tanshu/brewman
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Voucher permissions done (hopefully).

Browse Source 
Backdated voucher check still pending
This commit is contained in:
Tanshu 2012-10-29 01:02:22 +05:30
parent 7594fd399a
commit 7ab945464b
14 changed files with 135 additions and 30 deletions

6
brewman/brewman/static/partial/issue.html

@ -118,18 +118,18 @@
</div>
<div class="form-actions">
<button class="btn btn-primary" ng-click="save()"
ng-disabled="!perms['Issue']">{{voucher.Code | save_button}}
ng-disabled="preventAlteration(voucher)">{{voucher.Code | save_button}}
</button>
<button class="btn btn-danger" ng-click="resetVoucher(voucher.VoucherID)" ng-hide="voucher.Code == '(Auto)'">
New Entry
</button>
<button class="btn btn-danger" ng-click="delete()" ng-hide="voucher.Code == '(Auto)'"
ng-disabled="!perms['Issue']">
ng-disabled="preventAlteration(voucher)">
Delete
</button>
</div>
<div class="row-fluid">
Created on {{voucher.CreationDate}} and Last Edited on {{voucher.LastEditDate}} by {{voucher.User}}. Posted
Created on {{voucher.CreationDate}} and Last Edited on {{voucher.LastEditDate}} by {{voucher.User.Name}}. Posted
by {{voucher.Poster}}
</div>
</form>

6
brewman/brewman/static/partial/journal.html

@ -69,18 +69,18 @@
</div>
<div class="form-actions">
<button class="btn btn-primary" ng-click="save()"
ng-disabled="!perms['Journal']">{{voucher.Code | save_button}}
ng-disabled="preventAlteration(voucher)">{{voucher.Code | save_button}}
</button>
<button class="btn btn-inverse" ng-click="post()" ng-hide="voucher.Code == '(Auto)'"
ng-disabled="voucher.Posted || !perms['Post Vouchers']">{{voucher.Posted | posted}}
</button>
<button class="btn btn-danger" ng-click="delete()" ng-hide="voucher.Code == '(Auto)'"
ng-disabled="!perms['Journal'] || (voucher.Posted && !perms['Edit Posted Vouchers'])">
ng-disabled="preventAlteration(voucher)">
Delete
</button>
</div>
<div class="row-fluid">
Created on {{voucher.CreationDate}} and Last Edited on {{voucher.LastEditDate}} by {{voucher.User}}. Posted
Created on {{voucher.CreationDate}} and Last Edited on {{voucher.LastEditDate}} by {{voucher.User.Name}}. Posted
by {{voucher.Poster}}
</div>
</form>

6
brewman/brewman/static/partial/payment.html

@ -78,18 +78,18 @@
</div>
<div class="form-actions">
<button class="btn btn-primary" ng-click="save()"
ng-disabled="!perms['Payment']">{{voucher.Code | save_button}}
ng-disabled="preventAlteration(voucher)">{{voucher.Code | save_button}}
</button>
<button class="btn btn-inverse" ng-click="post()" ng-hide="voucher.Code == '(Auto)'"
ng-disabled="voucher.Posted || !perms['Post Vouchers']">{{voucher.Posted | posted}}
</button>
<button class="btn btn-danger" ng-click="delete()" ng-hide="voucher.Code == '(Auto)'"
ng-disabled="!perms['Payment'] || (voucher.Posted && !perms['Edit Posted Vouchers'])">
ng-disabled="preventAlteration(voucher)">
Delete
</button>
</div>
<div class="row-fluid">
Created on {{voucher.CreationDate}} and Last Edited on {{voucher.LastEditDate}} by {{voucher.User}}. Posted
Created on {{voucher.CreationDate}} and Last Edited on {{voucher.LastEditDate}} by {{voucher.User.Name}}. Posted
by {{voucher.Poster}}
</div>
</form>

6
brewman/brewman/static/partial/purchase.html

@ -93,18 +93,18 @@
</div>
<div class="form-actions">
<button class="btn btn-primary" ng-click="save()"
ng-disabled="!perms['Purchase']">{{voucher.Code | save_button}}
ng-disabled="preventAlteration(voucher)">{{voucher.Code | save_button}}
</button>
<button class="btn btn-inverse" ng-click="post()" ng-hide="voucher.Code == '(Auto)'"
ng-disabled="voucher.Posted || !perms['Post Vouchers']">{{voucher.Posted | posted}}
</button>
<button class="btn btn-danger" ng-click="delete()" ng-hide="voucher.Code == '(Auto)'"
ng-disabled="!perms['Purchase'] || (voucher.Posted && !perms['Edit Posted Vouchers'])">
ng-disabled="preventAlteration(voucher)">
Delete
</button>
</div>
<div class="row-fluid">
Created on {{voucher.CreationDate}} and Last Edited on {{voucher.LastEditDate}} by {{voucher.User}}.
Created on {{voucher.CreationDate}} and Last Edited on {{voucher.LastEditDate}} by {{voucher.User.Name}}.
Posted
by {{voucher.Poster}}
</div>

6
brewman/brewman/static/partial/receipt.html

@ -78,18 +78,18 @@
</div>
<div class="form-actions">
<button class="btn btn-primary" ng-click="save()"
ng-disabled="!perms['Receipt']">{{voucher.Code | save_button}}
ng-disabled="preventAlteration(voucher)">{{voucher.Code | save_button}}
</button>
<button class="btn btn-inverse" ng-click="post()" ng-hide="voucher.Code == '(Auto)'"
ng-disabled="voucher.Posted || !perms['Post Vouchers']">{{voucher.Posted | posted}}
</button>
<button class="btn btn-danger" ng-click="delete()" ng-hide="voucher.Code == '(Auto)'"
ng-disabled="!perms['Receipt'] || (voucher.Posted && !perms['Edit Posted Vouchers'])">
ng-disabled="preventAlteration(voucher)">
Delete
</button>
</div>
<div class="row-fluid">
Created on {{voucher.CreationDate}} and Last Edited on {{voucher.LastEditDate}} by {{voucher.User}}. Posted
Created on {{voucher.CreationDate}} and Last Edited on {{voucher.LastEditDate}} by {{voucher.User.Name}}. Posted
by {{voucher.Poster}}
</div>
</form>

12
brewman/brewman/static/scripts/issue.js

@ -115,6 +115,18 @@
});
};
$scope.preventAlteration = function (voucher) {
if (typeof voucher.VoucherID === 'undefined') {
return !$scope.perms['Issue'];
} else if (voucher.Posted && !$scope.perms['Edit Posted Vouchers']) {
return true;
} else if (voucher.User.UserID != $scope.auth.UserID && !$scope.perms["Edit Other User's Vouchers"]) {
return true;
} else {
return false;
}
};
$scope.get = function (voucherid) {
$scope.voucher = Voucher.get({id:voucherid}, function (u, putResponseHeaders) {
$location.path('/Issue/' + u.VoucherID);

41
brewman/brewman/static/scripts/journal.js

@ -1,10 +1,5 @@
function JournalCtrl($scope, $routeParams, $location, Voucher) {
if (typeof $routeParams.id === 'undefined'){
$scope.voucher = Voucher.get({type:'Journal'});
} else {
$scope.voucher = Voucher.get({id:$routeParams.id});
}
function JournalCtrl($scope, $location, voucher) {
$scope.voucher = voucher;
$scope.name = '';
$scope.debit = 1;
$scope.addJournal = function () {
@ -45,6 +40,18 @@
$scope.amount = Math.abs(amount);
}, true);
$scope.preventAlteration = function (voucher) {
if (typeof voucher.VoucherID === 'undefined') {
return !$scope.perms['Journal'];
} else if (voucher.Posted && !$scope.perms['Edit Posted Vouchers']) {
return true;
} else if (voucher.User.UserID != $scope.auth.UserID && !$scope.perms["Edit Other User's Vouchers"]) {
return true;
} else {
return false;
}
};
$scope.get = function (voucherid) {
$scope.voucher = Voucher.get({VoucherID:voucherid}, function (u, putResponseHeaders) {
$scope.toasts.push({Type:'Success', Message:u.Code});
@ -79,3 +86,23 @@
});
};
}
JournalCtrl.resolve = {
voucher:function ($q, $route, Voucher) {
var deferred = $q.defer();
var id = $route.current.params.id;
var successCb = function (result) {
deferred.resolve(result);
};
if (typeof id === 'undefined') {
Voucher.get({type:'Journal'}, successCb);
} else {
Voucher.get({id:id}, successCb);
}
return deferred.promise;
}
}

4
brewman/brewman/static/scripts/overlord.js

@ -7,8 +7,8 @@ var overlord = angular.module('overlord', ['overlord.directive', 'overlord.filte
when('/login', {templateUrl:'/partial/login.html', controller:LoginCtrl}).
when('/logout', {templateUrl:'/partial/home.html', controller:LogoutCtrl}).
when('/Journal', {templateUrl:'/partial/journal.html', controller:JournalCtrl}).
when('/Journal/:id', {templateUrl:'/partial/journal.html', controller:JournalCtrl}).
when('/Journal', {templateUrl:'/partial/journal.html', controller:JournalCtrl, resolve:JournalCtrl.resolve}).
when('/Journal/:id', {templateUrl:'/partial/journal.html', controller:JournalCtrl, resolve:JournalCtrl.resolve}).
when('/Payment', {templateUrl:'/partial/payment.html', controller:PaymentCtrl}).
when('/Payment/:id', {templateUrl:'/partial/payment.html', controller:PaymentCtrl}).

12
brewman/brewman/static/scripts/payment.js

@ -51,6 +51,18 @@
}
}, true);
$scope.preventAlteration = function (voucher) {
if (typeof voucher.VoucherID === 'undefined') {
return !$scope.perms['Payment'];
} else if (voucher.Posted && !$scope.perms['Edit Posted Vouchers']) {
return true;
} else if (voucher.User.UserID != $scope.auth.UserID && !$scope.perms["Edit Other User's Vouchers"]) {
return true;
} else {
return false;
}
};
$scope.get = function (voucherid) {
$scope.voucher = Voucher.get({VoucherID:voucherid}, function (u, putResponseHeaders) {
$scope.toasts.push({Type:'Success', Message:u.Code});

12
brewman/brewman/static/scripts/purchase.js

@ -62,6 +62,18 @@
}
}, true);
$scope.preventAlteration = function (voucher) {
if (typeof voucher.VoucherID === 'undefined') {
return !$scope.perms['Purchase'];
} else if (voucher.Posted && !$scope.perms['Edit Posted Vouchers']) {
return true;
} else if (voucher.User.UserID != $scope.auth.UserID && !$scope.perms["Edit Other User's Vouchers"]) {
return true;
} else {
return false;
}
};
$scope.get = function (voucherid) {
$scope.voucher = Voucher.get({VoucherID:voucherid}, function (u, putResponseHeaders) {
$scope.toasts.push({Type:'Success', Message:u.Code});

12
brewman/brewman/static/scripts/receipt.js

@ -51,6 +51,18 @@
}
}, true);
$scope.preventAlteration = function (voucher) {
if (typeof voucher.VoucherID === 'undefined') {
return !$scope.perms['Receipt'];
} else if (voucher.Posted && !$scope.perms['Edit Posted Vouchers']) {
return true;
} else if (voucher.User.UserID != $scope.auth.UserID && !$scope.perms["Edit Other User's Vouchers"]) {
return true;
} else {
return false;
}
};
$scope.get = function (voucherid) {
$scope.voucher = Voucher.get({VoucherID:voucherid}, function (u, putResponseHeaders) {
$scope.toasts.push({Type:'Success', Message:u.Code});

2
brewman/brewman/views/services/session.py

@ -36,7 +36,7 @@ def user_permission(request):
auth = {'isAuthenticated': False, 'perms': {}}
else:
user = User.get_by_id(uuid.UUID(user_id))
auth = {'isAuthenticated': True, 'Name': user.name}
auth = {'isAuthenticated': True, 'Name': user.name, 'UserID': user.id}
session_perms = request.session['perms']
perms = {}
for item in Role.list():

22
brewman/brewman/views/services/voucher/__init__.py

@ -32,10 +32,30 @@ def voucher_post(request):
return response
def check_delete_permissions(request, voucher):
user = User.get_by_id(uuid.UUID(authenticated_userid(request)))
permissions = request.session['perms']
if voucher.posted and not 'Edit Posted Vouchers' in permissions:
response = Response("You are not allowed to edit posted vouchers")
response.status_int = 403
return response
elif voucher.user_id != user.id and "Edit Other User's Vouchers" not in permissions:
response = Response("You are not allowed to edit other user's vouchers")
response.status_int = 403
return response
elif VoucherType.by_id(voucher.type).name not in permissions:
response = Response("You are not allowed (0) vouchers".format(VoucherType.by_id(voucher.type).name))
response.status_int = 403
return response
@view_config(request_method='DELETE', route_name='voucher', renderer='json', xhr=True)
def delete(request):
id = request.matchdict.get('id', None)
voucher = Voucher.by_id(uuid.UUID(id))
permission = check_delete_permissions(request, voucher)
if permission is not None:
return permission
json_voucher = voucher_info(voucher)
if voucher.type == 'Issue':
for item in voucher.journals:
@ -86,7 +106,7 @@ def voucher_info(voucher):
'Inventories': [],
'CreationDate': voucher.creation_date.strftime('%d-%b-%Y %H:%M'),
'LastEditDate': voucher.last_edit_date.strftime('%d-%b-%Y %H:%M'),
'User': voucher.user.name,
'User': {'UserID': voucher.user.id, 'Name': voucher.user.name},
'Poster': voucher.poster.name if voucher.posted else ''}
for item in voucher.journals:
json_voucher['Journals'].append({'JournalID': item.id, 'Debit': item.debit, 'Amount': item.amount,

18
brewman/brewman/views/services/voucher/update_voucher.py

@ -1,6 +1,6 @@
import uuid
from pyramid.response import Response
from pyramid.security import authenticated_userid, has_permission, Denied
from pyramid.security import authenticated_userid
from pyramid.view import view_defaults, view_config
import transaction
from brewman.models.auth import User
@ -18,10 +18,18 @@ class update_voucher(object):
self.user = User.get_by_id(uuid.UUID(authenticated_userid(request)))
self.voucher = Voucher.by_id(uuid.UUID(request.matchdict.get('id', None)))
self.json = request.json_body
permission = Denied
if self.voucher.posted:
permission = has_permisson('EditPosted', None, request)
permissions = request.session['perms']
if self.voucher.posted and not 'Edit Posted Vouchers' in permissions:
response = Response("You are not allowed to edit posted vouchers")
response.status_int = 403
self.error = response
elif self.voucher.user_id != self.user.id and "Edit Other User's Vouchers" not in permissions:
response = Response("You are not allowed to edit other user's vouchers")
response.status_int = 403
self.error = response
else:
self.error = None
@view_config(request_param='type=Journal', permission='Journal')
@ -49,6 +57,8 @@ class update_voucher(object):
return self.update()
def update(self):
if self.error is not None:
return self.error
try:
if self.json['Type'] in ['Journal', 'Payment', 'Receipt']:
voucher = journal_update_voucher(self.voucher, self.json, self.user)