def login(request):
user = request.context.user
userIsAdmin = 'admins' in getUser(request.authenticated_userid).getGroupList()
print "userIsAdmin:", userIsAdmin
id = user.id
if 'form.submitted' in request.params:
print request.params
user.fullname = request.params['fullname']
user.email = request.params['email']
if 'changepw' in request.params:
user.password = bcrypt.hashpw(request.params['password'].strip().encode('ascii', 'ignore'), bcrypt.gensalt())
if ('admins' in getUser(request.authenticated_userid).getGroupList()):
user.username = request.params['username']
user.groups = request.params['groups']
DBSession.add(user)
if (user.id is None):
user = DBSession.query(User).filter_by(id = request.params['username']).first()
else:
user = DBSession.query(User).filter_by(id = id).first()
rd = {'user': user, 'logged_in' : request.authenticated_userid}
if (userIsAdmin == True):
rd['userIsAdmin'] = 'yes'
return rd
def main(global_config, **settings):
""" This function returns a Pyramid WSGI application.
"""
engine = engine_from_config(settings, 'sqlalchemy.')
DBSession.configure(bind=engine)
Base.metadata.bind = engine
authentication_secret = settings['auth.secret']
authn_policy = AuthTktAuthenticationPolicy(authentication_secret,
callback=getGroups,
hashalg='sha512')
authz_policy = ACLAuthorizationPolicy()
config = Configurator(settings=settings, root_factory=Root)
config.set_authentication_policy(authn_policy)
config.set_authorization_policy(authz_policy)
config.add_request_method(getUserFromRequest, 'user', reify=True)
config.include('pyramid_chameleon')
config.include('pyramid_jinja2')
config.add_static_view('static', 'static', cache_max_age=3600)
config.add_route('login', '/login')
config.add_route('home', '/')
config.add_route('logout', '/logout')
config.scan()
Base.metadata.create_all()
return config.make_wsgi_app()
def main(global_config, **settings):
""" This function returns a Pyramid WSGI application.
"""
engine = engine_from_config(settings, 'sqlalchemy.')
DBSession.configure(bind=engine)
Base.metadata.bind = engine
authentication_secret = settings['auth.secret']
authn_policy = AuthTktAuthenticationPolicy(authentication_secret, callback=getGroups, hashalg='sha512')
authz_policy = ACLAuthorizationPolicy()
config = Configurator(settings=settings, root_factory=Root)
config.set_authentication_policy(authn_policy)
config.set_authorization_policy(authz_policy)
config.add_request_method(getUserFromRequest, 'user', reify=True)
config.include('pyramid_chameleon')
config.include('pyramid_jinja2')
config.add_static_view('static', 'static', cache_max_age=3600)
config.add_route('login', '/login')
config.add_route('landing', '/')
config.add_route('home', "/home")
config.add_route('logout', '/logout')
config.scan()
Base.metadata.create_all()
return config.make_wsgi_app()
def PostOrder(request):
print "serving request context: ", request.context.__name__
if (request.json_body is None):
return NotFound()
# we're doing the toal ourselves, don't trust the client
currentTotal = 0
ProcessErrorCode = 0
currentTimeStamp = strftime("%Y-%m-%d %H:%M:%S")
temp_order = Order(getUser(request.authenticated_userid), currentTimeStamp,
0)
for item in request.json_body['items']:
saleitem = DBSession.query(SaleItem).filter_by(id=item['id']).first()
if (saleitem is None):
ProcessErrorCode = 5
break
else:
item_count = int(item['count'])
temp_order.orderLineItems.append(
OrderLineItem(saleitem, item_count))
currentTotal += int(item['count']) * saleitem.value
if (saleitem.stockCount != -1):
if (saleitem.stockCount - item_count < 0):
ProcessErrorCode = 1
break
saleitem.stockCount = saleitem.stockCount - item_count
if (ProcessErrorCode == 0):
temp_order.orderTotal = currentTotal
DBSession.add(temp_order)
committedOrder = DBSession.query(Order).filter_by(
commitDate=currentTimeStamp).one()
print "committed transaction #", committedOrder.id
return {
'status':
ProcessErrorCode,
'redirect':
request.application_url + '/app/orders/' + str(committedOrder.id)
}
else:
print "Process error code: ", ProcessErrorCode
return {'status': ProcessErrorCode}
def GetOrder(request):
print "serving request context:", request.context.__name__
order = DBSession.query(Order).filter_by(id = request.context.__name__).first()
if (order is None):
return NotFound("No matching order found!")
else:
return {'order': order, 'logged_in': request.authenticated_userid}
def GetOrder(request):
print "serving request context:", request.context.__name__
order = DBSession.query(Order).filter_by(
id=request.context.__name__).first()
if (order is None):
return NotFound("No matching order found!")
else:
return {'order': order, 'logged_in': request.authenticated_userid}
def getUser(userid):
print "userid is ", userid
try:
user = DBSession().query(User).filter_by(username = userid).first()
except DBAPIError as err:
print err
print "Error connecting to the database!"
return None
if (user is None):
print "Warning: NoneUser returned"
return user
def authenticateUser(userid, password):
print "authenticating user " + userid
try:
user = DBSession().query(User).filter_by(username = userid).first()
except DBAPIError as err:
print "Error connecting to the database!"
print err
return False
if (user is None):
return False
return (bcrypt.hashpw(password.encode('ascii', 'ignore') ,user.password.encode('ascii', 'ignore')) == user.password)
def PostOrder(request):
print "serving request context: ", request.context.__name__
if (request.json_body is None):
return NotFound()
# we're doing the toal ourselves, don't trust the client
currentTotal = 0
ProcessErrorCode = 0
currentTimeStamp = strftime("%Y-%m-%d %H:%M:%S")
temp_order = Order(getUser(request.authenticated_userid), currentTimeStamp, 0)
for item in request.json_body['items']:
saleitem = DBSession.query(SaleItem).filter_by(id = item['id']).first()
if (saleitem is None):
ProcessErrorCode = 5
break
else:
item_count = int(item['count'])
temp_order.orderLineItems.append(OrderLineItem(saleitem, item_count ))
currentTotal += int(item['count']) * saleitem.value
if (saleitem.stockCount != -1):
if (saleitem.stockCount - item_count < 0):
ProcessErrorCode = 1
break
saleitem.stockCount = saleitem.stockCount - item_count
if (ProcessErrorCode == 0):
temp_order.orderTotal = currentTotal
DBSession.add(temp_order)
committedOrder = DBSession.query(Order).filter_by(commitDate=currentTimeStamp).one()
print "committed transaction #", committedOrder.id
return {'status': ProcessErrorCode, 'redirect': request.application_url + '/app/orders/' + str(committedOrder.id)}
else:
print "Process error code: ", ProcessErrorCode
return {'status': ProcessErrorCode}
def PostProcOrder(request):
print "serving request context: ", request.context.__name__
print "request", request
if (request.json_body is None):
return NotFound()
ProcessErrorCode = 0
currentTimeStamp = strftime("%Y-%m-%d %H:%M:%S")
orderUser = getUser(request.json_body['fulfilledBy'])
if (orderUser is None):
ProcessErrorCode = 9
# convert to cents format
order_total = int(Decimal(request.json_body['orderTotal']) * 100)
temp_order = ProcurementOrder(orderUser, order_total)
for item in request.json_body['items']:
saleitem = DBSession.query(SaleItem).filter_by(id=item['id']).first()
if (saleitem is None):
ProcessErrorCode = 5
break
else:
item_count = int(item['count'])
temp_order.LineItems.append(
ProcurementOrderItem(saleitem, item_count))
if (saleitem.stockCount != -1):
saleitem.stockCount = saleitem.stockCount + item_count
DBSession.add(saleitem)
if (ProcessErrorCode == 0):
temp_order.CommitDate = currentTimeStamp
DBSession.add(temp_order)
committedOrder = DBSession.query(ProcurementOrder).filter_by(
CommitDate=currentTimeStamp).one()
print "committed transaction #", committedOrder.id
return {
'status':
ProcessErrorCode,
'redirect':
request.application_url + '/app/procurements/' +
str(committedOrder.id)
}
else:
print "Process error code: ", ProcessErrorCode
return {'status': ProcessErrorCode}
def PostProcOrder(request):
print "serving request context: ", request.context.__name__
print "request", request
if (request.json_body is None):
return NotFound()
ProcessErrorCode = 0
currentTimeStamp = strftime("%Y-%m-%d %H:%M:%S")
orderUser =getUser(request.json_body['fulfilledBy'])
if (orderUser is None):
ProcessErrorCode = 9
# convert to cents format
order_total = int(Decimal(request.json_body['orderTotal']) * 100)
temp_order = ProcurementOrder(orderUser, order_total)
for item in request.json_body['items']:
saleitem = DBSession.query(SaleItem).filter_by(id = item['id']).first()
if (saleitem is None):
ProcessErrorCode = 5
break
else:
item_count = int(item['count'])
temp_order.LineItems.append(ProcurementOrderItem(saleitem, item_count))
if (saleitem.stockCount != -1):
saleitem.stockCount = saleitem.stockCount + item_count;
DBSession.add(saleitem)
if (ProcessErrorCode == 0):
temp_order.CommitDate = currentTimeStamp
DBSession.add(temp_order)
committedOrder = DBSession.query(ProcurementOrder).filter_by(CommitDate=currentTimeStamp).one()
print "committed transaction #", committedOrder.id
return {'status': ProcessErrorCode,'redirect': request.application_url + '/app/procurements/' + str(committedOrder.id)}
else:
print "Process error code: ", ProcessErrorCode
return {'status': ProcessErrorCode}