def file_create(self):
""" New file view. Method for both post and get requests. """
form = FileCreateForm(self.request.POST,
csrf_context=self.request.session)
if self.request.method == 'POST' and form.validate():
f = File()
form.populate_obj(f)
""" If file. Yes this method works without a file. """
upload = self.request.POST.get('file')
try:
f.filename = f.make_filename(upload.filename)
f.filemime = f.guess_mime(upload.filename)
f.write_file(upload.file)
except Exception:
self.request\
.session.flash('File %s created but no file added' %
(f.title), 'status')
f.user_id = authenticated_userid(self.request)
DBSession.add(f)
self.request.session.flash('File %s created' %
(f.title), 'success')
return HTTPFound(location=self.request.route_url('files'))
return {'title': 'New file',
'form': form,
'action': 'file_new'}
def all_queryed(cls,
ucid,
qry=False,
cats=False,
creds=False,
total_only=False,
fromdate=False,
todate=False,):
base = DBSession.query(Invoice)
if total_only:
base = DBSession.query(func.sum(Invoice.amount).label('a_sum'))\
base = base.join(Invoice.category)\
.join(Invoice.creditor)\
.filter(not_(and_(Category.private == True,
Category.user_id != ucid)))
""" if argument add filter(s)."""
if qry:
qry = "%"+qry+"%"
base = base.filter(Invoice.title.like(qry))
if cats:
for c in cats:
base = base.filter(Category.id == c.id)
if creds:
for c in creds:
base = base.filter(Creditor.id == c.id)
if fromdate:
base = base.filter(Invoice.due >= fromdate)
if todate:
base = base.filter(Invoice.due <= todate)
return base
def with_category(cls, id, total_only=False):
if total_only:
return DBSession.query(func.sum(Expenditure.amount)
.label('a_sum'))\
.filter(and_(Expenditure.archived == False,
Expenditure.category_id == id))\
.first()
return DBSession.query(Expenditure)\
.filter(and_(Expenditure.category_id == id,
Expenditure.archived == False)).all()
def with_category_all_unpaid(cls, cid, total_only=False):
base = DBSession.query(Invoice)
if total_only:
base = DBSession.query(func.sum(Invoice.amount).label('a_sum'))\
base = base.filter(and_(Invoice.category_id == cid,
Invoice.archived == False,
Invoice.paid == None))\
.all()
return base
def creditor_create(self):
""" New creditors. Method for both post and get request."""
form = CreditorCreateForm(self.request.POST, csrf_context=self.request.session)
if self.request.method == "POST" and form.validate():
c = Creditor()
form.populate_obj(c)
c.user_id = authenticated_userid(self.request)
DBSession.add(c)
self.request.session.flash("Creditor %s created" % (c.title), "success")
return HTTPFound(location=self.request.route_url("creditors"))
return {"title": "New creditor", "form": form, "action": "creditor_new"}
def with_category_paid(cls, cid, year, month, total_only=False):
base = DBSession.query(Invoice)
if total_only:
base = DBSession.query(func.sum(Invoice.amount).label('a_sum'))\
base = base.filter(and_(Invoice.category_id == cid,
Invoice.archived == False,
Invoice.paid != None))\
.filter(extract('year', Invoice.due) == year)\
.filter(extract('month', Invoice.due) == month)\
.all()
return base
def user_restore(self):
""" Restore user, returns redirect. """
id = int(self.request.matchdict.get('id'))
u = User.by_id(id)
if not u:
return HTTPNotFound()
u.archived = False
DBSession.add(u)
self.request.session.flash('User %s restored' %
(u.email), 'status')
return HTTPFound(location=self.request.route_url('users_archived'))
def _initTestingDB(makeuser=False):
engine = create_engine('sqlite://')
Base.metadata.create_all(engine)
DBSession.configure(bind=engine)
if makeuser:
m = BPM()
hashed = m.encode(u'1234567')
with transaction.manager:
user = User(email=u'*****@*****.**',
password=hashed,
group='admin',
)
DBSession.add(user)
return DBSession
def creditor_restore(self):
""" Restore creditor, returns redirect. """
id = int(self.request.matchdict.get("id"))
c = Creditor.by_id(id)
if not c:
return HTTPNotFound()
""" Authorization check. """
if c.private and c.user_id is not authenticated_userid(self.request):
return HTTPForbidden()
c.archived = False
DBSession.add(c)
self.request.session.flash("Creditor %s restored" % (c.title), "status")
return HTTPFound(location=self.request.route_url("creditors_archived"))
def all_active(cls, request, id=False):
if not id:
id = authenticated_userid(request)
return DBSession.query(Creditor)\
.filter(Creditor.archived == False)\
.filter(not_(and_(Creditor.private == True,
Creditor.user_id != id)))
def all_private(cls, request, id=False):
if not id:
id = authenticated_userid(request)
return DBSession.query(Category)\
.filter(and_(Category.user_id == id,
Category.private == True,
Category.archived == False))
def category_create(self):
""" New category view. """
form = CategoryCreateForm(self.request.POST,
csrf_context=self.request.session)
if self.request.method == 'POST' and form.validate():
c = Category()
form.populate_obj(c)
c.user_id = authenticated_userid(self.request)
DBSession.add(c)
self.request.session.flash('Category %s created' %
(c.title), 'success')
return HTTPFound(location=self.request.route_url('categories'))
return {'title': 'New category',
'form': form,
'action': 'category_new'}
def category_archive(self):
""" Archive category, returns redirect. """
id = int(self.request.matchdict.get('id'))
c = Category.by_id(id)
if not c:
return HTTPNotFound()
""" Authorization check. """
if c.private and c.user_id is not authenticated_userid(self.request):
return HTTPForbidden()
c.archived = True
DBSession.add(c)
self.request.session.flash('Category %s archived' %
(c.title), 'status')
return HTTPFound(location=self.request.route_url('categories'))
def user_archive(self):
""" Archive user, returns redirect. """
a = authenticated_userid(self.request)
id = int(self.request.matchdict.get('id'))
""" User one (1) is a bit special..."""
if id is 1:
return HTTPNotFound()
u = User.by_id(id)
if not u:
return HTTPNotFound()
u.archived = True
DBSession.add(u)
self.request.session.flash('User %s archived' %
(u.email), 'status')
return HTTPFound(location=self.request.route_url('users'))
def user_create(self):
""" New user view. Method handles both post and get
requests.
"""
form = UserCreateForm(self.request.POST,
csrf_context=self.request.session)
if self.request.method == 'POST' and form.validate():
u = User()
form.populate_obj(u)
u.password = u.pm.encode(form.password.data)
DBSession.add(u)
self.request.session.flash('User %s created' %
(u.email), 'success')
return HTTPFound(location=self.request.route_url('users'))
return {'title': 'New user',
'form': form,
'action': 'user_new'}
def expenditure_archive(self):
""" Archive expenditure, returns redirect. """
id = int(self.request.matchdict.get('id'))
e = Expenditure.by_id(id)
if not e:
return HTTPNotFound()
""" Authorization check. """
if (e.category.private
and e.category.user_id is not authenticated_userid(self.request)):
return HTTPForbidden()
e.archived = True
DBSession.add(e)
self.request.session.flash('Expenditure %s archived' %
(e.title), 'status')
return HTTPFound(location=self.request.route_url('expenditures'))
def expenditure_create(self):
""" New expenditure. Method for both post and get request. """
form = ExpenditureCreateForm(self.request.POST,
csrf_context=self.request.session)
private = self.request.params.get('private')
if private:
""" Check if there exists any private categories. """
if not Category.first_private(self.request):
self.request.session.flash(self.missing_priv_cat, 'error')
return HTTPFound(location=self.request
.route_url('expenditures'))
form.category_id.query = Category.all_private(self.request)
else:
""" Check if there exists any categories. """
if not Category.first_active():
self.request.session.flash(self.missing_shared_cat, 'error')
return HTTPFound(location=self.request
.route_url('expenditures'))
form.category_id.query = Category.all_active(self.request)
if self.request.method == 'POST' and form.validate():
e = Expenditure()
form.populate_obj(e)
e.user_id = authenticated_userid(self.request)
e.category_id = form.category_id.data.id
DBSession.add(e)
self.request.session.flash('Expenditure %s created' %
(e.title), 'success')
""" A bit ugly, but redirect the user based on private or not. """
if private:
return HTTPFound(location=
self.request
.route_url('expenditures',
_query={'private': 1}))
return HTTPFound(location=self.request.route_url('expenditures'))
return {'title': 'New private expenditure' if private
else 'New expenditure',
'form': form,
'action': 'expenditure_new',
'private': private}
def invoice_restore(self):
""" Restore invoice, returns redirect. """
id = int(self.request.matchdict.get('id'))
i = Invoice.by_id(id)
if not i:
return HTTPNotFound()
""" Authorization check. """
if (i.category.private
and i.category.user_id is not authenticated_userid(self.request)):
return HTTPForbidden()
""" Authorization check. """
if (i.creditor.private
and i.creditor.user_id is not authenticated_userid(self.request)):
return HTTPForbidden()
i.archived = False
DBSession.add(i)
self.request.session.flash('Invoice %s restored' % (i.title), 'status')
return HTTPFound(location=self.request.route_url('invoices_archived'))
def main(argv=sys.argv):
if len(argv) != 2:
usage(argv)
config_uri = argv[1]
setup_logging(config_uri)
settings = get_appsettings(config_uri)
engine = engine_from_config(settings, 'sqlalchemy.')
DBSession.configure(bind=engine)
Base.metadata.create_all(engine)
m = BPM()
a_email = raw_input('Enter email for admin account: ')
a_pw = getpass('Enter password for admin account: ')
a_hashed = m.encode(a_pw)
with transaction.manager:
admin = User(
email=a_email,
password=a_hashed,
group='admin',
)
DBSession.add(admin)
def main(global_config, **settings):
"""
Pyrtos base script. This is where everything is called.
Below are some basic configuration settings.
"""
engine = engine_from_config(settings, 'sqlalchemy.')
DBSession.configure(bind=engine)
Base.metadata.bind = engine
authenPol = AuthTktAuthenticationPolicy('somesecret',
callback=groupfinder,
hashalg='sha512')
authorPol = ACLAuthorizationPolicy()
sess_factory = UnencryptedCookieSessionFactoryConfig('someothersecret')
config = Configurator(settings=settings,
authentication_policy=authenPol,
authorization_policy=authorPol,
root_factory='pyrtos.security.EntryFactory',
session_factory=sess_factory,)
config.add_static_view('static', 'static', cache_max_age=3600)
config.add_request_method(can_i, 'can_i')
""" Index route """
config.add_route('index', '/')
""" Auth routes """
config.add_route('login', '/login')
config.add_route('logout', '/logout')
""" Category routes """
config.add_route('categories', '/categories')
config.add_route('categories_archived', '/categories/archived')
config.add_route('category_new', '/category/new')
config.add_route('category_edit', '/category/edit/{id}')
config.add_route('category_archive', '/category/archive/{id}')
config.add_route('category_restore', '/category/restore/{id}')
""" Tag routes """
config.add_route('tags', '/tags')
""" User routes """
config.add_route('users', '/users')
config.add_route('users_archived', '/users/archived')
config.add_route('user_new', '/user/new')
config.add_route('user_edit', '/user/edit/{id}')
config.add_route('user_archive', '/user/archive/{id}')
config.add_route('user_restore', '/user/restore/{id}')
""" Creditor routes """
config.add_route('creditors', '/creditors')
config.add_route('creditors_archived', '/creditors/archived')
config.add_route('creditor_new', '/creditor/new')
config.add_route('creditor_edit', '/creditor/edit/{id}')
config.add_route('creditor_archive', '/creditor/archive/{id}')
config.add_route('creditor_restore', '/creditor/restore/{id}')
""" Income routes """
config.add_route('incomes', '/incomes')
config.add_route('incomes_archived', '/incomes/archived')
config.add_route('income_new', '/income/new')
config.add_route('income_edit', '/income/edit/{id}')
config.add_route('income_archive', '/income/archive/{id}')
config.add_route('income_restore', '/income/restore/{id}')
""" Expenditure routes """
config.add_route('expenditures', '/expenditures')
config.add_route('expenditures_private', '/expenditures/private')
config.add_route('expenditures_archived', '/expenditures/archived')
config.add_route('expenditure_new', '/expenditure/new')
config.add_route('expenditure_edit', '/expenditure/edit/{id}')
config.add_route('expenditure_archive', '/expenditure/archive/{id}')
config.add_route('expenditure_restore', '/expenditure/restore/{id}')
""" Invoice routes """
config.add_route('invoices', '/invoices')
config.add_route('invoices_archived', '/invoices/archived')
config.add_route('invoices_search', '/invoices/search')
config.add_route('invoice_new', '/invoice/new')
config.add_route('invoice_edit', '/invoice/edit/{id}')
config.add_route('invoice_quickpay', '/invoice/quickpay/{id}')
config.add_route('invoice_archive', '/invoice/archive/{id}')
config.add_route('invoice_restore', '/invoice/restore/{id}')
""" File routes """
config.add_route('files', '/files')
config.add_route('files_archived', '/files/archived')
config.add_route('file_new', '/file/new')
config.add_route('file_download', '/file/download/{id}')
config.scan()
return config.make_wsgi_app()
def all_archived(cls, request):
id = authenticated_userid(request)
return DBSession.query(File)\
.filter(File.archived == True)\
.filter(not_(and_(File.private == True,
File.user_id != id)))
def by_id(cls, id):
return DBSession.query(User).filter(User.id == id).first()
def amount_sum(cls):
return DBSession.query(func.sum(Income.amount).label('a_sum'))\
.filter(Income.archived == False).first()
def by_id(cls, id):
return DBSession.query(Income).filter(Income.id == id).first()
def all_archived(cls):
return DBSession.query(Income).filter(Income.archived == True)
def all_active(cls):
return DBSession.query(Income).filter(Income.archived == False)
def by_email(cls, email):
return DBSession.query(User).filter(User.email == email).first()
def all_users(cls):
return DBSession.query(User).all()
def all_active(cls):
return DBSession.query(User).filter(User.archived == False)
def all_archived(cls):
return DBSession.query(User).filter(User.archived == True)
