parent
412704a73e
commit
3f32344334
|
@ -1,4 +1,3 @@
|
||||||
UPDATE Auth_Roles Set Name = 'Users' WHERE Name = 'CreateUser'
|
|
||||||
--update entities_ledgers set code = code + 60 where type = 13; -- to prevent duplicate code when converting
|
--update entities_ledgers set code = code + 60 where type = 13; -- to prevent duplicate code when converting
|
||||||
UPDATE entities_ledgers SET type = 11 WHERE type = 13;
|
UPDATE entities_ledgers SET type = 11 WHERE type = 13;
|
||||||
DROP TABLE Entities_Taxes;
|
DROP TABLE Entities_Taxes;
|
||||||
|
@ -50,6 +49,7 @@ DROP TABLE "Entities_Products_old";
|
||||||
Roles -- Run one line at a time, not all at once
|
Roles -- Run one line at a time, not all at once
|
||||||
|
|
||||||
-- Accounts
|
-- Accounts
|
||||||
|
UPDATE Auth_Roles Set Name = 'Users' WHERE Name = 'CreateUser';
|
||||||
UPDATE Auth_Roles SET Name = 'Accounts' WHERE RoleID = X'F438262F72DD2F4E91865ABC3AF44FBA';
|
UPDATE Auth_Roles SET Name = 'Accounts' WHERE RoleID = X'F438262F72DD2F4E91865ABC3AF44FBA';
|
||||||
DELETE FROM Auth_RoleGroups WHERE RoleID IN (X'7117853BD6A1F44FAA7919195338C857', X'4DC8B2094C33114F9656D91F62999F6B', X'A5174D3F2D5B3B40AA1FD20D1BB292E5', X'457143A70A4E4C4CBB2DA65BF608624E');
|
DELETE FROM Auth_RoleGroups WHERE RoleID IN (X'7117853BD6A1F44FAA7919195338C857', X'4DC8B2094C33114F9656D91F62999F6B', X'A5174D3F2D5B3B40AA1FD20D1BB292E5', X'457143A70A4E4C4CBB2DA65BF608624E');
|
||||||
DELETE FROM Auth_Roles WHERE RoleID IN (X'7117853BD6A1F44FAA7919195338C857', X'4DC8B2094C33114F9656D91F62999F6B', X'A5174D3F2D5B3B40AA1FD20D1BB292E5', X'457143A70A4E4C4CBB2DA65BF608624E');
|
DELETE FROM Auth_Roles WHERE RoleID IN (X'7117853BD6A1F44FAA7919195338C857', X'4DC8B2094C33114F9656D91F62999F6B', X'A5174D3F2D5B3B40AA1FD20D1BB292E5', X'457143A70A4E4C4CBB2DA65BF608624E');
|
||||||
|
|
|
@ -71,8 +71,7 @@ class User(Base):
|
||||||
|
|
||||||
def __init__(self, name=None, password=None, locked_out=None):
|
def __init__(self, name=None, password=None, locked_out=None):
|
||||||
self.name = name
|
self.name = name
|
||||||
if self.password != password:
|
self.password = password
|
||||||
self.password = encrypt(password)
|
|
||||||
self.locked_out = locked_out
|
self.locked_out = locked_out
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
import functools
|
||||||
import uuid
|
import uuid
|
||||||
from brewman.models.auth import User
|
from brewman.models.auth import User
|
||||||
from brewman.models.voucher import Voucher
|
from brewman.models.voucher import Voucher
|
||||||
|
@ -15,16 +16,14 @@ class VoucherFactory(object):
|
||||||
return voucher
|
return voucher
|
||||||
|
|
||||||
def groupfinder(user_id, request):
|
def groupfinder(user_id, request):
|
||||||
|
if type(user_id) == str:
|
||||||
|
user_id = uuid.UUID(user_id)
|
||||||
perms = []
|
perms = []
|
||||||
if 'perms' in request.session:
|
user = User.get_by_id(user_id)
|
||||||
perms = request.session['perms']
|
|
||||||
else:
|
|
||||||
user = User.get_by_id(uuid.UUID(user_id))
|
|
||||||
for item in user.groups:
|
for item in user.groups:
|
||||||
for perm in item.roles:
|
for perm in item.roles:
|
||||||
perms.append(perm.name)
|
perms.append(perm.name)
|
||||||
perms = f7(perms)
|
perms = f7(perms)
|
||||||
request.session['perms'] = perms
|
|
||||||
return perms
|
return perms
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -4,7 +4,6 @@
|
||||||
$scope.smallGrid = issue_grid;
|
$scope.smallGrid = issue_grid;
|
||||||
|
|
||||||
if (typeof $routeParams.Source === 'undefined' && typeof $routeParams.Destination === 'undefined' && typeof $routeParams.id === 'undefined') {
|
if (typeof $routeParams.Source === 'undefined' && typeof $routeParams.Destination === 'undefined' && typeof $routeParams.id === 'undefined') {
|
||||||
console.log('Changing route on load');
|
|
||||||
var date = $scope.voucher.Date;
|
var date = $scope.voucher.Date;
|
||||||
var source = getDebitCredit($scope.voucher.Journals, -1);
|
var source = getDebitCredit($scope.voucher.Journals, -1);
|
||||||
var destination = getDebitCredit($scope.voucher.Journals, 1);
|
var destination = getDebitCredit($scope.voucher.Journals, 1);
|
||||||
|
@ -70,10 +69,8 @@
|
||||||
}
|
}
|
||||||
|
|
||||||
if (typeof $routeParams.Source !== 'undefined' && typeof $routeParams.Destination !== 'undefined' && typeof $routeParams.id !== 'undefined') {
|
if (typeof $routeParams.Source !== 'undefined' && typeof $routeParams.Destination !== 'undefined' && typeof $routeParams.id !== 'undefined') {
|
||||||
console.log('journal watch location');
|
|
||||||
$location.path('/Issue/' + $scope.voucher.Date).search({Source:getDebitCredit(newJournals, -1), Destination:getDebitCredit(newJournals, 1)});
|
$location.path('/Issue/' + $scope.voucher.Date).search({Source:getDebitCredit(newJournals, -1), Destination:getDebitCredit(newJournals, 1)});
|
||||||
} else {
|
} else {
|
||||||
console.log('journal watch grid');
|
|
||||||
$scope.smallGrid = IssueGrid.query({date:$scope.voucher.Date, Source:getDebitCredit(newJournals, -1), Destination:getDebitCredit(newJournals, 1)});
|
$scope.smallGrid = IssueGrid.query({date:$scope.voucher.Date, Source:getDebitCredit(newJournals, -1), Destination:getDebitCredit(newJournals, 1)});
|
||||||
}
|
}
|
||||||
}, true);
|
}, true);
|
||||||
|
|
|
@ -41,7 +41,9 @@
|
||||||
}, true);
|
}, true);
|
||||||
|
|
||||||
$scope.preventAlteration = function (voucher) {
|
$scope.preventAlteration = function (voucher) {
|
||||||
if (typeof voucher.VoucherID === 'undefined') {
|
if (typeof $scope.perms === 'undefined') {
|
||||||
|
return false;
|
||||||
|
} else if (typeof voucher.VoucherID === 'undefined') {
|
||||||
return !$scope.perms['Journal'];
|
return !$scope.perms['Journal'];
|
||||||
} else if (voucher.Posted && !$scope.perms['Edit Posted Vouchers']) {
|
} else if (voucher.Posted && !$scope.perms['Edit Posted Vouchers']) {
|
||||||
return true;
|
return true;
|
||||||
|
@ -63,7 +65,7 @@
|
||||||
$scope.save = function () {
|
$scope.save = function () {
|
||||||
$scope.voucher.$save({type:'Journal'}, function (u, putResponseHeaders) {
|
$scope.voucher.$save({type:'Journal'}, function (u, putResponseHeaders) {
|
||||||
$scope.toasts.push({Type:'Success', Message:u.Code});
|
$scope.toasts.push({Type:'Success', Message:u.Code});
|
||||||
$location.path('/Journal/' + u.VoucherID)
|
$location.path('/Journal/' + u.VoucherID);
|
||||||
}, function (data, status) {
|
}, function (data, status) {
|
||||||
$scope.toasts.push({Type:'Error', Message:data.data});
|
$scope.toasts.push({Type:'Error', Message:data.data});
|
||||||
});
|
});
|
||||||
|
@ -72,7 +74,7 @@
|
||||||
$scope.delete = function () {
|
$scope.delete = function () {
|
||||||
$scope.voucher.$delete(function (u, putResponseHeaders) {
|
$scope.voucher.$delete(function (u, putResponseHeaders) {
|
||||||
$scope.toasts.push({Type:'Success', Message:''});
|
$scope.toasts.push({Type:'Success', Message:''});
|
||||||
$location.path('/Journal')
|
$location.path('/Journal').replace();
|
||||||
}, function (data, status) {
|
}, function (data, status) {
|
||||||
$scope.toasts.push({Type:'Error', Message:data.data});
|
$scope.toasts.push({Type:'Error', Message:data.data});
|
||||||
});
|
});
|
||||||
|
|
|
@ -134,21 +134,19 @@ function BaseCtrl($rootScope, $scope, Auth, $location) {
|
||||||
});
|
});
|
||||||
|
|
||||||
$scope.$on('spinnerStart', function (event, what) {
|
$scope.$on('spinnerStart', function (event, what) {
|
||||||
console.log(what);
|
|
||||||
if (what === 'http') {
|
if (what === 'http') {
|
||||||
$rootScope.spinner.http += 1
|
$rootScope.spinner.http += 1
|
||||||
} else {
|
} else {
|
||||||
$rootScope.spinner[what] = false;
|
$rootScope.spinner.route = false;
|
||||||
}
|
}
|
||||||
$('#spinner').show();
|
$('#spinner').show();
|
||||||
});
|
});
|
||||||
|
|
||||||
$scope.$on('spinnerStop', function (event, what) {
|
$scope.$on('spinnerStop', function (event, what) {
|
||||||
console.log(what);
|
|
||||||
if (what === 'http') {
|
if (what === 'http') {
|
||||||
$rootScope.spinner.http -= 1
|
$rootScope.spinner.http -= 1
|
||||||
} else {
|
} else {
|
||||||
$rootScope.spinner[what] = false;
|
$rootScope.spinner.route = false;
|
||||||
}
|
}
|
||||||
if ($rootScope.spinner.http <= 0 && $rootScope.spinner.route === false) {
|
if ($rootScope.spinner.http <= 0 && $rootScope.spinner.route === false) {
|
||||||
$('#spinner').hide();
|
$('#spinner').hide();
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
function PaymentCtrl($scope, $location, voucher, ledgers) {
|
function PaymentCtrl($scope, $location, voucher, ledgers) {
|
||||||
$scop.voucher = voucher
|
$scope.voucher = voucher
|
||||||
$scope.ledgers = ledgers;
|
$scope.ledgers = ledgers;
|
||||||
|
|
||||||
$scope.addJournal = function () {
|
$scope.addJournal = function () {
|
||||||
|
@ -47,7 +47,9 @@
|
||||||
}, true);
|
}, true);
|
||||||
|
|
||||||
$scope.preventAlteration = function (voucher) {
|
$scope.preventAlteration = function (voucher) {
|
||||||
if (typeof voucher.VoucherID === 'undefined') {
|
if (typeof $scope.perms === 'undefined') {
|
||||||
|
return false;
|
||||||
|
} else if (typeof voucher.VoucherID === 'undefined') {
|
||||||
return !$scope.perms['Payment'];
|
return !$scope.perms['Payment'];
|
||||||
} else if (voucher.Posted && !$scope.perms['Edit Posted Vouchers']) {
|
} else if (voucher.Posted && !$scope.perms['Edit Posted Vouchers']) {
|
||||||
return true;
|
return true;
|
||||||
|
@ -69,7 +71,7 @@
|
||||||
$scope.save = function () {
|
$scope.save = function () {
|
||||||
$scope.voucher.$save({type:'Payment'}, function (u, putResponseHeaders) {
|
$scope.voucher.$save({type:'Payment'}, function (u, putResponseHeaders) {
|
||||||
$scope.toasts.push({Type:'Success', Message:u.Code});
|
$scope.toasts.push({Type:'Success', Message:u.Code});
|
||||||
$location.path('/Payment/' + u.VoucherID)
|
$location.path('/Payment/' + u.VoucherID);
|
||||||
}, function (data, status) {
|
}, function (data, status) {
|
||||||
$scope.toasts.push({Type:'Error', Message:data.data});
|
$scope.toasts.push({Type:'Error', Message:data.data});
|
||||||
});
|
});
|
||||||
|
@ -78,7 +80,7 @@
|
||||||
$scope.delete = function () {
|
$scope.delete = function () {
|
||||||
$scope.voucher.$delete(function (u, putResponseHeaders) {
|
$scope.voucher.$delete(function (u, putResponseHeaders) {
|
||||||
$scope.toasts.push({Type:'Success', Message:''});
|
$scope.toasts.push({Type:'Success', Message:''});
|
||||||
$location.path('/Payment')
|
$location.path('/Payment').replace();
|
||||||
}, function (data, status) {
|
}, function (data, status) {
|
||||||
$scope.toasts.push({Type:'Error', Message:data.data});
|
$scope.toasts.push({Type:'Error', Message:data.data});
|
||||||
});
|
});
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
function PurchaseCtrl($scope, $routeParams, $location, voucher) {
|
function PurchaseCtrl($scope, $location, voucher) {
|
||||||
$scop.voucher = voucher
|
$scope.voucher = voucher
|
||||||
|
|
||||||
$scope.rate = 0;
|
$scope.rate = 0;
|
||||||
$scope.addInventory = function () {
|
$scope.addInventory = function () {
|
||||||
|
@ -59,7 +59,9 @@
|
||||||
}, true);
|
}, true);
|
||||||
|
|
||||||
$scope.preventAlteration = function (voucher) {
|
$scope.preventAlteration = function (voucher) {
|
||||||
if (typeof voucher.VoucherID === 'undefined') {
|
if (typeof $scope.perms === 'undefined') {
|
||||||
|
return false;
|
||||||
|
} else if (typeof voucher.VoucherID === 'undefined') {
|
||||||
return !$scope.perms['Purchase'];
|
return !$scope.perms['Purchase'];
|
||||||
} else if (voucher.Posted && !$scope.perms['Edit Posted Vouchers']) {
|
} else if (voucher.Posted && !$scope.perms['Edit Posted Vouchers']) {
|
||||||
return true;
|
return true;
|
||||||
|
@ -81,7 +83,7 @@
|
||||||
$scope.save = function () {
|
$scope.save = function () {
|
||||||
$scope.voucher.$save({type:'Purchase'}, function (u, putResponseHeaders) {
|
$scope.voucher.$save({type:'Purchase'}, function (u, putResponseHeaders) {
|
||||||
$scope.toasts.push({Type:'Success', Message:u.Code});
|
$scope.toasts.push({Type:'Success', Message:u.Code});
|
||||||
$location.path('/Purchase/' + u.VoucherID)
|
$location.path('/Purchase/' + u.VoucherID);
|
||||||
}, function (data, status) {
|
}, function (data, status) {
|
||||||
$scope.toasts.push({Type:'Error', Message:data.data});
|
$scope.toasts.push({Type:'Error', Message:data.data});
|
||||||
});
|
});
|
||||||
|
@ -90,7 +92,7 @@
|
||||||
$scope.delete = function () {
|
$scope.delete = function () {
|
||||||
$scope.voucher.$delete(function (u, putResponseHeaders) {
|
$scope.voucher.$delete(function (u, putResponseHeaders) {
|
||||||
$scope.toasts.push({Type:'Success', Message:''});
|
$scope.toasts.push({Type:'Success', Message:''});
|
||||||
$location.path('/Purchase')
|
$location.path('/Purchase').replace();
|
||||||
}, function (data, status) {
|
}, function (data, status) {
|
||||||
$scope.toasts.push({Type:'Error', Message:data.data});
|
$scope.toasts.push({Type:'Error', Message:data.data});
|
||||||
});
|
});
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
function ReceiptCtrl($scope, $routeParams, $location, voucher, ledgers) {
|
function ReceiptCtrl($scope, $routeParams, $location, voucher, ledgers, Voucher) {
|
||||||
$scop.voucher = voucher
|
$scope.voucher = voucher
|
||||||
$scope.ledgers = ledgers;
|
$scope.ledgers = ledgers;
|
||||||
|
|
||||||
$scope.addJournal = function () {
|
$scope.addJournal = function () {
|
||||||
|
@ -47,7 +47,9 @@
|
||||||
}, true);
|
}, true);
|
||||||
|
|
||||||
$scope.preventAlteration = function (voucher) {
|
$scope.preventAlteration = function (voucher) {
|
||||||
if (typeof voucher.VoucherID === 'undefined') {
|
if (typeof $scope.perms === 'undefined') {
|
||||||
|
return false;
|
||||||
|
} else if (typeof voucher.VoucherID === 'undefined') {
|
||||||
return !$scope.perms['Receipt'];
|
return !$scope.perms['Receipt'];
|
||||||
} else if (voucher.Posted && !$scope.perms['Edit Posted Vouchers']) {
|
} else if (voucher.Posted && !$scope.perms['Edit Posted Vouchers']) {
|
||||||
return true;
|
return true;
|
||||||
|
@ -69,7 +71,7 @@
|
||||||
$scope.save = function () {
|
$scope.save = function () {
|
||||||
$scope.voucher.$save({type:'Receipt'}, function (u, putResponseHeaders) {
|
$scope.voucher.$save({type:'Receipt'}, function (u, putResponseHeaders) {
|
||||||
$scope.toasts.push({Type:'Success', Message:u.Code});
|
$scope.toasts.push({Type:'Success', Message:u.Code});
|
||||||
$location.path('/Receipt/' + u.VoucherID)
|
$location.path('/Receipt/' + u.VoucherID);
|
||||||
}, function (data, status) {
|
}, function (data, status) {
|
||||||
$scope.toasts.push({Type:'Error', Message:data.data});
|
$scope.toasts.push({Type:'Error', Message:data.data});
|
||||||
});
|
});
|
||||||
|
@ -78,7 +80,7 @@
|
||||||
$scope.delete = function () {
|
$scope.delete = function () {
|
||||||
$scope.voucher.$delete(function (u, putResponseHeaders) {
|
$scope.voucher.$delete(function (u, putResponseHeaders) {
|
||||||
$scope.toasts.push({Type:'Success', Message:''});
|
$scope.toasts.push({Type:'Success', Message:''});
|
||||||
$location.path('/Receipt')
|
$location.path('/Receipt').replace();
|
||||||
}, function (data, status) {
|
}, function (data, status) {
|
||||||
$scope.toasts.push({Type:'Error', Message:data.data});
|
$scope.toasts.push({Type:'Error', Message:data.data});
|
||||||
});
|
});
|
||||||
|
|
|
@ -5,6 +5,7 @@ from pyramid.response import Response
|
||||||
from pyramid.security import authenticated_userid, remember
|
from pyramid.security import authenticated_userid, remember
|
||||||
|
|
||||||
from pyramid.view import view_config
|
from pyramid.view import view_config
|
||||||
|
from brewman import groupfinder
|
||||||
from brewman.models.auth import Role, User
|
from brewman.models.auth import Role, User
|
||||||
from brewman.views.transactions import session_current_date
|
from brewman.views.transactions import session_current_date
|
||||||
|
|
||||||
|
@ -37,7 +38,7 @@ def user_permission(request):
|
||||||
else:
|
else:
|
||||||
user = User.get_by_id(uuid.UUID(user_id))
|
user = User.get_by_id(uuid.UUID(user_id))
|
||||||
auth = {'isAuthenticated': True, 'Name': user.name, 'UserID': user.id}
|
auth = {'isAuthenticated': True, 'Name': user.name, 'UserID': user.id}
|
||||||
session_perms = request.session['perms']
|
session_perms = groupfinder(user.id, request)
|
||||||
perms = {}
|
perms = {}
|
||||||
for item in Role.list():
|
for item in Role.list():
|
||||||
perms[item.name] = True if item.name in session_perms else False
|
perms[item.name] = True if item.name in session_perms else False
|
||||||
|
|
|
@ -3,6 +3,7 @@ from pyramid.response import Response
|
||||||
from pyramid.security import authenticated_userid
|
from pyramid.security import authenticated_userid
|
||||||
from pyramid.view import view_config
|
from pyramid.view import view_config
|
||||||
import transaction
|
import transaction
|
||||||
|
from brewman import groupfinder
|
||||||
from brewman.models import DBSession
|
from brewman.models import DBSession
|
||||||
from brewman.models.auth import User
|
from brewman.models.auth import User
|
||||||
from brewman.models.master import LedgerBase, CostCenter
|
from brewman.models.master import LedgerBase, CostCenter
|
||||||
|
@ -34,7 +35,8 @@ def voucher_post(request):
|
||||||
|
|
||||||
def check_delete_permissions(request, voucher):
|
def check_delete_permissions(request, voucher):
|
||||||
user = User.get_by_id(uuid.UUID(authenticated_userid(request)))
|
user = User.get_by_id(uuid.UUID(authenticated_userid(request)))
|
||||||
permissions = request.session['perms']
|
permissions = groupfinder(user.id, request)
|
||||||
|
|
||||||
if voucher.posted and not 'Edit Posted Vouchers' in permissions:
|
if voucher.posted and not 'Edit Posted Vouchers' in permissions:
|
||||||
response = Response("You are not allowed to edit posted vouchers")
|
response = Response("You are not allowed to edit posted vouchers")
|
||||||
response.status_int = 403
|
response.status_int = 403
|
||||||
|
|
|
@ -3,6 +3,7 @@ from pyramid.response import Response
|
||||||
from pyramid.security import authenticated_userid
|
from pyramid.security import authenticated_userid
|
||||||
from pyramid.view import view_defaults, view_config
|
from pyramid.view import view_defaults, view_config
|
||||||
import transaction
|
import transaction
|
||||||
|
from brewman import groupfinder
|
||||||
from brewman.models.auth import User
|
from brewman.models.auth import User
|
||||||
from brewman.models.validation_exception import ValidationError
|
from brewman.models.validation_exception import ValidationError
|
||||||
from brewman.models.voucher import Voucher
|
from brewman.models.voucher import Voucher
|
||||||
|
@ -19,7 +20,7 @@ class update_voucher(object):
|
||||||
self.voucher = Voucher.by_id(uuid.UUID(request.matchdict.get('id', None)))
|
self.voucher = Voucher.by_id(uuid.UUID(request.matchdict.get('id', None)))
|
||||||
self.json = request.json_body
|
self.json = request.json_body
|
||||||
|
|
||||||
permissions = request.session['perms']
|
permissions = groupfinder(self.user.id, self.request)
|
||||||
if self.voucher.posted and not 'Edit Posted Vouchers' in permissions:
|
if self.voucher.posted and not 'Edit Posted Vouchers' in permissions:
|
||||||
response = Response("You are not allowed to edit posted vouchers")
|
response = Response("You are not allowed to edit posted vouchers")
|
||||||
response.status_int = 403
|
response.status_int = 403
|
||||||
|
|
Loading…
Reference in New Issue