def post(self, payroll_user=None, week=None):
if self.user is not None:
for input, value in request.form.iteritems():
if value:
punch_type, input_id = input.split('-')
current_record = TimeRecord.objects(id=input_id).get()
try:
time = datetime.datetime.strptime(value, '%I:%M %p')
day = current_record.date
timestamp = datetime.datetime.combine(day, time.time())
except ValueError, e:
pass
if punch_type == 'clockin':
current_record.clock_in = timestamp
else:
current_record.clock_out = timestamp
if current_record.clock_in and current_record.clock_out:
current_record.set_hours()
current_record.save()
if payroll_user and week:
return redirect((url_for('payroll',
payroll_user=payroll_user,
week=week)))
return redirect(url_for('payroll'))
def post(self):
id = None
approver = None
if 'id' in request.form:
approve, id = request.form['id'].split('-')
if 'approver' in request.form:
approver = request.form['approver']
if not id or not approver:
return "error"
time_record = TimeRecord.objects(id=id).get()
time_record.approved = True
time_record.approved_by = approver
time_record.save()
return approver
def post(self):
id = None
approver = None
if 'id' in request.form:
approve, id = request.form['id'].split('-')
if 'approver' in request.form:
approver = request.form['approver']
if not id or not approver:
return "error"
time_record = TimeRecord.objects(id=id).get()
time_record.approved = True
time_record.approved_by = approver
time_record.save()
return approver
def post(self):
if self.user is not None and self.user.is_approver:
id = None
approver = None
if 'id' in request.form:
approve, id = request.form['id'].split('-')
if 'approver' in request.form:
approver = request.form['approver']
if not id or not approver:
return "error"
time_record = TimeRecord.objects(id=id).get()
time_record.approved = True
time_record.approved_by = approver
time_record.save()
return approver
else:
flash("You are not an approver!")
return render_template('index.html')
def post(self):
# check logged in
if not self.user or not self.user.username or not self.user.is_authenticated:
return "error: not authenticated"
# check user is an approver
if not self.user.is_approver:
return "error: permission denied"
id = None
if 'id' in request.form:
approve, id = request.form['id'].split('-')
if not id:
return "error"
time_record = TimeRecord.objects(id=id).get()
time_record.approved = True
time_record.approved_by = self.user.username
time_record.save()
return "success"
def post(self, payroll_user=None, week=None):
for input, value in request.form.iteritems():
if value:
punch_type, input_id = input.split('-')
current_record = TimeRecord.objects(id=input_id).get()
try:
time = datetime.datetime.strptime(value, '%I:%M %p')
day = current_record.date
timestamp = datetime.datetime.combine(day, time.time())
except ValueError, e:
pass
if punch_type == 'clockin':
current_record.clock_in = timestamp
else:
current_record.clock_out = timestamp
if current_record.clock_in and current_record.clock_out:
current_record.set_hours()
current_record.save()
def post(self, payroll_user=None, week=None):
# check logged in
if not self.user or not self.user.username or not self.user.is_authenticated:
return redirect('/logout?byebye=yes')
# make sure someone isn't trying to set someone else's payroll info...
if payroll_user:
if not payroll_user == crypto.decrypt(self.user.username):
print "INVALID USER REQUEST: ", payroll_user
return redirect('/logout?byebye=yes')
# sanitize input for week parameter
if week:
if not utils.sanitize_number_input(week):
print "INVALID WEEK PARAMETER: ", week
return redirect('/logout?byebye=yes')
for input, value in request.form.iteritems():
if value:
punch_type, input_id = input.split('-')
# check punch type
if not punch_type == 'clockin':
if not punch_type == 'clockout':
print "INVALID PUNCH TYPE: ", punch_type
return redirect('/logout?byebye=yes')
# check record id input
if not utils.sanitize_mongo_hash(input_id):
print "INVALID RECORD ID: ", input_id
return redirect('/logout?byebye=yes')
current_record = TimeRecord.objects(id=input_id).get()
# only update the record if the current user actually owns it
# users can only update their own records...
if current_record.username == self.user.username:
# only let the user update the record if it hasn't been approved (no after the fact modifications)
if not current_record.approved:
# check time value
if not utils.sanitize_time_input(value):
print "INVALID TIME ENTRY: ", value
return redirect('/logout?byebye=yes')
try:
time = datetime.datetime.strptime(value, '%I:%M %p')
day = current_record.date
timestamp = datetime.datetime.combine(day, time.time())
except ValueError, e:
pass
if punch_type == 'clockin':
current_record.clock_in = timestamp
else:
current_record.clock_out = timestamp
if current_record.clock_in and current_record.clock_out:
current_record.set_hours()
current_record.save()
