-
Notifications
You must be signed in to change notification settings - Fork 1.8k
Expand file tree
/
Copy pathroutes.py
More file actions
174 lines (147 loc) · 7.65 KB
/
routes.py
File metadata and controls
174 lines (147 loc) · 7.65 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
from flask import render_template, redirect, url_for, flash, abort, request
from flask_login import login_required, current_user
from .. import db # Assuming db is initialized in app's __init__.py
from ..models import Task # Assuming Task model is in app's models.py
from ..forms import TaskForm # Assuming TaskForm is in app's forms.py
from ..decorators import manager_required # Import manager_required
from datetime import datetime
from . import main_bp
@main_bp.route('/')
@login_required
def index():
# Redirect to the list of tasks for the logged-in user
return redirect(url_for('main.list_tasks'))
# Placeholder for list_tasks, to be implemented next
@main_bp.route('/tasks')
@login_required
def list_tasks():
# Query tasks where assignee_id == current_user.id
tasks = Task.query.filter_by(assignee_id=current_user.id).order_by(Task.due_date.asc(), Task.created_at.desc()).all()
# Assuming template 'main/list_tasks.html' exists or will be created
return render_template('main/list_tasks.html', tasks=tasks, title="My Tasks")
@main_bp.route('/task/new', methods=['GET', 'POST'])
@login_required
def create_task():
form = TaskForm(current_user_role=current_user.role) # Pass current_user_role
if form.validate_on_submit():
due_date_val = form.due_date.data
task = Task(
title=form.title.data,
description=form.description.data,
due_date=due_date_val,
status=form.status.data,
creator_id=current_user.id
# assignee_id will be set below
)
if current_user.role == 'manager' and form.assignee_id.data and form.assignee_id.data != 0:
task.assignee_id = form.assignee_id.data
elif current_user.role == 'manager' and form.assignee_id.data == 0: # Manager chose 'Unassigned / Assign to Self'
task.assignee_id = current_user.id # Assign to self (manager)
else: # Employee is creating the task
task.assignee_id = current_user.id # Employee assigns to self
db.session.add(task)
db.session.commit()
flash('Your task has been created!', 'success')
return redirect(url_for('main.list_tasks'))
# Assuming template 'main/create_edit_task.html' exists or will be created
return render_template('main/create_edit_task.html', title='New Task', form=form, is_edit=False)
@main_bp.route('/task/<int:task_id>')
@login_required
def view_task(task_id):
task = Task.query.get_or_404(task_id)
if task.assignee_id != current_user.id:
# For now, only assignee can view. Manager logic can be added later.
abort(403)
# Assuming template 'main/view_task.html' exists or will be created
return render_template('main/view_task.html', task=task, title=task.title)
@main_bp.route('/task/<int:task_id>/edit', methods=['GET', 'POST'])
@login_required
def edit_task(task_id):
task = Task.query.get_or_404(task_id)
# Permission check: Manager can edit any task. Employee can only edit their own assigned tasks.
if current_user.role != 'manager' and task.assignee_id != current_user.id:
abort(403)
form = TaskForm(current_user_role=current_user.role) # Pass current_user_role
if form.validate_on_submit():
task.title = form.title.data
task.description = form.description.data
task.due_date = form.due_date.data
task.status = form.status.data
task.updated_at = datetime.utcnow()
if current_user.role == 'manager':
if form.assignee_id.data and form.assignee_id.data != 0:
task.assignee_id = form.assignee_id.data
elif form.assignee_id.data == 0: # Manager chose 'Unassigned / Assign to Self'
# If the task was assigned to someone else, and manager chooses 'Unassigned',
# it means it becomes assigned to the manager themselves.
task.assignee_id = current_user.id
# If no assignee_id is provided by a manager (e.g. if field was optional for some reason),
# do not change the assignee, or assign to self - current logic implies it must be selected.
# The form validator DataRequired for manager role ensures a selection is made.
# Employees cannot change assignee, so no 'else' needed here for task.assignee_id
db.session.commit()
flash('Your task has been updated!', 'success')
return redirect(url_for('main.view_task', task_id=task.id))
elif request.method == 'GET':
form.title.data = task.title
form.description.data = task.description
form.due_date.data = task.due_date
form.status.data = task.status
if current_user.role == 'manager':
# If task.assignee_id is None or not a valid choice, WTForms might have issues.
# The (0, 'Unassigned / Assign to Self') choice handles if task.assignee_id is current_user.id (the manager)
# or if it's genuinely unassigned (though our model implies assignee is often set).
# If task.assignee_id points to an employee, it will select them.
# If task.assignee_id is current_user.id (manager), it should select the 'Unassigned / Assign to Self' (0) option.
if task.assignee_id == current_user.id:
form.assignee_id.data = 0 # Select the 'Unassigned / Assign to Self' option
else:
form.assignee_id.data = task.assignee_id
# Assuming template 'main/create_edit_task.html' exists or will be created
return render_template('main/create_edit_task.html', title='Edit Task', form=form, task=task, is_edit=True)
@main_bp.route('/task/<int:task_id>/delete', methods=['POST'])
@login_required
def delete_task(task_id):
task = Task.query.get_or_404(task_id)
if task.assignee_id != current_user.id:
abort(403) # User cannot delete tasks not assigned to them
db.session.delete(task)
db.session.commit()
flash('Your task has been deleted!', 'success')
return redirect(url_for('main.list_tasks'))
@main_bp.route('/task/<int:task_id>/complete', methods=['POST'])
@login_required
def complete_task(task_id):
task = Task.query.get_or_404(task_id)
if task.assignee_id != current_user.id:
abort(403) # User cannot complete tasks not assigned to them
task.status = 'completed'
task.updated_at = datetime.utcnow()
db.session.commit()
flash('Task marked as completed!', 'success')
return redirect(url_for('main.list_tasks'))
# The old view_task_old placeholder can be removed.
# (The old view_task_old has been removed by not including it here)
@main_bp.route('/admin/tasks')
@login_required
@manager_required
def view_all_tasks():
# Query all tasks. Join with User to access creator/assignee usernames if needed in template.
# Ordered by due_date, then by creation_date.
tasks = Task.query.order_by(Task.due_date.asc(), Task.created_at.desc()).all()
# Assuming template 'main/all_tasks.html' exists or will be created
return render_template('main/all_tasks.html', tasks=tasks, title="All Tasks")
@main_bp.route('/task/<int:task_id>/approve', methods=['POST'])
@login_required
@manager_required
def approve_task(task_id):
task = Task.query.get_or_404(task_id)
if task.status != 'completed':
flash('Task must be marked as "completed" before it can be approved.', 'warning')
return redirect(url_for('main.view_task', task_id=task.id)) # Or main.all_tasks
task.status = 'approved'
task.approved_by_id = current_user.id
task.updated_at = datetime.utcnow()
db.session.commit()
flash('Task has been approved successfully!', 'success')
return redirect(url_for('main.view_task', task_id=task.id)) # Or main.all_tasks