Exemple #1
0
    def get(self):
        date_str = self.request.GET.get('date')
        date = datetime.datetime.strptime(date_str, '%d.%m.%Y')

        entries = self._get_time_entries(date)

        total_sum = sum(entry.time for (tracker, entry) in entries
                        if not entry.deleted)
        form = TimeEntryForm()

        needs_justification = False
        for tracker, timeentry in entries:
            if timeentry.modified_ts.date() > timeentry.date:
                needs_justification = True

        return dict(
            date=date,
            entries=entries,
            form=form,
            user=self.request.user,
            prev_date=previous_day(date),
            next_date=next_day(date),
            total_sum=total_sum,
            needs_justification=needs_justification,
            justification_status=excuses.wrongtime_status(
                date, self.request.user.id),
            can_modify=user_can_modify_timeentry(self.request.user, date),
        )
Exemple #2
0
    def protect(self):
        '''
            User can edit `TimeEntry` only during current month
        '''
        timeentry_id = self.request.matchdict.get('id')
        timeentry = TimeEntry.query.get(timeentry_id)

        if timeentry is None:
            raise HTTPNotFound("Not Found")

        is_same_user = timeentry.user_id == self.request.user.id
        self.v['timeentry'] = timeentry

        if self.request.has_perm('admin'):
            return

        if self.request.method in ("PUT", "DELETE"):
            if not user_can_modify_timeentry(self.request.user,
                                             timeentry.date):
                raise HTTPForbidden()
            elif timeentry.deleted:
                raise HTTPBadRequest()
            elif not is_same_user:
                raise HTTPBadRequest()

        if self.request.method == "GET":
            if self.request.user.freelancer and not is_same_user:
                raise HTTPForbidden()
Exemple #3
0
    def protect(self):
        """
            User can edit `TimeEntry` only during current month
        """
        timeentry_id = self.request.matchdict.get("id")
        timeentry = TimeEntry.query.get(timeentry_id)

        if timeentry is None:
            raise HTTPNotFound("Not Found")

        is_same_user = timeentry.user_id == self.request.user.id
        self.v["timeentry"] = timeentry

        if self.request.has_perm("admin"):
            return

        if self.request.method in ("PUT", "DELETE"):
            if not user_can_modify_timeentry(self.request.user, timeentry.date):
                raise HTTPForbidden()
            elif timeentry.deleted:
                raise HTTPBadRequest()
            elif not is_same_user:
                raise HTTPBadRequest()

        if self.request.method == "GET":
            if self.request.user.freelancer and not is_same_user:
                raise HTTPForbidden()
Exemple #4
0
    def protect(self):
        user, date = self._get_params()
        is_same_user = user.id == self.request.user.id

        self.v["user"] = user
        self.v["date"] = date

        if self.request.has_perm("admin"):
            return

        if self.request.method == "POST":
            if not is_same_user or not user_can_modify_timeentry(self.request.user, date):
                raise HTTPForbidden()

        if self.request.method == "GET":
            if user.freelancer and not is_same_user:
                raise HTTPForbidden()
Exemple #5
0
    def protect(self):
        user, date = self._get_params()
        is_same_user = user.id == self.request.user.id

        self.v['user'] = user
        self.v['date'] = date

        if self.request.has_perm('admin'):
            return

        if self.request.method == "POST":
            if not is_same_user or not user_can_modify_timeentry(
                    self.request.user, date):
                raise HTTPForbidden()

        if self.request.method == "GET":
            if user.freelancer and not is_same_user:
                raise HTTPForbidden()
Exemple #6
0
    def get(self):
        date_str = self.request.GET.get('date')
        date = datetime.datetime.strptime(date_str, '%d.%m.%Y')

        entries = self._get_time_entries(date)

        total_sum = sum(entry.time for (tracker, entry) in entries if not entry.deleted)
        form = TimeEntryForm()

        needs_justification = False
        for tracker, timeentry in entries:
            if timeentry.modified_ts.date() > timeentry.date:
                needs_justification = True

        return dict(
            date=date, entries=entries, form=form,
            user=self.request.user,
            prev_date=previous_day(date), next_date=next_day(date),
            total_sum=total_sum,
            needs_justification=needs_justification,
            justification_status=excuses.wrongtime_status(date, self.request.user.id),
            can_modify=user_can_modify_timeentry(self.request.user, date),
        )