def save_block(subject_id, block_name):
if not g.user:
abort(401)
from rule import StateMachine
sm = StateMachine(subject_id)
if not sm.check(block_name, g.user.occupation, "save"):
abort(403)
from prams import db
import model
bClass = getattr(model, block_name)
qObj = bClass.query.filter_by(subject_id=subject_id).first()
from rule import fieldTitle
for fn in fieldTitle[block_name].iterkeys(): # fn is for field name
# TODO: check data type before put into db
if request.form.has_key(fn):
content = request.form[fn]
if content == "None":
content = None
else:
content = None
setattr(qObj, fn, content) # set attribute by name
db.session.add(qObj)
db.session.commit()
flash("The Form sheet has been saved")
sm.update()
return redirect(
url_for("subject", subject_id=str(subject_id))
) # note: end_point is the HTML for the view_func, you are redirecting the current view to a page, thus it must have a template to remnder.
def display_block(mode, subject_id, block_name):
if not g.user:
abort(401) # 401 means unauthorize
from rule import StateMachine
sm = StateMachine(subject_id)
if not sm.check(
block_name, g.user.occupation, mode
): # always use state machine to implement access control. mode = action
abort(403) # 403 means forbidden
import model
bClass = getattr(model, block_name) # get block class by its name given by string
block_info = bClass.query.filter_by(subject_id=subject_id).first()
sort_block_info = [] # sorting field by its name and return
sort_block_info.append(["subject_id", block_info.subject_id])
sort_block_info.append(["status", block_info.status])
keys = sorted(block_info.__dict__.keys())
keys = keys[1:-2]
for key in keys:
sort_block_info.append([key, getattr(block_info, key)]) # append the key and its value
from rule import fieldTitle
sm.update()
return render_template(
"block.html",
mode=mode,
subject_id=subject_id,
block_name=block_name,
block_info=sort_block_info,
title_map=fieldTitle[block_name],
)
def seal_subject(subject_id):
from rule import StateMachine
sm = StateMachine(subject_id)
if not sm.check('final_review', g.user.occupation, 'seal'):
abort(403)
flash('subject has been sealed.')
sm.update()
return redirect(url_for('subject', subject_id = subject_id))
def allocate_establishment_reference_number(subject_id):
from rule import StateMachine
sm = StateMachine(subject_id)
if not sm.check('wait_to_allocate', g.user.occupation, 'allocate'):
abort(403)
flash('Allocation operation completed.')
sm.update()
return redirect(url_for('subject', subject_id = subject_id))
def view_subject(subject_id):
if not g.user:
abort(401)
# basic information
subject_info = {}
subject_info['subject_id'] = subject_id
from model import f1b1, Subject
qObj = f1b1.query.filter_by(subject_id = subject_id).first()
sObj = Subject.query.filter_by(subject_id = subject_id).first()
subject_info['department'] = qObj.field01
subject_info['title'] = qObj.field02
subject_info['holder'] = qObj.field03
subject_info['new'] = qObj.field04
subject_info['subject_status'] = sObj.status
extra_action = None
done_before = False
from rule import StateMachine
sm = StateMachine(subject_id)
if sObj.status in ('wait_to_allocate', 'wait_to_review', 'final_review'):
extra_action = sObj.status
from model import PendingJob
done_before = (PendingJob.query.filter_by(subject_id = subject_id, stage = extra_action, to_user_occupation = g.user.occupation).first() == None)
# form A table
# order by: section, block responisbility action, status
from rule import FormStructure
import model
fm = FormStructure()
tb_fA = []
for block_name in fm.get_blocks('Form A'):
bClass = getattr(model, block_name)
tb_fA.append([
(block_name == sObj.status), # activated
fm.get_sectionName(block_name), # section name
block_name, # block name
fm.get_responsibility(block_name), # responsibility
sm.get_view_OR_edit(block_name, g.user.occupation), # action
bClass.query.filter_by(subject_id = subject_id).first().status # block status
])
# form B table
tb_fB = []
# form C table
tb_fC = []
return render_template('subject.html',
subject_info = subject_info,
table_formA = tb_fA,
table_formB = tb_fB,
table_formC = tb_fC,
extra_action = extra_action,
sm = sm,
done_before = done_before
)
def add_subject():
if not g.user:
abort(401)
from rule import StateMachine
sm = StateMachine()
if not sm.check('subject', g.user.occupation, 'add'):
abort(403)
from prams import db
from model import Subject
newSubject = Subject()
db.session.add(newSubject)
db.session.flush()
db.session.refresh(newSubject)
row_id = newSubject.subject_id
sm.cur_subject_id = row_id
from model import f1b1
newFb = f1b1(row_id)
db.session.add(newFb)
from model import f1b2
newFb = f1b2(row_id)
db.session.add(newFb)
from model import f1b3
newFb = f1b3(row_id)
db.session.add(newFb)
from model import f1b4
newFb = f1b4(row_id)
db.session.add(newFb)
from model import f1b5
newFb = f1b5(row_id)
db.session.add(newFb)
from model import f1b6
newFb = f1b6(row_id)
db.session.add(newFb)
# # To estabalish more blocks.
db.session.commit()
flash('A new subject has been added, subject ID is "%d"' %row_id)
sm.update()
return redirect(url_for('all_subjects'))
def delete_subject(subject_id):
if not g.user:
abort(401)
from rule import StateMachine
sm = StateMachine(subject_id)
if not sm.check('*', g.user.occupation, 'delete'):
abort(403)
from rule import FormStructure
fm = FormStructure()
from prams import db
import model
for bl in fm.get_blocks():
bClass = getattr(model, bl)
qObj = bClass.query.filter_by(subject_id = subject_id).first()
db.session.delete(qObj)
db.session.commit()
sObj = model.Subject.query.filter_by(subject_id = subject_id).first()
db.session.delete(sObj)
db.session.commit()
sm.update()
flash('The Subject ' + subject_id + ' has been deleted.')
return redirect(url_for('all_subjects'))
def submit_block(subject_id, block_name):
if not g.user:
abort(401)
from rule import StateMachine
sm = StateMachine(subject_id)
if not sm.check(block_name, g.user.occupation, "submit"):
abort(403)
# check for validation and update the subject status
from prams import db
import model
sObj = model.Subject.query.filter_by(subject_id=subject_id).first()
bClass = getattr(model, block_name)
qObj = bClass.query.filter_by(subject_id=subject_id).first()
if qObj.status == 2:
flash("THe block had been submitted and can't be submitted again.")
return redirect(url_for("subject", subject_id=str(subject_id)))
from rule import fieldTitle
for fn in fieldTitle[block_name].iterkeys(): # fn is for field name
if not request.form.has_key(fn): # some field would be None if it is not be filled.
flash("The form is not completed.")
return redirect(url_for("subject", subject_id=str(subject_id)))
content = request.form[fn]
# check data type before put into db
if content == "None":
flash("The form is not completed.")
return redirect(url_for("subject", subject_id=str(subject_id)))
setattr(qObj, fn, content)
## update the status
db.session.add(qObj)
db.session.commit()
sm.update()
flash("The form has been submitted.")
return redirect(url_for("subject", subject_id=str(subject_id)))
