forked from mpdavis/ncdc-web
-
Notifications
You must be signed in to change notification settings - Fork 0
/
views.py
394 lines (324 loc) · 11.4 KB
/
views.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
import datetime
import time
import logging
import json
import os
import hashlib
from flask import send_from_directory, render_template, request, redirect, url_for, session, abort, flash
from flask.views import MethodView
import flask_login
from flask_login import login_required
from settings import API_SERVER, TIMESHEET_DIR
import utils
import forms
from models import User, TimeRecord
class UserAwareView(MethodView):
"""
A base view class to extend.
"""
@property
def session(self):
"""
Adds the session property to the view.
"""
return session
@property
def user(self):
"""
Adds the user property to the view.
:returns: The currently logged in user if one exists, else None
"""
if not flask_login.current_user.is_anonymous():
return flask_login.current_user._get_current_object()
else:
return None
def get_context(self, extra_ctx=None, **kwargs):
"""
Adds a helper function to the view to get the context.
:returns: The current context with the user set.
"""
ctx = {
'user': self.user,
}
if extra_ctx:
ctx.update(extra_ctx)
ctx.update(kwargs)
return ctx
class Home(UserAwareView):
"""
The view for the home page.
"""
def get(self):
context = self.get_context()
context['nav'] = 'home'
return render_template('index.html', **context)
class About(UserAwareView):
"""
The view for the about page.
"""
def get(self):
context = self.get_context()
context['nav'] = 'about'
return render_template('about.html', **context)
class Login(UserAwareView):
"""
The view for the login page.
"""
def get(self):
context = self.get_context()
context['nav'] = 'login'
context['form'] = forms.LoginForm()
return render_template('login.html', **context)
def post(self):
form = forms.LoginForm(request.form)
authorized = False
error = ''
username = form.username.data
password = form.password.data
remember = form.remember_me.data
if form.validate():
user = User.get_user_by_username(username)
if not user:
return "Incorrect Username"
authorized = utils.check_password(password, user)
if authorized:
flask_login.login_user(user, remember=remember)
return "success"
return "Incorrect Password"
class Logout(UserAwareView):
"""
The view for the logout page.
"""
decorators = [login_required]
def get(self):
flask_login.logout_user()
return redirect(url_for('login'))
class Report(UserAwareView):
"""
This View will force download a report
"""
def get(self, username=None):
if self.user is not None and self.user.is_admin:
return send_from_directory(TIMESHEET_DIR,username+".xlsx", as_attachment=True)
else:
return "Access Denied"
class Payroll(UserAwareView):
"""
The view for the payroll page.
"""
def get(self, payroll_user=None, week=None):
if self.user is not None:
start_date = utils.get_last_monday(datetime.date.today())
end_date = start_date + datetime.timedelta(days=6)
if week:
start_date = utils.get_last_monday(datetime.date.fromtimestamp(float(week)))
end_date = start_date + datetime.timedelta(days=6)
records = TimeRecord.get_current_week(payroll_user or self.user.username, start_date)
else:
records = TimeRecord.get_current_week(payroll_user or self.user.username)
if not records:
return abort(404)
next_date = start_date + datetime.timedelta(days=7)
prev_date = start_date - datetime.timedelta(days=7)
context = {
'nav': 'payroll',
'user': self.user,
'table_rows': records,
'payroll_username': payroll_user or self.user.username,
'start_date': start_date,
'end_date': end_date,
'prev_timestamp': time.mktime(prev_date.timetuple()),
'next_timestamp': time.mktime(next_date.timetuple()),
}
return render_template('payroll.html', **context)
else:
flash("Please log in before accessing the payroll system")
return render_template('index.html')
def post(self, payroll_user=None, week=None):
if self.user is not None:
for input, value in request.form.iteritems():
if value:
punch_type, input_id = input.split('-')
current_record = TimeRecord.objects(id=input_id).get()
try:
time = datetime.datetime.strptime(value, '%I:%M %p')
day = current_record.date
timestamp = datetime.datetime.combine(day, time.time())
except ValueError, e:
pass
if punch_type == 'clockin':
current_record.clock_in = timestamp
else:
current_record.clock_out = timestamp
if current_record.clock_in and current_record.clock_out:
current_record.set_hours()
current_record.save()
if payroll_user and week:
return redirect((url_for('payroll',
payroll_user=payroll_user,
week=week)))
return redirect(url_for('payroll'))
else:
flash("Please log in before accessing the payroll system")
return render_template('index.html')
class Approve(UserAwareView):
"""
The view for the approve page.
"""
def get(self):
if self.user is not None:
if self.user.is_approver:
context = {'nav': 'approve','user': self.user}
records = TimeRecord.get_unapproved_records()
context['records'] = records
return render_template('approve.html', **context)
else:
flash("You are not an approver!")
return render_template('index.html')
else:
flash("Please log in before accessing the payroll system")
return render_template('index.html')
def post(self):
if self.user is not None and self.user.is_approver:
id = None
approver = None
if 'id' in request.form:
approve, id = request.form['id'].split('-')
if 'approver' in request.form:
approver = request.form['approver']
if not id or not approver:
return "error"
time_record = TimeRecord.objects(id=id).get()
time_record.approved = True
time_record.approved_by = approver
time_record.save()
return approver
else:
flash("You are not an approver!")
return render_template('index.html')
class Admin(UserAwareView):
"""
The view for the admin page.
"""
def get(self):
if self.user is not None and self.user.is_admin:
users = User.objects()
add_user_form = forms.AddUser()
context = {
'nav': 'admin',
'users': users,
'user': self.user,
'form': add_user_form,
'api_server': API_SERVER
}
return render_template('admin.html', **context)
else:
flash('Please log in before trying to access the admin page')
return render_template('index.html')
def post(self):
if self.user is not None and self.user.is_admin:
if not 'username' in request.form:
return 'error'
user = User.get_user_by_username(request.form['username'])
for key, value in request.form.items():
if hasattr(user, key):
if value == 'true':
value = True
elif value == 'false':
value = False
setattr(user, key, value)
user.save()
data = {
'user': user,
'api_server': API_SERVER
}
return render_template('admin_user_row.html', **data)
else:
flash('Please log in before trying to access the admin page')
return render_template('index.html')
class AddUser(UserAwareView):
"""
The AJAX endpoint for adding a user to the system.
"""
def post(self):
if self.user is not None and self.user.is_admin:
form = forms.AddUser(request.form)
if form.validate():
username = form.username.data
password = hashlib.sha512(form.password.data).hexdigest()
is_admin = form.is_admin.data
is_approver = form.is_approver.data
ssn = form.ssn.data
wage = form.wage.data
user = User(username=username,
password=password,
is_admin=is_admin,
is_approver=is_approver,
ssn=ssn,
wage=wage).save()
data = {'user': user}
return render_template('admin_user_row.html', **data)
return 'error'
else:
return 'error'
class DeleteUser(UserAwareView):
"""
The AJAX endpoint for deleting a user from the system.
"""
def post(self):
if self.user is not None and self.user.is_admin:
username = None
operator = None
logging.warning(request.form)
if 'username' in request.form:
username = request.form['username']
if 'operator' in request.form:
operator = request.form['operator']
if not username or not operator:
return 'error'
deleted = User.delete_user(username)
return "done"
else:
return "not done, you are not an admin!"
class GetInfo(UserAwareView):
"""
The REST API endpoint for getting payroll info about a user.
"""
def get(self, username):
if self.user is not None and self.user.is_admin:
days = int(request.args.get('days', 14))
user = User.get_user_by_username(username)
if not user:
abort(404)
records = TimeRecord.get_approved_records_by_username(username, num_days=days)
record_list = []
for record in records:
record_list.append({
'date': record.date.strftime('%B %d'),
'clock-in': record.clock_in.strftime('%I:%M %p'),
'clock-out': record.clock_out.strftime('%I:%M %p'),
'approved': record.approved,
'approved-by': record.approved_by
})
response = {
'username': user.username,
'ssn': user.ssn,
'wage': user.wage,
'records': record_list
}
else:
response = {
'msg': 'You are not authenticated, or you do not have permission to use this action'
}
return json.dumps(response)
class GetUsers(UserAwareView):
"""
The REST API endpoint for getting a list of users.
"""
def get(self):
if self.user is not None and self.user.is_admin:
users = User.objects()
user_list = [user.username for user in users]
return json.dumps({'users': user_list})
else:
return json.dumps({'msg': 'you are not authenticated or you do not have permission to use this action'})