make it impossible for users to approve expenses they submitted themselves
This commit is contained in:
parent
b2fa1dc92c
commit
8b3e00d9d4
|
@ -245,10 +245,10 @@ class ExpenseManageDetailView(CampViewMixin, EconomyTeamPermissionMixin, UpdateV
|
|||
expense = form.save()
|
||||
if 'approve' in form.data:
|
||||
# approve button was pressed
|
||||
expense.approve()
|
||||
expense.approve(self.request)
|
||||
elif 'reject' in form.data:
|
||||
# reject button was pressed
|
||||
expense.reject()
|
||||
expense.reject(self.request)
|
||||
else:
|
||||
messages.error(self.request, "Unknown submit action")
|
||||
return redirect(reverse('backoffice:expense_manage_list', kwargs={'camp_slug': self.camp.slug}))
|
||||
|
|
|
@ -4,13 +4,13 @@ from .models import Expense, Reimbursement
|
|||
|
||||
def approve_expenses(modeladmin, request, queryset):
|
||||
for expense in queryset.all():
|
||||
expense.approve()
|
||||
expense.approve(request)
|
||||
approve_expenses.short_description = "Approve Expenses"
|
||||
|
||||
|
||||
def reject_expenses(modeladmin, request, queryset):
|
||||
for expense in queryset.all():
|
||||
expense.reject()
|
||||
expense.reject(request)
|
||||
reject_expenses.short_description = "Reject Expenses"
|
||||
|
||||
|
||||
|
|
|
@ -3,6 +3,7 @@ import os
|
|||
from django.db import models
|
||||
from django.conf import settings
|
||||
from django.db import models
|
||||
from django.contrib import messages
|
||||
|
||||
from utils.email import add_outgoing_email
|
||||
from utils.models import CampRelatedModel, UUIDModel
|
||||
|
@ -83,11 +84,15 @@ class Expense(CampRelatedModel, UUIDModel):
|
|||
else:
|
||||
return "Rejected"
|
||||
|
||||
def approve(self):
|
||||
def approve(self, request):
|
||||
"""
|
||||
This method marks an expense as approved.
|
||||
Approving an expense triggers an email to the economy system, and another email to the user who submitted the expense in the first place.
|
||||
"""
|
||||
if request.user == self.user:
|
||||
messages.error(request, "You cannot approve your own expenses, aka. the anti-stein-bagger defence")
|
||||
return
|
||||
|
||||
self.approved = True
|
||||
self.save()
|
||||
|
||||
|
@ -109,7 +114,9 @@ class Expense(CampRelatedModel, UUIDModel):
|
|||
to_recipients=[self.user.emailaddress_set.get(primary=True).email],
|
||||
)
|
||||
|
||||
def reject(self):
|
||||
messages.success(request, "Expense %s approved" % self.pk)
|
||||
|
||||
def reject(self, request):
|
||||
"""
|
||||
This method marks an expense as not approved.
|
||||
Not approving an expense triggers an email to the user who submitted the expense in the first place.
|
||||
|
@ -125,6 +132,7 @@ class Expense(CampRelatedModel, UUIDModel):
|
|||
to_recipients=[self.user.emailaddress_set.get(primary=True).email],
|
||||
)
|
||||
|
||||
messages.success(request, "Expense %s rejected" % self.pk)
|
||||
|
||||
class Reimbursement(CampRelatedModel, UUIDModel):
|
||||
"""
|
||||
|
|
Loading…
Reference in a new issue