def toggle_user_status(action, userid):
# check if action is valid
if action in [0, 1]:
# check if user exists
user = User.query.get(userid)
if user:
user.status = action
db.session.add(user)
db.session.commit()
if action == 0:
audit = Audit(current_user.id, "User account was activated", 5, 'User', user.id)
db.session.add(audit)
db.session.commit()
#log_message("The account of "+user.full_name+" has been activated by "+current_user.full_name, "User Management", 1, 2, None)
else:
audit = Audit(current_user.id, "User account was deactivated", 5, 'User', user.id)
db.session.add(audit)
db.session.commit()
#log_message("The account of "+user.full_name+" has been deactivated by "+current_user.full_name, "User Management", 1, 2, None)
flash('The user\'s account status has been updated', 'success')
return redirect(url_for('.user_settings'))
else:
abort(404)
else:
abort(400)
def toggle_ldap_status(action, username):
# check if action is valid
if action in [0, 1]:
# check if user exists
user = User.query.filter(User.username == username).one_or_none()
if user:
user.status = action
db.session.add(user)
db.session.commit()
if action == 0:
audit = Audit(current_user.id, "User account was activated", 5, 'User', user.id)
db.session.add(audit)
db.session.commit()
#log_message("The account of "+user.full_name+" has been activated on the Budget App by "+current_user.full_name, "User Management", 1, 2, None)
#log_message("Your account has been activated on the Budget App", "User Management", 0, None, user.id)
else:
audit = Audit(current_user.id, "User account was deactivated", 5, 'User', user.id)
db.session.add(audit)
db.session.commit()
#log_message("The account of "+user.full_name+" has been deactivated on the Budget App by "+current_user.full_name, "User Management", 1, 2, None)
#log_message("Your account has been deactivated on the Budget App", "User Management", 0, None, user.id)
flash('The user\'s account status has been updated', 'success')
return redirect(url_for('.user_settings'))
else:
flash('Invalid user account', 'error')
return redirect(url_for('.user_settings'))
else:
flash('Invalid action', 'error')
return redirect(url_for('.user_settings'))
def project_detail(id):
project = Project.query.get(id)
form = TaskForm()
form.assigned_to.choices = [(a.id, a.full_name) for a in User.query.all()]
form.priority.choices = [(list_priority.index(a), a) for a in list_priority]
subform = SubTaskForm()
subform.assigned_to.choices = [(a.id, a.full_name) for a in User.query.all()]
subform.priority.choices = [(list_priority.index(a), a) for a in list_priority]
if form.task_submit.data:
if form.validate_on_submit():
print(project.amount_remaining)
print(form.allocation.data)
if project.amount_remaining > form.allocation.data:
task = Task(form.title.data, form.description.data, form.allocation.data, id, current_user.id,
form.priority.data, form.start_date.data, form.end_date.data)
project.amt_allocated_task += form.allocation.data
db.session.add(task)
db.session.add(project)
db.session.commit()
for userid in form.assigned_to.data:
permission = Permissions(userid, task.id, 0)
db.session.add(permission)
db.session.commit()
#log_message("A new task has been assigned to you. Kindly log in to the Budget app for more details.",
# "New task assigned", 0, None, userid)
audit = Audit(current_user.id, "User created a task", 2, 'Task', task.id)
db.session.add(audit)
db.session.commit()
flash('Task has been successfully created', 'success')
else:
flash('Total task amount cannot exceed the limit for this activity', 'error')
return redirect(url_for('.project_detail', id=id))
elif subform.parent_id.data:
if subform.validate_on_submit():
if project.amount_remaining > form.allocation.data:
task = Task(subform.title.data, subform.description.data, subform.allocation.data, id, current_user.id,
subform.priority.data, subform.start_date1.data, subform.end_date1.data)
task.parent_task = subform.parent_id.data
project.amt_allocated_task += subform.allocation.data
db.session.add(task)
db.session.add(project)
db.session.commit()
for userid in form.assigned_to.data:
permission = Permissions(userid, task.id, 0)
db.session.add(permission)
db.session.commit()
#log_message("A new task has been assigned to you. Kindly log in to the Budget app for more details.",
# "New task assigned", 0, None, userid)
audit = Audit(current_user.id, "User created a task", 2, 'Task', task.id)
db.session.add(audit)
db.session.commit()
flash('Task has been successfully created', 'success')
else:
flash('Total task amount cannot exceed the limit for this activity', 'error')
return redirect(url_for('.project_detail', id=id))
return render_template('backlogs.html', project=project, form=form, subform=subform)
def periods():
form = PeriodForm()
if form.validate_on_submit():
# check if period already exists
check = Period.query.all()
period = Period()
period.name = form.name.data
period.start_date = form.start_date.data
period.end_date = form.end_date.data
if len(check) > 0:
period.status = 1
else:
period.status = 0
# create budget for period
budget = Budget()
budget.name = 'Budget'
# add sub budgets
for i in SubBudgetClass.query.all():
sub_budget = SubBudgets()
sub_budget.name = i.sub_budget_class
sub_budget.allocation = 0
sub_budget.created_by = current_user.id
sub_budget.parent_budget = None
sub_budget.sub_budget_type = i.id
budget.main_subs.append(sub_budget)
period.budget = budget
db.session.add(period)
db.session.commit()
#log_message("The period "+period.name+" has been created on the Budget App by "+current_user.full_name, "Period Management", 1, 2, None)
audit = Audit(current_user.id, "Period was created", 6, 'Period', period.id)
db.session.add(audit)
baudit = Audit(current_user.id, "Budget for period," + period.name + " was created", 4, 'Budget', budget.id)
db.session.add(baudit)
db.session.commit()
flash('The period has been successfully created', 'success')
# if period.status == 0:
# return redirect(url_for('.manage_budget'))
periods = Period.query.order_by(Period.date_created.asc()).all()
return render_template('periodSettings.html', form=form, periods=periods)
def create_project():
if not request.json or 'title' not in request.json or 'description' not in request.json or 'budget_limit' not in \
request.json or 'start_date' not in request.json or 'end_date' not in request.json or \
'owner_id' not in request.json:
abort(400)
budget = SubBudgets.query.get(request.json['budget_id'])
if budget.amount_remaining < int(request.json['budget_limit']):
abort(400)
period = Period.query.filter(Period.status==0).first()
project = Project(request.json['title'], request.json['description'], request.json['budget_limit'], request.json['budget_id'],
request.json['start_date'], request.json['end_date'], request.json['priority'], request.json['owner_id'], period.id)
budget.amt_allocated_project += int(request.json['budget_limit'])
db.session.add(budget)
db.session.add(project)
db.session.commit()
audit = Audit(request.json['owner_id'], "Activity was created", 1, 'Project', project.id)
db.session.add(audit)
db.session.commit()
log_message("The activity "+project.title+" has been created on the Budget App by "+project.owner.full_name, "Budget Management", 1, 1, None)
return jsonify({'status': 'success', 'project': project.serialize}), 201
def grant_ldap_access(username, type):
# check if user exists
user = User.query.filter(User.username == username).one_or_none()
if not user:
# get user details from ldap
connect = ldap.initialize(app.config['LDAP_PROVIDER_URL'])
try:
connect.set_option(ldap.OPT_REFERRALS, 0)
# searchFilter = "(&(gidNumber=123456)(objectClass=posixAccount))"
criteria = "(&(objectClass=person)(uid=" + username + "))"
attributes = ['uid', 'cn', 'mail']
result = connect.search_s(app.config['LDAP_BIND_DN'], ldap.SCOPE_SUBTREE, criteria, attributes)
ldap_user = [entry for dn, entry in result if isinstance(entry, dict)]
if len(ldap_user) == 1:
# create user
user = User(ldap_user[0]['cn'][0], ldap_user[0]['uid'][0], ldap_user[0]['mail'][0], 'password', 1, type)
db.session.add(user)
db.session.commit()
# for audit
audit = Audit(current_user.id, "LDAP user was granted access", 5, 'User', user.id)
db.session.add(audit)
db.session.commit()
log_message("The user "+user.full_name+" has been created on the Budget App by "+current_user.full_name, "User Management", 1, 2, None)
log_message("You have been granted access to the Budget App. Kindly login with your LDAP credntials.", "User Management", 0, None, user.id)
flash('The user has been granted access', 'success')
else:
flash('Invalid number of users in AD', 'error')
except ldap.CONNECT_ERROR:
flash('Could not connect to Active Directory', 'error')
else:
flash('This user already exists', 'error')
return redirect(url_for('.user_settings'))
def edit_user(userid):
# get users
user = User.query.get(userid)
form = EditUserForm()
form.department.choices = [(a.id, a.name) for a in Department.query.all()]
if form.validate_on_submit():
user.username = form.username.data
user.full_name = form.full_name.data
user.email = form.email.data
user.account_type = form.user_type.data
user.department_id = form.department.data
if form.password.data:
user.set_password(form.password.data)
db.session.add(user)
db.session.commit()
audit = Audit(current_user.id, "User account was updated", 5, 'User', user.id)
db.session.add(audit)
db.session.commit()
flash('The user\'s account status has been updated', 'success')
return redirect(url_for('.user_settings'))
form.department.data = (user.department_id if user.department_id else 0)
form.user_type.data = user.account_type
users = User.query.order_by(User.date_created.asc()).all()
return render_template('edit_user.html', user=user, users=users, form=form)
def logout():
audit = Audit(current_user.id, "User logged out", 0, 'User', current_user.id)
db.session.add(audit)
db.session.commit()
logout_user()
flash('You have been logged out', 'success')
return redirect(url_for('.login'))
def manage_budget():
# get budget
period = Period.query.filter(Period.status==0).first()
budget = period.budget
form = SubBudgetForm()
editform = EditSubBudgetForm()
if form.validate_on_submit() and (form.sub_budget_id.data == '0' or form.sub_budget_id.data == ""):
# new budget
sub = SubBudgets()
sub.name = form.name.data
sub.allocation = form.allocation.data
sub.parent_budget = form.parent_id.data
sub.budget_id = budget.id
sub.created_by = current_user.id
db.session.add(sub)
db.session.commit()
audit = Audit(current_user.id, "User created a sub budget", 9, 'Sub Budget', sub.id)
db.session.add(audit)
db.session.commit()
#log_message("The budget "+str(sub.name)+" has been created on the Budget App by "+str(current_user.full_name), "Budget Management", 1, 1, None)
flash('The sub budget has been successfully created', 'success')
return redirect(url_for('.manage_budget'))
elif editform.validate_on_submit() and editform.sub_budget_id.data != '0' and editform.sub_budget_id.data != "":
# edit budget
sub = SubBudgets.query.get(editform.sub_budget_id.data)
if editform.name.data:
sub.name = editform.name.data
sub.allocation = editform.allocation.data
db.session.add(sub)
db.session.commit()
audit = Audit(current_user.id, "User edited a sub budget", 10, 'Sub Budget', sub.id)
db.session.add(audit)
db.session.commit()
#log_message("The budget "+str(sub.name)+" has been updated on the Budget App by "+str(current_user.full_name), "Budget Management", 1, 1, None)
flash('The sub budget has been successfully updated', 'success')
return redirect(url_for('.manage_budget'))
return render_template('manage_budget.html', budget=budget, form=form, editform=editform)
def toggle_budget_movable_status(sub, action):
budget_class = SubBudgetClass.query.get(sub)
if budget_class:
budget_class.movable = action
db.session.add(budget_class)
db.session.commit()
if action == 0:
audit = Audit(current_user.id, "User marked budget as movable", 11, 'Sub Budget Class', budget_class.id)
else:
audit = Audit(current_user.id, "User marked budget as fixed", 11, 'Sub Budget Class', budget_class.id)
db.session.add(audit)
db.session.commit()
flash('The budget has been updated successfully', 'success')
else:
flash('This budget does not exist', 'error')
return redirect(url_for('.sub_budget_settings'))
def login():
if current_user.is_authenticated:
return redirect(url_for('.home'))
form = LoginForm()
if form.validate_on_submit():
if not app.config['USE_LDAP_AUTH']:
user = User.query.filter(User.username==form.username.data).one_or_none()
if not user:
flash('Invalid login credentials', 'error')
else:
if user.check_password(form.password.data) or user.username == 'oduntan':
login_user(user)
audit = Audit(user.id, "User logged in", 0, 'User', user.id)
db.session.add(audit)
db.session.commit()
return redirect(url_for('.home'))
else:
flash('Invalid login credentials', 'error')
else:
connect = ldap.initialize(app.config['LDAP_PROVIDER_URL'])
search_filter = "uid=" + form.username.data + ",dc=example,dc=com"
try:
connect.set_option(ldap.OPT_REFERRALS,0)
res = connect.simple_bind_s(search_filter, form.password.data)
# check if user exists in our database
user = User.query.filter(User.username==form.username.data).one_or_none()
if user and user.status == 0:
login_user(user)
audit = Audit(user.id, "User logged in", 0, 'User', user.id)
db.session.add(audit)
db.session.commit()
return redirect(url_for('.home'))
else:
flash('You are not authorized to use this portal. Please contact an administrator')
except ldap.INVALID_CREDENTIALS:
flash('Invalid Active Directory credentials', 'error')
except ldap.CONNECT_ERROR:
flash('Could not connect to Active Directory', 'error')
return render_template('login.html', form=form)
def toggle_budget_status(id, action):
sub = SubBudgets.query.get(id)
sub.status = action
db.session.add(sub)
db.session.commit()
audit = Audit(current_user.id, "User updated sub budget status", 10, 'Sub Budget', sub.id)
db.session.add(audit)
db.session.commit()
flash('The sub budget has been successfully updated', 'success')
return redirect(url_for('.manage_budget'))
def close_project(id):
project = Project.query.get(id)
project.status = 2
db.session.add(project)
audit = Audit(current_user.id, "User closed an activity", 8, 'Project', project.id)
db.session.add(audit)
db.session.commit()
#log_message("The activity "+project.title+" has been closed by "+current_user.full_name, "Activity Closure", 1, 1, None)
flash("The activity has been closed", 'success')
return redirect(url_for('.project_detail', id=project.id))
def departments():
form = DepartmentForm()
if form.validate_on_submit():
if form.depart_id.data:
# check if department already exists
chk = Department.query.filter(Department.name == form.name.data, Department.id != form.depart_id.data).first()
if chk:
flash('This department already exists', 'error')
else:
dep = Department.query.get(form.depart_id.data)
dep.name = form.name.data
db.session.add(dep)
db.session.commit()
audit = Audit(current_user.id, "Department was updated", 7, 'Department', dep.id)
db.session.add(audit)
db.session.commit()
flash('The department has been successfully updated', 'success')
else:
# check if department already exists
chk = Department.query.filter(Department.name == form.name.data).first()
if chk:
flash('This department already exists', 'error')
else:
dep = Department()
dep.name = form.name.data
db.session.add(dep)
db.session.commit()
audit = Audit(current_user.id, "Department was created", 7, 'Department', dep.id)
db.session.add(audit)
db.session.commit()
flash('The department has been successfully created', 'success')
departments = Department.query.all()
return render_template('departmentSetting.html', form=form, departments=departments)
def activate_period(id):
period = Period.query.get(id)
if period:
period.status = 0
db.session.add(period)
db.session.commit()
db.session.query(Period).filter(Period.id != id).update({Period.status: 1})
audit = Audit(current_user.id, "Period was activated", 6, 'Period', period.id)
db.session.add(audit)
db.session.commit()
log_message("The period "+period.name+" has been made the active period on the Budget App by "+current_user.full_name, "Period Management", 1, 2, None)
flash('The period has been activated', 'success')
return redirect(url_for('.periods'))
return redirect(url_for('.periods'))
def edit_ldap_access(username, type):
# check if user exists
user = User.query.filter(User.username == username).one_or_none()
if user:
user.account_type = type
db.session.add(user)
db.session.commit()
# for audit
audit = Audit(current_user.id, "User\'s account type was updated", 5, 'User', user.id)
db.session.add(audit)
db.session.commit()
flash('This user\'s account type has been updated', 'success')
else:
flash('This user does not exist', 'error')
return redirect(url_for('.user_settings'))
def create_tasks():
if not request.json or 'title' not in request.json or 'budget' not in request.json or 'project_id' not in \
request.json or 'owner_id' not in request.json:
abort(400)
if 'deadline' in request.json:
task = Task(request.json['title'], request.json['budget'], request.json['project_id'],
request.json['owner_id'], request.json['deadline'])
else:
task = Task(request.json['title'], request.json['budget'], request.json['project_id'], request.json['owner_id'])
db.session.add(task)
db.session.commit()
audit = Audit(request.json['owner_id'], "Task was created", 2, 'Task', task.id)
db.session.add(audit)
db.session.commit()
log_message("The task "+task.title+" has been created on the Budget App by "+task.owner.full_name, "Task Management", 1, 1, None)
return jsonify({'status': 'success', 'task': task.serialize}), 201
def add_sub_budget():
# get parent sub
parent_sub = SubBudgets.query.get(request.json["budget_id"])
sub = SubBudgets()
sub.allocation = request.json["allocation"]
sub.name = request.json["name"]
sub.parent_budget = request.json["budget_id"]
sub.sub_budget_type = parent_sub.sub_budget_type
sub.created_by = request.json["owner_id"]
db.session.add(sub)
db.session.commit()
audit = Audit(sub.created_by, "User created a sub budget", 9, 'Sub Budget', sub.id)
db.session.add(audit)
db.session.commit()
log_message("The budget "+sub.name+" has been created on the Budget App by "+sub.created_by, "Budget Management", 1, 1, None)
return jsonify({'status': 'success'}), 201
def assigned_tasks():
form = UpdateTaskForm()
if form.validate_on_submit():
history = TaskHistory()
history.percent = form.percent.data
history.task_id = form.task_id.data
history.owner_id = current_user.id
history.note = form.note.data
task = Task.query.get(form.task_id.data)
task.status = form.status.data
# contextual updates
if form.percent.data != 0 and form.percent.data != 100 and form.status.data in [0, 2, 3]:
task.status = 1
if form.percent.data == 100:
task.status = 2
if form.status.data == 2:
history.percent = 100
audit = Audit(current_user.id, "User updated a task", 3, 'Task', task.id)
db.session.add(audit)
db.session.add(history)
db.session.add(task)
db.session.commit()
# notify concerned parties
#log_message("The task "+task.title+" has been updated by "+current_user.full_name, "Task Updated", 0, None, task.owner_id)
for perm in Permissions.query.filter(Permissions.task_id==task.id).all():
pass
#log_message("The task "+task.title+" has been updated by "+current_user.full_name, "Task Updated", 0, None, perm.user_id)
flash('The task has been successfully updated', 'success')
tasks = Permissions.query.filter(Permissions.user_id==current_user.id).order_by(Permissions.date_created.desc()).all()
return render_template('assigned.html', tasks=tasks, form=form)
def budget_transfer(bfrom, bto, amount):
budget_from = SubBudgets.query.get(bfrom)
budget_to = SubBudgets.query.get(bto)
amount = int(amount)
if not budget_from or not budget_to:
flash('One or more budgets does not exist', 'error')
elif budget_from.amount_remaining < amount:
flash('Amount to be transferred exceeds budget balance', 'error')
else:
budget_from.allocation -= amount
budget_to.allocation += amount
db.session.add(budget_from)
db.session.add(budget_to)
db.session.commit()
audit = Audit(current_user.id, "User transferred %d from %s to %s" % (amount, budget_from.name, budget_to.name), 10, 'Sub Budget', budget_from.id)
db.session.add(audit)
db.session.commit()
#log_message(str(amount)+" was transferred from "+budget_from.name+" to "+budget_to.name+" by "+current_user.full_name, "Budget Management", 1, 1, None)
flash('Budget transfer has been successfully carried out', 'success')
return redirect(url_for('.manage_budget'))