def team():
admin = Worker.is_admin(current_user.id, g.current_invest.id)
team = Worker.get_team(investment_id=g.current_invest.id)
return render_template("team/team.html",
title="Team",
team=team,
admin=admin)
def add_worker() -> str:
if not Worker.is_admin(current_user.id, g.current_invest.id):
return redirect(url_for("team.team"))
form = CreateWorkerForm()
if form.validate_on_submit():
if Worker.belongs_to_investment(form.email.data, g.current_invest.id):
flash("This user is already added to workers.")
return redirect(url_for("team.team"))
user = User.query.filter_by(email=form.email.data).first()
if not user:
user = User(
username=form.email.data,
email=form.email.data,
password=uuid.uuid4().hex,
)
db.session.add(user)
db.session.commit()
user = User.query.filter_by(email=form.email.data).first()
email.send_complete_registration_mail(user)
worker = Worker(
position=form.position.data,
admin=form.admin.data,
user_id=user.id,
)
g.current_invest.workers.append(worker)
db.session.commit()
flash("You have added new worker successfully.")
return redirect(url_for("team.team"))
return render_template("team/form.html", title="Add Worker", form=form)
def test_post_when_user_is_lonely_admin(app_and_db, client,
test_with_authenticated_user,
inactive_user):
db = app_and_db[1]
investment = Investment(name="Test Invest")
user1 = User.query.filter_by(username="******").first()
user2 = User.query.filter_by(username="******").first()
worker1 = Worker(position="pos1", admin=True, user_id=user1.id)
worker2 = Worker(position="pos2", admin=False, user_id=user2.id)
investment.workers.append(worker1)
investment.workers.append(worker2)
db.session.add(investment)
db.session.commit()
response = client.post(
url_for("auth.delete_account", username="******"),
data={"yes": True},
follow_redirects=True,
)
assert response.status_code == 200
assert User.query.filter_by(username="******").first()
assert Worker.query.filter_by(user_id=user1.id).first()
assert Worker.query.filter_by(user_id=user2.id).first()
assert (
b"This accounts is only admin in projects: ['Test Invest']."
b" Give root permission to other user and try again"
in response.data)
def test_get_workers(app_and_db):
db = app_and_db[1]
user1 = User(username="******",
email="*****@*****.**",
password="******")
user2 = User(username="******",
email="*****@*****.**",
password="******")
db.session.add(user1)
db.session.add(user2)
db.session.add(Investment(name="test invest 1"))
db.session.add(Investment(name="test invest 2"))
db.session.add(Investment(name="test invest 3"))
db.session.commit()
user1 = User.get_user(1)
invest1 = Investment.query.filter_by(id=1).first()
invest1.workers.append(Worker(position="pos1", user_id=user1.id))
invest2 = Investment.query.filter_by(id=2).first()
invest2.workers.append(Worker(position="pos2", user_id=user1.id))
user2 = User.get_user(2)
invest3 = Investment.query.filter_by(id=3).first()
invest3.workers.append(Worker(position="pos3", user_id=user2.id))
db.session.commit()
worker1 = Worker.query.filter_by(position="pos1").first()
worker2 = Worker.query.filter_by(position="pos2").first()
assert User.get_workers(user_id=1) == [worker1, worker2]
def test_get_num_of_admins(app_and_db):
db = app_and_db[1]
for i in range(1, 4):
user = User(
username="******".format(i),
email="user_{}@mail.com".format(i),
password="******",
)
user.is_active = True
db.session.add(user)
investment = Investment(name="test invest")
db.session.add(investment)
db.session.commit()
user1 = User.get_user(1)
user2 = User.get_user(2)
user3 = User.get_user(3)
invest = Investment.query.filter_by(id=1).first()
worker1 = Worker(position="pos1", admin=True, user_id=user1.id)
worker2 = Worker(position="pos2", admin=False, user_id=user2.id)
worker3 = Worker(position="pos3", admin=True, user_id=user3.id)
invest.workers.append(worker1)
invest.workers.append(worker2)
invest.workers.append(worker3)
db.session.commit()
assert Investment.get_num_of_admins(investment_id=1) == 2
def test_post_when_delete(app_and_db, client, test_with_authenticated_user,
inactive_user):
db = app_and_db[1]
investment1 = Investment(name="Test Invest 1")
user1 = User.query.filter_by(username="******").first()
user2 = User.query.filter_by(username="******").first()
worker1 = Worker(position="pos1", admin=True, user_id=user1.id)
worker2 = Worker(position="pos2", admin=True, user_id=user2.id)
investment1.workers.append(worker1)
investment1.workers.append(worker2)
investment2 = Investment(name="Test Invest 2")
worker = Worker(position="pos1", admin=True, user_id=user1.id)
investment2.workers.append(worker)
db.session.add(investment1)
db.session.add(investment2)
db.session.commit()
response = client.post(
url_for("auth.delete_account", username="******"),
data={"yes": True},
follow_redirects=True,
)
assert response.status_code == 200
assert not User.query.filter_by(username="******").first()
assert not Worker.query.filter_by(user_id=user1.id).first()
assert Worker.query.filter_by(user_id=user2.id).first()
assert Investment.query.filter_by(name="Test Invest 1").first()
assert not Investment.query.filter_by(name="Test Invest 2").first()
assert b"The account has been deleted." in response.data
def add_task():
orderer = Worker.get_by_username(g.current_invest.id, current_user.username)
if not orderer.id:
flash("Choose investment first.")
return redirect(url_for("tasks.tasks"))
form = TaskForm()
if form.validate_on_submit():
executor = Worker.get_by_username(g.current_invest.id, form.executor_name.data)
db.session.add(
Task(
description=form.description.data,
deadline=form.deadline.data,
priority=form.priority.data,
orderer=orderer,
executor=executor,
progress=0,
investment_id=g.current_invest.id,
)
)
db.session.commit()
flash("You have created the task successfully.")
notification = create_notification(
worker_id=executor.id,
n_type="task",
description=f"You have a new task: '{form.description.data}' from {orderer.users.username}",
)
add_notification(r, notification)
return redirect(url_for("tasks.tasks"))
return render_template("tasks/form.html", title="Add Task", form=form)
def deputed_tasks():
# TODO wrap queries in functions
tasks_in_progress = (
Worker.get_by_username(
invest_id=g.current_invest.id, username=current_user.username
)
.deputed_tasks.filter(Task.progress != 100)
.order_by(Task.deadline)
.order_by(Task.priority.desc())
.all()
)
realized_tasks = (
Worker.get_by_username(
invest_id=g.current_invest.id, username=current_user.username
)
.deputed_tasks.filter(Task.progress == 100)
.order_by(Task.deadline)
.order_by(Task.priority.desc())
.all()
)
admin = Worker.is_admin(user_id=current_user.id, investment_id=g.current_invest.id)
next_page = url_for("tasks.deputed_tasks")
return render_template(
"tasks/tasks.html",
title="Deputed Tasks",
tasks_in_progress=tasks_in_progress,
realized_tasks=realized_tasks,
admin=admin,
next_page=next_page,
)
def test_is_admin(app_and_db, active_user):
db = app_and_db[1]
db.session.add(Investment(name="test invest 1"))
db.session.add(Investment(name="test invest 2"))
db.session.add(
Worker(position="pos1", admin=True, user_id=1, investment_id=1))
db.session.add(
Worker(position="pos2", admin=False, user_id=1, investment_id=2))
db.session.commit()
assert Worker.is_admin(user_id=1, investment_id=1)
assert not Worker.is_admin(user_id=1, investment_id=2)
def test_belongs_to_investment(app_and_db, active_user):
db = app_and_db[1]
investment = Investment(name="test invest")
worker = Worker(position="pos1", user_id=1)
investment.workers.append(worker)
db.session.add(investment)
db.session.commit()
assert Worker.belongs_to_investment(email="*****@*****.**",
investment_id=1)
assert not Worker.belongs_to_investment(email="*****@*****.**",
investment_id=1)
def test_get_investment(app_and_db, active_user):
db = app_and_db[1]
user = User.get_user(1)
db.session.add(Investment(name="test invest 1"))
db.session.add(Investment(name="test invest 2"))
db.session.commit()
invest1 = Investment.query.filter_by(id=1).first()
invest1.workers.append(Worker(user_id=user.id))
invest2 = Investment.query.filter_by(id=2).first()
invest2.workers.append(Worker(user_id=user.id))
db.session.commit()
assert User.get_investments(user_id=1) == [invest1, invest2]
def add_investment(app_and_db, active_user, unlogged_user):
db = app_and_db[1]
user1 = User.query.filter_by(username="******").first()
user2 = User.query.filter_by(username="******").first()
investment = Investment(name="Test Invest", description="test text")
worker1 = Worker(position="admin", admin=True, user_id=user1.id)
worker2 = Worker(position="second worker", admin=False, user_id=user2.id)
investment.workers.append(worker1)
investment.workers.append(worker2)
db.session.add(investment)
db.session.commit()
# setting current_invest
investment = Investment.query.filter_by(name="Test Invest").first()
user1.current_invest_id = investment.id
db.session.commit()
def get(self, id=None):
if id:
worker = self.get_worker(id)
return jsonify(worker) if worker else {
'status': 'Worker not found'
}
return jsonify(Worker.objects().exclude('id'))
def info(_id: int) -> str:
admin = Worker.is_admin(user_id=current_user.id, investment_id=_id)
investment = Investment.query.filter_by(id=_id).first()
return render_template("investments/info.html",
title="Investment",
investment=investment,
admin=admin)
def register_worker():
data = request.get_json(force=True)
if Worker.query.filter_by(hostname=data['hostname']).first():
return error_response(409, 'Worker already registered.')
worker = Worker()
worker.from_dict(data)
db.session.add(worker)
db.session.commit()
response = jsonify(worker.to_dict())
response.status_code = 201
return response
def edit_task():
_id = request.args.get("_id")
next_page = request.args.get("next_page")
if not next_page:
next_page = url_for("tasks.tasks")
task = Task.query.get(int(_id))
if task:
form = TaskForm()
if form.validate_on_submit():
task.description = form.description.data
task.deadline = form.deadline.data
task.priority = form.priority.data
if form.executor_name != task.executor.users.username:
task.executor = Worker.get_by_username(
invest_id=g.current_invest.id, username=form.executor_name.data
)
db.session.commit()
flash("You have edited the task successfully.")
return redirect(next_page)
elif request.method == "GET":
form.description.data = task.description
form.deadline.data = task.deadline
form.priority.data = task.priority
form.executor_name.data = task.executor.users.username
return render_template("tasks/form.html", title="Edit Task", form=form)
return redirect(next_page)
def change_root_permission():
_id = request.args.get("_id")
if Worker.is_admin(current_user.id, g.current_invest.id):
worker = Worker.query.filter_by(id=_id).first()
if worker:
num_of_admins = Investment.get_num_of_admins(g.current_invest.id)
if num_of_admins < 2:
if worker.admin:
flash("You can not delete last admin!")
return redirect(url_for("team.team"))
form = WarrantyForm()
if form.validate_on_submit():
if form.yes.data:
if worker.admin:
worker.admin = False
else:
worker.admin = True
db.session.commit()
flash(
"You have changed worker's root permission successfully."
)
return redirect(url_for("team.team"))
return render_template("warranty_form.html",
title="Change Root Permission",
form=form)
return redirect(url_for("team.team"))
def post(self):
if request.is_json:
email = request.json['email']
fname = request.json['fname']
lname = request.json['lname']
dob = request.json['dob']
identity = request.json['identity']
phone = request.json['phone']
worker = Worker(email=email,
first_name=fname,
last_name=lname,
dob=dob,
identification=identity,
phone=phone,
availibility=True)
worker.save()
return jsonify(worker)
return {'status': 'invalid request'}
def test_get_by_user_id(app_and_db, active_user):
db = app_and_db[1]
investment = Investment(name="test")
user = User.query.filter_by(username="******").first()
worker = Worker(position="test worker", user_id=user.id)
investment.workers.append(worker)
db.session.add(investment)
db.session.commit()
assert Investment.get_by_user_id(user_id=1)
def test_check_admins(app_and_db):
db = app_and_db[1]
for i in range(1, 5):
user = User(
username="******".format(i),
email="user_{}@mail.com".format(i),
password="******",
)
user.is_active = True
db.session.add(user)
investment = Investment(name="test invest {}".format(i))
db.session.add(investment)
db.session.commit()
user1 = Investment.query.filter_by(id=1).first()
user2 = Investment.query.filter_by(id=2).first()
user3 = Investment.query.filter_by(id=3).first()
# one user -> not add to list
invest1 = Investment.query.filter_by(id=1).first()
worker1 = Worker(position="pos1", admin=True, user_id=user1.id)
invest1.workers.append(worker1)
# two users, one admin, user1 is admin -> add to list
invest2 = Investment.query.filter_by(id=2).first()
worker1 = Worker(position="pos1", admin=True, user_id=user1.id)
worker2 = Worker(position="pos2", admin=False, user_id=user2.id)
invest2.workers.append(worker1)
invest2.workers.append(worker2)
# two users, user1 is not admin -> not add to list
invest3 = Investment.query.filter_by(id=3).first()
worker1 = Worker(position="pos1", admin=False, user_id=user1.id)
worker2 = Worker(position="pos2", admin=True, user_id=user2.id)
invest3.workers.append(worker1)
invest3.workers.append(worker2)
# three user, two admin, user1 is admin -> not add to list
invest4 = Investment.query.filter_by(id=4).first()
worker1 = Worker(position="pos1", admin=True, user_id=user1.id)
worker2 = Worker(position="pos2", admin=False, user_id=user2.id)
worker3 = Worker(position="pos3", admin=True, user_id=user3.id)
invest4.workers.append(worker1)
invest4.workers.append(worker2)
invest4.workers.append(worker3)
db.session.commit()
user = User.query.filter_by(username="******").first()
assert User.check_admins(user_id=user.id)[0] == [invest2]
assert User.check_admins(user_id=user.id)[1] == [invest1]
def test_create_worker(self):
w = Worker(id='30132180123',
name='hss',
email='*****@*****.**',
address='tju',
password='******')
db.session.add(w)
db.session.commit()
# test the password
assert w.verify_password('123')
assert not w.verify_password('1234')
# test the token
token = w.generate_auth_token(expiration=1000)
ver_w = w.verify_auth_token(token)
assert ver_w != Worker.query.get('30132180xx')
assert ver_w == Worker.query.get('30132180123')
db.session.add(w)
db.session.commit()
d = WorkerDegree(worker_id=w.id, department_id=1)
db.session.add(d)
db.session.commit()
def workers():
form = AddWorkerForm()
if form.validate_on_submit():
worker = Worker(first_name=form.first_name.data, middle_name=form.middle_name.data,
second_name=form.second_name.data, email=form.email.data, company_id=current_user.id)
db.session.add(worker)
db.session.commit()
if not os.path.exists('{}/workers/{}'.format(current_user.uploads_path, worker.id)):
os.mkdir('{}/workers/{}'.format(current_user.uploads_path, worker.id))
worker.uploads_path = os.path.join(
current_user.uploads_path, 'workers', str(worker.id))
db.session.commit()
flash('Новый сотрудник добавлен')
return redirect(url_for('main.workers'))
if current_user.role == 'company':
company = Company.query.get(current_user.id)
workers = Worker.query.filter_by(company_id=current_user.id).all()
elif current_user.role == 'doctor':
doctor = Doctor.query.get(current_user.id)
company = Company.query.get(doctor.company_id)
workers = Worker.query.filter_by(company_id=doctor.company_id).all()
return render_template('workers.html', title='Работники', form=form, company=company, workers=workers)
def test_post(client, test_with_authenticated_user):
user = User.query.filter_by(username="******").first()
form = InvestmentForm(name="New Invest", description="test text")
response = client.post(url_for("investments.create"),
data=form.data,
follow_redirects=True)
assert response.status_code == 200
assert b"You have created new investment successfully." in response.data
investment = Investment.query.filter_by(name="New Invest").first()
workers = Worker.get_team(investment.id)
assert investment.description == "test text"
assert investment.workers.all() == workers
assert workers[0].user_id == user.id
def test_get_current_invest(app_and_db, active_user):
db = app_and_db[1]
investment = Investment(name="Test Investment")
user = User.query.filter_by(username="******").first()
user.current_invest_id = 1
worker = Worker(position="test position", user_id=user.id)
investment.workers.append(worker)
db.session.add(investment)
db.session.commit()
user = User.query.filter_by(username="******").first()
current_invest = user.get_current_invest()
print(type(current_invest))
assert current_invest.name == "Test Investment"
def delete() -> str:
_id = request.args.get("_id")
if not Worker.is_admin(user_id=current_user.id, investment_id=_id):
return redirect(url_for("investments.info", _id=_id))
form = WarrantyForm()
if form.validate_on_submit():
if form.no.data:
return redirect(url_for("investments.info", _id=_id))
if form.yes.data:
Investment.query.filter_by(id=_id).delete()
db.session.commit()
flash("Investment has been deleted.")
return redirect(url_for("investments.invest_list"))
return render_template("warranty_form.html",
title="Delete Investment",
form=form)
def tasks():
new_tasks = g.current_worker.get_new_tasks()
if g.current_worker.id:
g.current_worker.update_last_activity("last_time_tasks_displayed")
tasks_in_progress = Task.get_in_progress(invest_id=g.current_invest.id)
realized_tasks = Task.get_realized(invest_id=g.current_invest.id)
admin = Worker.is_admin(user_id=current_user.id, investment_id=g.current_invest.id)
next_page = url_for("tasks.tasks")
return render_template(
"tasks/tasks.html",
title="Tasks",
new_tasks=new_tasks,
tasks_in_progress=tasks_in_progress,
realized_tasks=realized_tasks,
admin=admin,
next_page=next_page,
)
def add_worker():
if request.method == 'POST':
worker_name = request.form['worker_name']
worker_address = request.form['worker_address']
worker_contact = request.form['worker_contact']
worker = Worker(worker_name=worker_name,
worker_address=worker_address,
worker_contact=worker_contact,
admin=current_user)
db.session.add(worker)
db.session.commit()
flash('{} is successfully added'.format(worker_name))
return redirect(url_for('worker_detials'))
return render_template('administrator/worker.html',
title='Worker',
worker=None)
def test_investment(app_and_db, active_user):
db = app_and_db[1]
investment = Investment(name="Test Investment")
user = User.query.filter_by(username="******").first()
worker = Worker(position="test position", user_id=user.id)
investment.workers.append(worker)
db.session.add(investment)
db.session.commit()
user = User.query.filter_by(username="******").first()
worker = Worker.query.filter_by(position="test position").first()
investment = Investment.query.filter_by(name="Test Investment").first()
assert user.workers.first() == worker
assert investment.workers.first() == worker
assert worker.user_id == user.id
assert worker.investment_id == investment.id
def delete_worker() -> str:
_id = request.args.get("_id")
if not Worker.is_admin(current_user.id, g.current_invest.id):
return redirect(url_for("team.team"))
form = WarrantyForm()
if form.validate_on_submit():
if form.yes.data:
worker = Worker.query.filter_by(id=_id).first()
if worker:
if worker.user_id != current_user.id:
db.session.delete(worker)
db.session.commit()
flash("You have been deleted worker successfully.")
else:
flash("You can not delete yourself!")
return redirect(url_for("team.team"))
return render_template("warranty_form.html",
title="Delete Worker",
form=form)
def edit_worker() -> str:
_id = request.args.get("_id")
if not Worker.is_admin(current_user.id, g.current_invest.id):
return redirect(url_for("team.team"))
worker = Worker.query.filter_by(id=_id).first()
if worker:
form = EditWorkerForm()
if form.validate_on_submit():
worker.position = form.position.data
db.session.commit()
flash(
"You have edited the information about the worker successfully."
)
return redirect(url_for("team.team"))
elif request.method == "GET":
form.position.data = worker.position
return render_template("team/form.html",
title="Edit Worker",
form=form)
return redirect(url_for("teat.team"))
