Tanshu
parent
412704a73e
commit
3f32344334
|
|
@ -1,4 +1,3 @@
|
|||
UPDATE Auth_Roles Set Name = 'Users' WHERE Name = 'CreateUser'
|
||||
--update entities_ledgers set code = code + 60 where type = 13; -- to prevent duplicate code when converting
|
||||
UPDATE entities_ledgers SET type = 11 WHERE type = 13;
|
||||
DROP TABLE Entities_Taxes;
|
||||
|
|
@ -50,6 +49,7 @@ DROP TABLE "Entities_Products_old";
|
|||
Roles -- Run one line at a time, not all at once
|
||||
|
||||
-- Accounts
|
||||
UPDATE Auth_Roles Set Name = 'Users' WHERE Name = 'CreateUser';
|
||||
UPDATE Auth_Roles SET Name = 'Accounts' WHERE RoleID = X'F438262F72DD2F4E91865ABC3AF44FBA';
|
||||
DELETE FROM Auth_RoleGroups WHERE RoleID IN (X'7117853BD6A1F44FAA7919195338C857', X'4DC8B2094C33114F9656D91F62999F6B', X'A5174D3F2D5B3B40AA1FD20D1BB292E5', X'457143A70A4E4C4CBB2DA65BF608624E');
|
||||
DELETE FROM Auth_Roles WHERE RoleID IN (X'7117853BD6A1F44FAA7919195338C857', X'4DC8B2094C33114F9656D91F62999F6B', X'A5174D3F2D5B3B40AA1FD20D1BB292E5', X'457143A70A4E4C4CBB2DA65BF608624E');
|
||||
|
|
|
|||
|
|
@ -71,8 +71,7 @@ class User(Base):
|
|||
|
||||
def __init__(self, name=None, password=None, locked_out=None):
|
||||
self.name = name
|
||||
if self.password != password:
|
||||
self.password = encrypt(password)
|
||||
self.password = password
|
||||
self.locked_out = locked_out
|
||||
|
||||
@classmethod
|
||||
|
|
|
|||
|
|
@ -1,3 +1,4 @@
|
|||
import functools
|
||||
import uuid
|
||||
from brewman.models.auth import User
|
||||
from brewman.models.voucher import Voucher
|
||||
|
|
@ -15,16 +16,14 @@ class VoucherFactory(object):
|
|||
return voucher
|
||||
|
||||
def groupfinder(user_id, request):
|
||||
if type(user_id) == str:
|
||||
user_id = uuid.UUID(user_id)
|
||||
perms = []
|
||||
if 'perms' in request.session:
|
||||
perms = request.session['perms']
|
||||
else:
|
||||
user = User.get_by_id(uuid.UUID(user_id))
|
||||
for item in user.groups:
|
||||
for perm in item.roles:
|
||||
perms.append(perm.name)
|
||||
perms = f7(perms)
|
||||
request.session['perms'] = perms
|
||||
user = User.get_by_id(user_id)
|
||||
for item in user.groups:
|
||||
for perm in item.roles:
|
||||
perms.append(perm.name)
|
||||
perms = f7(perms)
|
||||
return perms
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -4,7 +4,6 @@
|
|||
$scope.smallGrid = issue_grid;
|
||||
|
||||
if (typeof $routeParams.Source === 'undefined' && typeof $routeParams.Destination === 'undefined' && typeof $routeParams.id === 'undefined') {
|
||||
console.log('Changing route on load');
|
||||
var date = $scope.voucher.Date;
|
||||
var source = getDebitCredit($scope.voucher.Journals, -1);
|
||||
var destination = getDebitCredit($scope.voucher.Journals, 1);
|
||||
|
|
@ -70,10 +69,8 @@
|
|||
}
|
||||
|
||||
if (typeof $routeParams.Source !== 'undefined' && typeof $routeParams.Destination !== 'undefined' && typeof $routeParams.id !== 'undefined') {
|
||||
console.log('journal watch location');
|
||||
$location.path('/Issue/' + $scope.voucher.Date).search({Source:getDebitCredit(newJournals, -1), Destination:getDebitCredit(newJournals, 1)});
|
||||
} else {
|
||||
console.log('journal watch grid');
|
||||
$scope.smallGrid = IssueGrid.query({date:$scope.voucher.Date, Source:getDebitCredit(newJournals, -1), Destination:getDebitCredit(newJournals, 1)});
|
||||
}
|
||||
}, true);
|
||||
|
|
|
|||
|
|
@ -41,7 +41,9 @@
|
|||
}, true);
|
||||
|
||||
$scope.preventAlteration = function (voucher) {
|
||||
if (typeof voucher.VoucherID === 'undefined') {
|
||||
if (typeof $scope.perms === 'undefined') {
|
||||
return false;
|
||||
} else if (typeof voucher.VoucherID === 'undefined') {
|
||||
return !$scope.perms['Journal'];
|
||||
} else if (voucher.Posted && !$scope.perms['Edit Posted Vouchers']) {
|
||||
return true;
|
||||
|
|
@ -63,7 +65,7 @@
|
|||
$scope.save = function () {
|
||||
$scope.voucher.$save({type:'Journal'}, function (u, putResponseHeaders) {
|
||||
$scope.toasts.push({Type:'Success', Message:u.Code});
|
||||
$location.path('/Journal/' + u.VoucherID)
|
||||
$location.path('/Journal/' + u.VoucherID);
|
||||
}, function (data, status) {
|
||||
$scope.toasts.push({Type:'Error', Message:data.data});
|
||||
});
|
||||
|
|
@ -72,7 +74,7 @@
|
|||
$scope.delete = function () {
|
||||
$scope.voucher.$delete(function (u, putResponseHeaders) {
|
||||
$scope.toasts.push({Type:'Success', Message:''});
|
||||
$location.path('/Journal')
|
||||
$location.path('/Journal').replace();
|
||||
}, function (data, status) {
|
||||
$scope.toasts.push({Type:'Error', Message:data.data});
|
||||
});
|
||||
|
|
|
|||
|
|
@ -134,21 +134,19 @@ function BaseCtrl($rootScope, $scope, Auth, $location) {
|
|||
});
|
||||
|
||||
$scope.$on('spinnerStart', function (event, what) {
|
||||
console.log(what);
|
||||
if (what === 'http') {
|
||||
$rootScope.spinner.http += 1
|
||||
} else {
|
||||
$rootScope.spinner[what] = false;
|
||||
$rootScope.spinner.route = false;
|
||||
}
|
||||
$('#spinner').show();
|
||||
});
|
||||
|
||||
$scope.$on('spinnerStop', function (event, what) {
|
||||
console.log(what);
|
||||
if (what === 'http') {
|
||||
$rootScope.spinner.http -= 1
|
||||
} else {
|
||||
$rootScope.spinner[what] = false;
|
||||
$rootScope.spinner.route = false;
|
||||
}
|
||||
if ($rootScope.spinner.http <= 0 && $rootScope.spinner.route === false) {
|
||||
$('#spinner').hide();
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
function PaymentCtrl($scope, $location, voucher, ledgers) {
|
||||
$scop.voucher = voucher
|
||||
$scope.voucher = voucher
|
||||
$scope.ledgers = ledgers;
|
||||
|
||||
$scope.addJournal = function () {
|
||||
|
|
@ -47,7 +47,9 @@
|
|||
}, true);
|
||||
|
||||
$scope.preventAlteration = function (voucher) {
|
||||
if (typeof voucher.VoucherID === 'undefined') {
|
||||
if (typeof $scope.perms === 'undefined') {
|
||||
return false;
|
||||
} else if (typeof voucher.VoucherID === 'undefined') {
|
||||
return !$scope.perms['Payment'];
|
||||
} else if (voucher.Posted && !$scope.perms['Edit Posted Vouchers']) {
|
||||
return true;
|
||||
|
|
@ -69,7 +71,7 @@
|
|||
$scope.save = function () {
|
||||
$scope.voucher.$save({type:'Payment'}, function (u, putResponseHeaders) {
|
||||
$scope.toasts.push({Type:'Success', Message:u.Code});
|
||||
$location.path('/Payment/' + u.VoucherID)
|
||||
$location.path('/Payment/' + u.VoucherID);
|
||||
}, function (data, status) {
|
||||
$scope.toasts.push({Type:'Error', Message:data.data});
|
||||
});
|
||||
|
|
@ -78,7 +80,7 @@
|
|||
$scope.delete = function () {
|
||||
$scope.voucher.$delete(function (u, putResponseHeaders) {
|
||||
$scope.toasts.push({Type:'Success', Message:''});
|
||||
$location.path('/Payment')
|
||||
$location.path('/Payment').replace();
|
||||
}, function (data, status) {
|
||||
$scope.toasts.push({Type:'Error', Message:data.data});
|
||||
});
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
function PurchaseCtrl($scope, $routeParams, $location, voucher) {
|
||||
$scop.voucher = voucher
|
||||
function PurchaseCtrl($scope, $location, voucher) {
|
||||
$scope.voucher = voucher
|
||||
|
||||
$scope.rate = 0;
|
||||
$scope.addInventory = function () {
|
||||
|
|
@ -59,7 +59,9 @@
|
|||
}, true);
|
||||
|
||||
$scope.preventAlteration = function (voucher) {
|
||||
if (typeof voucher.VoucherID === 'undefined') {
|
||||
if (typeof $scope.perms === 'undefined') {
|
||||
return false;
|
||||
} else if (typeof voucher.VoucherID === 'undefined') {
|
||||
return !$scope.perms['Purchase'];
|
||||
} else if (voucher.Posted && !$scope.perms['Edit Posted Vouchers']) {
|
||||
return true;
|
||||
|
|
@ -81,7 +83,7 @@
|
|||
$scope.save = function () {
|
||||
$scope.voucher.$save({type:'Purchase'}, function (u, putResponseHeaders) {
|
||||
$scope.toasts.push({Type:'Success', Message:u.Code});
|
||||
$location.path('/Purchase/' + u.VoucherID)
|
||||
$location.path('/Purchase/' + u.VoucherID);
|
||||
}, function (data, status) {
|
||||
$scope.toasts.push({Type:'Error', Message:data.data});
|
||||
});
|
||||
|
|
@ -90,7 +92,7 @@
|
|||
$scope.delete = function () {
|
||||
$scope.voucher.$delete(function (u, putResponseHeaders) {
|
||||
$scope.toasts.push({Type:'Success', Message:''});
|
||||
$location.path('/Purchase')
|
||||
$location.path('/Purchase').replace();
|
||||
}, function (data, status) {
|
||||
$scope.toasts.push({Type:'Error', Message:data.data});
|
||||
});
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
function ReceiptCtrl($scope, $routeParams, $location, voucher, ledgers) {
|
||||
$scop.voucher = voucher
|
||||
function ReceiptCtrl($scope, $routeParams, $location, voucher, ledgers, Voucher) {
|
||||
$scope.voucher = voucher
|
||||
$scope.ledgers = ledgers;
|
||||
|
||||
$scope.addJournal = function () {
|
||||
|
|
@ -47,7 +47,9 @@
|
|||
}, true);
|
||||
|
||||
$scope.preventAlteration = function (voucher) {
|
||||
if (typeof voucher.VoucherID === 'undefined') {
|
||||
if (typeof $scope.perms === 'undefined') {
|
||||
return false;
|
||||
} else if (typeof voucher.VoucherID === 'undefined') {
|
||||
return !$scope.perms['Receipt'];
|
||||
} else if (voucher.Posted && !$scope.perms['Edit Posted Vouchers']) {
|
||||
return true;
|
||||
|
|
@ -69,7 +71,7 @@
|
|||
$scope.save = function () {
|
||||
$scope.voucher.$save({type:'Receipt'}, function (u, putResponseHeaders) {
|
||||
$scope.toasts.push({Type:'Success', Message:u.Code});
|
||||
$location.path('/Receipt/' + u.VoucherID)
|
||||
$location.path('/Receipt/' + u.VoucherID);
|
||||
}, function (data, status) {
|
||||
$scope.toasts.push({Type:'Error', Message:data.data});
|
||||
});
|
||||
|
|
@ -78,7 +80,7 @@
|
|||
$scope.delete = function () {
|
||||
$scope.voucher.$delete(function (u, putResponseHeaders) {
|
||||
$scope.toasts.push({Type:'Success', Message:''});
|
||||
$location.path('/Receipt')
|
||||
$location.path('/Receipt').replace();
|
||||
}, function (data, status) {
|
||||
$scope.toasts.push({Type:'Error', Message:data.data});
|
||||
});
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@ from pyramid.response import Response
|
|||
from pyramid.security import authenticated_userid, remember
|
||||
|
||||
from pyramid.view import view_config
|
||||
from brewman import groupfinder
|
||||
from brewman.models.auth import Role, User
|
||||
from brewman.views.transactions import session_current_date
|
||||
|
||||
|
|
@ -37,7 +38,7 @@ def user_permission(request):
|
|||
else:
|
||||
user = User.get_by_id(uuid.UUID(user_id))
|
||||
auth = {'isAuthenticated': True, 'Name': user.name, 'UserID': user.id}
|
||||
session_perms = request.session['perms']
|
||||
session_perms = groupfinder(user.id, request)
|
||||
perms = {}
|
||||
for item in Role.list():
|
||||
perms[item.name] = True if item.name in session_perms else False
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@ from pyramid.response import Response
|
|||
from pyramid.security import authenticated_userid
|
||||
from pyramid.view import view_config
|
||||
import transaction
|
||||
from brewman import groupfinder
|
||||
from brewman.models import DBSession
|
||||
from brewman.models.auth import User
|
||||
from brewman.models.master import LedgerBase, CostCenter
|
||||
|
|
@ -34,7 +35,8 @@ def voucher_post(request):
|
|||
|
||||
def check_delete_permissions(request, voucher):
|
||||
user = User.get_by_id(uuid.UUID(authenticated_userid(request)))
|
||||
permissions = request.session['perms']
|
||||
permissions = groupfinder(user.id, request)
|
||||
|
||||
if voucher.posted and not 'Edit Posted Vouchers' in permissions:
|
||||
response = Response("You are not allowed to edit posted vouchers")
|
||||
response.status_int = 403
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@ from pyramid.response import Response
|
|||
from pyramid.security import authenticated_userid
|
||||
from pyramid.view import view_defaults, view_config
|
||||
import transaction
|
||||
from brewman import groupfinder
|
||||
from brewman.models.auth import User
|
||||
from brewman.models.validation_exception import ValidationError
|
||||
from brewman.models.voucher import Voucher
|
||||
|
|
@ -19,7 +20,7 @@ class update_voucher(object):
|
|||
self.voucher = Voucher.by_id(uuid.UUID(request.matchdict.get('id', None)))
|
||||
self.json = request.json_body
|
||||
|
||||
permissions = request.session['perms']
|
||||
permissions = groupfinder(self.user.id, self.request)
|
||||
if self.voucher.posted and not 'Edit Posted Vouchers' in permissions:
|
||||
response = Response("You are not allowed to edit posted vouchers")
|
||||
response.status_int = 403
|
||||
|
|
|
|||
Loading…
Reference in New Issue