make it impossible for users to approve expenses they submitted themselves
This commit is contained in:
parent
b2fa1dc92c
commit
8b3e00d9d4
|
@ -245,10 +245,10 @@ class ExpenseManageDetailView(CampViewMixin, EconomyTeamPermissionMixin, UpdateV
|
||||||
expense = form.save()
|
expense = form.save()
|
||||||
if 'approve' in form.data:
|
if 'approve' in form.data:
|
||||||
# approve button was pressed
|
# approve button was pressed
|
||||||
expense.approve()
|
expense.approve(self.request)
|
||||||
elif 'reject' in form.data:
|
elif 'reject' in form.data:
|
||||||
# reject button was pressed
|
# reject button was pressed
|
||||||
expense.reject()
|
expense.reject(self.request)
|
||||||
else:
|
else:
|
||||||
messages.error(self.request, "Unknown submit action")
|
messages.error(self.request, "Unknown submit action")
|
||||||
return redirect(reverse('backoffice:expense_manage_list', kwargs={'camp_slug': self.camp.slug}))
|
return redirect(reverse('backoffice:expense_manage_list', kwargs={'camp_slug': self.camp.slug}))
|
||||||
|
|
|
@ -4,13 +4,13 @@ from .models import Expense, Reimbursement
|
||||||
|
|
||||||
def approve_expenses(modeladmin, request, queryset):
|
def approve_expenses(modeladmin, request, queryset):
|
||||||
for expense in queryset.all():
|
for expense in queryset.all():
|
||||||
expense.approve()
|
expense.approve(request)
|
||||||
approve_expenses.short_description = "Approve Expenses"
|
approve_expenses.short_description = "Approve Expenses"
|
||||||
|
|
||||||
|
|
||||||
def reject_expenses(modeladmin, request, queryset):
|
def reject_expenses(modeladmin, request, queryset):
|
||||||
for expense in queryset.all():
|
for expense in queryset.all():
|
||||||
expense.reject()
|
expense.reject(request)
|
||||||
reject_expenses.short_description = "Reject Expenses"
|
reject_expenses.short_description = "Reject Expenses"
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -3,6 +3,7 @@ import os
|
||||||
from django.db import models
|
from django.db import models
|
||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
from django.db import models
|
from django.db import models
|
||||||
|
from django.contrib import messages
|
||||||
|
|
||||||
from utils.email import add_outgoing_email
|
from utils.email import add_outgoing_email
|
||||||
from utils.models import CampRelatedModel, UUIDModel
|
from utils.models import CampRelatedModel, UUIDModel
|
||||||
|
@ -83,11 +84,15 @@ class Expense(CampRelatedModel, UUIDModel):
|
||||||
else:
|
else:
|
||||||
return "Rejected"
|
return "Rejected"
|
||||||
|
|
||||||
def approve(self):
|
def approve(self, request):
|
||||||
"""
|
"""
|
||||||
This method marks an expense as approved.
|
This method marks an expense as approved.
|
||||||
Approving an expense triggers an email to the economy system, and another email to the user who submitted the expense in the first place.
|
Approving an expense triggers an email to the economy system, and another email to the user who submitted the expense in the first place.
|
||||||
"""
|
"""
|
||||||
|
if request.user == self.user:
|
||||||
|
messages.error(request, "You cannot approve your own expenses, aka. the anti-stein-bagger defence")
|
||||||
|
return
|
||||||
|
|
||||||
self.approved = True
|
self.approved = True
|
||||||
self.save()
|
self.save()
|
||||||
|
|
||||||
|
@ -109,7 +114,9 @@ class Expense(CampRelatedModel, UUIDModel):
|
||||||
to_recipients=[self.user.emailaddress_set.get(primary=True).email],
|
to_recipients=[self.user.emailaddress_set.get(primary=True).email],
|
||||||
)
|
)
|
||||||
|
|
||||||
def reject(self):
|
messages.success(request, "Expense %s approved" % self.pk)
|
||||||
|
|
||||||
|
def reject(self, request):
|
||||||
"""
|
"""
|
||||||
This method marks an expense as not approved.
|
This method marks an expense as not approved.
|
||||||
Not approving an expense triggers an email to the user who submitted the expense in the first place.
|
Not approving an expense triggers an email to the user who submitted the expense in the first place.
|
||||||
|
@ -125,6 +132,7 @@ class Expense(CampRelatedModel, UUIDModel):
|
||||||
to_recipients=[self.user.emailaddress_set.get(primary=True).email],
|
to_recipients=[self.user.emailaddress_set.get(primary=True).email],
|
||||||
)
|
)
|
||||||
|
|
||||||
|
messages.success(request, "Expense %s rejected" % self.pk)
|
||||||
|
|
||||||
class Reimbursement(CampRelatedModel, UUIDModel):
|
class Reimbursement(CampRelatedModel, UUIDModel):
|
||||||
"""
|
"""
|
||||||
|
|
Loading…
Reference in a new issue