def __call__(self):
'''
Actually reset the password, if correct key (from sent link)
is used to come here and member is identifiable from request.
'''
self.login_necessary = False
session = DBSession()
md = self.request.matchdict
def info(msg):
return dict(form="", m=None, key=None, msg=msg)
if not 'key' in md or md['key'] == "":
return info(u'Sorry, no key given to grant reset request.')
member = get_member(session, self.request)
if not member:
return info(u'Sorry, cannot identify member.')
if member.mem_pwd_url != md['key']:
return info(u'Sorry, the reset request cannot be authorised.')
if 'pwd1' not in self.request.params:
# show password reset form
return dict(m=member, form='reset', key=md['key'])
# set new password
member.validate_pwd(self.request)
pwd = str(self.request.params['pwd1'])
member.mem_enc_pwd = md5_crypt.hash(pwd)
member.mem_pwd_url = ''
return info(u'Password has been set.'\
' Please use the new password the next time you log in.')
def __call__(self):
'''
Default: Show form to identify member
If data entered and member identified, send reset request email
'''
self.login_necessary = False
session = DBSession()
p = self.request.params
member = None
if 'email' in p and p['email'] != "":
member = session.query(Member)\
.filter(Member.mem_email == p['email']).first()
if 'mem_id' in p and p['mem_id'] != "":
try:
member = get_member(session, self.request)
except Exception:
member = None
if member:
send_pwdreset_request(member, self.request.application_url)
return dict(msg=u'A reset link has been sent to the email'\
' address {!s}.'.format(member.mem_email),
m=member, form=None, key=None)
if (('email' in p and p['email'] != "")
or ('mem_id' in p and p['mem_id'] != "")):
return dict(msg=u'Cannot find any member with this information.',
m=member,
form='request',
key=None)
return dict(msg=u'', m=member, form='request', key=None)
def __call__(self):
session = DBSession()
member = get_member(session, self.request)
self.user_may_edit_admin_settings = (
self.user.mem_admin and not self.user.mem_id == member.mem_id)
if 'action' in self.request.params:
action = self.request.params['action']
if action == "save":
member = fill_member_from_request(
member, self.request, self.user_may_edit_admin_settings)
member.validate()
if not member.exists:
session.add(member)
session.flush() # flush manually so the member gets an ID
send_pwdreset_request(member,
self.request.application_url,
first=True)
return self.redirect('/member/{0:d}?msg=Member has been'\
' created and got an email to set up'\
' a password. Note: no membership'\
' fee has been charged (we do not'\
' know the household size).'\
.format(member.mem_id))
return dict(m=member, msg='Member has been saved.')
elif action == 'toggle-active':
member = get_member(session, self.request)
self.confirm_toggle_active = True
return dict(m=member)
elif action == 'toggle-active-confirmed':
member.mem_active = not member.mem_active
msg='Member {} is now {}active.'.\
format(member, {False:'in', True:''}[member.mem_active])
if not member.mem_active and not running_sqlite():
query = "select remove_inactive_member_order({});"\
.format(member.mem_id)
try:
session.connection().engine.execute(query)
except:
msg += ' Warning: Their current order could not be removed,'\
' (e.g. because it has already been sent to suppliers)'\
' so the member will probably still need to pay.'
return dict(m=member, msg=msg)
return dict(m=member, msg='')
def __call__(self):
session = DBSession()
self.m = get_member(session, self.request)
msg = ''
if 'msg' in self.request.params:
msg = self.request.params['msg']
nov12 = datetime.datetime(2012, 11, 1)
orders = [MemberOrder(self.m, o) for o in session.query(Order)\
.order_by(desc(Order.completed)).all()]
old_orders = [o for o in orders if o.amount > 0\
and str(o.order.completed).strip() != ''\
and str(o.order.completed) < str(nov12)]
return dict(m=self.m,
msg=msg,
shifts=self.m.shifts,
old_orders=old_orders,
transactions=self.m.transactions)
def __call__(self):
db_session = DBSession()
wg = get_wg(db_session, self.request)
if not wg:
raise Exception(
"Don't know which workgroup this is supposed to be.")
shift = get_shift(db_session, self.request)
if not shift:
raise Exception("No shift with id %d" %
self.request.matchdict['s_id'])
def redir(msg):
return self.redir_to_shiftlist(wg, shift.year, shift.month, msg)
if not wg.active:
return redir(
'Workgroup is inactive, editing shifts therefore not possible.'
)
action = self.request.matchdict['action']
if action == "":
raise Exception('No action given.')
if action == "setmember":
if not 'mem_id' in self.request.params:
return redir('No member selected.')
if not self.user in wg.members and not self.user.mem_admin:
return redir(
'You are not allowed to assign shifts in this workgroup.')
if self.request.params['mem_id'] == '--':
member = None
else:
member = get_member(db_session, self.request)
# prepare some things for mailing
schedule_url = '{}/workgroup/{}/shifts/{}/{}'.format(
self.request.application_url, shift.workgroup.id, shift.year,
shift.month)
q = 'This email was automatically generated, so please do not '\
'directly reply to it. You may direct any questions regarding '\
'the workgroup to your coordinator(s). Only technical questions '\
'go to [email protected].'\
'\n\nBest,\nVokomokum'
old_member = shift.member
def mail_old_assignee():
# send old assignee an email
if old_member and not self.user == old_member:
subject = 'You have been signed out of a shift.'
body = 'Hi,\n\n{} has signed you off a shift that '\
'you were previously assigned to.\nThe shift is '\
'now:\n\n{}\n\nYou can view the shift '\
'schedule at {}.\n{}'.format(
ascii_save(self.user.fullname), shift,
schedule_url, q)
sendmail(old_member.mem_email,
subject,
body,
folder='shifts')
if member:
shift.member = member
shift.state = 'assigned'
shift.validate()
if not self.user == member:
# send new assignee an email
subject = 'You have been assigned to a shift.'
body = 'Hi,\n\n{} has assigned you to a shift: '\
'\n\n{}\n\nYou can view the shift schedule at {}'\
'\n\n{}'.format(ascii_save(self.user.fullname),
str(shift), schedule_url, q)
sendmail(member.mem_email, subject, body, folder='shifts')
# let coordinator(s) know, as well
subject = "Workgroup {}: The shift for {} on day '{}' in "\
"{}/{} is now assigned to {}".format(shift.workgroup,
shift.task, shift.day, shift.month, shift.year,
ascii_save(shift.member.fullname))
body = "The assignment was done by member {}."\
.format(ascii_save(self.user.fullname))
if old_member:
body += " The previous assignee was: {}."\
.format(ascii_save(old_member.fullname))
else:
body += " No one was assigned to this shift before."
body += "\n\n{}".format(q)
for c in wg.leaders:
if c is not self.user:
sendmail(c.mem_email, subject, body, folder='shifts')
# and inform previous assignee
mail_old_assignee()
name = ascii_save(shift.member.fullname)
return redir(u'{} has been signed up for the shift.'\
.format(name))
else:
if shift.is_locked and not self.user in wg.leaders\
and not self.user.mem_admin:
return redir(
'Shift is already locked. Ask your workgroup admin for help.'
)
shift.member = None
shift.state = 'open'
shift.validate()
mail_old_assignee()
# let coordinator(s) know, as well
subject = "Workgroup {}: Member {} was unassigned from the "\
"shift for {} on day '{}' in {}/{}"\
.format(shift.workgroup,
ascii_save(old_member.fullname),
shift.task, shift.day, shift.month, shift.year)
body = "The un-assignment was done by member {}."\
.format(ascii_save(self.user.fullname))
body += "\n\n{}".format(q)
for c in wg.leaders:
if c is not self.user:
sendmail(c.mem_email, subject, body, folder='shifts')
return redir('Shift is now open.')
return redir('You are not allowed to do this.')
elif action == "settask":
if self.user in wg.leaders or self.user.mem_admin:
if not 'task' in self.request.params:
return dict(msg='No task given.')
shift.task = self.request.params['task']
shift.validate()
return redir('Changed task of shift.')
return redir('You are not allowed to edit the task.')
elif action == "setday":
if self.user in wg.leaders or self.user.mem_admin:
if not 'day' in self.request.params:
return dict(msg='No day given.')
shift.day = self.request.params['day']
shift.validate()
return redir('Changed day of shift to {}.'.format(shift.day))
return redir('You are not allowed to set the day.')
elif action == "setstate":
if self.user in wg.leaders or self.user.mem_admin:
if not 'state' in self.request.params:
return redir('No state given.')
shift.state = self.request.params['state']
shift.validate()
return redir('Changed shift state to {}.'.format(shift.state))
return redir('You are not allowed to set the state.')
elif action == 'delete':
if self.user in wg.leaders or self.user.mem_admin:
db_session.delete(shift)
return redir('Deleted shift.')
return redir('You are not allowed to delete a shift.')
def __call__(self):
session = DBSession()
transaction = get_transaction(session, self.request.matchdict['t_id'])
msg = ''
if not transaction:
raise Exception("No transaction with id %d"\
% self.request.matchdict['t_id'])
action = self.request.matchdict['action']
if action == "":
raise Exception('No action given.')
if action == "setttype":
transaction.ttype = session.query(TransactionType)\
.get(self.request.params['ttype_id'])
msg = 'Transaction Type was updated.'
if action == "setmember":
if not 'mem_id' in self.request.params:
msg = 'No member was selected.'
else:
transaction.member = get_member(session, self.request)
msg = u'Transaction got a new member:{}'\
.format(transaction.member)
if action == "setwholesaler":
if not 'wh_id' in self.request.params:
msg = 'No wholesaler was selected.'
else:
transaction.whol_id = self.request.params['wh_id']
msg = u'Transaction got a new wholesaler.'
if action == "setverssupplier":
if not 'vers_id' in self.request.params:
msg = 'No vers supplier was selected.'
else:
transaction.vers_id = self.request.params['vers_id']
msg = u'Transaction got a new vers supplier.'
if action == "setamount":
amount = self.request.params['amount']
try:
amount = float(amount)
msg = 'Amount was updated.'
except:
msg = 'Invalid amount: {}'.format(amount)
transaction.amount = amount
if action == "setcomment":
transaction.comment = self.request.params['comment']
msg = "Comment was updated."
if action == "setdate":
adate = datetime.datetime.now()
adate.day = self.request.params['day']
adate.month = self.request.params['month']
adate.year = self.request.params['year']
transaction.date = adate
msg = "Date was updated."
if action == "setlate":
if 'late' in self.request.params:
transaction.late = bool(self.request.params['late'])
else:
transaction.late = False
msg = "Late-status of transaction was set to {}."\
.format(transaction.late)
if action == 'setorder':
transaction.ord_no = int(self.request.params['ord_no'])
msg = "order was set."
transaction.validate()
session.flush()
return self.redir_to_list(transaction.date.year, transaction.date.month,
msg='Transaction has been saved. {}'\
.format(msg), show_list=True,
tid=transaction.id)