def post(self, payroll_user=None, week=None): if self.user is not None: for input, value in request.form.iteritems(): if value: punch_type, input_id = input.split('-') current_record = TimeRecord.objects(id=input_id).get() try: time = datetime.datetime.strptime(value, '%I:%M %p') day = current_record.date timestamp = datetime.datetime.combine(day, time.time()) except ValueError, e: pass if punch_type == 'clockin': current_record.clock_in = timestamp else: current_record.clock_out = timestamp if current_record.clock_in and current_record.clock_out: current_record.set_hours() current_record.save() if payroll_user and week: return redirect((url_for('payroll', payroll_user=payroll_user, week=week))) return redirect(url_for('payroll'))
def post(self): id = None approver = None if 'id' in request.form: approve, id = request.form['id'].split('-') if 'approver' in request.form: approver = request.form['approver'] if not id or not approver: return "error" time_record = TimeRecord.objects(id=id).get() time_record.approved = True time_record.approved_by = approver time_record.save() return approver
def post(self): if self.user is not None and self.user.is_approver: id = None approver = None if 'id' in request.form: approve, id = request.form['id'].split('-') if 'approver' in request.form: approver = request.form['approver'] if not id or not approver: return "error" time_record = TimeRecord.objects(id=id).get() time_record.approved = True time_record.approved_by = approver time_record.save() return approver else: flash("You are not an approver!") return render_template('index.html')
def post(self): # check logged in if not self.user or not self.user.username or not self.user.is_authenticated: return "error: not authenticated" # check user is an approver if not self.user.is_approver: return "error: permission denied" id = None if 'id' in request.form: approve, id = request.form['id'].split('-') if not id: return "error" time_record = TimeRecord.objects(id=id).get() time_record.approved = True time_record.approved_by = self.user.username time_record.save() return "success"
def post(self, payroll_user=None, week=None): for input, value in request.form.iteritems(): if value: punch_type, input_id = input.split('-') current_record = TimeRecord.objects(id=input_id).get() try: time = datetime.datetime.strptime(value, '%I:%M %p') day = current_record.date timestamp = datetime.datetime.combine(day, time.time()) except ValueError, e: pass if punch_type == 'clockin': current_record.clock_in = timestamp else: current_record.clock_out = timestamp if current_record.clock_in and current_record.clock_out: current_record.set_hours() current_record.save()
def post(self, payroll_user=None, week=None): # check logged in if not self.user or not self.user.username or not self.user.is_authenticated: return redirect('/logout?byebye=yes') # make sure someone isn't trying to set someone else's payroll info... if payroll_user: if not payroll_user == crypto.decrypt(self.user.username): print "INVALID USER REQUEST: ", payroll_user return redirect('/logout?byebye=yes') # sanitize input for week parameter if week: if not utils.sanitize_number_input(week): print "INVALID WEEK PARAMETER: ", week return redirect('/logout?byebye=yes') for input, value in request.form.iteritems(): if value: punch_type, input_id = input.split('-') # check punch type if not punch_type == 'clockin': if not punch_type == 'clockout': print "INVALID PUNCH TYPE: ", punch_type return redirect('/logout?byebye=yes') # check record id input if not utils.sanitize_mongo_hash(input_id): print "INVALID RECORD ID: ", input_id return redirect('/logout?byebye=yes') current_record = TimeRecord.objects(id=input_id).get() # only update the record if the current user actually owns it # users can only update their own records... if current_record.username == self.user.username: # only let the user update the record if it hasn't been approved (no after the fact modifications) if not current_record.approved: # check time value if not utils.sanitize_time_input(value): print "INVALID TIME ENTRY: ", value return redirect('/logout?byebye=yes') try: time = datetime.datetime.strptime(value, '%I:%M %p') day = current_record.date timestamp = datetime.datetime.combine(day, time.time()) except ValueError, e: pass if punch_type == 'clockin': current_record.clock_in = timestamp else: current_record.clock_out = timestamp if current_record.clock_in and current_record.clock_out: current_record.set_hours() current_record.save()