def get(self): date_str = self.request.GET.get('date') date = datetime.datetime.strptime(date_str, '%d.%m.%Y') entries = self._get_time_entries(date) total_sum = sum(entry.time for (tracker, entry) in entries if not entry.deleted) form = TimeEntryForm() needs_justification = False for tracker, timeentry in entries: if timeentry.modified_ts.date() > timeentry.date: needs_justification = True return dict( date=date, entries=entries, form=form, user=self.request.user, prev_date=previous_day(date), next_date=next_day(date), total_sum=total_sum, needs_justification=needs_justification, justification_status=excuses.wrongtime_status( date, self.request.user.id), can_modify=user_can_modify_timeentry(self.request.user, date), )
def protect(self): ''' User can edit `TimeEntry` only during current month ''' timeentry_id = self.request.matchdict.get('id') timeentry = TimeEntry.query.get(timeentry_id) if timeentry is None: raise HTTPNotFound("Not Found") is_same_user = timeentry.user_id == self.request.user.id self.v['timeentry'] = timeentry if self.request.has_perm('admin'): return if self.request.method in ("PUT", "DELETE"): if not user_can_modify_timeentry(self.request.user, timeentry.date): raise HTTPForbidden() elif timeentry.deleted: raise HTTPBadRequest() elif not is_same_user: raise HTTPBadRequest() if self.request.method == "GET": if self.request.user.freelancer and not is_same_user: raise HTTPForbidden()
def protect(self): """ User can edit `TimeEntry` only during current month """ timeentry_id = self.request.matchdict.get("id") timeentry = TimeEntry.query.get(timeentry_id) if timeentry is None: raise HTTPNotFound("Not Found") is_same_user = timeentry.user_id == self.request.user.id self.v["timeentry"] = timeentry if self.request.has_perm("admin"): return if self.request.method in ("PUT", "DELETE"): if not user_can_modify_timeentry(self.request.user, timeentry.date): raise HTTPForbidden() elif timeentry.deleted: raise HTTPBadRequest() elif not is_same_user: raise HTTPBadRequest() if self.request.method == "GET": if self.request.user.freelancer and not is_same_user: raise HTTPForbidden()
def protect(self): user, date = self._get_params() is_same_user = user.id == self.request.user.id self.v["user"] = user self.v["date"] = date if self.request.has_perm("admin"): return if self.request.method == "POST": if not is_same_user or not user_can_modify_timeentry(self.request.user, date): raise HTTPForbidden() if self.request.method == "GET": if user.freelancer and not is_same_user: raise HTTPForbidden()
def protect(self): user, date = self._get_params() is_same_user = user.id == self.request.user.id self.v['user'] = user self.v['date'] = date if self.request.has_perm('admin'): return if self.request.method == "POST": if not is_same_user or not user_can_modify_timeentry( self.request.user, date): raise HTTPForbidden() if self.request.method == "GET": if user.freelancer and not is_same_user: raise HTTPForbidden()
def get(self): date_str = self.request.GET.get('date') date = datetime.datetime.strptime(date_str, '%d.%m.%Y') entries = self._get_time_entries(date) total_sum = sum(entry.time for (tracker, entry) in entries if not entry.deleted) form = TimeEntryForm() needs_justification = False for tracker, timeentry in entries: if timeentry.modified_ts.date() > timeentry.date: needs_justification = True return dict( date=date, entries=entries, form=form, user=self.request.user, prev_date=previous_day(date), next_date=next_day(date), total_sum=total_sum, needs_justification=needs_justification, justification_status=excuses.wrongtime_status(date, self.request.user.id), can_modify=user_can_modify_timeentry(self.request.user, date), )