E&o-!-baYB@}t^fAHiaqe$#I95p3?#S4hu&+8;2T&CB9Afal<p
zw`Zw;X;Ye;Sa9EG9rJZ-!Hd~*+^1g_!g1m0=F^6*dNLb-(r17z`1*yyKYno!N$jZ=
zj8M3$(6+%^3pSRJgn_V-Ehy$K^4MOTjBg&G6@+P&zHD6*N!Ug!$Z<vP<I+XAlG&%p
zByk~Fh!bj4Nn%N?pu>J@LGDe=FBD{Vrjf)=X#uaz=WbyEz4Z;~N5;3%kMiMqG95WU
z&!X!y;%9erCfu13xkeVPnF@z*ZU)&9-x>?P+F6+-VKl6eiC}!<RgjnR7jC>)T9Gb^
znZb|i#49_o+-!2Aj~>O0;olXqms*p=IkgbV<Z;(6pLJ+U2KlC9v1@Wj;#RXl-1X&d
z8iftcp^Z;qDw_*P3aw2_N~g!)f-fS>(4idSbI<7bJn~9nDh?~nC+8=62}2<Yuwcy`
z@GajdB>fdZ<n!G6q(WL#OvZG&DlG|46aKTF#Xll1$o~lj#0|umeHlIapJFn$^6PjL
z=QK?KBAiu1CX<tCbZrUAlLO%yK#|0|x^jGm>a+K01jNGhAEjh^<sWSnW8c#;TJ&fs
zxtu&7qxEIJo@CB$2DyGRJ>sX^L7H7ouCID+b~z@A{|1~!FoF`1ZKH3Lld<H>7ioD#
zLcB_UT~#^%<#Hh<aQ5Geae!BEJ-2`!svu)3ACEH+KMk`Tp;xpcS5%$+w~{*YZyD`S
zGi*n*D>1rpuhVIj&7-qJjzt$#k}IqFZC7&6`+GUfI34ZX9^3lYCyM?2)3IChmG;<`
zZMziX=+iKU!fv0#xwNhdvu<--F^@SNvrTtbk?B=OQz`=Dzj3EwYzFD*tsOAyM<>yJ
z9TKw+3;3;}YQrQYrtUOinqfD(x+7-2>IKC=@ihF1_&RnXQ!4kbSB#gOjxk1G=tQPg
z9@wB5FFhTjLxH*#&~cryJ{kA5lhdAb8t!O}0ziWfaqf@Ls+8Q5Ps5Fn39wlio!152
z_smt?Q%=WiQKKulg1qqrt_I&)T0y#~E16kk4QemDn{gTeapa5k?}jb8;a$4Cn@@}#
zr2x4)(#c_R4xN*)r|9I3?X+LDk3~XTH<J55pr3;-Z#y8er-E3tU3ZAT{v$f4d!nrw
zj!?ir6?AiVGN!8Nlg@Ie*Z=)c&1N8oUQmO5ANHl<zwtEukst*ER7w9=L&lKQuV`)1
z*R=$BuB)2xm69^|G*X%Y9$FQ`6wd#F-W2l5kucBPs_zaeIk%ifPOKToxjc-~U-*;a
zzwI>qFm(IFWNKBbLyGZ^(=o=;7kalz##X)cr{bS?8vbV3g;qx}kcnCsx$N^##~-6l
zM{s;@j5FT-_ly8vD8QFIIy?%^eKuW*U2r;XivpPGN`C=2S=g11h$WOKfxFOoF*3I0
zhp+dRV?65KYvi~+Qp@S9BjE@4?L(^A1dHtIoEkxDF&qk*99O7jQznv;TC$*-tm$Gh
zQ%e&+qJf?e#NW0Q(!-a*4R5%Vj8lvjd;c=BP?M4zI9!=ifi8sKB_(Y6B$6yE%uryk
zgdINbjZ6Q;WQ432-b`{>`ebsgVle|@A4|;?fO<_=kb$xrGs@DZlBi;}0=?**o<=?`
zok7yr)M?~CRpB5##VZ&p97&6W0N1^C70F}QG{Er@vx`L8#+hV{Vz2@+x_Kt4q8qP7
zD949IS8PGR4O}FNW?hANuJb=-?J?QfVVkcaHL^A0^Bx@Sa9GVXWULeqh-cxo<e*~U
z(U9o>q3h8oi7#lBZNCAYi~76sEHYX0#zKKJBt$ZsJf%oxpc^OAb+fTtcg-bzWV0CC
z)<{Mv9xKq5LnxJW;T%1cKC>Ee=!{vI!J?Z;EBe6A<ae<<F(=SPA}Y__0zXysZoPCH
zxkE}plou4h%BtJR1VxGlI&e^>ir%~dn|gdEm$?LP+M1`d7WATF*nxZQBs+z4<bKbl
zjZbSG=;im3Hts^F6>aqxNupgJ$9j(ZuWXs=*7r~1bu4W@sg#}A(ZDeN^h7{1<L@Gm
zDY6w9-25Vi{%{YepbtNZxM{-^kT<J`E=I!TWz+hFBqA&KEFfRW(Kvy#np-opUMRQ5
z39-gSWP|JiNBVrxGY52TxSzD6@3_FBmfc4@#T}*K&gTzb80zm=&8)yc0r5CXnn_Mz
zI44n%+R?r9)h@6e50FWs5rUJzAUfwE(v{XdNXlsLam-@c2sw*Xy7@uqvGpM7EBZxj
z!e%{0rl^+DKqr9|=?{}3s@`JfE+-erAE6jq^9Z>@{jgc-O43vQfJ0pOD4C~zgxODz
zse@|arACCKK{d3|)syJR1<;sz6R}4?kNQg5rwecx20TeN@%6OAu|QBZNM8s|c=as3
zn1MH24l!)w?DCf>Y{gULACd;NvI~D*Lib((P|kXW^icG0Ae5j#x*8To^niq6Oaf0?
z&%y9WS}f3A(pIb?7s`2<HaoGF?3D}v3D3lflQUVTf5jIX4?y~X)R%qa#fO52A7PGN
z(S0wGe0KGV<ZRVC7C2L2TA)88rAHjL=;in-;cTDBQ7pRVWm3d0dX>B{+u?2-){Jg-
z-vrx``!FeB4{acqDTZj^!Z-s1!&WIgYQ5A%UR8fPtm!qfQu5>64+NrANhe&4BgG*s
z_T1~_N>ynFCY)MHGu|S_?9MmI%Zei!=m!q*fFzk+zJ=VT=vH8KGo6B7Mz_C>nT&ip
zKHZqZPQF8Km+Zia!W?o7u}xd!O9Z3Phl66h+3;=TV#OB?oG)l}!461kwSzpNDy+c8
z=ubQ)0Wj8J<hlEnwWM_)l2W1YEcO9et5}`D+5aDF8cm5Jri8JWD7gUS^blNlw~|7q
zevCyvxDz*zP!1TJSaT&q<rKNH$S{8X2{}(OSume?BtrXLX{5UwR<&T4?1l-I0(d@l
z`}IZvePJGSy5CgjfB9^nGMCOW%4qp#WP@NsHU`=7J*0FA3M>B{TE(vc3pmK#dvK#j
zrYP1<U~fO|jjxl#;jQC$8b$2NFGxq#$YCqKRQiRdRsmZeaCwW2Y`Skh$)p?m>N&LE
z;}{75IgIHZqr%PncLx1_KiSPY!sQW&2rTZKua(Aw7`Q;-ZFJ57Y;pJRa6zy6R$U-?
z-4f_0(Kysf#lUkEj8-6b?SH^%`E=}1gx&oksZ&2JcH|&Apnf=P-yvl{@l=6beFUp3
z+Jqx)+s_19B`zQwW9R&;PA;;#IC6mC*jN8k%Yp1FF6ZT|fc9PS8;OWzLyj|0BWQH~
z0lhWb`8!YpF-=&54m7wQh`0SGIa79E#@J1N#k+<X*nNzwmfSD{LH>-PfIWEv$c&Hx
zJJ5+kZZDSV(rO|Z!=`CE@?3nhcoVRn=yLb$hz%|0=orm>(I}-;lJpEV-O&FjCE@*U
zH;J8{NYd5JqhU5WMOTB3Mgl!0h_)eBzf(1ep%DkxC}=tC+Ln4B;Y`_hLSu7hN+4^y
z(&FQZ1zBx|F71aM3&W}C^NW^Co7Nj`mTWRo=ufRMrav=v=_%OAeiqZ|uK>=!HA^p-
zUBXrFL09~$m9lrT^{W-l#<jy~6tp7N*hZJPy$!H<Fm38a+S68VLff-CY6dOtrAKMj
z?|?+>%W&Qr-!jtZb4@rO<@tIEeX5s^xWixDLpHl2SHD;+IS}QM|F6t7d3qZCv9}&N
zwP`|dCpx!}4jBJ$1dFzref1cRp*qPfBJeVh<1c61@^$GV*?5uMN79xT>T~71k)*Bn
zy#*Ltte=n-fQ$zwDkv(-*}bLuRjM`|sHK}jS|>Vt3(^WJ!obgVw9}JVeYyUiR2)0<
zQak+>^>>VIuGF`wws?w5=N!{=+3G5NxMYC4aiW7>CmCQ5dU5<v!jZIn7rm6;vH>^J
zE1mQKip9ZEZf0R%*(E9*n2Lx%D_L1LUAh!_-;9$D=5n^CT9+rAzi1vMXcV+Ec0-N+
zsuEyfW?;^v056m2P*X3YDPi2=3qv|pEKa~qurRPRh*>zH5PL16<_rjkHOBNp!cUPC
zin0~9K3ldAS%JP12kp~Cml1&za-e1+55Hn3v}t@FpxeRTy1~kOspI7!{1|yEOC^KC
zG)kcWKL+w_dwbfj*GQ+``yt%`BZ(w7?>`)6p)>T$)enn3(qDg9{XnMqEd5&f!wj*5
z1Jr576Ki<OhX!DE#tqW(sDaBt+8A09Hrlff2J6zOICyAUO2-{EN+`^C0WH?ytO>Z4
zXVB@l2aO794Aq-tdna(207_}~2)!NMJPcba;+rAE^cQ3oh(l^6mI{{V<hYQW+&2=#
z7c!7Y7GP^zI$}Q#{El<=baw4IdQ8<?u#^I)<+Tj8qg90yh$bpTGrE10o=yMChuxVq
zO7AT^eJ9E`ov+V{|9!@2eO3JLgBQlP0)9wO3Cp%JlG?IGWA&S4CwQXTB~d}wjn@r&
z*A}?2wa?(H63A_%krd_?Tg7BzJnGqY5lqe_6Lfj^Ie3w@^&-8elIY-8EzgIDU~*C+
z>r=0epaU<YQ*%XY+9nxzcfXEUd(q2^JG3OaHXm`tf_l9J9e%O?j!*>4WF?pAwNkdl
zJ1@HgJAD78dI!1Gmc^Pb1B2vtSnedD4-VANLB1N{ZyuX<xt;|HpoRH`!fEu_WSo&L
zlXdQy^NJ8lpP~<hDd#`J0h62Z=cno>TQpT4tawbeXBvJ;NfBffdBU9ynxW?@S~O0Z
z+n^V#MlrT>re2~1BZbZdPi=tWmE&s^_RT-_OvPxkKd;ma)enaiUacc_#fO8-v{HOk
zL6=>lx1e`6AS<x+V`#$mYxN@f@HIL@BhF^V+3K&;Td+0PqP>`#8DZ~Tr;k!UqO9W$
z`h`kz45`BGj(KePje5GOw-`RI$du#7;|h^2nmY&kG;oPtLHo>w*`GfLozH8;9ca(d
zUz2^n;hYm6J)T#THNsSi#l-m#AJ9C16HfS|n{-|Fg9jH&Z;sC}Vj>hmsL1eH1HZa4
z8~FBu#J_aNV7+eBLyFF$CiMkG27BOk-Bj{o?EO3RTNRTP=qw_+#(Aih@@#mOJb%Au
zzCJ^Z%n@I_&_#FSP0EbB^*_W+kg1=(07@$c4-cT6Z`kHX;Fz~qs253LNT!#IxQOmO
z*GOX{7wOrmLZDhaU~0TqT;G^U)Ph!sAgbv;ab!5nb{96})4um3%aeA$eoPDz?+Eh{
zLFLk_#rmIuf@FCyr?B2jph9AJct%)H^<3E<{D~6LV)#<MC0qVLToG}s%S5{mm+GBW
zy9n=*6+WaB)fQPV(RTW1qXj#2nVzH=V{F93;-14eakN)1*ZZp$NdEKB0O<A=P{Vh(
zD>Y=%6}qN4oIs7_Scj85<WcNg!%F=uSqaai2vJ!fZF(Gvzx&bnKwuck<MbBvo%<m6
zfiIz8Cs*rP?!FuG{m0|zuB8jbyXQGUN~Y<n^h~;D2@kUuLJbc|x?r6oRt_#pr4Txo
zA=9)6qG-uNzfeJ6`h@<GWakRV#|Cl+TmGcpOD={LVf$9;-PHv6Cp$cBJpMFRyVuiL
zTG^PtAK~;J6O5M3eFn!s(k=N|f=+l9LNNvoj9^jW!*mt=pl4Ea)|L%=4*D(j*K*jL
zHE=e?4}hL{qu+tfTBoP79_!*fc8Gz@{b5M6@yQCpr9yV-UwV!rndmtF;Q_0DLGP;Q
zaK4-AG`tRX_UzxWC{6r30RE8z{m+Z~0oiku_gqZNwqhfnWq72U@;KJ;l>>41L`4nL
zzmp@01*&-bSjPIi9A7i!z9o&ORKww1^MGpaHY`o1yI;}2kiFULwO92^)ubJYAD!qU
z8!+i{8+4BMVV=lzSBS8Xe}h1$Z9-+!M!k(}<AivdQuf;>{cJ@Evq4Sq1py#bjA#*W
zUtWu!R0oc>Ag%s)-1Olp-S|4RQVhw7u{Ym{8!N|R+un>DYR6_@zNIHCHe`3V=q+*O
zI*u8nU%aK`wbI-AZ(N3n#C66ydYa%ggJD+suAZWPn5^qob>d8<rl)ViZFKH?IM=da
zlz}2G8-JrJs$buZ>Bwq}?b)GoP?C3Ivpyf-=HiQlPaW}urFKIpJ^Ue5^o0+V4Kfid
zR)Stad+)?qf{Iqq>i6L(;^$t`5IN`y&cM$2NEta3!DKr`u_d%F3-$~bPNwVwnPo}O
zYHi@Fk!<9n#kM~4F$99v#(m}W0(uzybjU7!l^A3wN=JUGSJL|3*tUw@dM7z{KwKb?
z5VqEYn_0+h?eNcm75w`%we}{S7QXwrULhL*`TBW}x?0V!$=dEycF}~#Xnmo#S8NuW
z_@xLBu_j@gt@{cqE4Ij_*#i&`)_w!u|C{|#1~EMNk;lK*qv}VP+27)3;unC4OEsSl
z>g0DgEdM)#BXH|?`VrYE!frgE*Q-WRh8H4v>PL*7_#wXZa5qcjtN7jr^|o>e`Mt^`
z&pg)f6SPn4fa%0(4;|7oq##_RYYxX33oqh7JED}(#PxajXLKP(5-}-$<g@O-LK7t=
z%KH3Izh6p@#Ng!dkdU1?3V%oRh9r2E4410^fU_{|cic>}!VXxXg024pZnmU3fzHjb
zRR;UVU-6~FUAgj@j$n!}6&?fcI<B8D*9|Y&#Afb338fhP5!S8z7d?CNBS2veAA<@W
zJgKM9drs<ahz<a}Rq&_MIWNvIq>(gn^Ogw`TdNsGst1ehAVwGU!+FUtczA`baZh%T
z5!19JLmE31KChxRB^yE625I=<`Ec1<r5fCK<t<G?p)(AUOqaJXQrRUf3~5G9#NwSr
z+{52_q|u*RqW0OAhIB+sc*4F~)*{`ADUmUX*r|xsXBd+e#bVnt4QbxYn2l%sMhAvd
z#o=5&24F|oMx9(Z+>*Im;m&A-C#~gejAKF#aYuIN)H1vhVg1?~Bjmhs%azKP#%pp6
z=@Xbh_7rV@E@mQnu%hf_p3$Ishy`-EtaSy**eonCj!G7bX19Z1{COb`^)rRWaY@A+
zeoj4Egt>1mGBhR6k>tBejMP;>7vrN2J`aT8-DR-!dJzDOo~1^$s=(-F#f|0gHCC1x
zJYU0GgoPY-vfPmFCtkiYbSQlmJhNr}Dve=ENGwpzh2-!kD3h`F29NQ$5PrbKyW+YI
zklv+(p$>s<vmPA{>DHLGL#K6y9h=Z8UhM=KC>3&100x%wMH$xBC}pgRp$vl)rboJA
z{^i}UDhIn7C&aLU5P~XwdJ`9k*s$8}*sz-J#?NBIc)FL%n^uE&hr?<NWf^d*Ob#0A
zbmLZ;6*AyyL?f|CFvd284Se15=8Z<4pddOw8ZkcC(s(sq;Edt&c&d*59y87$f(Kzs
zU&pZ2j~JWP)98#>&3O2m%3C2lcYzF2ke+Kp=o7u;6){yoMc!`n8Aexjc|UYUKOCsK
z$1{P$1C1{1?*2xI2x+h*!(>8j1S)7rA1r6L0S3Mf8qi-gf(<|;o6tYztDd5<KwaEl
zPiK>d82AG9$Z%DOGg`~@Q2A`{Py=6EJT+9wiP<c3gi$8@g+}{CjIK5CImEJ2iW6@N
z*Pd$})aZTZDxtuSd&!hWzYB~k_U9<$Kbjanp1?%l@#ZjOE<ThbI0oZ+Qh_cT16Zi(
zYM}Jy0Rt(*v497buOnfGikXVn4qVa<{`VYb;FAfgaTI7xf8ovXWCHD8XJoRy6O5NN
zN`aG04%-Kxv(M`I5{#X!Dsh|E!>y@gND<&m;{*SQ(`}I*P}u)}E;aCl!MsaVCBPG&
zI#89JCK+Kui!P2=0wUuQWzwPFB*UO}R{#O|Y_fsxk@`=U3l}w^#8V7>TKwNBaf;3A
zrt{6CbxIWCvIOwY0Q}>7g{!ZPSK7#;0D@<L;H%|YATAnA_kKbu*#lQ|WlFnJ@xnl#
zb1GcF`C21YsBIKk)Az3DL)#Tm+^~Ut1%S_v-)Ow2(NE{bE24ojIb>f#N6$5ICGq|0
z6E!N`rhg@|8FP%O8hvNB;)OLD6o>a)(6x<5C0)Yb*pF{CR%mqb?Qym!P67w`DFFV~
zY~al}gJRcU5fT+SwAJlKSFZ9A+Vno~+f6qkd76H^(Vf-Z2E$K}-K69>{A9)D<<oI@
z8lB`g*R6qGHMd=|5BH6zJUqx4O{d*rjEa*U<R?1@-|??IjT0K}G(<{{AwzIc;w1IB
z%fOc{pDk3C@ZZM7Qx2JQ<U%7%cko1d`bzZ5Qw|I%hh-YQZb7^O3<__+kfZ1&W*h_T
z;m20z+-HmtI}{6B?DPAL%Ow}kh;!&YKaw&wl^R)ue)W)4pO|SaS!USuqK9A`HZMot
zyZZAPKY;wqzIU_fp#!9|sAP{kXq=_dSxZ&BNcg2?#uV8TKC76y+{h#}ovCrckvLCc
z@Gq<|DhaKAB3@wyMu|7V8IKv|gns;}q9Z02bP9SpoACr6<CdpYUx;Uyt-=c-I(L;~
z#}ztMW-1mxV}$7N$1regReRR(jImN2{21N@olQSGM(~-~bFk+Bc-Gi0D-e1O=c$Or
zrFt7SV~tYim~FAy>tHnLt`}4%cy&8e<{^-2$f4t2z;pQ`&%kHBYyK5yu>!+oG6Jaz
zZ2R05vVuQ$JtvWHpg%FAGn>ndZ^gBNx2SCDD=?Jw<&BCTZu?M?V_?WJ;8fkUK3-wr
zKr|;GUfN{fgVC*Ts7mbp#Ab*;nUyxdGVo(y;j5kT-1jSI^xp=)#M-%8wSXST77U4o
zK9U)}?qvdIXMouoBn|nR$dZnFM^^lf@r*{7?@;aGfsXN^(qt>&mg66&T5S6S>CsKy
z#;x01@5U=mX~yyHmTdnHqX3$*O|d`&WLu7v=h9F9i(72ghXy_ze*H742Ug6Y`#v*5
zZ1qkfNa&E=swI@6zS-kz$x1%qCi&Bk<F%H*mZCPF_WKOyd*4p{_3LD4`=TV0D_;ed
zeQMzApb0xwhj?_34u=!^<QGaB+?IL)fHMH#F${mNs(`Y{3W<y__{uQFd1C#(G(Oen
zFMr1QEGPy?jv0{S?qad=|73s`aSWX1f2XvW{rC;PjgEXTM}h<=d+j?u>&L%Slu($0
z(uLVS!1i(DV}~p@=Ae;I==VotXZWHRJIh}Tb09pGjy_`8?8ie~Q7=0bXW^S4XUU=m
ze>Q^jp8c@6^L{q=XmtPYicc62KJI2byag>es+j5STd|CQ<Fi@W|6r)O4%$#F0kJ1q
zq_dxn8b>uc=~p!e#6#L2#?Klp+8?J_EbA|$O0Emk=>q<+xrR+Wt_-{lTy7Ni8#_|G
z-cdt6anisim7nTK;^yZ0y1_np9JqNZYe|yc*XXNSoCVKW1PcSS4mTt(RaL-i87S~>
z1|a-f+z?6e3Or%)0pV*~Bq`4WH`(8#;ev(V6L-|LNJ2?QNkK_PX@SxbB@HDVB?BcB
zr4>pRN;XPslr|`BQF2gnQSwmoQ3_BBQHoHCQA$usQOZ!tQ7TZ{p;V%@N2x;TfYK4A
z6G~^4E+}15x}j8~bVsQ{38I8h!YC$61SN_RL$Oe76bGdTN>7wttgc1xbJzbL;%<LW

delta 18370
zcmZ`>2Y3}#_J4C{(g=j~P7;#PA$etH-h0$g1OaIRQlyHAC_+$IQ4oS%S1~xd97JiZ
zYefM^y($QZZ53&&iv^{)x}bst%PNZS|J^&~@!t>mzR7w|yY1X_Pq}YT|M_QS<2^qs
zrNamG8!}vJ5ztZ<MG4?vrufrI{82WR=CiaU{8u;}ibm}2tW-@GO~Z_bgMnNczFaA=
z=O<mR_|Qn8gf`4n3+cP%O0u1n(uw&fBT!_GXkKbhNV`jsLWPu=HLQ7CO216WwoY7L
zV%Md+9Re2#{%uMNpE44$R<|s$2CnO3)fOaK!IsVKtr@Q-&;~V?u~K_=W~D!vNG#Bb
zHqKRxt-72P`@1aNnF~bgLA!JA<vz0>u@2;yTB}~nw(5T_f&6^?RNk%x+OYQ)Jnl0a
zA$xIgTOVua_QsM(0&CLJ9xNXN&9?K)4kyTBwo)<BADbBpw5G#rl~&aFsFGqG&&sjy
zZ*BTg%!s|Ss*jT4F1Bd~a<J^QcoEC7Lv4=wh-f5G>>_gM?BA4Rx;tH|vFqFY;&&W1
z>}xx0^P91d)zG<A3{TE=cx}4f*y)o5I$~efC9yxTxHTeJE~sf@iBe(@ul>QFLOc}6
zv-U;`?HQp|pFgf!yCaqM!{J(gE^*WTQ1_bAU@&60h(=tsK+_0RT6-_Zx2AM&X;n<l
zv=_(sx?Mzrp-`ZMi_Et^yFABU*=>@~8Hxm|Xz_ilt<^9s)9%qTlwdOh9VNzI)9aQ5
zeJoH8VU_maJ~yk50!D*j=*=@qA(h{)wy@S;Rb;p5Kg=CDkWp*fz(T86pXT<x7j|~%
z7!5{(_O^ld`MpIVfp&6`6@yw>dj_Y7fl{l>uv!}i$Nk<TMxcVG605QchZ;Uq4+Yvu
zs5SiJ6zjru4x<&kxSjp+@N9n|dW6nYG7N5H#P3!&1I5d#plQL;DRfc3l4CCzm6H%0
z3uMvZJ}lQ>f5}*X<j~cuv2kClVcMg{5Am^P*nZ~H+C<Z!Eqz&`eR{(0uD(TsW;9SJ
z^lj@)N}*jbd54dP1_R|D;=vxN*5{XJ+nuL&_Qw+q2a4!Bu9Vsh)4C+MuqaY}UsfvY
z&o1wmAdf<~PR=T{2KULdN6j!@vl9)*^gyXZG+dox{dz%;^=!DrdhW6`+WLyp+yc-(
zd)0sZDa1_s#H_HtWU+W4n}$82=GlE_-|VkK+@K+ksD<`{`gRFe)NXm*aE~z*3<gT9
ztm_KwTdxm$G@)SF-g1NL4LJlw&ZntQt2y?ed2<t-!Ujob{mp%R+E5Uy0cffH>4K#`
zEfg9m^0eB@n!PC5Ua_zrOO@w88Vb>*r`2++?$%~@=He!w0XDd!6k|2qmL+Y-MYm1!
zI|+xeR26rX+n?Ui)mxEJ*s#m)nxCMFV$i+cQi|*?_gw8mq0torT4j&DFYfmiF`=sx
zy6yhi{whRbR>faRt#T{b9^dF6!4MR?S`ZfllVNXNI>u+vBX-4K&S@I<;$_49@#!(@
z^_Egf<(t%GYuiJ~v|x#nv#c`?Q*e13UxpF1C$HG*kIXOwl{9yU(#9V4NUsDm9_Zje
zx2~M$vzj5h_nK*mX2gE(QO)n(G#~tX!Z^0HldYyl)2uyzOR-BH+vQ6(V}Tr6zg^9@
z(;qMKd7~ja_{0UiWZajFo_dPqyIUBI2eP2*SInF>{o2V_%(NDFE443O=c{Tc7P1FF
z7xL^<C>FC`f4<0Gy^;C55)Wdpru<VWvW~u)Y45Wi_Qw;CK*=QL#7n96su#VBE*gp(
z_Gf&cH>PkfWY@l0?@0^?V}S}Q^lGWKXiJK{YqNj+!csrie+>QXx;4)`dvF1u7J#<0
zf^R0<3%8#`9}g7J-hE23ee}&oy#)z}4Xf#$YH_X7;QmU9HRqi&>r~!I`lvtjZO%Kl
zdgBj=p@r7r9YuEjyO;SuC}ArAE9}SK3;7}=rhRb7Vt)eSh6hctb#Qlzeg7`qN9aMA
zzp01ST>J2zS>B?C^_aExUuD+A3$y8gB^c1ePqOI1ekH|z^}~IBzlJ=Uf_1~b;l4nq
z7|y1ER(vwjUr!@u-?HDk<D+5Iu+|+YrDM0ko2mb~)H-t@&-(bgYsCN3rrQ+5UU;Cu
zpNbi!ifVW)n+|^9!=e%E<QG-;ro)MuL=E^^y&uyG?CdWSOB;<@Sw~vi2fym*k1!_G
z1B5x&hOd+DnxoVF8O4Np2#meq>puS2V}^bD+v^g|nDyETPxY&;x??Fc=}UMf_qH2p
zeb=eTYWgkJ2ioILT;z{A9<(<!`Fb3V>-L)OJ$EP?#^wL{kC*zr#N+h)g_!iDpR>Gy
zM}oqSn0va=woWbZq(*{KYtHFPyW4NR;}8kPDb$`7*nj^037;$!rmcfmnYHC>cT1ao
zYffi3Xi4_+v!5rZbiPPY9#6ERyjE2Pd!vek;{5g`CFbM9VNz0+B7QJgVLnk<=ijC(
z-4aAm9&D!6daE3X1OvsiyGbpe;mws~D=j6*S}>|atQ#FV4#zArRZXJ$AuNUONmmZ|
zVj^McK9m(p7i-uuD5cBL+=^w7q%#lVxO)(KrH^9rcQcgCM5j6|(aAJ5pa0fU*_!}I
zF%}8_E=%d+PazVgwVhZw@0Y85;@!a!9mZbV!E0Nn#Z*zCBy%_u{d^wX;42E1k-lg>
zhC8(GM<tJE6f3zt*a+c96JTmARZ{uj5~acyVMOTJGNq8;-%9yC!C+vBYuYPCl$oPy
z+%8vUc!nk-ons$I<<&|GA5^6b^i{@;z<UNkHC;Jg$>bljQ3m)6YMQjFy;4JI6O=A|
zQ9Gq)f-4p%rNyJM07pA0{-KLRLlo?ybl~50QZDvs;aFD)+A2P$Mv42vqb4mH&ARY|
zwaOL#{Gu^FEUeV|Q;UVb+tN^~_?C!rfzKP$c?(0a{4Qc<Ap5V2wLJcMRGIBF$Kfae
znop~`Dk(BBlAbp;>k5Tj6<0n@Q0lO8bvv|NzPy|ArsDbvdXU!lRLUJrVdd!Qvq~1-
zau#d&ZV$z`b9yk0P;EpfwT!>pOYv=(9*j}%G_8oX^+osH`(iIY>#Yp&2Cd^}C=gtQ
zd`LfKi#IntWYXLLN;Qx7SA3UO4+-B#&{CboQu(S26Q@NF3;#gk>c_H7t6566Rq}ob
zHT8!tzBQ;O(^-`zTkp0WX+8UX(f@)!NilfAV5PU;eK<lJL)h2F7b$lnfN`EVRGH}y
zJraU}tna2`8HX#nr)+ve+-kuVT9q~SzV_5OUdg9JDJ-1^jZ&JN*fpx-I%y|ps%i3g
zmLf(g9eloOG^Xo@61pDdhsP*m{Qh(uN?OrFt>#eDnclYPdNj~pf@x4Y#UO}4hZB@+
zK52rIpJ0w-R7yIlvbt`~<n|<`wLf57MeQ6^?VBmq!tFU6!Nw?m7)FfGzg%gfI<aF^
zH}ycSINv8{D7iAi5LSlP)Wam5?Wd;lvon<U{lOv7%%j8kS|L9%Qz`eC(u~u|iL8=$
zy;||@v5s>y%wTQ#L)R$jK4nzr&&^h<JnN!IqfX@7x?ah#W{%3?$@NN8f;#@vwMw#g
zKkG4rXZ|U17W7yw(3uvSESDN@gk`+9TMmE!2IU%mk>C*(I{1pIu&YyUQc4rJFm}6P
z5f07T`HJuC>+vWpT%=S9bNgVny9~SME16Wc5SLvndzP~@K8TkrQl|RL6OZFEuDD$(
z;Hw*yN^i-Hph0D~E3G*${*DP?lvmuLO!wQN2!G%%rL!l?2$`^$OYefkoKpy$+Ojmq
zIp`Y*2d}Q9)|~1KaRf3S9BD0_TSWf@Uh|;Azr07O@RrgD#dyY_l{|0$24VwvKueTd
z-uHeb+b0W0_~a!Cr8U9^f3#6~%*RJUeE5S(Yk$;{2%rBKWmN(nN4TmK^B&8T6o)8k
zMuSm4bh)=oq76eUQa${mhm<i6tANIN>|xkad8p8qPA1YbMSR&K%FqNjgbQXwJ<FkE
z`;=T7b^y^p=3JIZn?J%f4d007oK?#E^3(|_VSd4C#YnJ6a3f~+hgDp$#=ETrna&Tc
zRc><hQnV4RiBlmmD*WcZd1hK*aK%2RxKXiaV;>(^#w9w41qwylgRgu-8SGCEF2wgw
zDkFR<EPop>twBp(!Y)6v10!#|pXG>52Y=^j?|7k$aEK!bu`<CNmN}71zUf)da0n{o
zJKQ`&1{JNt+MG>cuE>f(8PscovpyYZ+r?V8$V5=9XOxz-DwP#j!w@RFL=D~sgmolP
zkdmn8CpIWoCwj-yh{OV4@I02qCpMw_BB4Orw_!HBGM%nds8?Usj8?yZI|h4GC7RjP
z>}@53hGn7O)nl>*a<R8v;VAF;qSC`(w{VQleMy;{Xvg_6uKdaG7G71Mi1!Igk;hlO
zqL>L3{6-ng(<PfRq7A=eeH+GV*`#k$&U(X+gaZX4a_6AAFu@ve;_n>m(7a^+#%t%O
zUjzvT8B_E4Rw%D8#|X4_LTv=$1cl9`F6+?YqHS2dg4ex+h;53Py!Uoxae_07zC?)4
zkGz3?yoHFwI09Wa_!n%#;JX2HGC%#cGR-H|gI4b~1-#)O%2mEp#MdR()D<N>>pf*u
zf-=nK>`)#`v?Dxw=Q+Bp>ks}tm*28W8JHk3_@3RKhl6qGCePXHU9F-W<&*viE%e5%
z$N1h4ut9!1&WHc&oVF3<yZ0%$5=7h!e&HC3*p5&A_?%TX!iYQ(-0}UNV4^;41Ue>y
zEIw(!;s)|UgxnH<tquE9`CFfzV^a)+w>^Lf`VwGNt+fY>`0|72thEv4O^430Pex2^
z2?8Qs{{>dhXBO$9lc!)1{{3$+8bJ4Ekhl2?N86jR8R8B9Ij2uE3>8KE!cQK7LGXmZ
zMa`wx2eDi};p=neg4?)&7Av?xwtNGH^kw4aJ9f^hn<l^X_&KK!dAEEKT;%iZ-<@Nt
z%oxvVQYQLV&5Q?1U0)tn_2fAV6%F#Azdz^PMMJ#jkFaXq0HR^O_9xg!Z}{+ktEGp{
z2mP$fNr3f0x#L2A`HM0o!EFc^x;1V4RY~I4|9XxwiJGu6(ihG+t;|ZuL4HsAz7PMd
z^hrQtSTlIEdHl>7rDsBVTsW7-FHT_zRY9~{?D(Na6gJXvez8|EYB^LXrluOT8K0pt
zH=7_3NQMde0&3LZU8<{KKFeRm0iI&0#k_kGYwnK%;c}7i6N~xmWR_4ZWFD)epUA&S
zVYB?f!DpG0#{QaUoBV7uwlvX>@)gZl!j8hHDRew6HG?JYk64_KZOMB3gMe$3OM8F9
zQoNeUdM3ajIFFu3l*>D3v-y5c@i5<*!(2xbQ$|*(z;RZ3<gtXR#dZEbKI@SXX~2vM
zKZGAIV2Qnm3wysfEh&!=FTwykJ&8y8@?uQKZ^!tN5|8cNvJhR=ijA-C&`g*C{EM!`
zA6Z@!e}Vy-6+`{UEeg>QP*<+-sN?6Sjs)rQGB%UF(2RDMu>v^;Q7DqNpFdS*HFrDf
zaej7$Mt7I9*_F>_yL7$&fX<+z3U+1X6^2V!cYZn}WGybvr&lZ3xXPL<%fvJTfxdr0
z8?%&(3Tj@?hNmN)EGup7h6S{-H7ht@m507*jpd^kDx}cBfb&cBN-%W2!A3xC+>zUh
z)901m`b2|H_2Amdaom+Q<b2YQ+z*pg#jav6yiRAUeD<)DsQOcN=608T#Ch4nex{1{
zR<rT!r=8TL4J(ia#fXOgUwVpWw!wC9_{bGF`uqZ82K}cE_UpEfUAi&nr;7)z4NduU
ze_QOsKYnv*$Nd4VNonoa?CNKdTL<L7OV3N^C#C3xc9_eUD<~7GCr9C;ZYHX}a_$wb
zkjdv464D8Ir(!zL9wVDzyTnuffH+R$JFu%OA9~fLn|6M>uuexiuvwL>Ho0_{{{dZ;
zke@1|#*S=U_4dX}XSy@aPYkce$s<v9C(QT0zSPhuF<&QdG_SJn!YW6~)#sO@8`Qls
zyQ=!8$6UHue?aHukmyinX!)@VsvWU&&QEUqzf=(|=mMVF_c}N{bI;F{$Pks+fc&Oi
zF8OtTK<=f6=rut;aIZ`Lr}LBh*&&)-3-X$Ox#TyVmpqYbq0@qV&pwy@rt_2gITo^l
zYywjb)5)NJkp3sDLV5`M_1a--4Eg(|JL!;l)!ART9W6S4M}9_xW`r@WX5YBv4SzuH
zWlAV50`ir|T=Lt_PwwYGXdTEaTO4=E?>IlX5u*+|n^pa$M|aox>HHK0{Zq%(=bxe)
zBQbR+DY1y<2WZc^V4Y4H>}nPa&?NI5>iDv2l>%C3vT<x`I-NWR1>=KUL?`MI#qsIa
zv74i9jprW|l6FqAfj*34Om}bR!5ACSF%<=uFmCdQcqmawZ7yedv<kH+zV$NJUvaSE
zK#jz5V8^&HJ<v^t&ugZ$8(feXhzSq@RKiEkV3#P#Qh1DSyb{;5kQG6d@<Q?6p@?T*
z#kRPxa3CyU1Xv;6d?PF36|-1KvPXhCA9D>eTv9X8T?F1$oX=(tx&%mV)(ihi$cJ9G
zqun>N0_uD%!t-TQ)ja<7Tvp^_bwo%AyxZ{F>sZ)@nE}&*ExF#EN(5QKLMeq;-N5pl
zZo)y{>qa<HvK!Pbhf(hvS)87{38SsKi9O^}>3rwS@MMz2V8Xn30UPad!~>nE)dGxs
z#VxF_k}mMj?cUfkC&2%0A$!sVM*^KaFaey$_cdVsq{s*_x|NM`L?SELiAryU$mO>|
zq>DdvJG;X9Z=DamlilUeB7+{38G-NbViR4E2p2CMhQ(NLkGB}eoDcF+0(}3yY?U)B
z1Wb$WV>{eNm=9mVHakKP_w)lpB{v({11{dAHGgIDNdiBylr47&V}a3rX5h*DkYd17
z1e*011RqB%W;?71W5D`~+X(Z?goa#j#3VyR9^e8#{UL8oIAsGw5`Ydqf;B3Cm_6#!
zA|)r21Ax0~fzp3_nHk_iSFwSPe1sD#SG!6YK~C`08g`Y7G5O3#SvR*4<4^yM-Q$Rc
zhY%A_1X}U2e`obBEF92f_&@teR>03b&W5>g9ZQb100(@cBP(X|y-%?Q7av1qTvYn`
z>}S|e2Zn=)j3r<MST2=4jO6D}>(~Gn8xEK<QE=&VY_1E^12q!#?RqxW1({f?pw0SH
z`SYv=e|RIi-|0Ob<25#0CmVV&$Pc~1o{%iU_=iR2K;{~#)61-oZ+nRiaw%gx^JVsy
zLy7YhlQ{-jvWb;Y<Eu>Lg|D)U9a1E^>Nl}wOq_ci>8ys=T%|$sosZbcesqPz0{unR
zpU-+7=SJ+Wj$Bkv3F`cYyFNP3SbvdisHUf;X^0Z0YiazKH`#SgS15JOeVY|KU4>1)
z^dH`2!m+@ZM3!R8d+bZ63#4gGC&@AWeRj1A6B8GS4+5-^r|rU|<#^z1^prwq7^?g<
z=^Bhc)cdLPG_{DzOV!e4Z?fi;`7ZKV$FI>kImqHY?2w#$#C&NlJL`-z5~H(owO+L5
zL)M<p`hcMfB4&(y{UB1V)p}TKRyC(nZ^DeM_!pb%@E}jGd;|mMQ0mxr<WZ>XBUa4!
ze2mq0;3neVZ8vCDe8{J)#$}B0#rwV4p-fy%wYO+Ryv66N*dZ{&yvqUhm?HtFw~T5J
zurmJhLDt$OFnQTwc8lAH@wH#Deh#&Xy%(i;p7tfwPtMZ}^M<c*@a1?A+3TXhUc$pi
zV1pzq8VXz@lPKGcvcoPY5~vd(0tjWUZ+ucC5SCe(ImZwbJKUlUA(Jh~kK@=%Sj>Q0
z2$;;Yj6VSlbKp^-nJ%0FFQG#xp`BNr^t2Q4>$dM*i=g8=49hHx{-f7h9A`<ST&if@
zPq+Zz`w2!>ibk9XEkQ1Zkc&y-wLfE<97GH|fNV?^-}H;S0|pM(iBoKzTpuGC=GXkj
z#<>lhzkk~8-w2w4DD67Us_4XX8e+vWtc7!1-EfADm(mTSsDm<T({$Fg*#?eZdnaQv
zQ&F7-F+$>cmg$<kOdacVg|k<ysl6RJ$l~{O5;IGZ)RitljE7RxtDOd}wntOd0d6DA
zPo$}999E=XJBuQ1Cwe0ldVit;8PzGx)NT}RuI>_dm=VUUFD@&TW{Y@r3)Qhp1`c6I
zQESbovP?CHzn!6WbtK{xc9jSYM5EIsF3K0O)NU?;4gyhF<tVz|>=Kx~F<0I062#y_
zh{7sgn6EnK!@yx0CSe3v6%DOZ(`iB*n9+-Rsijo+SFI&wc2KhE#M@e!HjHGNLvp;0
zno9?KlKKMm0)gmFQ%<Q_^l6b=Ahy}i!#Jw4C|g*pKIM!8o?}n9P+Oup7Tv&ew<)q9
zOPkBp3Q7}yqz7`emCpv#CrLO+{^E$jF&$1L!b*GI&{}outbycXe<vqZU**$@J5c1Q
z2(U_;(^gIAnB)Ri3LX^7bk$F7Rp&M_aA4buTva=QH&(>|++J<v&?3_WH>#7`ogeF<
zI(L(S((kZN>M57N#8DQdPkv<=b*2l81?nVBluFb1uQlrJ4g#0fs04z5D5J9>@O~at
zoh#YEX~PuV)K&%G5>{=OSI4Op2#%bW<477fZvABzi<+XCCrl&!+&I>9VN5mXb5lJk
zcO@PROmvc6Ap1!wiWv-2V}@2j_jE(|WnES03NvvGXLnPdc4>58)<fMY`!{h6hlxt(
z0NUEi)fo<*ajpjwC$PULV^-6qLnwCD{ae$P<!D*-%2%vt*)p7kn!{Qho$ZaI5&sYF
z>xK$w8(<Z*pb=!(^j6zYVIOsp7_W(Q+L3l2(aLFeo|ev^?4x#f#t?!JCDU!x_8Tpe
zg8kKGUffT8*u|QG;QwH0a(^|6H(j9iaY^t-%8?8+R79VpViX&O;Idltjg~@Fj%t<k
z+5mOC90e}gP7dwFB1~ztxa;4$P;KW(l6US10|u>hkm`5}CT`kYgI!x<;<!&gC%M;a
zh?*v^U^5(}%wO;%09DXj0=Saa+=xW$>S5}gj%XbG&LUe_O{=T5R6cHmYY|MmI&Ciz
zeCx$(+$D|%Y8_%4rDixs8KbPErc9K*Pn_1;(uz^)$8tufN*E4pueMqiUq4!PTy7Kf
zhp;TK(vxGM4n4*|9V7>w;hs+26^K8(FauUpmQ61n?^;pQ(D{Z-u?&(4CGCz*Ep&WR
zQZB!LBE~Q7KoiC6os(4Ojx=%PN@@2bwS?<a)G~(?$@jQOQ?{dq%i!(7BFu0RI%X~q
z%Pz<BlHfEo?84>6K3y&6_gt>lI=vu`zGb>=qfw{i=`+;f4hDYg)GH+>6pzJC{@hHp
z1LTNC6sm)l?nShE8cU*~SHmD)aI>08XO_Uct)8W};B{B4SuSx51-%i?Tk#uaNo^4P
z@jyg?Xx(fW_x;zX7ox{dJdP`_!yLa6qV;ptQf}3&B2p6QFb5>+HX{7kwXi!5M&~WB
zSA%ZD;1~Q!6>f>(G5Pcx)FQVLrM>fT-gnGZ3u(?;jCJRY>KTU)rJZ?D#&pRP544we
z&wSKFf;ZzlNiZ%+5ysQ&^VJS~&3v_^BQ+G_dlsl|+(sBr%=0L7p?XTnMdiEYBGqt_
zI$o3)E?bNfbY+8j+7XI3;6mu$I}lc$xD#5qXR)d|%UO2^hImhdnm`<Jgqr-dTUFs#
zVTP#Det8>aD0U`}0JA-!p(@_~4pnzSn2Z3?o;%_6KX9kJiQ-2L4t&GifPZ_J+R35E
z>y)sh58kV0JLC8$14d`Vome>ud;A{tSJ@j*bqD!^oA0<+jkxR)c*EkYH#OXcl1;Ds
zRN<vyXgKbx?pO1ir9|#KC}!RA0X4|KTcV=iC28=|P=HT1sug@}qgvp~MDj&OLVK3t
zYFe=rs^y482H-(?T!j2MKWSkHB?j4Y@vfN<|EtOz8HkAsL<EFqFw4|m9U?>(guRh-
z!IR5E2Y>J(HHrSQTs`H$bv)z|d>ruBF0Fw|5MTue4%PN<k0wWtuGU4O1j&Web1Y(u
zB`eh=mroo86lAIXIo6DCUIh(u`iP^tE#L#!s4aQ!8i<i_cpq)8Z8ucV%C%}5pS)JB
zbm5^ut%N`DH#M7YdQ=(-ECKw95+~fMzd41seoRev>BWOC8HNE)>5r>vbl1~3uK)fw
z^lQ#jYNqAGcRa0@h{7<9c@p-q@iD04wmIUoL|}tgKZzO=*k{P)({-Bsw3;V*hd-e<
z=W8DK=8uPS+n!LTyS<wT2GDzJKJ+Oy-B~SER>3>MZN!A2aw?sS)jIHuKl?cH2;xaN
z)oo_Yd534!Dn}svnod5V1z-4_dVz}w!LC%?Re|RK*k@spc-98B&P57kMMzdf!=A@#
z-my^)xrm5|=wxGMCbZC6)5Oit{kpeU1_5?lPS?;yCE9BIYZCAJ0`yq!5Yn@4WjKeY
z-YK;8MVzFD7yWUXE|MPLYD+?onY3U(mRw5T_7Z%=60RP01Vx=e6!Wr|z3oJ)wv7`j
z$_R1KD{87EMDCjug1UG!8vZJV4M~+Erp%!huc}WwGUMm)XV9fJZ~|&S_4=2rt2cqQ
z%O>>`$$(3ylYBK!i#B74x^MPu2p%Om2)^<)=^Q}WaQn0t#HI932ydoJwyLVLCP+U^
z;!;|&&9fj&ieN!7;vxY%BhNZAFY@OUq3uww^{=bH$W=BC{_J+ovZ50F`5UmT4!!%D
zs`p!%W5rwQHx50L2ydfjrxE8x@2DA019w@Mf8Yd2W`v7*!m#Xl7gyEDchx2b8g`%u
z-ve~od+G@X8gZaaI{>|Qhk8=VMj~hC`)Z0S4s}BzZsSgnH11TtO%m2CN+<WIt@z4a
z-h~y7(&AmX!v3`zmdue7b08UeJq^O!_zp7o9q>=-w?Ph)LDd38$3B3$d;SCIT?=>!
z?`i}*{x6)ivmdGz&Vs}1u9EPx`%wBFvd=p}DCV}7@SPt)FRhQ%Tnr){#6SM*$2c=i
zBSdJF^MX&+Y8Mjbz4xml-A07asN%1EhWo)`z_C9JJ5YB3LR%cb+9ye&wD=1c+%5;z
zW-guS&^>SnYCGYO`n$u8gMV0F+hQO%_=mx?;tRDorXnD5{F*@q+ZCUr(F0$iix2({
zvnP3R(f;-&)>cx&>y;0?3wZE9YPJh=AA1+j>LbwKtB$BS*e{5MCoFaC^`p?WHAltO
zE1-r0J@hrku=Q(IafwamnqU2`+QGetU&f&URVJ<f7AoBHTlJ_jpeXNrOkPq#S`0}M
zJbK9EQ;w@??ug@j&Ub1Trx6a)&L*{pZ#se5N`Ab30;H`ocwDBX^4&5G{T_oa{$45@
z1mo?Ke8f2Q2N;aHAJm^5UY(}?gxNgsqni4}r9X-jAZQH^sJJFXLu8;u#4Dc})7k&R
zeSaqdMqt=|n9nDt)RxQstE6+lg+nPAqHsmQ(1s8CMHPv40TV_@#;EI0!NYQ3apV{T
zj3)i2mN<qs^qYE-gM~xhL13$?;dkuc#?$hOg(zIX<??xN_p{L7%riKtQXJkXRSP%=
zyoWQ7NaV#unma0_%v#I0zBGqvnfzTv%XRtiqc-Oe@F}L@<+T_td~@6vco<A`G_5)B
zq2Z^U4g#HsfUt}<Bxz}MY94m8ZV}dDcQX)g6EA*&IONbqV7O(Jx*=H;evJ?;Qv3o&
zc(j|wo2P2RfffjZ<I!-P+dw8T4UyQybc7<$HPiB3aFl9VXl?n4bS>^ekTY$eO>i4=
zj_6WEy^x37t)ugFwk}h1HvtccI>=|Ql<|q0MrqfnnS6VeChkMQA#OJDUKW`RO#}}D
z7U9ElHDPr`L+97zX|vph!4KwZ!dDg;lh7#P!9pym1BvoMMOwYvi1BU3TBh4g911Sp
zU+`lkn(!>Zj~l~<Wwg?oxv-E6qd8?-+7ms>G#4)ON$!hQB&W+Yacv7B5s_%}5nonl
zA_FB5x+m#GC0v7xD>YA)sESICvT7jaSNVO52uC9RQ;oD5T!7XTY>RhsN2;|ZM`kq8
z#i3X;8kh3$wpt6`vaPq!_;ph&5v>*SYuahq&LZHs&>iiyB)1XfjU6=CAVnjDMj_wR
zQF9MGZi$1PG~sz;_;?ghES{m}@n9Ek!SE)?fzgs0Emhpfh(81^>|(9f!m&V6#NFb0
z35K)^PC;y=v{$$)<h#wL5PY%SA?<q!#cd&pTSP#7EDYjQJX;Vy7VJ$j;;zxP|0<Mu
zi&l^<5pmwz)IN8pkeVDPYHPetOzXoWBZ9Mw6E!>jN>?paB0@nODGk)f3hBlkT371%
zfL2IP9nj<p)s}ox5A8vPy7ktO+QP$881hT}+FKs)(Mvm{P*YDA3wxZv=2LoKts^z>
z2YI&)apWag>vOXB@4Yokp|T4-u6SU)D2}zKdHpnlgW)tb1)U+Z$mp+SGHUGWl7?MU
zolXqYI#BwJkiFv=WY_i6V)XD$YI6rs_M4VL!{5;cQsxEP2p@4f^}Ekmu24khjf1pl
zjJgl=Ab49pMC;7xhl^Z@uJdujv~naYFc>{fU}(qxK0=EzIx^ZF5mMsa{Avz0F2zl4
zjMAQ0=<|^tMLf`5)^*A*(N4(i3E=?fBG7QkHXPxENH3uiq{JtPT1+oGG9FnWIlqP9
zV1Dm!WWzXMB3%l)s2-RmT;)>n`$>N11Z|A7mr$iX5-!RurM%T-?Jb4AnCs35DZ8^%
zv>A;4ew8~m{CaeXa7C**Y9^f+=~ud>cu{q7y4IJ`htoYsoR7Ft8^!1fR9D0x!cZKC
zSr%OQ*{ie)M)%M0uwp6@T`Vgi92JpTM&+oBNM2|P_T0msQ!lx<-kZ1B*YgxjI4H(q
zQd699!9n9FmyBVwZJsL|N$8PuaGqAl>3XfT+`TZO$SpT$jL{|6yL?c9&*y1|T(>ZC
zLVacBgI=4jb>UOyYa0}*HeFKaL6=*!qYAZM>~^6``U9*L?O){S;i0soQmQzJD$nl4
zT5Ar(V1@D)xg5}w0itx$j?Y@G?N{i~T^>T5sEWg^6V=?V)eyQaq=AYn%F2AP89j2C
zwc$W6lzShB@<@gnT68B0NsUQKh1AdsIwJb^7}|3nrz$kyHn$sSmgEZY;N3V<LZ!p7
zYW?pO2l%={?o6X`KJ`BBGDhu|x)A8hp(WY?MsF<fAaMeuGp}E&)i|pMYvbgx`MZ`j
z&V|JT<NWdp@4rkNB;hE}2S!LZp+u9;`Eqf-YgRg=#4Du0M6cG9Pum`b{b;rZmUz;`
z+8%}8S>cjFdwjA&DqXF$=g+RxL}n3>j-e2nS8ExJ#=Pv3ONBsHq7_emR4ZjP?{Q};
z5okrP$Fw-3O8gj6GDma*qz!d@Qq%c&k87VPl>Lk=21+taRBu|*BTvCjb$d$tNTK(h
zbUC3Uwa;i>oLNFY2Km*Rj`ZUo%;DW<we8ZbMR0E~U9W{4QX`IR_+mvV;D<MAg^a3S
za=XJm4|d8hH7^KDf68`yGGXao(()O-x7H<vIT+!TUE;4m9XJ2rnMF~1;ed(q5|#$r
z%U^{-BXz6GiR)x=qV7T)Uc=nQXlddl(5N+AwKxZCq(b{PyS>LlPgHEx7!|zjia`2(
zs_-tWMJ*+n&wO1QAvZz~hWNHO#L299-67SHJx`F9^PAqrScEyy@qdaiU6wQmC5;Mx
z^dH)AM+WM^J$GmyDD?GSR|fJ}<75Ruyn0RHLw9N&8D03Hhc%Jpm+qV_I=s9a%S>52
zT`WA+1aBs<{ijw0ZP@K${~xcYOXTsDA8P50G7h*Ta6_jGC$5(Ncb^ty^q2k4s_42&
z8~1BHc*7@JE~B=exL_m10iMX{$$hQ_q=lt~zP$bbZeTk3g^NHeK1J3JIBEwbhIPn8
zh$@j^RNyEov}M%uwA%w72krhzYsJ@mrL}XGENb$dN3=@ZY{y&)2rx%G?{iTwfZm+=
z+C!Kw!l@*bAJ>93eF$_Fw)X>RZFD@x97uZxBU{t9Nvm~kB&i!t!Js8erkac3jY+Jy
zc6s9otwJH=2e%KX$2k=Mk?P0qvzo*VH#9jU27WF3KO~uS|9|1;FaJR+W>ovDGgs6=
zIp*3;PSZfthynt1`T3t*F{oSibrSohe?<vHT%LU0uflz~;wzT~$}`9z`RaGiZhN!I
z;;0iWm9rLA%1iuGKtAVZv=XVP1~h1tO#8ohGD&Q7Qj)ySjEIRMqx|KQ$oA9037F+*
zHEFLxNvcZ%-El}bNRBIXS(=9s^(!ympGwD5lZyHJlq4J0J0(e)CBq2awJ0qKUoyTF
ze5v@-@HNAij;}es7WgvowZxZ+FAHBbz8rkH`10`O<14^dh_47=F}@OfrTALmE5lcg
zuL56de3kgB@Kxh$gRd>VcKF)k>wvE#zE1c$<LiR2245|{AU-kXFun*r9iM^E#23XE
U!xzWb6<;@e-T9)l9=B}%KU&5)%>V!Z

diff --git a/src/etools_datamart/config/wsgi.py b/src/etools_datamart/config/wsgi.py
index 587cd113b..a1121ebd4 100644
--- a/src/etools_datamart/config/wsgi.py
+++ b/src/etools_datamart/config/wsgi.py
@@ -16,6 +16,9 @@
 import os
 
 from django.core.wsgi import get_wsgi_application
+from whitenoise import WhiteNoise
 
 os.environ.setdefault("DJANGO_SETTINGS_MODULE", "etools_datamart.config.settings")
-application = get_wsgi_application()
+
+application = WhiteNoise(get_wsgi_application(), root=os.environ.get('STATIC_ROOT'))
+# application.add_files('/path/to/more/static/files', prefix='more-files/')

From 346bcc7cf2299cd8e1c2f06e85a723b91fda6a7a Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Tue, 18 Dec 2018 13:43:11 +0100
Subject: [PATCH 64/86] updates test database creation command

---
 db/update_etools_schema.sh                                  | 2 +-
 src/etools_datamart/apps/multitenant/postgresql/creation.py | 2 ++
 tests/conftest.py                                           | 3 ++-
 tests/test_commands.py                                      | 3 ++-
 4 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/db/update_etools_schema.sh b/db/update_etools_schema.sh
index 7d1497f7b..7a830f219 100755
--- a/db/update_etools_schema.sh
+++ b/db/update_etools_schema.sh
@@ -138,7 +138,7 @@ echo "Running..."
 # 1 - restore from database dump
 
 if [ "$RESTORE" == "1" ]; then
-    echo "1.1 Dropping ans recreating database ${DATABASE_NAME}"
+    echo "1.1 Dropping and recreating database ${DATABASE_NAME}"
     dropdb -h ${PGHOST} -p ${PGPORT} --if-exists ${DATABASE_NAME} || exit 1
     createdb -h ${PGHOST} -p ${PGPORT} ${DATABASE_NAME} || exit 1
 
diff --git a/src/etools_datamart/apps/multitenant/postgresql/creation.py b/src/etools_datamart/apps/multitenant/postgresql/creation.py
index c507e3593..de15e57d0 100644
--- a/src/etools_datamart/apps/multitenant/postgresql/creation.py
+++ b/src/etools_datamart/apps/multitenant/postgresql/creation.py
@@ -114,6 +114,8 @@ def create_test_db(self, verbosity=1, autoclobber=False, serialize=True, keepdb=
                 "-h", self.connection.settings_dict['HOST'],
                 "-d", self.connection.settings_dict['NAME'],
                 "--no-owner",
+                "--clean",
+                "--if-exists",
                 "--disable-triggers",
                 "--exit-on-error",
                 str(public_dump)]
diff --git a/tests/conftest.py b/tests/conftest.py
index 6f20aabc4..1e5a705ae 100644
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -1,4 +1,5 @@
 import os
+import tempfile
 import warnings
 from pathlib import Path
 
@@ -9,7 +10,7 @@
 def pytest_configure(config):
     # enable this to remove deprecations
     os.environ['CELERY_TASK_ALWAYS_EAGER'] = "1"
-    os.environ['STATIC_URL'] = "."
+    os.environ['STATIC_URL'] = tempfile.gettempdir()
 
 
 # warnings.simplefilter('once', DeprecationWarning)
diff --git a/tests/test_commands.py b/tests/test_commands.py
index 640527525..e169d7ded 100644
--- a/tests/test_commands.py
+++ b/tests/test_commands.py
@@ -24,8 +24,9 @@ def invalidate_cache():
 
 
 @pytest.mark.django_db
-def test_init_setup_all(db, settings, autocreate_users, invalidate_cache):
+def test_init_setup_all(db, settings, autocreate_users, invalidate_cache, tmpdir):
     settings.DEBUG = True
+    settings.STATIC_ROOT = tmpdir
     call_command("init-setup", all=True, refresh=True, stdout=StringIO())
     ModelUser = get_user_model()
     assert ModelUser.objects.exists()

From 2bd8c5f882c119160798b543230582c084500453 Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Tue, 18 Dec 2018 14:14:37 +0100
Subject: [PATCH 65/86] update version

---
 docker/.bumpversion.cfg         | 2 +-
 docker/Makefile                 | 2 +-
 src/etools_datamart/__init__.py | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/docker/.bumpversion.cfg b/docker/.bumpversion.cfg
index 8058f66d3..a72c0c4d7 100644
--- a/docker/.bumpversion.cfg
+++ b/docker/.bumpversion.cfg
@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 1.8a14
+current_version = 1.8a15
 commit = False
 tag = False
 allow_dirty = True
diff --git a/docker/Makefile b/docker/Makefile
index 139cd7255..060835bca 100644
--- a/docker/Makefile
+++ b/docker/Makefile
@@ -4,7 +4,7 @@ DATABASE_URL_ETOOLS?=
 DEVELOP?=0
 DOCKER_PASS?=
 DOCKER_USER?=
-TARGET?=1.8a14
+TARGET?=1.8a15
 # below vars are used internally
 BUILD_OPTIONS?=--squash
 CMD?=datamart
diff --git a/src/etools_datamart/__init__.py b/src/etools_datamart/__init__.py
index 33b796525..7e26027ac 100644
--- a/src/etools_datamart/__init__.py
+++ b/src/etools_datamart/__init__.py
@@ -1,3 +1,3 @@
 NAME = 'etools-datamart'
-VERSION = __version__ = '1.8a14'
+VERSION = __version__ = '1.8a15'
 __author__ = ''

From 4fadfd2e120bd255ca7893c9b86dfa174cc7e7ce Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Tue, 18 Dec 2018 21:35:29 +0100
Subject: [PATCH 66/86] updates tests

---
 src/etools_datamart/apps/etl/admin.py      |  5 ++---
 src/etools_datamart/apps/security/utils.py |  7 +++----
 src/etools_datamart/libs/cache.py          |  7 -------
 tests/.coveragerc                          |  4 ++++
 tests/api/test_api_filtering.py            |  2 +-
 tests/api/test_datamart_security.py        |  6 +++---
 tests/conftest.py                          |  9 +++++++--
 tests/etl/test_etl_admin.py                | 22 +++++++++++-----------
 tests/test_commands.py                     |  2 ++
 tests/test_views.py                        |  5 +++++
 10 files changed, 38 insertions(+), 31 deletions(-)
 delete mode 100644 src/etools_datamart/libs/cache.py

diff --git a/src/etools_datamart/apps/etl/admin.py b/src/etools_datamart/apps/etl/admin.py
index e455c68c8..0c45ce45d 100644
--- a/src/etools_datamart/apps/etl/admin.py
+++ b/src/etools_datamart/apps/etl/admin.py
@@ -1,5 +1,5 @@
 # -*- coding: utf-8 -*-
-from admin_extra_urls.extras import action, link
+from admin_extra_urls.extras import action, ExtraUrlMixin, link
 from admin_extra_urls.mixins import _confirm_action
 from adminactions.mass_update import mass_update
 from crashlog.middleware import process_exception
@@ -13,13 +13,12 @@
 
 from etools_datamart.apps.etl.lock import cache
 from etools_datamart.celery import app
-from etools_datamart.libs.truncate import TruncateTableMixin
 
 from . import models
 
 
 @register(models.EtlTask)
-class EtlTaskAdmin(TruncateTableMixin, admin.ModelAdmin):
+class EtlTaskAdmin(ExtraUrlMixin, admin.ModelAdmin):
     list_display = ('task', 'last_run', 'status', 'time',
                     'last_success', 'last_failure', 'locked', 'scheduling',
                     'unlock_task',
diff --git a/src/etools_datamart/apps/security/utils.py b/src/etools_datamart/apps/security/utils.py
index 9ce9b2e4d..737caa8f3 100644
--- a/src/etools_datamart/apps/security/utils.py
+++ b/src/etools_datamart/apps/security/utils.py
@@ -6,19 +6,18 @@
 
 from etools_datamart.apps.etools.models import UsersUserprofile
 from etools_datamart.apps.security.models import SchemaAccessControl
-from etools_datamart.libs.cache import get_cache_key
+from etools_datamart.libs.version import get_full_version
 
 conn = connections['etools']
 cache = caches['default']
 
 
 def get_allowed_schemas(user):
-    key = get_cache_key('allowed_schemas', user.pk)
+    key = f"allowed_schemas:{get_full_version()}:{config.CACHE_VERSION}:{user.pk}"
     values = cache.get(key)
     if not values:
         if config.DISABLE_SCHEMA_RESTRICTIONS:
             values = conn.all_schemas
-
         elif not user.is_authenticated:
             values = []
         elif user.is_superuser:
@@ -29,8 +28,8 @@ def get_allowed_schemas(user):
                 etools_user = UsersUserprofile.objects.filter(user__email=user.email).first()
                 if etools_user:
                     aa.extend(set(etools_user.countries_available.values_list('schema_name', flat=True)))
-
             values = list(filter(None, aa))
+        cache.set(key, list(values))
     return set(values)
     # return set(map(lambda s: s.lower(), aa))
 
diff --git a/src/etools_datamart/libs/cache.py b/src/etools_datamart/libs/cache.py
deleted file mode 100644
index 7448c0d1b..000000000
--- a/src/etools_datamart/libs/cache.py
+++ /dev/null
@@ -1,7 +0,0 @@
-from constance import config
-
-from etools_datamart.libs.version import get_full_version
-
-
-def get_cache_key(name, *args):
-    return f"{name}:{get_full_version()}:{config.CACHE_VERSION}:{':'.join(map(str,args))}"
diff --git a/tests/.coveragerc b/tests/.coveragerc
index 59098792e..83ef845d2 100644
--- a/tests/.coveragerc
+++ b/tests/.coveragerc
@@ -14,6 +14,10 @@ omit =
         **/apps/etools/models/public_old.py
         **/apps/etools/models/tenant_old.py
         **/tracking/management/commands/track.py
+        **/api/endpoints/unicef/business_area.py
+        **/api/endpoints/unicef/region.py
+        **/api/endpoints/unicef/serializers.py
+
 
 [report]
 # Regexes for lines to exclude from consideration
diff --git a/tests/api/test_api_filtering.py b/tests/api/test_api_filtering.py
index cd039e8a4..de4d019f3 100644
--- a/tests/api/test_api_filtering.py
+++ b/tests/api/test_api_filtering.py
@@ -31,7 +31,7 @@ def test_filter_cache_country_arg(db, client, flt, monkeypatch):
     url = f"/api/latest/etools/audit/engagement/?%s" % flt
     with user_allow_service(client.handler._force_user, EngagementViewSet):
         with user_allow_country(client.handler._force_user, ["bolivia", "chad"]):
-            res = client.get(url)
+            client.get(url)
             res = client.get(url)
     assert fake.data
     assert res.status_code == 200, res.content
diff --git a/tests/api/test_datamart_security.py b/tests/api/test_datamart_security.py
index d05752ee3..debe06dfa 100644
--- a/tests/api/test_datamart_security.py
+++ b/tests/api/test_datamart_security.py
@@ -55,8 +55,8 @@ def test_datamart_user_access_forbidden_countries(user, user_data):
     base = UserStatsViewSet.get_service().endpoint
     with user_allow_service(user, UserStatsViewSet):
         res = client.get(f"{base}?country_name=lebanon,chad")
-        assert res.status_code == 403, res
-        assert res.json() == {'error': "You are not allowed to access schema: 'chad'"}
+    assert res.status_code == 403, res
+    assert res.json() == {'error': "You are not allowed to access schema: 'chad'"}
 
 
 def test_datamart_user_access_wrong_countries(user, user_data):
@@ -106,4 +106,4 @@ def test_access(db, user_type, op, query, code, allowed):
     with user_allow_service(user, HACTViewSet):
         with user_allow_country(user, allowed):
             res = client.get(f"{url}?country_name{op}{query}")
-            assert res.status_code == code, res.content
+    assert res.status_code == code, res.content
diff --git a/tests/conftest.py b/tests/conftest.py
index 1e5a705ae..3501937be 100644
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -2,6 +2,7 @@
 import tempfile
 import warnings
 from pathlib import Path
+from unittest.mock import MagicMock
 
 import pytest
 from _pytest.fixtures import SubRequest
@@ -28,6 +29,11 @@ def django_db_setup(request,
                     django_db_createdb,
                     django_db_modify_db_settings):
     # never touch etools DB
+    if django_db_keepdb:
+        import django.core.management.commands.migrate
+        django.core.management.commands.migrate.emit_pre_migrate_signal = MagicMock()
+        django.core.management.commands.migrate.emit_post_migrate_signal = MagicMock()
+
     from pytest_django.fixtures import django_db_setup as dj_db_setup
     dj_db_setup(request,
                 django_test_environment,
@@ -40,7 +46,6 @@ def django_db_setup(request,
     from unicef_rest_framework.models import Service, UserAccessControl
     from etools_datamart.apps.tracking.models import APIRequestLog
     from test_utilities.factories import UserFactory
-
     with django_db_blocker.unblock():
         Service.objects.load_services()
         UserAccessControl.objects.all().delete()
@@ -66,7 +71,7 @@ def user2(db):
 def reset(monkeypatch):
     # from etools_datamart.state import state
     from django.db import connections
-
+    monkeypatch.setattr("etools_datamart.apps.security.utils.cache", MagicMock(get=lambda *a: []))
     # state.request = None
     conn = connections['etools']
     conn.set_schemas([])
diff --git a/tests/etl/test_etl_admin.py b/tests/etl/test_etl_admin.py
index e6c85675c..366a5e20b 100644
--- a/tests/etl/test_etl_admin.py
+++ b/tests/etl/test_etl_admin.py
@@ -68,17 +68,17 @@ def test_tasklog_refresh(django_app, admin_user, tasklog):
     assert res.status_code == 200
 
 
-def test_tasklog_truncate(django_app, admin_user, tasklog):
-    url = reverse("admin:etl_etltask_changelist")
-    res = django_app.get(url,
-                         user=admin_user,
-                         extra_environ={'HTTP_X_SCHEMA': "public"})
-    assert res.status_code == 200
-    res = res.click("Truncate")
-    res = res.form.submit()
-    assert res.status_code == 302
-    # storage = res.context['messages']
-    # assert [messages.DEFAULT_TAGS[m.level] for m in storage] == ['success'], [m.message for m in storage]
+# def test_tasklog_truncate(django_app, admin_user, tasklog):
+#     url = reverse("admin:etl_etltask_changelist")
+#     res = django_app.get(url,
+#                          user=admin_user,
+#                          extra_environ={'HTTP_X_SCHEMA': "public"})
+#     assert res.status_code == 200
+#     res = res.click("Truncate")
+#     res = res.form.submit()
+#     assert res.status_code == 302
+#     # storage = res.context['messages']
+#     # assert [messages.DEFAULT_TAGS[m.level] for m in storage] == ['success'], [m.message for m in storage]
 
 
 def test_tasklog_inspect(django_app, admin_user, tasklog):
diff --git a/tests/test_commands.py b/tests/test_commands.py
index e169d7ded..94c5fd0a5 100644
--- a/tests/test_commands.py
+++ b/tests/test_commands.py
@@ -8,6 +8,8 @@
 from django.core.management import call_command
 from django.db import OperationalError
 
+pytestmark = pytest.mark.slow
+
 
 @pytest.fixture()
 def autocreate_users():
diff --git a/tests/test_views.py b/tests/test_views.py
index 404c905e9..21f3420b2 100644
--- a/tests/test_views.py
+++ b/tests/test_views.py
@@ -13,3 +13,8 @@ def test_monitor(django_app, admin_user):
     EtlTask.objects.inspect()
     res = django_app.get(reverse('monitor'), user=admin_user)
     assert res.status_code == 200
+
+
+def test_profile(django_app, admin_user):
+    res = django_app.get(reverse('profile'), user=admin_user)
+    assert res.status_code == 200

From 251f61f638266d7146c9b177cbf9d33fa50749fb Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Tue, 18 Dec 2018 22:36:27 +0100
Subject: [PATCH 67/86] updates

---
 src/etools_datamart/apps/data/admin.py        |  2 +-
 .../apps/data/migrations/0001_initial.py      |  8 +++--
 src/etools_datamart/apps/data/models/base.py  |  1 +
 src/etools_datamart/apps/data/models/pmp.py   |  1 -
 .../apps/etl/migrations/0001_initial.py       |  2 +-
 src/etools_datamart/apps/etl/tasks/etl.py     |  5 +++-
 src/etools_datamart/apps/etools/admin.py      |  7 ++++-
 src/etools_datamart/apps/etools/patch.py      | 30 ++++++++++++++++++-
 src/etools_datamart/apps/multitenant/admin.py |  5 ++--
 .../apps/security/migrations/0001_initial.py  |  2 +-
 .../subscriptions/migrations/0001_initial.py  |  2 +-
 ...217_2103.py => 0002_auto_20181218_2043.py} |  4 +--
 .../apps/tracking/migrations/0001_initial.py  |  2 +-
 ...217_2103.py => 0002_auto_20181218_2043.py} |  4 +--
 src/etools_datamart/config/settings.py        |  1 +
 src/unicef_rest_framework/admin/service.py    |  7 +++--
 .../migrations/0001_initial.py                |  2 +-
 ...217_2103.py => 0002_auto_20181218_2043.py} |  6 ++--
 src/unicef_rest_framework/routers.py          |  7 +++++
 src/unicef_security/admin.py                  |  4 +--
 .../migrations/0001_initial.py                |  2 +-
 tests/conftest.py                             |  2 +-
 22 files changed, 78 insertions(+), 28 deletions(-)
 rename src/etools_datamart/apps/subscriptions/migrations/{0002_auto_20181217_2103.py => 0002_auto_20181218_2043.py} (93%)
 rename src/etools_datamart/apps/tracking/migrations/{0002_auto_20181217_2103.py => 0002_auto_20181218_2043.py} (97%)
 rename src/unicef_rest_framework/migrations/{0002_auto_20181217_2103.py => 0002_auto_20181218_2043.py} (98%)

diff --git a/src/etools_datamart/apps/data/admin.py b/src/etools_datamart/apps/data/admin.py
index 6cc15b9ce..efe8c26ba 100644
--- a/src/etools_datamart/apps/data/admin.py
+++ b/src/etools_datamart/apps/data/admin.py
@@ -109,7 +109,7 @@ def refresh(self, request):
 
 @register(models.PMPIndicators)
 class PMPIndicatorsAdmin(DataModelAdmin, TruncateTableMixin):
-    list_display = ('country_name', 'partner_name', 'partner_type', 'business_area_code')
+    list_display = ('country_name', 'partner_name', 'partner_type', 'area_code')
     list_filter = (SchemaFilter,
                    ('partner_type', AllValuesComboFilter),
                    ('pd_ssfa_status', AllValuesComboFilter),
diff --git a/src/etools_datamart/apps/data/migrations/0001_initial.py b/src/etools_datamart/apps/data/migrations/0001_initial.py
index dce761210..265e724c9 100644
--- a/src/etools_datamart/apps/data/migrations/0001_initial.py
+++ b/src/etools_datamart/apps/data/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-17 21:03
+# Generated by Django 2.1.4 on 2018-12-18 20:43
 
 import django.contrib.postgres.fields.jsonb
 import month_field.models
@@ -18,6 +18,7 @@ class Migration(migrations.Migration):
             fields=[
                 ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
                 ('country_name', models.CharField(db_index=True, max_length=50)),
+                ('area_code', models.CharField(db_index=True, max_length=10)),
                 ('schema_name', models.CharField(db_index=True, max_length=50)),
                 ('last_modify_date', models.DateTimeField(auto_now=True)),
                 ('month', month_field.models.MonthField(verbose_name='Month Value')),
@@ -48,6 +49,7 @@ class Migration(migrations.Migration):
             fields=[
                 ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
                 ('country_name', models.CharField(db_index=True, max_length=50)),
+                ('area_code', models.CharField(db_index=True, max_length=10)),
                 ('schema_name', models.CharField(db_index=True, max_length=50)),
                 ('last_modify_date', models.DateTimeField(auto_now=True)),
                 ('year', models.IntegerField()),
@@ -68,6 +70,7 @@ class Migration(migrations.Migration):
             fields=[
                 ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
                 ('country_name', models.CharField(db_index=True, max_length=50)),
+                ('area_code', models.CharField(db_index=True, max_length=10)),
                 ('schema_name', models.CharField(db_index=True, max_length=50)),
                 ('last_modify_date', models.DateTimeField(auto_now=True)),
                 ('created', models.DateTimeField(auto_now=True)),
@@ -121,10 +124,10 @@ class Migration(migrations.Migration):
             fields=[
                 ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
                 ('country_name', models.CharField(db_index=True, max_length=50)),
+                ('area_code', models.CharField(db_index=True, max_length=10)),
                 ('schema_name', models.CharField(db_index=True, max_length=50)),
                 ('last_modify_date', models.DateTimeField(auto_now=True)),
                 ('vendor_number', models.CharField(db_index=True, max_length=255, null=True)),
-                ('business_area_code', models.CharField(db_index=True, max_length=100, null=True)),
                 ('partner_name', models.CharField(db_index=True, max_length=255, null=True)),
                 ('partner_type', models.CharField(db_index=True, max_length=255, null=True)),
                 ('pd_ssfa_ref', models.CharField(max_length=255, null=True)),
@@ -163,6 +166,7 @@ class Migration(migrations.Migration):
             fields=[
                 ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
                 ('country_name', models.CharField(db_index=True, max_length=50)),
+                ('area_code', models.CharField(db_index=True, max_length=10)),
                 ('schema_name', models.CharField(db_index=True, max_length=50)),
                 ('last_modify_date', models.DateTimeField(auto_now=True)),
                 ('month', month_field.models.MonthField(verbose_name='Month Value')),
diff --git a/src/etools_datamart/apps/data/models/base.py b/src/etools_datamart/apps/data/models/base.py
index 3891c199b..b814a8c68 100644
--- a/src/etools_datamart/apps/data/models/base.py
+++ b/src/etools_datamart/apps/data/models/base.py
@@ -21,6 +21,7 @@ class DataMartManager(BaseManager.from_queryset(DataMartQuerySet)):
 
 class DataMartModel(models.Model):
     country_name = models.CharField(max_length=50, db_index=True)
+    area_code = models.CharField(max_length=10, db_index=True)
     schema_name = models.CharField(max_length=50, db_index=True)
     last_modify_date = models.DateTimeField(blank=True, auto_now=True)
 
diff --git a/src/etools_datamart/apps/data/models/pmp.py b/src/etools_datamart/apps/data/models/pmp.py
index fa6783a36..560f5457d 100644
--- a/src/etools_datamart/apps/data/models/pmp.py
+++ b/src/etools_datamart/apps/data/models/pmp.py
@@ -10,7 +10,6 @@
 
 class PMPIndicators(DataMartModel):
     vendor_number = models.CharField(max_length=255, null=True, db_index=True)
-    business_area_code = models.CharField(max_length=100, null=True, db_index=True)
 
     partner_name = models.CharField(max_length=255, null=True, db_index=True)
     partner_type = models.CharField(max_length=255, null=True, db_index=True)
diff --git a/src/etools_datamart/apps/etl/migrations/0001_initial.py b/src/etools_datamart/apps/etl/migrations/0001_initial.py
index b23182359..13f136c3c 100644
--- a/src/etools_datamart/apps/etl/migrations/0001_initial.py
+++ b/src/etools_datamart/apps/etl/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-17 21:03
+# Generated by Django 2.1.4 on 2018-12-18 20:43
 
 import django.contrib.postgres.fields.jsonb
 import django.db.models.deletion
diff --git a/src/etools_datamart/apps/etl/tasks/etl.py b/src/etools_datamart/apps/etl/tasks/etl.py
index bc0733078..ed56e5508 100644
--- a/src/etools_datamart/apps/etl/tasks/etl.py
+++ b/src/etools_datamart/apps/etl/tasks/etl.py
@@ -97,6 +97,7 @@ def load_hact():
                       completed_special_audits=data['assurance_activities']['special_audit'],
                       )
         op = process(HACT, filters=dict(year=today.year,
+                                        area_code=country.business_area_code,
                                         country_name=country.name,
                                         schema_name=country.schema_name),
                      values=values)
@@ -139,7 +140,7 @@ def load_pmp_indicator() -> EtlResult:
                 has_assessment = bool(getattr(partner.current_core_value_assessment, 'assessment', False))
                 values = {'country_name': country.name,
                           'schema_name': country.schema_name,
-                          'business_area_code': country.business_area_code,
+                          'area_code': country.business_area_code,
                           'partner_name': partner.name,
                           'partner_type': partner.cso_type,
                           'vendor_number': partner.vendor_number,
@@ -276,6 +277,7 @@ def load_intervention() -> EtlResult:
                           )
             op = process(Intervention, filters=dict(country_name=country.name,
                                                     schema_name=country.schema_name,
+                                                    area_code=country.business_area_code,
                                                     agreement_id=record.agreement.pk,
                                                     intervention_id=record.pk),
                          values=values)
@@ -344,6 +346,7 @@ def load_fam_indicator() -> EtlResult:
                 #     raise
             op = process(FAMIndicator, filters=dict(month=start_date,
                                                     country_name=country.name,
+                                                    area_code=country.business_area_code,
                                                     schema_name=country.schema_name),
                          values=values)
             results.incr(op)
diff --git a/src/etools_datamart/apps/etools/admin.py b/src/etools_datamart/apps/etools/admin.py
index bef8553a2..db3bd4fc1 100644
--- a/src/etools_datamart/apps/etools/admin.py
+++ b/src/etools_datamart/apps/etools/admin.py
@@ -65,7 +65,12 @@ class PartnersInterventionAdmin(TenantModelAdmin):
 
 @register(models.T2FTravel)
 class T2FTravelAdmin(TenantModelAdmin):
-    pass
+    list_display = ("id", "schema", "office", "currency", "status", "purpose")
+
+    # list_filter = ("status", )
+    def get_queryset(self, request):
+        return models.T2FTravel.objects.select_related("currency",
+                                                       "office")
 
 
 @register(models.ReportsAppliedindicator)
diff --git a/src/etools_datamart/apps/etools/patch.py b/src/etools_datamart/apps/etools/patch.py
index 768ce6495..f5f0fc362 100644
--- a/src/etools_datamart/apps/etools/patch.py
+++ b/src/etools_datamart/apps/etools/patch.py
@@ -7,7 +7,7 @@
 from django.utils.translation import ugettext as _
 from unicef_security.models import User
 
-from etools_datamart.apps.etools.models import PartnersPlannedengagement
+from etools_datamart.apps.etools.models import PartnersPlannedengagement, T2FTravel
 
 
 def label(attr, self):
@@ -163,3 +163,31 @@ def patch():
                 'planned_budget'], ['partnersintervention_funds_fundsreservationheader_intervention_id',
                                     'frs'])
     create_alias(PartnersIntervention, aliases)
+
+    T2FTravel.PLANNED = 'planned'
+    T2FTravel.SUBMITTED = 'submitted'
+    T2FTravel.REJECTED = 'rejected'
+    T2FTravel.APPROVED = 'approved'
+    T2FTravel.CANCELLED = 'cancelled'
+    T2FTravel.SENT_FOR_PAYMENT = 'sent_for_payment'
+    T2FTravel.CERTIFICATION_SUBMITTED = 'certification_submitted'
+    T2FTravel.CERTIFICATION_APPROVED = 'certification_approved'
+    T2FTravel.CERTIFICATION_REJECTED = 'certification_rejected'
+    T2FTravel.CERTIFIED = 'certified'
+    T2FTravel.COMPLETED = 'completed'
+
+    T2FTravel.CHOICES = (
+        (T2FTravel.PLANNED, _('Planned')),
+        (T2FTravel.SUBMITTED, _('Submitted')),
+        (T2FTravel.REJECTED, _('Rejected')),
+        (T2FTravel.APPROVED, _('Approved')),
+        (T2FTravel.COMPLETED, _('Completed')),
+        (T2FTravel.CANCELLED, _('Cancelled')),
+        (T2FTravel.SENT_FOR_PAYMENT, _('Sent for payment')),
+        (T2FTravel.CERTIFICATION_SUBMITTED, _('Certification submitted')),
+        (T2FTravel.CERTIFICATION_APPROVED, _('Certification approved')),
+        (T2FTravel.CERTIFICATION_REJECTED, _('Certification rejected')),
+        (T2FTravel.CERTIFIED, _('Certified')),
+        (T2FTravel.COMPLETED, _('Completed')),
+    )
+    T2FTravel._meta.get_field('status').choices = T2FTravel.CHOICES
diff --git a/src/etools_datamart/apps/multitenant/admin.py b/src/etools_datamart/apps/multitenant/admin.py
index 61be9af9d..0ecfa7bc2 100644
--- a/src/etools_datamart/apps/multitenant/admin.py
+++ b/src/etools_datamart/apps/multitenant/admin.py
@@ -5,7 +5,7 @@
 from django.contrib.admin.utils import quote
 from django.contrib.admin.views.main import ChangeList
 from django.core.exceptions import MultipleObjectsReturned, ValidationError
-from django.db import connections
+from django.db import connections, models
 from django.http import HttpResponseRedirect
 from django.urls import reverse
 
@@ -86,7 +86,8 @@ def has_delete_permission(self, request, obj=None):
 class DisplayAllMixin:
     def get_list_display(self, request):  # pragma: no cover
         if self.list_display == ('__str__',):
-            return [field.name for field in self.model._meta.fields]
+            return [field.name for field in self.model._meta.fields
+                    if not isinstance(field, models.ForeignKey)]
         return self.list_display
 
 
diff --git a/src/etools_datamart/apps/security/migrations/0001_initial.py b/src/etools_datamart/apps/security/migrations/0001_initial.py
index f821ac1a0..5526c6863 100644
--- a/src/etools_datamart/apps/security/migrations/0001_initial.py
+++ b/src/etools_datamart/apps/security/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-17 21:03
+# Generated by Django 2.1.4 on 2018-12-18 20:43
 
 import django.contrib.postgres.fields
 import django.db.models.deletion
diff --git a/src/etools_datamart/apps/subscriptions/migrations/0001_initial.py b/src/etools_datamart/apps/subscriptions/migrations/0001_initial.py
index 934cf094b..860216c57 100644
--- a/src/etools_datamart/apps/subscriptions/migrations/0001_initial.py
+++ b/src/etools_datamart/apps/subscriptions/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-17 21:03
+# Generated by Django 2.1.4 on 2018-12-18 20:43
 
 import django.db.models.deletion
 from django.db import migrations, models
diff --git a/src/etools_datamart/apps/subscriptions/migrations/0002_auto_20181217_2103.py b/src/etools_datamart/apps/subscriptions/migrations/0002_auto_20181218_2043.py
similarity index 93%
rename from src/etools_datamart/apps/subscriptions/migrations/0002_auto_20181217_2103.py
rename to src/etools_datamart/apps/subscriptions/migrations/0002_auto_20181218_2043.py
index 035b5e1c6..b221d04ae 100644
--- a/src/etools_datamart/apps/subscriptions/migrations/0002_auto_20181217_2103.py
+++ b/src/etools_datamart/apps/subscriptions/migrations/0002_auto_20181218_2043.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-17 21:03
+# Generated by Django 2.1.4 on 2018-12-18 20:43
 
 import django.db.models.deletion
 from django.conf import settings
@@ -10,8 +10,8 @@ class Migration(migrations.Migration):
     initial = True
 
     dependencies = [
-        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
         ('subscriptions', '0001_initial'),
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
     ]
 
     operations = [
diff --git a/src/etools_datamart/apps/tracking/migrations/0001_initial.py b/src/etools_datamart/apps/tracking/migrations/0001_initial.py
index 27bbc9450..22e43bb4e 100644
--- a/src/etools_datamart/apps/tracking/migrations/0001_initial.py
+++ b/src/etools_datamart/apps/tracking/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-17 21:03
+# Generated by Django 2.1.4 on 2018-12-18 20:43
 
 import django.utils.timezone
 import strategy_field.fields
diff --git a/src/etools_datamart/apps/tracking/migrations/0002_auto_20181217_2103.py b/src/etools_datamart/apps/tracking/migrations/0002_auto_20181218_2043.py
similarity index 97%
rename from src/etools_datamart/apps/tracking/migrations/0002_auto_20181217_2103.py
rename to src/etools_datamart/apps/tracking/migrations/0002_auto_20181218_2043.py
index 73dc74bc7..7a26fe5be 100644
--- a/src/etools_datamart/apps/tracking/migrations/0002_auto_20181217_2103.py
+++ b/src/etools_datamart/apps/tracking/migrations/0002_auto_20181218_2043.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-17 21:03
+# Generated by Django 2.1.4 on 2018-12-18 20:43
 
 import django.db.models.deletion
 from django.conf import settings
@@ -10,8 +10,8 @@ class Migration(migrations.Migration):
     initial = True
 
     dependencies = [
-        ('unicef_rest_framework', '0001_initial'),
         ('tracking', '0001_initial'),
+        ('unicef_rest_framework', '0001_initial'),
         migrations.swappable_dependency(settings.AUTH_USER_MODEL),
     ]
 
diff --git a/src/etools_datamart/config/settings.py b/src/etools_datamart/config/settings.py
index 08a7caeef..1aae5bdb9 100644
--- a/src/etools_datamart/config/settings.py
+++ b/src/etools_datamart/config/settings.py
@@ -283,6 +283,7 @@
     'etools_datamart.api',
 
     'admin_extra_urls',
+    'adminactions',
     'unicef_rest_framework.apps.Config',
     'rest_framework',
     'oauth2_provider',
diff --git a/src/unicef_rest_framework/admin/service.py b/src/unicef_rest_framework/admin/service.py
index dff247b86..c76cd071d 100644
--- a/src/unicef_rest_framework/admin/service.py
+++ b/src/unicef_rest_framework/admin/service.py
@@ -5,6 +5,7 @@
 import os
 
 from admin_extra_urls.extras import action, ExtraUrlMixin, link
+from adminactions.mass_update import mass_update
 from constance import config
 from django.contrib import admin
 from django.contrib.admin.templatetags.admin_urls import admin_urlname
@@ -39,7 +40,7 @@ def get_stash_url(obj, label=None, **kwargs):
 
 
 class ServiceAdmin(ExtraUrlMixin, admin.ModelAdmin):
-    list_display = ('name', 'visible', 'access', 'cache_version', 'basename', 'json', 'admin')
+    list_display = ('name', 'visible', 'access', 'cache_version', 'suffix', 'json', 'admin')
     list_filter = ('hidden', 'access')
 
     search_fields = ('name', 'viewset')
@@ -49,13 +50,13 @@ class ServiceAdmin(ExtraUrlMixin, admin.ModelAdmin):
     filter_horizontal = ('linked_models',)
     fieldsets = [("", {"fields": ('name',
                                   'description',
-                                  'access',
+                                  ('access', 'hidden',),
                                   # 'confidentiality',
-                                  # 'hidden',
                                   ('source_model', 'basename'),
                                   ('suffix', 'endpoint'),
                                   'linked_models',
                                   )})]
+    actions = [mass_update, ]
 
     # change_list_template = 'admin/unicef_rest_framework/service/change_list.html'
 
diff --git a/src/unicef_rest_framework/migrations/0001_initial.py b/src/unicef_rest_framework/migrations/0001_initial.py
index cdb1e1e3c..2fd3940bc 100644
--- a/src/unicef_rest_framework/migrations/0001_initial.py
+++ b/src/unicef_rest_framework/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-17 21:03
+# Generated by Django 2.1.4 on 2018-12-18 20:43
 
 import uuid
 
diff --git a/src/unicef_rest_framework/migrations/0002_auto_20181217_2103.py b/src/unicef_rest_framework/migrations/0002_auto_20181218_2043.py
similarity index 98%
rename from src/unicef_rest_framework/migrations/0002_auto_20181217_2103.py
rename to src/unicef_rest_framework/migrations/0002_auto_20181218_2043.py
index 460d2794b..4904f12d3 100644
--- a/src/unicef_rest_framework/migrations/0002_auto_20181217_2103.py
+++ b/src/unicef_rest_framework/migrations/0002_auto_20181218_2043.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-17 21:03
+# Generated by Django 2.1.4 on 2018-12-18 20:43
 
 import django.db.models.deletion
 from django.conf import settings
@@ -10,9 +10,9 @@ class Migration(migrations.Migration):
     initial = True
 
     dependencies = [
-        ('unicef_rest_framework', '0001_initial'),
         ('contenttypes', '0002_remove_content_type_name'),
         ('auth', '0009_alter_user_last_name_max_length'),
+        ('unicef_rest_framework', '0001_initial'),
         migrations.swappable_dependency(settings.AUTH_USER_MODEL),
     ]
 
@@ -136,7 +136,7 @@ class Migration(migrations.Migration):
         ),
         migrations.AlterUniqueTogether(
             name='systemfilter',
-            unique_together={('service', 'group'), ('service', 'user')},
+            unique_together={('service', 'user'), ('service', 'group')},
         ),
         migrations.AlterUniqueTogether(
             name='groupaccesscontrol',
diff --git a/src/unicef_rest_framework/routers.py b/src/unicef_rest_framework/routers.py
index 96b604c77..0dccc1920 100644
--- a/src/unicef_rest_framework/routers.py
+++ b/src/unicef_rest_framework/routers.py
@@ -7,6 +7,7 @@
 from rest_framework.response import Response
 from rest_framework.reverse import reverse
 from rest_framework.routers import DynamicRoute, Route
+from unicef_rest_framework.models import Service
 
 logger = logging.getLogger(__name__)
 
@@ -24,6 +25,12 @@ def get(self, request, *args, **kwargs):
         ret = OrderedDict()
         namespace = request.resolver_match.namespace
         for key, url_name in self.api_root_dict.items():
+            hidden = Service.objects.get(suffix=key).hidden
+            if hidden:
+                if request.user.is_superuser:
+                    key = f" * {key}"
+                else:
+                    continue
             if namespace:
                 url_name = namespace + ':' + url_name
             try:
diff --git a/src/unicef_security/admin.py b/src/unicef_security/admin.py
index e8a6aa022..d4a4ed780 100644
--- a/src/unicef_security/admin.py
+++ b/src/unicef_security/admin.py
@@ -56,8 +56,8 @@ class FF(Form):
 @admin.register(User)
 class UserAdmin2(ExtraUrlMixin, UserAdmin):
     list_display = ['username', 'display_name', 'email', 'is_staff',
-                    'is_superuser', 'is_linked', 'last_login']
-    list_filter = ['is_superuser', 'is_staff']
+                    'is_active', 'is_superuser', 'is_linked', 'last_login']
+    list_filter = ['is_superuser', 'is_staff', 'is_active']
     search_fields = ['username', 'display_name']
     fieldsets = (
         (None, {'fields': (('username', 'azure_id'), 'password')}),
diff --git a/src/unicef_security/migrations/0001_initial.py b/src/unicef_security/migrations/0001_initial.py
index d0e3fcc4d..73d32e325 100644
--- a/src/unicef_security/migrations/0001_initial.py
+++ b/src/unicef_security/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-17 21:03
+# Generated by Django 2.1.4 on 2018-12-18 20:43
 
 import django.contrib.auth.models
 import django.contrib.auth.validators
diff --git a/tests/conftest.py b/tests/conftest.py
index 3501937be..ab410472c 100644
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -11,7 +11,7 @@
 def pytest_configure(config):
     # enable this to remove deprecations
     os.environ['CELERY_TASK_ALWAYS_EAGER'] = "1"
-    os.environ['STATIC_URL'] = tempfile.gettempdir()
+    os.environ['STATIC_ROOT'] = tempfile.gettempdir()
 
 
 # warnings.simplefilter('once', DeprecationWarning)

From 582c91822c6bc10599be3d07cdc87b9e37594137 Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Tue, 18 Dec 2018 22:41:33 +0100
Subject: [PATCH 68/86] fixes pagination filter

---
 src/unicef_rest_framework/pagination.py | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/unicef_rest_framework/pagination.py b/src/unicef_rest_framework/pagination.py
index 970c3ec81..92c7af40a 100644
--- a/src/unicef_rest_framework/pagination.py
+++ b/src/unicef_rest_framework/pagination.py
@@ -37,9 +37,10 @@ def get_template_context(self, request, queryset, view):
         return context
 
     def to_html(self, request, queryset, view):
-        template = loader.get_template(self.template)
-        context = self.get_template_context(request, queryset, view)
-        return template.render(context)
+        if view.pagination_class:
+            template = loader.get_template(self.template)
+            context = self.get_template_context(request, queryset, view)
+            return template.render(context)
 
     def get_default_pagination(self, view):
         return view.pagination_class.page_size

From 1de88ed88b4afbf1c4ea0fc9c08b371c09a99f0b Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Thu, 20 Dec 2018 15:42:51 +0100
Subject: [PATCH 69/86] loader refactory and locations

---
 Pipfile                                       |   1 +
 Pipfile.lock                                  |  29 +-
 setup.cfg                                     |   6 +-
 src/etools_datamart/apps/data/admin.py        |  41 +-
 src/etools_datamart/apps/data/loader.py       | 265 ++++++
 .../apps/data/management/__init__.py          |   0
 .../apps/data/management/commands/__init__.py |   0
 .../apps/data/management/commands/load.py     |  64 ++
 .../apps/data/migrations/0001_initial.py      |  49 +-
 .../migrations/0002_auto_20181220_1044.py     |  18 +
 .../migrations/0003_auto_20181220_1102.py     |  22 +
 .../apps/data/models/__init__.py              |   1 +
 src/etools_datamart/apps/data/models/base.py  |  41 +-
 src/etools_datamart/apps/data/models/fam.py   |  32 +
 src/etools_datamart/apps/data/models/hact.py  |  31 +
 .../apps/data/models/intervention.py          |  35 +
 .../apps/data/models/location.py              |  51 ++
 src/etools_datamart/apps/data/models/pmp.py   |  59 ++
 src/etools_datamart/apps/data/models/user.py  |  33 +
 src/etools_datamart/apps/etl/lock.py          |   4 +-
 .../apps/etl/migrations/0001_initial.py       |   2 +-
 src/etools_datamart/apps/etl/models.py        |  12 +-
 src/etools_datamart/apps/etl/results.py       | 100 ++-
 src/etools_datamart/apps/etl/tasks/etl.py     | 808 +++++++++---------
 .../apps/multitenant/postgresql/base.py       |   7 +-
 src/etools_datamart/apps/security/admin.py    |   7 +-
 src/etools_datamart/apps/security/forms.py    |  21 +
 .../apps/security/migrations/0001_initial.py  |   2 +-
 .../security/static/security/array_widget.js  |  12 +
 .../schemaaccesscontrol/change_form.html      |  20 +
 .../templates/security/array_widget.html      |  10 +
 .../subscriptions/migrations/0001_initial.py  |   2 +-
 ...218_2043.py => 0002_auto_20181220_1037.py} |   2 +-
 .../apps/tracking/migrations/0001_initial.py  |   2 +-
 ...218_2043.py => 0002_auto_20181220_1037.py} |   4 +-
 src/etools_datamart/celery.py                 |  56 +-
 src/etools_datamart/config/settings.py        |   1 +
 src/etools_datamart/config/wsgi.py            |   3 +-
 .../migrations/0001_initial.py                |   2 +-
 ...218_2043.py => 0002_auto_20181220_1037.py} |   8 +-
 .../migrations/0001_initial.py                |   2 +-
 tests/.coveragerc                             |   1 +
 tests/conftest.py                             |   8 +-
 tests/etl/test_etl_loaders.py                 | 108 ++-
 tests/etl/test_etl_result.py                  |  27 +-
 tests/etl/test_etl_tasklog.py                 |  32 +-
 tests/exporters/test_exporter_data.py         |   5 +-
 tests/test_celery.py                          |   2 +-
 tests/test_views.py                           |   6 +
 49 files changed, 1429 insertions(+), 625 deletions(-)
 create mode 100644 src/etools_datamart/apps/data/loader.py
 create mode 100644 src/etools_datamart/apps/data/management/__init__.py
 create mode 100644 src/etools_datamart/apps/data/management/commands/__init__.py
 create mode 100644 src/etools_datamart/apps/data/management/commands/load.py
 create mode 100644 src/etools_datamart/apps/data/migrations/0002_auto_20181220_1044.py
 create mode 100644 src/etools_datamart/apps/data/migrations/0003_auto_20181220_1102.py
 create mode 100644 src/etools_datamart/apps/data/models/location.py
 create mode 100644 src/etools_datamart/apps/security/forms.py
 create mode 100644 src/etools_datamart/apps/security/static/security/array_widget.js
 create mode 100644 src/etools_datamart/apps/security/templates/admin/security/schemaaccesscontrol/change_form.html
 create mode 100644 src/etools_datamart/apps/security/templates/security/array_widget.html
 rename src/etools_datamart/apps/subscriptions/migrations/{0002_auto_20181218_2043.py => 0002_auto_20181220_1037.py} (93%)
 rename src/etools_datamart/apps/tracking/migrations/{0002_auto_20181218_2043.py => 0002_auto_20181220_1037.py} (97%)
 rename src/unicef_rest_framework/migrations/{0002_auto_20181218_2043.py => 0002_auto_20181220_1037.py} (98%)

diff --git a/Pipfile b/Pipfile
index 9180c3e7c..dd26cb219 100644
--- a/Pipfile
+++ b/Pipfile
@@ -59,6 +59,7 @@ django-adminactions = "*"
 django-dbtemplates = {file = "https://github.com/jazzband/django-dbtemplates/archive/2.0.1.tar.gz"}
 versio = "*"
 django-advanced-filters = "*"
+django-mptt = "*"
 
 [dev-packages]
 "flake8" = ">=3.6.0"
diff --git a/Pipfile.lock b/Pipfile.lock
index 69ecc7ceb..a9a1fff8a 100644
--- a/Pipfile.lock
+++ b/Pipfile.lock
@@ -1,7 +1,7 @@
 {
     "_meta": {
         "hash": {
-            "sha256": "7a29728791906015202ba6cf938da292e2bebd32289e0f52e65e01d83358ec18"
+            "sha256": "f924d34ed0e5fe945a69c08abc433c1c319076bdad8133574cc14a987484796b"
         },
         "pipfile-spec": 6,
         "requires": {
@@ -891,6 +891,13 @@
             "index": "pypi",
             "version": "==2.0.0"
         },
+        "django-js-asset": {
+            "hashes": [
+                "sha256:30149158206f693a5d027fe590096fc84495486bd11cd77d395b4f2ec27fc1d0",
+                "sha256:a395d8d19eb201ea8d2bd4f145b38f1717cd74c0f609f040141d8724c5a27f36"
+            ],
+            "version": "==1.1.0"
+        },
         "django-model-utils": {
             "hashes": [
                 "sha256:2c057f3bf0859aba27f04389f0cedd2d48f8c9b3848acb86fd9970794e58f477",
@@ -899,6 +906,14 @@
             "index": "pypi",
             "version": "==3.1.2"
         },
+        "django-mptt": {
+            "hashes": [
+                "sha256:18a41d1b56ca7c02a5b04d246e33ee2d18f6ee5459c02ed1d945f5abdef23a2e",
+                "sha256:689a04cce0981671d6061a9928c33a16b47abb0d4cd43cf7dec31ae284fdae9d"
+            ],
+            "index": "pypi",
+            "version": "==0.9.1"
+        },
         "django-oauth-toolkit": {
             "hashes": [
                 "sha256:ad1b76275950ebbff708222cec57bbdb879f89bac7df6b9dee0f4b9db485c264"
@@ -1201,10 +1216,10 @@
         },
         "msrestazure": {
             "hashes": [
-                "sha256:1118d52fb60fd71732a51bcb669189af4f72f40ea460e656465ee83c4738f2a0",
-                "sha256:fd1bcb9652cf04b711e21dcbef377a7e43f9492afeb0a59622b5623ce8715825"
+                "sha256:86695c9728e91ee6f4cbb3b6e82ebd92233b72b6e145f7dcafa6b2da17412b88",
+                "sha256:99b185dcfc94f4ac2f7792691b865958c5a9871281cd618c50963c6b8d23401b"
             ],
-            "version": "==0.5.1"
+            "version": "==0.6.0"
         },
         "oauthlib": {
             "hashes": [
@@ -1387,11 +1402,11 @@
         },
         "raven": {
             "hashes": [
-                "sha256:3fd787d19ebb49919268f06f19310e8112d619ef364f7989246fc8753d469888",
-                "sha256:95f44f3ea2c1b176d5450df4becdb96c15bf2632888f9ab193e9dd22300ce46a"
+                "sha256:3fa6de6efa2493a7c827472e984ce9b020797d0da16f1db67197bcc23c8fae54",
+                "sha256:44a13f87670836e153951af9a3c80405d36b43097db869a36e92809673692ce4"
             ],
             "index": "pypi",
-            "version": "==6.9.0"
+            "version": "==6.10.0"
         },
         "redis": {
             "hashes": [
diff --git a/setup.cfg b/setup.cfg
index 4d37930c9..ba786575c 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -27,7 +27,7 @@ tag_svn_revision = 0
 max-line-length = 160
 ;exclude = .tox,migrations,.git,docs,diff_match_patch.py,deploy/**,settings,**/etools/models/__init__.py
 exclude = **/migrations/**,
-;ignore = E501,E401,W391,E128,E261,E731
-
+ignore = E501,E401,E731,W504
+;W391,E128,E261,
 [pycodestyle]
-ignore = E501,E401,W391,E128,E261
+ignore = E501,E401,W391,E128,E261,E731
diff --git a/src/etools_datamart/apps/data/admin.py b/src/etools_datamart/apps/data/admin.py
index efe8c26ba..ab9078c3d 100644
--- a/src/etools_datamart/apps/data/admin.py
+++ b/src/etools_datamart/apps/data/admin.py
@@ -3,6 +3,7 @@
 from time import time
 
 from admin_extra_urls.extras import ExtraUrlMixin, link
+from adminactions.mass_update import mass_update
 from adminfilters.filters import AllValuesComboFilter
 from crashlog.middleware import process_exception
 from django.contrib import messages
@@ -28,9 +29,7 @@ class DatamartChangeList(ChangeList):
 
 
 class DataModelAdmin(ExtraUrlMixin, ModelAdmin):
-    actions = None
-    # load_handler = None
-    list_filter = (SchemaFilter,)
+    actions = [mass_update, ]
 
     def __init__(self, model, admin_site):
         import etools_datamart.apps.etl.tasks.etl as mod
@@ -38,6 +37,14 @@ def __init__(self, model, admin_site):
         self.loaders = [v for v in mod.__dict__.values() if hasattr(v, 'apply_async')]
         super().__init__(model, admin_site)
 
+    def get_list_filter(self, request):
+        if SchemaFilter not in self.list_filter:
+            self.list_filter = (SchemaFilter,) + self.list_filter
+
+        if 'last_modify_date' not in self.list_filter:
+            self.list_filter = self.list_filter + ('last_modify_date',)
+        return self.list_filter
+
     def get_changelist(self, request, **kwargs):
         return DatamartChangeList
 
@@ -78,7 +85,7 @@ def api(self, request):
     def queue(self, request):
         try:
             start = time()
-            self.model._etl_task.delay()
+            self.model.loader.task.delay()
             if settings.CELERY_TASK_ALWAYS_EAGER:  # pragma: no cover
                 stop = time()
                 duration = stop - start
@@ -86,6 +93,7 @@ def queue(self, request):
             else:
                 self.message_user(request, "ETL task scheduled", messages.SUCCESS)
         except Exception as e:  # pragma: no cover
+            process_exception(e)
             self.message_user(request, str(e), messages.ERROR)
         finally:
             return HttpResponseRedirect(reverse(admin_urlname(self.model._meta,
@@ -95,7 +103,7 @@ def queue(self, request):
     def refresh(self, request):
         try:
             start = time()
-            self.model._etl_task.apply()
+            self.model.loader.load()
             stop = time()
             duration = stop - start
             self.message_user(request, "Data loaded in %s" % naturaldelta(duration), messages.SUCCESS)
@@ -110,13 +118,11 @@ def refresh(self, request):
 @register(models.PMPIndicators)
 class PMPIndicatorsAdmin(DataModelAdmin, TruncateTableMixin):
     list_display = ('country_name', 'partner_name', 'partner_type', 'area_code')
-    list_filter = (SchemaFilter,
-                   ('partner_type', AllValuesComboFilter),
+    list_filter = (('partner_type', AllValuesComboFilter),
                    ('pd_ssfa_status', AllValuesComboFilter),
                    )
     search_fields = ('partner_name',)
     date_hierarchy = 'pd_ssfa_creation_date'
-    # load_handler = load_pmp_indicator
 
 
 @register(models.Intervention)
@@ -129,22 +135,19 @@ class InterventionAdmin(DataModelAdmin, TruncateTableMixin):
                    )
     search_fields = ('number', 'title')
     date_hierarchy = 'start_date'
-    # load_handler = load_intervention
 
 
 @register(models.FAMIndicator)
 class FAMIndicatorAdmin(DataModelAdmin):
     list_display = ('country_name', 'schema_name', 'month',)
     list_filter = (SchemaFilter, 'month',)
-    # load_handler = load_fam_indicator
     date_hierarchy = 'month'
 
 
 @register(models.UserStats)
 class UserStatsAdmin(DataModelAdmin):
     list_display = ('country_name', 'schema_name', 'month', 'total', 'unicef', 'logins', 'unicef_logins')
-    list_filter = (SchemaFilter, 'month')
-    # load_handler = load_user_report
+    list_filter = (SchemaFilter, 'month',)
     date_hierarchy = 'month'
 
 
@@ -155,5 +158,15 @@ class HACTAdmin(DataModelAdmin):
                     'programmaticvisits_total',
                     'followup_spotcheck', 'completed_spotcheck',
                     'completed_hact_audits', 'completed_special_audits')
-    list_filter = (SchemaFilter, 'year')
-    # load_handler = load_hact
+    list_filter = (SchemaFilter, 'year', 'last_modify_date')
+
+
+@register(models.GatewayType)
+class GatewayTypeAdmin(DataModelAdmin):
+    list_display = ('country_name', 'schema_name', 'name', 'admin_level', 'source_id')
+
+
+@register(models.Location)
+class LocationAdmin(DataModelAdmin):
+    list_display = ('country_name', 'schema_name', 'name', 'latitude', 'longitude')
+    readonly_fields = ('parent', 'gateway')
diff --git a/src/etools_datamart/apps/data/loader.py b/src/etools_datamart/apps/data/loader.py
new file mode 100644
index 000000000..a81de6009
--- /dev/null
+++ b/src/etools_datamart/apps/data/loader.py
@@ -0,0 +1,265 @@
+import logging
+from inspect import isclass
+
+import celery
+from crashlog.middleware import process_exception
+from django.core.cache import caches
+from django.db import connections, models
+from django.utils import timezone
+from redis.exceptions import LockError
+from strategy_field.utils import get_attr
+
+from etools_datamart.celery import app
+
+loadeable = set()
+locks = caches['lock']
+
+logger = logging.getLogger(__name__)
+
+CREATED = 'created'
+UPDATED = 'updated'
+UNCHANGED = 'unchanged'
+
+
+class EtlResult:
+    __slots__ = [CREATED, UPDATED, UNCHANGED]
+
+    def __init__(self, updated=0, created=0, unchanged=0, **kwargs):
+        self.created = created
+        self.updated = updated
+        self.unchanged = unchanged
+
+    def __repr__(self):
+        return repr(self.as_dict())
+
+    def incr(self, counter):
+        setattr(self, counter, getattr(self, counter) + 1)
+
+    def as_dict(self):
+        return {'created': self.created,
+                'updated': self.updated,
+                'unchanged': self.unchanged}
+
+    def __eq__(self, other):
+        if isinstance(other, EtlResult):
+            other = other.as_dict()
+
+        if isinstance(other, dict):
+            return (self.created == other['created'] and
+                    self.updated == other['updated'] and
+                    self.unchanged == other['unchanged'])
+        return False
+
+
+def is_record_changed(record, values):
+    other = type(record)(**values)
+    for field_name, field_value in values.items():
+        if getattr(record, field_name) != getattr(other, field_name):
+            return True
+    return False
+
+
+DEFAULT_KEY = lambda country, record: dict(country_name=country.name,
+                                           schema_name=country.schema_name,
+                                           source_id=record.pk)
+
+
+class LoaderOptions:
+    __attrs__ = ['mapping', 'celery', 'source',
+                 'queryset', 'key', 'locks',
+                 'depends', 'timeout']
+
+    def __init__(self, base=None):
+        self.mapping = {}
+        self.celery = app
+        self.queryset = None
+        self.source = None
+        self.lock_key = None
+        self.key = DEFAULT_KEY
+        self.timeout = None
+        self.depends = ()
+        if base:
+            for attr in self.__attrs__:
+                if hasattr(base, attr):
+                    if isinstance(getattr(self, attr), (list, tuple)):
+                        n = getattr(self, attr) + getattr(base, attr)
+                        setattr(self, attr, n)
+                    else:
+                        setattr(self, attr, getattr(base, attr, getattr(self, attr)))
+
+        if not self.queryset and self.source:
+            self.queryset = lambda: self.source.objects
+        if not self.lock_key:
+            self.lock_key = f"{self.source}-lock"
+
+    def contribute_to_class(self, model, name):
+        self.model = model
+        setattr(model, name, self)
+
+
+class LoaderTask(celery.Task):
+
+    def __init__(self, loader) -> None:
+        self.loader = loader
+        self.linked_model = loader.model
+        self.name = "load_{0.app_label}_{0.model_name}".format(loader.model._meta)
+
+    def run(self, *args, **kwargs):
+        self.loader.load()
+
+
+def get_or_fail(Model, **kwargs):
+    try:
+        Model.objects.get(**kwargs)
+    except Model.DoesNotExist:
+        raise Model.DoesNotExist(f"Unable to get {Model.__name__} using {kwargs}")
+
+
+class Loader:
+    __slots__ = ['model', 'config', 'mapping', 'task', 'tree_parents', 'always_update']
+
+    def __init__(self) -> None:
+        self.config = None
+        self.tree_parents = []
+        self.always_update = False
+
+    def __repr__(self):
+        return "<%sLoader>" % self.model._meta.object_name
+
+    def contribute_to_class(self, model, name):
+        self.model = model
+        self.config = model._etl_config
+        del model._etl_config
+        if not model._meta.abstract:
+            loadeable.add("{0._meta.app_label}.{0._meta.model_name}".format(model))
+        if self.config.celery:
+            self.task = LoaderTask(self)
+            self.config.celery.tasks.register(self.task)
+
+        setattr(model, name, self)
+
+    def deconstruct(self):
+        return []
+
+    def check(self, **kwargs):
+        return []
+
+    def process(self, filters, values):
+        try:
+            existing, created = self.model.objects.get_or_create(**filters,
+                                                                 defaults=values)
+            if created:
+                op = CREATED
+            else:
+                if self.always_update or is_record_changed(existing, values):
+                    op = UPDATED
+                    self.model.objects.update_or_create(**filters,
+                                                        defaults=values)
+                else:
+                    op = UNCHANGED
+            return op
+        except Exception as e:  # pragma: no cover
+            logger.exception(e)
+            process_exception(e)
+            raise Exception(f"Error in {self}: {e}") from e
+
+    def get_values(self, country, record):
+        ret = {}
+        for k, v in self.mapping.items():
+            if v == '__self__':
+                try:
+                    ret[k] = self.model.objects.get(schema_name=country.schema_name,
+                                                    source_id=getattr(record, k).id)
+                except AttributeError:
+                    ret[k] = None
+                except self.model.DoesNotExist:
+                    ret[k] = None
+                    self.tree_parents.append((record.id, getattr(record, k).id))
+
+            elif isclass(v) and issubclass(v, models.Model):
+                try:
+                    ret[k] = v.objects.get(schema_name=country.schema_name,
+                                           source_id=getattr(record, k).id)
+                except AttributeError:
+                    pass
+            elif callable(v):
+                ret[k] = v(country, record)
+            else:
+                ret[k] = get_attr(record, v)
+        return ret
+
+    def process_post_country(self, country, context):
+        for mart, etools in self.tree_parents:
+            kk = self.model.objects.get(schema_name=country.schema_name,
+                                        source_id=mart)
+            kk.parent = self.model.objects.get(schema_name=country.schema_name,
+                                               source_id=etools)
+            kk.save()
+        self.tree_parents = []
+
+    def process_country(self, results: EtlResult, country, context) -> EtlResult:
+        qs = self.config.queryset()
+        stdout = context['stdout']
+        for record in qs.all():
+            filters = self.config.key(country, record)
+            values = self.get_values(country, record)
+            op = self.process(filters, values)
+            results.incr(op)
+            if stdout:
+                stdout.write('.')
+                stdout.flush()
+        return results
+
+    def get_context(self, **kwargs):
+        context = {}
+        context.update(kwargs)
+        return context
+
+    def unlock(self):
+        try:
+            lock = locks.lock(self.config.lock_key, timeout=self.config.timeout)
+            locks.delete(self.config.lock_key)
+            lock.release()
+        except LockError:
+            pass
+
+    def load(self, verbosity=0, always_update=False, stdout=None, ignore_dependencies=False):
+        have_lock = False
+        results = EtlResult()
+        lock = locks.lock(self.config.lock_key, timeout=self.config.timeout)
+        try:
+            have_lock = lock.acquire(blocking=False)
+            if have_lock:
+                if not ignore_dependencies:
+                    for dependency in self.config.depends:
+                        dependency.loader.load(stdout=stdout)
+                self.always_update = always_update
+                connection = connections['etools']
+                countries = connection.get_tenants()
+                if self.config.mapping:
+                    self.mapping = {}
+                    mart_fields = self.model._meta.concrete_fields
+                    for field in mart_fields:
+                        if field.name not in ['country_name', 'schema_name', 'area_code',
+                                              'id', 'last_modify_date']:
+                            self.mapping[field.name] = field.name
+                    self.mapping.update(self.config.mapping)
+
+                context = self.get_context(today=timezone.now(),
+                                           stdout=stdout)
+
+                for country in countries:
+                    if stdout:
+                        stdout.write(f"{country}\n")
+                    connection.set_schemas([country.schema_name])
+                    self.process_country(results, country, context)
+                    self.process_post_country(country, context)
+                    if stdout:
+                        stdout.write("\n")
+        finally:
+            if have_lock:
+                try:
+                    lock.release()
+                except LockError as e:  # pragma: no cover
+                    logger.warning(e)
+        return results
diff --git a/src/etools_datamart/apps/data/management/__init__.py b/src/etools_datamart/apps/data/management/__init__.py
new file mode 100644
index 000000000..e69de29bb
diff --git a/src/etools_datamart/apps/data/management/commands/__init__.py b/src/etools_datamart/apps/data/management/commands/__init__.py
new file mode 100644
index 000000000..e69de29bb
diff --git a/src/etools_datamart/apps/data/management/commands/load.py b/src/etools_datamart/apps/data/management/commands/load.py
new file mode 100644
index 000000000..29b100993
--- /dev/null
+++ b/src/etools_datamart/apps/data/management/commands/load.py
@@ -0,0 +1,64 @@
+# -*- coding: utf-8 -*-
+import logging
+import sys
+
+from django.apps import apps
+from django.core.management import BaseCommand
+
+from etools_datamart.apps.data.loader import loadeable
+
+logger = logging.getLogger(__name__)
+
+
+class Command(BaseCommand):
+    args = ''
+    help = ''
+    requires_system_checks = False
+    requires_migrations_checks = False
+    output_transaction = False  # Whether to wrap the output in a "BEGIN; COMMIT;"
+
+    def add_arguments(self, parser):
+        parser.add_argument('args',
+                            metavar='models', nargs='*', help='One or more application label.')
+        parser.add_argument(
+            '--all', action='store_true',
+            help="Run all loaders.",
+        )
+        parser.add_argument(
+            '--ignore-changes', action='store_true',
+            help="Run all loaders.",
+        )
+        parser.add_argument(
+            '--unlock', action='store_true',
+            help="Unlock all loaders.",
+        )
+
+    def notify(self, model, created, name, tpl="  {op} {model} `{name}`"):
+        if self.verbosity > 2:
+            op = {True: "Created", False: "Updated"}[created]
+            self.stdout.write(tpl.format(op=op, model=model, name=name))
+        elif self.verbosity > 1:
+            self.stdout.write('.', ending='')
+
+    def handle(self, *model_names, **options):
+        self.verbosity = options['verbosity']
+        _all = options['all']
+        unlock = options['unlock']
+        if _all:
+            model_names = sorted(list(loadeable))
+
+        if not model_names:
+            for model_name in sorted(list(loadeable)):
+                self.stdout.write(model_name)
+        else:
+            for model_name in model_names:
+                model = apps.get_model(model_name)
+                if unlock:
+                    model.loader.load.unlock()
+                res = model.loader.load(always_update=options['ignore_changes'],
+                                        stdout=sys.stdout)
+                self.stdout.write(f"{model_name:20}: "
+                                  f"  created: {res.created:<3}"
+                                  f"  updated: {res.updated:<3}"
+                                  f"  unchanged: {res.unchanged:<3}\n"
+                                  )
diff --git a/src/etools_datamart/apps/data/migrations/0001_initial.py b/src/etools_datamart/apps/data/migrations/0001_initial.py
index 265e724c9..3754382d3 100644
--- a/src/etools_datamart/apps/data/migrations/0001_initial.py
+++ b/src/etools_datamart/apps/data/migrations/0001_initial.py
@@ -1,6 +1,8 @@
-# Generated by Django 2.1.4 on 2018-12-18 20:43
+# Generated by Django 2.1.4 on 2018-12-20 10:37
 
+import django.contrib.gis.db.models.fields
 import django.contrib.postgres.fields.jsonb
+import django.db.models.deletion
 import month_field.models
 from django.db import migrations, models
 
@@ -44,6 +46,22 @@ class Migration(migrations.Migration):
                 'ordering': ('month', 'country_name'),
             },
         ),
+        migrations.CreateModel(
+            name='GatewayType',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('country_name', models.CharField(db_index=True, max_length=50)),
+                ('area_code', models.CharField(db_index=True, max_length=10)),
+                ('schema_name', models.CharField(db_index=True, max_length=50)),
+                ('last_modify_date', models.DateTimeField(auto_now=True)),
+                ('name', models.CharField(max_length=64, unique=True)),
+                ('admin_level', models.SmallIntegerField(blank=True, null=True, unique=True)),
+                ('source_id', models.IntegerField(blank=True, null=True)),
+            ],
+            options={
+                'abstract': False,
+            },
+        ),
         migrations.CreateModel(
             name='HACT',
             fields=[
@@ -119,6 +137,35 @@ class Migration(migrations.Migration):
                 'ordering': ('country_name', 'title'),
             },
         ),
+        migrations.CreateModel(
+            name='Location',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('country_name', models.CharField(db_index=True, max_length=50)),
+                ('area_code', models.CharField(db_index=True, max_length=10)),
+                ('schema_name', models.CharField(db_index=True, max_length=50)),
+                ('last_modify_date', models.DateTimeField(auto_now=True)),
+                ('name', models.CharField(max_length=254)),
+                ('latitude', models.FloatField(blank=True, null=True)),
+                ('longitude', models.FloatField(blank=True, null=True)),
+                ('p_code', models.CharField(max_length=32)),
+                ('point', django.contrib.gis.db.models.fields.PointField(blank=True, null=True, srid=4326)),
+                ('geom', django.contrib.gis.db.models.fields.MultiPolygonField(blank=True, null=True, srid=4326)),
+                ('level', models.IntegerField()),
+                ('lft', models.IntegerField()),
+                ('rght', models.IntegerField()),
+                ('tree_id', models.IntegerField()),
+                ('created', models.DateTimeField()),
+                ('modified', models.DateTimeField()),
+                ('is_active', models.BooleanField()),
+                ('source_id', models.IntegerField(blank=True, null=True)),
+                ('gateway', models.ForeignKey(on_delete=django.db.models.deletion.DO_NOTHING, to='data.GatewayType')),
+                ('parent', models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.DO_NOTHING, to='data.Location')),
+            ],
+            options={
+                'abstract': False,
+            },
+        ),
         migrations.CreateModel(
             name='PMPIndicators',
             fields=[
diff --git a/src/etools_datamart/apps/data/migrations/0002_auto_20181220_1044.py b/src/etools_datamart/apps/data/migrations/0002_auto_20181220_1044.py
new file mode 100644
index 000000000..2467289bb
--- /dev/null
+++ b/src/etools_datamart/apps/data/migrations/0002_auto_20181220_1044.py
@@ -0,0 +1,18 @@
+# Generated by Django 2.1.4 on 2018-12-20 10:44
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('data', '0001_initial'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='gatewaytype',
+            name='name',
+            field=models.CharField(db_index=True, max_length=64),
+        ),
+    ]
diff --git a/src/etools_datamart/apps/data/migrations/0003_auto_20181220_1102.py b/src/etools_datamart/apps/data/migrations/0003_auto_20181220_1102.py
new file mode 100644
index 000000000..ad311b567
--- /dev/null
+++ b/src/etools_datamart/apps/data/migrations/0003_auto_20181220_1102.py
@@ -0,0 +1,22 @@
+# Generated by Django 2.1.4 on 2018-12-20 11:02
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('data', '0002_auto_20181220_1044'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='gatewaytype',
+            name='admin_level',
+            field=models.SmallIntegerField(blank=True, null=True),
+        ),
+        migrations.AlterUniqueTogether(
+            name='gatewaytype',
+            unique_together={('schema_name', 'admin_level'), ('schema_name', 'name')},
+        ),
+    ]
diff --git a/src/etools_datamart/apps/data/models/__init__.py b/src/etools_datamart/apps/data/models/__init__.py
index 1c4c1109f..727ca8012 100644
--- a/src/etools_datamart/apps/data/models/__init__.py
+++ b/src/etools_datamart/apps/data/models/__init__.py
@@ -3,3 +3,4 @@
 from .fam import FAMIndicator  # noqa
 from .user import UserStats  # noqa
 from .hact import HACT  # noqa
+from .location import GatewayType, Location  # noqa
diff --git a/src/etools_datamart/apps/data/models/base.py b/src/etools_datamart/apps/data/models/base.py
index b814a8c68..1a938ceb0 100644
--- a/src/etools_datamart/apps/data/models/base.py
+++ b/src/etools_datamart/apps/data/models/base.py
@@ -2,8 +2,11 @@
 from django.contrib.contenttypes.models import ContentType
 from django.db import models
 from django.db.models import QuerySet
+from django.db.models.base import ModelBase
 from django.db.models.manager import BaseManager
 
+from etools_datamart.apps.data.loader import Loader, LoaderOptions
+
 
 class DataMartQuerySet(QuerySet):
 
@@ -14,12 +17,42 @@ def filter_schemas(self, *schemas):
 
 
 class DataMartManager(BaseManager.from_queryset(DataMartQuerySet)):
-    pass
-    # def truncate(self):
-    #     self.raw('TRUNCATE TABLE {0}'.format(self.model._meta.db_table))
+
+    def truncate(self):
+        self.raw('TRUNCATE TABLE {0}'.format(self.model._meta.db_table))
+
+
+class DataMartModelBase(ModelBase):
+    def __new__(cls, name, bases, attrs, **kwargs):
+        super_new = super().__new__
+        parents = [b for b in bases if isinstance(b, DataMartModelBase)]
+        if not parents:
+            return super_new(cls, name, bases, attrs)
+        loader = attrs.pop('loader', None)
+        config = attrs.pop('Options', None)
+
+        new_class = super_new(cls, name, bases, attrs, **kwargs)
+        if not loader:  # no custom loader use default
+            loader = Loader()
+        base_config = getattr(new_class, '_etl_config', None)
+
+        if not config:
+            config = LoaderOptions(base_config)
+        else:
+            config = LoaderOptions(config)
+
+        new_class.add_to_class('_etl_config', config)
+        new_class.add_to_class('loader', loader)
+        #
+        # attr_meta = attrs.get('Meta', None)
+        # attr_loader = attrs.get('Loader', None)
+        # loader = attr_meta or getattr(new_class, 'Meta', None)
+        # base_meta = getattr(new_class, '_meta', None)
+
+        return new_class
 
 
-class DataMartModel(models.Model):
+class DataMartModel(models.Model, metaclass=DataMartModelBase):
     country_name = models.CharField(max_length=50, db_index=True)
     area_code = models.CharField(max_length=10, db_index=True)
     schema_name = models.CharField(max_length=50, db_index=True)
diff --git a/src/etools_datamart/apps/data/models/fam.py b/src/etools_datamart/apps/data/models/fam.py
index c4445a04b..86cfdb9a2 100644
--- a/src/etools_datamart/apps/data/models/fam.py
+++ b/src/etools_datamart/apps/data/models/fam.py
@@ -1,7 +1,37 @@
 from django.db import models
 from month_field.models import MonthField
 
+from etools_datamart.apps.data.loader import EtlResult, Loader
 from etools_datamart.apps.data.models.base import DataMartModel
+from etools_datamart.apps.etools.models import (AuditAudit, AuditEngagement, AuditMicroassessment,
+                                                AuditSpecialaudit, AuditSpotcheck,)
+
+
+class FAMIndicatorLoader(Loader):
+
+    def process_country(self, results: EtlResult, country, context):
+        engagements = (AuditSpotcheck, AuditAudit, AuditSpecialaudit, AuditMicroassessment)
+        start_date = context['today'].date()
+        for model in engagements:
+            realname = "_".join(model._meta.db_table.split('_')[1:])
+            values = {}
+            for status, status_display in AuditEngagement.STATUSES:
+                filter_dict = {
+                    'engagement_ptr__status': status,
+                    'engagement_ptr__start_date__month': start_date.month,
+                    'engagement_ptr__start_date__year': start_date.year,
+                }
+                field_name = f"{realname}_{status_display}".replace(" ", "_").lower()
+                value = model.objects.filter(**filter_dict).count()
+                values[field_name] = value
+            op = self.process(filters=dict(month=start_date,
+                                           country_name=country.name,
+                                           area_code=country.business_area_code,
+                                           schema_name=country.schema_name),
+                              values=values)
+            results.incr(op)
+
+        return results
 
 
 class FAMIndicator(DataMartModel):
@@ -28,3 +58,5 @@ class Meta:
         ordering = ('month', 'country_name')
         unique_together = ('month', 'country_name')
         verbose_name = "FAM Indicator"
+
+    loader = FAMIndicatorLoader()
diff --git a/src/etools_datamart/apps/data/models/hact.py b/src/etools_datamart/apps/data/models/hact.py
index b0615b667..c5dde2627 100644
--- a/src/etools_datamart/apps/data/models/hact.py
+++ b/src/etools_datamart/apps/data/models/hact.py
@@ -1,6 +1,35 @@
+import json
+
 from django.db import models
+from django.utils import timezone
 
+from etools_datamart.apps.data.loader import EtlResult, Loader
 from etools_datamart.apps.data.models.base import DataMartModel
+from etools_datamart.apps.etools.models import HactAggregatehact
+
+
+class HACTLoader(Loader):
+    def process_country(self, results: EtlResult, country, context):
+        today = timezone.now()
+        aggregate = HactAggregatehact.objects.get(year=today.year)
+        data = json.loads(aggregate.partner_values)
+
+        # # Total number of completed Microassessments in the business area in the past year
+        values = dict(microassessments_total=data['assurance_activities']['micro_assessment'],
+                      programmaticvisits_total=data['assurance_activities']['programmatic_visits']['completed'],
+                      followup_spotcheck=data['assurance_activities']['spot_checks']['follow_up'],
+                      completed_spotcheck=data['assurance_activities']['spot_checks']['completed'],
+                      completed_hact_audits=data['assurance_activities']['scheduled_audit'],
+                      completed_special_audits=data['assurance_activities']['special_audit'],
+                      )
+        op = self.process(filters=dict(year=today.year,
+                                       area_code=country.business_area_code,
+                                       country_name=country.name,
+                                       schema_name=country.schema_name),
+                          values=values)
+        results.incr(op)
+
+        return results
 
 
 class HACT(DataMartModel):
@@ -18,6 +47,8 @@ class HACT(DataMartModel):
     completed_special_audits = models.IntegerField(default=0,
                                                    help_text="Total number of completed special audits for the workspace. ")
 
+    loader = HACTLoader()
+
     class Meta:
         ordering = ('year', 'country_name')
         unique_together = ('year', 'country_name')
diff --git a/src/etools_datamart/apps/data/models/intervention.py b/src/etools_datamart/apps/data/models/intervention.py
index ccd9bcb3d..bed13f50c 100644
--- a/src/etools_datamart/apps/data/models/intervention.py
+++ b/src/etools_datamart/apps/data/models/intervention.py
@@ -5,6 +5,7 @@
 from django.db import models
 
 from etools_datamart.apps.data.models.base import DataMartModel
+from etools_datamart.apps.etools.models import PartnersIntervention
 
 logger = logging.getLogger(__name__)
 
@@ -59,3 +60,37 @@ class Intervention(DataMartModel):
     class Meta:
         ordering = ('country_name', 'title')
         verbose_name = "Intervention"
+
+    class Options:
+        source = PartnersIntervention
+        queryset = lambda: PartnersIntervention.objects.select_related('agreement',
+                                                                       'partner_authorized_officer_signatory',
+                                                                       'unicef_signatory',
+                                                                       'country_programme',
+                                                                       )
+        key = lambda country, record: dict(country_name=country.name,
+                                           schema_name=country.schema_name,
+                                           area_code=country.business_area_code,
+                                           intervention_id=record.pk)
+        mapping = dict(start_date='start',
+                       end_date='end',
+                       partner_name='agreement.partner.name',
+                       partner_authorized_officer_signatory_id='partner_authorized_officer_signatory.pk',
+                       country_programme_id='country_programme.pk',
+                       intervention_id='pk',
+                       unicef_signatory_id='unicef_signatory.pk',
+                       unicef_signatory_first_name='unicef_signatory.first_name',
+                       unicef_signatory_last_name='unicef_signatory.last_name',
+                       unicef_signatory_email='unicef_signatory.email',
+
+                       partner_signatory_title='partner_authorized_officer_signatory.title',
+                       partner_signatory_first_name='partner_authorized_officer_signatory.first_name',
+                       partner_signatory_last_name='partner_authorized_officer_signatory.last_name',
+                       partner_signatory_email='partner_authorized_officer_signatory.email',
+                       partner_signatory_phone='partner_authorized_officer_signatory.phone',
+                       partner_focal_point_title='partner_focal_point.title',
+                       partner_focal_point_first_name='partner_focal_point.first_name',
+                       partner_focal_point_last_name='partner_focal_point.last_name',
+                       partner_focal_point_email='partner_focal_point.email',
+                       partner_focal_point_phone='partner_focal_point.phone',
+                       updated='modified')
diff --git a/src/etools_datamart/apps/data/models/location.py b/src/etools_datamart/apps/data/models/location.py
new file mode 100644
index 000000000..a560e6400
--- /dev/null
+++ b/src/etools_datamart/apps/data/models/location.py
@@ -0,0 +1,51 @@
+from django.contrib.gis.db.models import MultiPolygonField, PointField
+from django.db import models
+
+from etools_datamart.apps.data.models.base import DataMartModel
+from etools_datamart.apps.etools.models import LocationsGatewaytype, LocationsLocation
+
+
+class GatewayType(DataMartModel):
+    name = models.CharField(db_index=True, max_length=64)
+    admin_level = models.SmallIntegerField(blank=True, null=True)
+    source_id = models.IntegerField(blank=True, null=True)
+
+    class Meta:
+        unique_together = ('schema_name', 'name'), ('schema_name', 'admin_level')
+
+    class Options:
+        source = LocationsGatewaytype
+        mapping = {'source_id': 'id',
+                   'area_code': lambda country, record: country.business_area_code,
+                   }
+
+
+class Location(DataMartModel):
+    name = models.CharField(max_length=254)
+    latitude = models.FloatField(blank=True, null=True)
+    longitude = models.FloatField(blank=True, null=True)
+    p_code = models.CharField(max_length=32)
+    point = PointField(blank=True, null=True)
+    gateway = models.ForeignKey(GatewayType, models.DO_NOTHING)
+    geom = MultiPolygonField(blank=True, null=True)
+    level = models.IntegerField()
+    lft = models.IntegerField()
+    parent = models.ForeignKey('self', models.DO_NOTHING, blank=True, null=True)
+    rght = models.IntegerField()
+    tree_id = models.IntegerField()
+    created = models.DateTimeField()
+    modified = models.DateTimeField()
+    is_active = models.BooleanField()
+
+    source_id = models.IntegerField(blank=True, null=True)
+
+    class Options:
+        depends = (GatewayType,)
+        # source = LocationsLocation
+        queryset = lambda: LocationsLocation.objects.order_by('-parent')
+
+        mapping = {'source_id': 'id',
+                   'area_code': lambda country, record: country.business_area_code,
+                   'parent': '__self__',
+                   'gateway': GatewayType
+                   }
diff --git a/src/etools_datamart/apps/data/models/pmp.py b/src/etools_datamart/apps/data/models/pmp.py
index 560f5457d..0e78beb7e 100644
--- a/src/etools_datamart/apps/data/models/pmp.py
+++ b/src/etools_datamart/apps/data/models/pmp.py
@@ -2,12 +2,65 @@
 import logging
 
 from django.db import models
+from django.db.models import Sum
+from django.db.models.functions import Coalesce
 
+from etools_datamart.apps.data.loader import Loader
 from etools_datamart.apps.data.models.base import DataMartModel
+from etools_datamart.apps.etools.models import PartnersIntervention, PartnersPartnerorganization
 
 logger = logging.getLogger(__name__)
 
 
+class PMPIndicatorLoader(Loader):
+    def process_country(self, results, country, context):
+        for partner in PartnersPartnerorganization.objects.all():
+            for intervention in PartnersIntervention.objects.filter(agreement__partner=partner):
+                planned_budget = getattr(intervention,
+                                         'partnersintervention_partners_interventionbudget_intervention_id', None)
+                fr_currencies = intervention.frs.all().values_list('currency', flat=True).distinct()
+                has_assessment = bool(getattr(partner.current_core_value_assessment, 'assessment', False))
+                values = {'country_name': country.name,
+                          'schema_name': country.schema_name,
+                          'area_code': country.business_area_code,
+                          'partner_name': partner.name,
+                          'partner_type': partner.cso_type,
+                          'vendor_number': partner.vendor_number,
+
+                          'pd_ssfa_ref': intervention.number.replace(',', '-'),
+                          'pd_ssfa_status': intervention.status.title(),
+                          'pd_ssfa_start_date': intervention.start,
+                          'pd_ssfa_creation_date': intervention.created,
+                          'pd_ssfa_end_date': intervention.end,
+
+                          'cash_contribution': intervention.total_unicef_cash or 0,
+                          'supply_contribution': intervention.total_in_kind_amount or 0,
+                          'total_budget': intervention.total_budget or 0,
+                          'unicef_budget': intervention.total_unicef_budget or 0,
+
+                          'currency': intervention.planned_budget.currency if planned_budget else '-',
+                          'partner_contribution': intervention.planned_budget.partner_contribution if planned_budget else '-',
+                          'unicef_cash': intervention.planned_budget.unicef_cash if planned_budget else '-',
+                          'in_kind_amount': intervention.planned_budget.in_kind_amount if planned_budget else '-',
+                          'total': intervention.planned_budget.total if planned_budget else '-',
+                          'fr_numbers_against_pd_ssfa': ' - '.join([fh.fr_number for fh in intervention.frs.all()]),
+                          'fr_currencies': ', '.join(fr for fr in fr_currencies),
+                          'sum_of_all_fr_planned_amount': intervention.frs.aggregate(
+                              total=Coalesce(Sum('intervention_amt'), 0))[
+                              'total'] if fr_currencies.count() <= 1 else '-',
+                          'core_value_attached': has_assessment,
+                          # 'partner_link': '{}/pmp/partners/{}/details'.format(base_url, partner.pk),
+                          # 'intervention_link': '{}/pmp/interventions/{}/details'.format(base_url, intervention.pk),
+                          }
+                op = self.process(filters=dict(country_name=country.name,
+                                               schema_name=country.schema_name,
+                                               partner_id=partner.pk,
+                                               intervention_id=intervention.pk),
+                                  values=values)
+                results.incr(op)
+        return results
+
+
 class PMPIndicators(DataMartModel):
     vendor_number = models.CharField(max_length=255, null=True, db_index=True)
 
@@ -48,3 +101,9 @@ class PMPIndicators(DataMartModel):
     class Meta:
         ordering = ('country_name', 'partner_name')
         verbose_name = "PMP Indicator"
+
+    loader = PMPIndicatorLoader()
+
+    class Options:
+        source = PartnersPartnerorganization
+        mapping = None
diff --git a/src/etools_datamart/apps/data/models/user.py b/src/etools_datamart/apps/data/models/user.py
index c9a239918..4e6557250 100644
--- a/src/etools_datamart/apps/data/models/user.py
+++ b/src/etools_datamart/apps/data/models/user.py
@@ -1,7 +1,38 @@
+from datetime import datetime
+
 from django.db import models
 from month_field.models import MonthField
 
+from etools_datamart.apps.data.loader import EtlResult, Loader
 from etools_datamart.apps.data.models.base import DataMartModel
+from etools_datamart.apps.etools.models import AuthUser
+
+
+class UserStatsLoader(Loader):
+    def get_context(self, **kwargs):
+        today = kwargs['today']
+        context = {'first_of_month': datetime(today.year, today.month, 1)}
+        context.update(kwargs)
+        return context
+
+    def process_country(self, results: EtlResult, country, context):
+        first_of_month = context['first_of_month']
+        base = AuthUser.objects.filter(profile__country=country)
+        values = {
+            'total': base.count(),
+            'unicef': base.filter(email__endswith='@unicef.org').count(),
+            'logins': base.filter(
+                last_login__month=first_of_month.month).count(),
+            'unicef_logins': base.filter(
+                last_login__month=first_of_month.month,
+                email__endswith='@unicef.org').count(),
+        }
+        op = self.process(filters=dict(month=first_of_month,
+                                       country_name=country.name,
+                                       schema_name=country.schema_name, ),
+                          values=values)
+        results.incr(op)
+        return results
 
 
 class UserStats(DataMartModel):
@@ -15,3 +46,5 @@ class Meta:
         ordering = ('-month', 'country_name')
         unique_together = ('country_name', 'month')
         verbose_name = "User Access Statistics"
+
+    loader = UserStatsLoader()
diff --git a/src/etools_datamart/apps/etl/lock.py b/src/etools_datamart/apps/etl/lock.py
index 964e62ea3..6dd32aa4c 100644
--- a/src/etools_datamart/apps/etl/lock.py
+++ b/src/etools_datamart/apps/etl/lock.py
@@ -1,6 +1,6 @@
 # -*- coding: utf-8 -*-
 import logging
-from functools import partial, wraps
+from functools import wraps
 
 from django.core.cache import caches
 from redis.exceptions import LockError
@@ -52,5 +52,5 @@ def _caller(*args, **kwargs):
 
         return _caller
 
-    function.unlock = partial(_unlock, key)
+    # function.unlock = partial(_unlock, key)
     return _dec(function) if function is not None else _dec
diff --git a/src/etools_datamart/apps/etl/migrations/0001_initial.py b/src/etools_datamart/apps/etl/migrations/0001_initial.py
index 13f136c3c..936dcfcbd 100644
--- a/src/etools_datamart/apps/etl/migrations/0001_initial.py
+++ b/src/etools_datamart/apps/etl/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-18 20:43
+# Generated by Django 2.1.4 on 2018-12-20 10:37
 
 import django.contrib.postgres.fields.jsonb
 import django.db.models.deletion
diff --git a/src/etools_datamart/apps/etl/models.py b/src/etools_datamart/apps/etl/models.py
index 659a81384..0eba4d59a 100644
--- a/src/etools_datamart/apps/etl/models.py
+++ b/src/etools_datamart/apps/etl/models.py
@@ -6,7 +6,7 @@
 from django_celery_beat.models import PeriodicTask
 
 from etools_datamart.apps.data.models.base import DataMartModel
-from etools_datamart.celery import app, ETLTask
+from etools_datamart.celery import app
 
 
 class TaskLogManager(models.Manager):
@@ -19,11 +19,11 @@ def get_for_model(self, model: DataMartModel):
         except EtlTask.DoesNotExist:
             raise EtlTask.DoesNotExist(f"EtlTask for model '{model.__name__}' does not exists")
 
-    def get_for_task(self, task: ETLTask):
-        return self.get_or_create(task=task.name,
-                                  defaults=dict(content_type=ContentType.objects.get_for_model(task.linked_model),
-                                                last_run=None,
-                                                table_name=task.linked_model._meta.db_table))[0]
+    # def get_for_task(self, task: ETLTask):
+    #     return self.get_or_create(task=task.name,
+    #                               defaults=dict(content_type=ContentType.objects.get_for_model(task.linked_model),
+    #                                             last_run=None,
+    #                                             table_name=task.linked_model._meta.db_table))[0]
 
     def inspect(self):
         tasks = app.get_all_etls()
diff --git a/src/etools_datamart/apps/etl/results.py b/src/etools_datamart/apps/etl/results.py
index 508e6194b..63f5b7bd1 100644
--- a/src/etools_datamart/apps/etl/results.py
+++ b/src/etools_datamart/apps/etl/results.py
@@ -1,51 +1,57 @@
 import json
+#
+from json.decoder import WHITESPACE
 
 from rest_framework.utils import encoders
 
-CREATED = 'created'
-UPDATED = 'updated'
-UNCHANGED = 'unchanged'
-
-
-class EtlResult:
-    __slots__ = [CREATED, UPDATED, UNCHANGED]
-
-    def __init__(self, updated=0, created=0, unchanged=0, **kwargs):
-        self.created = created
-        self.updated = updated
-        self.unchanged = unchanged
-
-    def __repr__(self):
-        return repr(self.as_dict())
-
-    def incr(self, counter):
-        setattr(self, counter, getattr(self, counter) + 1)
-
-    def as_dict(self):
-        return {'created': self.created,
-                'updated': self.updated,
-                'unchanged': self.unchanged}
 
-    def __eq__(self, other):
-        if isinstance(other, EtlResult):
-            other = other.as_dict()
-
-        if isinstance(other, dict):
-            return (self.created == other['created'] and
-                    self.updated == other['updated'] and
-                    self.unchanged == other['unchanged'])
-        return False
-
-
-# class EtlDecoder(json.JSONDecoder):
+# CREATED = 'created'
+# UPDATED = 'updated'
+# UNCHANGED = 'unchanged'
+#
+#
+# class EtlResult:
+#     __slots__ = [CREATED, UPDATED, UNCHANGED]
+#
+#     def __init__(self, updated=0, created=0, unchanged=0, **kwargs):
+#         self.created = created
+#         self.updated = updated
+#         self.unchanged = unchanged
 #
-#     def decode(self, s, _w=WHITESPACE.match):
-#         return super().decode(s, _w)
+#     def __repr__(self):
+#         return repr(self.as_dict())
 #
+#     def incr(self, counter):
+#         setattr(self, counter, getattr(self, counter) + 1)
+#
+#     def as_dict(self):
+#         return {'created': self.created,
+#                 'updated': self.updated,
+#                 'unchanged': self.unchanged}
+#
+#     def __eq__(self, other):
+#         # FIXME: pdb
+#         import pdb; pdb.set_trace()
+#         if isinstance(other, EtlResult):
+#             other = other.as_dict()
+#
+#         if isinstance(other, dict):
+#             return (self.created == other['created'] and
+#                     self.updated == other['updated'] and
+#                     self.unchanged == other['unchanged'])
+#         return False
+#
+#
+class EtlDecoder(json.JSONDecoder):
+
+    def decode(self, s, _w=WHITESPACE.match):
+        return super().decode(s, _w)
+
 
 class EtlEncoder(encoders.JSONEncoder):
 
     def default(self, obj):
+        from etools_datamart.apps.data.loader import EtlResult
         if isinstance(obj, EtlResult):
             return {
                 '__type__': '__EtlResult__',
@@ -53,19 +59,23 @@ def default(self, obj):
             }
         return super(EtlEncoder, self).default(obj)
 
-#
-# def etl_decoder(obj):
-#     if '__type__' in obj:
-#         if obj['__type__'] == '__EtlResult__':
-#             return EtlResult(**obj)
-#     return obj
+
+def etl_decoder(obj):
+    if '__type__' in obj:
+        if obj['__type__'] == '__EtlResult__':
+            from etools_datamart.apps.data.loader import EtlResult
+            return EtlResult(**obj['data'])
+    return obj
 
 
+#
 # Encoder function
 def etl_dumps(obj):
     return json.dumps(obj, cls=EtlEncoder)
 
+
+#
 #
 # # Decoder function
-# def etl_loads(obj):
-#     return json.loads(obj, cls=EtlDecoder, object_hook=etl_decoder)
+def etl_loads(obj):
+    return json.loads(obj, cls=EtlDecoder, object_hook=etl_decoder)
diff --git a/src/etools_datamart/apps/etl/tasks/etl.py b/src/etools_datamart/apps/etl/tasks/etl.py
index ed56e5508..2f15e264c 100644
--- a/src/etools_datamart/apps/etl/tasks/etl.py
+++ b/src/etools_datamart/apps/etl/tasks/etl.py
@@ -1,404 +1,404 @@
-# -*- coding: utf-8 -*-
-import json
-import logging
-from datetime import date, datetime
-
-from crashlog.middleware import process_exception
-from django.db import connections
-from django.db.models import Sum
-from django.db.models.functions import Coalesce
-from django.utils import timezone
-from strategy_field.utils import get_attr
-
-from etools_datamart.apps.data.models import HACT, Intervention, PMPIndicators
-from etools_datamart.apps.data.models.fam import FAMIndicator
-from etools_datamart.apps.data.models.user import UserStats
-from etools_datamart.apps.etl.results import CREATED, EtlResult, UNCHANGED, UPDATED
-from etools_datamart.apps.etools.models import (AuditAudit, AuditEngagement, AuditMicroassessment,
-                                                AuditSpecialaudit, AuditSpotcheck, AuthUser, HactAggregatehact,
-                                                PartnersIntervention, PartnersPartnerorganization,)
-from etools_datamart.celery import app
-
-logger = logging.getLogger(__name__)
-
-__all__ = ["load_hact", "load_user_report", "load_fam_indicator",
-           "load_pmp_indicator", "load_intervention"]
-
-
-def is_record_changed(record, values):
-    other = type(record)(**values)
-    for field_name, field_value in values.items():
-        if getattr(record, field_name) != getattr(other, field_name):
-            return True
-    return False
-
-
-def process(Model, filters, values):
-    try:
-        existing, created = Model.objects.get_or_create(**filters,
-                                                        defaults=values)
-        if created:
-            op = CREATED
-        else:
-            if is_record_changed(existing, values):
-                op = UPDATED
-                Model.objects.update_or_create(**filters,
-                                               defaults=values)
-            else:
-                op = UNCHANGED
-        return op
-    except Exception as e:  # pragma: no cover
-        logging.exception(e)
-        process_exception(e)
-        raise
-
-
-@app.etl(HACT)
-def load_hact():
-    connection = connections['etools']
-    countries = connection.get_tenants()
-    today = timezone.now()
-    results = EtlResult()
-    for country in countries:
-        connection.set_schemas([country.schema_name])
-
-        logger.info(u'Running on %s' % country.name)
-        aggregate = HactAggregatehact.objects.get(year=today.year)
-        data = json.loads(aggregate.partner_values)
-
-        # PartnersPartnerorganization.objects.hact_active()
-        # qs = PartnersPartnerorganization.objects.filter(Q(reported_cy__gt=0) | Q(total_ct_cy__gt=0), hidden=False)
-        # values = dict(microassessments_total=0,
-        #               programmaticvisits_total=0,
-        #               followup_spotcheck=0,
-        #               completed_hact_audits=0,
-        #               completed_special_audits=0,
-        #               )
-        # for partner in qs.all():
-        #     values['microassessments_total'] += AuditEngagement.objects.filter(
-        #         engagement_type=AuditEngagement.TYPE_MICRO_ASSESSMENT,
-        #         status=AuditEngagement.FINAL, date_of_draft_report_to_unicef__year=datetime.now().year).count()
-        #
-        #     values['programmaticvisits_total'] += partner.hact_values['programmatic_visits']['completed']['total']
-        #     values['followup_spotcheck'] = qs.aggregate(total=Coalesce(Sum(
-        #         'planned_engagement__spot_check_follow_up'), 0))['total']
-        #
-        #     # completed_hact_audits = ?
-        #     values['completed_special_audits'] += AuditEngagement.objects.filter(
-        #         engagement_type=AuditEngagement.TYPE_SPECIAL_AUDIT,
-        #         status=AuditEngagement.FINAL, date_of_draft_report_to_unicef__year=datetime.now().year).count()
-
-        # # Total number of completed Microassessments in the business area in the past year
-        values = dict(microassessments_total=data['assurance_activities']['micro_assessment'],
-                      programmaticvisits_total=data['assurance_activities']['programmatic_visits']['completed'],
-                      followup_spotcheck=data['assurance_activities']['spot_checks']['follow_up'],
-                      completed_spotcheck=data['assurance_activities']['spot_checks']['completed'],
-                      completed_hact_audits=data['assurance_activities']['scheduled_audit'],
-                      completed_special_audits=data['assurance_activities']['special_audit'],
-                      )
-        op = process(HACT, filters=dict(year=today.year,
-                                        area_code=country.business_area_code,
-                                        country_name=country.name,
-                                        schema_name=country.schema_name),
-                     values=values)
-        results.incr(op)
-        # existing, created = HACT.objects.get_or_create(year=today.year,
-        #                                                country_name=country.name,
-        #                                                schema_name=country.schema_name,
-        #                                                defaults=values)
-        # if created:
-        #     results.created += 1
-        # else:
-        #     if is_record_changed(existing, values):
-        #         results.updated += 1
-        #         HACT.objects.update_or_create(year=today.year,
-        #                                       country_name=country.name,
-        #                                       schema_name=country.schema_name,
-        #                                       defaults=values)
-        #     else:
-        #         results.unchanged += 1
-
-    return results
-
-
-@app.etl(PMPIndicators)
-def load_pmp_indicator() -> EtlResult:
-    connection = connections['etools']
-    countries = connection.get_tenants()
-    base_url = 'https://etools.unicef.org'
-    results = EtlResult()
-
-    for country in countries:
-        connection.set_schemas([country.schema_name])
-
-        logger.info(u'Running on %s' % country.name)
-        for partner in PartnersPartnerorganization.objects.all():
-            for intervention in PartnersIntervention.objects.filter(agreement__partner=partner):
-                planned_budget = getattr(intervention,
-                                         'partnersintervention_partners_interventionbudget_intervention_id', None)
-                fr_currencies = intervention.frs.all().values_list('currency', flat=True).distinct()
-                has_assessment = bool(getattr(partner.current_core_value_assessment, 'assessment', False))
-                values = {'country_name': country.name,
-                          'schema_name': country.schema_name,
-                          'area_code': country.business_area_code,
-                          'partner_name': partner.name,
-                          'partner_type': partner.cso_type,
-                          'vendor_number': partner.vendor_number,
-
-                          'pd_ssfa_ref': intervention.number.replace(',', '-'),
-                          'pd_ssfa_status': intervention.status.title(),
-                          'pd_ssfa_start_date': intervention.start,
-                          'pd_ssfa_creation_date': intervention.created,
-                          'pd_ssfa_end_date': intervention.end,
-
-                          'cash_contribution': intervention.total_unicef_cash or 0,
-                          'supply_contribution': intervention.total_in_kind_amount or 0,
-                          'total_budget': intervention.total_budget or 0,
-                          'unicef_budget': intervention.total_unicef_budget or 0,
-
-                          'currency': intervention.planned_budget.currency if planned_budget else '-',
-                          'partner_contribution': intervention.planned_budget.partner_contribution if planned_budget else '-',
-                          'unicef_cash': intervention.planned_budget.unicef_cash if planned_budget else '-',
-                          'in_kind_amount': intervention.planned_budget.in_kind_amount if planned_budget else '-',
-                          'total': intervention.planned_budget.total if planned_budget else '-',
-                          'fr_numbers_against_pd_ssfa': ' - '.join([fh.fr_number for fh in intervention.frs.all()]),
-                          'fr_currencies': ', '.join(fr for fr in fr_currencies),
-                          'sum_of_all_fr_planned_amount': intervention.frs.aggregate(
-                              total=Coalesce(Sum('intervention_amt'), 0))[
-                              'total'] if fr_currencies.count() <= 1 else '-',
-                          'core_value_attached': has_assessment,
-                          'partner_link': '{}/pmp/partners/{}/details'.format(base_url, partner.pk),
-                          'intervention_link': '{}/pmp/interventions/{}/details'.format(base_url, intervention.pk),
-                          }
-                op = process(PMPIndicators, filters=dict(country_name=country.name,
-                                                         schema_name=country.schema_name,
-                                                         partner_id=partner.pk,
-                                                         intervention_id=intervention.pk),
-                             values=values)
-                results.incr(op)
-                # existing, created = PMPIndicators.objects.get_or_create(country_name=country.name,
-                #                                                         schema_name=country.schema_name,
-                #                                                         country_id=partner.id,
-                #                                                         partner_id=partner.pk,
-                #                                                         intervention_id=intervention.pk,
-                #                                                         defaults=values)
-                # if created:
-                #     results.created += 1
-                # else:
-                #     if is_record_changed(existing, values):
-                #         results.updated += 1
-                #         PMPIndicators.objects.update_or_create(country_name=country.name,
-                #                                                schema_name=country.schema_name,
-                #                                                country_id=partner.id,
-                #                                                partner_id=partner.pk,
-                #                                                intervention_id=intervention.pk,
-                #                                                defaults=values)
-                #     else:
-                #         results.unchanged += 1
-
-    return results
-    #             PMPIndicators.objects.create(
-    #                 country_id=country.pk,
-    #                 partner_id=partner.pk,
-    #                 intervention_id=intervention.pk)
-    #             created[country.name] += 1
-    #
-    # return created
-
-
-@app.etl(Intervention)
-def load_intervention() -> EtlResult:
-    connection = connections['etools']
-    countries = connection.get_tenants()
-    results = EtlResult()
-    for country in countries:
-        connection.set_schemas([country.schema_name])
-        qs = PartnersIntervention.objects.all().select_related('agreement',
-                                                               'partner_authorized_officer_signatory',
-                                                               'unicef_signatory',
-                                                               'country_programme',
-                                                               )
-        num = 0
-        for num, record in enumerate(qs, 1):
-            values = dict(number=record.number,
-                          title=record.title,
-                          status=record.status,
-                          start_date=record.start,
-                          end_date=record.end,
-                          review_date_prc=record.review_date_prc,
-                          prc_review_document=record.prc_review_document,
-                          partner_name=record.agreement.partner.name,
-                          partner_authorized_officer_signatory_id=get_attr(record,
-                                                                           'partner_authorized_officer_signatory.pk'),
-                          country_programme_id=get_attr(record, 'country_programme.pk'),
-                          intervention_id=record.pk,
-                          unicef_signatory_id=get_attr(record, 'unicef_signatory.pk'),
-
-                          signed_by_unicef_date=record.signed_by_unicef_date,
-                          signed_by_partner_date=record.signed_by_partner_date,
-                          population_focus=record.population_focus,
-                          signed_pd_document=record.signed_pd_document,
-
-                          submission_date=record.submission_date,
-                          submission_date_prc=record.submission_date_prc,
-
-                          unicef_signatory_first_name=get_attr(record,
-                                                               'unicef_signatory.first_name'),
-                          unicef_signatory_last_name=get_attr(record,
-                                                              'unicef_signatory.last_name'),
-                          unicef_signatory_email=get_attr(record, 'unicef_signatory.email'),
-
-                          partner_signatory_title=get_attr(record,
-                                                           'partner_authorized_officer_signatory.title'),
-                          partner_signatory_first_name=get_attr(record,
-                                                                'partner_authorized_officer_signatory.first_name'),
-                          partner_signatory_last_name=get_attr(record,
-                                                               'partner_authorized_officer_signatory.last_name'),
-                          partner_signatory_email=get_attr(record,
-                                                           'partner_authorized_officer_signatory.email'),
-                          partner_signatory_phone=get_attr(record,
-                                                           'partner_authorized_officer_signatory.phone'),
-
-                          partner_focal_point_title=get_attr(record,
-                                                             'partner_focal_point.title'),
-                          partner_focal_point_first_name=get_attr(record,
-                                                                  'partner_focal_point.first_name'),
-                          partner_focal_point_last_name=get_attr(record,
-                                                                 'partner_focal_point.last_name'),
-                          partner_focal_point_email=get_attr(record,
-                                                             'partner_focal_point.email'),
-                          partner_focal_point_phone=get_attr(record,
-                                                             'partner_focal_point.phone'),
-
-                          metadata=record.metadata,
-                          document_type=record.document_type,
-                          updated=record.modified,
-                          created=record.created,
-                          )
-            op = process(Intervention, filters=dict(country_name=country.name,
-                                                    schema_name=country.schema_name,
-                                                    area_code=country.business_area_code,
-                                                    agreement_id=record.agreement.pk,
-                                                    intervention_id=record.pk),
-                         values=values)
-            results.incr(op)
-
-            # existing, created = Intervention.objects.get_or_create(country_name=country.name,
-            #                                                        schema_name=country.schema_name,
-            #                                                        intervention_id=record.pk,
-            #                                                        defaults=values)
-            # if created:
-            #     results.created += 1
-            # else:
-            #     if is_record_changed(existing, values):
-            #         results.updated += 1
-            #         Intervention.objects.update_or_create(country_name=country.name,
-            #                                               schema_name=country.schema_name,
-            #                                               intervention_id=record.pk,
-            #                                               defaults=values)
-            #     else:
-            #         results.unchanged += 1
-
-    return results
-
-
-@app.etl(FAMIndicator)
-def load_fam_indicator() -> EtlResult:
-    connection = connections['etools']
-    countries = connection.get_tenants()
-
-    engagements = (AuditSpotcheck, AuditAudit, AuditSpecialaudit, AuditMicroassessment)
-    start_date = date.today()  # + relativedelta(months=-1)
-    results = EtlResult()
-    for country in countries:
-        connection.set_schemas([country.schema_name])
-        for model in engagements:
-            # indicator, created = FAMIndicator.objects.get_or_create(month=start_date,
-            #                                                         country_name=country.name,
-            #                                                         schema_name=country.schema_name)
-            # if created:
-            #     results.created += 1
-            # changed = created
-            realname = "_".join(model._meta.db_table.split('_')[1:])
-            values = {}
-            for status, status_display in AuditEngagement.STATUSES:
-                filter_dict = {
-                    'engagement_ptr__status': status,
-                    'engagement_ptr__start_date__month': start_date.month,
-                    'engagement_ptr__start_date__year': start_date.year,
-                }
-                field_name = f"{realname}_{status_display}".replace(" ", "_").lower()
-                value = model.objects.filter(**filter_dict).count()
-                values[field_name] = value
-                # try:
-                #     field_name = f"{realname}_{status_display}".replace(" ", "_").lower()
-                #     value = model.objects.filter(**filter_dict).count()
-                #     # just a safety check
-                #     if not hasattr(indicator, field_name):  # pragma: no cover
-                #         raise ValueError(field_name)
-                #     if getattr(indicator, field_name) == value:
-                #         changed = False
-                #     else:
-                #         changed = changed and True
-                #         setattr(indicator, field_name, value)
-                # except Exception as e:  # pragma: no cover
-                #     logger.error(e)
-                #     raise
-            op = process(FAMIndicator, filters=dict(month=start_date,
-                                                    country_name=country.name,
-                                                    area_code=country.business_area_code,
-                                                    schema_name=country.schema_name),
-                         values=values)
-            results.incr(op)
-    return results
-
-
-@app.etl(UserStats, bind=True)
-def load_user_report():
-    connection = connections['etools']
-    countries = connection.get_tenants()
-    today = date.today()
-    first_of_month = datetime(today.year, today.month, 1)
-    results = EtlResult()
-    for country in countries:
-        connection.set_schemas([country.schema_name])
-        base = AuthUser.objects.filter(profile__country=country)
-        values = {
-            'total': base.count(),
-            'unicef': base.filter(email__endswith='@unicef.org').count(),
-            'logins': base.filter(
-                last_login__month=first_of_month.month).count(),
-            'unicef_logins': base.filter(
-                last_login__month=first_of_month.month,
-                email__endswith='@unicef.org').count(),
-        }
-        op = process(UserStats, filters=dict(month=first_of_month,
-                                             country_name=country.name,
-                                             schema_name=country.schema_name, ),
-                     values=values)
-        results.incr(op)
-
-        # existing, created = UserStats.objects.get_or_create(month=first_of_month,
-        #                                                     country_name=country.name,
-        #                                                     schema_name=country.schema_name,
-        #                                                     defaults=values)
-        # if created:
-        #     results.created += 1
-        # else:
-        #     if is_record_changed(existing, values):
-        #         results.updated += 1
-        #         UserStats.objects.update_or_create(month=first_of_month,
-        #                                            country_name=country.name,
-        #                                            schema_name=country.schema_name,
-        #                                            defaults=values)
-        #     else:
-        #         results.unchanged += 1
-    #
-    return results
-    # UserStats.objects.update_or_create(month=first_of_month,
-    #                                    country_name=country.name,
-    #                                    schema_name=country.schema_name,
-    #                                    defaults=values)
-    # created[country.name] += 1
-    #
-    # return created
+# # -*- coding: utf-8 -*-
+# import json
+# import logging
+# from datetime import date, datetime
+#
+# from crashlog.middleware import process_exception
+# from django.db import connections
+# from django.db.models import Sum
+# from django.db.models.functions import Coalesce
+# from django.utils import timezone
+# from strategy_field.utils import get_attr
+#
+# from etools_datamart.apps.data.models import HACT, Intervention, PMPIndicators
+# from etools_datamart.apps.data.models.fam import FAMIndicator
+# from etools_datamart.apps.data.models.user import UserStats
+# # from etools_datamart.apps.etl.results import CREATED, EtlResult, UNCHANGED, UPDATED
+# from etools_datamart.apps.etools.models import (AuditAudit, AuditEngagement, AuditMicroassessment,
+#                                                 AuditSpecialaudit, AuditSpotcheck, AuthUser, HactAggregatehact,
+#                                                 PartnersIntervention, PartnersPartnerorganization,)
+# from etools_datamart.celery import app
+#
+# logger = logging.getLogger(__name__)
+#
+# __all__ = ["load_hact", "load_user_report", "load_fam_indicator",
+#            "load_pmp_indicator", "load_intervention"]
+#
+#
+# def is_record_changed(record, values):
+#     other = type(record)(**values)
+#     for field_name, field_value in values.items():
+#         if getattr(record, field_name) != getattr(other, field_name):
+#             return True
+#     return False
+#
+#
+# def process(Model, filters, values):
+#     try:
+#         existing, created = Model.objects.get_or_create(**filters,
+#                                                         defaults=values)
+#         if created:
+#             op = CREATED
+#         else:
+#             if is_record_changed(existing, values):
+#                 op = UPDATED
+#                 Model.objects.update_or_create(**filters,
+#                                                defaults=values)
+#             else:
+#                 op = UNCHANGED
+#         return op
+#     except Exception as e:  # pragma: no cover
+#         logging.exception(e)
+#         process_exception(e)
+#         raise
+#
+#
+# # @app.etl(HACT)
+# def load_hact():
+#     connection = connections['etools']
+#     countries = connection.get_tenants()
+#     today = timezone.now()
+#     results = EtlResult()
+#     for country in countries:
+#         connection.set_schemas([country.schema_name])
+#
+#         logger.info(u'Running on %s' % country.name)
+#         aggregate = HactAggregatehact.objects.get(year=today.year)
+#         data = json.loads(aggregate.partner_values)
+#
+#         # PartnersPartnerorganization.objects.hact_active()
+#         # qs = PartnersPartnerorganization.objects.filter(Q(reported_cy__gt=0) | Q(total_ct_cy__gt=0), hidden=False)
+#         # values = dict(microassessments_total=0,
+#         #               programmaticvisits_total=0,
+#         #               followup_spotcheck=0,
+#         #               completed_hact_audits=0,
+#         #               completed_special_audits=0,
+#         #               )
+#         # for partner in qs.all():
+#         #     values['microassessments_total'] += AuditEngagement.objects.filter(
+#         #         engagement_type=AuditEngagement.TYPE_MICRO_ASSESSMENT,
+#         #         status=AuditEngagement.FINAL, date_of_draft_report_to_unicef__year=datetime.now().year).count()
+#         #
+#         #     values['programmaticvisits_total'] += partner.hact_values['programmatic_visits']['completed']['total']
+#         #     values['followup_spotcheck'] = qs.aggregate(total=Coalesce(Sum(
+#         #         'planned_engagement__spot_check_follow_up'), 0))['total']
+#         #
+#         #     # completed_hact_audits = ?
+#         #     values['completed_special_audits'] += AuditEngagement.objects.filter(
+#         #         engagement_type=AuditEngagement.TYPE_SPECIAL_AUDIT,
+#         #         status=AuditEngagement.FINAL, date_of_draft_report_to_unicef__year=datetime.now().year).count()
+#
+#         # # Total number of completed Microassessments in the business area in the past year
+#         values = dict(microassessments_total=data['assurance_activities']['micro_assessment'],
+#                       programmaticvisits_total=data['assurance_activities']['programmatic_visits']['completed'],
+#                       followup_spotcheck=data['assurance_activities']['spot_checks']['follow_up'],
+#                       completed_spotcheck=data['assurance_activities']['spot_checks']['completed'],
+#                       completed_hact_audits=data['assurance_activities']['scheduled_audit'],
+#                       completed_special_audits=data['assurance_activities']['special_audit'],
+#                       )
+#         op = process(HACT, filters=dict(year=today.year,
+#                                         area_code=country.business_area_code,
+#                                         country_name=country.name,
+#                                         schema_name=country.schema_name),
+#                      values=values)
+#         results.incr(op)
+#         # existing, created = HACT.objects.get_or_create(year=today.year,
+#         #                                                country_name=country.name,
+#         #                                                schema_name=country.schema_name,
+#         #                                                defaults=values)
+#         # if created:
+#         #     results.created += 1
+#         # else:
+#         #     if is_record_changed(existing, values):
+#         #         results.updated += 1
+#         #         HACT.objects.update_or_create(year=today.year,
+#         #                                       country_name=country.name,
+#         #                                       schema_name=country.schema_name,
+#         #                                       defaults=values)
+#         #     else:
+#         #         results.unchanged += 1
+#
+#     return results
+#
+#
+# # @app.etl(PMPIndicators)
+# def load_pmp_indicator() -> EtlResult:
+#     connection = connections['etools']
+#     countries = connection.get_tenants()
+#     base_url = 'https://etools.unicef.org'
+#     results = EtlResult()
+#
+#     for country in countries:
+#         connection.set_schemas([country.schema_name])
+#
+#         logger.info(u'Running on %s' % country.name)
+#         for partner in PartnersPartnerorganization.objects.all():
+#             for intervention in PartnersIntervention.objects.filter(agreement__partner=partner):
+#                 planned_budget = getattr(intervention,
+#                                          'partnersintervention_partners_interventionbudget_intervention_id', None)
+#                 fr_currencies = intervention.frs.all().values_list('currency', flat=True).distinct()
+#                 has_assessment = bool(getattr(partner.current_core_value_assessment, 'assessment', False))
+#                 values = {'country_name': country.name,
+#                           'schema_name': country.schema_name,
+#                           'area_code': country.business_area_code,
+#                           'partner_name': partner.name,
+#                           'partner_type': partner.cso_type,
+#                           'vendor_number': partner.vendor_number,
+#
+#                           'pd_ssfa_ref': intervention.number.replace(',', '-'),
+#                           'pd_ssfa_status': intervention.status.title(),
+#                           'pd_ssfa_start_date': intervention.start,
+#                           'pd_ssfa_creation_date': intervention.created,
+#                           'pd_ssfa_end_date': intervention.end,
+#
+#                           'cash_contribution': intervention.total_unicef_cash or 0,
+#                           'supply_contribution': intervention.total_in_kind_amount or 0,
+#                           'total_budget': intervention.total_budget or 0,
+#                           'unicef_budget': intervention.total_unicef_budget or 0,
+#
+#                           'currency': intervention.planned_budget.currency if planned_budget else '-',
+#                           'partner_contribution': intervention.planned_budget.partner_contribution if planned_budget else '-',
+#                           'unicef_cash': intervention.planned_budget.unicef_cash if planned_budget else '-',
+#                           'in_kind_amount': intervention.planned_budget.in_kind_amount if planned_budget else '-',
+#                           'total': intervention.planned_budget.total if planned_budget else '-',
+#                           'fr_numbers_against_pd_ssfa': ' - '.join([fh.fr_number for fh in intervention.frs.all()]),
+#                           'fr_currencies': ', '.join(fr for fr in fr_currencies),
+#                           'sum_of_all_fr_planned_amount': intervention.frs.aggregate(
+#                               total=Coalesce(Sum('intervention_amt'), 0))[
+#                               'total'] if fr_currencies.count() <= 1 else '-',
+#                           'core_value_attached': has_assessment,
+#                           'partner_link': '{}/pmp/partners/{}/details'.format(base_url, partner.pk),
+#                           'intervention_link': '{}/pmp/interventions/{}/details'.format(base_url, intervention.pk),
+#                           }
+#                 op = process(PMPIndicators, filters=dict(country_name=country.name,
+#                                                          schema_name=country.schema_name,
+#                                                          partner_id=partner.pk,
+#                                                          intervention_id=intervention.pk),
+#                              values=values)
+#                 results.incr(op)
+#                 # existing, created = PMPIndicators.objects.get_or_create(country_name=country.name,
+#                 #                                                         schema_name=country.schema_name,
+#                 #                                                         country_id=partner.id,
+#                 #                                                         partner_id=partner.pk,
+#                 #                                                         intervention_id=intervention.pk,
+#                 #                                                         defaults=values)
+#                 # if created:
+#                 #     results.created += 1
+#                 # else:
+#                 #     if is_record_changed(existing, values):
+#                 #         results.updated += 1
+#                 #         PMPIndicators.objects.update_or_create(country_name=country.name,
+#                 #                                                schema_name=country.schema_name,
+#                 #                                                country_id=partner.id,
+#                 #                                                partner_id=partner.pk,
+#                 #                                                intervention_id=intervention.pk,
+#                 #                                                defaults=values)
+#                 #     else:
+#                 #         results.unchanged += 1
+#
+#     return results
+#     #             PMPIndicators.objects.create(
+#     #                 country_id=country.pk,
+#     #                 partner_id=partner.pk,
+#     #                 intervention_id=intervention.pk)
+#     #             created[country.name] += 1
+#     #
+#     # return created
+#
+#
+# # @app.etl(Intervention)
+# def load_intervention() -> EtlResult:
+#     connection = connections['etools']
+#     countries = connection.get_tenants()
+#     results = EtlResult()
+#     for country in countries:
+#         connection.set_schemas([country.schema_name])
+#         qs = PartnersIntervention.objects.all().select_related('agreement',
+#                                                                'partner_authorized_officer_signatory',
+#                                                                'unicef_signatory',
+#                                                                'country_programme',
+#                                                                )
+#         num = 0
+#         for num, record in enumerate(qs, 1):
+#             values = dict(number=record.number,
+#                           title=record.title,
+#                           status=record.status,
+#                           start_date=record.start,
+#                           end_date=record.end,
+#                           review_date_prc=record.review_date_prc,
+#                           prc_review_document=record.prc_review_document,
+#                           partner_name=record.agreement.partner.name,
+#                           partner_authorized_officer_signatory_id=get_attr(record,
+#                                                                            'partner_authorized_officer_signatory.pk'),
+#                           country_programme_id=get_attr(record, 'country_programme.pk'),
+#                           intervention_id=record.pk,
+#                           unicef_signatory_id=get_attr(record, 'unicef_signatory.pk'),
+#
+#                           signed_by_unicef_date=record.signed_by_unicef_date,
+#                           signed_by_partner_date=record.signed_by_partner_date,
+#                           population_focus=record.population_focus,
+#                           signed_pd_document=record.signed_pd_document,
+#
+#                           submission_date=record.submission_date,
+#                           submission_date_prc=record.submission_date_prc,
+#
+#                           unicef_signatory_first_name=get_attr(record,
+#                                                                'unicef_signatory.first_name'),
+#                           unicef_signatory_last_name=get_attr(record,
+#                                                               'unicef_signatory.last_name'),
+#                           unicef_signatory_email=get_attr(record, 'unicef_signatory.email'),
+#
+#                           partner_signatory_title=get_attr(record,
+#                                                            'partner_authorized_officer_signatory.title'),
+#                           partner_signatory_first_name=get_attr(record,
+#                                                                 'partner_authorized_officer_signatory.first_name'),
+#                           partner_signatory_last_name=get_attr(record,
+#                                                                'partner_authorized_officer_signatory.last_name'),
+#                           partner_signatory_email=get_attr(record,
+#                                                            'partner_authorized_officer_signatory.email'),
+#                           partner_signatory_phone=get_attr(record,
+#                                                            'partner_authorized_officer_signatory.phone'),
+#
+#                           partner_focal_point_title=get_attr(record,
+#                                                              'partner_focal_point.title'),
+#                           partner_focal_point_first_name=get_attr(record,
+#                                                                   'partner_focal_point.first_name'),
+#                           partner_focal_point_last_name=get_attr(record,
+#                                                                  'partner_focal_point.last_name'),
+#                           partner_focal_point_email=get_attr(record,
+#                                                              'partner_focal_point.email'),
+#                           partner_focal_point_phone=get_attr(record,
+#                                                              'partner_focal_point.phone'),
+#
+#                           metadata=record.metadata,
+#                           document_type=record.document_type,
+#                           updated=record.modified,
+#                           created=record.created,
+#                           )
+#             op = process(Intervention, filters=dict(country_name=country.name,
+#                                                     schema_name=country.schema_name,
+#                                                     area_code=country.business_area_code,
+#                                                     agreement_id=record.agreement.pk,
+#                                                     intervention_id=record.pk),
+#                          values=values)
+#             results.incr(op)
+#
+#             # existing, created = Intervention.objects.get_or_create(country_name=country.name,
+#             #                                                        schema_name=country.schema_name,
+#             #                                                        intervention_id=record.pk,
+#             #                                                        defaults=values)
+#             # if created:
+#             #     results.created += 1
+#             # else:
+#             #     if is_record_changed(existing, values):
+#             #         results.updated += 1
+#             #         Intervention.objects.update_or_create(country_name=country.name,
+#             #                                               schema_name=country.schema_name,
+#             #                                               intervention_id=record.pk,
+#             #                                               defaults=values)
+#             #     else:
+#             #         results.unchanged += 1
+#
+#     return results
+#
+#
+# @app.etl(FAMIndicator)
+# def load_fam_indicator() -> EtlResult:
+#     connection = connections['etools']
+#     countries = connection.get_tenants()
+#
+#     engagements = (AuditSpotcheck, AuditAudit, AuditSpecialaudit, AuditMicroassessment)
+#     start_date = date.today()  # + relativedelta(months=-1)
+#     results = EtlResult()
+#     for country in countries:
+#         connection.set_schemas([country.schema_name])
+#         for model in engagements:
+#             # indicator, created = FAMIndicator.objects.get_or_create(month=start_date,
+#             #                                                         country_name=country.name,
+#             #                                                         schema_name=country.schema_name)
+#             # if created:
+#             #     results.created += 1
+#             # changed = created
+#             realname = "_".join(model._meta.db_table.split('_')[1:])
+#             values = {}
+#             for status, status_display in AuditEngagement.STATUSES:
+#                 filter_dict = {
+#                     'engagement_ptr__status': status,
+#                     'engagement_ptr__start_date__month': start_date.month,
+#                     'engagement_ptr__start_date__year': start_date.year,
+#                 }
+#                 field_name = f"{realname}_{status_display}".replace(" ", "_").lower()
+#                 value = model.objects.filter(**filter_dict).count()
+#                 values[field_name] = value
+#                 # try:
+#                 #     field_name = f"{realname}_{status_display}".replace(" ", "_").lower()
+#                 #     value = model.objects.filter(**filter_dict).count()
+#                 #     # just a safety check
+#                 #     if not hasattr(indicator, field_name):  # pragma: no cover
+#                 #         raise ValueError(field_name)
+#                 #     if getattr(indicator, field_name) == value:
+#                 #         changed = False
+#                 #     else:
+#                 #         changed = changed and True
+#                 #         setattr(indicator, field_name, value)
+#                 # except Exception as e:  # pragma: no cover
+#                 #     logger.error(e)
+#                 #     raise
+#             op = process(FAMIndicator, filters=dict(month=start_date,
+#                                                     country_name=country.name,
+#                                                     area_code=country.business_area_code,
+#                                                     schema_name=country.schema_name),
+#                          values=values)
+#             results.incr(op)
+#     return results
+#
+#
+# @app.etl(UserStats, bind=True)
+# def load_user_report():
+#     connection = connections['etools']
+#     countries = connection.get_tenants()
+#     today = date.today()
+#     first_of_month = datetime(today.year, today.month, 1)
+#     results = EtlResult()
+#     for country in countries:
+#         connection.set_schemas([country.schema_name])
+#         base = AuthUser.objects.filter(profile__country=country)
+#         values = {
+#             'total': base.count(),
+#             'unicef': base.filter(email__endswith='@unicef.org').count(),
+#             'logins': base.filter(
+#                 last_login__month=first_of_month.month).count(),
+#             'unicef_logins': base.filter(
+#                 last_login__month=first_of_month.month,
+#                 email__endswith='@unicef.org').count(),
+#         }
+#         op = process(UserStats, filters=dict(month=first_of_month,
+#                                              country_name=country.name,
+#                                              schema_name=country.schema_name, ),
+#                      values=values)
+#         results.incr(op)
+#
+#         # existing, created = UserStats.objects.get_or_create(month=first_of_month,
+#         #                                                     country_name=country.name,
+#         #                                                     schema_name=country.schema_name,
+#         #                                                     defaults=values)
+#         # if created:
+#         #     results.created += 1
+#         # else:
+#         #     if is_record_changed(existing, values):
+#         #         results.updated += 1
+#         #         UserStats.objects.update_or_create(month=first_of_month,
+#         #                                            country_name=country.name,
+#         #                                            schema_name=country.schema_name,
+#         #                                            defaults=values)
+#         #     else:
+#         #         results.unchanged += 1
+#     #
+#     return results
+#     # UserStats.objects.update_or_create(month=first_of_month,
+#     #                                    country_name=country.name,
+#     #                                    schema_name=country.schema_name,
+#     #                                    defaults=values)
+#     # created[country.name] += 1
+#     #
+#     # return created
diff --git a/src/etools_datamart/apps/multitenant/postgresql/base.py b/src/etools_datamart/apps/multitenant/postgresql/base.py
index 3b040e097..42cf731b3 100644
--- a/src/etools_datamart/apps/multitenant/postgresql/base.py
+++ b/src/etools_datamart/apps/multitenant/postgresql/base.py
@@ -3,6 +3,7 @@
 from contextlib import contextmanager
 from functools import lru_cache
 from time import time
+from typing import List
 
 import django.db.utils
 import psycopg2
@@ -13,6 +14,7 @@
 from django.utils.functional import cached_property
 
 # from etools_datamart.state import state
+from etools_datamart.apps.etools.models import UsersCountry
 from etools_datamart.apps.multitenant.exceptions import InvalidSchema
 
 from ..sql import Parser
@@ -166,13 +168,14 @@ def noschema(self):
         self.set_schemas(old)
 
     @lru_cache()
-    def get_tenants(self):
+    def get_tenants(self) -> List[UsersCountry]:
+        # should be etools.UsersCountry
         model = apps.get_model(settings.TENANT_MODEL)
         return model.objects.filter(**settings.SCHEMA_FILTER).exclude(**settings.SCHEMA_EXCLUDE).order_by('name')
 
     @cached_property
     def all_schemas(self):
-        return set([c.schema_name for c in self.get_tenants()])
+        return sorted(set([c.schema_name for c in self.get_tenants()]))
 
     def set_schemas(self, schemas):
         """
diff --git a/src/etools_datamart/apps/security/admin.py b/src/etools_datamart/apps/security/admin.py
index 57d276605..708ea12f6 100644
--- a/src/etools_datamart/apps/security/admin.py
+++ b/src/etools_datamart/apps/security/admin.py
@@ -1,8 +1,13 @@
 from django.contrib import admin
+from django.db import connections
 
-from etools_datamart.apps.security.models import SchemaAccessControl
+from .forms import SchemaAccessControlForm
+from .models import SchemaAccessControl
+
+conn = connections['etools']
 
 
 @admin.register(SchemaAccessControl)
 class SchemaAccessControlAdmin(admin.ModelAdmin):
+    form = SchemaAccessControlForm
     list_display = ('group', 'schemas')
diff --git a/src/etools_datamart/apps/security/forms.py b/src/etools_datamart/apps/security/forms.py
new file mode 100644
index 000000000..81005088f
--- /dev/null
+++ b/src/etools_datamart/apps/security/forms.py
@@ -0,0 +1,21 @@
+from django import forms
+from django.contrib.auth.models import Group
+from django.db import connections
+from django.forms import ModelForm
+
+from .models import SchemaAccessControl
+
+conn = connections['etools']
+
+
+class SchemaAccessControlForm(ModelForm):
+    group = forms.ModelChoiceField(queryset=Group.objects.all())
+    schemas = forms.MultipleChoiceField(choices=zip(conn.all_schemas,
+                                                    conn.all_schemas), required=False)
+
+    class Meta:
+        model = SchemaAccessControl
+        fields = ('group', 'schemas')
+
+    def clean_schemas(self):
+        return sorted(self.cleaned_data['schemas'])
diff --git a/src/etools_datamart/apps/security/migrations/0001_initial.py b/src/etools_datamart/apps/security/migrations/0001_initial.py
index 5526c6863..fca0b30e0 100644
--- a/src/etools_datamart/apps/security/migrations/0001_initial.py
+++ b/src/etools_datamart/apps/security/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-18 20:43
+# Generated by Django 2.1.4 on 2018-12-20 10:37
 
 import django.contrib.postgres.fields
 import django.db.models.deletion
diff --git a/src/etools_datamart/apps/security/static/security/array_widget.js b/src/etools_datamart/apps/security/static/security/array_widget.js
new file mode 100644
index 000000000..a094f6bef
--- /dev/null
+++ b/src/etools_datamart/apps/security/static/security/array_widget.js
@@ -0,0 +1,12 @@
+$('.dynamic-array-widget').each(function() {
+    $(this).find('.add-array-item').click((function($last) {
+        return function() {
+            var $new = $last.clone();
+            var id_parts = $new.find('input').attr('id').split('_');
+            var id = id_parts.slice(0, -1).join('_') + '_' + String(parseInt(id_parts.slice(-1)[0]) + 1);
+            $new.find('input').attr('id', id);
+            $new.find('input').prop('value', '');
+            $new.insertAfter($last);
+        };
+    })($(this).find('.array-item').last()));
+});
diff --git a/src/etools_datamart/apps/security/templates/admin/security/schemaaccesscontrol/change_form.html b/src/etools_datamart/apps/security/templates/admin/security/schemaaccesscontrol/change_form.html
new file mode 100644
index 000000000..7616d58da
--- /dev/null
+++ b/src/etools_datamart/apps/security/templates/admin/security/schemaaccesscontrol/change_form.html
@@ -0,0 +1,20 @@
+{% extends "admin/change_form.html" %}
+{% block extrahead %}{{ block.super }}
+    <link href="https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.6-rc.0/css/select2.min.css" rel="stylesheet"/>
+    <script>window.jQuery = window.$ = django.jQuery;</script>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.6-rc.0/js/select2.min.js"></script>
+
+{% endblock %}
+
+
+{% block admin_change_form_document_ready %}
+    {{ block.super }}
+    <style>
+        select {
+            width: 100%;
+        }
+    </style>
+    <script>
+        django.jQuery('select').select2();
+    </script>
+{% endblock %}
diff --git a/src/etools_datamart/apps/security/templates/security/array_widget.html b/src/etools_datamart/apps/security/templates/security/array_widget.html
new file mode 100644
index 000000000..ead373f86
--- /dev/null
+++ b/src/etools_datamart/apps/security/templates/security/array_widget.html
@@ -0,0 +1,10 @@
+{% spaceless %}
+<div class="dynamic-array-widget">
+  <ul>
+    {% for widget in widget.subwidgets %}
+      <li class="array-item">{% include widget.template_name %}</li>
+    {% endfor %}
+  </ul>
+  <div><button type="button" class="add-array-item">Add another</button></div>
+</div>
+{% endspaceless %}
diff --git a/src/etools_datamart/apps/subscriptions/migrations/0001_initial.py b/src/etools_datamart/apps/subscriptions/migrations/0001_initial.py
index 860216c57..05024ef6c 100644
--- a/src/etools_datamart/apps/subscriptions/migrations/0001_initial.py
+++ b/src/etools_datamart/apps/subscriptions/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-18 20:43
+# Generated by Django 2.1.4 on 2018-12-20 10:37
 
 import django.db.models.deletion
 from django.db import migrations, models
diff --git a/src/etools_datamart/apps/subscriptions/migrations/0002_auto_20181218_2043.py b/src/etools_datamart/apps/subscriptions/migrations/0002_auto_20181220_1037.py
similarity index 93%
rename from src/etools_datamart/apps/subscriptions/migrations/0002_auto_20181218_2043.py
rename to src/etools_datamart/apps/subscriptions/migrations/0002_auto_20181220_1037.py
index b221d04ae..06f818e59 100644
--- a/src/etools_datamart/apps/subscriptions/migrations/0002_auto_20181218_2043.py
+++ b/src/etools_datamart/apps/subscriptions/migrations/0002_auto_20181220_1037.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-18 20:43
+# Generated by Django 2.1.4 on 2018-12-20 10:37
 
 import django.db.models.deletion
 from django.conf import settings
diff --git a/src/etools_datamart/apps/tracking/migrations/0001_initial.py b/src/etools_datamart/apps/tracking/migrations/0001_initial.py
index 22e43bb4e..444bd4fb9 100644
--- a/src/etools_datamart/apps/tracking/migrations/0001_initial.py
+++ b/src/etools_datamart/apps/tracking/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-18 20:43
+# Generated by Django 2.1.4 on 2018-12-20 10:37
 
 import django.utils.timezone
 import strategy_field.fields
diff --git a/src/etools_datamart/apps/tracking/migrations/0002_auto_20181218_2043.py b/src/etools_datamart/apps/tracking/migrations/0002_auto_20181220_1037.py
similarity index 97%
rename from src/etools_datamart/apps/tracking/migrations/0002_auto_20181218_2043.py
rename to src/etools_datamart/apps/tracking/migrations/0002_auto_20181220_1037.py
index 7a26fe5be..e7199d780 100644
--- a/src/etools_datamart/apps/tracking/migrations/0002_auto_20181218_2043.py
+++ b/src/etools_datamart/apps/tracking/migrations/0002_auto_20181220_1037.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-18 20:43
+# Generated by Django 2.1.4 on 2018-12-20 10:37
 
 import django.db.models.deletion
 from django.conf import settings
@@ -10,9 +10,9 @@ class Migration(migrations.Migration):
     initial = True
 
     dependencies = [
-        ('tracking', '0001_initial'),
         ('unicef_rest_framework', '0001_initial'),
         migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+        ('tracking', '0001_initial'),
     ]
 
     operations = [
diff --git a/src/etools_datamart/celery.py b/src/etools_datamart/celery.py
index af968a78a..a6dab833e 100644
--- a/src/etools_datamart/celery.py
+++ b/src/etools_datamart/celery.py
@@ -1,47 +1,47 @@
-import json
+# import json
 import os
 from time import time
 
 from celery import Celery
-from celery.contrib.abortable import AbortableTask
+# from celery.contrib.abortable import AbortableTask
 from celery.signals import task_postrun, task_prerun
 from kombu import Exchange, Queue
 from kombu.serialization import register
 
-from etools_datamart.apps.etl.results import etl_dumps
+from etools_datamart.apps.etl.results import etl_dumps, etl_loads
 
 os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'etools_datamart.config.settings')
 
 
-class ETLTask(AbortableTask):
-    abstract = True
-    linked_model = None
+# class ETLTask(AbortableTask):
+#     abstract = True
+#     linked_model = None
 
 
 class DatamartCelery(Celery):
-    etl_cls = ETLTask
+    # etl_cls = ETLTask
     _mapping = {}
 
-    def _task_from_fun(self, fun, name=None, base=None, bind=False, **options):
-        from etools_datamart.apps.etl.lock import only_one
-        linked_model = options.get('linked_model', None)
-        if linked_model:
-            name = name or self.gen_task_name(fun.__name__, fun.__module__)
-            options['lock_key'] = f"{name}-lock"
-            fun = only_one(fun, options['lock_key'])
-            options['unlock'] = fun.unlock
-            task = super()._task_from_fun(fun, name=name, base=None, bind=False, **options)
-            linked_model._etl_task = task
-            linked_model._etl_loader = fun
-        else:
-            task = super()._task_from_fun(fun, name=name, base=None, bind=False, **options)
-        return task
-
-    def etl(self, model, *args, **opts):
-        opts['base'] = ETLTask
-        opts['linked_model'] = model
-        task = super().task(*args, **opts)
-        return task
+    # def _task_from_fun(self, fun, name=None, base=None, bind=False, **options):
+    #     from etools_datamart.apps.etl.lock import only_one
+    #     linked_model = options.get('linked_model', None)
+    #     if linked_model:
+    #         name = name or self.gen_task_name(fun.__name__, fun.__module__)
+    #         options['lock_key'] = f"{name}-lock"
+    #         fun = only_one(fun, options['lock_key'])
+    #         # options['unlock'] = fun.unlock
+    #         task = super()._task_from_fun(fun, name=name, base=None, bind=False, **options)
+    #         linked_model._etl_task = task
+    #         linked_model._etl_loader = fun
+    #     else:
+    #         task = super()._task_from_fun(fun, name=name, base=None, bind=False, **options)
+    #     return task
+    #
+    # def etl(self, model, *args, **opts):
+    #     opts['base'] = ETLTask
+    #     opts['linked_model'] = model
+    #     task = super().task(*args, **opts)
+    #     return task
 
     def get_all_etls(self):
         return [cls for (name, cls) in self.tasks.items() if hasattr(cls, 'linked_model')]
@@ -93,7 +93,7 @@ def task_prerun_handler(signal, sender, task_id, task, args, kwargs, **kw):
                                      defaults=defs)
 
 
-register('etljson', etl_dumps, json.loads,
+register('etljson', etl_dumps, etl_loads,
          content_type='application/x-myjson', content_encoding='utf-8')
 
 
diff --git a/src/etools_datamart/config/settings.py b/src/etools_datamart/config/settings.py
index 1aae5bdb9..f8814fa56 100644
--- a/src/etools_datamart/config/settings.py
+++ b/src/etools_datamart/config/settings.py
@@ -265,6 +265,7 @@
     'constance',
     'constance.backends.database',
     'django.contrib.auth',
+    'django.contrib.gis',
     'django.contrib.contenttypes',
     'django.contrib.sessions',
     'django.contrib.sites',
diff --git a/src/etools_datamart/config/wsgi.py b/src/etools_datamart/config/wsgi.py
index a1121ebd4..3abcc3ec4 100644
--- a/src/etools_datamart/config/wsgi.py
+++ b/src/etools_datamart/config/wsgi.py
@@ -20,5 +20,6 @@
 
 os.environ.setdefault("DJANGO_SETTINGS_MODULE", "etools_datamart.config.settings")
 
-application = WhiteNoise(get_wsgi_application(), root=os.environ.get('STATIC_ROOT'))
+application = WhiteNoise(get_wsgi_application())
+# application = WhiteNoise(get_wsgi_application(), root=os.environ.get('STATIC_ROOT'))
 # application.add_files('/path/to/more/static/files', prefix='more-files/')
diff --git a/src/unicef_rest_framework/migrations/0001_initial.py b/src/unicef_rest_framework/migrations/0001_initial.py
index 2fd3940bc..2dfb2aa9f 100644
--- a/src/unicef_rest_framework/migrations/0001_initial.py
+++ b/src/unicef_rest_framework/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-18 20:43
+# Generated by Django 2.1.4 on 2018-12-20 10:37
 
 import uuid
 
diff --git a/src/unicef_rest_framework/migrations/0002_auto_20181218_2043.py b/src/unicef_rest_framework/migrations/0002_auto_20181220_1037.py
similarity index 98%
rename from src/unicef_rest_framework/migrations/0002_auto_20181218_2043.py
rename to src/unicef_rest_framework/migrations/0002_auto_20181220_1037.py
index 4904f12d3..f8e085829 100644
--- a/src/unicef_rest_framework/migrations/0002_auto_20181218_2043.py
+++ b/src/unicef_rest_framework/migrations/0002_auto_20181220_1037.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-18 20:43
+# Generated by Django 2.1.4 on 2018-12-20 10:37
 
 import django.db.models.deletion
 from django.conf import settings
@@ -10,10 +10,10 @@ class Migration(migrations.Migration):
     initial = True
 
     dependencies = [
-        ('contenttypes', '0002_remove_content_type_name'),
-        ('auth', '0009_alter_user_last_name_max_length'),
         ('unicef_rest_framework', '0001_initial'),
         migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+        ('auth', '0009_alter_user_last_name_max_length'),
+        ('contenttypes', '0002_remove_content_type_name'),
     ]
 
     operations = [
@@ -136,7 +136,7 @@ class Migration(migrations.Migration):
         ),
         migrations.AlterUniqueTogether(
             name='systemfilter',
-            unique_together={('service', 'user'), ('service', 'group')},
+            unique_together={('service', 'group'), ('service', 'user')},
         ),
         migrations.AlterUniqueTogether(
             name='groupaccesscontrol',
diff --git a/src/unicef_security/migrations/0001_initial.py b/src/unicef_security/migrations/0001_initial.py
index 73d32e325..fa3401967 100644
--- a/src/unicef_security/migrations/0001_initial.py
+++ b/src/unicef_security/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-18 20:43
+# Generated by Django 2.1.4 on 2018-12-20 10:37
 
 import django.contrib.auth.models
 import django.contrib.auth.validators
diff --git a/tests/.coveragerc b/tests/.coveragerc
index 83ef845d2..ede0edb4d 100644
--- a/tests/.coveragerc
+++ b/tests/.coveragerc
@@ -17,6 +17,7 @@ omit =
         **/api/endpoints/unicef/business_area.py
         **/api/endpoints/unicef/region.py
         **/api/endpoints/unicef/serializers.py
+        **/etools_datamart/apps/data/management/commands/load.py
 
 
 [report]
diff --git a/tests/conftest.py b/tests/conftest.py
index ab410472c..210c1ee20 100644
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -29,10 +29,10 @@ def django_db_setup(request,
                     django_db_createdb,
                     django_db_modify_db_settings):
     # never touch etools DB
-    if django_db_keepdb:
-        import django.core.management.commands.migrate
-        django.core.management.commands.migrate.emit_pre_migrate_signal = MagicMock()
-        django.core.management.commands.migrate.emit_post_migrate_signal = MagicMock()
+    # if django_db_keepdb:
+    #     import django.core.management.commands.migrate
+    #     django.core.management.commands.migrate.emit_pre_migrate_signal = MagicMock()
+    #     django.core.management.commands.migrate.emit_post_migrate_signal = MagicMock()
 
     from pytest_django.fixtures import django_db_setup as dj_db_setup
     dj_db_setup(request,
diff --git a/tests/etl/test_etl_loaders.py b/tests/etl/test_etl_loaders.py
index 00582c886..d7c9b2c0f 100644
--- a/tests/etl/test_etl_loaders.py
+++ b/tests/etl/test_etl_loaders.py
@@ -1,65 +1,63 @@
 # -*- coding: utf-8 -*-
-from freezegun import freeze_time
-
-from etools_datamart.apps.data.models import FAMIndicator, HACT, Intervention, PMPIndicators, UserStats
-from etools_datamart.apps.etl.tasks.etl import (EtlResult, load_fam_indicator, load_hact,
-                                                load_intervention, load_pmp_indicator, load_user_report,)
+from etools_datamart.apps.data.loader import EtlResult
+from etools_datamart.apps.data.models import FAMIndicator, PMPIndicators
 
 
 def test_load_pmp_indicator(number_of_intervention):
-    load_pmp_indicator.unlock()
-    assert load_pmp_indicator() == EtlResult(created=153)
+    PMPIndicators.objects.truncate()
+    PMPIndicators.loader.unlock()
+    assert PMPIndicators.loader.load() == EtlResult(created=153)
     assert PMPIndicators.objects.count() == number_of_intervention * 3
 
 
-def test_load_intervention(number_of_intervention, settings, monkeypatch):
-    load_intervention.unlock()
-    assert load_intervention() == EtlResult(created=number_of_intervention*3)
-    assert Intervention.objects.count() == number_of_intervention * 3
-
-
+# def test_load_intervention(number_of_intervention, settings, monkeypatch):
+#     load_intervention.unlock()
+#     assert load_intervention() == EtlResult(created=number_of_intervention*3)
+#     assert Intervention.objects.count() == number_of_intervention * 3
+#
+#
 def test_load_fam_indicator(db, settings, monkeypatch):
-    load_fam_indicator.unlock()
-    load_fam_indicator()
+    FAMIndicator.loader.unlock()
+    FAMIndicator.loader.load()
     assert FAMIndicator.objects.count() == 3
 
-
-def test_load_user_stats(db, settings, monkeypatch):
-    load_user_report.unlock()
-    load_user_report()
-    assert UserStats.objects.count() == 3
-
-
-def test_load_hact(db, settings, monkeypatch):
-    load_hact.unlock()
-    load_hact()
-    assert HACT.objects.count() == 3
-    bolivia = HACT.objects.get(country_name='Bolivia')
-    assert bolivia.microassessments_total == 0
-    assert bolivia.programmaticvisits_total == 1
-    assert bolivia.followup_spotcheck == 0
-    assert bolivia.completed_spotcheck == 0
-    assert bolivia.completed_hact_audits == 0
-    assert bolivia.completed_special_audits == 0
-    res = load_hact()
-    assert res == EtlResult(unchanged=3)
-
-
-@freeze_time("2018-11-10")
-def test_dataset_increased(db, settings, monkeypatch):
-    load_user_report.unlock()
-    load_user_report()
-    UserStats.objects.first().delete()
-    ret = load_user_report()
-    assert ret == EtlResult(created=1, unchanged=2)
-
-
-@freeze_time("2018-11-10")
-def test_dataset_changed(db, settings, monkeypatch):
-    load_user_report.unlock()
-    ret = load_user_report()
-    assert ret == EtlResult(created=3)
-    UserStats.objects.update(total=999, unicef=999)
-
-    ret = load_user_report()
-    assert ret == EtlResult(updated=3)
+#
+# def test_load_user_stats(db, settings, monkeypatch):
+#     load_user_report.unlock()
+#     load_user_report()
+#     assert UserStats.objects.count() == 3
+#
+#
+# def test_load_hact(db, settings, monkeypatch):
+#     load_hact.unlock()
+#     load_hact()
+#     assert HACT.objects.count() == 3
+#     bolivia = HACT.objects.get(country_name='Bolivia')
+#     assert bolivia.microassessments_total == 0
+#     assert bolivia.programmaticvisits_total == 1
+#     assert bolivia.followup_spotcheck == 0
+#     assert bolivia.completed_spotcheck == 0
+#     assert bolivia.completed_hact_audits == 0
+#     assert bolivia.completed_special_audits == 0
+#     res = load_hact()
+#     assert res == EtlResult(unchanged=3)
+#
+#
+# @freeze_time("2018-11-10")
+# def test_dataset_increased(db, settings, monkeypatch):
+#     load_user_report.unlock()
+#     load_user_report()
+#     UserStats.objects.first().delete()
+#     ret = load_user_report()
+#     assert ret == EtlResult(created=1, unchanged=2)
+#
+#
+# @freeze_time("2018-11-10")
+# def test_dataset_changed(db, settings, monkeypatch):
+#     load_user_report.unlock()
+#     ret = load_user_report()
+#     assert ret == EtlResult(created=3)
+#     UserStats.objects.update(total=999, unicef=999)
+#
+#     ret = load_user_report()
+#     assert ret == EtlResult(updated=3)
diff --git a/tests/etl/test_etl_result.py b/tests/etl/test_etl_result.py
index 1a09107b1..d7e1a3ba2 100644
--- a/tests/etl/test_etl_result.py
+++ b/tests/etl/test_etl_result.py
@@ -1,5 +1,5 @@
-from etools_datamart.apps.etl.results import etl_dumps, EtlEncoder
-from etools_datamart.apps.etl.tasks.etl import EtlResult
+from etools_datamart.apps.data.loader import EtlResult
+from etools_datamart.apps.etl.results import etl_decoder, etl_dumps, etl_loads, EtlEncoder
 
 
 def test_result_eq():
@@ -34,18 +34,21 @@ def test_encoder2():
     assert e.default({"a": float(1.1)}) == {"a": 1.1}
 
 
-#
-# def test_decode():
-#     assert etl_decoder({}) == {}
-#
-#
-# def test_decode2():
-#     assert etl_decoder('{"__type__": "__EtlResult__", "data": {"created": 1, "updated": 1, "unchanged": 1}}') == EtlResult
-#
+def test_decode():
+    assert etl_decoder({}) == {}
+
+
+def test_decode2():
+    assert etl_decoder({"__type__": "__EtlResult__",
+                        "data": {"created": 1,
+                                 "updated": 1,
+                                 "unchanged": 1}}) == EtlResult(1, 1, 1)
+
 
 def test_dumps():
     assert etl_dumps(
         EtlResult(1, 1, 1)) == '{"__type__": "__EtlResult__", "data": {"created": 1, "updated": 1, "unchanged": 1}}'
 
-# def test_loads():
-#     assert etl_loads(etl_dumps({"a": 1})) == {"a": 1}
+
+def test_loads():
+    assert etl_loads(etl_dumps({"a": 1})) == {"a": 1}
diff --git a/tests/etl/test_etl_tasklog.py b/tests/etl/test_etl_tasklog.py
index 4a51d3063..0a1a37e0e 100644
--- a/tests/etl/test_etl_tasklog.py
+++ b/tests/etl/test_etl_tasklog.py
@@ -6,33 +6,27 @@
 from test_utilities.factories import TaskLogFactory
 from unicef_security.models import User
 
+from etools_datamart.apps.data.loader import EtlResult
 from etools_datamart.apps.data.models import HACT, PMPIndicators
 from etools_datamart.apps.etl.models import EtlTask
-from etools_datamart.apps.etl.results import EtlResult
-from etools_datamart.apps.etl.tasks.etl import load_pmp_indicator
 from etools_datamart.celery import task_postrun_handler
 
 pytestmarker = pytest.mark.django_db
 
 
-def test_check_extra_attributes(db):
-    assert (EtlTask.objects.get_for_task(load_pmp_indicator) ==
-            EtlTask.objects.get_for_model(PMPIndicators))
-
-
 def test_load_pmp_indicator(db):
-    with mock.patch('etools_datamart.apps.etl.tasks.etl.load_pmp_indicator.run',
+    with mock.patch('etools_datamart.apps.data.models.PMPIndicators.loader.task.run',
                     return_value=EtlResult(created=11)):
-        assert load_pmp_indicator.apply()
-        assert EtlTask.objects.filter(task='etools_datamart.apps.etl.tasks.etl.load_pmp_indicator',
+        assert PMPIndicators.loader.task.apply()
+        assert EtlTask.objects.filter(task=PMPIndicators.loader.task.name,
                                       results__created=11,
                                       status='SUCCESS').exists()
 
 
 def test_load_pmp_indicator_fail(db):
-    with mock.patch('etools_datamart.apps.etl.tasks.etl.load_pmp_indicator.run', side_effect=Exception):
-        assert load_pmp_indicator.apply()
-        assert EtlTask.objects.filter(task='etools_datamart.apps.etl.tasks.etl.load_pmp_indicator',
+    with mock.patch('etools_datamart.apps.data.models.PMPIndicators.loader.task.run', side_effect=Exception):
+        assert PMPIndicators.loader.task.apply()
+        assert EtlTask.objects.filter(task=PMPIndicators.loader.task.name,
                                       status='FAILURE')
 
 
@@ -44,17 +38,17 @@ def disable_post_run():
 
 
 def test_load_pmp_indicator_running(db, disable_post_run):
-    with mock.patch('etools_datamart.apps.etl.tasks.etl.load_pmp_indicator.run'):
-        assert load_pmp_indicator.apply()
-        assert EtlTask.objects.filter(task='etools_datamart.apps.etl.tasks.etl.load_pmp_indicator',
+    with mock.patch('etools_datamart.apps.data.models.PMPIndicators.loader.task.run'):
+        assert PMPIndicators.loader.task.apply()
+        assert EtlTask.objects.filter(task=PMPIndicators.loader.task.name,
                                       status='RUNNING')
 
 
 def test_no_changes(db):
-    with mock.patch('etools_datamart.apps.etl.tasks.etl.load_pmp_indicator.run',
+    with mock.patch('etools_datamart.apps.data.models.PMPIndicators.loader.task.run',
                     return_value=EtlResult()):
-        assert load_pmp_indicator.apply()
-        assert EtlTask.objects.filter(task='etools_datamart.apps.etl.tasks.etl.load_pmp_indicator',
+        assert PMPIndicators.loader.task.apply()
+        assert EtlTask.objects.filter(task=PMPIndicators.loader.task.name,
                                       status='SUCCESS').exists()
 
 
diff --git a/tests/exporters/test_exporter_data.py b/tests/exporters/test_exporter_data.py
index 76ec0312a..e4f9934bf 100644
--- a/tests/exporters/test_exporter_data.py
+++ b/tests/exporters/test_exporter_data.py
@@ -6,7 +6,6 @@
 from rest_framework.test import APIClient
 
 from etools_datamart.apps.data.models import UserStats
-from etools_datamart.apps.etl.tasks.etl import load_user_report
 
 
 @pytest.fixture()
@@ -18,8 +17,8 @@ def client(admin_user):
 
 @pytest.mark.skipif(os.environ.get("CIRCLECI") == "true", reason="Skip in CirlceCI")
 def test_export_azure_data(db, client, settings):
-    load_user_report.unlock()
-    load_user_report()
+    UserStats.loader.unlock()
+    UserStats.loader.load()
     assert UserStats.objects.count()
 
     url = reverse("api:userstats-list", args=['v1'])
diff --git a/tests/test_celery.py b/tests/test_celery.py
index 9c38a74a5..421e8fcc9 100644
--- a/tests/test_celery.py
+++ b/tests/test_celery.py
@@ -3,4 +3,4 @@
 
 def test_autodiscover():
     ret = app.tasks
-    assert 'etools_datamart.apps.etl.tasks.etl.load_hact' in ret
+    assert 'load_data_hact' in ret
diff --git a/tests/test_views.py b/tests/test_views.py
index 21f3420b2..67c572b1b 100644
--- a/tests/test_views.py
+++ b/tests/test_views.py
@@ -18,3 +18,9 @@ def test_monitor(django_app, admin_user):
 def test_profile(django_app, admin_user):
     res = django_app.get(reverse('profile'), user=admin_user)
     assert res.status_code == 200
+
+
+def test_profile_post(django_app, admin_user):
+    res = django_app.get(reverse('profile'), user=admin_user)
+    res = res.form.submit()
+    assert res.status_code == 200

From 24ef49d9a4a8c22b8064d47e54a6f199ae55cb99 Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Thu, 20 Dec 2018 16:00:23 +0100
Subject: [PATCH 70/86] update circleci config

---
 .circleci/config.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.circleci/config.yml b/.circleci/config.yml
index 9180090df..7b9d0f97c 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -7,7 +7,7 @@ jobs:
         environment:
           PGHOST: 127.0.0.1
           PIPENV_VENV_IN_PROJECT: 1
-          DATABASE_URL: "postgres://postgres:postgres@127.0.0.1:5432/etools_datamart"
+          DATABASE_URL: "postgis://postgres:postgres@127.0.0.1:5432/etools_datamart"
           DATABASE_URL_ETOOLS: "postgis://postgres:postgres@127.0.0.1:5432/etools"
           RELEASE_MATCH: "release/*"
       - image: redis:alpine

From 42cbcbb28985af438cc90e30c7b343a1c3ab3f4d Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Fri, 21 Dec 2018 13:59:37 +0100
Subject: [PATCH 71/86] add GIS support

---
 .circleci/config.yml                          |   2 +-
 Pipfile                                       |   4 -
 docker/Dockerfile                             |  76 ++++---
 docker/Dockerfile.alpine                      | 146 +++++++++++++
 setup.cfg                                     |   8 +-
 src/etools_datamart/api/endpoints/common.py   |   1 +
 .../api/endpoints/unicef/serializers.py       |   1 +
 src/etools_datamart/api/filtering.py          |   1 +
 src/etools_datamart/api/metadata.py           |   2 +-
 src/etools_datamart/api/urls.py               |   1 +
 src/etools_datamart/apps/data/admin.py        |   1 +
 src/etools_datamart/apps/data/loader.py       |  49 +++--
 .../apps/data/management/commands/load.py     |   6 +-
 src/etools_datamart/apps/data/models/base.py  |   4 +-
 src/etools_datamart/apps/etl/admin.py         |   6 +-
 src/etools_datamart/apps/etl/lock.py          | 112 +++++-----
 src/etools_datamart/apps/etl/models.py        |  11 +-
 src/etools_datamart/apps/etl/results.py       |   2 +-
 src/etools_datamart/apps/etools/admin.py      |   9 +-
 src/etools_datamart/apps/etools/patch.py      |   1 +
 .../init/management/commands/init-setup.py    |  28 +--
 src/etools_datamart/apps/me/views.py          |  10 +-
 src/etools_datamart/apps/multitenant/views.py |   1 +
 src/etools_datamart/apps/security/utils.py    |   1 +
 .../apps/subscriptions/models.py              |   1 +
 src/etools_datamart/apps/tracking/admin.py    |   1 +
 .../apps/tracking/models/counters.py          |   1 +
 src/etools_datamart/config/admin.py           |   4 +-
 src/unicef_rest_framework/admin/acl.py        |   1 +
 .../admin/application.py                      |   1 +
 src/unicef_rest_framework/admin/cache.py      |   1 +
 src/unicef_rest_framework/admin/service.py    |   1 +
 src/unicef_rest_framework/auth.py             |   1 +
 src/unicef_rest_framework/cache.py            |   1 +
 src/unicef_rest_framework/config.py           |   1 +
 src/unicef_rest_framework/filtering.py        |   1 +
 .../management/commands/api-inspect.py        |   1 +
 .../migrations/0001_initial.py                |   3 +-
 src/unicef_rest_framework/models/service.py   |   1 +
 src/unicef_rest_framework/permissions.py      |   1 +
 src/unicef_rest_framework/routers.py          |   1 +
 src/unicef_rest_framework/tasks.py            |   1 +
 src/unicef_rest_framework/templatetags/urf.py |   1 +
 src/unicef_rest_framework/test_utils.py       |   1 +
 src/unicef_rest_framework/throttling.py       |   1 +
 src/unicef_rest_framework/views.py            |   1 +
 src/unicef_rest_framework/views_mixins.py     |   1 +
 src/unicef_security/admin.py                  |   1 +
 src/unicef_security/graph.py                  |   1 +
 .../migrations/0001_initial.py                |   3 +-
 src/unicef_security/tasks.py                  |   1 +
 .../test_utilities/factories/__init__.py      |   3 +
 .../{factories.py => factories/common.py}     | 120 ++++-------
 .../test_utilities/factories/data.py          |  89 ++++++++
 .../test_utilities/factories/etools.py        |   9 +
 tests/api/conftest.py                         |   1 +
 tests/api/test_api_auth_open.py               |   1 +
 tests/api/test_api_cache.py                   |   1 +
 tests/api/test_api_common.py                  |   2 +
 tests/api/test_api_filtering.py               |   1 +
 tests/api/test_api_permission.py              |   1 +
 tests/api/test_api_web.py                     |   1 +
 tests/api/test_datamart_security.py           |   1 +
 tests/api/test_etools_security.py             |   1 +
 tests/api/test_system_filters.py              |   1 +
 tests/conftest.py                             |  29 ++-
 tests/datamart/test_data_admin.py             | 192 +++++++++++++-----
 tests/etl/test_etl_admin.py                   |  29 +--
 tests/etl/test_etl_loaders.py                 |  75 ++++---
 tests/etl/test_etl_lock.py                    |  50 ++---
 tests/etl/test_etl_result.py                  |   4 +
 tests/etl/test_etl_tasklog.py                 |   1 +
 tests/etools/test_etools_admin.py             |  38 ++++
 tests/test_commands.py                        |  56 ++---
 tests/test_subscription.py                    |   1 +
 tests/test_views.py                           |   4 +-
 tests/tracking/conftest.py                    |   1 +
 tests/tracking/test_tracking_log.py           |  68 +++----
 tests/unicef_security/test_azure.py           |   1 +
 tests/unicef_security/test_sync.py            |   1 +
 80 files changed, 871 insertions(+), 428 deletions(-)
 create mode 100644 docker/Dockerfile.alpine
 create mode 100644 tests/_test_lib/test_utilities/factories/__init__.py
 rename tests/_test_lib/test_utilities/{factories.py => factories/common.py} (53%)
 create mode 100644 tests/_test_lib/test_utilities/factories/data.py
 create mode 100644 tests/_test_lib/test_utilities/factories/etools.py

diff --git a/.circleci/config.yml b/.circleci/config.yml
index 7b9d0f97c..8eb7d40de 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -11,7 +11,7 @@ jobs:
           DATABASE_URL_ETOOLS: "postgis://postgres:postgres@127.0.0.1:5432/etools"
           RELEASE_MATCH: "release/*"
       - image: redis:alpine
-      - image: circleci/postgres:9.6-alpine-postgis
+      - image: mdillon/postgis:9.6
         environment:
           POSTGRES_USER: postgres
           PGUSER: postgres
diff --git a/Pipfile b/Pipfile
index dd26cb219..5cd7ffc74 100644
--- a/Pipfile
+++ b/Pipfile
@@ -21,7 +21,6 @@ django-redis = "*"
 django-regex = "*"
 django-strategy-field = "*"
 django-sysinfo = "*"
-django-tenant-schemas = "*"
 djangorestframework-csv = "*"
 djangorestframework-jwt = "*"
 drf-dynamic-serializer = ">=1.2.0"
@@ -50,15 +49,12 @@ djangorestframework-yaml = "*"
 django-storages = {extras = ["azure"], version = "*"}
 onedrivesdk = "*"
 azure-storage = "*"
-django-basicauth = "*"
 django-post-office = "*"
 django-celery-email = "*"
 "xhtml2pdf" = "*"
 django-crispy-forms = "*"
 django-adminactions = "*"
 django-dbtemplates = {file = "https://github.com/jazzband/django-dbtemplates/archive/2.0.1.tar.gz"}
-versio = "*"
-django-advanced-filters = "*"
 django-mptt = "*"
 
 [dev-packages]
diff --git a/docker/Dockerfile b/docker/Dockerfile
index 84ba737b8..dac5e69ec 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -13,35 +13,47 @@ RUN set -o pipefail && if [ "${DEVELOP}" = "1" ]; then \
     && curl ${GITHUB_CREDENTIALS}: -L "https://github.com/unicef/etools-datamart/archive/${VERSION}.tar.gz" | tar -xzf - --strip-components=1; \
     fi
 
-FROM python:3.6-alpine as base
-
-RUN apk add --no-cache \
-    bash \
-    freetype \
-    lcms2 \
-    libjpeg-turbo \
-    libpng \
-    libpq \
-    openjpeg \
-    postgresql-libs \
-    tiff \
-    && apk add --no-cache --virtual .build-deps \
-    freetype-dev \
-    gcc \
-    jpeg-dev \
-    lcms2-dev \
-    libffi-dev \
-    linux-headers \
-    musl-dev \
-    openjpeg-dev \
-    postgresql-dev \
-    python3-dev \
-    tcl-dev \
-    tiff-dev \
-    tk-dev \
-    zlib-dev \
-    && pip install pip==18.0 pipenv --upgrade \
-    && adduser -S datamart
+FROM python:3.6.7-slim as base
+RUN apt-get update \
+ 	&& apt-get install -y --no-install-recommends \
+ 	    gdal-bin
+
+#RUN apk add --no-cache \
+#    --repository http://dl-cdn.alpinelinux.org/alpine/edge/main \
+#    --repository http://dl-cdn.alpinelinux.org/alpine/edge/testing \
+#    bash \
+#    freetype \
+#    geos \
+#    gdal \
+#    lcms2 \
+#    libjpeg-turbo \
+#    libpng \
+#    libpq \
+#    openjpeg \
+#    postgresql-libs \
+#    tiff \
+#    && apk add --no-cache --virtual .build-deps \
+#    --repository http://dl-cdn.alpinelinux.org/alpine/edge/main \
+#    --repository http://dl-cdn.alpinelinux.org/alpine/edge/testing \
+#    freetype-dev \
+#    gcc \
+#    gdal-dev \
+#    geos-dev \
+#    jpeg-dev \
+#    lcms2-dev \
+#    libffi-dev \
+#    linux-headers \
+#    musl-dev \
+#    openjpeg-dev \
+#    postgresql-dev \
+#    python3-dev \
+#    tcl-dev \
+#    tiff-dev \
+#    tk-dev \
+#    zlib-dev \
+
+RUN pip install pip==18.0 pipenv --upgrade \
+    && adduser --system datamart
 
 FROM base
 COPY --from=builder /code /code
@@ -122,9 +134,9 @@ RUN pip install . \
     && rm -fr /code
 
 
-RUN apk del .build-deps \
-    && rm -rf /var/cache/apk/* \
-    && rm -fr /root/.cache/
+#RUN apk del .build-deps \
+#    && rm -rf /var/cache/apk/* \
+#    && rm -fr /root/.cache/
 
 WORKDIR /var/datamart
 
diff --git a/docker/Dockerfile.alpine b/docker/Dockerfile.alpine
new file mode 100644
index 000000000..454208dc9
--- /dev/null
+++ b/docker/Dockerfile.alpine
@@ -0,0 +1,146 @@
+FROM pstauffer/curl:latest as builder
+ARG DEVELOP
+ARG GITHUB_CREDENTIALS
+ARG VERSION
+
+RUN mkdir /code
+ADD . /code
+
+RUN set -o pipefail && if [ "${DEVELOP}" = "1" ]; then \
+    echo "${VERSION}-develop"; \
+    else \
+    echo "Download package: https://github.com/unicef/etools-datamart/archive/${VERSION}.tar.gz" \
+    && curl ${GITHUB_CREDENTIALS}: -L "https://github.com/unicef/etools-datamart/archive/${VERSION}.tar.gz" | tar -xzf - --strip-components=1; \
+    fi
+
+FROM python:3.6-alpine as base
+
+RUN apk add --no-cache \
+    --repository http://dl-cdn.alpinelinux.org/alpine/edge/main \
+    --repository http://dl-cdn.alpinelinux.org/alpine/edge/testing \
+    bash \
+    freetype \
+    geos \
+    gdal \
+    lcms2 \
+    libjpeg-turbo \
+    libpng \
+    libpq \
+    openjpeg \
+    postgresql-libs \
+    tiff \
+    && apk add --no-cache --virtual .build-deps \
+    --repository http://dl-cdn.alpinelinux.org/alpine/edge/main \
+    --repository http://dl-cdn.alpinelinux.org/alpine/edge/testing \
+    freetype-dev \
+    gcc \
+    gdal-dev \
+    geos-dev \
+    jpeg-dev \
+    lcms2-dev \
+    libffi-dev \
+    linux-headers \
+    musl-dev \
+    openjpeg-dev \
+    postgresql-dev \
+    python3-dev \
+    tcl-dev \
+    tiff-dev \
+    tk-dev \
+    zlib-dev \
+    && pip install pip==18.0 pipenv --upgrade \
+    && adduser -S datamart
+
+FROM base
+COPY --from=builder /code /code
+
+LABEL org.label.name="eTools Datamart" \
+      org.label.maintainer="sapostolico@unicef.org" \
+      org.label.description="" \
+      org.label.url="https://datamart.unicef.io/" \
+      org.label.vcs-url="https://github.com/unicef/etools-datamart" \
+      org.label.version=$VERSION
+
+
+ARG BUILD_DATE
+ARG PIPENV_ARGS
+ARG VERSION
+
+ENV VERSION ${VERSION}
+
+ENV PIPENV_PYPI_MIRROR ${PIPENV_PYPI_MIRROR}
+ENV PIPENV_ARGS ${PIPENV_ARGS}
+ENV HOME /root/
+ENV PIPSI_HOME=/usr/local/pipsi/environments
+ENV PIPSI_BIN_DIR=/usr/local/bin
+ENV PYTHONUNBUFFERED 1
+ENV USE_GUNICORN 0
+ENV GUNICORN_CMD_ARGS "-b 0.0.0.0:8000 \
+--chdir /var/datamart \
+--access-logfile - \
+--access-logformat \"%(h)s %(l)s %(u)s %(t)s '%(r)s' %(s)s\" "
+
+ENV ALLOWED_HOSTS *
+ENV CACHE_URL "redis://127.0.0.1:6379/1"
+ENV CELERY_BROKER_URL "redis://127.0.0.1:6379/2"
+ENV CELERY_RESULT_BACKEND "redis://127.0.0.1:6379/3"
+ENV CSRF_COOKIE_SECURE True
+ENV DATABASE_URL "postgres://postgres:@127.0.0.1:5432/etools_datamart"
+ENV DATABASE_URL_ETOOLS "postgis://postgres:@127.0.0.1:5432/etools"
+ENV DEBUG 0
+ENV DEVELOPMENT_MODE 0
+ENV DJANGO_SETTINGS_MODULE etools_datamart.config.settings
+ENV MEDIA_ROOT /tmp/media
+ENV SECRET_KEY "secret"
+ENV SECURE_BROWSER_XSS_FILTER True
+ENV SECURE_CONTENT_TYPE_NOSNIFF True
+ENV SECURE_FRAME_DENY True
+ENV SECURE_HSTS_INCLUDE_SUBDOMAINS True
+ENV SECURE_HSTS_PRELOAD True
+ENV SECURE_HSTS_SECONDS 1
+ENV SECURE_SSL_REDIRECT True
+ENV SENTRY_DSN ""
+ENV SESSION_COOKIE_HTTPONLY True
+ENV SESSION_COOKIE_SECURE True
+ENV STATIC_ROOT /tmp/static
+#ENV SUPERVISOR_USER admin
+#ENV SUPERVISOR_PWD ""
+#ENV FLOWER_USER admin
+#ENV FLOWER_PWD ""
+#ENV X_FRAME_OPTIONS "DENY"
+#ENV START_DATAMART "true"
+#ENV START_REDIS "true"
+#ENV START_CELERY "true"
+
+#RUN apt-get update && apt-get install -y --force-yes \
+#    gcc
+
+RUN mkdir -p \
+    /var/datamart/ \
+    && chown datamart /var/datamart/ \
+    && pip install pip==18.0 pipenv --upgrade
+
+WORKDIR /code
+
+RUN set -ex \
+    ls -al /code \
+    && pipenv install --verbose --system --deploy --ignore-pipfile $PIPENV_ARGS
+
+RUN pip install . \
+    && rm -fr /code
+
+
+RUN apk del .build-deps \
+    && rm -rf /var/cache/apk/* \
+    && rm -fr /root/.cache/
+
+WORKDIR /var/datamart
+
+EXPOSE 8000
+
+USER datamart
+
+ADD docker/entrypoint.sh /usr/local/bin/docker-entrypoint.sh
+ENTRYPOINT ["docker-entrypoint.sh"]
+
+CMD ["datamart"]
diff --git a/setup.cfg b/setup.cfg
index ba786575c..29ffcd528 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -4,10 +4,12 @@ default_section = THIRDPARTY
 include_trailing_comma = true
 known_first_party = etools_datamart
 multi_line_output = 0
-line_length=120
+line_length = 120
 balanced_wrapping = true
-order_by_type=false
-known_standard_library=
+order_by_type = false
+known_third_party = drf_querystringfilter,month_field
+known_unicef = unicef_security,unicef_rest_framework
+sections = FUTURE,STDLIB,DJANGO,THIRDPARTY,UNICEF,FIRSTPARTY,LOCALFOLDER
 
 [wheel]
 universal = 1
diff --git a/src/etools_datamart/api/endpoints/common.py b/src/etools_datamart/api/endpoints/common.py
index 3b09f3692..35249a4f5 100644
--- a/src/etools_datamart/api/endpoints/common.py
+++ b/src/etools_datamart/api/endpoints/common.py
@@ -10,6 +10,7 @@
 from rest_framework.decorators import action
 from rest_framework.exceptions import NotAuthenticated, PermissionDenied
 from rest_framework.response import Response
+
 from unicef_rest_framework.ds import DynamicSerializerFilter
 from unicef_rest_framework.filtering import SystemFilterBackend
 from unicef_rest_framework.ordering import OrderingFilter
diff --git a/src/etools_datamart/api/endpoints/unicef/serializers.py b/src/etools_datamart/api/endpoints/unicef/serializers.py
index 7e66c0f15..c1dfadb6f 100644
--- a/src/etools_datamart/api/endpoints/unicef/serializers.py
+++ b/src/etools_datamart/api/endpoints/unicef/serializers.py
@@ -1,5 +1,6 @@
 # -*- coding: utf-8 -*-
 from rest_framework import serializers
+
 from unicef_security import models
 
 
diff --git a/src/etools_datamart/api/filtering.py b/src/etools_datamart/api/filtering.py
index 64c605929..cb91b705f 100644
--- a/src/etools_datamart/api/filtering.py
+++ b/src/etools_datamart/api/filtering.py
@@ -4,6 +4,7 @@
 from django.template import loader
 from rest_framework.exceptions import PermissionDenied
 from rest_framework.filters import BaseFilterBackend
+
 from unicef_rest_framework.filtering import CoreAPIQueryStringFilterBackend
 
 from etools_datamart.apps.etools.models import UsersCountry
diff --git a/src/etools_datamart/api/metadata.py b/src/etools_datamart/api/metadata.py
index 1f110bdcd..42367a506 100644
--- a/src/etools_datamart/api/metadata.py
+++ b/src/etools_datamart/api/metadata.py
@@ -72,7 +72,7 @@ def determine_metadata(self, request, view):
         metadata['ordering'] = getattr(view, 'ordering_fields', '')
         if hasattr(view, 'serializers_fieldsets'):
             metadata['serializers'] = ", ".join(view.serializers_fieldsets.keys())
-        else:
+        else:  # pragma: no cover
             metadata['serializers'] = 'std'
 
             # from django.db import connection
diff --git a/src/etools_datamart/api/urls.py b/src/etools_datamart/api/urls.py
index c72b02955..cd533a209 100644
--- a/src/etools_datamart/api/urls.py
+++ b/src/etools_datamart/api/urls.py
@@ -1,4 +1,5 @@
 from django.urls import include, path, re_path
+
 from unicef_rest_framework.routers import APIReadOnlyRouter
 
 from . import endpoints
diff --git a/src/etools_datamart/apps/data/admin.py b/src/etools_datamart/apps/data/admin.py
index ab9078c3d..cc85e63b6 100644
--- a/src/etools_datamart/apps/data/admin.py
+++ b/src/etools_datamart/apps/data/admin.py
@@ -13,6 +13,7 @@
 from django.http import HttpResponseRedirect
 from django.urls import reverse
 from humanize import naturaldelta
+
 from unicef_rest_framework.models import Service
 
 from etools_datamart.apps.multitenant.admin import SchemaFilter
diff --git a/src/etools_datamart/apps/data/loader.py b/src/etools_datamart/apps/data/loader.py
index a81de6009..bc395e83f 100644
--- a/src/etools_datamart/apps/data/loader.py
+++ b/src/etools_datamart/apps/data/loader.py
@@ -11,7 +11,7 @@
 
 from etools_datamart.celery import app
 
-loadeable = set()
+loadeables = set()
 locks = caches['lock']
 
 logger = logging.getLogger(__name__)
@@ -108,15 +108,15 @@ def run(self, *args, **kwargs):
         self.loader.load()
 
 
-def get_or_fail(Model, **kwargs):
-    try:
-        Model.objects.get(**kwargs)
-    except Model.DoesNotExist:
-        raise Model.DoesNotExist(f"Unable to get {Model.__name__} using {kwargs}")
+# def get_or_fail(Model, **kwargs):
+#     try:
+#         Model.objects.get(**kwargs)
+#     except Model.DoesNotExist:
+#         raise Model.DoesNotExist(f"Unable to get {Model.__name__} using {kwargs}")
 
 
 class Loader:
-    __slots__ = ['model', 'config', 'mapping', 'task', 'tree_parents', 'always_update']
+    # __slots__ = ['model', 'config', 'mapping', 'task', 'tree_parents', 'always_update']
 
     def __init__(self) -> None:
         self.config = None
@@ -131,18 +131,18 @@ def contribute_to_class(self, model, name):
         self.config = model._etl_config
         del model._etl_config
         if not model._meta.abstract:
-            loadeable.add("{0._meta.app_label}.{0._meta.model_name}".format(model))
+            loadeables.add("{0._meta.app_label}.{0._meta.model_name}".format(model))
         if self.config.celery:
             self.task = LoaderTask(self)
             self.config.celery.tasks.register(self.task)
 
         setattr(model, name, self)
 
-    def deconstruct(self):
-        return []
-
-    def check(self, **kwargs):
-        return []
+    # def deconstruct(self):
+    #     return []
+    #
+    # def check(self, **kwargs):
+    #     return []
 
     def process(self, filters, values):
         try:
@@ -200,14 +200,18 @@ def process_post_country(self, country, context):
     def process_country(self, results: EtlResult, country, context) -> EtlResult:
         qs = self.config.queryset()
         stdout = context['stdout']
+        max_records = context['max_records']
         for record in qs.all():
             filters = self.config.key(country, record)
             values = self.get_values(country, record)
             op = self.process(filters, values)
             results.incr(op)
-            if stdout:
+            context['records'] += 1
+            if stdout:  # pragma: no cover
                 stdout.write('.')
                 stdout.flush()
+            if max_records and context['records'] >= max_records:
+                break
         return results
 
     def get_context(self, **kwargs):
@@ -215,6 +219,10 @@ def get_context(self, **kwargs):
         context.update(kwargs)
         return context
 
+    @property
+    def is_locked(self):
+        return self.config.lock_key in locks
+
     def unlock(self):
         try:
             lock = locks.lock(self.config.lock_key, timeout=self.config.timeout)
@@ -223,7 +231,8 @@ def unlock(self):
         except LockError:
             pass
 
-    def load(self, verbosity=0, always_update=False, stdout=None, ignore_dependencies=False):
+    def load(self, verbosity=0, always_update=False, stdout=None,
+             ignore_dependencies=False, max_records=None, countries=None):
         have_lock = False
         results = EtlResult()
         lock = locks.lock(self.config.lock_key, timeout=self.config.timeout)
@@ -235,7 +244,8 @@ def load(self, verbosity=0, always_update=False, stdout=None, ignore_dependencie
                         dependency.loader.load(stdout=stdout)
                 self.always_update = always_update
                 connection = connections['etools']
-                countries = connection.get_tenants()
+                if not countries:
+                    countries = connection.get_tenants()
                 if self.config.mapping:
                     self.mapping = {}
                     mart_fields = self.model._meta.concrete_fields
@@ -246,6 +256,9 @@ def load(self, verbosity=0, always_update=False, stdout=None, ignore_dependencie
                     self.mapping.update(self.config.mapping)
 
                 context = self.get_context(today=timezone.now(),
+                                           countries=countries,
+                                           max_records=max_records,
+                                           records=0,
                                            stdout=stdout)
 
                 for country in countries:
@@ -254,7 +267,9 @@ def load(self, verbosity=0, always_update=False, stdout=None, ignore_dependencie
                     connection.set_schemas([country.schema_name])
                     self.process_country(results, country, context)
                     self.process_post_country(country, context)
-                    if stdout:
+                    if max_records and context['records'] >= max_records:
+                        break
+                    if stdout:  # pragma: no cover
                         stdout.write("\n")
         finally:
             if have_lock:
diff --git a/src/etools_datamart/apps/data/management/commands/load.py b/src/etools_datamart/apps/data/management/commands/load.py
index 29b100993..559b47618 100644
--- a/src/etools_datamart/apps/data/management/commands/load.py
+++ b/src/etools_datamart/apps/data/management/commands/load.py
@@ -5,7 +5,7 @@
 from django.apps import apps
 from django.core.management import BaseCommand
 
-from etools_datamart.apps.data.loader import loadeable
+from etools_datamart.apps.data.loader import loadeables
 
 logger = logging.getLogger(__name__)
 
@@ -45,10 +45,10 @@ def handle(self, *model_names, **options):
         _all = options['all']
         unlock = options['unlock']
         if _all:
-            model_names = sorted(list(loadeable))
+            model_names = sorted(list(loadeables))
 
         if not model_names:
-            for model_name in sorted(list(loadeable)):
+            for model_name in sorted(list(loadeables)):
                 self.stdout.write(model_name)
         else:
             for model_name in model_names:
diff --git a/src/etools_datamart/apps/data/models/base.py b/src/etools_datamart/apps/data/models/base.py
index 1a938ceb0..5f2e1bfbc 100644
--- a/src/etools_datamart/apps/data/models/base.py
+++ b/src/etools_datamart/apps/data/models/base.py
@@ -53,9 +53,9 @@ def __new__(cls, name, bases, attrs, **kwargs):
 
 
 class DataMartModel(models.Model, metaclass=DataMartModelBase):
-    country_name = models.CharField(max_length=50, db_index=True)
+    country_name = models.CharField(max_length=100, db_index=True)
+    schema_name = models.CharField(max_length=63, db_index=True)
     area_code = models.CharField(max_length=10, db_index=True)
-    schema_name = models.CharField(max_length=50, db_index=True)
     last_modify_date = models.DateTimeField(blank=True, auto_now=True)
 
     class Meta:
diff --git a/src/etools_datamart/apps/etl/admin.py b/src/etools_datamart/apps/etl/admin.py
index 0c45ce45d..bdd7c5af5 100644
--- a/src/etools_datamart/apps/etl/admin.py
+++ b/src/etools_datamart/apps/etl/admin.py
@@ -11,7 +11,7 @@
 from django_celery_beat.models import PeriodicTask
 from humanize import naturaldelta
 
-from etools_datamart.apps.etl.lock import cache
+# from etools_datamart.apps.etl.lock import cache
 from etools_datamart.celery import app
 
 from . import models
@@ -72,7 +72,7 @@ def time(self, obj):
         return naturaldelta(obj.elapsed)
 
     def locked(self, obj):
-        return obj.lock_key not in cache
+        return obj.content_type.model_class().loader.is_locked
 
     locked.boolean = True
 
@@ -100,7 +100,7 @@ def unlock(self, request, pk):
         obj = self.get_object(request, pk)
 
         def _action(request):
-            cache.delete(obj.lock_key)
+            obj.loader.unlock()
 
         return _confirm_action(self, request, _action, f"Continuing will unlock selected task. ({obj.task})",
                                "Successfully executed", )
diff --git a/src/etools_datamart/apps/etl/lock.py b/src/etools_datamart/apps/etl/lock.py
index 6dd32aa4c..bf7bb47e1 100644
--- a/src/etools_datamart/apps/etl/lock.py
+++ b/src/etools_datamart/apps/etl/lock.py
@@ -1,56 +1,56 @@
-# -*- coding: utf-8 -*-
-import logging
-from functools import wraps
-
-from django.core.cache import caches
-from redis.exceptions import LockError
-
-cache = caches['lock']
-
-logger = logging.getLogger(__name__)
-
-LOCK_EXPIRE = 60 * 60  # Lock expires in 1 hour
-
-
-class TaskExecutionOverlap(Exception):
-    pass
-
-
-def only_one(function, key, timeout=None):
-    """Enforce only one celery task at a time."""
-
-    def _unlock(key):
-        try:
-            lock = cache.lock(key, timeout=timeout)
-            cache.delete(key)
-            lock.release()
-        except LockError:
-            pass
-
-    def _dec(run_func):
-        """Decorator."""
-
-        @wraps(run_func)
-        def _caller(*args, **kwargs):
-            """Caller."""
-            ret_value = None
-            have_lock = False
-            lock = cache.lock(key, timeout=timeout)
-            try:
-                have_lock = lock.acquire(blocking=False)
-                if have_lock:
-                    ret_value = run_func(*args, **kwargs)
-
-            finally:
-                if have_lock:
-                    try:
-                        lock.release()
-                    except LockError as e:  # pragma: no cover
-                        logger.warning(e)
-
-            return ret_value
-
-        return _caller
-
-    # function.unlock = partial(_unlock, key)
-    return _dec(function) if function is not None else _dec
+# # -*- coding: utf-8 -*-
+# import logging
+# from functools import wraps
+#
+# from django.core.cache import caches
+# from redis.exceptions import LockError
+#
+# cache = caches['lock']
+#
+# logger = logging.getLogger(__name__)
+#
+# LOCK_EXPIRE = 60 * 60  # Lock expires in 1 hour
+#
+#
+# class TaskExecutionOverlap(Exception):
+#     pass
+#
+#
+# def only_one(function, key, timeout=None):
+#     """Enforce only one celery task at a time."""
+#
+#     def _unlock(key):
+#         try:
+#             lock = cache.lock(key, timeout=timeout)
+#             cache.delete(key)
+#             lock.release()
+#         except LockError:
+#             pass
+#
+#     def _dec(run_func):
+#         """Decorator."""
+#
+#         @wraps(run_func)
+#         def _caller(*args, **kwargs):
+#             """Caller."""
+#             ret_value = None
+#             have_lock = False
+#             lock = cache.lock(key, timeout=timeout)
+#             try:
+#                 have_lock = lock.acquire(blocking=False)
+#                 if have_lock:
+#                     ret_value = run_func(*args, **kwargs)
+#
+#             finally:
+#                 if have_lock:
+#                     try:
+#                         lock.release()
+#                     except LockError as e:  # pragma: no cover
+#                         logger.warning(e)
+#
+#             return ret_value
+#
+#         return _caller
+#
+#     # function.unlock = partial(_unlock, key)
+#     return _dec(function) if function is not None else _dec
diff --git a/src/etools_datamart/apps/etl/models.py b/src/etools_datamart/apps/etl/models.py
index 0eba4d59a..b84bbf685 100644
--- a/src/etools_datamart/apps/etl/models.py
+++ b/src/etools_datamart/apps/etl/models.py
@@ -62,9 +62,16 @@ class Meta:
     def __str__(self):
         return f"{self.task} {self.status}"
 
+    # @cached_property
+    # def lock_key(self):
+    #     return f"{self.task}-lock"
+
     @cached_property
-    def lock_key(self):
-        return f"{self.task}-lock"
+    def loader(self):
+        try:
+            return self.content_type.model_class().loader
+        except AttributeError:
+            return None
 
     @cached_property
     def verbose_name(self):
diff --git a/src/etools_datamart/apps/etl/results.py b/src/etools_datamart/apps/etl/results.py
index 63f5b7bd1..e97a4d8d2 100644
--- a/src/etools_datamart/apps/etl/results.py
+++ b/src/etools_datamart/apps/etl/results.py
@@ -62,7 +62,7 @@ def default(self, obj):
 
 def etl_decoder(obj):
     if '__type__' in obj:
-        if obj['__type__'] == '__EtlResult__':
+        if obj['__type__'] == '__EtlResult__':  # pragma: no cover
             from etools_datamart.apps.data.loader import EtlResult
             return EtlResult(**obj['data'])
     return obj
diff --git a/src/etools_datamart/apps/etools/admin.py b/src/etools_datamart/apps/etools/admin.py
index db3bd4fc1..13ebb1611 100644
--- a/src/etools_datamart/apps/etools/admin.py
+++ b/src/etools_datamart/apps/etools/admin.py
@@ -60,17 +60,12 @@ class AuditEngagementAdmin(TenantModelAdmin):
 @register(models.PartnersIntervention)
 class PartnersInterventionAdmin(TenantModelAdmin):
     list_display = ('number', 'title', 'document_type', 'schema')
-    list_filter = ('document_type',)
+    # list_filter = ('document_type',)
 
 
 @register(models.T2FTravel)
 class T2FTravelAdmin(TenantModelAdmin):
-    list_display = ("id", "schema", "office", "currency", "status", "purpose")
-
-    # list_filter = ("status", )
-    def get_queryset(self, request):
-        return models.T2FTravel.objects.select_related("currency",
-                                                       "office")
+    list_display = ("id", "schema", "status", "purpose")
 
 
 @register(models.ReportsAppliedindicator)
diff --git a/src/etools_datamart/apps/etools/patch.py b/src/etools_datamart/apps/etools/patch.py
index f5f0fc362..5ed65f58f 100644
--- a/src/etools_datamart/apps/etools/patch.py
+++ b/src/etools_datamart/apps/etools/patch.py
@@ -5,6 +5,7 @@
 from django.db import models
 from django.utils.functional import cached_property
 from django.utils.translation import ugettext as _
+
 from unicef_security.models import User
 
 from etools_datamart.apps.etools.models import PartnersPlannedengagement, T2FTravel
diff --git a/src/etools_datamart/apps/init/management/commands/init-setup.py b/src/etools_datamart/apps/init/management/commands/init-setup.py
index 7fa30749f..3153d98cb 100644
--- a/src/etools_datamart/apps/init/management/commands/init-setup.py
+++ b/src/etools_datamart/apps/init/management/commands/init-setup.py
@@ -13,10 +13,10 @@
 from django.db import connections
 from django.utils.module_loading import import_string
 from django_celery_beat.models import CrontabSchedule, IntervalSchedule, PeriodicTask
-from humanize import naturaldelta
 from post_office.models import EmailTemplate
 from redisboard.models import RedisServer
 from strategy_field.utils import fqn
+
 from unicef_rest_framework.models.acl import GroupAccessControl
 
 from etools_datamart.apps.etl.models import EtlTask
@@ -234,16 +234,16 @@ def handle(self, *args, **options):
                                                           html_content=MAIL_HTML))
         config.CACHE_VERSION = config.CACHE_VERSION + 1
 
-        if options['refresh']:
-            self.stdout.write("Refreshing datamart...")
-            for task in PeriodicTask.objects.all()[1:]:
-                try:
-                    etl = import_string(task.task)
-                except ImportError:
-                    continue
-                self.stdout.write(f"Running {task.name}...", ending='\r')
-                self.stdout.flush()
-
-                etl.apply()
-                cost = naturaldelta(app.timers[task.name])
-                self.stdout.write(f"{task.name} excuted in {cost}")
+        # if options['refresh']:
+        #     self.stdout.write("Refreshing datamart...")
+        #     for task in PeriodicTask.objects.all()[1:]:
+        #         try:
+        #             etl = import_string(task.task)
+        #         except ImportError:
+        #             continue
+        #         self.stdout.write(f"Running {task.name}...", ending='\r')
+        #         self.stdout.flush()
+        #
+        #         etl.apply()
+        #         cost = naturaldelta(app.timers[task.name])
+        #         self.stdout.write(f"{task.name} excuted in {cost}")
diff --git a/src/etools_datamart/apps/me/views.py b/src/etools_datamart/apps/me/views.py
index 821012793..cd6d4d435 100644
--- a/src/etools_datamart/apps/me/views.py
+++ b/src/etools_datamart/apps/me/views.py
@@ -28,7 +28,8 @@ def dispatch(self, request, *args, **kwargs):
     def generate(self, length=20):
         pwd = ""
         count = 0
-        while count != length:
+        length = max(8, length)
+        while count < length:
             upper = [random.choice(string.ascii_uppercase)]
             lower = [random.choice(string.ascii_lowercase)]
             num = [random.choice(string.digits)]
@@ -37,7 +38,8 @@ def generate(self, length=20):
             pwd += random.choice(everything)
             count += 1
             if count >= length:
-                return pwd
+                break
+        return pwd
 
     def get_context_data(self, **kwargs):
         kwargs.update({'page': 'profile',
@@ -51,8 +53,8 @@ def get_initial(self):
         return {
         }
 
-    def get_success_url(self):
-        return self.request.path
+    # def get_success_url(self):
+    #     return self.request.path
 
     def form_valid(self, form):
         ctx = self.get_context_data(form=form)
diff --git a/src/etools_datamart/apps/multitenant/views.py b/src/etools_datamart/apps/multitenant/views.py
index eeab10e97..2ae68371f 100644
--- a/src/etools_datamart/apps/multitenant/views.py
+++ b/src/etools_datamart/apps/multitenant/views.py
@@ -4,6 +4,7 @@
 from django.http import HttpResponseRedirect
 from django.urls import reverse_lazy
 from django.views.generic.edit import FormView
+
 # from unicef_rest_framework.state import state
 from unicef_rest_framework.utils import get_query_string
 
diff --git a/src/etools_datamart/apps/security/utils.py b/src/etools_datamart/apps/security/utils.py
index 737caa8f3..1fee05400 100644
--- a/src/etools_datamart/apps/security/utils.py
+++ b/src/etools_datamart/apps/security/utils.py
@@ -2,6 +2,7 @@
 from constance import config
 from django.core.cache import caches
 from django.db import connections
+
 from unicef_rest_framework.models import Service
 
 from etools_datamart.apps.etools.models import UsersUserprofile
diff --git a/src/etools_datamart/apps/subscriptions/models.py b/src/etools_datamart/apps/subscriptions/models.py
index 30a56a0c4..b443129a7 100644
--- a/src/etools_datamart/apps/subscriptions/models.py
+++ b/src/etools_datamart/apps/subscriptions/models.py
@@ -8,6 +8,7 @@
 from django.utils.functional import cached_property
 from post_office import mail
 from rest_framework.test import APIRequestFactory
+
 from unicef_rest_framework.models import Service
 
 from etools_datamart.apps.etl.models import EtlTask
diff --git a/src/etools_datamart/apps/tracking/admin.py b/src/etools_datamart/apps/tracking/admin.py
index 8ed0f8208..58796f8b7 100644
--- a/src/etools_datamart/apps/tracking/admin.py
+++ b/src/etools_datamart/apps/tracking/admin.py
@@ -6,6 +6,7 @@
 from django.contrib import admin
 from django.template.defaultfilters import pluralize, urlencode
 from django.utils.safestring import mark_safe
+
 from unicef_rest_framework.admin import APIModelAdmin, TruncateTableMixin
 from unicef_rest_framework.utils import humanize_size
 
diff --git a/src/etools_datamart/apps/tracking/models/counters.py b/src/etools_datamart/apps/tracking/models/counters.py
index 4fba5ce45..0af1b1627 100644
--- a/src/etools_datamart/apps/tracking/models/counters.py
+++ b/src/etools_datamart/apps/tracking/models/counters.py
@@ -3,6 +3,7 @@
 
 from django.conf import settings
 from django.db import connections, models
+
 from unicef_rest_framework.models import Service
 
 logger = logging.getLogger(__name__)
diff --git a/src/etools_datamart/config/admin.py b/src/etools_datamart/config/admin.py
index 8fa9993a7..670f3df10 100644
--- a/src/etools_datamart/config/admin.py
+++ b/src/etools_datamart/config/admin.py
@@ -1,5 +1,6 @@
 from collections import OrderedDict
 
+from constance import config
 from django.conf import settings
 from django.contrib.admin import AdminSite
 from django.contrib.admin.apps import SimpleAdminConfig
@@ -74,8 +75,7 @@ def index(self, request, extra_context=None):
 
     @never_cache
     def index_new(self, request, extra_context=None):
-        import time
-        key = f'apps_groups:{request.user.id}:{get_full_version()}:{time.time()}'
+        key = f'apps_groups:{request.user.id}:{get_full_version()}:{config.CACHE_VERSION}'
         app_list = self.get_app_list(request)
         groups = cache.get(key)
         if not groups:
diff --git a/src/unicef_rest_framework/admin/acl.py b/src/unicef_rest_framework/admin/acl.py
index 1d3648528..bedd774e2 100644
--- a/src/unicef_rest_framework/admin/acl.py
+++ b/src/unicef_rest_framework/admin/acl.py
@@ -10,6 +10,7 @@
 from django.contrib.auth.models import Group
 from django.contrib.postgres.forms import SimpleArrayField
 from django.template.response import TemplateResponse
+
 from unicef_rest_framework.models import Service, UserAccessControl
 from unicef_rest_framework.models.acl import AbstractAccessControl, GroupAccessControl
 
diff --git a/src/unicef_rest_framework/admin/application.py b/src/unicef_rest_framework/admin/application.py
index 678ba3513..3bf8b902c 100644
--- a/src/unicef_rest_framework/admin/application.py
+++ b/src/unicef_rest_framework/admin/application.py
@@ -6,6 +6,7 @@
 from admin_extra_urls.extras import ExtraUrlMixin
 from django import forms
 from django.contrib import admin
+
 from unicef_rest_framework.models import Application
 
 logger = logging.getLogger(__name__)
diff --git a/src/unicef_rest_framework/admin/cache.py b/src/unicef_rest_framework/admin/cache.py
index abbc9612d..f1e23ba17 100644
--- a/src/unicef_rest_framework/admin/cache.py
+++ b/src/unicef_rest_framework/admin/cache.py
@@ -13,6 +13,7 @@
 from django.http import HttpResponseRedirect
 from django.template.response import TemplateResponse
 from django.urls import reverse
+
 from unicef_rest_framework.cache import humanize_ttl, parse_ttl
 from unicef_rest_framework.forms import CacheVersionForm
 from unicef_rest_framework.models import Service
diff --git a/src/unicef_rest_framework/admin/service.py b/src/unicef_rest_framework/admin/service.py
index c76cd071d..4d0af6a5d 100644
--- a/src/unicef_rest_framework/admin/service.py
+++ b/src/unicef_rest_framework/admin/service.py
@@ -13,6 +13,7 @@
 from django.urls import NoReverseMatch, reverse
 from django.utils.safestring import mark_safe
 from strategy_field.utils import fqn, import_by_name
+
 from unicef_rest_framework import acl
 from unicef_rest_framework.forms import ServiceForm
 from unicef_rest_framework.models import Service
diff --git a/src/unicef_rest_framework/auth.py b/src/unicef_rest_framework/auth.py
index b35ee5efc..faf872210 100644
--- a/src/unicef_rest_framework/auth.py
+++ b/src/unicef_rest_framework/auth.py
@@ -11,6 +11,7 @@
 from rest_framework.exceptions import AuthenticationFailed, PermissionDenied
 from rest_framework_jwt import authentication
 from strategy_field.utils import fqn
+
 from unicef_rest_framework import acl
 from unicef_rest_framework.config import conf
 from unicef_security.graph import default_group, Synchronizer
diff --git a/src/unicef_rest_framework/cache.py b/src/unicef_rest_framework/cache.py
index 943a7200e..c0e41cda1 100644
--- a/src/unicef_rest_framework/cache.py
+++ b/src/unicef_rest_framework/cache.py
@@ -13,6 +13,7 @@
 from rest_framework_extensions.key_constructor.constructors import KeyConstructor
 from rest_framework_extensions.settings import extensions_api_settings
 from strategy_field.utils import fqn
+
 from unicef_rest_framework.models import SystemFilter
 
 cache = caches['default']
diff --git a/src/unicef_rest_framework/config.py b/src/unicef_rest_framework/config.py
index 366007e4b..9ff14947e 100644
--- a/src/unicef_rest_framework/config.py
+++ b/src/unicef_rest_framework/config.py
@@ -3,6 +3,7 @@
 from django.core.signals import setting_changed
 from django.urls import get_callable
 from strategy_field.utils import import_by_name
+
 from unicef_rest_framework import acl
 
 
diff --git a/src/unicef_rest_framework/filtering.py b/src/unicef_rest_framework/filtering.py
index ccc473b9a..fb9f4ae20 100644
--- a/src/unicef_rest_framework/filtering.py
+++ b/src/unicef_rest_framework/filtering.py
@@ -3,6 +3,7 @@
 
 from drf_querystringfilter.backend import QueryStringFilterBackend
 from rest_framework.filters import BaseFilterBackend
+
 from unicef_rest_framework.models import SystemFilter
 
 logger = logging.getLogger(__name__)
diff --git a/src/unicef_rest_framework/management/commands/api-inspect.py b/src/unicef_rest_framework/management/commands/api-inspect.py
index 585898615..56e7c6b71 100644
--- a/src/unicef_rest_framework/management/commands/api-inspect.py
+++ b/src/unicef_rest_framework/management/commands/api-inspect.py
@@ -2,6 +2,7 @@
 import logging
 
 from django.core.management import BaseCommand
+
 from unicef_rest_framework.config import conf
 from unicef_rest_framework.models import Service
 
diff --git a/src/unicef_rest_framework/migrations/0001_initial.py b/src/unicef_rest_framework/migrations/0001_initial.py
index 2dfb2aa9f..f04acf12e 100644
--- a/src/unicef_rest_framework/migrations/0001_initial.py
+++ b/src/unicef_rest_framework/migrations/0001_initial.py
@@ -6,9 +6,10 @@
 import django.contrib.postgres.fields
 import django.db.models.deletion
 import strategy_field.fields
-import unicef_rest_framework.models.acl
 from django.db import migrations, models
 
+import unicef_rest_framework.models.acl
+
 
 class Migration(migrations.Migration):
 
diff --git a/src/unicef_rest_framework/models/service.py b/src/unicef_rest_framework/models/service.py
index b78091e6a..f4fb09d20 100644
--- a/src/unicef_rest_framework/models/service.py
+++ b/src/unicef_rest_framework/models/service.py
@@ -8,6 +8,7 @@
 from django.utils.functional import cached_property
 from rest_framework.reverse import reverse
 from strategy_field.fields import StrategyClassField
+
 from unicef_rest_framework.config import conf
 
 from .. import acl
diff --git a/src/unicef_rest_framework/permissions.py b/src/unicef_rest_framework/permissions.py
index 2f3b694a9..b4d24058c 100644
--- a/src/unicef_rest_framework/permissions.py
+++ b/src/unicef_rest_framework/permissions.py
@@ -4,6 +4,7 @@
 from rest_framework.exceptions import PermissionDenied
 from rest_framework.permissions import BasePermission
 from strategy_field.utils import fqn
+
 from unicef_rest_framework.acl import ACL_ACCESS_OPEN
 from unicef_rest_framework.models import UserAccessControl
 from unicef_rest_framework.models.acl import AbstractAccessControl, GroupAccessControl
diff --git a/src/unicef_rest_framework/routers.py b/src/unicef_rest_framework/routers.py
index 0dccc1920..deca438a1 100644
--- a/src/unicef_rest_framework/routers.py
+++ b/src/unicef_rest_framework/routers.py
@@ -7,6 +7,7 @@
 from rest_framework.response import Response
 from rest_framework.reverse import reverse
 from rest_framework.routers import DynamicRoute, Route
+
 from unicef_rest_framework.models import Service
 
 logger = logging.getLogger(__name__)
diff --git a/src/unicef_rest_framework/tasks.py b/src/unicef_rest_framework/tasks.py
index f4e0a919a..073963971 100644
--- a/src/unicef_rest_framework/tasks.py
+++ b/src/unicef_rest_framework/tasks.py
@@ -1,4 +1,5 @@
 from celery.app import default_app
+
 from unicef_rest_framework.models import Service
 
 
diff --git a/src/unicef_rest_framework/templatetags/urf.py b/src/unicef_rest_framework/templatetags/urf.py
index fa9836558..5331a460b 100644
--- a/src/unicef_rest_framework/templatetags/urf.py
+++ b/src/unicef_rest_framework/templatetags/urf.py
@@ -5,6 +5,7 @@
 from django.urls import reverse
 from django.utils.safestring import mark_safe
 from strategy_field.utils import fqn
+
 from unicef_rest_framework.admin.service import ACL_ICONS
 
 logger = logging.getLogger(__name__)
diff --git a/src/unicef_rest_framework/test_utils.py b/src/unicef_rest_framework/test_utils.py
index 07325040f..4af727a31 100644
--- a/src/unicef_rest_framework/test_utils.py
+++ b/src/unicef_rest_framework/test_utils.py
@@ -1,6 +1,7 @@
 from contextlib import ContextDecorator
 
 from test_utilities.factories import GroupFactory
+
 from unicef_rest_framework.models import Service, UserAccessControl
 
 from etools_datamart.apps.security.models import SchemaAccessControl
diff --git a/src/unicef_rest_framework/throttling.py b/src/unicef_rest_framework/throttling.py
index 894fb259f..96699fbee 100644
--- a/src/unicef_rest_framework/throttling.py
+++ b/src/unicef_rest_framework/throttling.py
@@ -6,6 +6,7 @@
 from django.contrib import messages
 from django.core.cache import caches
 from rest_framework.throttling import BaseThrottle
+
 from unicef_rest_framework.config import conf
 from unicef_rest_framework.models import UserAccessControl
 
diff --git a/src/unicef_rest_framework/views.py b/src/unicef_rest_framework/views.py
index 1b44a82fa..4b97e09ad 100644
--- a/src/unicef_rest_framework/views.py
+++ b/src/unicef_rest_framework/views.py
@@ -9,6 +9,7 @@
 from rest_framework_xml.renderers import XMLRenderer
 from rest_framework_yaml.renderers import YAMLRenderer
 from strategy_field.utils import fqn
+
 from unicef_rest_framework.pagination import PageFilter
 
 from . import acl
diff --git a/src/unicef_rest_framework/views_mixins.py b/src/unicef_rest_framework/views_mixins.py
index 07b0c2576..05086eaaa 100644
--- a/src/unicef_rest_framework/views_mixins.py
+++ b/src/unicef_rest_framework/views_mixins.py
@@ -2,6 +2,7 @@
 from django.http import HttpResponse
 from drf_yasg.utils import swagger_auto_schema
 from rest_framework.decorators import action
+
 from unicef_rest_framework.utils import get_query_string
 
 IQY = """WEB
diff --git a/src/unicef_security/admin.py b/src/unicef_security/admin.py
index d4a4ed780..60a606823 100644
--- a/src/unicef_security/admin.py
+++ b/src/unicef_security/admin.py
@@ -10,6 +10,7 @@
 from django.template.response import TemplateResponse
 from django.urls import reverse
 from django.utils.translation import gettext_lazy as _
+
 from unicef_security.graph import default_group, Synchronizer, SyncResult
 from unicef_security.models import BusinessArea, Region, User
 from unicef_security.sync import load_business_area, load_region
diff --git a/src/unicef_security/graph.py b/src/unicef_security/graph.py
index 929f9763c..66e59e309 100644
--- a/src/unicef_security/graph.py
+++ b/src/unicef_security/graph.py
@@ -14,6 +14,7 @@
 from social_core.backends.azuread_tenant import AzureADTenantOAuth2
 from social_core.exceptions import AuthTokenError
 from social_django.models import UserSocialAuth
+
 from unicef_security.config import GRAPH_CLIENT_ID, GRAPH_CLIENT_SECRET
 
 from etools_datamart.libs.version import get_full_version
diff --git a/src/unicef_security/migrations/0001_initial.py b/src/unicef_security/migrations/0001_initial.py
index fa3401967..58eb9fce4 100644
--- a/src/unicef_security/migrations/0001_initial.py
+++ b/src/unicef_security/migrations/0001_initial.py
@@ -5,9 +5,10 @@
 import django.db.models.deletion
 import django.utils.timezone
 import django_countries.fields
-import unicef_security.models
 from django.db import migrations, models
 
+import unicef_security.models
+
 
 class Migration(migrations.Migration):
 
diff --git a/src/unicef_security/tasks.py b/src/unicef_security/tasks.py
index 6030e620e..3ac1831a4 100644
--- a/src/unicef_security/tasks.py
+++ b/src/unicef_security/tasks.py
@@ -1,4 +1,5 @@
 from celery.app import default_app
+
 from unicef_security.sync import load_business_area
 
 
diff --git a/tests/_test_lib/test_utilities/factories/__init__.py b/tests/_test_lib/test_utilities/factories/__init__.py
new file mode 100644
index 000000000..a01db7b80
--- /dev/null
+++ b/tests/_test_lib/test_utilities/factories/__init__.py
@@ -0,0 +1,3 @@
+from .common import *  # noqa
+from .data import *  # noqa
+from .etools import *  # noqa
diff --git a/tests/_test_lib/test_utilities/factories.py b/tests/_test_lib/test_utilities/factories/common.py
similarity index 53%
rename from tests/_test_lib/test_utilities/factories.py
rename to tests/_test_lib/test_utilities/factories/common.py
index 3bb9f3fcd..95665809f 100644
--- a/tests/_test_lib/test_utilities/factories.py
+++ b/tests/_test_lib/test_utilities/factories/common.py
@@ -1,25 +1,36 @@
-import random
-from datetime import datetime
 
 import factory
-import unicef_security.models
 from django.contrib.auth.models import Group
-from django.contrib.contenttypes.models import ContentType
-from django.db import connections
 from django.utils import timezone
 from factory import SubFactory
+from factory.base import FactoryMetaClass
 from post_office.models import EmailTemplate
-from unicef_rest_framework.models import Service, SystemFilter, UserAccessControl
 
-from etools_datamart.apps.data.models import FAMIndicator, HACT, Intervention, PMPIndicators, UserStats
+import unicef_rest_framework.models
+import unicef_security.models
+
 from etools_datamart.apps.etl.models import EtlTask
+from etools_datamart.apps.security.models import SchemaAccessControl
 from etools_datamart.apps.subscriptions.models import Subscription
 from etools_datamart.apps.tracking.models import APIRequestLog
 
 today = timezone.now()
 
+factories_registry = {}
+
+
+class AutoRegisterFactoryMetaClass(FactoryMetaClass):
+    def __new__(mcs, class_name, bases, attrs):
+        new_class = super().__new__(mcs, class_name, bases, attrs)
+        factories_registry[new_class._meta.model] = new_class
+        return new_class
 
-class TaskLogFactory(factory.DjangoModelFactory):
+
+class RegisterModelFactory(factory.DjangoModelFactory, metaclass=AutoRegisterFactoryMetaClass):
+    pass
+
+
+class TaskLogFactory(RegisterModelFactory):
     elapsed = 10
     last_success = timezone.now()
     last_failure = timezone.now()
@@ -29,7 +40,7 @@ class Meta:
         model = EtlTask
 
 
-class APIRequestLogFactory(factory.DjangoModelFactory):
+class APIRequestLogFactory(RegisterModelFactory):
     requested_at = timezone.now()
     remote_addr = factory.Faker('ipv4_public')
 
@@ -37,44 +48,13 @@ class Meta:
         model = APIRequestLog
 
 
-class HACTFactory(factory.DjangoModelFactory):
-    year = today.year
-    country_name = lambda: random.choice(connections['etools'].get_tenants())  # noqa
-
-    class Meta:
-        model = HACT
-
-
-class PMPIndicatorFactory(factory.DjangoModelFactory):
-    # country_name = lambda: random.choice(connections['etools'].get_tenants())  # noqa
-    class Meta:
-        model = PMPIndicators
-
-
-class FAMIndicatorFactory(factory.DjangoModelFactory):
-    month = today
-    last_modify_date = timezone.now()
-
-    class Meta:
-        model = FAMIndicator
-
-
-class ServiceFactory(factory.DjangoModelFactory):
+class ServiceFactory(RegisterModelFactory):
     class Meta:
-        model = Service
+        model = unicef_rest_framework.models.Service
         django_get_or_create = ('viewset',)
 
 
-class InterventionFactory(factory.DjangoModelFactory):
-    metadata = {}
-    title = factory.Sequence(lambda n: "title%03d" % n)
-    number = factory.Sequence(lambda n: "#%03d" % n)
-
-    class Meta:
-        model = Intervention
-
-
-class GroupFactory(factory.DjangoModelFactory):
+class GroupFactory(RegisterModelFactory):
     name = factory.Sequence(lambda n: "name%03d" % n)
 
     class Meta:
@@ -82,7 +62,7 @@ class Meta:
         django_get_or_create = ('name',)
 
 
-class UserFactory(factory.DjangoModelFactory):
+class UserFactory(RegisterModelFactory):
     class Meta:
         model = unicef_security.models.User
         django_get_or_create = ('username',)
@@ -99,12 +79,12 @@ class Meta:
 
     @classmethod
     def _prepare(cls, create, **kwargs):
-        from .perms import user_grant_permissions
+        from ..perms import user_grant_permissions
 
         permissions = kwargs.pop('permissions', [])
 
         password = kwargs.pop('password')
-        user = super(UserFactory, cls)._prepare(create, **kwargs)
+        user = super()._prepare(cls, create, **kwargs)
         if password:
             user.set_password(password)
             if create:
@@ -121,27 +101,18 @@ class AnonUserFactory(UserFactory):
     username = 'anonymous'
 
 
-class UserAccessControlFactory(factory.DjangoModelFactory):
-    policy = UserAccessControl.POLICY_ALLOW
+class UserAccessControlFactory(RegisterModelFactory):
+    policy = unicef_rest_framework.models.UserAccessControl.POLICY_ALLOW
     serializers = ["std"]
 
     class Meta:
-        model = UserAccessControl
+        model = unicef_rest_framework.models.UserAccessControl
         django_get_or_create = ('user', 'service')
 
 
-class UserStatsFactory(factory.DjangoModelFactory):
-    month = lambda: datetime(today.year, random.choice([1, 2, 3]), 1)  # noqa
-    country_name = lambda: random.choice(connections['etools'].get_tenants())  # noqa
-
+class SystemFilterFactory(RegisterModelFactory):
     class Meta:
-        model = UserStats
-        django_get_or_create = ('month', 'country_name')
-
-
-class SystemFilterFactory(factory.DjangoModelFactory):
-    class Meta:
-        model = SystemFilter
+        model = unicef_rest_framework.models.SystemFilter
         django_get_or_create = ('user', 'service')
 
     @factory.post_generation
@@ -157,18 +128,19 @@ def rules(self, create, extracted, **kwargs):
                 rule.save()
 
 
-class SubscriptionFactory(factory.DjangoModelFactory):
+class SubscriptionFactory(RegisterModelFactory):
     kwargs = ''
     user = SubFactory(UserFactory)
     type = Subscription.MESSAGE
-    content_type = lambda x: ContentType.objects.get_for_model(HACT)  # noqa: E731
+
+    # content_type = lambda x: ContentType.objects.get_for_model(HACT)  # noqa: E731
 
     class Meta:
         model = Subscription
         django_get_or_create = ('user', 'content_type')
 
 
-class EmailTemplateFactory(factory.DjangoModelFactory):
+class EmailTemplateFactory(RegisterModelFactory):
     name = 'dataset_changed'
 
     class Meta:
@@ -176,7 +148,7 @@ class Meta:
         django_get_or_create = ('name',)
 
 
-class RegionFactory(factory.DjangoModelFactory):
+class RegionFactory(RegisterModelFactory):
     code = factory.Sequence(lambda n: "code%03d" % n)
     name = factory.Sequence(lambda n: "name%03d" % n)
 
@@ -185,20 +157,18 @@ class Meta:
         django_get_or_create = ('name',)
 
 
-class BusinessAreaFactory(factory.DjangoModelFactory):
+class SchemaAccessControlFactory(RegisterModelFactory):
+    group = factory.SubFactory(GroupFactory)
+    schemas = ['bolivia', 'chad']
+
+    class Meta:
+        model = SchemaAccessControl
+
+
+class BusinessAreaFactory(RegisterModelFactory):
     code = factory.Sequence(lambda n: "code%03d" % n)
     region = SubFactory(RegionFactory)
 
     class Meta:
         model = unicef_security.models.BusinessArea
         django_get_or_create = ('name',)
-
-
-# class RoleFactory(factory.DjangoModelFactory):
-#     user = SubFactory(UserFactory)
-#     group = SubFactory(GroupFactory)
-#     business_area = SubFactory(BusinessAreaFactory)
-#
-#     class Meta:
-#         model = unicef_security.models.Role
-#         django_get_or_create = ('user', 'group', 'business_area')
diff --git a/tests/_test_lib/test_utilities/factories/data.py b/tests/_test_lib/test_utilities/factories/data.py
new file mode 100644
index 000000000..09c0d5908
--- /dev/null
+++ b/tests/_test_lib/test_utilities/factories/data.py
@@ -0,0 +1,89 @@
+import random
+from datetime import datetime
+
+import factory
+from django.db import connections
+from django.utils import timezone
+from factory.fuzzy import BaseFuzzyAttribute
+from test_utilities.factories import today
+from test_utilities.factories.common import RegisterModelFactory
+
+from etools_datamart.apps.data.models import (FAMIndicator, GatewayType, HACT, Intervention,
+                                              Location, PMPIndicators, UserStats,)
+
+
+class DataMartModelFactory(RegisterModelFactory):
+    schema_name = factory.Iterator(connections['etools'].get_tenants())
+    country_name = factory.SelfAttribute('schema_name')
+
+
+class HACTFactory(DataMartModelFactory):
+    year = today.year
+    country_name = factory.SelfAttribute('schema_name')
+
+    class Meta:
+        model = HACT
+
+
+class PMPIndicatorFactory(DataMartModelFactory):
+    # schema_name = factory.Iterator(connections['etools'].get_tenants())
+    class Meta:
+        model = PMPIndicators
+        django_get_or_create = ('country_name',)
+
+
+class FAMIndicatorFactory(DataMartModelFactory):
+    month = today
+    last_modify_date = timezone.now()
+
+    class Meta:
+        model = FAMIndicator
+
+
+class InterventionFactory(DataMartModelFactory):
+    metadata = {}
+    title = factory.Sequence(lambda n: "title%03d" % n)
+    number = factory.Sequence(lambda n: "#%03d" % n)
+
+    class Meta:
+        model = Intervention
+
+
+class GatewayTypeFactory(DataMartModelFactory):
+    name = factory.Sequence(lambda n: "name%03d" % n)
+
+    class Meta:
+        model = GatewayType
+        django_get_or_create = ('name',)
+
+
+class LocationFactory(DataMartModelFactory):
+    gateway = factory.SubFactory(GatewayTypeFactory)
+    name = factory.Sequence(lambda n: "name%03d" % n)
+    level = factory.Sequence(lambda n: n)
+    lft = 1
+    rght = 1
+    tree_id = 1
+    created = timezone.now()
+    modified = timezone.now()
+    is_active = True
+
+    class Meta:
+        model = Location
+        django_get_or_create = ('name',)
+
+
+class FuzzyMonth(BaseFuzzyAttribute):
+    def __init__(self, **kwargs):
+        super().__init__(**kwargs)
+
+    def fuzz(self):
+        return datetime(today.year, random.choice([1, 2, 3]), 1)  # noqa
+
+
+class UserStatsFactory(DataMartModelFactory):
+    month = FuzzyMonth()
+
+    class Meta:
+        model = UserStats
+        django_get_or_create = ('month', 'country_name')
diff --git a/tests/_test_lib/test_utilities/factories/etools.py b/tests/_test_lib/test_utilities/factories/etools.py
new file mode 100644
index 000000000..fc87f7314
--- /dev/null
+++ b/tests/_test_lib/test_utilities/factories/etools.py
@@ -0,0 +1,9 @@
+from test_utilities.factories import RegisterModelFactory
+
+
+class EToolsModelFactory(RegisterModelFactory):
+    pass
+
+
+class ActionPointFactory(EToolsModelFactory):
+    pass
diff --git a/tests/api/conftest.py b/tests/api/conftest.py
index 6aef3126b..21b0cb0b5 100644
--- a/tests/api/conftest.py
+++ b/tests/api/conftest.py
@@ -5,6 +5,7 @@
 import pytest
 from rest_framework.test import APIClient
 from test_utilities.factories import AnonUserFactory
+
 from unicef_rest_framework.models import Service
 
 from etools_datamart.api.endpoints import InterventionViewSet
diff --git a/tests/api/test_api_auth_open.py b/tests/api/test_api_auth_open.py
index 78c4e6ff6..704c4af30 100644
--- a/tests/api/test_api_auth_open.py
+++ b/tests/api/test_api_auth_open.py
@@ -2,6 +2,7 @@
 import pytest
 from concurrency.api import disable_concurrency
 from rest_framework.test import APIClient
+
 from unicef_rest_framework.acl import ACL_ACCESS_LOGIN, ACL_ACCESS_OPEN
 
 from etools_datamart.api.endpoints import PartnerViewSet
diff --git a/tests/api/test_api_cache.py b/tests/api/test_api_cache.py
index d441defeb..e88ddc21f 100644
--- a/tests/api/test_api_cache.py
+++ b/tests/api/test_api_cache.py
@@ -1,5 +1,6 @@
 # -*- coding: utf-8 -*-
 import pytest
+
 from unicef_rest_framework.test_utils import user_allow_country, user_allow_service
 
 from etools_datamart.api.endpoints import PartnerViewSet
diff --git a/tests/api/test_api_common.py b/tests/api/test_api_common.py
index 4185c6da6..cb9e5de06 100644
--- a/tests/api/test_api_common.py
+++ b/tests/api/test_api_common.py
@@ -4,6 +4,7 @@
 import pytest
 from django.http import Http404
 from drf_querystringfilter.exceptions import QueryFilterException
+from dynamic_serializer.core import InvalidSerializerError
 from rest_framework.exceptions import AuthenticationFailed, NotAuthenticated, PermissionDenied
 from rest_framework.reverse import reverse
 
@@ -32,6 +33,7 @@ def test_options(client, url):
                                        (PermissionDenied, 403),
                                        (InvalidSchema, 400),
                                        (AuthenticationFailed, 403),
+                                       (InvalidSerializerError, 400),
                                        ])
 def test_handle_exception(client, exc, code):
     view = APIReadOnlyModelViewSet()
diff --git a/tests/api/test_api_filtering.py b/tests/api/test_api_filtering.py
index de4d019f3..ae91bd055 100644
--- a/tests/api/test_api_filtering.py
+++ b/tests/api/test_api_filtering.py
@@ -1,6 +1,7 @@
 import pytest
 from rest_framework.test import APIClient
 from test_utilities.factories import AdminFactory, FAMIndicatorFactory, UserFactory
+
 from unicef_rest_framework.test_utils import user_allow_country, user_allow_service
 
 from etools_datamart.api.endpoints import EngagementViewSet, InterventionViewSet, PartnerViewSet
diff --git a/tests/api/test_api_permission.py b/tests/api/test_api_permission.py
index f49f310dd..33725c96d 100644
--- a/tests/api/test_api_permission.py
+++ b/tests/api/test_api_permission.py
@@ -3,6 +3,7 @@
 from django.utils.http import urlquote
 from rest_framework.test import APIClient
 from test_utilities.factories import InterventionFactory
+
 from unicef_rest_framework.models import UserAccessControl
 from unicef_rest_framework.test_utils import user_allow_country
 
diff --git a/tests/api/test_api_web.py b/tests/api/test_api_web.py
index 86bebd2d5..b80684926 100644
--- a/tests/api/test_api_web.py
+++ b/tests/api/test_api_web.py
@@ -2,6 +2,7 @@
 import pytest
 from rest_framework.test import APIClient
 from test_utilities.factories import UserFactory
+
 from unicef_rest_framework.test_utils import user_allow_country, user_allow_service
 from unicef_security.models import User
 
diff --git a/tests/api/test_datamart_security.py b/tests/api/test_datamart_security.py
index debe06dfa..9be1ac567 100644
--- a/tests/api/test_datamart_security.py
+++ b/tests/api/test_datamart_security.py
@@ -3,6 +3,7 @@
 import pytest
 from rest_framework.test import APIClient
 from test_utilities.factories import AdminFactory, UserFactory, UserStatsFactory
+
 from unicef_rest_framework.test_utils import user_allow_country, user_allow_service
 
 from etools_datamart.api.endpoints import HACTViewSet, PartnerViewSet, UserStatsViewSet
diff --git a/tests/api/test_etools_security.py b/tests/api/test_etools_security.py
index 10b38caf4..a723a996f 100644
--- a/tests/api/test_etools_security.py
+++ b/tests/api/test_etools_security.py
@@ -1,6 +1,7 @@
 import pytest
 from rest_framework.test import APIClient
 from test_utilities.factories import AdminFactory, UserFactory
+
 from unicef_rest_framework.test_utils import user_allow_country, user_allow_service
 
 from etools_datamart.api.endpoints import PartnerViewSet
diff --git a/tests/api/test_system_filters.py b/tests/api/test_system_filters.py
index 41c178d63..f9d3fe4ba 100644
--- a/tests/api/test_system_filters.py
+++ b/tests/api/test_system_filters.py
@@ -3,6 +3,7 @@
 from django.contrib.auth.models import User
 from rest_framework.test import APIClient
 from test_utilities.factories import InterventionFactory, SystemFilterFactory, UserAccessControlFactory
+
 from unicef_rest_framework.models import Service
 from unicef_rest_framework.test_utils import user_allow_country
 
diff --git a/tests/conftest.py b/tests/conftest.py
index 210c1ee20..4dff38d6c 100644
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -1,5 +1,6 @@
 import os
 import tempfile
+import uuid
 import warnings
 from pathlib import Path
 from unittest.mock import MagicMock
@@ -20,6 +21,22 @@ def pytest_configure(config):
 warnings.simplefilter('ignore', UserWarning)
 
 
+@pytest.fixture(scope="session")
+def disable_migration_signals(request):
+    return request.config.getvalue("disable_migration_signals")
+
+
+def pytest_addoption(parser):
+    group = parser.getgroup("django")
+    group._addoption(
+        "--disable-migration-signals",
+        action="store_true",
+        dest="disable_migration_signals",
+        default=False,
+        help="disable pre/post migration signals",
+    )
+
+
 @pytest.yield_fixture(scope='session')
 def django_db_setup(request,
                     django_test_environment,
@@ -27,12 +44,13 @@ def django_db_setup(request,
                     django_db_use_migrations,
                     django_db_keepdb,
                     django_db_createdb,
-                    django_db_modify_db_settings):
+                    django_db_modify_db_settings,
+                    disable_migration_signals):
     # never touch etools DB
-    # if django_db_keepdb:
-    #     import django.core.management.commands.migrate
-    #     django.core.management.commands.migrate.emit_pre_migrate_signal = MagicMock()
-    #     django.core.management.commands.migrate.emit_post_migrate_signal = MagicMock()
+    if disable_migration_signals:
+        import django.core.management.commands.migrate
+        django.core.management.commands.migrate.emit_pre_migrate_signal = MagicMock()
+        django.core.management.commands.migrate.emit_post_migrate_signal = MagicMock()
 
     from pytest_django.fixtures import django_db_setup as dj_db_setup
     dj_db_setup(request,
@@ -154,6 +172,7 @@ def user(etools_user):
     from test_utilities.factories import UserFactory
 
     return UserFactory(username=etools_user.username,
+                       azure_id=uuid.uuid4(),
                        email=etools_user.email)
 
 
diff --git a/tests/datamart/test_data_admin.py b/tests/datamart/test_data_admin.py
index a6b53be99..ff2c8859f 100644
--- a/tests/datamart/test_data_admin.py
+++ b/tests/datamart/test_data_admin.py
@@ -1,25 +1,107 @@
 # -*- coding: utf-8 -*-
+from unittest.mock import MagicMock
+
 import pytest
 from django.contrib import messages
+from django.contrib.admin.sites import site
 from django.urls import reverse
-from test_utilities.factories import PMPIndicatorFactory
+from strategy_field.utils import fqn
+from test_utilities.factories import factories_registry, PMPIndicatorFactory
 from test_utilities.perms import user_grant_permissions
 
 
-@pytest.mark.django_db()
-def test_data_index(django_app, admin_user):
-    url = reverse("admin:app_list", args=['data'])
+def pytest_generate_tests(metafunc):
+    if 'modeladmin' in metafunc.fixturenames:
+        m = []
+        ids = []
+        for model, admin in site._registry.items():
+            if model._meta.app_label == 'data':
+                m.append(admin)
+                ids.append(admin.__class__.__name__)
+        metafunc.parametrize("modeladmin", m, ids=ids)
+
+
+@pytest.fixture()
+def data(db, request):
+    # TIPS: database access is forbidden in pytest_generate_tests
+    modeladmin = request.getfixturevalue('modeladmin')
+    factory = factories_registry[modeladmin.model]
+    return (factory(schema_name='bolivia'),
+            factory(schema_name='chad'),
+            factory(schema_name='lebanon'))
+
+
+def test_changelist(django_app, admin_user, modeladmin):
+    opts = modeladmin.model._meta
+    url = reverse(f"admin:{opts.app_label}_{opts.model_name}_changelist")
     res = django_app.get(url, user=admin_user)
     assert res.status_code == 200
 
 
+def test_change(django_app, admin_user, modeladmin):
+    opts = modeladmin.model._meta
+    factory = factories_registry[modeladmin.model]
+    obj = factory()
+    url = reverse(f"admin:{opts.app_label}_{opts.model_name}_change",
+                  args=[obj.pk])
+    res = django_app.get(url, user=admin_user)
+    assert res.status_code == 200, url
+
+
+def test_refresh(django_app, admin_user, modeladmin, monkeypatch):
+    target = fqn(modeladmin.model)
+    monkeypatch.setattr(f'{target}.loader.load', MagicMock())
+    opts = modeladmin.model._meta
+    url = reverse(f"admin:{opts.app_label}_{opts.model_name}_changelist")
+
+    res = django_app.get(url, user=admin_user)
+    assert res.status_code == 200
+    res = res.click("Refresh").follow()
+    assert res.status_code == 200
+    storage = res.context['messages']
+    assert [messages.DEFAULT_TAGS[m.level] for m in storage] == ['success'], [m.message for m in storage]
+
+
+def test_api(django_app, admin_user, modeladmin):
+    opts = modeladmin.model._meta
+    url = reverse(f"admin:{opts.app_label}_{opts.model_name}_changelist")
+    res = django_app.get(url, user=admin_user)
+    res = res.click("Api").follow()
+    assert res.status_code == 200
+
+
+def test_invalidate_cache(django_app, admin_user, modeladmin):
+    opts = modeladmin.model._meta
+    url = reverse(f"admin:{opts.app_label}_{opts.model_name}_changelist")
+    res = django_app.get(url, user=admin_user)
+    res = res.click("Invalidate Cache").follow()
+    assert res.status_code == 200
+
+
+def test_filter(django_app, admin_user, modeladmin, data):
+    opts = modeladmin.model._meta
+    url = reverse(f"admin:{opts.app_label}_{opts.model_name}_changelist")
+    url = f"{url}?country_name=bolivia,chad,lebanon"
+
+    res = django_app.get(url, user=admin_user)
+    assert res.status_code == 200, url
+
+
 @pytest.mark.django_db()
-def test_pmpindicators_list(django_app, admin_user):
-    url = reverse("admin:data_pmpindicators_changelist")
+def test_data_index(django_app, admin_user):
+    url = reverse("admin:app_list", args=['data'])
     res = django_app.get(url, user=admin_user)
     assert res.status_code == 200
 
 
+#
+# @pytest.mark.django_db()
+# def test_pmpindicators_list(django_app, admin_user):
+#     url = reverse("admin:data_pmpindicators_changelist")
+#     res = django_app.get(url, user=admin_user)
+#     assert res.status_code == 200
+
+
 @pytest.mark.django_db()
 def test_pmpindicators_filter(django_app, admin_user):
     url = reverse("admin:data_pmpindicators_changelist")
@@ -52,52 +134,52 @@ def test_pmpindicators_detail_supersuser(django_app, admin_user, settings):
     res = res.form.submit().follow()
     assert res.status_code == 200
 
-
-def test_pmpindicators_refresh(django_app, admin_user):
-    url = reverse("admin:data_pmpindicators_changelist")
-    res = django_app.get(url, user=admin_user)
-    assert res.status_code == 200
-    res = res.click("Refresh").follow()
-    assert res.status_code == 200
-    storage = res.context['messages']
-    assert [messages.DEFAULT_TAGS[m.level] for m in storage] == ['success'], [m.message for m in storage]
-
-
-def test_pmpindicators_invalidate_cache(django_app, admin_user, service):
-    url = reverse("admin:data_pmpindicators_invalidate_cache")
-    res = django_app.get(url, user=admin_user)
-    assert res.status_code == 302
-
-
-def test_pmpindicators_api(django_app, admin_user, service):
-    url = reverse("admin:data_pmpindicators_api")
-    res = django_app.get(url, user=admin_user)
-    assert res.status_code == 302
-
-
-def test_pmpindicators_truncate(django_app, admin_user):
-    url = reverse("admin:data_pmpindicators_changelist")
-    res = django_app.get(url, user=admin_user)
-    assert res.status_code == 200
-    res = res.click("Truncate")
-    assert res.status_code == 200
-    res = res.form.submit().follow()
-    assert res.status_code == 200
-    storage = res.context['messages']
-    assert [messages.DEFAULT_TAGS[m.level] for m in storage] == ['success'], [m.message for m in storage]
-
-
-def test_pmpindicators_queue(django_app, admin_user):
-    url = reverse("admin:data_pmpindicators_changelist")
-    res = django_app.get(url, user=admin_user)
-    assert res.status_code == 200
-    res = res.click("Queue").follow()
-    assert res.status_code == 200
-    storage = res.context['messages']
-    assert [messages.DEFAULT_TAGS[m.level] for m in storage] == ['success'], [m.message for m in storage]
-
-
-def test_pmpindicators_filterimng(django_app, admin_user):
-    url = reverse("admin:data_pmpindicators_changelist")
-    res = django_app.get(f"{url}", user=admin_user)
-    assert res.status_code == 200
+# def test_pmpindicators_refresh(django_app, admin_user):
+#     url = reverse("admin:data_pmpindicators_changelist")
+#     res = django_app.get(url, user=admin_user)
+#     assert res.status_code == 200
+#     res = res.click("Refresh").follow()
+#     assert res.status_code == 200
+#     storage = res.context['messages']
+#     assert [messages.DEFAULT_TAGS[m.level] for m in storage] == ['success'], [m.message for m in storage]
+
+
+# def test_pmpindicators_invalidate_cache(django_app, admin_user, service):
+#     url = reverse("admin:data_pmpindicators_invalidate_cache")
+#     res = django_app.get(url, user=admin_user)
+#     assert res.status_code == 302
+#
+#
+# def test_pmpindicators_api(django_app, admin_user, service):
+#     url = reverse("admin:data_pmpindicators_api")
+#     res = django_app.get(url, user=admin_user)
+#     assert res.status_code == 302
+#
+#
+# def test_pmpindicators_truncate(django_app, admin_user):
+#     url = reverse("admin:data_pmpindicators_changelist")
+#     res = django_app.get(url, user=admin_user)
+#     assert res.status_code == 200
+#     res = res.click("Truncate")
+#     assert res.status_code == 200
+#     res = res.form.submit().follow()
+#     assert res.status_code == 200
+#     storage = res.context['messages']
+#     assert [messages.DEFAULT_TAGS[m.level] for m in storage] == ['success'], [m.message for m in storage]
+#
+#
+# def test_pmpindicators_queue(django_app, admin_user):
+#     url = reverse("admin:data_pmpindicators_changelist")
+#     res = django_app.get(url, user=admin_user)
+#     assert res.status_code == 200
+#     res = res.click("Queue").follow()
+#     assert res.status_code == 200
+#     storage = res.context['messages']
+#     assert [messages.DEFAULT_TAGS[m.level] for m in storage] == ['success'], [m.message for m in storage]
+#
+#
+# def test_pmpindicators_filterimng(django_app, admin_user):
+#     url = reverse("admin:data_pmpindicators_changelist")
+#     res = django_app.get(f"{url}", user=admin_user)
+#     assert res.status_code == 200
+#
diff --git a/tests/etl/test_etl_admin.py b/tests/etl/test_etl_admin.py
index 366a5e20b..f76f03a6b 100644
--- a/tests/etl/test_etl_admin.py
+++ b/tests/etl/test_etl_admin.py
@@ -24,17 +24,13 @@ def tasklog_scheduled(tasklog):
 
 def test_tasklog_changelist(django_app, admin_user, tasklog_scheduled):
     url = reverse("admin:etl_etltask_changelist")
-    res = django_app.get(url,
-                         user=admin_user,
-                         extra_environ={'HTTP_X_SCHEMA': "public"})
+    res = django_app.get(url, user=admin_user)
     assert res.status_code == 200
 
 
 def test_tasklog_change(django_app, admin_user, tasklog):
     url = reverse("admin:etl_etltask_change", args=[tasklog.id])
-    res = django_app.get(url,
-                         user=admin_user,
-                         extra_environ={'HTTP_X_SCHEMA': "public"})
+    res = django_app.get(url, user=admin_user)
     assert res.status_code == 200
     res = res.form.submit().follow()
     assert res.status_code == 200
@@ -62,30 +58,13 @@ def test_tasklog_queue(django_app, admin_user, tasklog):
 
 def test_tasklog_refresh(django_app, admin_user, tasklog):
     url = reverse("admin:etl_etltask_change", args=[tasklog.id])
-    res = django_app.get(url,
-                         user=admin_user,
-                         extra_environ={'HTTP_X_SCHEMA': "public"})
+    res = django_app.get(url, user=admin_user)
     assert res.status_code == 200
 
 
-# def test_tasklog_truncate(django_app, admin_user, tasklog):
-#     url = reverse("admin:etl_etltask_changelist")
-#     res = django_app.get(url,
-#                          user=admin_user,
-#                          extra_environ={'HTTP_X_SCHEMA': "public"})
-#     assert res.status_code == 200
-#     res = res.click("Truncate")
-#     res = res.form.submit()
-#     assert res.status_code == 302
-#     # storage = res.context['messages']
-#     # assert [messages.DEFAULT_TAGS[m.level] for m in storage] == ['success'], [m.message for m in storage]
-
-
 def test_tasklog_inspect(django_app, admin_user, tasklog):
     url = reverse("admin:etl_etltask_changelist")
-    res = django_app.get(url,
-                         user=admin_user,
-                         extra_environ={'HTTP_X_SCHEMA': "public"})
+    res = django_app.get(url, user=admin_user)
     assert res.status_code == 200
     res = res.click("Inspect").follow()
     assert res.status_code == 200
diff --git a/tests/etl/test_etl_loaders.py b/tests/etl/test_etl_loaders.py
index d7c9b2c0f..ff5341e75 100644
--- a/tests/etl/test_etl_loaders.py
+++ b/tests/etl/test_etl_loaders.py
@@ -1,36 +1,61 @@
 # -*- coding: utf-8 -*-
-from etools_datamart.apps.data.loader import EtlResult
-from etools_datamart.apps.data.models import FAMIndicator, PMPIndicators
+from django.apps import apps
 
+from etools_datamart.apps.data.loader import loadeables
 
-def test_load_pmp_indicator(number_of_intervention):
-    PMPIndicators.objects.truncate()
-    PMPIndicators.loader.unlock()
-    assert PMPIndicators.loader.load() == EtlResult(created=153)
-    assert PMPIndicators.objects.count() == number_of_intervention * 3
 
+def pytest_generate_tests(metafunc):
+    if 'loader' in metafunc.fixturenames:
+        m = []
+        ids = []
+        for model_name in loadeables:
+            model = apps.get_model(model_name)
+            m.append(model.loader)
+            ids.append(model.__name__)
+        metafunc.parametrize("loader", m, ids=ids)
 
+
+def test_loader_load(loader, number_of_intervention):
+    loader.model.objects.truncate()
+    loader.unlock()
+    loader.load(max_records=2)
+    assert loader.model.objects.count()
+
+#
+# def test_load_pmp_indicator(number_of_intervention):
+#     PMPIndicators.objects.truncate()
+#     PMPIndicators.loader.unlock()
+#     assert PMPIndicators.loader.load() == EtlResult(created=153)
+#     assert PMPIndicators.objects.count() == number_of_intervention * 3
+#
+#
 # def test_load_intervention(number_of_intervention, settings, monkeypatch):
-#     load_intervention.unlock()
-#     assert load_intervention() == EtlResult(created=number_of_intervention*3)
+#     Intervention.loader.unlock()
+#     assert Intervention.loader.load() == EtlResult(created=number_of_intervention * 3)
 #     assert Intervention.objects.count() == number_of_intervention * 3
 #
 #
-def test_load_fam_indicator(db, settings, monkeypatch):
-    FAMIndicator.loader.unlock()
-    FAMIndicator.loader.load()
-    assert FAMIndicator.objects.count() == 3
-
+# def test_load_fam_indicator(db, settings, monkeypatch):
+#     FAMIndicator.loader.unlock()
+#     FAMIndicator.loader.load()
+#     assert FAMIndicator.objects.count() == 3
+#
 #
 # def test_load_user_stats(db, settings, monkeypatch):
-#     load_user_report.unlock()
-#     load_user_report()
+#     UserStats.loader.unlock()
+#     UserStats.loader.load()
+#     assert UserStats.objects.count() == 3
+#
+#
+# def test_load_location(db, settings, monkeypatch):
+#     Location.loader.unlock()
+#     Location.loader.load()
 #     assert UserStats.objects.count() == 3
 #
 #
 # def test_load_hact(db, settings, monkeypatch):
-#     load_hact.unlock()
-#     load_hact()
+#     HACT.loader.unlock()
+#     HACT.loader.load()
 #     assert HACT.objects.count() == 3
 #     bolivia = HACT.objects.get(country_name='Bolivia')
 #     assert bolivia.microassessments_total == 0
@@ -39,25 +64,25 @@ def test_load_fam_indicator(db, settings, monkeypatch):
 #     assert bolivia.completed_spotcheck == 0
 #     assert bolivia.completed_hact_audits == 0
 #     assert bolivia.completed_special_audits == 0
-#     res = load_hact()
+#     res = HACT.loader.load()
 #     assert res == EtlResult(unchanged=3)
 #
 #
 # @freeze_time("2018-11-10")
 # def test_dataset_increased(db, settings, monkeypatch):
-#     load_user_report.unlock()
-#     load_user_report()
+#     UserStats.loader.unlock()
+#     UserStats.loader.load()
 #     UserStats.objects.first().delete()
-#     ret = load_user_report()
+#     ret = UserStats.loader.load()
 #     assert ret == EtlResult(created=1, unchanged=2)
 #
 #
 # @freeze_time("2018-11-10")
 # def test_dataset_changed(db, settings, monkeypatch):
-#     load_user_report.unlock()
-#     ret = load_user_report()
+#     UserStats.loader.unlock()
+#     ret = UserStats.loader.load()
 #     assert ret == EtlResult(created=3)
 #     UserStats.objects.update(total=999, unicef=999)
 #
-#     ret = load_user_report()
+#     ret = UserStats.loader.load()
 #     assert ret == EtlResult(updated=3)
diff --git a/tests/etl/test_etl_lock.py b/tests/etl/test_etl_lock.py
index 23fa11776..ff9678b1a 100644
--- a/tests/etl/test_etl_lock.py
+++ b/tests/etl/test_etl_lock.py
@@ -1,25 +1,25 @@
-# -*- coding: utf-8 -*-
-import uuid
-
-from etools_datamart.apps.etl.lock import cache, only_one
-
-
-def test_only_one():
-    call = 0
-
-    def func():
-        nonlocal call
-        call += 1
-    key = uuid.uuid4()
-    wrapped = only_one(func, key=key)
-    wrapped()
-    assert call == 1
-    wrapped()
-    assert call == 2
-
-    lock = cache.lock(key)
-    assert lock.acquire(blocking=False)
-
-    wrapped()
-    assert call == 2
-    lock.release()
+# # -*- coding: utf-8 -*-
+# import uuid
+#
+# from etools_datamart.apps.etl.lock import locks, only_one
+#
+#
+# def test_only_one():
+#     call = 0
+#
+#     def func():
+#         nonlocal call
+#         call += 1
+#     key = uuid.uuid4()
+#     wrapped = only_one(func, key=key)
+#     wrapped()
+#     assert call == 1
+#     wrapped()
+#     assert call == 2
+#
+#     lock = cache.lock(key)
+#     assert lock.acquire(blocking=False)
+#
+#     wrapped()
+#     assert call == 2
+#     lock.release()
diff --git a/tests/etl/test_etl_result.py b/tests/etl/test_etl_result.py
index d7e1a3ba2..b3b56b404 100644
--- a/tests/etl/test_etl_result.py
+++ b/tests/etl/test_etl_result.py
@@ -50,5 +50,9 @@ def test_dumps():
         EtlResult(1, 1, 1)) == '{"__type__": "__EtlResult__", "data": {"created": 1, "updated": 1, "unchanged": 1}}'
 
 
+def test_dumps2():
+    assert etl_dumps({} == '{}')
+
+
 def test_loads():
     assert etl_loads(etl_dumps({"a": 1})) == {"a": 1}
diff --git a/tests/etl/test_etl_tasklog.py b/tests/etl/test_etl_tasklog.py
index 0a1a37e0e..8cee4f6bf 100644
--- a/tests/etl/test_etl_tasklog.py
+++ b/tests/etl/test_etl_tasklog.py
@@ -4,6 +4,7 @@
 from celery.signals import task_postrun
 from django.contrib.contenttypes.models import ContentType
 from test_utilities.factories import TaskLogFactory
+
 from unicef_security.models import User
 
 from etools_datamart.apps.data.loader import EtlResult
diff --git a/tests/etools/test_etools_admin.py b/tests/etools/test_etools_admin.py
index e75c5ed3a..156e45e57 100644
--- a/tests/etools/test_etools_admin.py
+++ b/tests/etools/test_etools_admin.py
@@ -1,12 +1,50 @@
 # -*- coding: utf-8 -*-
+import pytest
+from django.contrib.admin.sites import site
 from django.db import connections
 from django.urls import reverse
 
 from etools_datamart.apps.etools.models import PartnersPartnerorganization
+from etools_datamart.apps.multitenant.models import TenantModel
 
 conn = connections['etools']
 
 
+def pytest_generate_tests(metafunc):
+    if 'modeladmin' in metafunc.fixturenames:
+        m = []
+        ids = []
+        for model, admin in site._registry.items():
+            if model._meta.app_label == 'etools':
+                m.append(admin)
+                ids.append(admin.__class__.__name__)
+
+        metafunc.parametrize("modeladmin", m, ids=ids)
+
+
+def test_changelist(django_app, admin_user, modeladmin):
+    opts = modeladmin.model._meta
+    url = reverse(f"admin:{opts.app_label}_{opts.model_name}_changelist")
+    res = django_app.get(url, user=admin_user)
+    assert res.status_code == 200
+
+
+def test_change(django_app, admin_user, modeladmin):
+    opts = modeladmin.model._meta
+    conn.set_schemas(["bolivia"])
+    obj = modeladmin.model.objects.first()
+    if not obj:
+        pytest.skip("No object found")
+    if issubclass(modeladmin.model, TenantModel):
+        key = f"{obj.pk}-bolivia"
+    else:
+        key = obj.pk
+    url = reverse(f"admin:{opts.app_label}_{opts.model_name}_change",
+                  args=[key])
+    res = django_app.get(url, user=admin_user)
+    assert res.status_code == 200, url
+
+
 def test_changelist_all(django_app, admin_user):
     url = reverse("admin:etools_partnerspartnerorganization_changelist")
     res = django_app.get(url, user=admin_user)
diff --git a/tests/test_commands.py b/tests/test_commands.py
index 94c5fd0a5..2c4d78465 100644
--- a/tests/test_commands.py
+++ b/tests/test_commands.py
@@ -2,6 +2,7 @@
 import os
 from io import StringIO
 from unittest import mock
+from unittest.mock import MagicMock
 
 import pytest
 from django.contrib.auth import get_user_model
@@ -26,39 +27,42 @@ def invalidate_cache():
 
 
 @pytest.mark.django_db
-def test_init_setup_all(db, settings, autocreate_users, invalidate_cache, tmpdir):
+def test_init_setup_all(db, settings, autocreate_users, invalidate_cache, tmpdir, monkeypatch):
     settings.DEBUG = True
     settings.STATIC_ROOT = tmpdir
+    monkeypatch.setattr('etools_datamart.apps.init.management.commands.init-setup.call_command', MagicMock())
     call_command("init-setup", all=True, refresh=True, stdout=StringIO())
     ModelUser = get_user_model()
     assert ModelUser.objects.exists()
 
 
-@pytest.mark.django_db
-def test_init_setup_migrate(db, settings):
-    settings.DEBUG = True
-    call_command("init-setup", migrate=True, stdout=StringIO())
-    ModelUser = get_user_model()
-    assert ModelUser.objects.exists()
-
-
-@pytest.mark.django_db
-def test_init_setup_plain(db, settings):
-    settings.DEBUG = True
-    call_command("init-setup", all=False, stdout=StringIO(), migrate=False)
-    ModelUser = get_user_model()
-    assert ModelUser.objects.exists()
-
-
-@pytest.mark.django_db
-def test_init_setup_debug_false(db, settings):
-    settings.DEBUG = False
-    ModelUser = get_user_model()
-
-    call_command("init-setup", all=True, stdout=StringIO(), migrate=False)
-    assert ModelUser.objects.exists()
-
-
+#
+#
+# @pytest.mark.django_db
+# def test_init_setup_migrate(db, settings):
+#     settings.DEBUG = True
+#     call_command("init-setup", migrate=True, stdout=StringIO())
+#     ModelUser = get_user_model()
+#     assert ModelUser.objects.exists()
+#
+#
+# @pytest.mark.django_db
+# def test_init_setup_plain(db, settings):
+#     settings.DEBUG = True
+#     call_command("init-setup", all=False, stdout=StringIO(), migrate=False)
+#     ModelUser = get_user_model()
+#     assert ModelUser.objects.exists()
+#
+#
+# @pytest.mark.django_db
+# def test_init_setup_debug_false(db, settings):
+#     settings.DEBUG = False
+#     ModelUser = get_user_model()
+#
+#     call_command("init-setup", all=True, stdout=StringIO(), migrate=False)
+#     assert ModelUser.objects.exists()
+#
+#
 @pytest.mark.django_db
 def test_db_is_ready(db, monkeypatch):
     monkeypatch.setattr("sys.exit", lambda v: v)
diff --git a/tests/test_subscription.py b/tests/test_subscription.py
index cb9a99c02..a68c12bd7 100644
--- a/tests/test_subscription.py
+++ b/tests/test_subscription.py
@@ -7,6 +7,7 @@
 from django.http import HttpResponse
 from django.urls import reverse
 from test_utilities.factories import EmailTemplateFactory, HACTFactory, SubscriptionFactory
+
 from unicef_rest_framework.test_utils import user_allow_service
 
 from etools_datamart.apps.data.models import HACT
diff --git a/tests/test_views.py b/tests/test_views.py
index 67c572b1b..2e7170dc8 100644
--- a/tests/test_views.py
+++ b/tests/test_views.py
@@ -20,7 +20,7 @@ def test_profile(django_app, admin_user):
     assert res.status_code == 200
 
 
-def test_profile_post(django_app, admin_user):
-    res = django_app.get(reverse('profile'), user=admin_user)
+def test_profile_post(django_app, user):
+    res = django_app.get(reverse('profile'), user=user)
     res = res.form.submit()
     assert res.status_code == 200
diff --git a/tests/tracking/conftest.py b/tests/tracking/conftest.py
index f325ea92d..3ec0ffe9d 100644
--- a/tests/tracking/conftest.py
+++ b/tests/tracking/conftest.py
@@ -3,6 +3,7 @@
 
 import pytest
 from test_utilities.factories import APIRequestLogFactory
+
 from unicef_security.models import User
 
 
diff --git a/tests/tracking/test_tracking_log.py b/tests/tracking/test_tracking_log.py
index bde31577d..201f1c706 100644
--- a/tests/tracking/test_tracking_log.py
+++ b/tests/tracking/test_tracking_log.py
@@ -1,20 +1,17 @@
 # -*- coding: utf-8 -*-
 import logging
+from time import sleep
+from unittest.mock import Mock
 
 import pytest
-# from django.contrib.auth.models import AnonymousUser
+from django.contrib.auth.models import AnonymousUser
 from django.urls import reverse
+from test_utilities.factories import AdminFactory, UserFactory
 
 from etools_datamart.api.endpoints import InterventionViewSet
-# from etools_datamart.apps.tracking.middleware import StatsMiddleware, ThreadedStatsMiddleware
+from etools_datamart.apps.tracking.middleware import StatsMiddleware
 from etools_datamart.apps.tracking.models import APIRequestLog, DailyCounter
 
-# from time import sleep
-# from unittest.mock import Mock
-
-# from test_utilities.factories import AdminFactory, UserFactory
-
-
 logger = logging.getLogger(__name__)
 
 
@@ -68,31 +65,30 @@ def test_log(enable_stats, django_app, system_user, reset_stats):
 #     assert res.status_code == 200
 
 
-# @pytest.mark.parametrize("code", [200, 500])
-# @pytest.mark.parametrize("stats", [True, False])
-# @pytest.mark.parametrize("user_type", [AnonymousUser, UserFactory, AdminFactory])
-# @pytest.mark.parametrize("middleware", [StatsMiddleware, ThreadedStatsMiddleware])
-# @pytest.mark.django_db(transaction=True)
-# def test_middleware(rf, settings, user_type, middleware, stats, code):
-#     user = user_type()
-#     settings.ENABLE_LIVE_STATS = stats
-#
-#     view = InterventionViewSet.as_view({'get': 'list'})
-#     service = InterventionViewSet.get_service()
-#     url = service.endpoint
-#
-#     m = middleware(lambda r: Mock(status_code=code, content='abc',
-#                                   accepted_media_type='text/plain'))
-#     request = rf.get(url)
-#     request.user = user
-#     request.api_info = {'view': view,
-#                         'service': service}
-#     m(request)
-#     m(request)  # two times to trigger ENABLE_LIVE_STATS
-#     sleep(1)
-#     log = APIRequestLog.objects.filter(path=url).first()
-#     if code == 200:
-#         assert log
-#     else:
-#         assert not log
-#
+@pytest.mark.parametrize("code", [200, 500])
+@pytest.mark.parametrize("stats", [True, False])
+@pytest.mark.parametrize("user_type", [AnonymousUser, UserFactory, AdminFactory])
+@pytest.mark.parametrize("middleware", [StatsMiddleware, ])
+@pytest.mark.django_db(transaction=False)
+def test_middleware(rf, settings, user_type, middleware, stats, code):
+    user = user_type()
+    settings.ENABLE_LIVE_STATS = stats
+
+    view = InterventionViewSet.as_view({'get': 'list'})
+    service = InterventionViewSet.get_service()
+    url = service.endpoint
+
+    m = middleware(lambda r: Mock(status_code=code, content='abc',
+                                  accepted_media_type='text/plain'))
+    request = rf.get(url)
+    request.user = user
+    request.api_info = {'view': view,
+                        'service': service}
+    m(request)
+    m(request)  # two times to trigger ENABLE_LIVE_STATS
+    sleep(1)
+    log = APIRequestLog.objects.filter(path=url).first()
+    if code == 200:
+        assert log
+    else:
+        assert not log
diff --git a/tests/unicef_security/test_azure.py b/tests/unicef_security/test_azure.py
index e7b05e2d3..a78006cf9 100644
--- a/tests/unicef_security/test_azure.py
+++ b/tests/unicef_security/test_azure.py
@@ -3,6 +3,7 @@
 
 import pytest
 import vcr
+
 from unicef_security.graph import Synchronizer
 
 
diff --git a/tests/unicef_security/test_sync.py b/tests/unicef_security/test_sync.py
index 690f7c04d..ad609e72f 100644
--- a/tests/unicef_security/test_sync.py
+++ b/tests/unicef_security/test_sync.py
@@ -1,6 +1,7 @@
 from pathlib import Path
 
 import vcr
+
 from unicef_security.sync import load_business_area, load_region
 
 

From 2b8af88a2bc0d3143bc52a6fa36acfd66f52d581 Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Fri, 21 Dec 2018 14:31:54 +0100
Subject: [PATCH 72/86] updaets Pipfile

---
 .circleci/config.yml                    |  7 +++-
 Pipfile.lock                            | 55 ++-----------------------
 docker/Dockerfile                       |  4 +-
 src/etools_datamart/apps/data/loader.py |  8 ++--
 tests/datamart/test_data_admin.py       | 11 +++++
 5 files changed, 28 insertions(+), 57 deletions(-)

diff --git a/.circleci/config.yml b/.circleci/config.yml
index 8eb7d40de..1474da39c 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -21,7 +21,12 @@ jobs:
       - run:
           name: Install dependencies
           command: |
-            sudo apt-get update && sudo apt-get -y install postgresql
+            sudo apt-get update \
+                  && sudo apt-get -y install \
+                            postgresql \
+                            gcc \
+                            gdal-bin \
+                            python-dev
 
       - restore_cache:
           keys:
diff --git a/Pipfile.lock b/Pipfile.lock
index a9a1fff8a..76e5b6155 100644
--- a/Pipfile.lock
+++ b/Pipfile.lock
@@ -1,7 +1,7 @@
 {
     "_meta": {
         "hash": {
-            "sha256": "f924d34ed0e5fe945a69c08abc433c1c319076bdad8133574cc14a987484796b"
+            "sha256": "8832190e1faa25c54328fd0f59bc55c31188ce6291b45d07206e16041494d72a"
         },
         "pipfile-spec": 6,
         "requires": {
@@ -773,14 +773,6 @@
             "index": "pypi",
             "version": "==1.1.0"
         },
-        "django-advanced-filters": {
-            "hashes": [
-                "sha256:4d9c6a3ca38f212fa0000f0a35426a046ead98d8608ffe341912dfcc3b0da87f",
-                "sha256:adee9498daa65125584c4cc0d37f7636427366fb96cc707bef8133b1dc22c405"
-            ],
-            "index": "pypi",
-            "version": "==1.1.0"
-        },
         "django-appconf": {
             "hashes": [
                 "sha256:6a4d9aea683b4c224d97ab8ee11ad2d29a37072c0c6c509896dd9857466fb261",
@@ -788,14 +780,6 @@
             ],
             "version": "==1.0.2"
         },
-        "django-basicauth": {
-            "hashes": [
-                "sha256:0ceff44ebc129eb7f8bde212a2f663210796ea1ba6e00d944cba50d4ef326f79",
-                "sha256:740a176e0bbeed8fd267e165a4373aa51a346258fb87479670dd7f6846f118d1"
-            ],
-            "index": "pypi",
-            "version": "==0.5.1"
-        },
         "django-braces": {
             "hashes": [
                 "sha256:a457d74ea29478123c0c4652272681b3cea0bf1232187fd9f9b6f1d97d32a890",
@@ -991,13 +975,6 @@
             "index": "pypi",
             "version": "==1.3.2"
         },
-        "django-tenant-schemas": {
-            "hashes": [
-                "sha256:7d3f96f6e1969ade79b22a7600553fa8843c8aff77dbbad8f1e1e7523b9a0cd3"
-            ],
-            "index": "pypi",
-            "version": "==1.9.0"
-        },
         "djangorestframework": {
             "hashes": [
                 "sha256:607865b0bb1598b153793892101d881466bd5a991de12bd6229abb18b1c86136",
@@ -1497,23 +1474,6 @@
             ],
             "version": "==0.15.81"
         },
-        "simplejson": {
-            "hashes": [
-                "sha256:067a7177ddfa32e1483ba5169ebea1bc2ea27f224853211ca669325648ca5642",
-                "sha256:2fc546e6af49fb45b93bbe878dea4c48edc34083729c0abd09981fe55bdf7f91",
-                "sha256:354fa32b02885e6dae925f1b5bbf842c333c1e11ea5453ddd67309dc31fdb40a",
-                "sha256:37e685986cf6f8144607f90340cff72d36acf654f3653a6c47b84c5c38d00df7",
-                "sha256:3af610ee72efbe644e19d5eaad575c73fb83026192114e5f6719f4901097fce2",
-                "sha256:3b919fc9cf508f13b929a9b274c40786036b31ad28657819b3b9ba44ba651f50",
-                "sha256:3dd289368bbd064974d9a5961101f080e939cbe051e6689a193c99fb6e9ac89b",
-                "sha256:6c3258ffff58712818a233b9737fe4be943d306c40cf63d14ddc82ba563f483a",
-                "sha256:75e3f0b12c28945c08f54350d91e624f8dd580ab74fd4f1bbea54bc6b0165610",
-                "sha256:b1f329139ba647a9548aa05fb95d046b4a677643070dc2afc05fa2e975d09ca5",
-                "sha256:ee9625fc8ee164902dfbb0ff932b26df112da9f871c32f0f9c1bcf20c350fe2a",
-                "sha256:fb2530b53c28f0d4d84990e945c2ebb470edb469d63e389bf02ff409012fe7c5"
-            ],
-            "version": "==3.16.0"
-        },
         "six": {
             "hashes": [
                 "sha256:3350809f0555b11f552448330d0b52d5f24c91a322ea4a15ef22629740f3761c",
@@ -1587,13 +1547,6 @@
             ],
             "version": "==1.3"
         },
-        "versio": {
-            "hashes": [
-                "sha256:7a7346d81ad0a0186bfc846736296a3381b728d322c1e47763c111608e9426d4"
-            ],
-            "index": "pypi",
-            "version": "==0.4.0"
-        },
         "vine": {
             "hashes": [
                 "sha256:52116d59bc45392af9fdd3b75ed98ae48a93e822cee21e5fda249105c59a7a72",
@@ -2005,11 +1958,11 @@
         },
         "pre-commit": {
             "hashes": [
-                "sha256:7542bd8ae1c58745175ea0a9295964ee82a10f7e18c4344f5e4c02bd85d02561",
-                "sha256:87f687da6a2651d5067cfec95b854b004e95b70143cbf2369604bb3acbce25ec"
+                "sha256:33bb9bf599c334d458fa9e311bde54e0c306a651473b6a36fdb36a61c8605c89",
+                "sha256:e233f5cf3230ae9ed9ada132e9cf6890e18cc937adc669353fb64394f6e80c17"
             ],
             "index": "pypi",
-            "version": "==1.12.0"
+            "version": "==1.13.0"
         },
         "prompt-toolkit": {
             "hashes": [
diff --git a/docker/Dockerfile b/docker/Dockerfile
index dac5e69ec..60da2db93 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -16,7 +16,9 @@ RUN set -o pipefail && if [ "${DEVELOP}" = "1" ]; then \
 FROM python:3.6.7-slim as base
 RUN apt-get update \
  	&& apt-get install -y --no-install-recommends \
- 	    gdal-bin
+ 	    gcc \
+ 	    gdal-bin \
+ 	    python-dev
 
 #RUN apk add --no-cache \
 #    --repository http://dl-cdn.alpinelinux.org/alpine/edge/main \
diff --git a/src/etools_datamart/apps/data/loader.py b/src/etools_datamart/apps/data/loader.py
index bc395e83f..db94d218d 100644
--- a/src/etools_datamart/apps/data/loader.py
+++ b/src/etools_datamart/apps/data/loader.py
@@ -238,13 +238,13 @@ def load(self, verbosity=0, always_update=False, stdout=None,
         lock = locks.lock(self.config.lock_key, timeout=self.config.timeout)
         try:
             have_lock = lock.acquire(blocking=False)
-            if have_lock:
+            if have_lock:  # pragma: no branch
                 if not ignore_dependencies:
                     for dependency in self.config.depends:
                         dependency.loader.load(stdout=stdout)
                 self.always_update = always_update
                 connection = connections['etools']
-                if not countries:
+                if not countries:  # pragma: no branch
                     countries = connection.get_tenants()
                 if self.config.mapping:
                     self.mapping = {}
@@ -262,7 +262,7 @@ def load(self, verbosity=0, always_update=False, stdout=None,
                                            stdout=stdout)
 
                 for country in countries:
-                    if stdout:
+                    if stdout:  # pragma: no cover
                         stdout.write(f"{country}\n")
                     connection.set_schemas([country.schema_name])
                     self.process_country(results, country, context)
@@ -272,7 +272,7 @@ def load(self, verbosity=0, always_update=False, stdout=None,
                     if stdout:  # pragma: no cover
                         stdout.write("\n")
         finally:
-            if have_lock:
+            if have_lock:  # pragma: no branch
                 try:
                     lock.release()
                 except LockError as e:  # pragma: no cover
diff --git a/tests/datamart/test_data_admin.py b/tests/datamart/test_data_admin.py
index ff2c8859f..6e12afd35 100644
--- a/tests/datamart/test_data_admin.py
+++ b/tests/datamart/test_data_admin.py
@@ -70,6 +70,17 @@ def test_api(django_app, admin_user, modeladmin):
     assert res.status_code == 200
 
 
+def test_queue(django_app, admin_user, modeladmin, monkeypatch):
+    opts = modeladmin.model._meta
+    target = fqn(modeladmin.model)
+    monkeypatch.setattr(f'{target}.loader.task.delay', MagicMock())
+
+    url = reverse(f"admin:{opts.app_label}_{opts.model_name}_changelist")
+    res = django_app.get(url, user=admin_user)
+    res = res.click("Queue").follow()
+    assert res.status_code == 200
+
+
 def test_invalidate_cache(django_app, admin_user, modeladmin):
     opts = modeladmin.model._meta
     url = reverse(f"admin:{opts.app_label}_{opts.model_name}_changelist")

From f35893f07c3ab4e9b089b0614ed1c0b35adfb965 Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Fri, 21 Dec 2018 22:06:32 +0100
Subject: [PATCH 73/86] migrations reset

---
 .gitignore                                    |  2 +
 CHANGES                                       |  1 +
 .../apps/data/migrations/0001_initial.py      | 41 ++++++++++---------
 .../migrations/0002_auto_20181220_1044.py     | 18 --------
 .../migrations/0003_auto_20181220_1102.py     | 22 ----------
 .../apps/etl/migrations/0001_initial.py       |  2 +-
 .../init/management/commands/init-setup.py    | 41 +++++++++++++++----
 .../apps/security/migrations/0001_initial.py  |  4 +-
 src/etools_datamart/apps/security/models.py   |  2 +-
 .../security/static/security/array_widget.js  | 12 ------
 .../security/static/security/dual-listbox.css |  1 +
 .../security/static/security/dual-listbox.js  |  1 +
 .../schemaaccesscontrol/change_form.html      | 19 ++++++---
 .../schemaaccesscontrol/change_form2.html     | 20 +++++++++
 .../subscriptions/migrations/0001_initial.py  |  2 +-
 ...220_1037.py => 0002_auto_20181221_1724.py} |  4 +-
 .../apps/tracking/migrations/0001_initial.py  |  2 +-
 ...220_1037.py => 0002_auto_20181221_1724.py} |  2 +-
 .../migrations/0001_initial.py                |  2 +-
 ...220_1037.py => 0002_auto_20181221_1724.py} |  4 +-
 .../migrations/0001_initial.py                |  2 +-
 21 files changed, 105 insertions(+), 99 deletions(-)
 delete mode 100644 src/etools_datamart/apps/data/migrations/0002_auto_20181220_1044.py
 delete mode 100644 src/etools_datamart/apps/data/migrations/0003_auto_20181220_1102.py
 delete mode 100644 src/etools_datamart/apps/security/static/security/array_widget.js
 create mode 100755 src/etools_datamart/apps/security/static/security/dual-listbox.css
 create mode 100755 src/etools_datamart/apps/security/static/security/dual-listbox.js
 create mode 100644 src/etools_datamart/apps/security/templates/admin/security/schemaaccesscontrol/change_form2.html
 rename src/etools_datamart/apps/subscriptions/migrations/{0002_auto_20181220_1037.py => 0002_auto_20181221_1724.py} (93%)
 rename src/etools_datamart/apps/tracking/migrations/{0002_auto_20181220_1037.py => 0002_auto_20181221_1724.py} (97%)
 rename src/unicef_rest_framework/migrations/{0002_auto_20181220_1037.py => 0002_auto_20181221_1724.py} (98%)

diff --git a/.gitignore b/.gitignore
index 74390e2d4..e866167db 100644
--- a/.gitignore
+++ b/.gitignore
@@ -37,3 +37,5 @@ src/etools_datamart/apps/etools/models/public_old.py
 src/etools_datamart/apps/etools/models/tenant_old.py
 xml
 ~*
+**/dual-listbox-master/
+#src/etools_datamart/apps/security/static/security/dual-listbox-master
diff --git a/CHANGES b/CHANGES
index 974da1240..2e2f37ca4 100644
--- a/CHANGES
+++ b/CHANGES
@@ -11,6 +11,7 @@
 * Countries can be selected using name, schema_name,country_short_code or business_area_code
 * Improved Browseable API
 * `page_size` now accept `-1` to disable pagination
+* new endpoints 'Location' and 'GatewayType'
 
 
 1.7
diff --git a/src/etools_datamart/apps/data/migrations/0001_initial.py b/src/etools_datamart/apps/data/migrations/0001_initial.py
index 3754382d3..be3897ff6 100644
--- a/src/etools_datamart/apps/data/migrations/0001_initial.py
+++ b/src/etools_datamart/apps/data/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-20 10:37
+# Generated by Django 2.1.4 on 2018-12-21 17:24
 
 import django.contrib.gis.db.models.fields
 import django.contrib.postgres.fields.jsonb
@@ -19,9 +19,9 @@ class Migration(migrations.Migration):
             name='FAMIndicator',
             fields=[
                 ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
-                ('country_name', models.CharField(db_index=True, max_length=50)),
+                ('country_name', models.CharField(db_index=True, max_length=100)),
+                ('schema_name', models.CharField(db_index=True, max_length=63)),
                 ('area_code', models.CharField(db_index=True, max_length=10)),
-                ('schema_name', models.CharField(db_index=True, max_length=50)),
                 ('last_modify_date', models.DateTimeField(auto_now=True)),
                 ('month', month_field.models.MonthField(verbose_name='Month Value')),
                 ('spotcheck_ip_contacted', models.IntegerField(default=0, verbose_name='Spot Check-IP Contacted')),
@@ -50,25 +50,22 @@ class Migration(migrations.Migration):
             name='GatewayType',
             fields=[
                 ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
-                ('country_name', models.CharField(db_index=True, max_length=50)),
+                ('country_name', models.CharField(db_index=True, max_length=100)),
+                ('schema_name', models.CharField(db_index=True, max_length=63)),
                 ('area_code', models.CharField(db_index=True, max_length=10)),
-                ('schema_name', models.CharField(db_index=True, max_length=50)),
                 ('last_modify_date', models.DateTimeField(auto_now=True)),
-                ('name', models.CharField(max_length=64, unique=True)),
-                ('admin_level', models.SmallIntegerField(blank=True, null=True, unique=True)),
+                ('name', models.CharField(db_index=True, max_length=64)),
+                ('admin_level', models.SmallIntegerField(blank=True, null=True)),
                 ('source_id', models.IntegerField(blank=True, null=True)),
             ],
-            options={
-                'abstract': False,
-            },
         ),
         migrations.CreateModel(
             name='HACT',
             fields=[
                 ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
-                ('country_name', models.CharField(db_index=True, max_length=50)),
+                ('country_name', models.CharField(db_index=True, max_length=100)),
+                ('schema_name', models.CharField(db_index=True, max_length=63)),
                 ('area_code', models.CharField(db_index=True, max_length=10)),
-                ('schema_name', models.CharField(db_index=True, max_length=50)),
                 ('last_modify_date', models.DateTimeField(auto_now=True)),
                 ('year', models.IntegerField()),
                 ('microassessments_total', models.IntegerField(default=0, help_text='Total number of completed Microassessments in the business area in the past year')),
@@ -87,9 +84,9 @@ class Migration(migrations.Migration):
             name='Intervention',
             fields=[
                 ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
-                ('country_name', models.CharField(db_index=True, max_length=50)),
+                ('country_name', models.CharField(db_index=True, max_length=100)),
+                ('schema_name', models.CharField(db_index=True, max_length=63)),
                 ('area_code', models.CharField(db_index=True, max_length=10)),
-                ('schema_name', models.CharField(db_index=True, max_length=50)),
                 ('last_modify_date', models.DateTimeField(auto_now=True)),
                 ('created', models.DateTimeField(auto_now=True)),
                 ('updated', models.DateTimeField(null=True)),
@@ -141,9 +138,9 @@ class Migration(migrations.Migration):
             name='Location',
             fields=[
                 ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
-                ('country_name', models.CharField(db_index=True, max_length=50)),
+                ('country_name', models.CharField(db_index=True, max_length=100)),
+                ('schema_name', models.CharField(db_index=True, max_length=63)),
                 ('area_code', models.CharField(db_index=True, max_length=10)),
-                ('schema_name', models.CharField(db_index=True, max_length=50)),
                 ('last_modify_date', models.DateTimeField(auto_now=True)),
                 ('name', models.CharField(max_length=254)),
                 ('latitude', models.FloatField(blank=True, null=True)),
@@ -170,9 +167,9 @@ class Migration(migrations.Migration):
             name='PMPIndicators',
             fields=[
                 ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
-                ('country_name', models.CharField(db_index=True, max_length=50)),
+                ('country_name', models.CharField(db_index=True, max_length=100)),
+                ('schema_name', models.CharField(db_index=True, max_length=63)),
                 ('area_code', models.CharField(db_index=True, max_length=10)),
-                ('schema_name', models.CharField(db_index=True, max_length=50)),
                 ('last_modify_date', models.DateTimeField(auto_now=True)),
                 ('vendor_number', models.CharField(db_index=True, max_length=255, null=True)),
                 ('partner_name', models.CharField(db_index=True, max_length=255, null=True)),
@@ -212,9 +209,9 @@ class Migration(migrations.Migration):
             name='UserStats',
             fields=[
                 ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
-                ('country_name', models.CharField(db_index=True, max_length=50)),
+                ('country_name', models.CharField(db_index=True, max_length=100)),
+                ('schema_name', models.CharField(db_index=True, max_length=63)),
                 ('area_code', models.CharField(db_index=True, max_length=10)),
-                ('schema_name', models.CharField(db_index=True, max_length=50)),
                 ('last_modify_date', models.DateTimeField(auto_now=True)),
                 ('month', month_field.models.MonthField(verbose_name='Month Value')),
                 ('total', models.IntegerField(default=0, verbose_name='Total users')),
@@ -235,6 +232,10 @@ class Migration(migrations.Migration):
             name='hact',
             unique_together={('year', 'country_name')},
         ),
+        migrations.AlterUniqueTogether(
+            name='gatewaytype',
+            unique_together={('schema_name', 'name'), ('schema_name', 'admin_level')},
+        ),
         migrations.AlterUniqueTogether(
             name='famindicator',
             unique_together={('month', 'country_name')},
diff --git a/src/etools_datamart/apps/data/migrations/0002_auto_20181220_1044.py b/src/etools_datamart/apps/data/migrations/0002_auto_20181220_1044.py
deleted file mode 100644
index 2467289bb..000000000
--- a/src/etools_datamart/apps/data/migrations/0002_auto_20181220_1044.py
+++ /dev/null
@@ -1,18 +0,0 @@
-# Generated by Django 2.1.4 on 2018-12-20 10:44
-
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-
-    dependencies = [
-        ('data', '0001_initial'),
-    ]
-
-    operations = [
-        migrations.AlterField(
-            model_name='gatewaytype',
-            name='name',
-            field=models.CharField(db_index=True, max_length=64),
-        ),
-    ]
diff --git a/src/etools_datamart/apps/data/migrations/0003_auto_20181220_1102.py b/src/etools_datamart/apps/data/migrations/0003_auto_20181220_1102.py
deleted file mode 100644
index ad311b567..000000000
--- a/src/etools_datamart/apps/data/migrations/0003_auto_20181220_1102.py
+++ /dev/null
@@ -1,22 +0,0 @@
-# Generated by Django 2.1.4 on 2018-12-20 11:02
-
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-
-    dependencies = [
-        ('data', '0002_auto_20181220_1044'),
-    ]
-
-    operations = [
-        migrations.AlterField(
-            model_name='gatewaytype',
-            name='admin_level',
-            field=models.SmallIntegerField(blank=True, null=True),
-        ),
-        migrations.AlterUniqueTogether(
-            name='gatewaytype',
-            unique_together={('schema_name', 'admin_level'), ('schema_name', 'name')},
-        ),
-    ]
diff --git a/src/etools_datamart/apps/etl/migrations/0001_initial.py b/src/etools_datamart/apps/etl/migrations/0001_initial.py
index 936dcfcbd..da78f87ab 100644
--- a/src/etools_datamart/apps/etl/migrations/0001_initial.py
+++ b/src/etools_datamart/apps/etl/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-20 10:37
+# Generated by Django 2.1.4 on 2018-12-21 17:24
 
 import django.contrib.postgres.fields.jsonb
 import django.db.models.deletion
diff --git a/src/etools_datamart/apps/init/management/commands/init-setup.py b/src/etools_datamart/apps/init/management/commands/init-setup.py
index 3153d98cb..5ae7af7b6 100644
--- a/src/etools_datamart/apps/init/management/commands/init-setup.py
+++ b/src/etools_datamart/apps/init/management/commands/init-setup.py
@@ -68,9 +68,25 @@
 <div>To unsubscribe, change your preferences in <a href="{{base_url}}{% url 'monitor' %}">Datamart Monitor</a></div>
 """
 
+RESTRICTED_AREAS = {'234R': ['mpawlowski@unicef.org',
+                             'jmege@unicef.org',
+                             'nukhan@unicef.org']}
+
+
+def get_everybody_available_areas():
+    conn = connections['etools']
+    return [c.schema_name for c in conn.get_tenants()
+            if c.business_area_code not in RESTRICTED_AREAS.keys()]
+
+
+def get_restricted_areas():
+    conn = connections['etools']
+    return [c.schema_name for c in conn.get_tenants()
+            if c.business_area_code in RESTRICTED_AREAS.keys()]
+
 
 class Command(BaseCommand):
-    help = "My shiny new management command."
+    help = ""
 
     def add_arguments(self, parser):
         parser.add_argument(
@@ -147,12 +163,16 @@ def handle(self, *args, **options):
         Group.objects.get_or_create(name='Guests')
 
         self.stdout.write(f"Create group `Endpoints all access`")
-        all_access, __ = Group.objects.get_or_create(name='Endpoints all access')
+        all_access, __ = Group.objects.get_or_create(name='All endpoints access')
+        public_areas, __ = Group.objects.get_or_create(name='Public areas access')
+        restricted_areas, __ = Group.objects.get_or_create(name='Restricted areas access')
 
-        conn = connections['etools']
         self.stdout.write(f"Grants all schemas to group `Endpoints all access`")
-        SchemaAccessControl.objects.get_or_create(group=all_access,
-                                                  schemas=list(conn.all_schemas))
+        SchemaAccessControl.objects.get_or_create(group=public_areas,
+                                                  schemas=get_everybody_available_areas())
+
+        SchemaAccessControl.objects.get_or_create(group=restricted_areas,
+                                                  schemas=get_restricted_areas())
 
         from unicef_rest_framework.models import Service
         created, deleted, total = Service.objects.load_services()
@@ -167,6 +187,12 @@ def handle(self, *args, **options):
                 serializers=['*'],
                 policy=GroupAccessControl.POLICY_ALLOW
             )
+        for area, users in RESTRICTED_AREAS.items():
+            for email in users:
+                u, __ = ModelUser.objects.get_or_create(username=email,
+                                                        email=email)
+                u.groups.add(restricted_areas)
+
         # hostname
         for entry, values in settings.CACHES.items():
             loc = values.get('LOCATION', '')
@@ -180,9 +206,8 @@ def handle(self, *args, **options):
             self.stdout.write("Going to create new users")
             try:
                 for entry in os.environ.get('AUTOCREATE_USERS').split('|'):
-                    user, pwd = entry.split(',')
-                    User = get_user_model()
-                    u, created = User.objects.get_or_create(username=user)
+                    email, pwd = entry.split(',')
+                    u, created = ModelUser.objects.get_or_create(username=email)
                     if created:
                         self.stdout.write(f"Created user {u}")
                         u.set_password(pwd)
diff --git a/src/etools_datamart/apps/security/migrations/0001_initial.py b/src/etools_datamart/apps/security/migrations/0001_initial.py
index fca0b30e0..0558cfd50 100644
--- a/src/etools_datamart/apps/security/migrations/0001_initial.py
+++ b/src/etools_datamart/apps/security/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-20 10:37
+# Generated by Django 2.1.4 on 2018-12-21 17:24
 
 import django.contrib.postgres.fields
 import django.db.models.deletion
@@ -19,7 +19,7 @@ class Migration(migrations.Migration):
             fields=[
                 ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
                 ('schemas', django.contrib.postgres.fields.ArrayField(base_field=models.CharField(max_length=200), blank=True, null=True, size=None)),
-                ('group', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='schemas', to='auth.Group')),
+                ('group', models.OneToOneField(on_delete=django.db.models.deletion.CASCADE, related_name='schemas', to='auth.Group')),
             ],
             options={
                 'verbose_name': 'Schemas ACL',
diff --git a/src/etools_datamart/apps/security/models.py b/src/etools_datamart/apps/security/models.py
index 560b83fbc..77ca63b81 100644
--- a/src/etools_datamart/apps/security/models.py
+++ b/src/etools_datamart/apps/security/models.py
@@ -6,7 +6,7 @@
 
 
 class SchemaAccessControl(models.Model):
-    group = models.ForeignKey(Group, models.CASCADE, related_name='schemas')
+    group = models.OneToOneField(Group, models.CASCADE, related_name='schemas')
     schemas = ArrayField(models.CharField(max_length=200), blank=True, null=True)
 
     class Meta:
diff --git a/src/etools_datamart/apps/security/static/security/array_widget.js b/src/etools_datamart/apps/security/static/security/array_widget.js
deleted file mode 100644
index a094f6bef..000000000
--- a/src/etools_datamart/apps/security/static/security/array_widget.js
+++ /dev/null
@@ -1,12 +0,0 @@
-$('.dynamic-array-widget').each(function() {
-    $(this).find('.add-array-item').click((function($last) {
-        return function() {
-            var $new = $last.clone();
-            var id_parts = $new.find('input').attr('id').split('_');
-            var id = id_parts.slice(0, -1).join('_') + '_' + String(parseInt(id_parts.slice(-1)[0]) + 1);
-            $new.find('input').attr('id', id);
-            $new.find('input').prop('value', '');
-            $new.insertAfter($last);
-        };
-    })($(this).find('.array-item').last()));
-});
diff --git a/src/etools_datamart/apps/security/static/security/dual-listbox.css b/src/etools_datamart/apps/security/static/security/dual-listbox.css
new file mode 100755
index 000000000..ec49a675d
--- /dev/null
+++ b/src/etools_datamart/apps/security/static/security/dual-listbox.css
@@ -0,0 +1 @@
+.dual-listbox{display:-ms-flexbox;display:flex;-ms-flex-direction:column;flex-direction:column}.dual-listbox .dual-listbox__container{display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-direction:row;flex-direction:row;-ms-flex-wrap:wrap;flex-wrap:wrap}.dual-listbox .dual-listbox__search{border:1px solid #ddd;padding:10px;max-width:300px}.dual-listbox .dual-listbox__available,.dual-listbox .dual-listbox__selected{border:1px solid #ddd;height:300px;overflow-y:auto;padding:0;width:300px;margin-top:0;-webkit-margin-before:0}.dual-listbox .dual-listbox__buttons{display:-ms-flexbox;display:flex;-ms-flex-direction:column;flex-direction:column;margin:0 10px}.dual-listbox .dual-listbox__button{margin-bottom:5px;border:0;background-color:#eee;padding:10px;color:#fff}.dual-listbox .dual-listbox__button:hover{background-color:#ddd}.dual-listbox .dual-listbox__title{padding:15px 10px;font-size:120%;font-weight:700;border-left:1px solid #efefef;border-right:1px solid #efefef;border-top:1px solid #efefef;margin-top:1rem;-webkit-margin-before:1rem}.dual-listbox .dual-listbox__item{display:block;padding:10px;cursor:pointer;user-select:none;-moz-user-select:none;-webkit-user-select:none;-ms-user-select:none;border-bottom:1px solid #efefef;transition:background .2s ease}.dual-listbox .dual-listbox__item.dual-listbox__item--selected{background-color:rgba(8,157,227,.7)}
\ No newline at end of file
diff --git a/src/etools_datamart/apps/security/static/security/dual-listbox.js b/src/etools_datamart/apps/security/static/security/dual-listbox.js
new file mode 100755
index 000000000..a80b8b059
--- /dev/null
+++ b/src/etools_datamart/apps/security/static/security/dual-listbox.js
@@ -0,0 +1 @@
+!function(t,e){if("object"==typeof exports&&"object"==typeof module)module.exports=e();else if("function"==typeof define&&define.amd)define([],e);else{var i=e();for(var s in i)("object"==typeof exports?exports:t)[s]=i[s]}}(this,function(){return function(t){function e(s){if(i[s])return i[s].exports;var n=i[s]={exports:{},id:s,loaded:!1};return t[s].call(n.exports,n,n.exports,e),n.loaded=!0,n.exports}var i={};return e.m=t,e.c=i,e.p="",e(0)}([function(t,e){"use strict";function i(t,e){if(!(t instanceof e))throw new TypeError("Cannot call a class as a function")}Object.defineProperty(e,"__esModule",{value:!0});var s="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(t){return typeof t}:function(t){return t&&"function"==typeof Symbol&&t.constructor===Symbol&&t!==Symbol.prototype?"symbol":typeof t},n=function(){function t(t,e){for(var i=0;i<e.length;i++){var s=e[i];s.enumerable=s.enumerable||!1,s.configurable=!0,"value"in s&&(s.writable=!0),Object.defineProperty(t,s.key,s)}}return function(e,i,s){return i&&t(e.prototype,i),s&&t(e,s),e}}(),l="dual-listbox__item--selected",a=function(){function t(e){var s=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{};i(this,t),this.setDefaults(),this.selected=[],this.available=[],t.isDomElement(e)?this.select=e:this.select=document.querySelector(e),this._initOptions(s),this._initReusableElements(),this._splitOptions(this.select.options),void 0!==s.options&&this._splitOptions(s.options),this._buildDualListbox(this.select.parentNode),this._addActions(),this.redraw()}return n(t,[{key:"setDefaults",value:function(){this.addEvent=null,this.removeEvent=null,this.availableTitle="Available options",this.selectedTitle="Selected options",this.showAddButton=!0,this.addButtonText="add",this.showRemoveButton=!0,this.removeButtonText="remove",this.showAddAllButton=!0,this.addAllButtonText="add all",this.showRemoveAllButton=!0,this.removeAllButtonText="remove all",this.searchPlaceholder="Search"}},{key:"addEventListener",value:function(t,e){this.dualListbox.addEventListener(t,e)}},{key:"addSelected",value:function(t){var e=this,i=this.available.indexOf(t);i>-1&&(this.available.splice(i,1),this.selected.push(t),this._selectOption(t.dataset.id),this.redraw(),setTimeout(function(){var i=document.createEvent("HTMLEvents");i.initEvent("added",!1,!0),i.addedElement=t,e.dualListbox.dispatchEvent(i)},0))}},{key:"redraw",value:function(){this.updateAvailableListbox(),this.updateSelectedListbox()}},{key:"removeSelected",value:function(t){var e=this,i=this.selected.indexOf(t);i>-1&&(this.selected.splice(i,1),this.available.push(t),this._deselectOption(t.dataset.id),this.redraw(),setTimeout(function(){var i=document.createEvent("HTMLEvents");i.initEvent("removed",!1,!0),i.removedElement=t,e.dualListbox.dispatchEvent(i)},0))}},{key:"searchLists",value:function(t,e){for(var i=e.querySelectorAll(".dual-listbox__item"),s=t.toLowerCase(),n=0;n<i.length;n++){var l=i[n];-1===l.textContent.toLowerCase().indexOf(s)?l.style.display="none":l.style.display="list-item"}}},{key:"updateAvailableListbox",value:function(){this._updateListbox(this.availableList,this.available)}},{key:"updateSelectedListbox",value:function(){this._updateListbox(this.selectedList,this.selected)}},{key:"_actionAllSelected",value:function(t){var e=this;t.preventDefault(),this.available.filter(function(t){return"none"!==t.style.display}).forEach(function(t){return e.addSelected(t)})}},{key:"_updateListbox",value:function(t,e){for(;t.firstChild;)t.removeChild(t.firstChild);for(var i=0;i<e.length;i++){var s=e[i];t.appendChild(s)}}},{key:"_actionItemSelected",value:function(t){t.preventDefault();var e=this.dualListbox.querySelector("."+l);e&&this.addSelected(e)}},{key:"_actionAllDeselected",value:function(t){var e=this;t.preventDefault(),this.selected.filter(function(t){return"none"!==t.style.display}).forEach(function(t){return e.removeSelected(t)})}},{key:"_actionItemDeselected",value:function(t){t.preventDefault();var e=this.dualListbox.querySelector("."+l);e&&this.removeSelected(e)}},{key:"_actionItemDoubleClick",value:function(t){var e=arguments.length>1&&void 0!==arguments[1]?arguments[1]:null;e&&(e.preventDefault(),e.stopPropagation()),this.selected.indexOf(t)>-1?this.removeSelected(t):this.addSelected(t)}},{key:"_actionItemClick",value:function(t,e){var i=arguments.length>2&&void 0!==arguments[2]?arguments[2]:null;i&&i.preventDefault();for(var s=e.querySelectorAll(".dual-listbox__item"),n=0;n<s.length;n++){var a=s[n];a!==t&&a.classList.remove(l)}t.classList.contains(l)?t.classList.remove(l):t.classList.add(l)}},{key:"_addActions",value:function(){this._addButtonActions(),this._addSearchActions()}},{key:"_addButtonActions",value:function(){var t=this;this.add_all_button.addEventListener("click",function(e){return t._actionAllSelected(e)}),this.add_button.addEventListener("click",function(e){return t._actionItemSelected(e)}),this.remove_button.addEventListener("click",function(e){return t._actionItemDeselected(e)}),this.remove_all_button.addEventListener("click",function(e){return t._actionAllDeselected(e)})}},{key:"_addClickActions",value:function(t){var e=this;return t.addEventListener("dblclick",function(i){return e._actionItemDoubleClick(t,i)}),t.addEventListener("click",function(i){return e._actionItemClick(t,e.dualListbox,i)}),t}},{key:"_addSearchActions",value:function(){var t=this;this.search.addEventListener("change",function(e){return t.searchLists(e.target.value,t.dualListbox)}),this.search.addEventListener("keyup",function(e){return t.searchLists(e.target.value,t.dualListbox)})}},{key:"_buildDualListbox",value:function(t){this.select.style.display="none",this.dualListBoxContainer.appendChild(this._createList(this.availableListTitle,this.availableList)),this.dualListBoxContainer.appendChild(this.buttons),this.dualListBoxContainer.appendChild(this._createList(this.selectedListTitle,this.selectedList)),this.dualListbox.appendChild(this.search),this.dualListbox.appendChild(this.dualListBoxContainer),t.insertBefore(this.dualListbox,this.select)}},{key:"_createList",value:function(t,e){var i=document.createElement("div");return i.appendChild(t),i.appendChild(e),i}},{key:"_createButtons",value:function(){this.buttons=document.createElement("div"),this.buttons.classList.add("dual-listbox__buttons"),this.add_all_button=document.createElement("button"),this.add_all_button.classList.add("dual-listbox__button"),this.add_all_button.innerHTML=this.addAllButtonText,this.add_button=document.createElement("button"),this.add_button.classList.add("dual-listbox__button"),this.add_button.innerHTML=this.addButtonText,this.remove_button=document.createElement("button"),this.remove_button.classList.add("dual-listbox__button"),this.remove_button.innerHTML=this.removeButtonText,this.remove_all_button=document.createElement("button"),this.remove_all_button.classList.add("dual-listbox__button"),this.remove_all_button.innerHTML=this.removeAllButtonText,this.showAddAllButton&&this.buttons.appendChild(this.add_all_button),this.showAddButton&&this.buttons.appendChild(this.add_button),this.showRemoveButton&&this.buttons.appendChild(this.remove_button),this.showRemoveAllButton&&this.buttons.appendChild(this.remove_all_button)}},{key:"_createListItem",value:function(t){var e=document.createElement("li");return e.classList.add("dual-listbox__item"),e.innerHTML=t.text,e.dataset.id=t.value,this._addClickActions(e),e}},{key:"_createSearch",value:function(){this.search=document.createElement("input"),this.search.classList.add("dual-listbox__search"),this.search.placeholder=this.searchPlaceholder}},{key:"_deselectOption",value:function(t){for(var e=this.select.options,i=0;i<e.length;i++){var s=e[i];s.value===t&&(s.selected=!1)}this.removeEvent&&this.removeEvent(t)}},{key:"_initOptions",value:function(t){for(var e in t)t.hasOwnProperty(e)&&(this[e]=t[e])}},{key:"_initReusableElements",value:function(){this.dualListbox=document.createElement("div"),this.dualListbox.classList.add("dual-listbox"),this.select.id&&this.dualListbox.classList.add(this.select.id),this.dualListBoxContainer=document.createElement("div"),this.dualListBoxContainer.classList.add("dual-listbox__container"),this.availableList=document.createElement("ul"),this.availableList.classList.add("dual-listbox__available"),this.selectedList=document.createElement("ul"),this.selectedList.classList.add("dual-listbox__selected"),this.availableListTitle=document.createElement("div"),this.availableListTitle.classList.add("dual-listbox__title"),this.availableListTitle.innerText=this.availableTitle,this.selectedListTitle=document.createElement("div"),this.selectedListTitle.classList.add("dual-listbox__title"),this.selectedListTitle.innerText=this.selectedTitle,this._createButtons(),this._createSearch()}},{key:"_selectOption",value:function(t){for(var e=this.select.options,i=0;i<e.length;i++){var s=e[i];s.value===t&&(s.selected=!0)}this.addEvent&&this.addEvent(t)}},{key:"_splitOptions",value:function(e){for(var i=0;i<e.length;i++){var s=e[i];t.isDomElement(s)?this._addOption({text:s.innerHTML,value:s.value,selected:s.attributes.selected}):this._addOption(s)}}},{key:"_addOption",value:function(t){var e=this._createListItem(t);t.selected?this.selected.push(e):this.available.push(e)}}],[{key:"isDomElement",value:function(t){return"object"===("undefined"==typeof HTMLElement?"undefined":s(HTMLElement))?t instanceof HTMLElement:t&&"object"===(void 0===t?"undefined":s(t))&&null!==t&&1===t.nodeType&&"string"==typeof t.nodeName}}]),t}();e.default=a,e.DualListbox=a}])});
\ No newline at end of file
diff --git a/src/etools_datamart/apps/security/templates/admin/security/schemaaccesscontrol/change_form.html b/src/etools_datamart/apps/security/templates/admin/security/schemaaccesscontrol/change_form.html
index 7616d58da..4a1ef1ba5 100644
--- a/src/etools_datamart/apps/security/templates/admin/security/schemaaccesscontrol/change_form.html
+++ b/src/etools_datamart/apps/security/templates/admin/security/schemaaccesscontrol/change_form.html
@@ -1,8 +1,8 @@
-{% extends "admin/change_form.html" %}
+{% extends "admin/change_form.html" %}{% load staticfiles %}
 {% block extrahead %}{{ block.super }}
-    <link href="https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.6-rc.0/css/select2.min.css" rel="stylesheet"/>
+    <link href="{% static "security/dual-listbox.css" %}" rel="stylesheet"/>
     <script>window.jQuery = window.$ = django.jQuery;</script>
-    <script src="https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.6-rc.0/js/select2.min.js"></script>
+    <script src="{% static "security/dual-listbox.js" %}"></script>
 
 {% endblock %}
 
@@ -10,11 +10,18 @@
 {% block admin_change_form_document_ready %}
     {{ block.super }}
     <style>
-        select {
-            width: 100%;
+        .dual-listbox .dual-listbox__button {
+            background-color: #79aec8;
+            font-size: 13px;
+            font-family: "Roboto", "Lucida Grande", Verdana, Arial, sans-serif;
         }
     </style>
     <script>
-        django.jQuery('select').select2();
+        let dlb1 = new DualListbox('select[name=schemas]',
+            {
+                availableTitle: 'Available areas',
+                selectedTitle: 'Selected areas',
+            });
+
     </script>
 {% endblock %}
diff --git a/src/etools_datamart/apps/security/templates/admin/security/schemaaccesscontrol/change_form2.html b/src/etools_datamart/apps/security/templates/admin/security/schemaaccesscontrol/change_form2.html
new file mode 100644
index 000000000..7616d58da
--- /dev/null
+++ b/src/etools_datamart/apps/security/templates/admin/security/schemaaccesscontrol/change_form2.html
@@ -0,0 +1,20 @@
+{% extends "admin/change_form.html" %}
+{% block extrahead %}{{ block.super }}
+    <link href="https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.6-rc.0/css/select2.min.css" rel="stylesheet"/>
+    <script>window.jQuery = window.$ = django.jQuery;</script>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.6-rc.0/js/select2.min.js"></script>
+
+{% endblock %}
+
+
+{% block admin_change_form_document_ready %}
+    {{ block.super }}
+    <style>
+        select {
+            width: 100%;
+        }
+    </style>
+    <script>
+        django.jQuery('select').select2();
+    </script>
+{% endblock %}
diff --git a/src/etools_datamart/apps/subscriptions/migrations/0001_initial.py b/src/etools_datamart/apps/subscriptions/migrations/0001_initial.py
index 05024ef6c..0eadffb79 100644
--- a/src/etools_datamart/apps/subscriptions/migrations/0001_initial.py
+++ b/src/etools_datamart/apps/subscriptions/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-20 10:37
+# Generated by Django 2.1.4 on 2018-12-21 17:24
 
 import django.db.models.deletion
 from django.db import migrations, models
diff --git a/src/etools_datamart/apps/subscriptions/migrations/0002_auto_20181220_1037.py b/src/etools_datamart/apps/subscriptions/migrations/0002_auto_20181221_1724.py
similarity index 93%
rename from src/etools_datamart/apps/subscriptions/migrations/0002_auto_20181220_1037.py
rename to src/etools_datamart/apps/subscriptions/migrations/0002_auto_20181221_1724.py
index 06f818e59..6f2c14da6 100644
--- a/src/etools_datamart/apps/subscriptions/migrations/0002_auto_20181220_1037.py
+++ b/src/etools_datamart/apps/subscriptions/migrations/0002_auto_20181221_1724.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-20 10:37
+# Generated by Django 2.1.4 on 2018-12-21 17:24
 
 import django.db.models.deletion
 from django.conf import settings
@@ -10,8 +10,8 @@ class Migration(migrations.Migration):
     initial = True
 
     dependencies = [
-        ('subscriptions', '0001_initial'),
         migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+        ('subscriptions', '0001_initial'),
     ]
 
     operations = [
diff --git a/src/etools_datamart/apps/tracking/migrations/0001_initial.py b/src/etools_datamart/apps/tracking/migrations/0001_initial.py
index 444bd4fb9..90748dcfa 100644
--- a/src/etools_datamart/apps/tracking/migrations/0001_initial.py
+++ b/src/etools_datamart/apps/tracking/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-20 10:37
+# Generated by Django 2.1.4 on 2018-12-21 17:24
 
 import django.utils.timezone
 import strategy_field.fields
diff --git a/src/etools_datamart/apps/tracking/migrations/0002_auto_20181220_1037.py b/src/etools_datamart/apps/tracking/migrations/0002_auto_20181221_1724.py
similarity index 97%
rename from src/etools_datamart/apps/tracking/migrations/0002_auto_20181220_1037.py
rename to src/etools_datamart/apps/tracking/migrations/0002_auto_20181221_1724.py
index e7199d780..25f348587 100644
--- a/src/etools_datamart/apps/tracking/migrations/0002_auto_20181220_1037.py
+++ b/src/etools_datamart/apps/tracking/migrations/0002_auto_20181221_1724.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-20 10:37
+# Generated by Django 2.1.4 on 2018-12-21 17:24
 
 import django.db.models.deletion
 from django.conf import settings
diff --git a/src/unicef_rest_framework/migrations/0001_initial.py b/src/unicef_rest_framework/migrations/0001_initial.py
index f04acf12e..fc0f74d39 100644
--- a/src/unicef_rest_framework/migrations/0001_initial.py
+++ b/src/unicef_rest_framework/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-20 10:37
+# Generated by Django 2.1.4 on 2018-12-21 17:24
 
 import uuid
 
diff --git a/src/unicef_rest_framework/migrations/0002_auto_20181220_1037.py b/src/unicef_rest_framework/migrations/0002_auto_20181221_1724.py
similarity index 98%
rename from src/unicef_rest_framework/migrations/0002_auto_20181220_1037.py
rename to src/unicef_rest_framework/migrations/0002_auto_20181221_1724.py
index f8e085829..732b34a24 100644
--- a/src/unicef_rest_framework/migrations/0002_auto_20181220_1037.py
+++ b/src/unicef_rest_framework/migrations/0002_auto_20181221_1724.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-20 10:37
+# Generated by Django 2.1.4 on 2018-12-21 17:24
 
 import django.db.models.deletion
 from django.conf import settings
@@ -136,7 +136,7 @@ class Migration(migrations.Migration):
         ),
         migrations.AlterUniqueTogether(
             name='systemfilter',
-            unique_together={('service', 'group'), ('service', 'user')},
+            unique_together={('service', 'user'), ('service', 'group')},
         ),
         migrations.AlterUniqueTogether(
             name='groupaccesscontrol',
diff --git a/src/unicef_security/migrations/0001_initial.py b/src/unicef_security/migrations/0001_initial.py
index 58eb9fce4..69c061a46 100644
--- a/src/unicef_security/migrations/0001_initial.py
+++ b/src/unicef_security/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.1.4 on 2018-12-20 10:37
+# Generated by Django 2.1.4 on 2018-12-21 17:24
 
 import django.contrib.auth.models
 import django.contrib.auth.validators

From 0085826adf09da911baeb43467adb31609c6af57 Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Fri, 21 Dec 2018 22:10:54 +0100
Subject: [PATCH 74/86] removes pre-commit deom tox

---
 tox.ini | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/tox.ini b/tox.ini
index 32a46ec7b..4fadcc60f 100644
--- a/tox.ini
+++ b/tox.ini
@@ -50,10 +50,10 @@ deps =
     pipenv==2018.10.13
 
 commands =
-    pipenv install -d --deploy --ignore-pipfile
-    pipenv run pre-commit run --all-files
-    pipenv run pre-commit run --all-files --hook-stage push
-    pipenv run pre-commit run --all-files --hook-stage manual
+;    pipenv install -d --deploy --ignore-pipfile
+;    pipenv run pre-commit run --all-files
+;    pipenv run pre-commit run --all-files --hook-stage push
+;    pipenv run pre-commit run --all-files --hook-stage manual
     pipenv run py.test tests \
             --create-db \
             --cov-report=term \

From d1c009a376a92bbd6b04635ce2e9ff01e8fe9b08 Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Fri, 21 Dec 2018 23:47:34 +0100
Subject: [PATCH 75/86] updates

---
 .circleci/config.yml | 77 ++++++++++++++++++++++----------------------
 tox.ini              |  3 +-
 2 files changed, 40 insertions(+), 40 deletions(-)

diff --git a/.circleci/config.yml b/.circleci/config.yml
index 1474da39c..e9e7f2293 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -3,7 +3,7 @@ jobs:
   build:
     working_directory: ~/code
     docker:
-      - image: circleci/python:3.6
+      - image: python:3.6.7-slim
         environment:
           PGHOST: 127.0.0.1
           PIPENV_VENV_IN_PROJECT: 1
@@ -21,12 +21,11 @@ jobs:
       - run:
           name: Install dependencies
           command: |
-            sudo apt-get update \
-                  && sudo apt-get -y install \
-                            postgresql \
-                            gcc \
-                            gdal-bin \
-                            python-dev
+            apt-get update
+            apt-get install -y --no-install-recommends \
+                  gcc \
+                  gdal-bin \
+                  python-dev
 
       - restore_cache:
           keys:
@@ -41,7 +40,7 @@ jobs:
           command: |
             export PATH=/home/circleci/.local/bin:$PATH
             export PYTHONHASHSEED=${RANDOM}
-            pip install tox --user
+            pip install tox
             tox -e py36-d21
       - run:
           name: codecov
@@ -69,14 +68,14 @@ jobs:
       - deploy:
           name: tag and release if release candidate
           command: |
-              if [[ $CIRCLE_BRANCH == $RELEASE_MATCH ]]; then
-                curl --user ${CIRCLE_TOKEN}: \
-                  --data build_parameters[CIRCLE_JOB]=tag \
-                  --data revision=$CIRCLE_SHA1 \
-                  https://circleci.com/api/v1.1/project/github/$CIRCLE_PROJECT_USERNAME/$CIRCLE_PROJECT_REPONAME/tree/$CIRCLE_BRANCH
-              else
-                echo "Skipped as '$CIRCLE_BRANCH' does not match '$RELEASE_MATCH' branch"
-              fi
+            if [[ $CIRCLE_BRANCH == $RELEASE_MATCH ]]; then
+              curl --user ${CIRCLE_TOKEN}: \
+                --data build_parameters[CIRCLE_JOB]=tag \
+                --data revision=$CIRCLE_SHA1 \
+                https://circleci.com/api/v1.1/project/github/$CIRCLE_PROJECT_USERNAME/$CIRCLE_PROJECT_REPONAME/tree/$CIRCLE_BRANCH
+            else
+              echo "Skipped as '$CIRCLE_BRANCH' does not match '$RELEASE_MATCH' branch"
+            fi
   tag:
     docker:
       - image: circleci/python:3.6
@@ -156,11 +155,11 @@ jobs:
       - deploy:
           name: dockerize
           command: |
-              export TAG=${TAG:=${CIRCLE_BRANCH#*/}}
-              curl --user ${CIRCLE_TOKEN}: \
-                --data build_parameters[TAG]=$TAG \
-                --data build_parameters[JOB]=dockerize \
-                https://circleci.com/api/v1.1/project/github/$CIRCLE_PROJECT_USERNAME/$CIRCLE_PROJECT_REPONAME/tree/develop
+            export TAG=${TAG:=${CIRCLE_BRANCH#*/}}
+            curl --user ${CIRCLE_TOKEN}: \
+              --data build_parameters[TAG]=$TAG \
+              --data build_parameters[JOB]=dockerize \
+              https://circleci.com/api/v1.1/project/github/$CIRCLE_PROJECT_USERNAME/$CIRCLE_PROJECT_REPONAME/tree/develop
 
   dockerize:
     working_directory: ~/code
@@ -206,25 +205,25 @@ jobs:
       - run:
           name: Test Backend docker image
           command: |
-              echo "Testing ${DOCKER_IMAGE}:${TAG}"
-              docker run -p 8000:8000 \
-                      --rm \
-                      -e DATABASE_URL=${DATABASE_URL} \
-                      -e DEBUG=0 \
-                      -e SECURE_SSL_REDIRECT=0 \
-                      -e SESSION_COOKIE_SECURE=0 \
-                      -e SESSION_COOKIE_HTTPONLY=9 \
-                      -e SESSION_COOKIE_HTTPONLY=0 \
-                      -e CSRF_COOKIE_SECURE=0 \
-                      -it ${DOCKER_IMAGE}:${TAG} \
-                      django-admin check --deploy
+            echo "Testing ${DOCKER_IMAGE}:${TAG}"
+            docker run -p 8000:8000 \
+                    --rm \
+                    -e DATABASE_URL=${DATABASE_URL} \
+                    -e DEBUG=0 \
+                    -e SECURE_SSL_REDIRECT=0 \
+                    -e SESSION_COOKIE_SECURE=0 \
+                    -e SESSION_COOKIE_HTTPONLY=9 \
+                    -e SESSION_COOKIE_HTTPONLY=0 \
+                    -e CSRF_COOKIE_SECURE=0 \
+                    -it ${DOCKER_IMAGE}:${TAG} \
+                    django-admin check --deploy
       - deploy:
           name: Push Backend docker image
           command: |
-              echo "Pushing ${DOCKER_IMAGE}:${TAG} to Docker Hub"
-              export TODAY=`date '+%d %B %Y at %H:%M'`
+            echo "Pushing ${DOCKER_IMAGE}:${TAG} to Docker Hub"
+            export TODAY=`date '+%d %B %Y at %H:%M'`
 
-              docker login -u $DOCKER_USER -p $DOCKER_PASS
-              docker tag ${DOCKER_IMAGE}:${TAG} ${DOCKER_IMAGE}:latest
-              docker push ${DOCKER_IMAGE}:latest
-              docker push ${DOCKER_IMAGE}:${TAG}
+            docker login -u $DOCKER_USER -p $DOCKER_PASS
+            docker tag ${DOCKER_IMAGE}:${TAG} ${DOCKER_IMAGE}:latest
+            docker push ${DOCKER_IMAGE}:latest
+            docker push ${DOCKER_IMAGE}:${TAG}
diff --git a/tox.ini b/tox.ini
index 4fadcc60f..e46884ba8 100644
--- a/tox.ini
+++ b/tox.ini
@@ -54,7 +54,8 @@ commands =
 ;    pipenv run pre-commit run --all-files
 ;    pipenv run pre-commit run --all-files --hook-stage push
 ;    pipenv run pre-commit run --all-files --hook-stage manual
-    pipenv run py.test tests \
+    pipenv run env
+    pipenv run pytest tests \
             --create-db \
             --cov-report=term \
             --cov-report=html \

From b4917519a6002c2509719d9226aa44113139e863 Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Fri, 21 Dec 2018 23:51:09 +0100
Subject: [PATCH 76/86] updates

---
 tox.ini | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/tox.ini b/tox.ini
index e46884ba8..96fe7a601 100644
--- a/tox.ini
+++ b/tox.ini
@@ -50,11 +50,10 @@ deps =
     pipenv==2018.10.13
 
 commands =
-;    pipenv install -d --deploy --ignore-pipfile
+    pipenv install -d --deploy --ignore-pipfile
 ;    pipenv run pre-commit run --all-files
 ;    pipenv run pre-commit run --all-files --hook-stage push
 ;    pipenv run pre-commit run --all-files --hook-stage manual
-    pipenv run env
     pipenv run pytest tests \
             --create-db \
             --cov-report=term \

From 647ad6f20f81e4b4c8bd1cbdffdef2867533acbf Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Sat, 22 Dec 2018 14:26:13 +0100
Subject: [PATCH 77/86] updates

---
 .circleci/config.yml                       | 13 +++++++++++--
 src/etools_datamart/apps/security/forms.py |  7 +++++--
 2 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/.circleci/config.yml b/.circleci/config.yml
index e9e7f2293..38d48e590 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -21,11 +21,20 @@ jobs:
       - run:
           name: Install dependencies
           command: |
+            mkdir -p /usr/share/man/man1
+            mkdir -p /usr/share/man/man7
             apt-get update
-            apt-get install -y --no-install-recommends \
+            apt-get install -y \
+                  libc-bin \
                   gcc \
                   gdal-bin \
-                  python-dev
+                  python-dev \
+                  postgresql-client-9.6
+
+      - run:
+          name: Create databases
+          command: |
+            createdb --user postgres etools
 
       - restore_cache:
           keys:
diff --git a/src/etools_datamart/apps/security/forms.py b/src/etools_datamart/apps/security/forms.py
index 81005088f..4747915e0 100644
--- a/src/etools_datamart/apps/security/forms.py
+++ b/src/etools_datamart/apps/security/forms.py
@@ -10,8 +10,11 @@
 
 class SchemaAccessControlForm(ModelForm):
     group = forms.ModelChoiceField(queryset=Group.objects.all())
-    schemas = forms.MultipleChoiceField(choices=zip(conn.all_schemas,
-                                                    conn.all_schemas), required=False)
+    schemas = forms.MultipleChoiceField(choices=[], required=False)
+
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        self.fields['schemas'].choices = zip(conn.all_schemas, conn.all_schemas)
 
     class Meta:
         model = SchemaAccessControl

From 349f4761b5727103a64e5a6c9d79d44e76f11ffa Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Sat, 22 Dec 2018 15:05:02 +0100
Subject: [PATCH 78/86] updates

---
 .../apps/init/management/commands/init-setup.py | 17 +++++++++++------
 src/etools_datamart/libs/constance.py           |  2 +-
 2 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/src/etools_datamart/apps/init/management/commands/init-setup.py b/src/etools_datamart/apps/init/management/commands/init-setup.py
index 5ae7af7b6..29ae39e4e 100644
--- a/src/etools_datamart/apps/init/management/commands/init-setup.py
+++ b/src/etools_datamart/apps/init/management/commands/init-setup.py
@@ -159,12 +159,16 @@ def handle(self, *args, **options):
                                                              defaults={"is_superuser": False,
                                                                        "is_staff": False,
                                                                        "password": make_password(uuid.uuid4())})
-        self.stdout.write(f"Create group `Guest`")
-        Group.objects.get_or_create(name='Guests')
+        # self.stdout.write(f"Create group `Guest`")
+        # Group.objects.get_or_create(name='Guests')
+        # self.stdout.write(f"Create group `Endpoints all access`")
+        # all_access, __ = Group.objects.get_or_create(name='All endpoints access')
 
-        self.stdout.write(f"Create group `Endpoints all access`")
-        all_access, __ = Group.objects.get_or_create(name='All endpoints access')
+        self.stdout.write(f"Create group `Public areas access`")
         public_areas, __ = Group.objects.get_or_create(name='Public areas access')
+        config.DEFAULT_GROUP = 'Public areas access'
+
+        self.stdout.write(f"Create group `Restricted areas access`")
         restricted_areas, __ = Group.objects.get_or_create(name='Restricted areas access')
 
         self.stdout.write(f"Grants all schemas to group `Endpoints all access`")
@@ -182,7 +186,7 @@ def handle(self, *args, **options):
 
         for service in Service.objects.all():
             GroupAccessControl.objects.get_or_create(
-                group=all_access,
+                group=public_areas,
                 service=service,
                 serializers=['*'],
                 policy=GroupAccessControl.POLICY_ALLOW
@@ -191,6 +195,7 @@ def handle(self, *args, **options):
             for email in users:
                 u, __ = ModelUser.objects.get_or_create(username=email,
                                                         email=email)
+                u.groups.add(public_areas)
                 u.groups.add(restricted_areas)
 
         # hostname
@@ -212,7 +217,7 @@ def handle(self, *args, **options):
                         self.stdout.write(f"Created user {u}")
                         u.set_password(pwd)
                         u.save()
-                        u.groups.add(all_access)
+                        u.groups.add(public_areas)
                     else:  # pragma: no cover
                         self.stdout.write(f"User {u} already exists.")
 
diff --git a/src/etools_datamart/libs/constance.py b/src/etools_datamart/libs/constance.py
index 066a5905b..db4b60582 100644
--- a/src/etools_datamart/libs/constance.py
+++ b/src/etools_datamart/libs/constance.py
@@ -9,7 +9,7 @@ class GroupChoiceField(ChoiceField):
 
     def __init__(self, **kwargs):
         names = list(Group.objects.values_list('name', flat=True))
-        choices = [[i, i] for i in names]
+        choices = zip(names, names)
         super().__init__(choices=choices, **kwargs)
 
 

From 16433602ee4d01b046be859c1061f70bd08ce13d Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Sat, 22 Dec 2018 15:55:56 +0100
Subject: [PATCH 79/86] update version

---
 docker/.bumpversion.cfg         | 2 +-
 docker/Makefile                 | 2 +-
 src/etools_datamart/__init__.py | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/docker/.bumpversion.cfg b/docker/.bumpversion.cfg
index a72c0c4d7..239e3dea6 100644
--- a/docker/.bumpversion.cfg
+++ b/docker/.bumpversion.cfg
@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 1.8a15
+current_version = 1.8a16
 commit = False
 tag = False
 allow_dirty = True
diff --git a/docker/Makefile b/docker/Makefile
index 060835bca..f7b68afd6 100644
--- a/docker/Makefile
+++ b/docker/Makefile
@@ -4,7 +4,7 @@ DATABASE_URL_ETOOLS?=
 DEVELOP?=0
 DOCKER_PASS?=
 DOCKER_USER?=
-TARGET?=1.8a15
+TARGET?=1.8a16
 # below vars are used internally
 BUILD_OPTIONS?=--squash
 CMD?=datamart
diff --git a/src/etools_datamart/__init__.py b/src/etools_datamart/__init__.py
index 7e26027ac..c6e96a4cc 100644
--- a/src/etools_datamart/__init__.py
+++ b/src/etools_datamart/__init__.py
@@ -1,3 +1,3 @@
 NAME = 'etools-datamart'
-VERSION = __version__ = '1.8a15'
+VERSION = __version__ = '1.8a16'
 __author__ = ''

From 86dc1e4b390671d2bb8369dc01dbdbfdbb3aa7d9 Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Sat, 22 Dec 2018 19:26:45 +0100
Subject: [PATCH 80/86] cleanup celery

---
 src/etools_datamart/apps/data/loader.py | 10 ++---
 src/etools_datamart/apps/etl/admin.py   |  5 ++-
 src/etools_datamart/celery.py           | 55 +++++--------------------
 src/etools_datamart/config/settings.py  | 14 +++----
 4 files changed, 27 insertions(+), 57 deletions(-)

diff --git a/src/etools_datamart/apps/data/loader.py b/src/etools_datamart/apps/data/loader.py
index db94d218d..c33ca05fa 100644
--- a/src/etools_datamart/apps/data/loader.py
+++ b/src/etools_datamart/apps/data/loader.py
@@ -7,7 +7,7 @@
 from django.db import connections, models
 from django.utils import timezone
 from redis.exceptions import LockError
-from strategy_field.utils import get_attr
+from strategy_field.utils import fqn, get_attr
 
 from etools_datamart.celery import app
 
@@ -67,7 +67,7 @@ def is_record_changed(record, values):
 class LoaderOptions:
     __attrs__ = ['mapping', 'celery', 'source',
                  'queryset', 'key', 'locks',
-                 'depends', 'timeout']
+                 'depends', 'timeout', 'lock_key']
 
     def __init__(self, base=None):
         self.mapping = {}
@@ -89,12 +89,12 @@ def __init__(self, base=None):
 
         if not self.queryset and self.source:
             self.queryset = lambda: self.source.objects
-        if not self.lock_key:
-            self.lock_key = f"{self.source}-lock"
 
     def contribute_to_class(self, model, name):
         self.model = model
         setattr(model, name, self)
+        if not self.lock_key:
+            self.lock_key = f"{fqn(model)}-lock"
 
 
 class LoaderTask(celery.Task):
@@ -105,7 +105,7 @@ def __init__(self, loader) -> None:
         self.name = "load_{0.app_label}_{0.model_name}".format(loader.model._meta)
 
     def run(self, *args, **kwargs):
-        self.loader.load()
+        return self.loader.load()
 
 
 # def get_or_fail(Model, **kwargs):
diff --git a/src/etools_datamart/apps/etl/admin.py b/src/etools_datamart/apps/etl/admin.py
index bdd7c5af5..e839b4884 100644
--- a/src/etools_datamart/apps/etl/admin.py
+++ b/src/etools_datamart/apps/etl/admin.py
@@ -102,7 +102,10 @@ def unlock(self, request, pk):
         def _action(request):
             obj.loader.unlock()
 
-        return _confirm_action(self, request, _action, f"Continuing will unlock selected task. ({obj.task})",
+        return _confirm_action(self, request, _action,
+                               f"""Continuing will unlock selected task. ({obj.task}).
+{obj.loader.task.name} - {obj.loader.config.lock_key}
+""",
                                "Successfully executed", )
 
     @link()
diff --git a/src/etools_datamart/celery.py b/src/etools_datamart/celery.py
index a6dab833e..7adb66d3c 100644
--- a/src/etools_datamart/celery.py
+++ b/src/etools_datamart/celery.py
@@ -5,6 +5,7 @@
 from celery import Celery
 # from celery.contrib.abortable import AbortableTask
 from celery.signals import task_postrun, task_prerun
+from celery.utils.log import get_task_logger
 from kombu import Exchange, Queue
 from kombu.serialization import register
 
@@ -13,48 +14,12 @@
 os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'etools_datamart.config.settings')
 
 
-# class ETLTask(AbortableTask):
-#     abstract = True
-#     linked_model = None
-
-
 class DatamartCelery(Celery):
-    # etl_cls = ETLTask
     _mapping = {}
 
-    # def _task_from_fun(self, fun, name=None, base=None, bind=False, **options):
-    #     from etools_datamart.apps.etl.lock import only_one
-    #     linked_model = options.get('linked_model', None)
-    #     if linked_model:
-    #         name = name or self.gen_task_name(fun.__name__, fun.__module__)
-    #         options['lock_key'] = f"{name}-lock"
-    #         fun = only_one(fun, options['lock_key'])
-    #         # options['unlock'] = fun.unlock
-    #         task = super()._task_from_fun(fun, name=name, base=None, bind=False, **options)
-    #         linked_model._etl_task = task
-    #         linked_model._etl_loader = fun
-    #     else:
-    #         task = super()._task_from_fun(fun, name=name, base=None, bind=False, **options)
-    #     return task
-    #
-    # def etl(self, model, *args, **opts):
-    #     opts['base'] = ETLTask
-    #     opts['linked_model'] = model
-    #     task = super().task(*args, **opts)
-    #     return task
-
     def get_all_etls(self):
         return [cls for (name, cls) in self.tasks.items() if hasattr(cls, 'linked_model')]
 
-    # def gen_task_name(self, name, module):
-    #     prefix = ""
-    #     if module.endswith('.tasks.etl'):
-    #         module = module[:-10]
-    #         prefix = 'etl_'
-    #     if module.endswith('.tasks'):
-    #         module = module[:-6]
-    #     return prefix + super(DatamartCelery, self).gen_task_name(name, module)
-
 
 app = DatamartCelery('datamart')
 app.config_from_object('django.conf:settings', namespace='CELERY')
@@ -102,6 +67,7 @@ def task_postrun_handler(signal, sender, task_id, task, args, kwargs, retval, st
     from django.utils import timezone
     from etools_datamart.apps.subscriptions.models import Subscription
     from etools_datamart.apps.etl.models import EtlTask
+    logger = get_task_logger('etl')
     if not hasattr(sender, 'linked_model'):
         return
     try:
@@ -114,15 +80,16 @@ def task_postrun_handler(signal, sender, task_id, task, args, kwargs, retval, st
     if state == 'SUCCESS':
         try:
             defs['results'] = retval.as_dict()
-        except Exception:  # pragma: no cover
+            if retval.created > 0 or retval.updated > 0:
+                defs['last_changes'] = timezone.now()
+                for service in sender.linked_model.linked_services:
+                    service.invalidate_cache()
+                    Subscription.objects.notify(sender.linked_model)
+            defs['last_success'] = timezone.now()
+
+        except Exception as e:  # pragma: no cover
+            logger.error(e)
             defs['results'] = str(retval)
-        if retval.created > 0 or retval.updated > 0:
-            defs['last_changes'] = timezone.now()
-            for service in sender.linked_model.linked_services:
-                service.invalidate_cache()
-                Subscription.objects.notify(sender.linked_model)
-
-        defs['last_success'] = timezone.now()
     else:
         # if not isinstance(retval, dict):
         defs['results'] = str(retval)
diff --git a/src/etools_datamart/config/settings.py b/src/etools_datamart/config/settings.py
index f8814fa56..468967b81 100644
--- a/src/etools_datamart/config/settings.py
+++ b/src/etools_datamart/config/settings.py
@@ -415,16 +415,16 @@
 # CELERY_ACCEPT_CONTENT = ['application/json']
 # CELERY_RESULT_SERIALIZER = 'json'
 # CELERY_TASK_SERIALIZER = 'json'
-CELERY_TASK_IMPORTS = ["etools_datamart.apps.etl.tasks.etl",
-                       "etools_datamart.apps.etl.tasks.tasks", ]
-CELERY_BEAT_SCHEDULE = {}
+# CELERY_TASK_IMPORTS = ["etools_datamart.apps.etl.tasks.etl",
+#                        "etools_datamart.apps.etl.tasks.tasks", ]
+# CELERY_BEAT_SCHEDULE = {}
 CELERY_TASK_ALWAYS_EAGER = env.bool('CELERY_ALWAYS_EAGER')
 CELERY_EAGER_PROPAGATES_EXCEPTIONS = CELERY_TASK_ALWAYS_EAGER
 
-CELERY_TASK_ROUTES = {
-    'etools_datamart.apps.etl.tasks.etl': {'queue': 'etl'},
-    'etools_datamart.apps.etl.tasks.tasks': {'queue': 'tasks'},
-}
+# CELERY_TASK_ROUTES = {
+#     'etools_datamart.apps.etl.tasks.etl': {'queue': 'etl'},
+#     'etools_datamart.apps.etl.tasks.tasks': {'queue': 'tasks'},
+# }
 
 CELERY_ACCEPT_CONTENT = ['etljson']
 CELERY_TASK_SERIALIZER = 'etljson'

From b263afd9982711eb953513a9345a3d8fef2286c1 Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Sat, 22 Dec 2018 19:52:08 +0100
Subject: [PATCH 81/86] add data link to etltask changelist

---
 src/etools_datamart/apps/etl/admin.py | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/src/etools_datamart/apps/etl/admin.py b/src/etools_datamart/apps/etl/admin.py
index e839b4884..bdcde56ac 100644
--- a/src/etools_datamart/apps/etl/admin.py
+++ b/src/etools_datamart/apps/etl/admin.py
@@ -20,9 +20,8 @@
 @register(models.EtlTask)
 class EtlTaskAdmin(ExtraUrlMixin, admin.ModelAdmin):
     list_display = ('task', 'last_run', 'status', 'time',
-                    'last_success', 'last_failure', 'locked', 'scheduling',
-                    'unlock_task',
-                    'queue_task')
+                    'last_success', 'last_failure', 'locked',
+                    'data', 'scheduling', 'unlock_task', 'queue_task')
 
     # readonly_fields = ('task', 'last_run',
     #                    'last_success', 'last_failure', 'last_changes',
@@ -46,6 +45,14 @@ def scheduling(self, obj):
 
         return format_html(f'<a href="{url}">{label}</a>')
 
+    def data(self, obj):
+        model = obj.content_type.model_class()
+        opts = model._meta
+        url = reverse('admin:%s_%s_changelist' % (opts.app_label, opts.model_name))
+        return format_html(f'<a href="{url}">data</a>')
+
+    data.verbse_name = 'data'
+
     def queue_task(self, obj):
         opts = self.model._meta
         url = reverse('admin:%s_%s_queue' % (opts.app_label,

From a88bdc8651565784c0e355bd958d69debe8d5ac0 Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Sat, 22 Dec 2018 20:00:32 +0100
Subject: [PATCH 82/86] lint

---
 setup.cfg                                     |  1 +
 src/drf_querystringfilter/backend.py          |  5 ++--
 src/etools_datamart/api/endpoints/common.py   |  5 ++--
 src/etools_datamart/api/filtering.py          |  1 +
 src/etools_datamart/apps/data/admin.py        |  9 ++++---
 src/etools_datamart/apps/data/loader.py       |  5 ++--
 .../apps/data/migrations/0001_initial.py      |  3 ++-
 src/etools_datamart/apps/data/models/base.py  |  3 ++-
 src/etools_datamart/apps/data/models/fam.py   |  1 +
 src/etools_datamart/apps/data/models/user.py  |  1 +
 src/etools_datamart/apps/etl/admin.py         | 15 ++++-------
 src/etools_datamart/apps/etl/apps.py          |  3 ++-
 .../apps/etl/management/commands/queue.py     |  1 +
 src/etools_datamart/apps/etl/models.py        |  1 +
 .../init/management/commands/init-setup.py    |  3 ++-
 src/etools_datamart/apps/multitenant/admin.py |  3 ++-
 .../apps/multitenant/exceptions.py            |  1 +
 .../management/commands/inspectschema.py      |  1 +
 .../apps/multitenant/postgresql/base.py       |  3 ++-
 src/etools_datamart/apps/multitenant/sql.py   |  3 ++-
 src/etools_datamart/apps/security/utils.py    |  5 ++--
 .../apps/subscriptions/admin.py               |  3 ++-
 .../apps/subscriptions/models.py              |  3 ++-
 src/etools_datamart/apps/tracking/admin.py    |  3 ++-
 .../apps/tracking/middleware.py               |  1 +
 .../apps/tracking/migrations/0001_initial.py  |  3 ++-
 .../apps/tracking/models/log.py               |  1 +
 src/etools_datamart/config/admin.py           |  3 ++-
 src/etools_datamart/config/settings.py        | 27 -------------------
 src/etools_datamart/config/urls.py            |  1 +
 src/etools_datamart/config/wsgi.py            |  1 +
 src/etools_datamart/libs/constance.py         |  3 ++-
 src/month_field/admin.py                      |  1 +
 src/month_field/rest_framework.py             |  7 ++---
 src/unicef_rest_framework/admin/acl.py        |  3 ++-
 .../admin/application.py                      |  3 ++-
 src/unicef_rest_framework/admin/base.py       |  3 ++-
 src/unicef_rest_framework/admin/cache.py      |  3 ++-
 src/unicef_rest_framework/admin/filter.py     |  5 ++--
 src/unicef_rest_framework/admin/service.py    |  7 ++---
 src/unicef_rest_framework/auth.py             |  5 ++--
 src/unicef_rest_framework/cache.py            |  1 +
 src/unicef_rest_framework/config.py           |  1 +
 src/unicef_rest_framework/ds.py               |  5 ++--
 src/unicef_rest_framework/exceptions.py       |  1 +
 src/unicef_rest_framework/forms.py            |  1 +
 .../migrations/0001_initial.py                |  5 ++--
 src/unicef_rest_framework/models/base.py      |  3 ++-
 src/unicef_rest_framework/models/filter.py    |  1 +
 src/unicef_rest_framework/models/service.py   |  1 +
 src/unicef_rest_framework/ordering.py         |  1 +
 src/unicef_rest_framework/pagination.py       |  1 +
 src/unicef_rest_framework/renderers/api.py    |  1 +
 src/unicef_rest_framework/renderers/html.py   |  3 ++-
 src/unicef_rest_framework/renderers/iqy.py    |  3 ++-
 .../renderers/microsoft/xml.py                |  1 +
 src/unicef_rest_framework/renderers/pdf.py    |  3 ++-
 src/unicef_rest_framework/renderers/txt.py    |  3 ++-
 src/unicef_rest_framework/routers.py          |  1 +
 src/unicef_rest_framework/templatetags/urf.py |  3 ++-
 src/unicef_rest_framework/throttling.py       |  1 +
 src/unicef_rest_framework/urls.py             |  1 +
 src/unicef_rest_framework/views_mixins.py     |  1 +
 src/unicef_security/admin.py                  |  3 ++-
 src/unicef_security/graph.py                  |  7 ++---
 .../migrations/0001_initial.py                |  3 ++-
 src/unicef_security/models.py                 |  1 +
 67 files changed, 124 insertions(+), 91 deletions(-)

diff --git a/setup.cfg b/setup.cfg
index 29ffcd528..b86839397 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -9,6 +9,7 @@ balanced_wrapping = true
 order_by_type = false
 known_third_party = drf_querystringfilter,month_field
 known_unicef = unicef_security,unicef_rest_framework
+known_django = django
 sections = FUTURE,STDLIB,DJANGO,THIRDPARTY,UNICEF,FIRSTPARTY,LOCALFOLDER
 
 [wheel]
diff --git a/src/drf_querystringfilter/backend.py b/src/drf_querystringfilter/backend.py
index 80bb22dd6..fbf55b802 100644
--- a/src/drf_querystringfilter/backend.py
+++ b/src/drf_querystringfilter/backend.py
@@ -5,14 +5,15 @@
 from collections import OrderedDict
 from functools import lru_cache
 
-import coreapi
-import coreschema
 from django import forms
 from django.core.exceptions import FieldError
 from django.db import models
 from django.db.models import BooleanField, FieldDoesNotExist
 from django.template import loader
 from django.utils.encoding import force_text
+
+import coreapi
+import coreschema
 from rest_framework.filters import BaseFilterBackend
 from rest_framework.settings import api_settings
 
diff --git a/src/etools_datamart/api/endpoints/common.py b/src/etools_datamart/api/endpoints/common.py
index 35249a4f5..48920ffb9 100644
--- a/src/etools_datamart/api/endpoints/common.py
+++ b/src/etools_datamart/api/endpoints/common.py
@@ -1,10 +1,11 @@
 from functools import wraps
 
-import coreapi
-import coreschema
 from django.core.exceptions import ObjectDoesNotExist, ValidationError
 from django.db import connections
 from django.http import Http404
+
+import coreapi
+import coreschema
 from drf_querystringfilter.exceptions import QueryFilterException
 from dynamic_serializer.core import InvalidSerializerError
 from rest_framework.decorators import action
diff --git a/src/etools_datamart/api/filtering.py b/src/etools_datamart/api/filtering.py
index cb91b705f..9d5c71597 100644
--- a/src/etools_datamart/api/filtering.py
+++ b/src/etools_datamart/api/filtering.py
@@ -2,6 +2,7 @@
 from django.db import connections
 from django.db.models import Q
 from django.template import loader
+
 from rest_framework.exceptions import PermissionDenied
 from rest_framework.filters import BaseFilterBackend
 
diff --git a/src/etools_datamart/apps/data/admin.py b/src/etools_datamart/apps/data/admin.py
index cc85e63b6..adf0d3918 100644
--- a/src/etools_datamart/apps/data/admin.py
+++ b/src/etools_datamart/apps/data/admin.py
@@ -2,16 +2,17 @@
 import logging
 from time import time
 
-from admin_extra_urls.extras import ExtraUrlMixin, link
-from adminactions.mass_update import mass_update
-from adminfilters.filters import AllValuesComboFilter
-from crashlog.middleware import process_exception
 from django.contrib import messages
 from django.contrib.admin import ModelAdmin, register
 from django.contrib.admin.templatetags.admin_urls import admin_urlname
 from django.contrib.admin.views.main import ChangeList
 from django.http import HttpResponseRedirect
 from django.urls import reverse
+
+from admin_extra_urls.extras import ExtraUrlMixin, link
+from adminactions.mass_update import mass_update
+from adminfilters.filters import AllValuesComboFilter
+from crashlog.middleware import process_exception
 from humanize import naturaldelta
 
 from unicef_rest_framework.models import Service
diff --git a/src/etools_datamart/apps/data/loader.py b/src/etools_datamart/apps/data/loader.py
index c33ca05fa..f3e18b1b7 100644
--- a/src/etools_datamart/apps/data/loader.py
+++ b/src/etools_datamart/apps/data/loader.py
@@ -1,11 +1,12 @@
 import logging
 from inspect import isclass
 
-import celery
-from crashlog.middleware import process_exception
 from django.core.cache import caches
 from django.db import connections, models
 from django.utils import timezone
+
+import celery
+from crashlog.middleware import process_exception
 from redis.exceptions import LockError
 from strategy_field.utils import fqn, get_attr
 
diff --git a/src/etools_datamart/apps/data/migrations/0001_initial.py b/src/etools_datamart/apps/data/migrations/0001_initial.py
index be3897ff6..ecb6b6f2e 100644
--- a/src/etools_datamart/apps/data/migrations/0001_initial.py
+++ b/src/etools_datamart/apps/data/migrations/0001_initial.py
@@ -3,9 +3,10 @@
 import django.contrib.gis.db.models.fields
 import django.contrib.postgres.fields.jsonb
 import django.db.models.deletion
-import month_field.models
 from django.db import migrations, models
 
+import month_field.models
+
 
 class Migration(migrations.Migration):
 
diff --git a/src/etools_datamart/apps/data/models/base.py b/src/etools_datamart/apps/data/models/base.py
index 5f2e1bfbc..d162be924 100644
--- a/src/etools_datamart/apps/data/models/base.py
+++ b/src/etools_datamart/apps/data/models/base.py
@@ -1,10 +1,11 @@
-from celery.local import class_property
 from django.contrib.contenttypes.models import ContentType
 from django.db import models
 from django.db.models import QuerySet
 from django.db.models.base import ModelBase
 from django.db.models.manager import BaseManager
 
+from celery.local import class_property
+
 from etools_datamart.apps.data.loader import Loader, LoaderOptions
 
 
diff --git a/src/etools_datamart/apps/data/models/fam.py b/src/etools_datamart/apps/data/models/fam.py
index 86cfdb9a2..1143a9b6f 100644
--- a/src/etools_datamart/apps/data/models/fam.py
+++ b/src/etools_datamart/apps/data/models/fam.py
@@ -1,4 +1,5 @@
 from django.db import models
+
 from month_field.models import MonthField
 
 from etools_datamart.apps.data.loader import EtlResult, Loader
diff --git a/src/etools_datamart/apps/data/models/user.py b/src/etools_datamart/apps/data/models/user.py
index 4e6557250..6fcf7fb18 100644
--- a/src/etools_datamart/apps/data/models/user.py
+++ b/src/etools_datamart/apps/data/models/user.py
@@ -1,6 +1,7 @@
 from datetime import datetime
 
 from django.db import models
+
 from month_field.models import MonthField
 
 from etools_datamart.apps.data.loader import EtlResult, Loader
diff --git a/src/etools_datamart/apps/etl/admin.py b/src/etools_datamart/apps/etl/admin.py
index bdcde56ac..0dfeb5602 100644
--- a/src/etools_datamart/apps/etl/admin.py
+++ b/src/etools_datamart/apps/etl/admin.py
@@ -1,17 +1,17 @@
 # -*- coding: utf-8 -*-
-from admin_extra_urls.extras import action, ExtraUrlMixin, link
-from admin_extra_urls.mixins import _confirm_action
-from adminactions.mass_update import mass_update
-from crashlog.middleware import process_exception
 from django.contrib import admin, messages
 from django.contrib.admin import register
 from django.http import HttpResponseRedirect
 from django.urls import reverse
 from django.utils.html import format_html
+
+from admin_extra_urls.extras import action, ExtraUrlMixin, link
+from admin_extra_urls.mixins import _confirm_action
+from adminactions.mass_update import mass_update
+from crashlog.middleware import process_exception
 from django_celery_beat.models import PeriodicTask
 from humanize import naturaldelta
 
-# from etools_datamart.apps.etl.lock import cache
 from etools_datamart.celery import app
 
 from . import models
@@ -23,11 +23,6 @@ class EtlTaskAdmin(ExtraUrlMixin, admin.ModelAdmin):
                     'last_success', 'last_failure', 'locked',
                     'data', 'scheduling', 'unlock_task', 'queue_task')
 
-    # readonly_fields = ('task', 'last_run',
-    #                    'last_success', 'last_failure', 'last_changes',
-    #                    'results', 'elapsed', 'time', 'status',
-    #                    'table_name', 'content_type',
-    #                    )
     date_hierarchy = 'last_run'
     actions = [mass_update, ]
 
diff --git a/src/etools_datamart/apps/etl/apps.py b/src/etools_datamart/apps/etl/apps.py
index a8a63ec7d..b310a0012 100644
--- a/src/etools_datamart/apps/etl/apps.py
+++ b/src/etools_datamart/apps/etl/apps.py
@@ -1,7 +1,8 @@
 # -*- coding: utf-8 -*-
-from celery.signals import task_postrun
 from django.apps import AppConfig
 
+from celery.signals import task_postrun
+
 from etools_datamart.apps.etl.signals import data_refreshed
 
 
diff --git a/src/etools_datamart/apps/etl/management/commands/queue.py b/src/etools_datamart/apps/etl/management/commands/queue.py
index 6868eb906..546d5a741 100644
--- a/src/etools_datamart/apps/etl/management/commands/queue.py
+++ b/src/etools_datamart/apps/etl/management/commands/queue.py
@@ -1,5 +1,6 @@
 from django.core.management.base import CommandError, LabelCommand
 from django.utils.module_loading import import_string
+
 from django_extensions.management.utils import signalcommand
 
 
diff --git a/src/etools_datamart/apps/etl/models.py b/src/etools_datamart/apps/etl/models.py
index b84bbf685..707fe036d 100644
--- a/src/etools_datamart/apps/etl/models.py
+++ b/src/etools_datamart/apps/etl/models.py
@@ -3,6 +3,7 @@
 from django.contrib.postgres.fields import JSONField
 from django.db import models
 from django.utils.functional import cached_property
+
 from django_celery_beat.models import PeriodicTask
 
 from etools_datamart.apps.data.models.base import DataMartModel
diff --git a/src/etools_datamart/apps/init/management/commands/init-setup.py b/src/etools_datamart/apps/init/management/commands/init-setup.py
index 29ae39e4e..d4bfc8c76 100644
--- a/src/etools_datamart/apps/init/management/commands/init-setup.py
+++ b/src/etools_datamart/apps/init/management/commands/init-setup.py
@@ -3,7 +3,6 @@
 import warnings
 from urllib.parse import urlparse
 
-from constance import config
 from django.conf import settings
 from django.contrib.auth import get_user_model
 from django.contrib.auth.hashers import make_password
@@ -12,6 +11,8 @@
 from django.core.management.base import BaseCommand
 from django.db import connections
 from django.utils.module_loading import import_string
+
+from constance import config
 from django_celery_beat.models import CrontabSchedule, IntervalSchedule, PeriodicTask
 from post_office.models import EmailTemplate
 from redisboard.models import RedisServer
diff --git a/src/etools_datamart/apps/multitenant/admin.py b/src/etools_datamart/apps/multitenant/admin.py
index 0ecfa7bc2..a2b127c77 100644
--- a/src/etools_datamart/apps/multitenant/admin.py
+++ b/src/etools_datamart/apps/multitenant/admin.py
@@ -1,5 +1,4 @@
 # -*- coding: utf-8 -*-
-from admin_extra_urls.extras import ExtraUrlMixin
 from django.contrib import messages
 from django.contrib.admin import ListFilter, ModelAdmin
 from django.contrib.admin.utils import quote
@@ -9,6 +8,8 @@
 from django.http import HttpResponseRedirect
 from django.urls import reverse
 
+from admin_extra_urls.extras import ExtraUrlMixin
+
 
 class TenantChangeList(ChangeList):
     IGNORED_PARAMS = ['country_name', ]
diff --git a/src/etools_datamart/apps/multitenant/exceptions.py b/src/etools_datamart/apps/multitenant/exceptions.py
index a7b431d1d..bacb75d76 100644
--- a/src/etools_datamart/apps/multitenant/exceptions.py
+++ b/src/etools_datamart/apps/multitenant/exceptions.py
@@ -1,5 +1,6 @@
 # -*- coding: utf-8 -*-
 from django.template.defaultfilters import pluralize
+
 from rest_framework.exceptions import PermissionDenied
 
 
diff --git a/src/etools_datamart/apps/multitenant/management/commands/inspectschema.py b/src/etools_datamart/apps/multitenant/management/commands/inspectschema.py
index 107be08d3..9dfcb1ff1 100644
--- a/src/etools_datamart/apps/multitenant/management/commands/inspectschema.py
+++ b/src/etools_datamart/apps/multitenant/management/commands/inspectschema.py
@@ -5,6 +5,7 @@
 from django.core.management.base import BaseCommand, CommandError
 from django.db import connections, DEFAULT_DB_ALIAS
 from django.db.models.constants import LOOKUP_SEP
+
 from django_regex.utils import RegexList
 
 # from etools_datamart import state
diff --git a/src/etools_datamart/apps/multitenant/postgresql/base.py b/src/etools_datamart/apps/multitenant/postgresql/base.py
index 42cf731b3..aa45ba8a8 100644
--- a/src/etools_datamart/apps/multitenant/postgresql/base.py
+++ b/src/etools_datamart/apps/multitenant/postgresql/base.py
@@ -6,13 +6,14 @@
 from typing import List
 
 import django.db.utils
-import psycopg2
 from django.apps import apps
 from django.conf import settings
 from django.db.backends.postgresql import base as original_backend
 from django.db.backends.utils import CursorWrapper
 from django.utils.functional import cached_property
 
+import psycopg2
+
 # from etools_datamart.state import state
 from etools_datamart.apps.etools.models import UsersCountry
 from etools_datamart.apps.multitenant.exceptions import InvalidSchema
diff --git a/src/etools_datamart/apps/multitenant/sql.py b/src/etools_datamart/apps/multitenant/sql.py
index 863fefa34..02b1e2c35 100644
--- a/src/etools_datamart/apps/multitenant/sql.py
+++ b/src/etools_datamart/apps/multitenant/sql.py
@@ -2,8 +2,9 @@
 import re
 from collections import OrderedDict
 
-import sqlparse
 from django.utils.functional import cached_property
+
+import sqlparse
 from django_regex.utils import RegexList
 from sqlparse.sql import Function, Identifier, IdentifierList, Where
 from sqlparse.tokens import Keyword, Whitespace
diff --git a/src/etools_datamart/apps/security/utils.py b/src/etools_datamart/apps/security/utils.py
index 1fee05400..88ca339b4 100644
--- a/src/etools_datamart/apps/security/utils.py
+++ b/src/etools_datamart/apps/security/utils.py
@@ -1,8 +1,9 @@
-from concurrency.utils import flatten
-from constance import config
 from django.core.cache import caches
 from django.db import connections
 
+from concurrency.utils import flatten
+from constance import config
+
 from unicef_rest_framework.models import Service
 
 from etools_datamart.apps.etools.models import UsersUserprofile
diff --git a/src/etools_datamart/apps/subscriptions/admin.py b/src/etools_datamart/apps/subscriptions/admin.py
index 854a0c404..846b9593a 100644
--- a/src/etools_datamart/apps/subscriptions/admin.py
+++ b/src/etools_datamart/apps/subscriptions/admin.py
@@ -1,8 +1,9 @@
 # -*- coding: utf-8 -*-
-from admin_extra_urls.extras import ExtraUrlMixin
 from django.contrib import admin
 from django.contrib.admin import register
 
+from admin_extra_urls.extras import ExtraUrlMixin
+
 from . import models
 
 
diff --git a/src/etools_datamart/apps/subscriptions/models.py b/src/etools_datamart/apps/subscriptions/models.py
index b443129a7..189869e54 100644
--- a/src/etools_datamart/apps/subscriptions/models.py
+++ b/src/etools_datamart/apps/subscriptions/models.py
@@ -1,11 +1,12 @@
 import logging
 from io import BytesIO
 
-from crashlog.middleware import process_exception
 from django.conf import settings
 from django.contrib.contenttypes.models import ContentType
 from django.db import models
 from django.utils.functional import cached_property
+
+from crashlog.middleware import process_exception
 from post_office import mail
 from rest_framework.test import APIRequestFactory
 
diff --git a/src/etools_datamart/apps/tracking/admin.py b/src/etools_datamart/apps/tracking/admin.py
index 58796f8b7..62c1dc0c2 100644
--- a/src/etools_datamart/apps/tracking/admin.py
+++ b/src/etools_datamart/apps/tracking/admin.py
@@ -2,11 +2,12 @@
 import json
 import logging
 
-from admin_extra_urls.extras import link
 from django.contrib import admin
 from django.template.defaultfilters import pluralize, urlencode
 from django.utils.safestring import mark_safe
 
+from admin_extra_urls.extras import link
+
 from unicef_rest_framework.admin import APIModelAdmin, TruncateTableMixin
 from unicef_rest_framework.utils import humanize_size
 
diff --git a/src/etools_datamart/apps/tracking/middleware.py b/src/etools_datamart/apps/tracking/middleware.py
index 705f43da6..8fa3dd76c 100644
--- a/src/etools_datamart/apps/tracking/middleware.py
+++ b/src/etools_datamart/apps/tracking/middleware.py
@@ -7,6 +7,7 @@
 from django.conf import settings
 from django.db.models import F
 from django.utils.timezone import now
+
 from strategy_field.utils import fqn
 
 from etools_datamart.apps.tracking import config
diff --git a/src/etools_datamart/apps/tracking/migrations/0001_initial.py b/src/etools_datamart/apps/tracking/migrations/0001_initial.py
index 90748dcfa..c1e927e9e 100644
--- a/src/etools_datamart/apps/tracking/migrations/0001_initial.py
+++ b/src/etools_datamart/apps/tracking/migrations/0001_initial.py
@@ -1,9 +1,10 @@
 # Generated by Django 2.1.4 on 2018-12-21 17:24
 
 import django.utils.timezone
-import strategy_field.fields
 from django.db import migrations, models
 
+import strategy_field.fields
+
 
 class Migration(migrations.Migration):
 
diff --git a/src/etools_datamart/apps/tracking/models/log.py b/src/etools_datamart/apps/tracking/models/log.py
index 268800a6d..402a17275 100644
--- a/src/etools_datamart/apps/tracking/models/log.py
+++ b/src/etools_datamart/apps/tracking/models/log.py
@@ -4,6 +4,7 @@
 from django.conf import settings
 from django.db import connections, models
 from django.utils.timezone import now
+
 from strategy_field.fields import StrategyClassField
 
 logger = logging.getLogger(__name__)
diff --git a/src/etools_datamart/config/admin.py b/src/etools_datamart/config/admin.py
index 670f3df10..2b7294733 100644
--- a/src/etools_datamart/config/admin.py
+++ b/src/etools_datamart/config/admin.py
@@ -1,6 +1,5 @@
 from collections import OrderedDict
 
-from constance import config
 from django.conf import settings
 from django.contrib.admin import AdminSite
 from django.contrib.admin.apps import SimpleAdminConfig
@@ -10,6 +9,8 @@
 from django.utils.translation import gettext_lazy
 from django.views.decorators.cache import never_cache
 
+from constance import config
+
 from etools_datamart.libs.version import get_full_version
 
 cache = caches['default']
diff --git a/src/etools_datamart/config/settings.py b/src/etools_datamart/config/settings.py
index 468967b81..6592c2517 100644
--- a/src/etools_datamart/config/settings.py
+++ b/src/etools_datamart/config/settings.py
@@ -375,18 +375,6 @@
 # django-constance
 CONSTANCE_BACKEND = 'constance.backends.database.DatabaseBackend'
 CONSTANCE_ADDITIONAL_FIELDS = {
-    # 'read_only_text': ['django.forms.fields.CharField', {
-    #     'required': False,
-    #     'widget': 'etools_datamart.libs.constance.ObfuscatedInput',
-    # }],
-    # 'write_only_text': ['django.forms.fields.CharField', {
-    #     'required': False,
-    #     'widget': 'etools_datamart.libs.constance.WriteOnlyTextarea',
-    # }],
-    # 'write_only_input': ['django.forms.fields.CharField', {
-    #     'required': False,
-    #     'widget': 'etools_datamart.libs.constance.WriteOnlyInput',
-    # }],
     'select_group': ['etools_datamart.libs.constance.GroupChoiceField', {
         'required': False,
         'widget': 'etools_datamart.libs.constance.GroupChoice',
@@ -412,20 +400,8 @@
 CELERY_TIMEZONE = 'America/New_York'
 CELERY_BROKER_URL = env('CELERY_BROKER_URL')
 CELERY_RESULT_BACKEND = env('CELERY_RESULT_BACKEND')
-# CELERY_ACCEPT_CONTENT = ['application/json']
-# CELERY_RESULT_SERIALIZER = 'json'
-# CELERY_TASK_SERIALIZER = 'json'
-# CELERY_TASK_IMPORTS = ["etools_datamart.apps.etl.tasks.etl",
-#                        "etools_datamart.apps.etl.tasks.tasks", ]
-# CELERY_BEAT_SCHEDULE = {}
 CELERY_TASK_ALWAYS_EAGER = env.bool('CELERY_ALWAYS_EAGER')
 CELERY_EAGER_PROPAGATES_EXCEPTIONS = CELERY_TASK_ALWAYS_EAGER
-
-# CELERY_TASK_ROUTES = {
-#     'etools_datamart.apps.etl.tasks.etl': {'queue': 'etl'},
-#     'etools_datamart.apps.etl.tasks.tasks': {'queue': 'tasks'},
-# }
-
 CELERY_ACCEPT_CONTENT = ['etljson']
 CELERY_TASK_SERIALIZER = 'etljson'
 CELERY_RESULT_SERIALIZER = 'etljson'
@@ -439,12 +415,9 @@
     ),
     "PAGE_SIZE": 100,
     'DEFAULT_CONTENT_NEGOTIATION_CLASS': 'unicef_rest_framework.negotiation.CT',
-    # "DEFAULT_PAGINATION_CLASS": 'rest_framework.pagination.CursorPagination',
     'DEFAULT_PAGINATION_CLASS': 'unicef_rest_framework.pagination.APIPagination',
     'DEFAULT_METADATA_CLASS': 'etools_datamart.api.metadata.SimpleMetadataWithFilters',
     'DEFAULT_VERSIONING_CLASS': 'rest_framework.versioning.NamespaceVersioning',
-    # 'DEFAULT_SCHEMA_CLASS': 'etools_datamart.api.swagger.APIAutoSchema',
-    # 'EXCEPTION_HANDLER': 'my_project.my_app.utils.custom_exception_handler'
     'SEARCH_PARAM': 'search',
     'ORDERING_PARAM': 'ordering',
     'DATETIME_FORMAT': DATETIME_FORMAT
diff --git a/src/etools_datamart/config/urls.py b/src/etools_datamart/config/urls.py
index 7dfa51ffe..37dfd2783 100644
--- a/src/etools_datamart/config/urls.py
+++ b/src/etools_datamart/config/urls.py
@@ -1,5 +1,6 @@
 from django.contrib.admin import site
 from django.urls import include, path, re_path
+
 from django_sysinfo.views import admin_sysinfo, http_basic_login, sysinfo, version
 from oauth2_provider.views import AuthorizationView
 
diff --git a/src/etools_datamart/config/wsgi.py b/src/etools_datamart/config/wsgi.py
index 3abcc3ec4..a2a89ef4d 100644
--- a/src/etools_datamart/config/wsgi.py
+++ b/src/etools_datamart/config/wsgi.py
@@ -16,6 +16,7 @@
 import os
 
 from django.core.wsgi import get_wsgi_application
+
 from whitenoise import WhiteNoise
 
 os.environ.setdefault("DJANGO_SETTINGS_MODULE", "etools_datamart.config.settings")
diff --git a/src/etools_datamart/libs/constance.py b/src/etools_datamart/libs/constance.py
index db4b60582..2c0578954 100644
--- a/src/etools_datamart/libs/constance.py
+++ b/src/etools_datamart/libs/constance.py
@@ -1,9 +1,10 @@
-from constance import config
 from django.contrib.auth.models import Group
 from django.forms import ChoiceField, HiddenInput, Select, Textarea, TextInput
 from django.template import Context, Template
 from django.utils.safestring import mark_safe
 
+from constance import config
+
 
 class GroupChoiceField(ChoiceField):
 
diff --git a/src/month_field/admin.py b/src/month_field/admin.py
index 306259065..da3dcf354 100644
--- a/src/month_field/admin.py
+++ b/src/month_field/admin.py
@@ -2,6 +2,7 @@
 
 from django.contrib.admin import FieldListFilter
 from django.utils.dates import MONTHS
+
 from month_field.models import MonthField
 
 today = datetime.today()
diff --git a/src/month_field/rest_framework.py b/src/month_field/rest_framework.py
index acb9a38d5..c5f339378 100644
--- a/src/month_field/rest_framework.py
+++ b/src/month_field/rest_framework.py
@@ -1,12 +1,13 @@
 from datetime import date, datetime
 from functools import lru_cache
 
-import coreapi
-import coreschema
-from coreapi.compat import force_text
 from django.forms import forms
 from django.template import loader
 from django.utils.dates import MONTHS_3
+
+import coreapi
+import coreschema
+from coreapi.compat import force_text
 from drf_querystringfilter.exceptions import InvalidQueryValueError
 from month_field.forms import MonthField
 from rest_framework.filters import BaseFilterBackend
diff --git a/src/unicef_rest_framework/admin/acl.py b/src/unicef_rest_framework/admin/acl.py
index bedd774e2..75d715c42 100644
--- a/src/unicef_rest_framework/admin/acl.py
+++ b/src/unicef_rest_framework/admin/acl.py
@@ -2,7 +2,6 @@
 
 import logging
 
-from admin_extra_urls.extras import ExtraUrlMixin, link
 from django import forms
 from django.contrib import admin
 from django.contrib.admin import widgets
@@ -11,6 +10,8 @@
 from django.contrib.postgres.forms import SimpleArrayField
 from django.template.response import TemplateResponse
 
+from admin_extra_urls.extras import ExtraUrlMixin, link
+
 from unicef_rest_framework.models import Service, UserAccessControl
 from unicef_rest_framework.models.acl import AbstractAccessControl, GroupAccessControl
 
diff --git a/src/unicef_rest_framework/admin/application.py b/src/unicef_rest_framework/admin/application.py
index 3bf8b902c..242bfe94c 100644
--- a/src/unicef_rest_framework/admin/application.py
+++ b/src/unicef_rest_framework/admin/application.py
@@ -3,10 +3,11 @@
 import logging
 import uuid
 
-from admin_extra_urls.extras import ExtraUrlMixin
 from django import forms
 from django.contrib import admin
 
+from admin_extra_urls.extras import ExtraUrlMixin
+
 from unicef_rest_framework.models import Application
 
 logger = logging.getLogger(__name__)
diff --git a/src/unicef_rest_framework/admin/base.py b/src/unicef_rest_framework/admin/base.py
index ceb2ff0db..71d814eef 100644
--- a/src/unicef_rest_framework/admin/base.py
+++ b/src/unicef_rest_framework/admin/base.py
@@ -2,9 +2,10 @@
 
 import logging
 
+from django.contrib import admin
+
 from admin_extra_urls.extras import ExtraUrlMixin, link
 from admin_extra_urls.mixins import _confirm_action
-from django.contrib import admin
 
 logger = logging.getLogger(__name__)
 
diff --git a/src/unicef_rest_framework/admin/cache.py b/src/unicef_rest_framework/admin/cache.py
index f1e23ba17..0adb52f76 100644
--- a/src/unicef_rest_framework/admin/cache.py
+++ b/src/unicef_rest_framework/admin/cache.py
@@ -4,7 +4,6 @@
 import re
 import uuid
 
-from admin_extra_urls.extras import action, ExtraUrlMixin, link
 from django import forms
 from django.contrib import admin
 from django.contrib.admin.templatetags.admin_urls import admin_urlname
@@ -14,6 +13,8 @@
 from django.template.response import TemplateResponse
 from django.urls import reverse
 
+from admin_extra_urls.extras import action, ExtraUrlMixin, link
+
 from unicef_rest_framework.cache import humanize_ttl, parse_ttl
 from unicef_rest_framework.forms import CacheVersionForm
 from unicef_rest_framework.models import Service
diff --git a/src/unicef_rest_framework/admin/filter.py b/src/unicef_rest_framework/admin/filter.py
index 8bf55906d..b42b7fb0c 100644
--- a/src/unicef_rest_framework/admin/filter.py
+++ b/src/unicef_rest_framework/admin/filter.py
@@ -2,14 +2,15 @@
 
 import logging
 
-import requests
-from admin_extra_urls.extras import action, ExtraUrlMixin
 from django.conf import settings
 from django.contrib import admin, messages
 from django.contrib.admin import TabularInline
 from django.http import HttpResponseRedirect
 from django.urls import reverse
 
+import requests
+from admin_extra_urls.extras import action, ExtraUrlMixin
+
 from ..models.filter import SystemFilter, SystemFilterFieldRule
 
 logger = logging.getLogger(__name__)
diff --git a/src/unicef_rest_framework/admin/service.py b/src/unicef_rest_framework/admin/service.py
index 4d0af6a5d..e89e1c3c1 100644
--- a/src/unicef_rest_framework/admin/service.py
+++ b/src/unicef_rest_framework/admin/service.py
@@ -4,14 +4,15 @@
 import logging
 import os
 
-from admin_extra_urls.extras import action, ExtraUrlMixin, link
-from adminactions.mass_update import mass_update
-from constance import config
 from django.contrib import admin
 from django.contrib.admin.templatetags.admin_urls import admin_urlname
 from django.http import HttpResponse, HttpResponseRedirect
 from django.urls import NoReverseMatch, reverse
 from django.utils.safestring import mark_safe
+
+from admin_extra_urls.extras import action, ExtraUrlMixin, link
+from adminactions.mass_update import mass_update
+from constance import config
 from strategy_field.utils import fqn, import_by_name
 
 from unicef_rest_framework import acl
diff --git a/src/unicef_rest_framework/auth.py b/src/unicef_rest_framework/auth.py
index faf872210..68206f047 100644
--- a/src/unicef_rest_framework/auth.py
+++ b/src/unicef_rest_framework/auth.py
@@ -1,11 +1,12 @@
 import logging
 
-from constance import config
-from crashlog.middleware import process_exception
 from django.conf import settings
 from django.contrib.auth import get_user_model, login
 from django.contrib.auth.backends import ModelBackend
 from django.utils.translation import ugettext as _
+
+from constance import config
+from crashlog.middleware import process_exception
 from rest_framework import exceptions
 from rest_framework.authentication import BaseAuthentication
 from rest_framework.exceptions import AuthenticationFailed, PermissionDenied
diff --git a/src/unicef_rest_framework/cache.py b/src/unicef_rest_framework/cache.py
index c0e41cda1..24442ac8f 100644
--- a/src/unicef_rest_framework/cache.py
+++ b/src/unicef_rest_framework/cache.py
@@ -4,6 +4,7 @@
 from django.core.cache import caches
 from django.utils.http import quote_etag
 from django.utils.translation import ugettext as _
+
 from humanize.i18n import ngettext
 from humanize.time import date_and_delta
 from rest_framework_extensions.cache.decorators import CacheResponse
diff --git a/src/unicef_rest_framework/config.py b/src/unicef_rest_framework/config.py
index 9ff14947e..39b3d3053 100644
--- a/src/unicef_rest_framework/config.py
+++ b/src/unicef_rest_framework/config.py
@@ -2,6 +2,7 @@
 from django.core.exceptions import ImproperlyConfigured
 from django.core.signals import setting_changed
 from django.urls import get_callable
+
 from strategy_field.utils import import_by_name
 
 from unicef_rest_framework import acl
diff --git a/src/unicef_rest_framework/ds.py b/src/unicef_rest_framework/ds.py
index 9ae323217..e1d48fc04 100644
--- a/src/unicef_rest_framework/ds.py
+++ b/src/unicef_rest_framework/ds.py
@@ -1,7 +1,8 @@
-import coreapi
-import coreschema
 from django.forms import ChoiceField, forms
 from django.template import loader
+
+import coreapi
+import coreschema
 from dynamic_serializer.core import DynamicSerializerMixin as DynamicSerializerMixinBase
 from rest_framework.filters import BaseFilterBackend
 
diff --git a/src/unicef_rest_framework/exceptions.py b/src/unicef_rest_framework/exceptions.py
index b731b6cb1..c20cadb17 100644
--- a/src/unicef_rest_framework/exceptions.py
+++ b/src/unicef_rest_framework/exceptions.py
@@ -1,6 +1,7 @@
 # -*- coding: utf-8 -*-
 from django.core.exceptions import ValidationError
 from django.utils.translation import ugettext_lazy as _
+
 from rest_framework import status
 from rest_framework.exceptions import APIException, AuthenticationFailed
 from rest_framework.response import Response
diff --git a/src/unicef_rest_framework/forms.py b/src/unicef_rest_framework/forms.py
index 18554b265..1875b8339 100644
--- a/src/unicef_rest_framework/forms.py
+++ b/src/unicef_rest_framework/forms.py
@@ -1,6 +1,7 @@
 # -*- coding: utf-8 -*-
 from django.core.exceptions import ValidationError
 from django.forms.models import ModelForm
+
 from strategy_field.utils import import_by_name
 
 from .cache import parse_ttl
diff --git a/src/unicef_rest_framework/migrations/0001_initial.py b/src/unicef_rest_framework/migrations/0001_initial.py
index fc0f74d39..92b4cf6f5 100644
--- a/src/unicef_rest_framework/migrations/0001_initial.py
+++ b/src/unicef_rest_framework/migrations/0001_initial.py
@@ -2,12 +2,13 @@
 
 import uuid
 
-import concurrency.fields
 import django.contrib.postgres.fields
 import django.db.models.deletion
-import strategy_field.fields
 from django.db import migrations, models
 
+import concurrency.fields
+import strategy_field.fields
+
 import unicef_rest_framework.models.acl
 
 
diff --git a/src/unicef_rest_framework/models/base.py b/src/unicef_rest_framework/models/base.py
index 1578f03ad..f789b02c1 100644
--- a/src/unicef_rest_framework/models/base.py
+++ b/src/unicef_rest_framework/models/base.py
@@ -3,12 +3,13 @@
 import logging
 import uuid
 
-from concurrency.fields import IntegerVersionField
 from django.conf import settings
 from django.db import models
 from django.db.models import UUIDField
 from django.utils.translation import ugettext_lazy as _
 
+from concurrency.fields import IntegerVersionField
+
 logger = logging.getLogger(__name__)
 
 
diff --git a/src/unicef_rest_framework/models/filter.py b/src/unicef_rest_framework/models/filter.py
index b8c93d8bb..dd1df7bbb 100644
--- a/src/unicef_rest_framework/models/filter.py
+++ b/src/unicef_rest_framework/models/filter.py
@@ -6,6 +6,7 @@
 from django.contrib.auth.models import Group
 from django.core.exceptions import FieldError, ValidationError
 from django.db import models
+
 from strategy_field.utils import fqn
 
 from .application import Application
diff --git a/src/unicef_rest_framework/models/service.py b/src/unicef_rest_framework/models/service.py
index f4fb09d20..32e296237 100644
--- a/src/unicef_rest_framework/models/service.py
+++ b/src/unicef_rest_framework/models/service.py
@@ -6,6 +6,7 @@
 from django.db import models
 from django.db.models import F
 from django.utils.functional import cached_property
+
 from rest_framework.reverse import reverse
 from strategy_field.fields import StrategyClassField
 
diff --git a/src/unicef_rest_framework/ordering.py b/src/unicef_rest_framework/ordering.py
index 980e78fcf..e238cf6fa 100644
--- a/src/unicef_rest_framework/ordering.py
+++ b/src/unicef_rest_framework/ordering.py
@@ -1,4 +1,5 @@
 from django import forms
+
 from rest_framework.filters import OrderingFilter as OrderingFilterBase
 
 
diff --git a/src/unicef_rest_framework/pagination.py b/src/unicef_rest_framework/pagination.py
index 92c7af40a..3104b4349 100644
--- a/src/unicef_rest_framework/pagination.py
+++ b/src/unicef_rest_framework/pagination.py
@@ -3,6 +3,7 @@
 
 from django import forms
 from django.template import loader
+
 from rest_framework import serializers
 from rest_framework.filters import BaseFilterBackend
 from rest_framework.pagination import CursorPagination, PageNumberPagination
diff --git a/src/unicef_rest_framework/renderers/api.py b/src/unicef_rest_framework/renderers/api.py
index 7c9128d9c..461d15777 100644
--- a/src/unicef_rest_framework/renderers/api.py
+++ b/src/unicef_rest_framework/renderers/api.py
@@ -2,6 +2,7 @@
 import logging
 
 from django.template import loader
+
 from rest_framework.renderers import BrowsableAPIRenderer as _BrowsableAPIRenderer
 from rest_framework.reverse import reverse
 
diff --git a/src/unicef_rest_framework/renderers/html.py b/src/unicef_rest_framework/renderers/html.py
index cb045c45b..e15e72702 100644
--- a/src/unicef_rest_framework/renderers/html.py
+++ b/src/unicef_rest_framework/renderers/html.py
@@ -1,7 +1,8 @@
 import logging
 
-from crashlog.middleware import process_exception
 from django.template import loader
+
+from crashlog.middleware import process_exception
 from rest_framework.renderers import BaseRenderer
 
 logger = logging.getLogger(__name__)
diff --git a/src/unicef_rest_framework/renderers/iqy.py b/src/unicef_rest_framework/renderers/iqy.py
index c349e6495..d347cd519 100644
--- a/src/unicef_rest_framework/renderers/iqy.py
+++ b/src/unicef_rest_framework/renderers/iqy.py
@@ -1,7 +1,8 @@
 import logging
 
-from crashlog.middleware import process_exception
 from django.template import loader
+
+from crashlog.middleware import process_exception
 from rest_framework.renderers import BaseRenderer
 
 logger = logging.getLogger(__name__)
diff --git a/src/unicef_rest_framework/renderers/microsoft/xml.py b/src/unicef_rest_framework/renderers/microsoft/xml.py
index 9e4e409ef..474e7c6ac 100644
--- a/src/unicef_rest_framework/renderers/microsoft/xml.py
+++ b/src/unicef_rest_framework/renderers/microsoft/xml.py
@@ -1,4 +1,5 @@
 from django.utils.encoding import smart_text
+
 from rest_framework_xml.renderers import XMLRenderer
 
 
diff --git a/src/unicef_rest_framework/renderers/pdf.py b/src/unicef_rest_framework/renderers/pdf.py
index 36f52a907..91d277784 100644
--- a/src/unicef_rest_framework/renderers/pdf.py
+++ b/src/unicef_rest_framework/renderers/pdf.py
@@ -2,9 +2,10 @@
 import logging
 import os
 
-from crashlog.middleware import process_exception
 from django.conf import settings
 from django.template import loader
+
+from crashlog.middleware import process_exception
 from xhtml2pdf import pisa
 
 from .html import HTMLRenderer
diff --git a/src/unicef_rest_framework/renderers/txt.py b/src/unicef_rest_framework/renderers/txt.py
index a51d395eb..bdd386fd9 100644
--- a/src/unicef_rest_framework/renderers/txt.py
+++ b/src/unicef_rest_framework/renderers/txt.py
@@ -1,7 +1,8 @@
 import logging
 
-from crashlog.middleware import process_exception
 from django.template import loader
+
+from crashlog.middleware import process_exception
 from rest_framework.renderers import BaseRenderer
 
 logger = logging.getLogger(__name__)
diff --git a/src/unicef_rest_framework/routers.py b/src/unicef_rest_framework/routers.py
index deca438a1..25f7dff6c 100644
--- a/src/unicef_rest_framework/routers.py
+++ b/src/unicef_rest_framework/routers.py
@@ -3,6 +3,7 @@
 from collections import OrderedDict
 
 from django.urls import NoReverseMatch
+
 from rest_framework import routers, views
 from rest_framework.response import Response
 from rest_framework.reverse import reverse
diff --git a/src/unicef_rest_framework/templatetags/urf.py b/src/unicef_rest_framework/templatetags/urf.py
index 5331a460b..432bfb3d3 100644
--- a/src/unicef_rest_framework/templatetags/urf.py
+++ b/src/unicef_rest_framework/templatetags/urf.py
@@ -1,9 +1,10 @@
 import logging
 
-import six
 from django import template
 from django.urls import reverse
 from django.utils.safestring import mark_safe
+
+import six
 from strategy_field.utils import fqn
 
 from unicef_rest_framework.admin.service import ACL_ICONS
diff --git a/src/unicef_rest_framework/throttling.py b/src/unicef_rest_framework/throttling.py
index 96699fbee..c19cf48da 100644
--- a/src/unicef_rest_framework/throttling.py
+++ b/src/unicef_rest_framework/throttling.py
@@ -5,6 +5,7 @@
 
 from django.contrib import messages
 from django.core.cache import caches
+
 from rest_framework.throttling import BaseThrottle
 
 from unicef_rest_framework.config import conf
diff --git a/src/unicef_rest_framework/urls.py b/src/unicef_rest_framework/urls.py
index 05ee61974..a539aa4a4 100644
--- a/src/unicef_rest_framework/urls.py
+++ b/src/unicef_rest_framework/urls.py
@@ -1,5 +1,6 @@
 from django.conf.urls import url
 from django.contrib import admin
+
 from rest_framework_jwt.views import obtain_jwt_token, refresh_jwt_token, verify_jwt_token
 
 from .routers import APIRouter
diff --git a/src/unicef_rest_framework/views_mixins.py b/src/unicef_rest_framework/views_mixins.py
index 05086eaaa..863dbe554 100644
--- a/src/unicef_rest_framework/views_mixins.py
+++ b/src/unicef_rest_framework/views_mixins.py
@@ -1,5 +1,6 @@
 from django.conf import settings
 from django.http import HttpResponse
+
 from drf_yasg.utils import swagger_auto_schema
 from rest_framework.decorators import action
 
diff --git a/src/unicef_security/admin.py b/src/unicef_security/admin.py
index 60a606823..09889913b 100644
--- a/src/unicef_security/admin.py
+++ b/src/unicef_security/admin.py
@@ -1,6 +1,5 @@
 import logging
 
-from admin_extra_urls.extras import action, ExtraUrlMixin, link
 from django import forms
 from django.contrib import admin, messages
 from django.contrib.admin import ModelAdmin, widgets
@@ -11,6 +10,8 @@
 from django.urls import reverse
 from django.utils.translation import gettext_lazy as _
 
+from admin_extra_urls.extras import action, ExtraUrlMixin, link
+
 from unicef_security.graph import default_group, Synchronizer, SyncResult
 from unicef_security.models import BusinessArea, Region, User
 from unicef_security.sync import load_business_area, load_region
diff --git a/src/unicef_security/graph.py b/src/unicef_security/graph.py
index 66e59e309..04505ffe0 100644
--- a/src/unicef_security/graph.py
+++ b/src/unicef_security/graph.py
@@ -3,13 +3,14 @@
 import logging
 import os
 
-import requests
-from constance import config as constance
-from crashlog.middleware import process_exception
 from django.conf import settings
 from django.contrib.auth import get_user_model
 from django.contrib.auth.models import Group
 from django.core.cache import cache
+
+import requests
+from constance import config as constance
+from crashlog.middleware import process_exception
 from jwt import decode as jwt_decode, DecodeError, ExpiredSignature
 from social_core.backends.azuread_tenant import AzureADTenantOAuth2
 from social_core.exceptions import AuthTokenError
diff --git a/src/unicef_security/migrations/0001_initial.py b/src/unicef_security/migrations/0001_initial.py
index 69c061a46..e1b78c509 100644
--- a/src/unicef_security/migrations/0001_initial.py
+++ b/src/unicef_security/migrations/0001_initial.py
@@ -4,9 +4,10 @@
 import django.contrib.auth.validators
 import django.db.models.deletion
 import django.utils.timezone
-import django_countries.fields
 from django.db import migrations, models
 
+import django_countries.fields
+
 import unicef_security.models
 
 
diff --git a/src/unicef_security/models.py b/src/unicef_security/models.py
index e2176defa..1ae25ca7e 100644
--- a/src/unicef_security/models.py
+++ b/src/unicef_security/models.py
@@ -2,6 +2,7 @@
 from django.db import models
 from django.utils.functional import cached_property
 from django.utils.translation import ugettext as _
+
 from django_countries.fields import CountryField
 
 app_label = 'unicef_security'

From d635874a7d5067d5f6fa6a93bbc2cc60b1296cd1 Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Sat, 22 Dec 2018 20:39:08 +0100
Subject: [PATCH 83/86] update version

---
 .circleci/config.yml            | 240 +-------------------------------
 docker/.bumpversion.cfg         |   2 +-
 docker/Makefile                 |   2 +-
 src/etools_datamart/__init__.py |   2 +-
 4 files changed, 5 insertions(+), 241 deletions(-)

diff --git a/.circleci/config.yml b/.circleci/config.yml
index 38d48e590..75e47af07 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -1,238 +1,2 @@
-version: 2
-jobs:
-  build:
-    working_directory: ~/code
-    docker:
-      - image: python:3.6.7-slim
-        environment:
-          PGHOST: 127.0.0.1
-          PIPENV_VENV_IN_PROJECT: 1
-          DATABASE_URL: "postgis://postgres:postgres@127.0.0.1:5432/etools_datamart"
-          DATABASE_URL_ETOOLS: "postgis://postgres:postgres@127.0.0.1:5432/etools"
-          RELEASE_MATCH: "release/*"
-      - image: redis:alpine
-      - image: mdillon/postgis:9.6
-        environment:
-          POSTGRES_USER: postgres
-          PGUSER: postgres
-          POSTGRES_DB: etools_datamart
-          POSTGRES_PASSWORD: postgres
-    steps:
-      - run:
-          name: Install dependencies
-          command: |
-            mkdir -p /usr/share/man/man1
-            mkdir -p /usr/share/man/man7
-            apt-get update
-            apt-get install -y \
-                  libc-bin \
-                  gcc \
-                  gdal-bin \
-                  python-dev \
-                  postgresql-client-9.6
-
-      - run:
-          name: Create databases
-          command: |
-            createdb --user postgres etools
-
-      - restore_cache:
-          keys:
-            - source-{{ .Branch }}-{{ .Revision }}
-      - checkout
-      - restore_cache:
-          keys:
-            - deps-v2-{{ checksum "Pipfile.lock" }}
-
-      - run:
-          name: run tests
-          command: |
-            export PATH=/home/circleci/.local/bin:$PATH
-            export PYTHONHASHSEED=${RANDOM}
-            pip install tox
-            tox -e py36-d21
-      - run:
-          name: codecov
-          command: |
-            PATH=$HOME/.local/bin:$PATH
-            pip install --user codecov
-            coverage xml
-            ~/.local/bin/codecov --required -X search gcov pycov -f coverage.xml --flags $CIRCLE_JOB
-      - store_artifacts:
-          path: ~build/coverage
-          destination: coverage
-
-      - save_cache:
-          key: source-{{ .Branch }}-{{ .Revision }}
-          paths:
-            - ".git"
-
-      - save_cache:
-          key: deps-v2-{{ checksum "Pipfile.lock" }}
-          paths:
-            - ".tox"
-            - ".venv"
-            - "~/.cache/pip"
-
-      - deploy:
-          name: tag and release if release candidate
-          command: |
-            if [[ $CIRCLE_BRANCH == $RELEASE_MATCH ]]; then
-              curl --user ${CIRCLE_TOKEN}: \
-                --data build_parameters[CIRCLE_JOB]=tag \
-                --data revision=$CIRCLE_SHA1 \
-                https://circleci.com/api/v1.1/project/github/$CIRCLE_PROJECT_USERNAME/$CIRCLE_PROJECT_REPONAME/tree/$CIRCLE_BRANCH
-            else
-              echo "Skipped as '$CIRCLE_BRANCH' does not match '$RELEASE_MATCH' branch"
-            fi
-  tag:
-    docker:
-      - image: circleci/python:3.6
-        environment:
-          API_URL: https://api.github.com/repos/unicef/etools-datamart
-          RELEASE_MATCH: "release/*"
-    steps:
-      - checkout
-      - add_ssh_keys:
-          fingerprints:
-            - "73:a6:f1:56:5a:28:c5:ea:50:ed:4d:c5:b3:00:54:9c"
-      - run:
-          name: close release branch and create tag
-          command: |
-            export PATH=/home/circleci/.local/bin:$PATH
-            export TAG=${TAG:=${CIRCLE_BRANCH#*/}}
-            git status
-            git show-branch "release/$TAG"
-            git reset --hard
-
-            git config user.email "ci@unicef.org"
-            git config user.name "CI"
-
-            echo
-            echo "Process master"
-            git checkout master
-            git pull
-            git merge --no-ff release/$TAG -m "merge release/$TAG"
-            echo
-
-            echo "Creating tag $TAG"
-            git tag -a -m "v$TAG" $TAG
-            echo
-
-            echo "Process develop"
-            git checkout develop
-            git pull
-            git merge --no-ff release/$TAG -m "merge release/$TAG"
-            echo
-
-            echo "Deleting branch release/$TAG"
-            git branch -d release/$TAG
-            echo
-
-            echo "Pushing everything to origin"
-            git push --verbose --all
-            git push --verbose --tags
-            git push origin --verbose --delete release/$TAG
-      - run:
-          name: create github release
-          command: |
-            export TAG=${TAG:=${CIRCLE_BRANCH#*/}}
-            echo
-            export TODAY=`date '+%d %B %Y at %H:%M'`
-            function is_pre()
-            {
-                [[ "$(echo "$TAG" | sed 's/[0-9.]//g')" == "" ]] && echo false || echo true
-            }
-            function data() {
-            cat <<EOF
-            { "tag_name": "$TAG",
-              "name": "v$TAG",
-              "body": "version $TAG - Built on $TODAY",
-              "draft": false,
-              "prerelease": $(is_pre)
-            }
-            EOF
-            }
-            data=$(data)
-            curl -X POST -s \
-              --fail --verbose \
-              -H "Accept: application/json" \
-              -H "Content-Type:application/json" \
-              -H "Authorization: token ${GITHUB_TOKEN}" \
-              ${API_URL}/releases \
-              -d "$data"
-      - deploy:
-          name: dockerize
-          command: |
-            export TAG=${TAG:=${CIRCLE_BRANCH#*/}}
-            curl --user ${CIRCLE_TOKEN}: \
-              --data build_parameters[TAG]=$TAG \
-              --data build_parameters[JOB]=dockerize \
-              https://circleci.com/api/v1.1/project/github/$CIRCLE_PROJECT_USERNAME/$CIRCLE_PROJECT_REPONAME/tree/develop
-
-  dockerize:
-    working_directory: ~/code
-    docker:
-      - image: docker:17.05.0-ce-git
-        environment:
-          PGHOST: 127.0.0.1
-          PIPENV_VENV_IN_PROJECT: 1
-          DATABASE_URL: "postgres://postgres:postgres@127.0.0.1:5432/etools_datamart"
-          DATABASE_URL_ETOOLS: "postgres://postgres:postgres@127.0.0.1:5432/etools"
-      - image: circleci/postgres:9.6-alpine-postgis
-        environment:
-          POSTGRES_USER: postgres
-          PGUSER: postgres
-          POSTGRES_DB: test
-          POSTGRES_PASSWORD: postgres
-
-    environment:
-      DOCKER_IMAGE: unicef/datamart
-    steps:
-      - checkout
-      - add_ssh_keys:
-          fingerprints:
-            - "70:aa:15:2a:d9:1c:74:f3:a1:f7:c4:cd:9b:d2:d1:f5"
-      - setup_remote_docker
-      - run:
-          name: Dump Environment
-          command: |
-            env | sort
-      - run:
-          name: Build docker image
-          command: |
-            if [ -z "$TAG" ];then
-              echo "Tag not set. exit"
-              exit 1
-            fi
-            docker build  \
-                    --build-arg GITHUB_TOKEN=${GITHUB_TOKEN} \
-                    --build-arg VERSION=${TAG} \
-                    -t ${DOCKER_IMAGE}:${TAG} \
-                    -f docker/Dockerfile .
-            docker images "unicef/datamart*"
-      - run:
-          name: Test Backend docker image
-          command: |
-            echo "Testing ${DOCKER_IMAGE}:${TAG}"
-            docker run -p 8000:8000 \
-                    --rm \
-                    -e DATABASE_URL=${DATABASE_URL} \
-                    -e DEBUG=0 \
-                    -e SECURE_SSL_REDIRECT=0 \
-                    -e SESSION_COOKIE_SECURE=0 \
-                    -e SESSION_COOKIE_HTTPONLY=9 \
-                    -e SESSION_COOKIE_HTTPONLY=0 \
-                    -e CSRF_COOKIE_SECURE=0 \
-                    -it ${DOCKER_IMAGE}:${TAG} \
-                    django-admin check --deploy
-      - deploy:
-          name: Push Backend docker image
-          command: |
-            echo "Pushing ${DOCKER_IMAGE}:${TAG} to Docker Hub"
-            export TODAY=`date '+%d %B %Y at %H:%M'`
-
-            docker login -u $DOCKER_USER -p $DOCKER_PASS
-            docker tag ${DOCKER_IMAGE}:${TAG} ${DOCKER_IMAGE}:latest
-            docker push ${DOCKER_IMAGE}:latest
-            docker push ${DOCKER_IMAGE}:${TAG}
+# Config Translation Error
+# Could not find stored inference data.  Please run a build and try again.
\ No newline at end of file
diff --git a/docker/.bumpversion.cfg b/docker/.bumpversion.cfg
index 239e3dea6..6a2629e29 100644
--- a/docker/.bumpversion.cfg
+++ b/docker/.bumpversion.cfg
@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 1.8a16
+current_version = 1.8a17
 commit = False
 tag = False
 allow_dirty = True
diff --git a/docker/Makefile b/docker/Makefile
index f7b68afd6..5494c12fc 100644
--- a/docker/Makefile
+++ b/docker/Makefile
@@ -4,7 +4,7 @@ DATABASE_URL_ETOOLS?=
 DEVELOP?=0
 DOCKER_PASS?=
 DOCKER_USER?=
-TARGET?=1.8a16
+TARGET?=1.8a17
 # below vars are used internally
 BUILD_OPTIONS?=--squash
 CMD?=datamart
diff --git a/src/etools_datamart/__init__.py b/src/etools_datamart/__init__.py
index c6e96a4cc..4c4ab9274 100644
--- a/src/etools_datamart/__init__.py
+++ b/src/etools_datamart/__init__.py
@@ -1,3 +1,3 @@
 NAME = 'etools-datamart'
-VERSION = __version__ = '1.8a16'
+VERSION = __version__ = '1.8a17'
 __author__ = ''

From 4958b958e54618a4a132349e2324a3b42e081538 Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Sat, 22 Dec 2018 20:53:22 +0100
Subject: [PATCH 84/86] bump version

---
 CHANGES                         | 5 ++---
 docker/.bumpversion.cfg         | 2 +-
 docker/Makefile                 | 2 +-
 src/etools_datamart/__init__.py | 2 +-
 4 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/CHANGES b/CHANGES
index 2e2f37ca4..b0d89854f 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,5 +1,5 @@
-1.8 (dev)
----------
+1.8
+---
 * WARNINGS: migration reset
 * add ability to create 'per model' custom templates for html/pdf renderers
     new `TEMPLATE_CACHE_URL` enironment variable
@@ -11,7 +11,6 @@
 * Countries can be selected using name, schema_name,country_short_code or business_area_code
 * Improved Browseable API
 * `page_size` now accept `-1` to disable pagination
-* new endpoints 'Location' and 'GatewayType'
 
 
 1.7
diff --git a/docker/.bumpversion.cfg b/docker/.bumpversion.cfg
index 6a2629e29..794d6d68d 100644
--- a/docker/.bumpversion.cfg
+++ b/docker/.bumpversion.cfg
@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 1.8a17
+current_version = 1.8
 commit = False
 tag = False
 allow_dirty = True
diff --git a/docker/Makefile b/docker/Makefile
index 5494c12fc..fae59589b 100644
--- a/docker/Makefile
+++ b/docker/Makefile
@@ -4,7 +4,7 @@ DATABASE_URL_ETOOLS?=
 DEVELOP?=0
 DOCKER_PASS?=
 DOCKER_USER?=
-TARGET?=1.8a17
+TARGET?=1.8
 # below vars are used internally
 BUILD_OPTIONS?=--squash
 CMD?=datamart
diff --git a/src/etools_datamart/__init__.py b/src/etools_datamart/__init__.py
index 4c4ab9274..6097faa35 100644
--- a/src/etools_datamart/__init__.py
+++ b/src/etools_datamart/__init__.py
@@ -1,3 +1,3 @@
 NAME = 'etools-datamart'
-VERSION = __version__ = '1.8a17'
+VERSION = __version__ = '1.8'
 __author__ = ''

From 5c50a0daba7388c6b13d547814ee694539e66fb1 Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Sat, 22 Dec 2018 21:01:14 +0100
Subject: [PATCH 85/86] fixes circleci config

---
 .circleci/config.yml | 240 ++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 238 insertions(+), 2 deletions(-)

diff --git a/.circleci/config.yml b/.circleci/config.yml
index 75e47af07..38d48e590 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -1,2 +1,238 @@
-# Config Translation Error
-# Could not find stored inference data.  Please run a build and try again.
\ No newline at end of file
+version: 2
+jobs:
+  build:
+    working_directory: ~/code
+    docker:
+      - image: python:3.6.7-slim
+        environment:
+          PGHOST: 127.0.0.1
+          PIPENV_VENV_IN_PROJECT: 1
+          DATABASE_URL: "postgis://postgres:postgres@127.0.0.1:5432/etools_datamart"
+          DATABASE_URL_ETOOLS: "postgis://postgres:postgres@127.0.0.1:5432/etools"
+          RELEASE_MATCH: "release/*"
+      - image: redis:alpine
+      - image: mdillon/postgis:9.6
+        environment:
+          POSTGRES_USER: postgres
+          PGUSER: postgres
+          POSTGRES_DB: etools_datamart
+          POSTGRES_PASSWORD: postgres
+    steps:
+      - run:
+          name: Install dependencies
+          command: |
+            mkdir -p /usr/share/man/man1
+            mkdir -p /usr/share/man/man7
+            apt-get update
+            apt-get install -y \
+                  libc-bin \
+                  gcc \
+                  gdal-bin \
+                  python-dev \
+                  postgresql-client-9.6
+
+      - run:
+          name: Create databases
+          command: |
+            createdb --user postgres etools
+
+      - restore_cache:
+          keys:
+            - source-{{ .Branch }}-{{ .Revision }}
+      - checkout
+      - restore_cache:
+          keys:
+            - deps-v2-{{ checksum "Pipfile.lock" }}
+
+      - run:
+          name: run tests
+          command: |
+            export PATH=/home/circleci/.local/bin:$PATH
+            export PYTHONHASHSEED=${RANDOM}
+            pip install tox
+            tox -e py36-d21
+      - run:
+          name: codecov
+          command: |
+            PATH=$HOME/.local/bin:$PATH
+            pip install --user codecov
+            coverage xml
+            ~/.local/bin/codecov --required -X search gcov pycov -f coverage.xml --flags $CIRCLE_JOB
+      - store_artifacts:
+          path: ~build/coverage
+          destination: coverage
+
+      - save_cache:
+          key: source-{{ .Branch }}-{{ .Revision }}
+          paths:
+            - ".git"
+
+      - save_cache:
+          key: deps-v2-{{ checksum "Pipfile.lock" }}
+          paths:
+            - ".tox"
+            - ".venv"
+            - "~/.cache/pip"
+
+      - deploy:
+          name: tag and release if release candidate
+          command: |
+            if [[ $CIRCLE_BRANCH == $RELEASE_MATCH ]]; then
+              curl --user ${CIRCLE_TOKEN}: \
+                --data build_parameters[CIRCLE_JOB]=tag \
+                --data revision=$CIRCLE_SHA1 \
+                https://circleci.com/api/v1.1/project/github/$CIRCLE_PROJECT_USERNAME/$CIRCLE_PROJECT_REPONAME/tree/$CIRCLE_BRANCH
+            else
+              echo "Skipped as '$CIRCLE_BRANCH' does not match '$RELEASE_MATCH' branch"
+            fi
+  tag:
+    docker:
+      - image: circleci/python:3.6
+        environment:
+          API_URL: https://api.github.com/repos/unicef/etools-datamart
+          RELEASE_MATCH: "release/*"
+    steps:
+      - checkout
+      - add_ssh_keys:
+          fingerprints:
+            - "73:a6:f1:56:5a:28:c5:ea:50:ed:4d:c5:b3:00:54:9c"
+      - run:
+          name: close release branch and create tag
+          command: |
+            export PATH=/home/circleci/.local/bin:$PATH
+            export TAG=${TAG:=${CIRCLE_BRANCH#*/}}
+            git status
+            git show-branch "release/$TAG"
+            git reset --hard
+
+            git config user.email "ci@unicef.org"
+            git config user.name "CI"
+
+            echo
+            echo "Process master"
+            git checkout master
+            git pull
+            git merge --no-ff release/$TAG -m "merge release/$TAG"
+            echo
+
+            echo "Creating tag $TAG"
+            git tag -a -m "v$TAG" $TAG
+            echo
+
+            echo "Process develop"
+            git checkout develop
+            git pull
+            git merge --no-ff release/$TAG -m "merge release/$TAG"
+            echo
+
+            echo "Deleting branch release/$TAG"
+            git branch -d release/$TAG
+            echo
+
+            echo "Pushing everything to origin"
+            git push --verbose --all
+            git push --verbose --tags
+            git push origin --verbose --delete release/$TAG
+      - run:
+          name: create github release
+          command: |
+            export TAG=${TAG:=${CIRCLE_BRANCH#*/}}
+            echo
+            export TODAY=`date '+%d %B %Y at %H:%M'`
+            function is_pre()
+            {
+                [[ "$(echo "$TAG" | sed 's/[0-9.]//g')" == "" ]] && echo false || echo true
+            }
+            function data() {
+            cat <<EOF
+            { "tag_name": "$TAG",
+              "name": "v$TAG",
+              "body": "version $TAG - Built on $TODAY",
+              "draft": false,
+              "prerelease": $(is_pre)
+            }
+            EOF
+            }
+            data=$(data)
+            curl -X POST -s \
+              --fail --verbose \
+              -H "Accept: application/json" \
+              -H "Content-Type:application/json" \
+              -H "Authorization: token ${GITHUB_TOKEN}" \
+              ${API_URL}/releases \
+              -d "$data"
+      - deploy:
+          name: dockerize
+          command: |
+            export TAG=${TAG:=${CIRCLE_BRANCH#*/}}
+            curl --user ${CIRCLE_TOKEN}: \
+              --data build_parameters[TAG]=$TAG \
+              --data build_parameters[JOB]=dockerize \
+              https://circleci.com/api/v1.1/project/github/$CIRCLE_PROJECT_USERNAME/$CIRCLE_PROJECT_REPONAME/tree/develop
+
+  dockerize:
+    working_directory: ~/code
+    docker:
+      - image: docker:17.05.0-ce-git
+        environment:
+          PGHOST: 127.0.0.1
+          PIPENV_VENV_IN_PROJECT: 1
+          DATABASE_URL: "postgres://postgres:postgres@127.0.0.1:5432/etools_datamart"
+          DATABASE_URL_ETOOLS: "postgres://postgres:postgres@127.0.0.1:5432/etools"
+      - image: circleci/postgres:9.6-alpine-postgis
+        environment:
+          POSTGRES_USER: postgres
+          PGUSER: postgres
+          POSTGRES_DB: test
+          POSTGRES_PASSWORD: postgres
+
+    environment:
+      DOCKER_IMAGE: unicef/datamart
+    steps:
+      - checkout
+      - add_ssh_keys:
+          fingerprints:
+            - "70:aa:15:2a:d9:1c:74:f3:a1:f7:c4:cd:9b:d2:d1:f5"
+      - setup_remote_docker
+      - run:
+          name: Dump Environment
+          command: |
+            env | sort
+      - run:
+          name: Build docker image
+          command: |
+            if [ -z "$TAG" ];then
+              echo "Tag not set. exit"
+              exit 1
+            fi
+            docker build  \
+                    --build-arg GITHUB_TOKEN=${GITHUB_TOKEN} \
+                    --build-arg VERSION=${TAG} \
+                    -t ${DOCKER_IMAGE}:${TAG} \
+                    -f docker/Dockerfile .
+            docker images "unicef/datamart*"
+      - run:
+          name: Test Backend docker image
+          command: |
+            echo "Testing ${DOCKER_IMAGE}:${TAG}"
+            docker run -p 8000:8000 \
+                    --rm \
+                    -e DATABASE_URL=${DATABASE_URL} \
+                    -e DEBUG=0 \
+                    -e SECURE_SSL_REDIRECT=0 \
+                    -e SESSION_COOKIE_SECURE=0 \
+                    -e SESSION_COOKIE_HTTPONLY=9 \
+                    -e SESSION_COOKIE_HTTPONLY=0 \
+                    -e CSRF_COOKIE_SECURE=0 \
+                    -it ${DOCKER_IMAGE}:${TAG} \
+                    django-admin check --deploy
+      - deploy:
+          name: Push Backend docker image
+          command: |
+            echo "Pushing ${DOCKER_IMAGE}:${TAG} to Docker Hub"
+            export TODAY=`date '+%d %B %Y at %H:%M'`
+
+            docker login -u $DOCKER_USER -p $DOCKER_PASS
+            docker tag ${DOCKER_IMAGE}:${TAG} ${DOCKER_IMAGE}:latest
+            docker push ${DOCKER_IMAGE}:latest
+            docker push ${DOCKER_IMAGE}:${TAG}

From 8524de7ae1fadbda7e1f24621dc41e4868ce6884 Mon Sep 17 00:00:00 2001
From: sax <s.apostolico@gmail.com>
Date: Sat, 22 Dec 2018 21:17:50 +0100
Subject: [PATCH 86/86] updates circleci config

---
 .circleci/config.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.circleci/config.yml b/.circleci/config.yml
index 38d48e590..8c042d5b4 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -27,6 +27,7 @@ jobs:
             apt-get install -y \
                   libc-bin \
                   gcc \
+                  curl \
                   gdal-bin \
                   python-dev \
                   postgresql-client-9.6