def file_create(self): """ New file view. Method for both post and get requests. """ form = FileCreateForm(self.request.POST, csrf_context=self.request.session) if self.request.method == 'POST' and form.validate(): f = File() form.populate_obj(f) """ If file. Yes this method works without a file. """ upload = self.request.POST.get('file') try: f.filename = f.make_filename(upload.filename) f.filemime = f.guess_mime(upload.filename) f.write_file(upload.file) except Exception: self.request\ .session.flash('File %s created but no file added' % (f.title), 'status') f.user_id = authenticated_userid(self.request) DBSession.add(f) self.request.session.flash('File %s created' % (f.title), 'success') return HTTPFound(location=self.request.route_url('files')) return {'title': 'New file', 'form': form, 'action': 'file_new'}
def all_queryed(cls, ucid, qry=False, cats=False, creds=False, total_only=False, fromdate=False, todate=False,): base = DBSession.query(Invoice) if total_only: base = DBSession.query(func.sum(Invoice.amount).label('a_sum'))\ base = base.join(Invoice.category)\ .join(Invoice.creditor)\ .filter(not_(and_(Category.private == True, Category.user_id != ucid))) """ if argument add filter(s).""" if qry: qry = "%"+qry+"%" base = base.filter(Invoice.title.like(qry)) if cats: for c in cats: base = base.filter(Category.id == c.id) if creds: for c in creds: base = base.filter(Creditor.id == c.id) if fromdate: base = base.filter(Invoice.due >= fromdate) if todate: base = base.filter(Invoice.due <= todate) return base
def with_category(cls, id, total_only=False): if total_only: return DBSession.query(func.sum(Expenditure.amount) .label('a_sum'))\ .filter(and_(Expenditure.archived == False, Expenditure.category_id == id))\ .first() return DBSession.query(Expenditure)\ .filter(and_(Expenditure.category_id == id, Expenditure.archived == False)).all()
def with_category_all_unpaid(cls, cid, total_only=False): base = DBSession.query(Invoice) if total_only: base = DBSession.query(func.sum(Invoice.amount).label('a_sum'))\ base = base.filter(and_(Invoice.category_id == cid, Invoice.archived == False, Invoice.paid == None))\ .all() return base
def creditor_create(self): """ New creditors. Method for both post and get request.""" form = CreditorCreateForm(self.request.POST, csrf_context=self.request.session) if self.request.method == "POST" and form.validate(): c = Creditor() form.populate_obj(c) c.user_id = authenticated_userid(self.request) DBSession.add(c) self.request.session.flash("Creditor %s created" % (c.title), "success") return HTTPFound(location=self.request.route_url("creditors")) return {"title": "New creditor", "form": form, "action": "creditor_new"}
def with_category_paid(cls, cid, year, month, total_only=False): base = DBSession.query(Invoice) if total_only: base = DBSession.query(func.sum(Invoice.amount).label('a_sum'))\ base = base.filter(and_(Invoice.category_id == cid, Invoice.archived == False, Invoice.paid != None))\ .filter(extract('year', Invoice.due) == year)\ .filter(extract('month', Invoice.due) == month)\ .all() return base
def user_restore(self): """ Restore user, returns redirect. """ id = int(self.request.matchdict.get('id')) u = User.by_id(id) if not u: return HTTPNotFound() u.archived = False DBSession.add(u) self.request.session.flash('User %s restored' % (u.email), 'status') return HTTPFound(location=self.request.route_url('users_archived'))
def _initTestingDB(makeuser=False): engine = create_engine('sqlite://') Base.metadata.create_all(engine) DBSession.configure(bind=engine) if makeuser: m = BPM() hashed = m.encode(u'1234567') with transaction.manager: user = User(email=u'*****@*****.**', password=hashed, group='admin', ) DBSession.add(user) return DBSession
def creditor_restore(self): """ Restore creditor, returns redirect. """ id = int(self.request.matchdict.get("id")) c = Creditor.by_id(id) if not c: return HTTPNotFound() """ Authorization check. """ if c.private and c.user_id is not authenticated_userid(self.request): return HTTPForbidden() c.archived = False DBSession.add(c) self.request.session.flash("Creditor %s restored" % (c.title), "status") return HTTPFound(location=self.request.route_url("creditors_archived"))
def all_active(cls, request, id=False): if not id: id = authenticated_userid(request) return DBSession.query(Creditor)\ .filter(Creditor.archived == False)\ .filter(not_(and_(Creditor.private == True, Creditor.user_id != id)))
def all_private(cls, request, id=False): if not id: id = authenticated_userid(request) return DBSession.query(Category)\ .filter(and_(Category.user_id == id, Category.private == True, Category.archived == False))
def category_create(self): """ New category view. """ form = CategoryCreateForm(self.request.POST, csrf_context=self.request.session) if self.request.method == 'POST' and form.validate(): c = Category() form.populate_obj(c) c.user_id = authenticated_userid(self.request) DBSession.add(c) self.request.session.flash('Category %s created' % (c.title), 'success') return HTTPFound(location=self.request.route_url('categories')) return {'title': 'New category', 'form': form, 'action': 'category_new'}
def category_archive(self): """ Archive category, returns redirect. """ id = int(self.request.matchdict.get('id')) c = Category.by_id(id) if not c: return HTTPNotFound() """ Authorization check. """ if c.private and c.user_id is not authenticated_userid(self.request): return HTTPForbidden() c.archived = True DBSession.add(c) self.request.session.flash('Category %s archived' % (c.title), 'status') return HTTPFound(location=self.request.route_url('categories'))
def user_archive(self): """ Archive user, returns redirect. """ a = authenticated_userid(self.request) id = int(self.request.matchdict.get('id')) """ User one (1) is a bit special...""" if id is 1: return HTTPNotFound() u = User.by_id(id) if not u: return HTTPNotFound() u.archived = True DBSession.add(u) self.request.session.flash('User %s archived' % (u.email), 'status') return HTTPFound(location=self.request.route_url('users'))
def user_create(self): """ New user view. Method handles both post and get requests. """ form = UserCreateForm(self.request.POST, csrf_context=self.request.session) if self.request.method == 'POST' and form.validate(): u = User() form.populate_obj(u) u.password = u.pm.encode(form.password.data) DBSession.add(u) self.request.session.flash('User %s created' % (u.email), 'success') return HTTPFound(location=self.request.route_url('users')) return {'title': 'New user', 'form': form, 'action': 'user_new'}
def expenditure_archive(self): """ Archive expenditure, returns redirect. """ id = int(self.request.matchdict.get('id')) e = Expenditure.by_id(id) if not e: return HTTPNotFound() """ Authorization check. """ if (e.category.private and e.category.user_id is not authenticated_userid(self.request)): return HTTPForbidden() e.archived = True DBSession.add(e) self.request.session.flash('Expenditure %s archived' % (e.title), 'status') return HTTPFound(location=self.request.route_url('expenditures'))
def expenditure_create(self): """ New expenditure. Method for both post and get request. """ form = ExpenditureCreateForm(self.request.POST, csrf_context=self.request.session) private = self.request.params.get('private') if private: """ Check if there exists any private categories. """ if not Category.first_private(self.request): self.request.session.flash(self.missing_priv_cat, 'error') return HTTPFound(location=self.request .route_url('expenditures')) form.category_id.query = Category.all_private(self.request) else: """ Check if there exists any categories. """ if not Category.first_active(): self.request.session.flash(self.missing_shared_cat, 'error') return HTTPFound(location=self.request .route_url('expenditures')) form.category_id.query = Category.all_active(self.request) if self.request.method == 'POST' and form.validate(): e = Expenditure() form.populate_obj(e) e.user_id = authenticated_userid(self.request) e.category_id = form.category_id.data.id DBSession.add(e) self.request.session.flash('Expenditure %s created' % (e.title), 'success') """ A bit ugly, but redirect the user based on private or not. """ if private: return HTTPFound(location= self.request .route_url('expenditures', _query={'private': 1})) return HTTPFound(location=self.request.route_url('expenditures')) return {'title': 'New private expenditure' if private else 'New expenditure', 'form': form, 'action': 'expenditure_new', 'private': private}
def invoice_restore(self): """ Restore invoice, returns redirect. """ id = int(self.request.matchdict.get('id')) i = Invoice.by_id(id) if not i: return HTTPNotFound() """ Authorization check. """ if (i.category.private and i.category.user_id is not authenticated_userid(self.request)): return HTTPForbidden() """ Authorization check. """ if (i.creditor.private and i.creditor.user_id is not authenticated_userid(self.request)): return HTTPForbidden() i.archived = False DBSession.add(i) self.request.session.flash('Invoice %s restored' % (i.title), 'status') return HTTPFound(location=self.request.route_url('invoices_archived'))
def main(argv=sys.argv): if len(argv) != 2: usage(argv) config_uri = argv[1] setup_logging(config_uri) settings = get_appsettings(config_uri) engine = engine_from_config(settings, 'sqlalchemy.') DBSession.configure(bind=engine) Base.metadata.create_all(engine) m = BPM() a_email = raw_input('Enter email for admin account: ') a_pw = getpass('Enter password for admin account: ') a_hashed = m.encode(a_pw) with transaction.manager: admin = User( email=a_email, password=a_hashed, group='admin', ) DBSession.add(admin)
def main(global_config, **settings): """ Pyrtos base script. This is where everything is called. Below are some basic configuration settings. """ engine = engine_from_config(settings, 'sqlalchemy.') DBSession.configure(bind=engine) Base.metadata.bind = engine authenPol = AuthTktAuthenticationPolicy('somesecret', callback=groupfinder, hashalg='sha512') authorPol = ACLAuthorizationPolicy() sess_factory = UnencryptedCookieSessionFactoryConfig('someothersecret') config = Configurator(settings=settings, authentication_policy=authenPol, authorization_policy=authorPol, root_factory='pyrtos.security.EntryFactory', session_factory=sess_factory,) config.add_static_view('static', 'static', cache_max_age=3600) config.add_request_method(can_i, 'can_i') """ Index route """ config.add_route('index', '/') """ Auth routes """ config.add_route('login', '/login') config.add_route('logout', '/logout') """ Category routes """ config.add_route('categories', '/categories') config.add_route('categories_archived', '/categories/archived') config.add_route('category_new', '/category/new') config.add_route('category_edit', '/category/edit/{id}') config.add_route('category_archive', '/category/archive/{id}') config.add_route('category_restore', '/category/restore/{id}') """ Tag routes """ config.add_route('tags', '/tags') """ User routes """ config.add_route('users', '/users') config.add_route('users_archived', '/users/archived') config.add_route('user_new', '/user/new') config.add_route('user_edit', '/user/edit/{id}') config.add_route('user_archive', '/user/archive/{id}') config.add_route('user_restore', '/user/restore/{id}') """ Creditor routes """ config.add_route('creditors', '/creditors') config.add_route('creditors_archived', '/creditors/archived') config.add_route('creditor_new', '/creditor/new') config.add_route('creditor_edit', '/creditor/edit/{id}') config.add_route('creditor_archive', '/creditor/archive/{id}') config.add_route('creditor_restore', '/creditor/restore/{id}') """ Income routes """ config.add_route('incomes', '/incomes') config.add_route('incomes_archived', '/incomes/archived') config.add_route('income_new', '/income/new') config.add_route('income_edit', '/income/edit/{id}') config.add_route('income_archive', '/income/archive/{id}') config.add_route('income_restore', '/income/restore/{id}') """ Expenditure routes """ config.add_route('expenditures', '/expenditures') config.add_route('expenditures_private', '/expenditures/private') config.add_route('expenditures_archived', '/expenditures/archived') config.add_route('expenditure_new', '/expenditure/new') config.add_route('expenditure_edit', '/expenditure/edit/{id}') config.add_route('expenditure_archive', '/expenditure/archive/{id}') config.add_route('expenditure_restore', '/expenditure/restore/{id}') """ Invoice routes """ config.add_route('invoices', '/invoices') config.add_route('invoices_archived', '/invoices/archived') config.add_route('invoices_search', '/invoices/search') config.add_route('invoice_new', '/invoice/new') config.add_route('invoice_edit', '/invoice/edit/{id}') config.add_route('invoice_quickpay', '/invoice/quickpay/{id}') config.add_route('invoice_archive', '/invoice/archive/{id}') config.add_route('invoice_restore', '/invoice/restore/{id}') """ File routes """ config.add_route('files', '/files') config.add_route('files_archived', '/files/archived') config.add_route('file_new', '/file/new') config.add_route('file_download', '/file/download/{id}') config.scan() return config.make_wsgi_app()
def all_archived(cls, request): id = authenticated_userid(request) return DBSession.query(File)\ .filter(File.archived == True)\ .filter(not_(and_(File.private == True, File.user_id != id)))
def by_id(cls, id): return DBSession.query(User).filter(User.id == id).first()
def amount_sum(cls): return DBSession.query(func.sum(Income.amount).label('a_sum'))\ .filter(Income.archived == False).first()
def by_id(cls, id): return DBSession.query(Income).filter(Income.id == id).first()
def all_archived(cls): return DBSession.query(Income).filter(Income.archived == True)
def all_active(cls): return DBSession.query(Income).filter(Income.archived == False)
def by_email(cls, email): return DBSession.query(User).filter(User.email == email).first()
def all_users(cls): return DBSession.query(User).all()
def all_active(cls): return DBSession.query(User).filter(User.archived == False)
def all_archived(cls): return DBSession.query(User).filter(User.archived == True)