def get(self):
date_str = self.request.GET.get('date')
date = datetime.datetime.strptime(date_str, '%d.%m.%Y')
entries = self._get_time_entries(date)
total_sum = sum(entry.time for (tracker, entry) in entries
if not entry.deleted)
form = TimeEntryForm()
needs_justification = False
for tracker, timeentry in entries:
if timeentry.modified_ts.date() > timeentry.date:
needs_justification = True
return dict(
date=date,
entries=entries,
form=form,
user=self.request.user,
prev_date=previous_day(date),
next_date=next_day(date),
total_sum=total_sum,
needs_justification=needs_justification,
justification_status=excuses.wrongtime_status(
date, self.request.user.id),
can_modify=user_can_modify_timeentry(self.request.user, date),
)
def protect(self):
'''
User can edit `TimeEntry` only during current month
'''
timeentry_id = self.request.matchdict.get('id')
timeentry = TimeEntry.query.get(timeentry_id)
if timeentry is None:
raise HTTPNotFound("Not Found")
is_same_user = timeentry.user_id == self.request.user.id
self.v['timeentry'] = timeentry
if self.request.has_perm('admin'):
return
if self.request.method in ("PUT", "DELETE"):
if not user_can_modify_timeentry(self.request.user,
timeentry.date):
raise HTTPForbidden()
elif timeentry.deleted:
raise HTTPBadRequest()
elif not is_same_user:
raise HTTPBadRequest()
if self.request.method == "GET":
if self.request.user.freelancer and not is_same_user:
raise HTTPForbidden()
def protect(self):
"""
User can edit `TimeEntry` only during current month
"""
timeentry_id = self.request.matchdict.get("id")
timeentry = TimeEntry.query.get(timeentry_id)
if timeentry is None:
raise HTTPNotFound("Not Found")
is_same_user = timeentry.user_id == self.request.user.id
self.v["timeentry"] = timeentry
if self.request.has_perm("admin"):
return
if self.request.method in ("PUT", "DELETE"):
if not user_can_modify_timeentry(self.request.user, timeentry.date):
raise HTTPForbidden()
elif timeentry.deleted:
raise HTTPBadRequest()
elif not is_same_user:
raise HTTPBadRequest()
if self.request.method == "GET":
if self.request.user.freelancer and not is_same_user:
raise HTTPForbidden()
def protect(self):
user, date = self._get_params()
is_same_user = user.id == self.request.user.id
self.v["user"] = user
self.v["date"] = date
if self.request.has_perm("admin"):
return
if self.request.method == "POST":
if not is_same_user or not user_can_modify_timeentry(self.request.user, date):
raise HTTPForbidden()
if self.request.method == "GET":
if user.freelancer and not is_same_user:
raise HTTPForbidden()
def protect(self):
user, date = self._get_params()
is_same_user = user.id == self.request.user.id
self.v['user'] = user
self.v['date'] = date
if self.request.has_perm('admin'):
return
if self.request.method == "POST":
if not is_same_user or not user_can_modify_timeentry(
self.request.user, date):
raise HTTPForbidden()
if self.request.method == "GET":
if user.freelancer and not is_same_user:
raise HTTPForbidden()
def get(self):
date_str = self.request.GET.get('date')
date = datetime.datetime.strptime(date_str, '%d.%m.%Y')
entries = self._get_time_entries(date)
total_sum = sum(entry.time for (tracker, entry) in entries if not entry.deleted)
form = TimeEntryForm()
needs_justification = False
for tracker, timeentry in entries:
if timeentry.modified_ts.date() > timeentry.date:
needs_justification = True
return dict(
date=date, entries=entries, form=form,
user=self.request.user,
prev_date=previous_day(date), next_date=next_day(date),
total_sum=total_sum,
needs_justification=needs_justification,
justification_status=excuses.wrongtime_status(date, self.request.user.id),
can_modify=user_can_modify_timeentry(self.request.user, date),
)
