# -*- coding: utf8 -*- from pyramid.response import Response from pyramid.renderers import render, get_renderer from pyramid.view import ( view_config, forbidden_view_config, ) from pyramid.security import ( remember, forget, ) from pyramid.httpexceptions import ( HTTPFound, HTTPNotFound, HTTPForbidden, ) from pyramid_mailer import get_mailer from pyramid_mailer.message import Message, Attachment from datetime import * import hashlib from sqlalchemy.exc import DBAPIError from ..security import groupfinder import json from ..models.default import * from ..models.agenda import * def to_decimal(x): import decimal return decimal.Decimal(str(x)) def to_euro(x): """Takes a float and returns a string""" #if x == 0: # return "" #else: return (u"%.2f €" % x).replace('.', ',') def to_sha1(message): return hashlib.sha1(message.encode('utf-8')).hexdigest() def to_int(x): try: number = int(x.replace(',', '.')) return number except ValueError: return 0 def to_percent(x): """Takes a float and returns a string""" return (u"%.2f " % x).replace('.', ',') + "%" @view_config(route_name='home', renderer='../templates/default/home.pt', permission='view') def home(request): return { 'page_title': 'Bienvenue', 'project': 'mondumas', } @view_config(route_name='envoyer_mdp', renderer='../templates/default/envoyer_mdp.pt') def envoyer_mdp(request): url = request.route_url('envoyer_mdp') message = u'' if 'form.submitted' in request.params: login = request.params['login'] member = get_member_by_id(request, login) if member: # Fabrication du corps du email_passwordMessage lien = update_membre_mdp_oublie(request, login) body = u""" Le lien suivant vous dirigera vers une page où vous pourrez ré-initialiser votre mot de passe d'accès à « gestion.entreprise-dumas.com » : %s (Ce lien est valide pendant 168 heures.) """ % (request.route_url('redefinir_mdp', lien=lien)) envoyerMail(request, member.email, u"Demande de ré-initialisation du mot de passe", body) request.session.flash(u"Votre demande de ré-initialisation de mot de passe vous a été envoyée à %s." % member.email) return HTTPFound(location=request.route_url('login')) else: message = u"Le mot de passe fourni est incorrect." return { 'page_title': u"Changer mon mot de passe", 'url': url, 'message': message, } @view_config(route_name='changer_mdp', renderer='../templates/default/changer_mdp.pt', permission='view') def changer_mdp(request): url = request.route_url('changer_mdp') logged_in = request.authenticated_userid message = '' member = get_member_by_id(request, logged_in) if member: if 'form.submitted' in request.params: old_password = request.params['old_password'] new_password = request.params['new_password1'] if member.mdp == to_sha1(password): update_membre_mdp(request, logged_in, new_password) request.session.flash(u"Votre mot de passe a été mis à jour avec succès.") return HTTPFound(location=request.route_url('home')) else: message = u"Le mot de passe actuel n'est pas correct." return { 'page_title': u"Changer mon mot de passe", 'url': url, 'member': member, 'message': message, } @view_config(route_name='redefinir_mdp', renderer='../templates/default/redefinir_mdp.pt') def redefinir_mdp(request): lien = request.matchdict["lien"] url = request.route_url('redefinir_mdp', lien=lien) # tester si le champ "motdepasse_oublie" est encore valide membre = get_member_by_mdp_oublie(request, lien) if membre: if 'form.submitted' in request.params: login = request.params["login"] mdp = request.params["new_password1"] if login == membre.cd_uti: update_membre_mdp(request, login, mdp) request.session.flash(u"Votre mot de passe a été modifié avec succès.", 'success') return HTTPFound(location=request.route_url('login')) else: request.session.flash(u"Identifiant incorrect.", 'danger') return HTTPFound(location=request.route_url('login')) else: request.session.flash(u"Le lien n'est plus valable.", 'warning') return HTTPFound(location=request.route_url('login')) return { 'page_title': u"Définissez votre mot de passe", 'url': url, } @view_config(route_name='login', renderer='../templates/default/login.pt', permission='view') @forbidden_view_config(renderer='../templates/login.pt') def login(request): current_route_path = request.current_route_path() login = '' login_url = request.route_url('login') referrer = request.url if referrer == login_url: referrer = '/' # never use the login form itself as came_from came_from = request.params.get('came_from', referrer) password = u'' message = u'' if 'form.submitted' in request.params: login = request.params['login'] password = request.params['password'] record = get_member_by_id(request, login) if record : # mot de passe hash valide ? if record.mdp == to_sha1(password): update_last_connection(request, login) # force le commit car il ne se fait pas automatiquement après l'update transaction.commit() headers = remember(request, login) return HTTPFound(location=came_from, headers=headers) message = u"Email et mot de passe invalides. La connexion a échoué." return { 'page_title': u"", 'url': login_url, 'came_from': came_from, 'login': login, 'message': message, } @view_config(route_name='logout') def logout(request): request.session.invalidate() headers = forget(request) request.session.flash(u"Vous avez bien été déconnecté.") return HTTPFound(location=request.route_url('login', login=''), headers=headers) def envoyerMail(request, destinataire, objet, corps): body = u""" %s Cordialement, gestion.entreprise-dumas.com """ % (corps) message = Message(subject=u"[Ent. Dumas] %s" % objet, sender=request.registry.settings['mondumas.admin_email'], body=body) message.add_recipient(destinataire) mailer = get_mailer(request) mailer.send_immediately(message) @view_config(route_name='dossier_lookup', renderer='../templates/default/dossier_lookup.pt', permission='view') @view_config(route_name='dossier_select', renderer='../templates/default/dossier_lookup.pt', permission='view') def dossier_lookup(request): if 'dossier_select' in request.current_route_path() : # récupérer les paramètres de l'appel de la view datePlan = request.matchdict['date'] # sélectionner dossier -> goto planning goto_url = '/dossier_selected/agenda/%s/' % datePlan url = request.route_url('dossier_select', date=datePlan) else: # recherche dossier -> goto fiche dossier goto_url = '/dossier_selected/dossier_view/%s/' % date.today().strftime('%Y-%m-%d') url = request.route_url('dossier_lookup') message = u'' societes = ['PE','ME','PL','PO','CD'] societe = 'PE' liste=[] name = u'' cb_tous = "non" if 'form.submitted' in request.params: name = request.params['name'] societe = request.params['societe'] # si afficher tous les fiches ? if 'cb_tous' in request.params: cb_tous = "oui" chantiers = get_chantiers_byName(request, societe, name, True) else: cb_tous = "non" chantiers = get_chantiers_byName(request, societe, name, False) if len(chantiers) == 0: message = u"Chantier non trouvé : %s" % name # construire la liste for item in chantiers: d = ('%s-%s' % (societe, item.numero),item.date.strftime('%d-%m-%Y'), item.nomcli, item.chantier, to_euro(item.montant), item.nosin, item.status) liste.append(d) return { 'page_title': u"Rechercher un chantier", 'url': url, 'goto_url': goto_url, 'message': message, 'dt_data': json.dumps(liste), 'societes': societes, 'societe': societe, 'name': name, 'cb_tous': cb_tous, } @view_config(route_name='dossier_view', renderer='../templates/default/dossier_view.pt', permission='view') def dossier_view(request): nodossier = request.matchdict['nodossier'] url = request.route_url("dossier_view", nodossier=nodossier) dossier = get_dossier_by_no(request, nodossier) if dossier is None: request.session.flash(u"Le dossier no %s est introuvable" % (nodossier), 'danger') return HTTPFound(location=request.route_url("chantier_lookup")) # lire tous le suivi du dossier details = get_dossier_rdv_by_no(request, nodossier, '0') # lire toutes les dossiers du chantiers documents = get_documents_byChantier(request, nodossier) return { 'page_title': u"Dossier : %s" % (nodossier), 'nodossier': nodossier, 'dossier': dossier, 'details': details, 'documents': documents, } @view_config(route_name='dossier_selected', permission='view') def dossier_selected(request): # récupérer les paramètres de l'appel de la view goto = request.matchdict['goto'] datePlan = request.matchdict['date'] nodossier = request.matchdict['nodossier'] # fiche dossier dossier = get_dossier_by_no(request, nodossier) # memorize nodossier et nom dossier request.session['mem_nodossier'] = nodossier request.session['mem_nomdossier'] = dossier.C_NOM if goto == 'dossier_view': return HTTPFound(location=request.route_url('dossier_view', nodossier=nodossier)) else: return HTTPFound(location=request.route_url('agenda', date=datePlan)) @view_config(route_name='suivi_edit', renderer='../templates/default/suivi_edit.pt', permission='view') def suivi_edit(request): logged_in = request.authenticated_userid nodossier = request.matchdict['nodossier'] nolig = request.matchdict['nolig'] url = request.route_url("suivi_edit", nodossier=nodossier, nolig=nolig) message = '' if nolig == '0': # nouveau suivi = {} suivi['COMMENT'] = '' suivi['COMMENTVI'] = '' suivi['USERMAJ'] = logged_in.upper() suivi['DATEMAJ'] = datetime.now() page_title= 'Nouveau suivi' else: # lire le suivi suivi = get_dossier_rdv_by_no(request, nodossier, nolig) if not suivi: request.session.flash(u"Suivi non trouvé : %s" % nodossier, 'warning') return HTTPFound(location=request.route_url('dossier_view', nodossier=nodossier)) page_title= u"Modification du suivi %s" % (nolig) if 'form.submitted' in request.params: new_values = {} for param, db_value in suivi.items(): if param in request.params and request.params[param] != db_value: new_values[param] = request.params[param] if new_values: new_values['USERMAJ'] = logged_in.upper() new_values['DATE'] = date.today() update_suivi(request, nodossier, nolig, new_values) request.session.flash(u"Le suivi a été mis à jour avec succès.", 'success') return HTTPFound(location=request.route_url('dossier_view', nodossier=nodossier)) if 'form.deleted' in request.params: delete_rdv(request, nodossier, nolig) request.session.flash(u"Le suivi a été supprimé avec succès.", 'success') return HTTPFound(location=request.route_url('dossier_view', nodossier=nodossier)) return { 'page_title': page_title, 'url': url, 'nodossier': nodossier, 'nolig': nolig, 'suivi': suivi, 'message': message, }