]> asedeno.scripts.mit.edu Git - bluechips.git/blobdiff - bluechips/controllers/spend.py
projects / bluechips.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
added XSRF protection to all forms and associated tests
[bluechips.git] / bluechips / controllers / spend.py
diff --git a/bluechips/controllers/spend.py b/bluechips/controllers/spend.py
index 45db96de46c90cd91907803d3c96fa708276ad76..098ac270ceaad3ca0684a6973d7353f1a3097fda 100644 (file)
--- a/bluechips/controllers/spend.py
+++ b/bluechips/controllers/spend.py
@@ -9,13 +9,14 @@ from decimal import Decimal, InvalidOperation
 from bluechips.lib.base import *
 
 from pylons import request, app_globals as g
 from bluechips.lib.base import *
 
 from pylons import request, app_globals as g
-from pylons.decorators.rest import dispatch_on
 from pylons.decorators import validate
 from pylons.decorators import validate
+from pylons.decorators.secure import authenticate_form
 from pylons.controllers.util import abort
 
 from formencode import validators, Schema
 from formencode.foreach import ForEach
 from formencode.variabledecode import NestedVariables
 from pylons.controllers.util import abort
 
 from formencode import validators, Schema
 from formencode.foreach import ForEach
 from formencode.variabledecode import NestedVariables
+from formencode.schema import SimpleFormValidator
 
 from mailer import Message
 
 
 from mailer import Message
 
@@ -29,6 +30,12 @@ class ShareSchema(Schema):
     amount = validators.Number(not_empty=True)
 
 
     amount = validators.Number(not_empty=True)
 
 
+def validate_state(value_dict, state, validator):
+    if all(s['amount'] == 0 for s in value_dict['shares']):
+        return {'shares-0.amount': 'Need at least one non-zero share'}
+ValidateNotAllZero = SimpleFormValidator(validate_state)
+
+
 class ExpenditureSchema(Schema):
     "Validate an expenditure."
     allow_extra_fields = False
 class ExpenditureSchema(Schema):
     "Validate an expenditure."
     allow_extra_fields = False
@@ -38,6 +45,7 @@ class ExpenditureSchema(Schema):
     description = validators.UnicodeString()
     date = validators.DateConverter()
     shares = ForEach(ShareSchema)
     description = validators.UnicodeString()
     date = validators.DateConverter()
     shares = ForEach(ShareSchema)
+    chained_validators = [ValidateNotAllZero]
     
 
 class SpendController(BaseController):
     
 
 class SpendController(BaseController):
@@ -57,18 +65,33 @@ class SpendController(BaseController):
             c.values = {}
             for ii, user_row in enumerate(c.users):
                 user_id, user = user_row
             c.values = {}
             for ii, user_row in enumerate(c.users):
                 user_id, user = user_row
+                val = 0
                 if user.resident:
                     val = Decimal(100) / Decimal(num_residents)
                 if user.resident:
                     val = Decimal(100) / Decimal(num_residents)
-                else:
-                    val = 0
                 c.values['shares-%d.amount' % ii] = val
         else:
             c.title = 'Edit an Expenditure'
             c.expenditure = meta.Session.query(model.Expenditure).get(id)
             if c.expenditure is None:
                 abort(404)
                 c.values['shares-%d.amount' % ii] = val
         else:
             c.title = 'Edit an Expenditure'
             c.expenditure = meta.Session.query(model.Expenditure).get(id)
             if c.expenditure is None:
                 abort(404)
+            c.values = {}
+            for ii, user_row in enumerate(c.users):
+                user_id, user = user_row
+                shares_by_user = dict(((sp.user, sp.share) for sp
+                                       in c.expenditure.splits))
+                share = shares_by_user.get(user, 0)
+                if c.expenditure.amount == 0:
+                    percent = 0
+                else:
+                    percent = (Decimal(100) * Decimal(int(share)) /
+                               Decimal(int(c.expenditure.amount))).\
+                            quantize(Decimal("0.001"))
+                c.values['shares-%d.amount' % ii] = percent
+
         return render('/spend/index.mako')
 
         return render('/spend/index.mako')
 
+    @redirect_on_get('edit')
+    @authenticate_form
     @validate(schema=ExpenditureSchema(), form='edit', variable_decode=True)
     def update(self, id=None):
         # Either create a new object, or, if we're editing, get the
     @validate(schema=ExpenditureSchema(), form='edit', variable_decode=True)
     def update(self, id=None):
         # Either create a new object, or, if we're editing, get the
@@ -86,8 +109,6 @@ class SpendController(BaseController):
         # Set the fields that were submitted
         shares = self.form_result.pop('shares')
         update_sar(e, self.form_result)
         # Set the fields that were submitted
         shares = self.form_result.pop('shares')
         update_sar(e, self.form_result)
-        if e.id is not None:
-            e.update_split()
 
         users = dict(meta.Session.query(model.User.id, model.User).all())
         split_dict = {}
 
         users = dict(meta.Session.query(model.User.id, model.User).all())
         split_dict = {}
http://bluechi.ps/