2015-03-30

esipkd/__init__.py

@@ -13,7 +13,10 @@ from pyramid.httpexceptions import (
     default_exceptionresponse_view,
     HTTPFound, HTTPNotFound
     )
-
+from types import (
+    StringType,
+    UnicodeType,
+    )
 from sqlalchemy import engine_from_config
 
 from .security import group_finder, get_user
@@ -21,11 +24,28 @@ from .models import (
     DBSession,
     Base,
     init_model,
-    Route    
+    Route,
+    Group,
+    UserGroup,
+    GroupRoutePermission
+    
     )
     
 from .tools import DefaultTimeZone, get_months
 
+# https://groups.google.com/forum/#!topic/pylons-discuss/QIj4G82j04c
+def has_permission_(request, perm_name):
+    if request.user:
+        if request.user.id==1:
+            return True
+        rows = DBSession.query(Group.group_name, Route.perm_name).\
+           join(UserGroup).join(GroupRoutePermission).join(Route).\
+           filter(UserGroup.user_id==request.user.id,
+               Route.kode==perm_name).all()
+        if rows:
+            return True
+    return False
+            
 # http://stackoverflow.com/questions/9845669/pyramid-inverse-to-add-notfound-viewappend-slash-true    
 class RemoveSlashNotFoundViewFactory(object):
     def __init__(self, notfound_view=None):
@@ -59,7 +79,8 @@ def url_has_permission(request, permission):
 @subscriber(BeforeRender)
 def add_global(event):
      event['permission'] = url_has_permission
-
+     event['has_permission'] = has_permission_
+     
 def get_title(request):
     route_name = request.matched_route.name
     return titles[route_name]

esipkd/scripts/data/route.csv

@@ -88,3 +88,5 @@ id,kode,nama,path,factory,perm_name,disabled,created,updated,create_uid
 103,"arstsitem-delete","Hapus Setoran Detail","/arstsitem/{id}/delete",,"delete",0,"2015-03-08 16:45:45",,1
 104,"arstsitem-list","Tambah Setoran Detail","/arstsitem/{id}/list",,"add",0,"2015-03-08 16:45:45",,1
 105,"reports_act","Report Action","/reports/act/{act}",,"read",0,"2015-03-08 16:45:45",,1
+106,"arinvoice-edt-unit","ARInvoice Ubah Unit","/arinvoice/edt/unit",,"arinvoice_unit",0,"2015-03-08 16:45:45",,1
+107,"arinvoice-edt-subjek","ARInvoice Ubah Subjek","/arinvoice/edt/subjek",,"arinvoice_subjek",0,"2015-03-08 16:45:45",,1

esipkd/views/templates/arinvoice/add.pt

@@ -26,11 +26,11 @@
         
       <div class="col-md-6">
 
-        <div class="form-group" tal:define="field form['objek_pajak_nm']" id="item-${field.oid}">
+        <div class="form-group" tal:define="field form['unit_nm']" id="item-${field.oid}">
           <label for="${field.oid}" class="control-label col-md-3" id="req-${field.oid}">
               ${field.title}<span id="error-${field.oid}" class="text text-danger"
                                   tal:condition="field.required">&nbsp*</span></label>
-          <div class="col-md-9">
+          <div class="col-md-9" tal:define="field form['unit_nm']" >
               ${structure:field.serialize()}
               <p id="error-${field.oid}" class="help-block" tal:condition="field.error"
                            tal:repeat="error field.error.messages()">
@@ -50,11 +50,11 @@
           </div>
         </div>
 
-        <div class="form-group" tal:define="field form['unit_nm']" id="item-${field.oid}">
+        <div class="form-group" tal:define="field form['objek_pajak_nm']" id="item-${field.oid}">
           <label for="${field.oid}" class="control-label col-md-3" id="req-${field.oid}">
               ${field.title}<span id="error-${field.oid}" class="text text-danger"
                                   tal:condition="field.required">&nbsp*</span></label>
-          <div class="col-md-9" tal:define="field form['unit_nm']" >
+          <div class="col-md-9">
               ${structure:field.serialize()}
               <p id="error-${field.oid}" class="help-block" tal:condition="field.error"
                            tal:repeat="error field.error.messages()">
@@ -195,10 +195,10 @@
         </div>
     </div>
     <script>
-       $("#unit_id").attr("readonly",true)
-       $("#unit_nm").attr("readonly",true)
-       $("#subjek_pajak_id").attr("readonly",true)
-       $("#subjek_pajak_nm").attr("readonly",true)
+       $("#unit_id").attr("readonly",${has_permission(request,'arinvoice-edt-unit') and 'false' or 'true'})
+       $("#unit_nm").attr("readonly",${has_permission(request,'arinvoice-edt-unit') and 'false' or 'true'})
+       $("#subjek_pajak_id").attr("readonly",${has_permission(request,'arinvoice-edt-subjek') and 'false' or 'true'})
+       $("#subjek_pajak_nm").attr("readonly",${has_permission(request,'arinvoice-edt-subjek') and 'false' or 'true'})
        $('#objek_pajak_nm').bind('typeahead:selected', function(obj, datum, name) {      
             $('#objek_pajak_id').val(datum.id);
             $('#subjek_pajak_id').val(datum.sp_id);

esipkd/views/templates/base.pt

@@ -47,7 +47,14 @@
             <li tal:attributes="class request.path == '/' and 'active'"><a href="/">Home</a></li>
             <li tal:attributes="class request.path == '/pkb/add' and 'active'"><a href="/pkb/add">PKB</a></li>
             <li tal:attributes="class request.path == '/pap/add' and 'active'"><a href="/pap/add">PAP</a></li>
-            <li tal:attributes="class request.path == '/arinvoice' and 'active'"><a href="/arinvoice">No. Bayar</a></li>
+            <li class="dropdown" tal:attributes="class request.matched_route.name in ['wp', 'wp-add', 'wp-edit', 'wp-delete'] and 'active'">
+              <a href="#" class="dropdown-toggle" data-toggle="dropdown">Register<b class="caret"></b></a>
+              <ul class="dropdown-menu">
+                <li><a href="/arinvoice">No. Bayar</a></li>
+                <li><a href="/wp">Subyek Bayar</a></li>
+                <li><a href="/op">Obyek Bayar</a></li>
+              </ul>
+            </li>
             <li tal:attributes="class request.path == '/arsspd' and 'active'"><a href="/arsspd">Penerimaan</a></li>
             <li tal:attributes="class request.path == '/arsts' and 'active'"><a href="/arsts">STS</a></li>
             
@@ -57,24 +64,20 @@
             <li tal:attributes="class request.path == '/hibah/add' and 'active'"><a href="/hibah/add">Hibah</a></li>
             <li tal:attributes="class request.path == '/lain/add' and 'active'"><a href="/lain/add">P. Lainnya</a></li-->
             <li tal:condition="not request.user" tal:attributes="class request.path == '/login' and 'active'"><a href="/login">Login</a></li>
-            
-
-            <li class="dropdown" tal:attributes="class request.matched_route.name in ['user', 'user-add', 'user-edit', 'user-delete'] and 'active'">
+            <li tal:condition="request.user and request.user.user_name=='admin'" class="dropdown" 
+                tal:attributes="class request.matched_route.name in ['user', 'user-add', 'user-edit', 'user-delete'] and 'active'">
               <a href="#" class="dropdown-toggle" data-toggle="dropdown">Admin <b class="caret"></b></a>
               <ul class="dropdown-menu">
                 <li><a href="/user">User</a></li>
                 <li><a href="/group">Group</a></li>
                 <li><a href="/usergroup">User Group</a></li>
                 <li><a href="/groupperm">Group Permission</a></li>
-                
                 <li><a href="/skpd">SKPD/Unit</a></li>
                 <li><a href="/jabatan">Jabatan</a></li>
                 <li><a href="/pegawai">Pegawai</a></li>
                 <li><a href="/coa">Rekening</a></li>
                 <li><a href="/pajak">Rekening & Tarif</a></li>
                 <li><a href="/wilayah">Wilayah</a></li>
-                <li><a href="/wp">Subyek Bayar</a></li>
-                <li><a href="/op">Obyek Bayar</a></li>
               </ul>
             </li>
           </ul>

setup.py

@@ -24,6 +24,8 @@ requires=['pyramid>=1.5a2',
           'pytz',
           'sqlalchemy-datatables',
           'recaptcha-client',
+	  'pyJasper',
+	  
          ]
 
 if sys.argv[1:] and sys.argv[1] == 'develop-use-pip':