From 3f323443347ffce98677ce1b374dfa9a01945a95 Mon Sep 17 00:00:00 2001 From: Tanshu Date: Mon, 29 Oct 2012 22:17:22 +0530 Subject: [PATCH] Fixed create user. Fixed bugs in voucher forms. --- Conversion/SqliteDB.txt | 2 +- brewman/brewman/models/auth.py | 3 +-- brewman/brewman/security.py | 17 ++++++++--------- brewman/brewman/static/scripts/issue.js | 3 --- brewman/brewman/static/scripts/journal.js | 8 +++++--- brewman/brewman/static/scripts/overlord.js | 6 ++---- brewman/brewman/static/scripts/payment.js | 10 ++++++---- brewman/brewman/static/scripts/purchase.js | 12 +++++++----- brewman/brewman/static/scripts/receipt.js | 12 +++++++----- brewman/brewman/views/services/session.py | 3 ++- .../brewman/views/services/voucher/__init__.py | 4 +++- .../{blank_voucher.py => empty_voucher.py} | 0 .../views/services/voucher/update_voucher.py | 3 ++- 13 files changed, 44 insertions(+), 39 deletions(-) rename brewman/brewman/views/services/voucher/{blank_voucher.py => empty_voucher.py} (100%) diff --git a/Conversion/SqliteDB.txt b/Conversion/SqliteDB.txt index 99de070b..a0dc762a 100644 --- a/Conversion/SqliteDB.txt +++ b/Conversion/SqliteDB.txt @@ -1,4 +1,3 @@ -UPDATE Auth_Roles Set Name = 'Users' WHERE Name = 'CreateUser' --update entities_ledgers set code = code + 60 where type = 13; -- to prevent duplicate code when converting UPDATE entities_ledgers SET type = 11 WHERE type = 13; DROP TABLE Entities_Taxes; @@ -50,6 +49,7 @@ DROP TABLE "Entities_Products_old"; Roles -- Run one line at a time, not all at once -- Accounts +UPDATE Auth_Roles Set Name = 'Users' WHERE Name = 'CreateUser'; UPDATE Auth_Roles SET Name = 'Accounts' WHERE RoleID = X'F438262F72DD2F4E91865ABC3AF44FBA'; DELETE FROM Auth_RoleGroups WHERE RoleID IN (X'7117853BD6A1F44FAA7919195338C857', X'4DC8B2094C33114F9656D91F62999F6B', X'A5174D3F2D5B3B40AA1FD20D1BB292E5', X'457143A70A4E4C4CBB2DA65BF608624E'); DELETE FROM Auth_Roles WHERE RoleID IN (X'7117853BD6A1F44FAA7919195338C857', X'4DC8B2094C33114F9656D91F62999F6B', X'A5174D3F2D5B3B40AA1FD20D1BB292E5', X'457143A70A4E4C4CBB2DA65BF608624E'); diff --git a/brewman/brewman/models/auth.py b/brewman/brewman/models/auth.py index 5c59ba8a..dff7ec1c 100644 --- a/brewman/brewman/models/auth.py +++ b/brewman/brewman/models/auth.py @@ -71,8 +71,7 @@ class User(Base): def __init__(self, name=None, password=None, locked_out=None): self.name = name - if self.password != password: - self.password = encrypt(password) + self.password = password self.locked_out = locked_out @classmethod diff --git a/brewman/brewman/security.py b/brewman/brewman/security.py index 04670c72..89ab4ba1 100644 --- a/brewman/brewman/security.py +++ b/brewman/brewman/security.py @@ -1,3 +1,4 @@ +import functools import uuid from brewman.models.auth import User from brewman.models.voucher import Voucher @@ -15,16 +16,14 @@ class VoucherFactory(object): return voucher def groupfinder(user_id, request): + if type(user_id) == str: + user_id = uuid.UUID(user_id) perms = [] - if 'perms' in request.session: - perms = request.session['perms'] - else: - user = User.get_by_id(uuid.UUID(user_id)) - for item in user.groups: - for perm in item.roles: - perms.append(perm.name) - perms = f7(perms) - request.session['perms'] = perms + user = User.get_by_id(user_id) + for item in user.groups: + for perm in item.roles: + perms.append(perm.name) + perms = f7(perms) return perms diff --git a/brewman/brewman/static/scripts/issue.js b/brewman/brewman/static/scripts/issue.js index 69bf9f7c..fce77750 100644 --- a/brewman/brewman/static/scripts/issue.js +++ b/brewman/brewman/static/scripts/issue.js @@ -4,7 +4,6 @@ $scope.smallGrid = issue_grid; if (typeof $routeParams.Source === 'undefined' && typeof $routeParams.Destination === 'undefined' && typeof $routeParams.id === 'undefined') { - console.log('Changing route on load'); var date = $scope.voucher.Date; var source = getDebitCredit($scope.voucher.Journals, -1); var destination = getDebitCredit($scope.voucher.Journals, 1); @@ -70,10 +69,8 @@ } if (typeof $routeParams.Source !== 'undefined' && typeof $routeParams.Destination !== 'undefined' && typeof $routeParams.id !== 'undefined') { - console.log('journal watch location'); $location.path('/Issue/' + $scope.voucher.Date).search({Source:getDebitCredit(newJournals, -1), Destination:getDebitCredit(newJournals, 1)}); } else { - console.log('journal watch grid'); $scope.smallGrid = IssueGrid.query({date:$scope.voucher.Date, Source:getDebitCredit(newJournals, -1), Destination:getDebitCredit(newJournals, 1)}); } }, true); diff --git a/brewman/brewman/static/scripts/journal.js b/brewman/brewman/static/scripts/journal.js index f151859d..8e070c77 100644 --- a/brewman/brewman/static/scripts/journal.js +++ b/brewman/brewman/static/scripts/journal.js @@ -41,7 +41,9 @@ }, true); $scope.preventAlteration = function (voucher) { - if (typeof voucher.VoucherID === 'undefined') { + if (typeof $scope.perms === 'undefined') { + return false; + } else if (typeof voucher.VoucherID === 'undefined') { return !$scope.perms['Journal']; } else if (voucher.Posted && !$scope.perms['Edit Posted Vouchers']) { return true; @@ -63,7 +65,7 @@ $scope.save = function () { $scope.voucher.$save({type:'Journal'}, function (u, putResponseHeaders) { $scope.toasts.push({Type:'Success', Message:u.Code}); - $location.path('/Journal/' + u.VoucherID) + $location.path('/Journal/' + u.VoucherID); }, function (data, status) { $scope.toasts.push({Type:'Error', Message:data.data}); }); @@ -72,7 +74,7 @@ $scope.delete = function () { $scope.voucher.$delete(function (u, putResponseHeaders) { $scope.toasts.push({Type:'Success', Message:''}); - $location.path('/Journal') + $location.path('/Journal').replace(); }, function (data, status) { $scope.toasts.push({Type:'Error', Message:data.data}); }); diff --git a/brewman/brewman/static/scripts/overlord.js b/brewman/brewman/static/scripts/overlord.js index ec96ebc5..fea8972d 100644 --- a/brewman/brewman/static/scripts/overlord.js +++ b/brewman/brewman/static/scripts/overlord.js @@ -134,21 +134,19 @@ function BaseCtrl($rootScope, $scope, Auth, $location) { }); $scope.$on('spinnerStart', function (event, what) { - console.log(what); if (what === 'http') { $rootScope.spinner.http += 1 } else { - $rootScope.spinner[what] = false; + $rootScope.spinner.route = false; } $('#spinner').show(); }); $scope.$on('spinnerStop', function (event, what) { - console.log(what); if (what === 'http') { $rootScope.spinner.http -= 1 } else { - $rootScope.spinner[what] = false; + $rootScope.spinner.route = false; } if ($rootScope.spinner.http <= 0 && $rootScope.spinner.route === false) { $('#spinner').hide(); diff --git a/brewman/brewman/static/scripts/payment.js b/brewman/brewman/static/scripts/payment.js index eb7833f6..a51fc7e9 100644 --- a/brewman/brewman/static/scripts/payment.js +++ b/brewman/brewman/static/scripts/payment.js @@ -1,5 +1,5 @@ function PaymentCtrl($scope, $location, voucher, ledgers) { - $scop.voucher = voucher + $scope.voucher = voucher $scope.ledgers = ledgers; $scope.addJournal = function () { @@ -47,7 +47,9 @@ }, true); $scope.preventAlteration = function (voucher) { - if (typeof voucher.VoucherID === 'undefined') { + if (typeof $scope.perms === 'undefined') { + return false; + } else if (typeof voucher.VoucherID === 'undefined') { return !$scope.perms['Payment']; } else if (voucher.Posted && !$scope.perms['Edit Posted Vouchers']) { return true; @@ -69,7 +71,7 @@ $scope.save = function () { $scope.voucher.$save({type:'Payment'}, function (u, putResponseHeaders) { $scope.toasts.push({Type:'Success', Message:u.Code}); - $location.path('/Payment/' + u.VoucherID) + $location.path('/Payment/' + u.VoucherID); }, function (data, status) { $scope.toasts.push({Type:'Error', Message:data.data}); }); @@ -78,7 +80,7 @@ $scope.delete = function () { $scope.voucher.$delete(function (u, putResponseHeaders) { $scope.toasts.push({Type:'Success', Message:''}); - $location.path('/Payment') + $location.path('/Payment').replace(); }, function (data, status) { $scope.toasts.push({Type:'Error', Message:data.data}); }); diff --git a/brewman/brewman/static/scripts/purchase.js b/brewman/brewman/static/scripts/purchase.js index 2193ef88..969b3d9b 100644 --- a/brewman/brewman/static/scripts/purchase.js +++ b/brewman/brewman/static/scripts/purchase.js @@ -1,5 +1,5 @@ -function PurchaseCtrl($scope, $routeParams, $location, voucher) { - $scop.voucher = voucher +function PurchaseCtrl($scope, $location, voucher) { + $scope.voucher = voucher $scope.rate = 0; $scope.addInventory = function () { @@ -59,7 +59,9 @@ }, true); $scope.preventAlteration = function (voucher) { - if (typeof voucher.VoucherID === 'undefined') { + if (typeof $scope.perms === 'undefined') { + return false; + } else if (typeof voucher.VoucherID === 'undefined') { return !$scope.perms['Purchase']; } else if (voucher.Posted && !$scope.perms['Edit Posted Vouchers']) { return true; @@ -81,7 +83,7 @@ $scope.save = function () { $scope.voucher.$save({type:'Purchase'}, function (u, putResponseHeaders) { $scope.toasts.push({Type:'Success', Message:u.Code}); - $location.path('/Purchase/' + u.VoucherID) + $location.path('/Purchase/' + u.VoucherID); }, function (data, status) { $scope.toasts.push({Type:'Error', Message:data.data}); }); @@ -90,7 +92,7 @@ $scope.delete = function () { $scope.voucher.$delete(function (u, putResponseHeaders) { $scope.toasts.push({Type:'Success', Message:''}); - $location.path('/Purchase') + $location.path('/Purchase').replace(); }, function (data, status) { $scope.toasts.push({Type:'Error', Message:data.data}); }); diff --git a/brewman/brewman/static/scripts/receipt.js b/brewman/brewman/static/scripts/receipt.js index 96c0c3ff..92048edb 100644 --- a/brewman/brewman/static/scripts/receipt.js +++ b/brewman/brewman/static/scripts/receipt.js @@ -1,5 +1,5 @@ -function ReceiptCtrl($scope, $routeParams, $location, voucher, ledgers) { - $scop.voucher = voucher +function ReceiptCtrl($scope, $routeParams, $location, voucher, ledgers, Voucher) { + $scope.voucher = voucher $scope.ledgers = ledgers; $scope.addJournal = function () { @@ -47,7 +47,9 @@ }, true); $scope.preventAlteration = function (voucher) { - if (typeof voucher.VoucherID === 'undefined') { + if (typeof $scope.perms === 'undefined') { + return false; + } else if (typeof voucher.VoucherID === 'undefined') { return !$scope.perms['Receipt']; } else if (voucher.Posted && !$scope.perms['Edit Posted Vouchers']) { return true; @@ -69,7 +71,7 @@ $scope.save = function () { $scope.voucher.$save({type:'Receipt'}, function (u, putResponseHeaders) { $scope.toasts.push({Type:'Success', Message:u.Code}); - $location.path('/Receipt/' + u.VoucherID) + $location.path('/Receipt/' + u.VoucherID); }, function (data, status) { $scope.toasts.push({Type:'Error', Message:data.data}); }); @@ -78,7 +80,7 @@ $scope.delete = function () { $scope.voucher.$delete(function (u, putResponseHeaders) { $scope.toasts.push({Type:'Success', Message:''}); - $location.path('/Receipt') + $location.path('/Receipt').replace(); }, function (data, status) { $scope.toasts.push({Type:'Error', Message:data.data}); }); diff --git a/brewman/brewman/views/services/session.py b/brewman/brewman/views/services/session.py index 9712ddc8..dc994be6 100644 --- a/brewman/brewman/views/services/session.py +++ b/brewman/brewman/views/services/session.py @@ -5,6 +5,7 @@ from pyramid.response import Response from pyramid.security import authenticated_userid, remember from pyramid.view import view_config +from brewman import groupfinder from brewman.models.auth import Role, User from brewman.views.transactions import session_current_date @@ -37,7 +38,7 @@ def user_permission(request): else: user = User.get_by_id(uuid.UUID(user_id)) auth = {'isAuthenticated': True, 'Name': user.name, 'UserID': user.id} - session_perms = request.session['perms'] + session_perms = groupfinder(user.id, request) perms = {} for item in Role.list(): perms[item.name] = True if item.name in session_perms else False diff --git a/brewman/brewman/views/services/voucher/__init__.py b/brewman/brewman/views/services/voucher/__init__.py index 53581552..c5605bc3 100644 --- a/brewman/brewman/views/services/voucher/__init__.py +++ b/brewman/brewman/views/services/voucher/__init__.py @@ -3,6 +3,7 @@ from pyramid.response import Response from pyramid.security import authenticated_userid from pyramid.view import view_config import transaction +from brewman import groupfinder from brewman.models import DBSession from brewman.models.auth import User from brewman.models.master import LedgerBase, CostCenter @@ -34,7 +35,8 @@ def voucher_post(request): def check_delete_permissions(request, voucher): user = User.get_by_id(uuid.UUID(authenticated_userid(request))) - permissions = request.session['perms'] + permissions = groupfinder(user.id, request) + if voucher.posted and not 'Edit Posted Vouchers' in permissions: response = Response("You are not allowed to edit posted vouchers") response.status_int = 403 diff --git a/brewman/brewman/views/services/voucher/blank_voucher.py b/brewman/brewman/views/services/voucher/empty_voucher.py similarity index 100% rename from brewman/brewman/views/services/voucher/blank_voucher.py rename to brewman/brewman/views/services/voucher/empty_voucher.py diff --git a/brewman/brewman/views/services/voucher/update_voucher.py b/brewman/brewman/views/services/voucher/update_voucher.py index 78268b03..ccb30369 100644 --- a/brewman/brewman/views/services/voucher/update_voucher.py +++ b/brewman/brewman/views/services/voucher/update_voucher.py @@ -3,6 +3,7 @@ from pyramid.response import Response from pyramid.security import authenticated_userid from pyramid.view import view_defaults, view_config import transaction +from brewman import groupfinder from brewman.models.auth import User from brewman.models.validation_exception import ValidationError from brewman.models.voucher import Voucher @@ -19,7 +20,7 @@ class update_voucher(object): self.voucher = Voucher.by_id(uuid.UUID(request.matchdict.get('id', None))) self.json = request.json_body - permissions = request.session['perms'] + permissions = groupfinder(self.user.id, self.request) if self.voucher.posted and not 'Edit Posted Vouchers' in permissions: response = Response("You are not allowed to edit posted vouchers") response.status_int = 403