def login():
form = LoginForm()
if form.validate_on_submit():
user = User.authenticate(form.login.data.lower().strip(),
form.password.data,
)
if user is None:
form.login.errors = [t('.invalid_name_or_password')]
elif not user.is_active:
form.login.errors = [t('.not_activated')]
else:
session['user_id'] = user.id
session['lang'] = user.lang
url = session.pop('next_url', None)
if not url:
if user.is_root:
url = url_for('users.index')
elif user.is_store_user:
url = url_for('iohistory.index')
elif user.is_project_leader:
url = url_for('spareparts.index')
elif user.is_asset_user:
url = url_for('equipment.index')
elif user.is_asset_leader:
url = url_for('users.index')
else:
url = url_for('.index')
return redirect(url)
return render_template('home/login.html', form=form)
def edit2(id):
set_referrer()
e = Equipment.find_one(id)
if e is None:
flash(t('record_not_found'), 'error')
return redirect(get_referrer())
if not g.user.can_update_location(e):
flash(t('permission_denied'), 'error')
return redirect(get_referrer())
form = LocationForm(request.form,
location=e.location,
is_good='good' if e.is_good else 'bad'
)
form.is_good.choices = [('good', t('good')), ('bad', t('bad'))]
if form.validate_on_submit():
e.location = form.location.data
if not e.is_good:
e.is_good = form.is_good.data == 'good'
e.save(skip=True)
if e.is_valid:
flash(t('updated_successfully'), 'success')
return redirect(get_referrer())
return render_template('equipment/edit2.html',
form=form,
equipment=e,
)
def equipment_out():
form = EquipmentOutForm()
if form.validate_on_submit():
flex_id = form.flex_id.data.strip().upper()
spec = dict(flex_id=flex_id,
is_live=True,
)
e = Equipment.find_one(spec=spec)
if not e:
form.flex_id.errors = ['not_found']
elif not e.is_instore:
form.flex_id.errors = ['iohistory.not_in_store']
elif not g.user.can_transfer_equipment(e):
form.flex_id.errors = ['permission_denied']
else:
tf = create_tf(form)
tf.name = e.name
tf.model = e.model
tf.update(is_in=False,
kind='0',
asset=dict(flex_id=flex_id,
sn=e.sn,
fixed_id=e.fixed_id,
prod_date=e.prod_date,
cn=e.cn,
tn=e.tn,
department=e.department,
project=e.project,
is_good=e.is_good,
from_where=e.location,
to_where=form.where.data,
done=True,
),
)
tf.save()
if tf.is_valid:
doc = dict(status=e.status + ['transfer'],
is_live=False,
is_instore=False,
)
e.save(doc=doc, update_ts=False, skip=True)
flash(t('.equipment_transfer_out_successfully'))
dp = form.department.data
pj = form.project.data
asset_users = User.get_emails('asset_user', dp, pj, 'tf')
store_users = User.get_emails('store_user', dp, pj, 'tf')
asset_leaders = User.get_emails('asset_leader', dp, pj, 'tf')
send_mail(subject=t('notifications.equipment_transfer_out'),
to=User.get_emails('project_leader', dp, pj, 'tf'),
cc=asset_users + store_users + asset_leaders,
template='transfer_out.html',
values=dict(tf=tf, asset=e),
)
return redirect(url_for('.index'))
fill_form_error(form, tf)
return render_template('transfers/equipment_out.html',
form=form,
)
def import_equipment():
checked = False
form = ImportForm()
if request.method == 'POST':
if request.form.get('if-update'):
checked = True
excel = request.files.get('attachment')
if not excel:
flash(t('please_select_a_file'), 'error')
elif os.path.splitext(excel.filename)[-1].lower() != '.xls':
flash(t('only_excel_is_allowed'), 'error')
else:
fn = '{}_{}_{}'.format(strftime('%Y%m%d%H%M%S'),
g.user.id,
secure_filename(excel.filename),
)
file_path = os.path.join(tempfile.gettempdir(), fn)
excel.save(file_path)
return do_import(file_path, update=checked)
return render_template('equipment/import.html',
checked=checked,
form=form,
)
def new():
if not g.user.can_create_user:
flash(t('permission_denied'), 'error')
return redirect(url_for('.index'))
form = NewUserForm()
fill_form_choices(form)
form.is_active.choices = bool_choices('.active', '.disabled')
if form.validate_on_submit():
user = User(login=form.login.data.strip().lower(),
nick_name=form.nick_name.data.strip(),
password=form.password.data,
email=form.email.data.strip(),
badge_id=str(form.badge_id.data),
lang=form.lang.data,
is_active=bool(form.is_active.data),
gsm=form.gsm.data.strip(),
phone=form.phone.data.strip(),
short_no=form.short_no.data.strip(),
)
user.can_send = update_send(form)
user.save()
if user.is_valid:
flash(t('created_successfully'), 'success')
return redirect(url_for('.index'))
fill_form_error(form, user)
return render_template('users/new.html',
form=form,
)
def edit(id):
set_referrer()
e = Equipment.find_one(id)
if e is None:
flash(t('record_not_found'), 'error')
return redirect(get_referrer())
if not g.user.can_edit_equipment(e):
flash(t('permission_denied'), 'error')
return redirect(get_referrer())
data = e.dict
data.update(is_good='good' if data['is_good'] else 'bad',
is_instore='in' if data['is_instore'] else 'out',
)
form = EquipmentForm(request.form, **data)
fill_choices(form)
if form.validate_on_submit():
update_equipment(e, form)
if not e.source:
form.source.errors = ['This field is required.']
else:
e.save()
if e.is_valid:
handle_uploads(str(e.id))
flash(t('updated_successfully'), 'success')
return redirect(get_referrer())
fill_form_error(form, e)
return render_template('equipment/edit.html',
form=form,
equipment=e,
)
def authorize(id):
user = User.find_one(id)
if user is None:
flash(t('record_not_found'), 'error')
return redirect(url_for('.index'))
# user can not modify his/her own permission
if g.user.id == user.id:
flash(t('permission_denied'), 'error')
return redirect(url_for('.index'))
groups = [p.group for p in user.permissions]
form = AuthorizeForm(request.form, groups=groups)
spec = dict(is_active=True)
if not g.user.is_root:
spec.update(role={'$ne': 'asset_leader'})
form.groups.choices = sorted((p.group, p.group)
for p in Permission.find(spec=spec)
)
if form.validate_on_submit():
user.groups = sorted(request.form.getlist('groups'))
if sorted(groups) != user.groups:
user.save()
flash(t('updated_successfully'), 'success')
return redirect(url_for('.index'))
return render_template('users/authorize.html',
form=form,
user=user,
)
def edit(id):
sp = Sparepart.find_one(id)
if sp is None:
flash(t('record_not_found'), 'error')
return redirect(request.referrer)
if not g.user.can_edit_sparepart(sp):
flash(t('permission_denied'), 'error')
return redirect(request.referrer)
doc = sp.dict
can_edit_qty = sp.can_edit_qty
form = SparepartForm(request.form, **doc)
form.department.choices = department_choices()
form.project.choices = project_choices(with_all=g.user.is_root)
if form.validate_on_submit():
update_part(sp, form, can_edit_qty)
sp.save()
if sp.is_valid:
handle_uploads(str(sp.id))
flash(t('updated_successfully'), 'success')
return redirect(url_for('.index'))
fill_form_error(form, sp)
return render_template('spareparts/edit.html',
form=form,
can_edit_qty=can_edit_qty,
sp=sp,
)
def signup():
form = SignupForm()
fill_form_choices(form)
if form.validate_on_submit():
user = User(login=form.login.data.strip().lower(),
password=form.password.data,
nick_name=form.nick_name.data.strip(),
badge_id=str(form.badge_id.data),
email=form.email.data.strip(),
phone=form.phone.data.strip(),
gsm=form.gsm.data.strip(),
short_no=form.short_no.data.strip(),
lang=form.lang.data,
)
can_send = []
for k in ('buy', 'io', 'tf', 'idle', 'scrap', 'alarm', 'notify'):
if getattr(form, 'send_{}'.format(k)).data == 'yes':
can_send.append(k)
user.can_send = can_send
user.save()
if user.is_valid:
flash(t('signup_successfully', 'success'))
return redirect(url_for('.login'))
# show the error message
for k, v in user._errors.items():
flash('{}: {}'.format(k, t(v)), 'error')
return render_template('home/signup.html', form=form)
def fill_choices(form):
form.department.choices = department_choices()
form.project.choices = project_choices()
form.source.choices = source_choices()
form.is_good.choices = [('good', t('good')), ('bad', t('bad'))]
form.is_instore.choices = [('in', t('.instore')),
('out', t('.outstore'))
]
def edit(id):
user = User.find_one(id)
if user is None:
flash(t('record_not_found'), 'error')
return redirect(url_for('.index'))
if not g.user.can_edit_user(user):
flash(t('permission_denied'), 'error')
return redirect(url_for('.index'))
data = user.dict
for k in ('buy', 'io', 'tf', 'idle', 'scrap', 'alarm', 'notify'):
data['send_{}'.format(k)] = 'yes' if k in data['can_send'] else 'no'
form = EditUserForm(request.form, **data)
fill_form_choices(form)
form.is_active.choices = bool_choices('.active', '.disabled')
if form.validate_on_submit():
user.update(nick_name=form.nick_name.data.strip(),
email=form.email.data.strip(),
badge_id=str(form.badge_id.data),
lang=form.lang.data,
gsm=form.gsm.data.strip(),
phone=form.phone.data.strip(),
short_no=form.short_no.data.strip(),
)
user.can_send = update_send(form)
if not user.is_root:
user.update(login=form.login.data.strip().lower())
if g.user.id != user.id:
user.is_active = bool(form.is_active.data)
if form.password_again.data:
user.password = form.password.data
user.save()
if user.is_valid:
session['lang'] = user.lang
flash(t('updated_successfully'), 'success')
# password reset?
if user.email and form.password.data:
if user.is_active and user.id != g.user.id:
send_mail(subject=t('users.your_password_was_reset'),
to=[user.email],
template='password_reset.html',
values=dict(password=form.password.data,
login=user.login,
),
)
return redirect(url_for('.index'))
fill_form_error(form, user)
return render_template('users/edit.html',
user=user,
form=form,
)
def fill_form_choices(form):
radio_choice = [('yes', t('yes')), ('no', t('no'))]
form.send_buy.choices = radio_choice
form.send_io.choices = radio_choice
form.send_tf.choices = radio_choice
form.send_idle.choices = radio_choice
form.send_scrap.choices = radio_choice
form.send_alarm.choices = radio_choice
form.send_notify.choices = radio_choice
def fill_choices(form, kind='equipment'):
form.department.choices = limited_department_choices(g.user)
form.project.choices = project_choices()
form.source.choices = source_choices()
if kind == 'equipment':
form.is_good.choices = [('good', t('good')), ('bad', t('bad'))]
else:
dept = form.department.data
project = form.project.data
form.code.choices = code_choices(dept, project)
def role_choices(asset_leader=False):
s = 'permissions'
lst = [('asset_user', t('{}.asset_user'.format(s))),
('store_user', t('users.store_user')),
('project_leader', t('{}.project_leader'.format(s))),
# ('cal_user', t('{}.cal_user'.format(s))),
]
if asset_leader is True:
lst.insert(0, ('asset_leader', t('{}.asset_leader'.format(s))))
return blank_choices() + lst
def export():
spec = session.get('spspec')
form = ExportForm()
if request.method == 'POST':
dbkeys = request.values.getlist('dbkey')
session['spchecked'] = dbkeys
if not dbkeys:
flash(t('no_field_was_selected'), 'error')
return render_template('spareparts/export.html',
fields=get_fields(),
form=form,
checked=session['spchecked'] or [None],
)
wb = Workbook()
ws = wb.add_sheet('Part List')
fill_header(ws, dbkeys)
objs = Sparepart.find(spec=spec, sort='department, project, code')
row = 1
for sp in objs:
for i, k in enumerate(dbkeys):
if k == 'total_price':
ws.write(row, i, sp.unit_price * sp.store_good)
elif k == 'is_local':
if sp.is_local:
txt = t('spareparts.local')
else:
txt = t('spareparts.oversea')
ws.write(row, i, txt)
else:
ws.write(row, i, getattr(sp, k))
row += 1
file_name = 'Part List {}.xls'.format(str(g.user.id))
file_dir = tempfile.gettempdir()
file_path = os.path.join(file_dir, file_name)
if os.path.isfile(file_path):
os.remove(file_path)
session.pop('spspec', None)
wb.save(file_path)
return send_from_directory(file_dir,
file_name,
as_attachment=True,
attachment_filename=file_name,
)
return render_template('spareparts/export.html',
fields=get_fields(),
form=form,
checked=session.get('spchecked', []),
)
def equipment_out():
form = OutEquipmentForm()
form.to_project.choices = project_choices(True)
e = None
if form.validate_on_submit():
flex_id = form.flex_id.data.strip().upper()
spec = dict(flex_id=flex_id, is_live=True)
e = Equipment.find_one(spec=spec)
if not e:
form.flex_id.errors = ["not_found"]
elif not e.is_instore:
form.flex_id.errors = [".not_in_store"]
elif not g.user.can_io_asset(e):
form.flex_id.errors = ["permission_denied"]
else:
io = create_io(form)
io.update(
kind="0",
is_out=True,
department=e.department,
project=e.project,
name=e.name,
asset=dict(
flex_id=flex_id,
sn=e.sn,
fixed_id=e.fixed_id,
model=e.model,
to_project=form.to_project.data,
to_where=form.to_where.data,
to_line=form.line.data,
iogood=e.is_good,
),
)
io.save()
if io.is_valid:
doc = dict(location=form.to_where.data, line=form.line.data, is_instore=False)
e.save(doc=doc, skip=True, update_ts=False)
flash(t(".equipment_out_successfully"), "success")
dp = e.department
pj = e.project
send_mail(
subject=t("notifications.equipment_was_out"),
to=User.get_emails("project_leader", dp, pj, "io"),
cc=User.get_emails("store_user", dp, pj, "io"),
template="asset_out.html",
values=dict(asset=e, io=io),
)
return redirect(url_for(".index", kind="out"))
fill_form_error(form, io)
return render_template("iorecords/equipment_out.html", form=form, equipment=e)
def sparepart_in():
form = BackSparepartForm()
fill_sp_choices(form, "in")
if form.validate_on_submit():
code = form.code_text.data.strip().upper() or form.code.data
sp = Sparepart.find_one(spec=dict(code=code))
if not sp:
form.code_text.errors = ["not_found"]
else:
good_qty = form.good.data
bad_qty = form.bad.data
io = create_io(form)
io.update(
kind="1",
is_out=False,
department=sp.department,
project=sp.project,
name=sp.name,
asset=dict(code=code, pn=sp.pn, iogood=good_qty, iobad=bad_qty),
)
io.save()
if io.is_valid:
good_out = sp.out_good - good_qty
bad_out = sp.out_bad - bad_qty
if good_out < 0:
good_out = 0
if bad_out < 0:
bad_out = 0
doc = dict(
store_good=sp.store_good + good_qty,
store_bad=sp.store_bad + bad_qty,
out_good=good_out,
out_bad=bad_out,
)
sp.save(doc=doc, skip=True, update_ts=False)
flash(t(".sparepart_in_successfully"), "success")
dp = sp.department
pj = sp.project
send_mail(
subject=t("notifications.sparepart_was_in"),
to=User.get_emails("project_leader", dp, pj, "io"),
cc=User.get_emails("store_user", dp, pj, "io"),
template="asset_in.html",
values=dict(asset=sp, io=io),
)
return redirect(url_for(".index", kind="in"))
fill_form_error(form, io)
return render_template("iorecords/sparepart_in.html", form=form, code_desc=get_sp_desc(form.code.data))
def destroy(id):
user = User.find_one(id)
if user is None:
flash(t('record_not_found'), 'error')
elif g.user.can_remove_user(user):
if user.canbe_removed:
user.destroy()
flash(t('destroyed_successfully'), 'success')
else:
flash(t('cannot_be_removed'), 'error')
else:
flash(t('permission_denied'), 'error')
return redirect(url_for('.index'))
def equipment_in():
form = BackEquipmentForm()
form.is_good.choices = [("good", t("good")), ("bad", t("bad"))]
e = None
if form.validate_on_submit():
flex_id = form.flex_id.data.strip().upper()
spec = dict(flex_id=flex_id)
e = Equipment.find_one(spec=spec)
if e is None:
form.flex_id.errors = ["not_found"]
elif e.is_instore:
form.flex_id.errors = [".already_in_store"]
elif not g.user.can_io_asset(e):
form.flex_id.errors = ["permission_denied"]
else:
io = create_io(form)
io.update(
is_out=False,
kind="0",
department=e.department,
project=e.project,
name=e.name,
asset=dict(
back_to=form.location.data,
iogood=form.is_good.data == "good",
flex_id=flex_id,
sn=e.sn,
fixed_id=e.fixed_id,
model=e.model,
),
)
io.save()
if io.is_valid:
doc = dict(is_instore=True, location=form.location.data, line="")
e.save(doc=doc, skip=True, update_ts=False)
flash(t(".equipment_in_successfully"), "success")
dp = e.department
pj = e.project
send_mail(
subject=t("notifications.equipment_was_in"),
to=User.get_emails("project_leader", dp, pj, "io"),
cc=User.get_emails("store_user", dp, pj, "io"),
template="asset_in.html",
values=dict(asset=e, io=io),
)
return redirect(url_for(".index", kind="in"))
fill_form_error(form, io)
return render_template("iorecords/equipment_in.html", form=form, equipment=e)
def export():
spec = session.get('espec')
form = ExportForm()
if request.method == 'POST':
dbkeys = request.values.getlist('dbkey')
session['echecked'] = dbkeys
if not dbkeys:
flash(t('no_field_was_selected'), 'error')
return render_template('equipment/export.html',
fields=get_fields(),
form=form,
checked=session['echecked'] or [None],
)
wb = Workbook()
ws = wb.add_sheet('Equipment List')
fill_header(ws, dbkeys)
objs = Equipment.find(spec=spec, sort='department, project, flex_id')
row = 1
for e in objs:
for i, k in enumerate(dbkeys):
if k == 'is_good':
ws.write(row, i, t('good' if e.is_good else 'bad'))
elif k == 'is_instore':
ws.write(row, i, t('yes' if e.is_instore else 'no'))
else:
ws.write(row, i, getattr(e, k))
row += 1
file_name = 'Equipment List {}.xls'.format(str(g.user.id))
file_dir = tempfile.gettempdir()
file_path = os.path.join(file_dir, file_name)
if os.path.isfile(file_path):
os.remove(file_path)
session.pop('espec', None)
wb.save(file_path)
return send_from_directory(file_dir,
file_name,
as_attachment=True,
attachment_filename=file_name,
)
return render_template('equipment/export.html',
fields=get_fields(),
form=form,
checked=session.get('echecked', []),
)
def destroy(id):
buy = Buy.find_one(id)
if buy is None:
flash(t('record_not_found'), 'error')
if buy.canbe_removed:
if g.user.can_remove_buy(buy):
buy.destroy()
flash(t('destroyed_successfully'), 'success')
else:
flash(t('permission_denied'), 'error')
else:
flash(t('can_not_be_removed'), 'error')
return redirect(url_for('.index'))
def import_spareparts(kind=1):
form = ImportForm()
if kind == 0:
template = 'update_sparepart_qty.xls'
image = 'update_sparepart_qty.png'
checked = None
legend = '.update_sparepart_qty'
submit = '.start_update'
elif kind == 1:
template = 'sparepart.xls'
image = 'sparepart.png'
checked = False
legend = '.import_spareparts'
submit = 'start_import'
else:
template = 'update_sparepart_price.xls'
image = 'update_sparepart_price.png'
checked = None
legend = '.update_sparepart_price'
submit = '.start_update'
if request.method == 'POST':
if request.form.get('if-update'):
checked = True
excel = request.files.get('attachment')
if not excel:
flash(t('please_select_a_file'), 'error')
elif os.path.splitext(excel.filename)[-1].lower() != '.xls':
flash(t('only_excel_is_allowed'), 'error')
else:
fn = '{}_{}_{}'.format(strftime('%Y%m%d%H%M%S'),
g.user.id,
secure_filename(excel.filename),
)
file_path = os.path.join(tempfile.gettempdir(), fn)
excel.save(file_path)
return do_import(file_path, update=checked, kind=kind)
return render_template('spareparts/import.html',
checked=checked,
form=form,
template=template,
image=image,
legend=legend,
submit=submit,
)
def new():
form = PermissionForm()
role = form.role.data
if role not in ('None', ''):
dc = department_choices(with_all=(role != 'project_leader'))
else:
dc = blank_choices()
form.department.choices = dc
form.projects.choices = project_choices(with_all=g.user.is_root)
form.role.choices = role_choices(asset_leader=g.user.is_root)
form.is_active.choices = bool_choices('.active', '.disabled')
if form.validate_on_submit():
dp = form.department_text.data.strip().upper() or form.department.data
p = Permission(group=form.group.data.strip().upper(),
role=form.role.data,
department=dp,
projects=request.form.getlist('projects'),
is_active=bool(form.is_active.data),
remark=form.remark.data,
)
p.save()
if p.is_valid:
flash(t('created_successfully'), 'success')
return redirect(url_for('.index', role=p.role))
fill_form_error(form, p)
return render_template('permissions/new.html',
form=form,
)
def show_equipment():
flex_id = request.args.get('flex_id', '').strip().upper()
if len(flex_id) > 11:
e = Equipment.find_one(spec=dict(flex_id=flex_id))
if e:
data = e.dict
data.update(is_good=t('good') if e.is_good else t('bad'),
is_instore=t('yes') if e.is_instore else t('no'),
status=t(e.get_status),
)
data.pop('updated_at', None)
data.pop('_id', None)
return jsonify(found=True, **data)
return jsonify(found=False, **dict((k, '') for k in Equipment._db_fields))
def get_buy(id):
buy = Buy.find_one(id)
if buy is None:
flash(t('record_not_found'), 'error')
return True, redirect(url_for('.index'))
return False, buy
def destroy(id):
p = Permission.find_one(id)
if p is None:
flash(t('record_not_found'), 'error')
elif g.user.can_remove_permission(p):
p.destroy()
group = p.group
kwargs = dict(skip=True, update_ts=False)
for user in User.find(spec=dict(groups=group)):
user.groups.remove(group)
user.save(doc=dict(groups=user.groups), **kwargs)
flash(t('destroyed_successfully'), 'success')
else:
flash(t('permission_denied'), 'error')
return redirect(url_for('.index', role=p.role if p else ''))
def destroy(id):
sp = Sparepart.find_one(id)
if sp is None:
flash(t('record_not_found'), 'error')
elif g.user.can_remove_sparepart(sp):
if sp.canbe_removed:
sp.destroy()
[up.destroy() for up in sp.uploads]
flash(t('destroyed_successfully'), 'success')
else:
flash(t('cannot_be_removed'), 'error')
else:
flash(t('permission_denied'), 'error')
return redirect(request.referrer)
def show(id):
set_referrer()
ep = Equipment.find_one(id)
if ep is None:
flash(t('record_not_found'), 'error')
return redirect(get_referrer())
return render_template('equipment/show.html', ep=ep)
def show(id):
io = Iorecord.find_one(id)
kind = request.args.get("kind")
if not io:
flash(t("record_not_found"), "error")
return redirect(url_for(".index", kind=kind))
return render_template("iorecords/show.html", io=io, kind=kind)
def destroy(id):
set_referrer()
e = Equipment.find_one(id)
if e is None:
flash(t('record_not_found'), 'error')
elif g.user.can_remove_equipment(e):
if e.canbe_removed:
e.destroy()
[up.destroy() for up in e.uploads]
flash(t('destroyed_successfully'), 'success')
else:
flash(t('cannot_be_removed'), 'error')
else:
flash(t('permission_denied'), 'error')
return redirect(get_referrer())
