def upload_payment(user):
"""
upload a payment for a given project
only the creator can upload a payment
"""
if user["role"] != "Creator":
abort(
custom_make_response(
"error", "You are not authorized to carry out this action.",
403))
try:
receivedFile = request.files["paymentExcelFile"]
if allowed_extension(receivedFile.filename) and receivedFile:
return file_operation(
receivedFile,
PAYMENTS_UPLOAD_FOLDER,
"Payment",
user["companyId"],
user["id"],
)
return custom_make_response(
"error",
"Only excel files are allowed, please select\
a payment excel file & try again.",
400,
)
except Exception as e:
error_messages(e, "payment")
def get_projects(user, companyId):
"""get projects for the given user company"""
if user["companyId"] == companyId:
company_projects = Project.query.filter_by(companyId=companyId).all()
_projects = projects_schema.dump(company_projects)
if not _projects:
return abort(
custom_make_response(
"error",
"No projects exist for your company, Once you\
create some they will appear here.",
404,
)
)
elif _projects:
return custom_make_response(
"data", _projects, 200
)
else:
return abort(
custom_make_response(
"error",
"There appears to be a mismatch in the authorization\
data,Please logout, login & try again, if the problem\
persists,contact the site administrator.",
400,
)
)
def set_new_password(user):
"""updates a user password from the reset page"""
try:
data = request.get_json()
email = user["email"]
new_password = data["password"]
check_for_whitespace(data, ["email", "password"])
isValidEmail(email)
isValidPassword(new_password)
User.query.filter_by(email=user["email"]).update(
dict(password=f"{generate_password_hash(str(new_password))}"))
db.session.commit()
subject = """Password updated successfully."""
content = f"""
{password_reset_success_content()}
<a href="/forgot"
style="{button_style()}"
>Forgot Password</a>
{email_signature()}
"""
send_mail(email, subject, content)
return custom_make_response(
"data", "Your password has been updated successfully", 200)
except Exception as e:
abort(
custom_make_response("error", f"The following error ocurred: {e}",
400))
def close_or_suspend_project(user, id):
"""
close or suspend the project.
"""
if user['role'] != "Creator":
abort(
custom_make_response(
"error",
"You are not authorized to carryout this function",
403
)
)
try:
data = request.get_json()
project_status = data['new_status']
check_for_whitespace(data, ["new_status"])
update_project_params = {
"project_status": project_status
}
Project.query.filter_by(id=id).update(update_project_params)
db.session.commit()
return custom_make_response(
"data", f"Project {project_status} successfully.", 200)
except Exception as e:
abort(
custom_make_response(
"error", f"The following error occured :: {e}", 400
)
)
def get_project_payments(user, project_no):
"""
given a user and project id go fetch the
given project payments over time.
"""
file_data = (db.session.query(Project, Payments).filter(
Project.projectNumber == Payments.project_number).filter_by(
projectNumber=project_no).all())
if not file_data:
abort(
custom_make_response(
"error",
"No file(s) have been found for your company,\
ask the creator to upload & try again.",
404,
))
files_list = []
for result in file_data:
result_format = {
"project_name": result[0].project_name,
"project_number": result[0].projectNumber,
"employee_id": result[1].employee_id,
"employee_name": result[1].employee_name,
"expense_head": result[1].expense_head,
"rate": result[1].rate,
"days": result[1].days,
"file_id": result[1].file_id,
"float_amount": result[1].total_amount,
"advance_amount": result[1].advance_amount
}
files_list.append(result_format)
return custom_make_response("data", files_list, 200)
def get_authorizer_files(user):
"""return the files for a given company for the authorizer"""
file_data = (db.session.query(
Files, Project,
Employees).filter(Files.projectId == Project.id).filter(
Files.createdBy == Employees.id).filter_by(
companyId=user["companyId"]).all())
if not file_data:
abort(
custom_make_response(
"error",
"No file(s) have been found for your company,\
ask the creator to upload & try again.",
404,
))
fileList = []
for result in file_data:
result_format = {
"Id": result[0].id,
"fileType": result[0].fileType,
"project_name": result[1].project_name,
"projectNumber": result[1].projectNumber,
"fullname": result[2].fullname,
"createdBy": result[0].createdBy,
"fileStatus": result[0].fileStatus,
"fileAmount": result[0].fileAmount,
"dateCreated": result[0].dateCreated.strftime("%Y-%m-%d"),
"fileName": result[0].fileName,
}
fileList.append(result_format)
return custom_make_response("data", fileList, 200)
def upload_employee_master(user):
"""
upload the employee master file for a
given company only the admin can do this
"""
try:
receivedFile = request.files["employeeExcelFile"]
if allowed_extension(receivedFile.filename) and receivedFile:
secureFilename = secure_filename(receivedFile.filename)
filePath = os.path.join(
current_app.root_path, EMPLOYEE_UPLOAD_FOLDER, secureFilename)
receivedFile.save(filePath)
new_file_path = rename_file(
filePath,
user["companyId"], EMPLOYEE_UPLOAD_FOLDER, "_employees_"
)
add_id_and_company_id(new_file_path, user["companyId"])
updated_file_path = add_id_and_company_id(
new_file_path, user["companyId"])
csvFile = convert_to_csv(updated_file_path, EMPLOYEE_UPLOAD_FOLDER)
insert_csv(csvFile, 'public."Employees"')
return custom_make_response(
"data", "Employees data saved successfully.", 200
)
else:
return custom_make_response(
"error", "Only excel files are allowed.", 400)
except psycopg2.Error as e:
# exceptions go to site administrator and email
# the user gets a friendly error notification
if e.pgcode == ("23505"):
remove_unused_duplicates(updated_file_path)
remove_unused_duplicates(csvFile)
abort(
custom_make_response(
"error",
"The record(s) you are trying to upload\
already exist in the database.",
409,
)
)
elif e.pgcode == ("22P04"):
remove_unused_duplicates(updated_file_path)
remove_unused_duplicates(csvFile)
abort(
custom_make_response(
"error",
"The file you are uploading is not in the\
allowed format for employees file.",
400,
)
)
else:
abort(
custom_make_response(
"error", f"The following error occured {e}", 400)
)
def get_project_region(user, projectId):
"""
get project regions
"""
project_regions = ProjectRegions.query.filter_by(projectId=projectId).all()
regions = project_regions_schema.dump(project_regions)
if not regions:
abort(
custom_make_response(
"error", "No regions have been found for that project\
please create some and try again.", 404))
else:
return custom_make_response("data", regions, 200)
def authorize_or_reject_withdraw(user, id):
"""authorize or reject file"""
try:
data = request.get_json()
new_status = data["new_status"]
advance_amount = data["advance_amount"]
fileId = id
date_actioned = datetime.datetime.utcnow()
todays_date = date_actioned.strftime("%Y-%m-%d")
file_status = new_status
check_for_whitespace(data, ["new_status", "file_id"])
new_file_params = {
"fileStatus": file_status,
"dateAuthorizedOrRejected": todays_date,
"authorizedOrRejectedBy": user["id"],
}
Files.query.filter_by(id=fileId).update(new_file_params)
if data["new_status"] == "Authorized":
returned_file, project_id, file_type = get_authorized_files(id)
returned_file["advance_amount"] = float(advance_amount)
authorized_file = Payments(**returned_file)
db.session.add(authorized_file)
db.session.commit()
if file_type == "Payment":
_budget_file = Files.query.\
filter_by(projectId=project_id).\
filter_by(fileType="Budget").all()
budget_file = files_schema.dump(_budget_file)
budget_amount = budget_file[0]["fileAmount"]
new_budget_amount = budget_amount - float(advance_amount)
new_amount = {"fileAmount": new_budget_amount}
Files.query.filter_by(projectId=project_id).\
filter_by(fileType="Budget").update(new_amount)
payment_file = get_individual_payment_amount(id)
for file in payment_file:
auth_advance_amount = {
"advance_amount": file['total_amount']
}
Payments.query.filter(Payments.file_id == id).\
filter(Payments.id == file['id']).\
update(auth_advance_amount)
db.session.commit()
return custom_make_response("data",
f"File {file_status} successfully.", 200)
except Exception as e:
abort(
custom_make_response("error",
f"The following error occured :: {e}", 400))
def reactivate_system_user(user):
"""
reactivate a suspended user account
check if account is suspended if not
then notify the user no need proceeding
if account if already active.
"""
try:
data = request.get_json()
email = data["email"]
check_for_whitespace(data, ["email"])
isValidEmail(email)
employee = employee_schema.dump(
Employees.query.filter_by(companyId=user['companyId']).filter_by(
email=email).first())
if not employee:
abort(403)
user = user_schema.dump(
User.query.filter_by(email=email).filter_by(
companyId=user['companyId']).first())
if employee and not user:
abort(404)
if user['isActive'] == 'true':
abort(400)
User.query.filter_by(email=email).update(dict(isActive="true"))
db.session.commit()
return custom_make_response("data",
"User account activated successfully", 200)
except Exception as e:
if (e.code == 400):
return custom_make_response("error",
"The user account is already active.",
400)
elif (e.code == 403):
return custom_make_response(
"error", "The user whose account you are trying to activate \
is not a member of your company", 403)
elif (e.code == 404):
return custom_make_response(
"error", "You are trying to activate an account\
that does not exist, Please create one.", 404)
def get_project_number(user):
"""
get the next project/job number for a given
company
"""
project_data = ProjectNumber.query.\
filter_by(companyId=user['companyId']).first()
the_number = project_number_schema.dump(project_data)
if not the_number:
abort(
custom_make_response(
"error", "No project/job number has been set for your company",
404))
else:
return custom_make_response("data", the_number['projectNumber'], 200)
def suspend_system_user(user):
"""
suspend a system user
"""
try:
data = request.get_json()
email = data["email"]
check_for_whitespace(data, ["email"])
isValidEmail(email)
employee = employee_schema.dump(
Employees.query.filter_by(companyId=user['companyId']).filter_by(
email=email).first())
if not employee:
abort(400)
user = user_schema.dump(
User.query.filter_by(email=email).filter_by(
companyId=user['companyId']).first())
if employee and not user:
abort(404)
if user['isActive'] == 'false':
abort(403)
User.query.filter_by(email=email).update(dict(isActive="false"))
db.session.commit()
return custom_make_response("data",
"User account suspended successfully", 200)
except Exception as e:
if (e.code == 400):
return custom_make_response(
"error", "The user you are trying to suspend \
is not a member of your company", 400)
elif (e.code == 404):
return custom_make_response(
"error", "The employee you are trying to\
suspend is not a system user.", 404)
elif (e.code == 403):
return custom_make_response(
"error", "The user account is already suspended.", 403)
else:
return custom_make_response(
"error", "An internal server error occured,\
the site admin has been notified, \
please give it a moment and try again.", 500)
def get_authorized_files(file_id):
"""return all info for a given file"""
file_data = (db.session.query(
Files, Project,
Employees).filter(Files.projectId == Project.id).filter(
Files.createdBy == Employees.id).filter(Files.id == file_id).all())
if not file_data:
abort(
custom_make_response(
"error",
"No file(s) have been found for your company,\
ask the creator to upload & try again.",
404,
))
for result in file_data:
result_format = {
"id": generate_db_ids(),
"employee_id": result[0].createdBy,
"project_number": result[1].projectNumber,
"project_name": result[1].project_name,
"employee_name": result[2].fullname,
"expense_head": result[0].fileType,
"rate": 0,
"days": 0,
"total_amount": 0,
"file_id": result[0].id,
}
return result_format, result[1].id, result[0].fileType
def send_mail(user_email, the_subject, the_content):
"""send email on relevant user action"""
message = Mail(
from_email=("*****@*****.**", "BT Technologies Team"),
to_emails=user_email,
subject=the_subject,
html_content=the_content,
)
try:
sg = SendGridAPIClient(os.environ.get("SENDGRID_KEY"))
sg.send(message)
except Exception as e:
custom_make_response(
"error",
f"an error occured sending email contact administrator\
{e}",
500,
)
def get_companies(user):
"""
get all companies that are registered
at any onetime
"""
# please note only the site admin
# should have access to this data
all_companies = Company.query.all()
return custom_make_response("data", companies_schema.dump(all_companies),
200)
def update_project_number(user):
"""
update project/job number for a given company
"""
try:
data = request.json()
companyId = user['companyId']
projectNumber = data['projectNumber']
check_for_whitespace(data, ["projectNumber"])
update_project_number = {"projectNumber": projectNumber + 1}
ProjectNumber.query.\
filter_by(companyId=companyId).update(update_project_number)
db.session.commit()
return custom_make_response("data",
"Project number updated successfully.",
200)
except Exception as e:
abort(
custom_make_response("error",
f"The following error occured :: {e}", 400))
def get_employees(user, companyId):
"""
return the employees of a given company
"""
if user["companyId"] == companyId:
company_employees = Employees.query.filter_by(
companyId=companyId).all()
if not company_employees:
return abort(
custom_make_response(
"error",
"No employees have been found for your company,\
please upload & try again.",
404,
)
)
elif company_employees:
return custom_make_response(
"data", employees_schema.dump(company_employees), 200
)
else:
return abort(
custom_make_response(
"error",
"Bummer an error occured fetching the records,\
please refresh and try again.",
500,
)
)
else:
return abort(
custom_make_response(
"error",
"There appears to be a mismatch in the authorization\
data,Please logout, login and try again, if problem\
persists,contact the site administrator.",
401,
)
)
def specify_job_number(user):
"""
specify a job/project number for the
projects of a given company
"""
try:
data = request.get_json()
project_number = data['projectNumber']
# current_user = User.query.filter_by(id=user["id"]).first()
# _data = user_schema.dump(current_user)
companyId = user["companyId"]
id = generate_db_ids()
check_for_whitespace(data, ["projectNumber", "companyId"])
if ProjectNumber.query.filter_by(companyId=companyId).first():
abort(409)
new_project_number = ProjectNumber(id=id,
projectNumber=project_number,
companyId=companyId)
db.session.add(new_project_number)
db.session.commit()
return custom_make_response(
"data", f"Project number {project_number} set successfully.", 201)
except Exception as e:
if (e.code == 409):
return custom_make_response(
"error",
"""
You already have a project/job number set for your company.
It can only be set once.
""",
409,
)
else:
return custom_make_response(
"error",
f"{e} One or more mandatory fields has not been filled!", 400)
def get_pending_company_files(user, companyId):
""" return all the pending files for a given company """
if companyId == user['companyId']:
files_data = db.session.query(Files, DetailedFile).\
filter(Files.id == DetailedFile.id).\
filter_by(companyId=user['companyId']).\
filter_by(fileStatus="Pending").all()
if not files_data:
return abort(
custom_make_response(
"error", "No pending file(s) have been \
found for your company,upload some & try again.", 404))
fileList = []
for result in files_data:
result_format = {
"Id": result[0].id,
"fileStatus": result[0].fileStatus,
"fileName": result[0].fileName,
"wages": result[1].wages,
"perDiem": result[1].perDiem,
"telephoneCosts": result[1].telephoneCosts,
"fieldTravelExpenses": result[1].fieldTravelExpenses,
"administrativeSupport": result[1].administrativeSupport,
"accomodationAllowance": result[1].accomodationAllowance,
"consultants": result[1].consultants,
"professionalCosts": result[1].professionalCosts,
"printingAndStationery": result[1].printingAndStationery,
"covid19PPEs": result[1].covid19PPEs,
"venueHire": result[1].venueHire,
"refreshments": result[1].refreshments,
"transcription": result[1].transcription,
"incentives": result[1].incentives,
"zAmount": result[1].totalAmount
}
fileList.append(result_format)
return custom_make_response("data", fileList, 200)
def create_project_region(user, projectId):
"""
create project regions
"""
try:
data = request.get_json()
region = data['region']
projectId = data['projectId']
id = generate_db_ids()
check_for_whitespace(data, ["region", "projectId", "id"])
if ProjectRegions.query.filter_by(region=data['region']).\
filter_by(projectId=data['projectId']).first():
abort(409)
new_region = ProjectRegions(id=id, projectId=projectId, region=region)
db.session.add(new_region)
db.session.commit()
return custom_make_response("data",
f" {region} region created successfully.",
201)
except Exception as e:
if (e.code == 409):
return custom_make_response(
"error",
"""
You already have a region with that name for the selected project,
Please change and try again !
""",
409,
)
else:
return custom_make_response(
"error",
f"{e} One or more mandatory fields has not been filled!", 400)
def company_signup_intent():
"""
send a sign up link on the email to
would be customers
"""
try:
data = request.get_json()
email = data["email"]
company = data["company"]
id = generate_db_ids()
check_for_whitespace(data, ["email", "company"])
if not (email and company):
abort(400)
isValidEmail(email)
if Company.query.filter_by(company=data["company"]).first():
abort(409)
token = jwt.encode(
{
"email": email,
"company": company,
"exp":
datetime.datetime.utcnow() + datetime.timedelta(minutes=30),
},
KEY,
algorithm="HS256",
)
# send signup intent email
subject = f"""Thank you for requesting to register {company}."""
content = f"""
Welcome ,
<br/>
<br/>
We are grateful to have you.<br/>
Please click on register below to register your personal
information to start using the system.<br/>Kindly note this
link will only be active for thirty minutes.
<br/>
<br/>
<a href="{signup_url}?in={token.decode('utf-8')}"
style="{button_style()}">Register</a>
<br/>
<br/>
Regards Antony,<br/>
RMS Admin.
"""
new_company = Company(id=id,
company=company,
joined_at=datetime.datetime.utcnow())
db.session.add(new_company)
db.session.commit()
send_mail(email, subject, content)
resp = custom_make_response(
"data", {
"message": f"Link to register {company} sent \
successfully,head over to {email} inbox for instructions",
"admin_token": token.decode('utf-8'),
"company": {
"company": company,
"email": email
}
}, 201)
return resp
except Exception as e:
error = ""
if (e.code == 409):
error = custom_make_response(
"error",
"Your company is already registered, please\
contact the company admin.",
409,
)
elif (e.code == 404):
error = custom_make_response(
"error", "Please enter a valid email address.", 404)
elif (e.code == 400):
error = custom_make_response(
"error", "One or more mandatory fields has not been filled.",
400)
return error
def file_operation(received_file, upload_folder, file_src, company_id,
user_id):
"""
takes a file from payments/budget uploads ,
convert the file to a csv , extract an amount
current_app.root_path
"""
secureFilename = secure_filename(received_file.filename)
filePath = os.path.join(current_app.root_path, upload_folder,
secureFilename)
received_file.save(filePath)
renamed_file_path = rename_file(
filePath,
company_id,
upload_folder,
"_" + request.form["projectName"] + "_" + file_src + "_",
)
csvFile = convert_to_csv(renamed_file_path, upload_folder)
if file_src == "Budget":
_amount = get_budget_amount(csvFile, renamed_file_path)
if check_pending_files(company_id, file_src, _amount):
remove_unused_duplicates(csvFile)
remove_unused_duplicates(renamed_file_path)
abort(409, "File Pending")
else:
_amount = get_payment_amount(csvFile, renamed_file_path)
if check_pending_files(company_id, file_src, _amount):
remove_unused_duplicates(csvFile)
remove_unused_duplicates(renamed_file_path)
abort(409, "File Pending")
budget_file = get_project_file(company_id, "Budget")
if not budget_file:
remove_unused_duplicates(csvFile)
remove_unused_duplicates(renamed_file_path)
abort(404, "No Budget For Project")
budget_amount = budget_file["fileAmount"]
if budget_amount < float(_amount):
remove_unused_duplicates(csvFile)
remove_unused_duplicates(renamed_file_path)
abort(400, "Project Amount Greater Than")
status = budget_file["fileStatus"]
if not (status == "Authorized"):
remove_unused_duplicates(csvFile)
remove_unused_duplicates(renamed_file_path)
abort(400, "Budget Unauthorized")
id = generate_db_ids()
the_file_name = get_file_name(renamed_file_path)
insert_file_data(id, company_id, _amount, file_src, the_file_name, user_id)
if file_src == "Budget":
altered_csv_file = add_file_id(csvFile, id)
insert_csv(altered_csv_file, 'public."DetailedFile"')
else:
data_file = pandas.read_csv(csvFile)
rows = data_file.count()[0]
data_file.insert(0, "id", "")
for row in range(rows):
new_id = generate_db_ids()
data_file.loc[row, "id"] = new_id
data_file.loc[row, "advance_amount"] = 0.0
row + 1
data_file.loc[:, "file_id"] = id
data_file.to_csv(csvFile, index=False)
data_file = pandas.read_csv(csvFile)
insert_csv(csvFile, 'public."Payments"')
return custom_make_response(
"data", f"{file_src} file successfully sent for authorization.", 200)
def signin_all_users():
"""
this signs in all users
"""
try:
user_data = request.get_json()
email = user_data["email"]
password = user_data["password"]
# check data for sanity incase it bypass js on the frontend
check_for_whitespace(user_data, ["email", "password"])
isValidEmail(email)
user = User.query.filter_by(email=user_data["email"]).first()
if not user:
abort(401)
_user = user_schema.dump(user)
_password_hash = _user["password"]
if not User.compare_password(_password_hash, password):
abort(401)
_curr_user = user_schema.dump(user)
if _curr_user["isActive"] != "true":
abort(403)
token = jwt.encode(
{
"id":
_curr_user["id"],
"role":
_curr_user["role"],
"exp":
datetime.datetime.utcnow() + datetime.timedelta(minutes=480),
},
KEY,
algorithm="HS256",
)
resp = custom_make_response(
"data", {
"message": "Signed in successfully, \
preparing your dashboard...",
"auth_token": token.decode('utf-8'),
"username": _curr_user["username"],
"role": _curr_user["role"],
"companyId": _curr_user["companyId"]
}, 200)
return resp
except Exception as e:
if (e.code == 401):
return custom_make_response(
"error",
"Incorrect email and or password, check & try again !", 401)
elif (e.code == 403):
return custom_make_response(
"error",
"Your account is not in active\
status, contact company admin.",
403,
)
elif (e.code == 400):
return custom_make_response(
"error", "One or more mandatory fields has not been filled.",
400)
else:
return custom_make_response(
"error", "Bummer an internal server error has occured,\
the site admin has been notified, Please give it a \
moment and try again.", 500)
def forgot_password():
"""send reset password email"""
try:
user_data = request.get_json()
email = user_data["email"]
check_for_whitespace(user_data, ["email"])
isValidEmail(email)
user = User.query.filter_by(email=user_data["email"]).first()
if not user:
# well this is interesting we are aborting with a code
# 200 normally this is not the case but for this one we
# have to make an exception reason being we don't
# want to allow enumeration attacks on our system so we
# we want to make it like we sending the email even though
# that will not always be the case.
abort(200)
this_user = user_schema.dump(user)
token = jwt.encode(
{
"id": this_user["id"],
"email": this_user["email"],
"exp":
datetime.datetime.utcnow() + datetime.timedelta(minutes=30),
},
KEY,
algorithm="HS256",
)
subject = """Password reset request"""
content = f"""
Hey {this_user['username'].split('.', 1)[0]},
{password_reset_request_content()}
<a href="{password_reset_url}?u={token.decode('utf-8')}"
style="{button_style()}"
>Reset Password</a>
{email_signature()}
"""
send_mail(email, subject, content)
resp = custom_make_response(
"data", {
"message":
"An email has been sent to the address on record,\
If you don't receive one shortly, please contact\
the site admin.",
}, 202)
return resp
except Exception as e:
# exceptions go to site administrator and email
# the user gets a friendly error notification
if (e.code == 200):
return custom_make_response(
"data", {
"message":
"An email has been sent to the address on record,\
If you don't receive one shortly, please contact\
the site admin.",
}, 200)
elif (e.code == 400):
return custom_make_response(
"error", "Please enter an email and try again.", 400)
else:
return custom_make_response(
"error", "Bummer an internal server error has occured\
the site admin has been notified, Please\
give it some moment and try again.", 500)
def signup_system_users():
"""
signup system users
"""
try:
user_data = request.get_json()
role = user_data["role"]
if role == "Admin":
this_company = Company.query.filter_by(
company=user_data["company"]).first()
_company = company_schema.dump(this_company)
companyId = _company["id"]
password = user_data["password"]
else:
companyId = user_data["companyId"]
password = generate_random_password()
email = user_data["email"]
isActive = user_data["isActive"]
this_employee = (Employees.query.filter_by(
email=user_data["email"]).filter_by(
companyId=user_data["companyId"]).first())
employee = employee_schema.dump(this_employee)
id = employee["id"]
username = employee["fullname"].split(" ")[0] + "." + id
# check data for sanity incase it bypass js on the frontend
check_for_whitespace(
user_data,
["companyId", "username", "email", "password", "role", "status"])
isValidEmail(email)
# check if user is already registered
if User.query.filter_by(email=user_data["email"]).first():
abort(409)
isValidPassword(password)
new_user = User(
id=id,
username=username,
email=email,
password=password,
companyId=companyId,
role=role,
isActive=isActive,
)
db.session.add(new_user)
db.session.commit()
if role != "Admin":
token = jwt.encode(
{
"id":
id,
"email":
user_data["email"],
"exp":
datetime.datetime.utcnow() + datetime.timedelta(minutes=30)
},
KEY,
algorithm="HS256",
)
subject = """Activate your account."""
content = f"""
Hey {username.split('.', 1)[0]},
{non_admin_user_registration_content()}
<a href="{password_reset_url}?u={token.decode('utf-8')}"
style="{button_style()}">Activate account</a>
{email_signature()}
"""
send_mail(email, subject, content)
return custom_make_response(
"data",
f"User registered successfully, email sent to {email}\
for further instructions.",
201,
)
except Exception as e:
message = str(e)
if "id" in message:
return custom_make_response(
"error",
"The user you are creating an account for\
is not on your company masterfile,\
Please add them and try again.",
400,
)
elif (e.code == 409):
return custom_make_response(
"error",
"A user account with that email already exists,\
please use another one and try again.",
409,
)
else:
return custom_make_response(
"error", "Bummer an internal server error occured\
site admin has been notified, please give\
it a moment and try again.", 500)
def create_new_project(user):
"""
create new project
only the admin can create projects
"""
try:
data = request.get_json()
current_user = User.query.filter_by(id=user["id"]).first()
_data = user_schema.dump(current_user)
companyId = _data["companyId"]
projectName = data["project_name"] + "." + companyId
dateFrom = data["date_from"]
id = generate_db_ids()
project_data = ProjectNumber.query.\
filter_by(companyId=user['companyId']).first()
the_number = project_number_schema.dump(project_data)
project_number = the_number['projectNumber']
check_for_whitespace(
data, ["project_name", "companyId", "dateFrom"])
if Project.query.filter_by(project_name=projectName).first():
abort(409)
new_project = Project(
id=id,
project_name=projectName,
companyId=companyId,
date_from=dateFrom,
project_status="Active",
projectNumber=project_number
)
db.session.add(new_project)
update_project_number = {
"projectNumber": project_number + 1
}
ProjectNumber.query.filter_by(companyId=companyId).\
update(update_project_number)
db.session.commit()
return custom_make_response(
"data",
f"Project {projectName.split('.', 1)[0]} created successfully.",
201
)
except Exception as e:
# exceptions go to site administrator log and email
# the user gets a friendly error notification
if (e.code == 409):
return custom_make_response(
"error",
"""
You already have another project in that name,
Please change and try again !
""",
409,
)
else:
return custom_make_response(
"error",
f"{e} One or more mandatory fields has not been filled!", 400
)
def error_messages(msg, file_src):
"""cascade the error to the correct code"""
db.session.rollback()
message = str(msg)
print(message)
errorMessage = ""
if ("InvalidTextRepresentation" in message
or "list index out of range" in message or "totalAmount" in message
or "Wrong file format" in message):
errorMessage = custom_make_response(
"error",
f"The file you are uploading is not in \
the allowed format for a {file_src} file,\
please check & try again.",
400,
)
elif "id" in message:
errorMessage = custom_make_response(
"error",
f"Please select the project you are uploading\
{file_src} file for.",
400,
)
elif "File Pending" in message:
errorMessage = custom_make_response(
"error",
f"A {file_src} file with similar info is available\
& marked as pending in the system,\
kindly ask your authorizer to act on it.",
400,
)
elif "No Budget For Project" in message:
errorMessage = custom_make_response(
"error",
"A budget was not found for this project please upload\
one for authorization before proceeding.",
404,
)
elif "Budget Unauthorized" in message:
errorMessage = custom_make_response(
"error",
"The budget for this project has not been authorized,\
Kindly ask the authorizer to act on it.",
400,
)
elif "Project Amount Greater Than" in message:
errorMessage = custom_make_response(
"error",
"The payment file amount exceeds the budget for this project,\
please review your file & try again.",
400,
)
elif "total_amount" in message:
errorMessage = custom_make_response(
"error",
"The file is not in the correct format for a payment file,\
please change & try again.",
400,
)
else:
errorMessage = custom_make_response(
"error", f"The following error occured :: {message}", 400)
abort(errorMessage)
def insert_admin_employee(company):
"""
insert admin details to the employee
table.
"""
try:
user_data = request.get_json()
id = generate_db_ids()
this_company = Company.query.filter_by(
company=user_data["company"]).first()
_company = company_schema.dump(this_company)
companyId = _company["id"]
fullname = user_data["fullname"]
# mobile = user_data["mobile"]
email = user_data["email"]
password = user_data["password"]
role = user_data["role"]
isActive = user_data["isActive"]
# check data for sanity incase it bypass js on the frontend
check_for_whitespace(
user_data,
[
"companyId",
"fullname",
"email",
# "mobile",
"password",
"role",
"isActive",
],
)
if (company['id'] != companyId):
abort(
custom_make_response(
"error",
"There is a mismatch in your token info,\
we could not complete the request,\
Please reopen this page and try again.",
401
)
)
isValidEmail(email)
new_employee = Employees(
id=id,
companyId=companyId,
fullname=fullname,
# mobile=mobile,
email=email,
)
db.session.add(new_employee)
db.session.commit()
# once you have created an admin as an employee
# let create them as user in the system.
isValidPassword(password)
new_user = User(
id=id,
username=user_data["fullname"].split(" ")[0] + "." + id,
email=email,
password=password,
role=role,
companyId=companyId,
isActive=isActive,
)
db.session.add(new_user)
db.session.commit()
return custom_make_response(
"data",
"Registration completed Successfully,\
you can now signin & start using the system.",
201,
)
except Exception as e:
message = str(e)
if "UniqueViolation" and "Employees_mobile_key" in message:
abort(
custom_make_response(
"error",
"The mobile number you have entered seems\
to have been registered to another user,\
please change and try again. ",
409,
)
)
elif "Employees_email_key" and "UniqueViolation" in message:
abort(
custom_make_response(
"error",
"The email address you have entered seems\
to have been registered to another user,\
please change and try again. ",
409,
)
)
else:
abort(
custom_make_response(
"error", message,
500,
)
)
