def expense_payment_detail(request, expense_payment_id): """Display detail of this expense payment""" expense_administrator, expense_manager, expense_paymaster, expense_requester = user_expense_perm( request.user) if not expense_requester: return HttpResponseRedirect(reverse("core:forbiden")) try: if expense_payment_id: expensePayment = ExpensePayment.objects.get(id=expense_payment_id) if not (expensePayment.user() == request.user or expense_paymaster or expense_administrator): return HttpResponseRedirect(reverse("core:forbiden")) except ExpensePayment.DoesNotExist: messages.add_message( request, messages.ERROR, _("Expense payment %s does not exist" % expense_payment_id)) return redirect("expense:expense_payments") return render( request, "expense/expense_payment_detail.html", { "expense_payment": expensePayment, "expense_table": ExpenseTable(expensePayment.expense_set.all()), "can_edit_vat": expense_administrator or expense_paymaster, "user": request.user })
def expense(request, expense_id): """Display one expense""" expense_administrator, expense_manager, expense_paymaster, expense_requester = user_expense_perm( request.user) if not expense_requester: return HttpResponseRedirect(reverse("core:forbiden")) user_team = user_expense_team(request.user) try: expense = Expense.objects.get(id=expense_id) except Expense.DoesNotExist: raise Http404 if not (expense_administrator or expense_paymaster): if not (expense.user == request.user or expense.user in user_team): return HttpResponseRedirect(reverse("core:forbiden")) return render( request, "expense/expense.html", { "expense": expense, "can_edit": can_edit_expense(expense, request.user), "can_edit_vat": expense_administrator or expense_paymaster, "user": request.user })
def expense_delete(request, expense_id): """Delete given expense if authorized to""" expense = None expense_administrator, expense_manager, expense_paymaster, expense_requester = user_expense_perm( request.user) if not expense_requester: return HttpResponseRedirect(reverse("core:forbiden")) try: if expense_id: expense = Expense.objects.get(id=expense_id) if not can_edit_expense(expense, request.user): messages.add_message( request, messages.WARNING, _("You are not allowed to edit that expense")) expense_id = None expense = None except Expense.DoesNotExist: messages.add_message(request, messages.ERROR, _("Expense %s does not exist" % expense_id)) expense_id = None if expense: expense.delete() messages.add_message(request, messages.INFO, _("Expense %s has been deleted" % expense_id)) # Redirect user to expense main page return redirect("expense:expenses")
def expense_receipt(request, expense_id): """Returns expense receipt if authorize to""" data = BytesIO() expense_administrator, expense_manager, expense_paymaster, expense_requester = user_expense_perm(request.user) try: expense = Expense.objects.get(id=expense_id) content_type = expense.receipt_content_type() if expense.user == request.user or\ expense_manager or expense_paymaster or expense_administrator: data = expense.receipt_data() except (Expense.DoesNotExist, OSError): pass return HttpResponse(data)
def expense_receipt(request, expense_id): """Returns expense receipt if authorize to""" data = BytesIO() expense_administrator, expense_manager, expense_paymaster, expense_requester = user_expense_perm( request.user) try: expense = Expense.objects.get(id=expense_id) content_type = expense.receipt_content_type() if expense.user == request.user or\ expense_manager or expense_paymaster or expense_administrator: data = expense.receipt_data() except (Expense.DoesNotExist, OSError): pass return HttpResponse(data)
def expenses_history(request): """Display expense history""" expense_administrator, expense_manager, expense_paymaster, expense_requester = user_expense_perm( request.user) return render( request, "expense/expense_archive.html", { "data_url": reverse('expense:expense_table_DT'), "data_options": ''' "pageLength": 25, "order": [[0, "desc"]], "columnDefs": [{ "orderable": false, "targets": [6,] }, { className: "hidden-xs hidden-sm hidden-md", "targets": [2, 10, 12, 13]}, { className: "description", "targets": [3]}, { className: "amount", "targets": [5]}], "fnDrawCallback": function( oSettings ) {make_vat_editable(); }''', "can_edit_vat": expense_administrator or expense_paymaster, "user": request.user })
def expense_payment_detail(request, expense_payment_id): """Display detail of this expense payment""" expense_administrator, expense_manager, expense_paymaster, expense_requester = user_expense_perm(request.user) if not expense_requester: return HttpResponseRedirect(reverse("core:forbiden")) try: if expense_payment_id: expensePayment = ExpensePayment.objects.get(id=expense_payment_id) if not (expensePayment.user() == request.user or expense_paymaster or expense_administrator): return HttpResponseRedirect(reverse("core:forbiden")) except ExpensePayment.DoesNotExist: messages.add_message(request, messages.ERROR, _("Expense payment %s does not exist" % expense_payment_id)) return redirect("expense:expense_payments") return render(request, "expense/expense_payment_detail.html", {"expense_payment": expensePayment, "expense_table": ExpenseTable(expensePayment.expense_set.all()), "user": request.user})
def update_expense_vat(request): """Update expense VAT.""" expense_administrator, expense_manager, expense_paymaster, expense_requester = user_expense_perm( request.user) if not (expense_administrator or expense_paymaster): return HttpResponseForbidden() try: expense_id = request.POST["id"] value = request.POST["value"].replace(",", ".") expense = Expense.objects.get(id=expense_id) expense.vat = decimal.Decimal(value) expense.save() message = value except Expense.DoesNotExist: message = _("Expense %s does not exist" % expense_id) except (ValueError, decimal.InvalidOperation): message = _("Incorrect value") return HttpResponse(message)
def expense_delete(request, expense_id): """Delete given expense if authorized to""" expense = None expense_administrator, expense_manager, expense_paymaster, expense_requester = user_expense_perm(request.user) if not expense_requester: return HttpResponseRedirect(reverse("core:forbiden")) try: if expense_id: expense = Expense.objects.get(id=expense_id) if not can_edit_expense(expense, request.user): messages.add_message(request, messages.WARNING, _("You are not allowed to edit that expense")) expense_id = None expense = None except Expense.DoesNotExist: messages.add_message(request, messages.ERROR, _("Expense %s does not exist" % expense_id)) expense_id = None if expense: expense.delete() messages.add_message(request, messages.INFO, _("Expense %s has been deleted" % expense_id)) # Redirect user to expense main page return redirect("expense:expenses")
def get_initial_queryset(self): expense_administrator, expense_subsidiary_manager, expense_manager, expense_paymaster, expense_requester = user_expense_perm( self.request.user) consultant = Consultant.objects.get( trigramme__iexact=self.request.user.username) if expense_subsidiary_manager: user_team = consultant.user_team(subsidiary=True) elif expense_manager: user_team = consultant.user_team() else: user_team = [] expenses = Expense.objects.all() if not expense_paymaster: expenses = expenses.filter( Q(user=self.request.user) | Q(user__in=user_team)) return expenses.select_related("lead__client__contact", "lead__client__organisation__company", "user")
def get_initial_queryset(self): try: consultant = Consultant.objects.get( trigramme__iexact=self.request.user.username) user_team = consultant.user_team() except Consultant.DoesNotExist: user_team = [] expensePayments = ExpensePayment.objects.all() expense_administrator, expense_subsidiary_manager, expense_manager, expense_paymaster, expense_requester = user_expense_perm( self.request.user) if not expense_paymaster: expensePayments = expensePayments.filter( Q(expense__user=self.request.user) | Q(expense__user__in=user_team)).distinct() return expensePayments
def expenses(request, expense_id=None, clone_from=None): """Display user expenses and expenses that he can validate""" expense_administrator, expense_manager, expense_paymaster, expense_requester = user_expense_perm( request.user) if not expense_requester: return HttpResponseRedirect(reverse("core:forbiden")) user_team = user_expense_team(request.user) consultant = Consultant.objects.get( trigramme__iexact=request.user.username) subcontractor = None if consultant.subcontractor: subcontractor = consultant try: if expense_id: expense = Expense.objects.get(id=expense_id) if not can_edit_expense(expense, request.user): messages.add_message( request, messages.WARNING, _("You are not allowed to edit that expense")) expense_id = None expense = None except Expense.DoesNotExist: messages.add_message(request, messages.ERROR, _("Expense %s does not exist" % expense_id)) expense_id = None if request.method == "POST": if expense_id: form = ExpenseForm(request.POST, request.FILES, instance=expense, subcontractor=subcontractor) else: form = ExpenseForm(request.POST, request.FILES, subcontractor=subcontractor) if form.is_valid(): expense = form.save(commit=False) if not hasattr(expense, "user"): # Don't update user if defined (case of expense updated by manager or administrator) expense.user = request.user expense.state = "REQUESTED" expense.workflow_in_progress = True expense.save() return HttpResponseRedirect(reverse("expense:expenses")) else: if expense_id: form = ExpenseForm(instance=expense, subcontractor=subcontractor ) # A form that edit current expense elif clone_from: try: expense = Expense.objects.get(id=clone_from) expense.pk = None # Null pk so it will generate a new fresh object during form submit expense.receipt = None # Never duplicate the receipt, a new one need to be provided form = ExpenseForm( instance=expense, subcontractor=subcontractor ) # A form with the new cloned expense (not saved) except Expense.DoesNotExist: form = ExpenseForm(initial={"expense_date": date.today()}) # An unbound form else: form = ExpenseForm(initial={"expense_date": date.today()}, subcontractor=subcontractor) # An unbound form # Get user expenses user_expenses = Expense.objects.filter( user=request.user, workflow_in_progress=True).select_related() if user_team: team_expenses = Expense.objects.filter( user__in=user_team, workflow_in_progress=True).select_related() else: team_expenses = [] if expense_administrator: # Admin manage all expenses managed_expenses = Expense.objects.filter( workflow_in_progress=True).select_related() elif expense_paymaster: # Paymaster manage all expenses except his own managed_expenses = Expense.objects.filter( workflow_in_progress=True).exclude( user=request.user).select_related() else: managed_expenses = team_expenses userExpenseTable = UserExpenseWorkflowTable(user_expenses) userExpenseTable.transitionsData = dict([ (e.id, []) for e in user_expenses ]) # Inject expense allowed transitions. Always empty for own expense userExpenseTable.expenseEditPerm = dict([ (e.id, can_edit_expense(e, request.user)) for e in user_expenses ]) # Inject expense edit permissions RequestConfig(request, paginate={ "per_page": 50 }).configure(userExpenseTable) managedExpenseTable = ManagedExpenseWorkflowTable(managed_expenses) managedExpenseTable.transitionsData = dict([ (e.id, expense_next_states(e, request.user)) for e in managed_expenses ]) # Inject expense allowed transitions managedExpenseTable.expenseEditPerm = dict([ (e.id, can_edit_expense(e, request.user)) for e in managed_expenses ]) # Inject expense edit permissions RequestConfig(request, paginate={ "per_page": 100 }).configure(managedExpenseTable) return render( request, "expense/expenses.html", { "user_expense_table": userExpenseTable, "managed_expense_table": managedExpenseTable, "modify_expense": bool(expense_id), "form": form, "user": request.user })
def expense_payments(request, expense_payment_id=None): readOnly = False expense_administrator, expense_manager, expense_paymaster, expense_requester = user_expense_perm( request.user) if not (expense_paymaster or expense_administrator): readOnly = True try: if expense_payment_id: expensePayment = ExpensePayment.objects.get(id=expense_payment_id) except ExpensePayment.DoesNotExist: messages.add_message( request, messages.ERROR, _("Expense payment %s does not exist" % expense_payment_id)) expense_payment_id = None expensePayment = None if readOnly: expensesToPay = [] else: expensesToPay = Expense.objects.filter(workflow_in_progress=True, corporate_card=False, expensePayment=None, state="CONTROLLED") if request.method == "POST": if readOnly: # A bad user is playing with urls... return HttpResponseRedirect(reverse("core:forbiden")) form = ExpensePaymentForm(request.POST) if form.is_valid(): if expense_payment_id: expensePayment = ExpensePayment.objects.get( id=expense_payment_id) expensePayment.payment_date = form.cleaned_data["payment_date"] else: expensePayment = ExpensePayment( payment_date=form.cleaned_data["payment_date"]) expensePayment.save() for expense in Expense.objects.filter( expensePayment=expensePayment): expense.expensePayment = None # Remove any previous association expense.save() if form.cleaned_data["expenses"]: for expense in form.cleaned_data["expenses"]: expense.expensePayment = expensePayment expense.workflow_in_progress = False expense.save() return HttpResponseRedirect(reverse("expense:expense_payments")) else: print("form is not valid") else: if expense_payment_id: expensePayment = ExpensePayment.objects.get(id=expense_payment_id) form = ExpensePaymentForm({ "expenses": list( Expense.objects.filter( expensePayment=expensePayment).values_list("id", flat=True)), "payment_date": expensePayment.payment_date }) # A form that edit current expense payment else: form = ExpensePaymentForm(initial={"payment_date": date.today() }) # An unbound form return render( request, "expense/expense_payments.html", { "modify_expense_payment": bool(expense_payment_id), "data_url": reverse('expense:expense_payment_table_DT'), "data_options": ''' "pageLength": 25, "order": [[0, "desc"]], "columnDefs": [{ "orderable": false, "targets": [1, 2, 4] }]''', "expense_to_pay_table": ExpenseTable(expensesToPay), "read_only": readOnly, "can_edit_vat": expense_administrator or expense_paymaster, "form": form, "user": request.user })
def expenses(request, expense_id=None, clone_from=None): """Display user expenses and expenses that he can validate""" expense_administrator, expense_manager, expense_paymaster, expense_requester = user_expense_perm(request.user) if not expense_requester: return HttpResponseRedirect(reverse("core:forbiden")) user_team = user_expense_team(request.user) try: if expense_id: expense = Expense.objects.get(id=expense_id) if not can_edit_expense(expense, request.user): messages.add_message(request, messages.WARNING, _("You are not allowed to edit that expense")) expense_id = None expense = None except Expense.DoesNotExist: messages.add_message(request, messages.ERROR, _("Expense %s does not exist" % expense_id)) expense_id = None if request.method == "POST": if expense_id: form = ExpenseForm(request.POST, request.FILES, instance=expense) else: form = ExpenseForm(request.POST, request.FILES) if form.is_valid(): expense = form.save(commit=False) if not hasattr(expense, "user"): # Don't update user if defined (case of expense updated by manager or administrator) expense.user = request.user expense.state = "REQUESTED" expense.workflow_in_progress = True expense.save() return HttpResponseRedirect(reverse("expense:expenses")) else: if expense_id: form = ExpenseForm(instance=expense) # A form that edit current expense elif clone_from: try: expense = Expense.objects.get(id=clone_from) expense.pk = None # Null pk so it will generate a new fresh object during form submit expense.receipt = None # Never duplicate the receipt, a new one need to be provided form = ExpenseForm(instance=expense) # A form with the new cloned expense (not saved) except Expense.DoesNotExist: form = ExpenseForm(initial={"expense_date": date.today()}) # An unbound form else: form = ExpenseForm(initial={"expense_date": date.today()}) # An unbound form # Get user expenses user_expenses = Expense.objects.filter(user=request.user, workflow_in_progress=True).select_related() if user_team: team_expenses = Expense.objects.filter(user__in=user_team, workflow_in_progress=True).select_related() else: team_expenses = [] if expense_administrator: # Admin manage all expenses managed_expenses = Expense.objects.filter(workflow_in_progress=True).select_related() elif expense_paymaster: # Paymaster manage all expenses except his own managed_expenses = Expense.objects.filter(workflow_in_progress=True).exclude(user=request.user).select_related() else: managed_expenses = team_expenses userExpenseTable = UserExpenseWorkflowTable(user_expenses) userExpenseTable.transitionsData = dict([(e.id, []) for e in user_expenses]) # Inject expense allowed transitions. Always empty for own expense userExpenseTable.expenseEditPerm = dict([(e.id, can_edit_expense(e, request.user)) for e in user_expenses]) # Inject expense edit permissions RequestConfig(request, paginate={"per_page": 50}).configure(userExpenseTable) managedExpenseTable = ManagedExpenseWorkflowTable(managed_expenses) managedExpenseTable.transitionsData = dict([(e.id, expense_next_states(e, request.user)) for e in managed_expenses]) # Inject expense allowed transitions managedExpenseTable.expenseEditPerm = dict([(e.id, can_edit_expense(e, request.user)) for e in managed_expenses]) # Inject expense edit permissions RequestConfig(request, paginate={"per_page": 100}).configure(managedExpenseTable) return render(request, "expense/expenses.html", {"user_expense_table": userExpenseTable, "managed_expense_table": managedExpenseTable, "modify_expense": bool(expense_id), "form": form, "user": request.user})
def expense(request, expense_id): """Display one expense""" expense_administrator, expense_subsidiary_manager, expense_manager, expense_paymaster, expense_requester = user_expense_perm( request.user) if not expense_requester: return HttpResponseRedirect(reverse("core:forbiden")) consultant = Consultant.objects.get( trigramme__iexact=request.user.username) user_team = consultant.user_team(exclude_self=False) try: expense = Expense.objects.get(id=expense_id) except Expense.DoesNotExist: raise Http404 if not (expense_administrator or expense_paymaster): if not (expense.user == request.user or \ expense.user in user_team or \ (expense_subsidiary_manager and users_are_in_same_company(expense.user, request.user))): return HttpResponseRedirect(reverse("core:forbiden")) return render( request, "expense/expense.html", { "expense": expense, "can_edit": can_edit_expense(expense, request.user), "can_edit_vat": expense_administrator or expense_paymaster, "user": request.user })