def test_is_admin(app_and_db, active_user):
db = app_and_db[1]
db.session.add(Investment(name="test invest 1"))
db.session.add(Investment(name="test invest 2"))
db.session.add(
Worker(position="pos1", admin=True, user_id=1, investment_id=1))
db.session.add(
Worker(position="pos2", admin=False, user_id=1, investment_id=2))
db.session.commit()
assert Worker.is_admin(user_id=1, investment_id=1)
assert not Worker.is_admin(user_id=1, investment_id=2)
def deputed_tasks():
# TODO wrap queries in functions
tasks_in_progress = (
Worker.get_by_username(
invest_id=g.current_invest.id, username=current_user.username
)
.deputed_tasks.filter(Task.progress != 100)
.order_by(Task.deadline)
.order_by(Task.priority.desc())
.all()
)
realized_tasks = (
Worker.get_by_username(
invest_id=g.current_invest.id, username=current_user.username
)
.deputed_tasks.filter(Task.progress == 100)
.order_by(Task.deadline)
.order_by(Task.priority.desc())
.all()
)
admin = Worker.is_admin(user_id=current_user.id, investment_id=g.current_invest.id)
next_page = url_for("tasks.deputed_tasks")
return render_template(
"tasks/tasks.html",
title="Deputed Tasks",
tasks_in_progress=tasks_in_progress,
realized_tasks=realized_tasks,
admin=admin,
next_page=next_page,
)
def add_worker() -> str:
if not Worker.is_admin(current_user.id, g.current_invest.id):
return redirect(url_for("team.team"))
form = CreateWorkerForm()
if form.validate_on_submit():
if Worker.belongs_to_investment(form.email.data, g.current_invest.id):
flash("This user is already added to workers.")
return redirect(url_for("team.team"))
user = User.query.filter_by(email=form.email.data).first()
if not user:
user = User(
username=form.email.data,
email=form.email.data,
password=uuid.uuid4().hex,
)
db.session.add(user)
db.session.commit()
user = User.query.filter_by(email=form.email.data).first()
email.send_complete_registration_mail(user)
worker = Worker(
position=form.position.data,
admin=form.admin.data,
user_id=user.id,
)
g.current_invest.workers.append(worker)
db.session.commit()
flash("You have added new worker successfully.")
return redirect(url_for("team.team"))
return render_template("team/form.html", title="Add Worker", form=form)
def team():
admin = Worker.is_admin(current_user.id, g.current_invest.id)
team = Worker.get_team(investment_id=g.current_invest.id)
return render_template("team/team.html",
title="Team",
team=team,
admin=admin)
def change_root_permission():
_id = request.args.get("_id")
if Worker.is_admin(current_user.id, g.current_invest.id):
worker = Worker.query.filter_by(id=_id).first()
if worker:
num_of_admins = Investment.get_num_of_admins(g.current_invest.id)
if num_of_admins < 2:
if worker.admin:
flash("You can not delete last admin!")
return redirect(url_for("team.team"))
form = WarrantyForm()
if form.validate_on_submit():
if form.yes.data:
if worker.admin:
worker.admin = False
else:
worker.admin = True
db.session.commit()
flash(
"You have changed worker's root permission successfully."
)
return redirect(url_for("team.team"))
return render_template("warranty_form.html",
title="Change Root Permission",
form=form)
return redirect(url_for("team.team"))
def info(_id: int) -> str:
admin = Worker.is_admin(user_id=current_user.id, investment_id=_id)
investment = Investment.query.filter_by(id=_id).first()
return render_template("investments/info.html",
title="Investment",
investment=investment,
admin=admin)
def delete() -> str:
_id = request.args.get("_id")
if not Worker.is_admin(user_id=current_user.id, investment_id=_id):
return redirect(url_for("investments.info", _id=_id))
form = WarrantyForm()
if form.validate_on_submit():
if form.no.data:
return redirect(url_for("investments.info", _id=_id))
if form.yes.data:
Investment.query.filter_by(id=_id).delete()
db.session.commit()
flash("Investment has been deleted.")
return redirect(url_for("investments.invest_list"))
return render_template("warranty_form.html",
title="Delete Investment",
form=form)
def tasks():
new_tasks = g.current_worker.get_new_tasks()
if g.current_worker.id:
g.current_worker.update_last_activity("last_time_tasks_displayed")
tasks_in_progress = Task.get_in_progress(invest_id=g.current_invest.id)
realized_tasks = Task.get_realized(invest_id=g.current_invest.id)
admin = Worker.is_admin(user_id=current_user.id, investment_id=g.current_invest.id)
next_page = url_for("tasks.tasks")
return render_template(
"tasks/tasks.html",
title="Tasks",
new_tasks=new_tasks,
tasks_in_progress=tasks_in_progress,
realized_tasks=realized_tasks,
admin=admin,
next_page=next_page,
)
def delete_worker() -> str:
_id = request.args.get("_id")
if not Worker.is_admin(current_user.id, g.current_invest.id):
return redirect(url_for("team.team"))
form = WarrantyForm()
if form.validate_on_submit():
if form.yes.data:
worker = Worker.query.filter_by(id=_id).first()
if worker:
if worker.user_id != current_user.id:
db.session.delete(worker)
db.session.commit()
flash("You have been deleted worker successfully.")
else:
flash("You can not delete yourself!")
return redirect(url_for("team.team"))
return render_template("warranty_form.html",
title="Delete Worker",
form=form)
def edit_worker() -> str:
_id = request.args.get("_id")
if not Worker.is_admin(current_user.id, g.current_invest.id):
return redirect(url_for("team.team"))
worker = Worker.query.filter_by(id=_id).first()
if worker:
form = EditWorkerForm()
if form.validate_on_submit():
worker.position = form.position.data
db.session.commit()
flash(
"You have edited the information about the worker successfully."
)
return redirect(url_for("team.team"))
elif request.method == "GET":
form.position.data = worker.position
return render_template("team/form.html",
title="Edit Worker",
form=form)
return redirect(url_for("teat.team"))
def edit() -> str:
_id = request.args.get("_id")
if not Worker.is_admin(user_id=current_user.id, investment_id=_id):
return redirect(url_for("investments.info", _id=_id))
investment = Investment.query.filter_by(id=_id).first()
if investment:
form = InvestmentForm()
if form.validate_on_submit():
investment.name = form.name.data
investment.description = form.description.data
db.session.commit()
flash("You have edited the investment successfully.")
return redirect(url_for("investments.info", _id=_id))
elif request.method == "GET":
form.name.data = investment.name
form.description.data = investment.description
return render_template("investments/form.html",
title="Edit Investment",
form=form)
return redirect(url_for("investments.invest_list"))