diff --git a/ordr2/resources/__init__.py b/ordr2/resources/__init__.py index d3c0e75..d6bb8ac 100644 --- a/ordr2/resources/__init__.py +++ b/ordr2/resources/__init__.py @@ -9,6 +9,7 @@ from .admin import ( UserAccount ) from .base import BaseResource +from .orders import OrderList, OrderResource class Root(BaseResource): diff --git a/ordr2/resources/admin.py b/ordr2/resources/admin.py index 1497180..f93f1ce 100644 --- a/ordr2/resources/admin.py +++ b/ordr2/resources/admin.py @@ -68,6 +68,7 @@ class UserList(BaseResource, PaginationResourceMixin): # consumables resources + class ConsumableResource(BaseResource): def __acl__(self): return [ @@ -130,6 +131,7 @@ class ConsumableList(BaseResource, PaginationResourceMixin): query = self.prepare_sorted_query(query, default_sort) return query + class Admin(BaseResource): nodes = { diff --git a/ordr2/resources/orders.py b/ordr2/resources/orders.py new file mode 100644 index 0000000..078cc2a --- /dev/null +++ b/ordr2/resources/orders.py @@ -0,0 +1,83 @@ +from pyramid.security import Allow, Authenticated, Deny, DENY_ALL, Everyone + +from .base import BaseResource, PaginationResourceMixin +from ordr2.models import Category, Order, OrderStatus + + + +class OrderResource(BaseResource): + def __acl__(self): + acl = [ + (Allow, 'role:user', 'view'), + (Allow, 'role:user', 'create'), + (Allow, 'role:purchaser', 'edit'), + (Allow, 'role:purchaser', 'delete'), + ] + if self.model.status == OrderStatus.OPEN: + acl.append( (Allow, 'user:' + str(self.model.username), 'edit') ) + acl.append( (Allow, 'user:' + str(self.model.username), 'delete') ) + acl.append(DENY_ALL) + return acl + + +class OrderList(BaseResource, PaginationResourceMixin): + sql_model_class = Order + child_resource_class = OrderResource + default_sorting = 'created.asc' + default_items_per_page = 12 + + def __acl__(self): + return [ + (Allow, 'role:user', 'view'), + (Allow, 'role:user', 'create'), + (Allow, 'role:purchaser', 'edit'), + (Allow, 'role:purchaser', 'delete'), + DENY_ALL + ] + + + def prepare_filtered_query(self, dbsession, filter_params): + ''' setup the base filtered query ''' + query = dbsession.query(self.sql_model_class) + + try: + status_name = filter_params.get('status', None) + status_name = status_name.lower() + status = OrderStatus(status_name) + query = query.filter_by(status=status) + except (AttributeError, ValueError): + status_name = None + self.filters['category'] = status_name + + user_name = filter_params.get('user', None) + if user_name: + query = query.filter_by(created_by=user_name) + self.filters['user'] = user_name + + return query + + + def prepare_sorted_query(self, query, sorting): + ''' setup the base filtered query ''' + available_fields = { + 'cas': 'cas_description', + 'category': 'category', + 'catalog': 'catalog_nr', + 'vendor': 'vendor', + 'pkg': 'package_size', + 'price': 'unit_price', + 'currency': 'currency', + 'amount': 'amount', + 'total': 'total_price', + 'created': 'created_date' + } + name = available_fields.get(sorting.field, None) + model_field = getattr(self.sql_model_class, name, None) + if model_field: + sort_func = sorting.func(model_field) + query = query.order_by(sort_func) + default_sort = self.parse_sort_parameters(self.default_sorting) + if sorting.field != default_sort.field: + default_sort = self.parse_sort_parameters(self.default_sorting) + query = self.prepare_sorted_query(query, default_sort) + return query