reynir/bornhack-website
1
0
Fork 0
Code Issues Pull requests 1 Releases Wiki Activity

make it impossible for users to approve expenses they submitted themselves

Browse source
This commit is contained in:
Thomas Steen Rasmussen 2018-08-30 01:35:37 +02:00
parent b2fa1dc92c
commit 8b3e00d9d4
3 changed files with 14 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/backoffice/views.py
View file

@ -245,10 +245,10 @@ class ExpenseManageDetailView(CampViewMixin, EconomyTeamPermissionMixin, UpdateV
expense = form.save() expense = form.save()
if 'approve' in form.data: if 'approve' in form.data:
# approve button was pressed # approve button was pressed
expense.approve() expense.approve(self.request)
elif 'reject' in form.data: elif 'reject' in form.data:
# reject button was pressed # reject button was pressed
expense.reject() expense.reject(self.request)
else: else:
messages.error(self.request, "Unknown submit action") messages.error(self.request, "Unknown submit action")
return redirect(reverse('backoffice:expense_manage_list', kwargs={'camp_slug': self.camp.slug})) return redirect(reverse('backoffice:expense_manage_list', kwargs={'camp_slug': self.camp.slug}))

4
src/economy/admin.py
View file

@ -4,13 +4,13 @@ from .models import Expense, Reimbursement
def approve_expenses(modeladmin, request, queryset): def approve_expenses(modeladmin, request, queryset):
for expense in queryset.all(): for expense in queryset.all():
expense.approve() expense.approve(request)
approve_expenses.short_description = "Approve Expenses" approve_expenses.short_description = "Approve Expenses"
def reject_expenses(modeladmin, request, queryset): def reject_expenses(modeladmin, request, queryset):
for expense in queryset.all(): for expense in queryset.all():
expense.reject() expense.reject(request)
reject_expenses.short_description = "Reject Expenses" reject_expenses.short_description = "Reject Expenses"

12
src/economy/models.py
View file

@ -3,6 +3,7 @@ import os
from django.db import models from django.db import models
from django.conf import settings from django.conf import settings
from django.db import models from django.db import models
from django.contrib import messages
from utils.email import add_outgoing_email from utils.email import add_outgoing_email
from utils.models import CampRelatedModel, UUIDModel from utils.models import CampRelatedModel, UUIDModel
@ -83,11 +84,15 @@ class Expense(CampRelatedModel, UUIDModel):
else: else:
return "Rejected" return "Rejected"
def approve(self): def approve(self, request):
""" """
This method marks an expense as approved. This method marks an expense as approved.
Approving an expense triggers an email to the economy system, and another email to the user who submitted the expense in the first place. Approving an expense triggers an email to the economy system, and another email to the user who submitted the expense in the first place.
""" """
if request.user == self.user:
messages.error(request, "You cannot approve your own expenses, aka. the anti-stein-bagger defence")
return
self.approved = True self.approved = True
self.save() self.save()
@ -109,7 +114,9 @@ class Expense(CampRelatedModel, UUIDModel):
to_recipients=[self.user.emailaddress_set.get(primary=True).email], to_recipients=[self.user.emailaddress_set.get(primary=True).email],
) )
def reject(self): messages.success(request, "Expense %s approved" % self.pk)
def reject(self, request):
""" """
This method marks an expense as not approved. This method marks an expense as not approved.
Not approving an expense triggers an email to the user who submitted the expense in the first place. Not approving an expense triggers an email to the user who submitted the expense in the first place.
@ -125,6 +132,7 @@ class Expense(CampRelatedModel, UUIDModel):
to_recipients=[self.user.emailaddress_set.get(primary=True).email], to_recipients=[self.user.emailaddress_set.get(primary=True).email],
) )
messages.success(request, "Expense %s rejected" % self.pk)
class Reimbursement(CampRelatedModel, UUIDModel): class Reimbursement(CampRelatedModel, UUIDModel):
""" """