def get(self, payroll_user=None, week=None):
# check logged in
if not self.user or not self.user.username or not self.user.is_authenticated:
return redirect('/logout?byebye=yes')
# if a payroll user is specified, the logged in user must be an approver (or it must be thier own account)
if payroll_user:
payroll_user = crypto.encrypt(payroll_user)
if not self.user.is_approver:
if not payroll_user == self.user.username:
return redirect('/logout?byebye=yes')
# sanitize input for week parameter
if week:
if not utils.sanitize_number_input(week):
return redirect('/logout?byebye=yes')
start_date = utils.get_last_monday(datetime.date.today())
end_date = start_date + datetime.timedelta(days=6)
if week:
start_date = utils.get_last_monday(datetime.date.fromtimestamp(float(week)))
end_date = start_date + datetime.timedelta(days=6)
records = TimeRecord.get_current_week(payroll_user or self.user.username, start_date)
else:
records = TimeRecord.get_current_week(payroll_user or self.user.username)
if not records:
return abort(404)
next_date = start_date + datetime.timedelta(days=7)
prev_date = start_date - datetime.timedelta(days=7)
context = {
'user': self.user,
'table_rows': records,
'payroll_username' : payroll_user or self.user.username,
'start_date': start_date,
'end_date': end_date,
'prev_timestamp': time.mktime(prev_date.timetuple()),
'next_timestamp': time.mktime(next_date.timetuple()),
}
return render_template('payroll.html', **context)
def post(self):
# check logged in
if not self.user or not self.user.username or not self.user.is_authenticated:
return "error: permission denied"
# check user is an admin
if not self.user.is_admin:
return "error: permission denied"
form = forms.ModifyUser(request.form)
if form.validate():
user = User.get_user_by_username(crypto.encrypt(form.username.data))
if user:
if not utils.sanitize_number_input(str(form.wage.data)):
return "error: invalid wage"
user.wage = crypto.encrypt(str(form.wage.data))
if not user.ssn:
if not utils.validate_ssn(form.ssn.data):
return "error: invalid SSN"
user.ssn = crypto.encrypt(form.ssn.data)
user.save()
return "success"
return "error: user does not exist"
return "error: invalid input"
def post(self, payroll_user=None, week=None):
# check logged in
if not self.user or not self.user.username or not self.user.is_authenticated:
return redirect('/logout?byebye=yes')
# make sure someone isn't trying to set someone else's payroll info...
if payroll_user:
if not payroll_user == crypto.decrypt(self.user.username):
print "INVALID USER REQUEST: ", payroll_user
return redirect('/logout?byebye=yes')
# sanitize input for week parameter
if week:
if not utils.sanitize_number_input(week):
print "INVALID WEEK PARAMETER: ", week
return redirect('/logout?byebye=yes')
for input, value in request.form.iteritems():
if value:
punch_type, input_id = input.split('-')
# check punch type
if not punch_type == 'clockin':
if not punch_type == 'clockout':
print "INVALID PUNCH TYPE: ", punch_type
return redirect('/logout?byebye=yes')
# check record id input
if not utils.sanitize_mongo_hash(input_id):
print "INVALID RECORD ID: ", input_id
return redirect('/logout?byebye=yes')
current_record = TimeRecord.objects(id=input_id).get()
# only update the record if the current user actually owns it
# users can only update their own records...
if current_record.username == self.user.username:
# only let the user update the record if it hasn't been approved (no after the fact modifications)
if not current_record.approved:
# check time value
if not utils.sanitize_time_input(value):
print "INVALID TIME ENTRY: ", value
return redirect('/logout?byebye=yes')
try:
time = datetime.datetime.strptime(value, '%I:%M %p')
day = current_record.date
timestamp = datetime.datetime.combine(day, time.time())
except ValueError, e:
pass
if punch_type == 'clockin':
current_record.clock_in = timestamp
else:
current_record.clock_out = timestamp
if current_record.clock_in and current_record.clock_out:
current_record.set_hours()
current_record.save()
