X-Git-Url: https://asedeno.scripts.mit.edu/gitweb/?a=blobdiff_plain;f=bluechips%2Fcontrollers%2Fspend.py;h=8000fd377a8a331b6efc0e73e85f726b1726eda5;hb=91c2916731b30a0c43a2259dad2228c51421a06c;hp=aceb6ade6a839519217703bfe5d8c647afcd0a05;hpb=c603bfc958822b4226bdadc9423f5d2ee36074be;p=bluechips.git

diff --git a/bluechips/controllers/spend.py b/bluechips/controllers/spend.py
index aceb6ad..8000fd3 100644
--- a/bluechips/controllers/spend.py
+++ b/bluechips/controllers/spend.py
@@ -9,8 +9,8 @@ from decimal import Decimal, InvalidOperation
 from bluechips.lib.base import *
 
 from pylons import request, app_globals as g
-from pylons.decorators.rest import dispatch_on
 from pylons.decorators import validate
+from pylons.decorators.secure import authenticate_form
 from pylons.controllers.util import abort
 
 from formencode import validators, Schema
@@ -42,7 +42,7 @@ class ExpenditureSchema(Schema):
     pre_validators = [NestedVariables()]
     spender_id = validators.Int(not_empty=True)
     amount = model.types.CurrencyValidator(not_empty=True)
-    description = validators.UnicodeString()
+    description = validators.UnicodeString(not_empty=True)
     date = validators.DateConverter()
     shares = ForEach(ShareSchema)
     chained_validators = [ValidateNotAllZero]
@@ -91,6 +91,7 @@ class SpendController(BaseController):
         return render('/spend/index.mako')
 
     @redirect_on_get('edit')
+    @authenticate_form
     @validate(schema=ExpenditureSchema(), form='edit', variable_decode=True)
     def update(self, id=None):
         # Either create a new object, or, if we're editing, get the
@@ -131,3 +132,35 @@ class SpendController(BaseController):
         g.handle_notification(involved_users, show, body)
 
         return h.redirect_to('/')
+
+    def delete(self, id):
+        c.title = 'Delete an Expenditure'
+        c.expenditure = meta.Session.query(model.Expenditure).get(id)
+        if c.expenditure is None:
+            abort(404)
+
+        return render('/spend/delete.mako')
+
+    @redirect_on_get('delete')
+    @authenticate_form
+    def destroy(self, id):
+        e = meta.Session.query(model.Expenditure).get(id)
+        if e is None:
+            abort(404)
+
+        if 'delete' in request.params:
+            meta.Session.delete(e)
+
+            meta.Session.commit()
+            show = ("Expenditure of %s paid for by %s deleted." %
+                    (e.amount, e.spender))
+            h.flash(show)
+
+            involved_users = set(sp.user for sp in e.splits if sp.share != 0)
+            involved_users.add(e.spender)
+            body = render('/emails/expenditure.txt',
+                          extra_vars={'expenditure': e,
+                                      'op': 'deleted'})
+            g.handle_notification(involved_users, show, body)
+
+        return h.redirect_to('/')