]> asedeno.scripts.mit.edu Git - bluechips.git/blobdiff - bluechips/controllers/spend.py
projects / bluechips.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
added XSRF protection to all forms and associated tests
[bluechips.git] / bluechips / controllers / spend.py
diff --git a/bluechips/controllers/spend.py b/bluechips/controllers/spend.py
index 2b4be30aa5ea276ace26de0852945a0ecbfb9c11..098ac270ceaad3ca0684a6973d7353f1a3097fda 100644 (file)
--- a/bluechips/controllers/spend.py
+++ b/bluechips/controllers/spend.py
@@ -9,13 +9,14 @@ from decimal import Decimal, InvalidOperation
 from bluechips.lib.base import *
 
 from pylons import request, app_globals as g
 from bluechips.lib.base import *
 
 from pylons import request, app_globals as g
-from pylons.decorators.rest import dispatch_on
 from pylons.decorators import validate
 from pylons.decorators import validate
+from pylons.decorators.secure import authenticate_form
 from pylons.controllers.util import abort
 
 from formencode import validators, Schema
 from formencode.foreach import ForEach
 from formencode.variabledecode import NestedVariables
 from pylons.controllers.util import abort
 
 from formencode import validators, Schema
 from formencode.foreach import ForEach
 from formencode.variabledecode import NestedVariables
+from formencode.schema import SimpleFormValidator
 
 from mailer import Message
 
 
 from mailer import Message
 
@@ -29,6 +30,12 @@ class ShareSchema(Schema):
     amount = validators.Number(not_empty=True)
 
 
     amount = validators.Number(not_empty=True)
 
 
+def validate_state(value_dict, state, validator):
+    if all(s['amount'] == 0 for s in value_dict['shares']):
+        return {'shares-0.amount': 'Need at least one non-zero share'}
+ValidateNotAllZero = SimpleFormValidator(validate_state)
+
+
 class ExpenditureSchema(Schema):
     "Validate an expenditure."
     allow_extra_fields = False
 class ExpenditureSchema(Schema):
     "Validate an expenditure."
     allow_extra_fields = False
@@ -38,6 +45,7 @@ class ExpenditureSchema(Schema):
     description = validators.UnicodeString()
     date = validators.DateConverter()
     shares = ForEach(ShareSchema)
     description = validators.UnicodeString()
     date = validators.DateConverter()
     shares = ForEach(ShareSchema)
+    chained_validators = [ValidateNotAllZero]
     
 
 class SpendController(BaseController):
     
 
 class SpendController(BaseController):
@@ -57,10 +65,9 @@ class SpendController(BaseController):
             c.values = {}
             for ii, user_row in enumerate(c.users):
                 user_id, user = user_row
             c.values = {}
             for ii, user_row in enumerate(c.users):
                 user_id, user = user_row
+                val = 0
                 if user.resident:
                     val = Decimal(100) / Decimal(num_residents)
                 if user.resident:
                     val = Decimal(100) / Decimal(num_residents)
-                else:
-                    val = 0
                 c.values['shares-%d.amount' % ii] = val
         else:
             c.title = 'Edit an Expenditure'
                 c.values['shares-%d.amount' % ii] = val
         else:
             c.title = 'Edit an Expenditure'
@@ -70,21 +77,21 @@ class SpendController(BaseController):
             c.values = {}
             for ii, user_row in enumerate(c.users):
                 user_id, user = user_row
             c.values = {}
             for ii, user_row in enumerate(c.users):
                 user_id, user = user_row
-                try:
-                    share = [s.share for s in c.expenditure.splits
-                             if s.user == user][0]
-                    if c.expenditure.amount == 0:
-                        percent = 0
-                    else:
-                        percent = (Decimal(100) * Decimal(int(share)) /
-                                   Decimal(int(c.expenditure.amount))).\
-                                quantize(Decimal("0.001"))
-                except IndexError:
+                shares_by_user = dict(((sp.user, sp.share) for sp
+                                       in c.expenditure.splits))
+                share = shares_by_user.get(user, 0)
+                if c.expenditure.amount == 0:
                     percent = 0
                     percent = 0
+                else:
+                    percent = (Decimal(100) * Decimal(int(share)) /
+                               Decimal(int(c.expenditure.amount))).\
+                            quantize(Decimal("0.001"))
                 c.values['shares-%d.amount' % ii] = percent
 
         return render('/spend/index.mako')
 
                 c.values['shares-%d.amount' % ii] = percent
 
         return render('/spend/index.mako')
 
+    @redirect_on_get('edit')
+    @authenticate_form
     @validate(schema=ExpenditureSchema(), form='edit', variable_decode=True)
     def update(self, id=None):
         # Either create a new object, or, if we're editing, get the
     @validate(schema=ExpenditureSchema(), form='edit', variable_decode=True)
     def update(self, id=None):
         # Either create a new object, or, if we're editing, get the
http://bluechi.ps/