def validate_expense(budget_id, date_incurred, amount, description): valid = True valid &= vu.validate_integer(budget_id, flash_errors=False) valid &= vu.validate_date(date_incurred, flash_errors=False) valid &= vu.validate_currency(amount, flash_errors=False) valid &= len(description) > 0 return valid
def validate_expense(budget_id, date_incurred, amount, description): valid = True valid &= vu.validate_integer(budget_id, flash_errors=False) valid &= vu.validate_date(date_incurred, flash_errors=False) valid &= vu.validate_currency(amount, flash_errors=False) valid &= len(description) > 0 return valid
def handle_edit_assignment(assignment_id, start_date, end_date):
"""
Validates form data and edits the existing assignment.
Returns True on success, False otherwise.
"""
if not validation_utils.validate_date(start_date) \
or not validation_utils.validate_date(end_date):
return False
if end_date <= start_date:
flask.flash("Start date must be before end date!")
query = sqlalchemy.text("""
UPDATE office_assignments
SET start_date = :start,
end_date = :end
WHERE assignment_id = :a
""")
try:
flask.g.db.execute(query, start=start_date, end=end_date, a=assignment_id)
return True
except Exception:
return False
def handle_new_assignment(office_id, user_id, start_date, end_date):
"""
Validates provided form data and creates the new assignment if successful.
Returns True on success, False otherwise.
"""
# Check that IDs are integers, at least.
try:
office_id = int(office_id)
user_id = int(user_id)
assert office_id >= 0
assert user_id >= 0
except Exception:
flask.flash("Invalid request.")
return False
# Check date strings. This automatically flashes error messages.
if not validation_utils.validate_date(start_date) \
or not validation_utils.validate_date(end_date):
return False
# Start date should be before end date...
# Conveniently, since we use YYYY-MM-DD format, we can compare the strings directly.
if end_date <= start_date:
flask.flash("Start date must be before end date!")
return False
query = sqlalchemy.text("""
INSERT INTO office_assignments (office_id, user_id, start_date, end_date)
VALUES (:oid, :uid, :start, :end)
""")
try:
flask.g.db.execute(query, oid=office_id, uid=user_id,
start=start_date, end=end_date)
return True
except Exception:
flask.flash("Encountered unexpected error. Try again?")
return False
def handle_create_account(user_id, username, password, password2, birthday):
"""Handles account creation.
Creates account if all values provided are valid.
Returns:
bool indicating success.
"""
# Validate username and password. The validate_* functions will flash errors.
# We want to check all fields and not just stop at the first error.
is_valid = True
if not validation_utils.validate_username(username):
is_valid = False
if not validation_utils.validate_password(password, password2):
is_valid = False
if not validation_utils.validate_date(birthday):
is_valid = False
if not is_valid:
return False
# Insert new values into the database. Because the password is updated in a
# separate step, we must use a transaction to execute this query.
transaction = flask.g.db.begin()
try:
# Insert the new row into users.
query = sqlalchemy.text("""
INSERT INTO users (user_id, username, password_hash)
VALUES (:user_id, :username, :password_hash)
""")
flask.g.db.execute(query,
user_id=user_id,
username=username,
password_hash="")
# Set the password.
auth_utils.set_password(username, password)
# Set the birthday and invalidate the account creation key.
query = sqlalchemy.text("""
UPDATE members
SET birthday = :birthday,
create_account_key = NULL
WHERE user_id = :user_id
""")
flask.g.db.execute(query, birthday=birthday, user_id=user_id)
transaction.commit()
except Exception:
transaction.rollback()
flask.flash("An unexpected error occurred. Please find an IMSS rep.")
return False
# Email the user.
query = sqlalchemy.text("""
SELECT name, email
FROM members
NATURAL JOIN members_extra
NATURAL JOIN users
WHERE username = :u
""")
result = flask.g.db.execute(query, u=username).first()
# Send confirmation email to user.
email = result["email"]
name = result["name"]
msg = email_templates.CreateAccountSuccessfulEmail.format(name, username)
subject = "Thanks for creating an account!"
email_utils.send_email(email, msg, subject)
return True
def handle_create_account(user_id, username, password, password2, birthday):
"""Handles account creation.
Creates account if all values provided are valid.
Returns:
bool indicating success.
"""
# Validate username and password. The validate_* functions will flash errors.
# We want to check all fields and not just stop at the first error.
is_valid = True
if not validation_utils.validate_username(username):
is_valid = False
if not validation_utils.validate_password(password, password2):
is_valid = False
if not validation_utils.validate_date(birthday):
is_valid = False
if not is_valid:
return False
# Insert new values into the database. Because the password is updated in a
# separate step, we must use a transaction to execute this query.
transaction = flask.g.db.begin()
try:
# Insert the new row into users.
query = sqlalchemy.text("""
INSERT INTO users (user_id, username, password_hash)
VALUES (:user_id, :username, :password_hash)
""")
flask.g.db.execute(query, user_id=user_id,
username=username, password_hash="")
# Set the password.
auth_utils.set_password(username, password)
# Set the birthday and invalidate the account creation key.
query = sqlalchemy.text("""
UPDATE members
SET birthday = :birthday,
create_account_key = NULL
WHERE user_id = :user_id
""")
flask.g.db.execute(query, birthday=birthday, user_id=user_id)
transaction.commit()
except Exception:
transaction.rollback()
flask.flash("An unexpected error occurred. Please find an IMSS rep.")
return False
# Email the user.
query = sqlalchemy.text("""
SELECT name, email
FROM members
NATURAL JOIN members_extra
NATURAL JOIN users
WHERE username = :u
""")
result = flask.g.db.execute(query, u=username).first()
# Send confirmation email to user.
email = result["email"]
name = result["name"]
msg = email_templates.CreateAccountSuccessfulEmail.format(name, username)
subject = "Thanks for creating an account!"
email_utils.send_email(email, msg, subject)
return True
