def login(self): """ Login view, used for both get and post method. This view also checks and authenicated the user by request. """ form = LoginForm(self.request.POST, csrf_context=self.request.session) if self.request.method == 'POST' and form.validate(): user = User.by_email(self.request.POST.get('email')) if (user and user.verify_password(self.request.POST.get('password')) and user.blocked is not True and user.archived is not True): headers = remember(self.request, user.id) shared_unpaid_invoices = 0 shared_categories = Category.all_shared() for c in shared_categories: unpaid_invoices = Invoice.with_category_all_unpaid(c.id) if unpaid_invoices: shared_unpaid_invoices += len(unpaid_invoices) self.request.session.pop_flash('shared_unpaid_invoices') self.request.session.flash(shared_unpaid_invoices, 'shared_unpaid_invoices') private_unpaid_invoices = 0 private_categories = Category.all_private(self.request, id=user.id)\ .all() for c in private_categories: unpaid_invoices = Invoice.with_category_all_unpaid(c.id) if unpaid_invoices: private_unpaid_invoices += len(unpaid_invoices) self.request.session.pop_flash('private_unpaid_invoices') self.request.session.flash(private_unpaid_invoices, 'private_unpaid_invoices') self.request.session.flash('Welcome back %s' % (user.email), 'success') return HTTPFound(location=self.request.route_url('index'), headers=headers) headers = forget(self.request) self.request.session.flash('Login failed', 'error') return {'title': 'Login', 'form': form} if authenticated_userid(self.request): self.request.session.flash('You are already logged in', 'status') return HTTPFound(location=self.request.route_url('index')) return {'title': 'Login', 'form': form}
def invoice_edit(self): """ Edit invoice view. This method handles both post, and get requests. """ id = int(self.request.matchdict.get('id')) i = Invoice.by_id(id) if not i: return HTTPNotFound() """ Authorization check. """ if (i.category.private and i.category.user_id is not authenticated_userid(self.request)): return HTTPForbidden() """ Authorization check. """ if (i.creditor.private and i.creditor.user_id is not authenticated_userid(self.request)): return HTTPForbidden() form = InvoiceEditForm(self.request.POST, i, csrf_context=self.request.session) if not i.files: del form.files else: form.files.query = i.files private = self.request.params.get('private') if private: """ Check if the necessary object exists. """ if not Category.first_private(self.request): self.request.session.flash(self.missing_priv_cat, 'error') return HTTPFound(location=self.request.route_url('invoices')) if not Creditor.first_private(self.request): self.request.session.flash(self.missing_priv_cred, 'error') return HTTPFound(location=self.request.route_url('invoices')) form.category_id.query = Category.all_private(self.request) form.creditor_id.query = Creditor.all_private(self.request) else: """ Check if the necessary object exists. """ if not Category.first_active(): self.request.session.flash(self.missing_shared_cat, 'error') return HTTPFound(location=self.request.route_url('invoices')) if not Creditor.first_active(): self.request.session.flash(self.missing_shared_cred, 'error') return HTTPFound(location=self.request.route_url('invoices')) form.category_id.query = Category.all_shared() form.creditor_id.query = Creditor.all_shared() if self.request.method == 'POST' and form.validate(): form.populate_obj(i) i.category_id = form.category_id.data.id i.creditor_id = form.creditor_id.data.id if form.files: i.files = form.files.data """ If file, make file object and save/create file. """ upload = self.request.POST.get('attachment') try: f = File() f.filename = f.make_filename(upload.filename) f.filemime = f.guess_mime(upload.filename) f.write_file(upload.file) f.title = 'Invoice.' +\ form.title.data + '.' +\ self.randomstr(6) + '.' +\ form.category_id.data.title + '.' +\ form.creditor_id.data.title + '.' +\ str(i.due) if private: f.private = True f.user_id = authenticated_userid(self.request) DBSession.add(f) i.files.append(f) except Exception: self.request.session.flash('No file added.', 'status') self.request.session.flash('Invoice %s updated' % (i.title), 'status') self.update_flash() if private: return HTTPFound(location= self.request .route_url('invoices', _query={'private': 1})) return HTTPFound(location=self.request.route_url('invoices')) form.category_id.data = i.category form.creditor_id.data = i.creditor return {'title': 'Edit private invoice' if private else 'Edit invoice', 'form': form, 'id': id, 'action': 'invoice_edit', 'private': private, 'invoice': i}
def invoice_create(self): """ New invoice view. This method handles both post, and get requests. """ form = InvoiceCreateForm(self.request.POST, csrf_context=self.request.session) private = self.request.params.get('private') if private: """ Check if the necessary object exists. """ if not Category.first_private(self.request): self.request.session.flash(self.missing_priv_cat) return HTTPFound(location=self.request.route_url('invoices')) if not Creditor.first_private(self.request): self.request.session.flash(self.missing_priv_cred) return HTTPFound(location=self.request.route_url('invoices')) form.category_id.query = Category.all_private(self.request) form.creditor_id.query = Creditor.all_private(self.request) else: """ Check if the necessary object exists. """ if not Category.first_active(): self.request.session.flash(self.missing_shared_cat, 'error') return HTTPFound(location=self.request.route_url('invoices')) if not Creditor.first_active(): self.request.session.flash(self.missing_shared_cred, 'error') return HTTPFound(location=self.request.route_url('invoices')) form.category_id.query = Category.all_shared() form.creditor_id.query = Creditor.all_shared() if self.request.method == 'POST' and form.validate(): i = Invoice() form.populate_obj(i) i.user_id = authenticated_userid(self.request) i.category_id = form.category_id.data.id i.creditor_id = form.creditor_id.data.id """ If file, make file object and save/create file. """ upload = self.request.POST.get('attachment') try: f = File() f.filename = f.make_filename(upload.filename) f.filemime = f.guess_mime(upload.filename) f.write_file(upload.file) f.title = 'Invoice.' +\ form.title.data + '.' +\ self.randomstr(6) + '.' +\ form.category_id.data.title + '.' +\ form.creditor_id.data.title + '.' +\ str(i.due) if private: f.private = True f.user_id = authenticated_userid(self.request) DBSession.add(f) i.files = [f] except Exception: self.request.session.flash('No file added.', 'status') DBSession.add(i) self.request.session.flash('Invoice %s created' % (i.title), 'success') self.update_flash() if private: return HTTPFound(location= self.request .route_url('invoices', _query={'private': 1})) return HTTPFound(location=self.request.route_url('invoices')) return {'title': 'New private invoice' if private else 'New invoice', 'form': form, 'action': 'invoice_new', 'private': private, 'invoice': False}