Merge 01d515c07f into cf77b4c346

Co-authored-by: MediMilk <chadricksoup@gmail.com>

ihatemoney/forms.py

@@ -14,6 +14,8 @@ from wtforms.fields import (
     BooleanField,
     DateField,
     DecimalField,
+    HiddenField,
+    IntegerField,
     Label,
     PasswordField,
     SelectField,
@@ -438,6 +440,22 @@ class BillForm(FlaskForm):
             raise ValidationError(msg)
 
 
+class HiddenCommaDecimalField(HiddenField, CommaDecimalField):
+    pass
+
+
+class HiddenIntegerField(HiddenField, IntegerField):
+    pass
+
+
+class SettlementForm(FlaskForm):
+    """Used internally for validation, not directly visible to users"""
+
+    amount = HiddenCommaDecimalField("Amount", validators=[DataRequired()])
+    sender_id = HiddenIntegerField("Sender", validators=[DataRequired()])
+    receiver_id = HiddenIntegerField("Receiver", validators=[DataRequired()])
+
+
 class MemberForm(FlaskForm):
     name = StringField(_("Name"), validators=[DataRequired()], filters=[strip_filter])
 

ihatemoney/messages.pot

@@ -759,7 +759,7 @@ msgstr ""
 msgid "Documentation"
 msgstr ""
 
-msgid "Administation Dashboard"
+msgid "Administration Dashboard"
 msgstr ""
 
 msgid "Legal information"

ihatemoney/templates/layout.html

@@ -168,7 +168,7 @@
               <i class="icon book">{{ static_include("images/book.svg") | safe }}</i>
             </a>
             {% if g.show_admin_dashboard_link %}
-            <a target="_blank" rel="noopener" data-toggle="tooltip" data-placement="top" title="{{ _('Administation Dashboard') }}" href="{{ url_for('main.dashboard') }}">
+            <a target="_blank" rel="noopener" data-toggle="tooltip" data-placement="top" title="{{ _('Administration Dashboard') }}" href="{{ url_for('main.dashboard') }}">
               <i class="icon admin">{{ static_include("images/cog.svg") | safe }}</i>
             </a>
             {% endif %}

ihatemoney/templates/settle_bills.html

@@ -11,15 +11,20 @@
     <table id="bill_table" class="split_bills table table-striped">
         <thead><tr><th>{{ _("Who pays?") }}</th><th>{{ _("To whom?") }}</th><th>{{ _("How much?") }}</th><th>{{ _("Settled?") }}</th></tr></thead>
     <tbody>
-    {% for bill in bills %}
+    {% for transaction in transactions %}
-    <tr receiver={{bill.receiver.id}}>
+    <tr>
-            <td>{{ bill.ower }}</td>
+            <td>{{ transaction.ower }}</td>
-            <td>{{ bill.receiver }}</td>
+            <td>{{ transaction.receiver }}</td>
-            <td>{{ bill.amount|currency }}</td>
+            <td>{{ transaction.amount|currency }}</td>
             <td>
                 <span id="settle-bill" class="ml-auto pb-2">
-                    <a href="{{ url_for('.settle', amount = bill.amount, ower_id = bill.ower.id, payer_id = bill.receiver.id) }}" class="btn btn-primary">
+                    <form class="" action="{{ url_for(".add_settlement_bill") }}" method="POST">
-                        {{ ("Settle") }}
+                        {{ settlement_form.csrf_token }}
+                        {{ settlement_form.amount(value=transaction.amount) }}
+                        {{ settlement_form.sender_id(value=transaction.ower.id) }}
+                        {{ settlement_form.receiver_id(value=transaction.receiver.id) }}
+                        <button class="btn btn-primary" type="submit" title="{{ _("Settle") }}">{{ _("Settle") }}</button>
+                    </form>
                     </a>
                 </span>
             </td>

ihatemoney/tests/budget_test.py

@@ -1358,23 +1358,25 @@ class TestBudget(IhatemoneyTestCase):
         count = 0
         for t in transactions:
             count += 1
-            self.client.get(
+            self.client.post(
-                "/raclette/settle"
+                "/raclette/settle",
-                + "/"
+                data={
-                + str(t["amount"])
+                    "amount": t["amount"],
-                + "/"
+                    "sender_id": t["ower"].id,
-                + str(t["ower"].id)
+                    "receiver_id": t["receiver"].id,
-                + "/"
+                },
-                + str(t["receiver"].id)
             )
             temp_transactions = project.get_transactions_to_settle_bill()
             # test if the one has disappeared
             assert len(temp_transactions) == len(transactions) - count
 
-            # test if theres a new one with bill_type reimbursement
+            # test if there is a new one with bill_type reimbursement
             bill = project.get_newest_bill()
             assert bill.bill_type == models.BillType.REIMBURSEMENT
-        return
+
+        # There should be no more settlement to do at the end
+        transactions = project.get_transactions_to_settle_bill()
+        assert len(transactions) == 0
 
     def test_settle_zero(self):
         self.post_project("raclette")
@@ -1463,6 +1465,78 @@ class TestBudget(IhatemoneyTestCase):
         # Create and log in as another project
         self.post_project("tartiflette")
 
+        # Add a participant in this second project
+        self.client.post("/tartiflette/members/add", data={"name": "pirate"})
+        pirate = models.Person.query.filter(models.Person.id == 5).one()
+        assert pirate.name == "pirate"
+
+        # Try to add a new bill in another project
+        self.client.post(
+            "/raclette/add",
+            data={
+                "date": "2017-01-01",
+                "what": "fromage frelaté",
+                "payer": 2,
+                "payed_for": [2, 3, 4],
+                "bill_type": "Expense",
+                "amount": "100.0",
+            },
+        )
+        # Ensure it has not been created
+        raclette = self.get_project("raclette")
+        assert raclette.get_bills().count() == 1
+
+        # Try to add a new bill in our project that references members of another project.
+        # First with invalid payed_for IDs.
+        self.client.post(
+            "/tartiflette/add",
+            data={
+                "date": "2017-01-01",
+                "what": "soupe",
+                "payer": 5,
+                "payed_for": [3],
+                "bill_type": "Expense",
+                "amount": "5000.0",
+            },
+        )
+        # Ensure it has not been created
+        piratebill = models.Bill.query.filter(models.Bill.what == "soupe").one_or_none()
+        assert piratebill is None, "piratebill 1 should not exist"
+
+        # Then with invalid payer ID
+        self.client.post(
+            "/tartiflette/add",
+            data={
+                "date": "2017-02-01",
+                "what": "pain",
+                "payer": 3,
+                "payed_for": [5],
+                "bill_type": "Expense",
+                "amount": "5000.0",
+            },
+        )
+        # Ensure it has not been created
+        piratebill = models.Bill.query.filter(models.Bill.what == "pain").one_or_none()
+        assert piratebill is None, "piratebill 2 should not exist"
+
+        # Make sure we can actually create valid bills
+        self.client.post(
+            "/tartiflette/add",
+            data={
+                "date": "2017-03-01",
+                "what": "baguette",
+                "payer": 5,
+                "payed_for": [5],
+                "bill_type": "Expense",
+                "amount": "5.0",
+            },
+        )
+        # Ensure it has been created
+        okbill = models.Bill.query.filter(models.Bill.what == "baguette").one_or_none()
+        assert okbill is not None, "Bill baguette should exist"
+        assert okbill.what == "baguette"
+
+        # Now try to access and modify existing bills
         modified_bill = {
             "date": "2018-12-31",
             "what": "roblochon",
@@ -1556,6 +1630,24 @@ class TestBudget(IhatemoneyTestCase):
         member = models.Person.query.filter(models.Person.id == 1).one_or_none()
         assert member is None
 
+        # test new settle endpoint to add bills with wrong payer / payed_for
+        self.client.post("/exit")
+        self.client.post(
+            "/authenticate", data={"id": "tartiflette", "password": "tartiflette"}
+        )
+        self.client.post(
+            "/tartiflette/settle",
+            data={
+                "sender_id": 4,
+                "receiver_id": 5,
+                "amount": "42.0",
+            },
+        )
+        piratebill = models.Bill.query.filter(
+            models.Bill.bill_type == models.BillType.REIMBURSEMENT
+        ).one_or_none()
+        assert piratebill is None, "piratebill 3 should not exist"
+
     @pytest.mark.skip(reason="Currency conversion is broken")
     def test_currency_switch(self):
         # A project should be editable

ihatemoney/translations/bn/LC_MESSAGES/messages.po

@@ -782,7 +782,7 @@ msgstr ""
 msgid "Documentation"
 msgstr ""
 
-msgid "Administation Dashboard"
+msgid "Administration Dashboard"
 msgstr ""
 
 msgid "Legal information"

ihatemoney/translations/bn_BD/LC_MESSAGES/messages.po

@@ -785,7 +785,7 @@ msgstr ""
 msgid "Documentation"
 msgstr ""
 
-msgid "Administation Dashboard"
+msgid "Administration Dashboard"
 msgstr ""
 
 msgid "Legal information"

ihatemoney/translations/ca/LC_MESSAGES/messages.po

@@ -826,7 +826,7 @@ msgstr "Aplicació mòbil"
 msgid "Documentation"
 msgstr "Documentació"
 
-msgid "Administation Dashboard"
+msgid "Administration Dashboard"
 msgstr "Panell d'administració"
 
 msgid "Legal information"

ihatemoney/translations/cs/LC_MESSAGES/messages.po

@@ -800,7 +800,7 @@ msgstr "Mobilní aplikace"
 msgid "Documentation"
 msgstr "Dokumentace"
 
-msgid "Administation Dashboard"
+msgid "Administration Dashboard"
 msgstr "Správcovský panel"
 
 msgid "Legal information"

ihatemoney/translations/de/LC_MESSAGES/messages.po

@@ -824,7 +824,7 @@ msgstr "Handy-Applikation"
 msgid "Documentation"
 msgstr "Dokumentation"
 
-msgid "Administation Dashboard"
+msgid "Administration Dashboard"
 msgstr "Dashboard Administration"
 
 msgid "Legal information"

ihatemoney/translations/el/LC_MESSAGES/messages.po

@@ -811,7 +811,7 @@ msgstr ""
 msgid "Documentation"
 msgstr ""
 
-msgid "Administation Dashboard"
+msgid "Administration Dashboard"
 msgstr ""
 
 #, fuzzy

ihatemoney/translations/eo/LC_MESSAGES/messages.po

@@ -821,7 +821,7 @@ msgstr "Poŝaparata programo"
 msgid "Documentation"
 msgstr "Dokumentaro"
 
-msgid "Administation Dashboard"
+msgid "Administration Dashboard"
 msgstr "Administra panelo"
 
 #, fuzzy

ihatemoney/translations/es/LC_MESSAGES/messages.po

@@ -818,7 +818,7 @@ msgstr "Aplicación móvil"
 msgid "Documentation"
 msgstr "Documentación"
 
-msgid "Administation Dashboard"
+msgid "Administration Dashboard"
 msgstr "Panel de administración"
 
 msgid "Legal information"

ihatemoney/translations/es_419/LC_MESSAGES/messages.po

@@ -815,7 +815,7 @@ msgstr "Aplicación móvil"
 msgid "Documentation"
 msgstr "Documentación"
 
-msgid "Administation Dashboard"
+msgid "Administration Dashboard"
 msgstr "Panel de administración"
 
 msgid "Legal information"

ihatemoney/translations/fa/LC_MESSAGES/messages.po

@@ -782,7 +782,7 @@ msgstr ""
 msgid "Documentation"
 msgstr ""
 
-msgid "Administation Dashboard"
+msgid "Administration Dashboard"
 msgstr ""
 
 msgid "Legal information"

ihatemoney/translations/fr/LC_MESSAGES/messages.po

@@ -824,7 +824,7 @@ msgstr "Application mobile"
 msgid "Documentation"
 msgstr "Documentation"
 
-msgid "Administation Dashboard"
+msgid "Administration Dashboard"
 msgstr "Panneau d'administration"
 
 msgid "Legal information"

ihatemoney/translations/he/LC_MESSAGES/messages.po

@@ -788,7 +788,7 @@ msgstr "יישום לנייד"
 msgid "Documentation"
 msgstr "דוקומנטציה"
 
-msgid "Administation Dashboard"
+msgid "Administration Dashboard"
 msgstr ""
 
 msgid "Legal information"

ihatemoney/translations/hi/LC_MESSAGES/messages.po

@@ -829,7 +829,7 @@ msgstr "मोबाइल एप्लीकेशन"
 msgid "Documentation"
 msgstr "प्रलेखन"
 
-msgid "Administation Dashboard"
+msgid "Administration Dashboard"
 msgstr "व्यवस्थापन डैशबोर्ड"
 
 #, fuzzy

ihatemoney/translations/hu/LC_MESSAGES/messages.po

@@ -817,7 +817,7 @@ msgstr "Mobil alkalmazás"
 msgid "Documentation"
 msgstr "Dokumentáció"
 
-msgid "Administation Dashboard"
+msgid "Administration Dashboard"
 msgstr "Adminisztrátori vezérlőpult"
 
 msgid "Legal information"

ihatemoney/translations/id/LC_MESSAGES/messages.po

@@ -812,7 +812,7 @@ msgstr "Aplikasi Gawai"
 msgid "Documentation"
 msgstr "Dokumentasi"
 
-msgid "Administation Dashboard"
+msgid "Administration Dashboard"
 msgstr "Dasbor Administrasi"
 
 msgid "Legal information"

ihatemoney/translations/it/LC_MESSAGES/messages.po

@@ -817,7 +817,7 @@ msgstr "Applicazione mobile"
 msgid "Documentation"
 msgstr "Documentazione"
 
-msgid "Administation Dashboard"
+msgid "Administration Dashboard"
 msgstr "Cruscotto Amministrazione"
 
 msgid "Legal information"

ihatemoney/translations/ja/LC_MESSAGES/messages.po

@@ -797,7 +797,7 @@ msgstr "携帯アプリ"
 msgid "Documentation"
 msgstr "書類"
 
-msgid "Administation Dashboard"
+msgid "Administration Dashboard"
 msgstr "管理ダッシュボード"
 
 #, fuzzy

ihatemoney/translations/kn/LC_MESSAGES/messages.po

@@ -793,7 +793,7 @@ msgstr ""
 msgid "Documentation"
 msgstr ""
 
-msgid "Administation Dashboard"
+msgid "Administration Dashboard"
 msgstr ""
 
 msgid "Legal information"

ihatemoney/translations/ms/LC_MESSAGES/messages.po

@@ -793,7 +793,7 @@ msgstr ""
 msgid "Documentation"
 msgstr ""
 
-msgid "Administation Dashboard"
+msgid "Administration Dashboard"
 msgstr ""
 
 msgid "Legal information"

ihatemoney/translations/nb_NO/LC_MESSAGES/messages.po

@@ -855,7 +855,7 @@ msgstr "Mobilprogram"
 msgid "Documentation"
 msgstr "Dokumentasjon"
 
-msgid "Administation Dashboard"
+msgid "Administration Dashboard"
 msgstr "Administrasjonsoversiktspanel"
 
 #, fuzzy

ihatemoney/translations/nl/LC_MESSAGES/messages.po

@@ -814,7 +814,7 @@ msgstr "Mobiele app"
 msgid "Documentation"
 msgstr "Documentatie"
 
-msgid "Administation Dashboard"
+msgid "Administration Dashboard"
 msgstr "Administratie-overzicht"
 
 #, fuzzy

ihatemoney/translations/oc/LC_MESSAGES/messages.po

@@ -777,7 +777,7 @@ msgstr ""
 msgid "Documentation"
 msgstr "Documentacion"
 
-msgid "Administation Dashboard"
+msgid "Administration Dashboard"
 msgstr "Panèl d’administracion"
 
 msgid "Legal information"

ihatemoney/translations/pl/LC_MESSAGES/messages.po

@@ -812,7 +812,7 @@ msgstr "Aplikacja mobilna"
 msgid "Documentation"
 msgstr "Dokumentacja"
 
-msgid "Administation Dashboard"
+msgid "Administration Dashboard"
 msgstr "Kokpit administracyjny"
 
 msgid "Legal information"

ihatemoney/translations/pt/LC_MESSAGES/messages.po

@@ -823,7 +823,7 @@ msgstr "Aplicação Mobile"
 msgid "Documentation"
 msgstr "Documentação"
 
-msgid "Administation Dashboard"
+msgid "Administration Dashboard"
 msgstr "Painel de Administração"
 
 msgid "Legal information"

ihatemoney/translations/pt_BR/LC_MESSAGES/messages.po

@@ -809,7 +809,7 @@ msgstr "Aplicativo"
 msgid "Documentation"
 msgstr "Documentação"
 
-msgid "Administation Dashboard"
+msgid "Administration Dashboard"
 msgstr "Painel de Administração"
 
 msgid "Legal information"

ihatemoney/translations/ru/LC_MESSAGES/messages.po

@@ -816,7 +816,7 @@ msgstr "Мобильное приложение"
 msgid "Documentation"
 msgstr "Документация"
 
-msgid "Administation Dashboard"
+msgid "Administration Dashboard"
 msgstr "Панель инструментов администратора"
 
 msgid "Legal information"

ihatemoney/translations/sr/LC_MESSAGES/messages.po

@@ -783,7 +783,7 @@ msgstr "Mobilna Aplikacija"
 msgid "Documentation"
 msgstr "Dokumentacija"
 
-msgid "Administation Dashboard"
+msgid "Administration Dashboard"
 msgstr ""
 
 msgid "Legal information"

ihatemoney/translations/sv/LC_MESSAGES/messages.po

@@ -818,7 +818,7 @@ msgstr "Mobilapplikation"
 msgid "Documentation"
 msgstr "Dokumentation"
 
-msgid "Administation Dashboard"
+msgid "Administration Dashboard"
 msgstr "Översiktspanel för administration"
 
 msgid "Legal information"

ihatemoney/translations/ta/LC_MESSAGES/messages.po

@@ -809,7 +809,7 @@ msgstr ""
 msgid "Documentation"
 msgstr ""
 
-msgid "Administation Dashboard"
+msgid "Administration Dashboard"
 msgstr ""
 
 msgid "Legal information"

ihatemoney/translations/te/LC_MESSAGES/messages.po

@@ -817,7 +817,7 @@ msgstr ""
 msgid "Documentation"
 msgstr ""
 
-msgid "Administation Dashboard"
+msgid "Administration Dashboard"
 msgstr ""
 
 msgid "Legal information"

ihatemoney/translations/th/LC_MESSAGES/messages.po

@@ -778,7 +778,7 @@ msgstr ""
 msgid "Documentation"
 msgstr ""
 
-msgid "Administation Dashboard"
+msgid "Administration Dashboard"
 msgstr ""
 
 msgid "Legal information"

ihatemoney/translations/tr/LC_MESSAGES/messages.po

@@ -811,7 +811,7 @@ msgstr "Telefon Uygulaması"
 msgid "Documentation"
 msgstr "Belgelendirme"
 
-msgid "Administation Dashboard"
+msgid "Administration Dashboard"
 msgstr "Yönetici Gösterge Paneli"
 
 msgid "Legal information"

ihatemoney/translations/uk/LC_MESSAGES/messages.po

@@ -791,7 +791,7 @@ msgstr ""
 msgid "Documentation"
 msgstr ""
 
-msgid "Administation Dashboard"
+msgid "Administration Dashboard"
 msgstr ""
 
 msgid "Legal information"

ihatemoney/translations/ur/LC_MESSAGES/messages.po

@@ -776,7 +776,7 @@ msgstr ""
 msgid "Documentation"
 msgstr ""
 
-msgid "Administation Dashboard"
+msgid "Administration Dashboard"
 msgstr ""
 
 msgid "Legal information"

ihatemoney/translations/vi/LC_MESSAGES/messages.po

@@ -775,7 +775,7 @@ msgstr ""
 msgid "Documentation"
 msgstr ""
 
-msgid "Administation Dashboard"
+msgid "Administration Dashboard"
 msgstr ""
 
 msgid "Legal information"

ihatemoney/translations/zh_Hans/LC_MESSAGES/messages.po

@@ -779,7 +779,7 @@ msgstr "手机软件"
 msgid "Documentation"
 msgstr "文件"
 
-msgid "Administation Dashboard"
+msgid "Administration Dashboard"
 msgstr "管理面板"
 
 msgid "Legal information"

ihatemoney/utils.py

@@ -454,7 +454,9 @@ def format_form_errors(form, prefix):
         )
     else:
         error_list = "</li><li>".join(
-            str(error) for (field, errors) in form.errors.items() for error in errors
+            f"<strong>{field}</strong> {error}"
+            for (field, errors) in form.errors.items()
+            for error in errors
         )
         errors = f"<ul><li>{error_list}</li></ul>"
         # I18N: Form error with a list of errors

ihatemoney/web.py

@@ -55,6 +55,7 @@ from ihatemoney.forms import (
     ProjectForm,
     ProjectFormWithCaptcha,
     ResetPasswordForm,
+    SettlementForm,
     get_billform_for,
 )
 from ihatemoney.history import get_history, get_history_queries, purge_history
@@ -846,24 +847,41 @@ def change_lang(lang):
 @main.route("/<project_id>/settle_bills")
 def settle_bill():
     """Compute the sum each one have to pay to each other and display it"""
-    bills = g.project.get_transactions_to_settle_bill()
+    transactions = g.project.get_transactions_to_settle_bill()
-    return render_template("settle_bills.html", bills=bills, current_view="settle_bill")
+    settlement_form = SettlementForm()
+    return render_template(
+        "settle_bills.html",
+        transactions=transactions,
+        settlement_form=settlement_form,
+        current_view="settle_bill",
+    )
 
 
-@main.route("/<project_id>/settle/<amount>/<int:ower_id>/<int:payer_id>")
+@main.route("/<project_id>/settle", methods=["POST"])
-def settle(amount, ower_id, payer_id):
+def add_settlement_bill():
-    new_reinbursement = Bill(
+    """Create a bill to register a settlement"""
-        amount=float(amount),
+    form = SettlementForm(id=g.project.id)
+    if not form.validate():
+        flash(
+            format_form_errors(form, _("Error creating settlement bill")),
+            category="danger",
+        )
+        return redirect(url_for(".settle_bill"))
+
+    # TODO: check that sender and receiver ID are valid and part of this project
+
+    settlement = Bill(
+        amount=form.amount.data,
         date=datetime.datetime.today(),
-        owers=[Person.query.get(payer_id)],
+        owers=[Person.query.get(form.receiver_id.data)],
-        payer_id=ower_id,
+        payer_id=form.sender_id.data,
         project_default_currency=g.project.default_currency,
         bill_type=BillType.REIMBURSEMENT,
         what=_("Settlement"),
     )
     session.update()
 
-    db.session.add(new_reinbursement)
+    db.session.add(settlement)
     db.session.commit()
 
     flash(_("Settlement bill has been successfully added"), category="success")