Python _check_body_perm Examples

Example #1

File: users.py Project: fluxspir/odontux

def update_user_password(body_id, form_to_display):
    user = forms._get_body(body_id, "user")
    if not forms._check_body_perm(user, "user"):
        return redirect(url_for('list_users'))
    password_form = OdontuxUserPasswordForm(request.form)
    if request.method == 'POST' and password_form.validate():
        for f in get_password_field_list():
            setattr(user, f, b64encode(scrypt.encrypt(os.urandom(64),
                            getattr(password_form, f).data.encode("utf_8"), 
                            maxtime=0.5)))
        meta.session.commit()
        return redirect(url_for('update_user', 
                                 body_id=body_id,
                                 form_to_display="gen_info"))

Example #2

File: users.py Project: fluxspir/odontux

def update_user(body_id, form_to_display):

    user = forms._get_body(body_id, "user")
    if not forms._check_body_perm(user, "user"):
        return redirect(url_for('list_users'))

    # For updating info of user, we're dealing with the form 
    gen_info_form = OdontuxUserGeneralInfoForm(request.form)
    gen_info_form.title.choices = forms.get_title_choice_list()
    hours_a_week = 0
    if session['role'] == constants.ROLE_ADMIN:
        gen_info_admin_form = OdontuxUserGeneralInfoAdminForm(request.form)
        gen_info_admin_form.role.choices = constants.ROLES.items()
        hours_a_week = ( 
            cost.get_dental_unit_week_hours().total_seconds() / 3600
        )
    else:
        gen_info_admin_form = ""
        # hours por semana

    if user.role == constants.ROLE_DENTIST: 
        dentist_specific_form = DentistSpecificForm(request.form)
    else:
        dentist_specific_form = ""

    if (session['role'] == constants.ROLE_ADMIN 
            and user.role == constants.ROLE_DENTIST):
        dentist_specific_admin_form = DentistSpecificAdminForm(request.form)
    else:
        dentist_specific_admin_form = ""

    if request.method == 'POST' and gen_info_form.validate():
        for f in get_gen_info_field_list():
            setattr(user, f, getattr(gen_info_form, f).data)
        if user.role == constants.ROLE_DENTIST:
            for f in get_dentist_specific_field_list():
                setattr(user, f, getattr(dentist_specific_form, f).data)
        if (session['role'] == constants.ROLE_ADMIN
            and gen_info_admin_form.validate() ):
            for f in get_gen_info_admin_field_list():
                setattr(user, f, getattr(gen_info_admin_form, f).data)
            if user.role == constants.ROLE_DENTIST:
                for f in get_dentist_specific_admin_field_list():
                    setattr(user, f, 
                            getattr(dentist_specific_admin_form, f).data)
        meta.session.commit()
        return redirect(url_for('update_user', 
                                 body_id=body_id,
                                 form_to_display="gen_info"))

    # When loading the whole update page, we use the form containing all fields
    # after prepopulating it
    for f in get_gen_info_field_list():
        getattr(gen_info_form, f).data = getattr(user, f)
    if user.role == constants.ROLE_DENTIST:
        for f in get_dentist_specific_field_list():
            getattr(dentist_specific_form, f).data = getattr(user, f)
    if session['role'] == constants.ROLE_ADMIN:
        for f in get_gen_info_admin_field_list():
            getattr(gen_info_admin_form, f).data = getattr(user, f)
        if user.role == constants.ROLE_DENTIST:
            for f in get_dentist_specific_admin_field_list():
                try:
                    getattr(dentist_specific_admin_form, f).data =\
                    getattr(user, f)
                except:
                    pass

    timesheet_form = generate_timesheet_form(user.role)
    # populate timesheet_form
    for weekday in range(7):
        for period in constants.PERIODS.keys():
            TS = (
                meta.session.query(users.TimeSheet)
                    .filter(
                        users.TimeSheet.user_id == user.id,
                        users.TimeSheet.weekday == weekday,
                        users.TimeSheet.period == period
                    )
                .one_or_none()
            )
            if TS:
                timesheet_form[weekday][period].begin.data = TS.begin
                timesheet_form[weekday][period].end.data = TS.end
                timesheet_form[weekday][period].dental_unit_id.data =\
                                                            TS.dental_unit_id

    address_form = forms.AddressForm(request.form)
    phone_form = forms.PhoneForm(request.form)
    mail_form = forms.MailForm(request.form)
    password_form = OdontuxUserPasswordForm(request.form)
    return render_template('/update_user.html', 
                            user=user,
                            form_to_display=form_to_display,
                            gen_info_form=gen_info_form,
                            gen_info_admin_form=gen_info_admin_form,
                            address_form=address_form,
                            phone_form=phone_form,
                            mail_form=mail_form,
                            password_form=password_form,
                            dentist_specific_form=dentist_specific_form,
                            timesheet_form=timesheet_form,
                            calendar=calendar,
                            constants=constants,
                            hours_a_week=hours_a_week,
                       dentist_specific_admin_form=dentist_specific_admin_form)

Example #3

File: administration.py Project: fluxspir/odontux

def update_patient(body_id, form_to_display):
    """ """
    patient = forms._get_body(body_id, "patient")
    if not forms._check_body_perm(patient, "patient"):
        return redirect(url_for('list_patients', body_id=body_id))

    # only need form for *patient_gen_info* update here.
    # Others are only needed for the 'GET', see below.
    gen_info_form = PatientGeneralInfoForm(request.form)
    gen_info_form.title.choices = forms.get_title_choice_list()
    gen_info_form.office_id.choices = [ (office.id, office.office_name) 
                for office in meta.session.query(users.DentalOffice).all() ]
    gen_info_form.dentist_id.choices = [ (dentist.id, dentist.firstname + " " 
                                                            + dentist.lastname)
                for dentist in meta.session.query(users.OdontuxUser).filter(
                users.OdontuxUser.role == constants.ROLE_DENTIST).order_by(
                users.OdontuxUser.lastname).all() 
                                        ]
    if request.method == 'POST' and gen_info_form.validate():
        for f in get_gen_info_field_list():
            setattr(patient, f, getattr(gen_info_form, f).data)

#        if not gen_info_form.family_id.data or not gen_info_form.family_member.data:
#            new_family = administration.Family()
#            meta.session.add(new_family)
#            meta.session.commit()
#            patient.family_id = new_family.id
#        else:
#            patient.family_id = gen_info_form.family_id.data
        meta.session.commit()

        # We should update in gnucash too the patient
        comptability = gnucash_handler.GnuCashCustomer(patient.id,  
                                                       patient.dentist_id) 
        customer = comptability.update_customer()
        return redirect(url_for('update_patient', body_id=body_id,
                                form_to_display="gen_info"))


    # When we 'GET' the page, we need all form, and fill in
    # the gen_info and SSN_form from here
    for f in get_gen_info_field_list():
        getattr(gen_info_form, f).data = getattr(patient, f)

#    # payer
#    for payer in patient.family.payers:
#        if patient.id == payer.id:
#            gen_info_form.payer.data = True
#    gen_info_form.family_id.data = patient.family_id
#    
    address_form = forms.AddressForm(request.form)
    phone_form = forms.PhoneForm(request.form)
    mail_form = forms.MailForm(request.form)
    # need to return patient both as "patient" AND "body" :
    # as "patient" for the header pagetitle,
    # as "body" for the updating form.
    other_healthcare_plans = (
        meta.session.query(act.HealthCarePlan)
            .filter(
                act.HealthCarePlan.active.is_(True),
                ~act.HealthCarePlan.patients.any(
                    administration.Patient.id == patient.id)
            )
            .all()
        )
    return render_template('/update_patient.html', body=patient,
                            patient=patient,
                            gen_info_form=gen_info_form,
                            address_form=address_form,
                            phone_form=phone_form,
                            mail_form=mail_form,
                            other_healthcare_plans=other_healthcare_plans)