From 1aee89b425acb94cbc01432fb9338809602408a4 Mon Sep 17 00:00:00 2001
From: muahahahh <pavel061092@gmail.com>
Date: Sun, 3 Jan 2021 23:44:16 +0100
Subject: [PATCH] added links

---
 db.sqlite3                                    | Bin 176128 -> 176128 bytes
 hr_module/__pycache__/views.cpython-38.pyc    | Bin 7461 -> 7964 bytes
 hr_module/static/js/csrf_token.js             |   2 +-
 .../js/hr_module_change_employee_data.js      |   1 +
 .../static/js/hr_module_create_schedule.js    |   1 +
 .../static/js/hr_module_show_schedule.js      |   2 +
 hr_module/templates/hr_module_base.html       |   3 +-
 hr_module/views.py                            |  47 ++++++++++++++----
 8 files changed, 43 insertions(+), 13 deletions(-)

diff --git a/db.sqlite3 b/db.sqlite3
index 87485472dc36c218784fd04cd946baa19cc00f54..801844be4a7f4811c366233cfdbfb080e6d1acd9 100644
GIT binary patch
delta 278
zcmZp8z}4`8Yl1Z6p@}lijE6QRu<A21H>c@uPt#|dSHQ*0|B-?J8~;cC-_r#aFfQ7@
zVF9Bfzbp$gCnGb6U}9lr<YeMvU|?Y8f6u`GoBu2S`{@E3Kngc7+Vjh^GBYx2F@s64
zQY~JPQoaui{9E}`_&!V*IKXJN-Qxh`3cmUxW=;l2S;u5fMn)q8BST#SATm}kGO_|9
z6C*uiLrW7A^Nh@roYbPk6xZB>oczkvRE7MctkmQZ1r3;lW^}buaz<iadTNT2l|r>r
zT4riaN->Zbt>l}SmzbVfq>z@An64CCTN|sz<j(}OQ`}mclaX_K{&~i`^MSN)KGS9g
E0BR{s%m4rY

delta 158
zcmZp8z}4`8Yl1Z6!HF`?j0ZO+u<A21HK*xsPt#|dSHQu<|BZqF8~^X=0t*-yO;=dJ
z$g+LY0!DlOi2<x)EX<sYOf1ZdoJ?E{3=B;CUm5s+^M9Q#umPlU14!itMq8jtw(0Np
zGqMVSm1^;Vm8LN8Z{<&!E^vU+YP!M!pi-{`jLY~YCkT{mPdU%{Vm>3scHexa%?<$Q
C4=<kp

diff --git a/hr_module/__pycache__/views.cpython-38.pyc b/hr_module/__pycache__/views.cpython-38.pyc
index 3145c3f38dd1a8d6090884c56bd055e689beb863..758c979667c84f1ca4c7b0273d473e0d83f8edb4 100644
GIT binary patch
delta 1752
zcmah}OKclO7~X%qUXRyn$9Xu9=0RzxsNGkfB~^+*YN0PEwBVGs7U|0MY?Ae3*PR_h
z>(~h>=T?<QY6U{5E#gpdiUL<8j$Dw)1!>Nx2qZZ4#0}=(;G&{RSlVxAzWM*}|K{Hr
ze|hAyS2O3+X-mW3sYlMP!g}VD*s85&$i1eXa0N82qg6EuHT@Q_wi-hfM?Q~Ljk|HG
z--D_du?ZTx0bS@oHPO`-l4`OW<JR4jTD9*%*XS737}L7(C_2sVw@07Qh)4P6>IKc;
zZ)iMIv)JdLbrYbqv%Ig9SOd_g)-^9^FX20}lDMc{(tQ1*=Ce+W#v_B-_B8LKCdNKZ
zykja`*^XX|F}bDXPjA&yTe72StN&llz|@XOwHi@r1>R2+lz6ZPMJ*~Y&?V|U&`t8e
zPI3V{<R)}2ntWZG&vsKC>+Vn|bx#?*1y@h0jaiY|{*Fa0n!2H{7PUyw-V&r*QOl>_
zmd3fW#W_jbMzbDVcilWl(h6PXmm4mdQeSGWovSRlm73=-Zf}(R@}kSOFVxG6GVU@K
zu+pd>IOR&k4MQhjj+*qc^SU&hke9hDNwXY=$36@gJ@Ejf5tbL+QokQ?r`+O8uFt)S
zilX_PG#f5o3aB(tL}tD4$p~@N*uBaol`Cog<Hd=*7}YTFWxO7gX(){=0lhA5l^nL3
zE{mj+$FEh~CigI^$vmISY)_!)m-VAAaUAMZxZ_9z-!j$=nt7WItF@9Hs$IUNG@?D0
zayaeH9&fue_5|Ilf;QPcr4lu@WMID~xZ)4v@~LBr*1!e}M!^K4+v*{pt63I^LQ9Pa
z45<hL1IXxxZh@_0%!tb<&eqxCjivZUI+Vn(i8F9S%#Z^xB^Jmt1-4)5ON+YAGUE-^
zZ}tKbY3?;#rx8%M?s$|H6eoTlvm?)`0h>UGV_5ve=`+WRY+6hu52X)AjK|$Z$PNi7
zISy}%<>bWVEb@s;;B)sHmqe{M>-gn$y1-_{*U9bX8z^{Mz{sHZJ=qV(#9zr8%!!)y
z3!L02rq;m3)7D-Ww+3Dmne@jKJJj@n#UeL*FnKRR)WT`;ReDc08lFe;J%o~YnBEV|
zB9}P;mzD0MxRUuk_3!%0jhVjNU|z)73mco+`v6lLt$|M=g_YPPg!dzV`-TSLjyO6r
z3yxSG+BBo;Q=*ugR}EdyjpQRwyD$Mgv;VkDB8Pu;s%MXKg<Vk~nw7D7uqX}eUMcPQ
z>WFiPxnZl$85Ku|UxDw$>hMnR#23T!@UF75vu{(Sg@ytR3}97pCpIb0jeMhgn4^2&
zxuW>IzICEfRQ20&SlM56PcYn4KKr!h$#~eTd+HluJe~kaLeA9HQ1^XWtc@Po{rHr!
zno?m6ge3(f`)bQ&*L#-dqh9?vIs!k5?AWuwBXeiR9>O&-vu(!$nv(`+t)89C)9kQm
zl+PeMk8l;?1B5(68(|s2MZhbXC(&)(Iter4+ifocS{V|V@jm!XOpWh@6>(<#XY(v(
v>=82)O9ulSZbKMHIE*lda2dft@DQp99AQQLIB_yvAhTqG6i7dblfl0M1gyiF

delta 1214
zcmZXTO>7%Q6vy|i*X#Ai+A&ETJF!#RG^Lx?v5Gh(k%|fgA1Ea$X$3V3%QiDk?RdTJ
z?6@V7O)7CNLLCW-ibGn2L?kXK7r1cb&;y9xm;>TKD{(?OaYAC=7KB7r+TXl=GyC5E
zy_xy!#V;1KS8O|_sV8=D;O@<Qo&7W>7EAWd`^q)Y+8TjPopBDky84RUhan7r=p}8a
zbE6&KHHq@I69b(XcVHMB#M)LnIW*Lm9L9NS5O2c3_y~q3i7#nu*<oT}?xqKc`vBUF
z6`mQGA1aI61Cy8}aYtX(h_<RZ)*J6gV`X{uvb6dkWnIsw(xQH^6KqlH0IMi*jxJ3%
z<Q`X3JueJz1&q}9KpLUfq)t|vKIPW~B8_$!bY;8~cqEj@wSa7i$MIA1(sEtWTIa4S
z4IE{x7xZMj$68&^@)+M@1vRjf2u#>8P=WZ_e7B4fnx29TSo)Z5fr(c1vfBPm;<gSi
z-A%m?&x?zx8dStEb+jlmt<VkoJ<6~mnIg33G44}w$sDUlo40)G`T?OGw?$;e_qyH&
zWp1<MZHVtv3ov~*eFUnakba?lTIH7U7N>s5&Y-U3lE=L|Q%z!~`gZK6!s|F^_f^w8
zLW$dKb!a0&no-s4toS%R33KAB^t0xxY9U(^2jx-mIGqPa{F&Z_WpQq#B5r3M!ukCR
zw%VnN_%ZuU`IuU}mtxcS%L&8`BI;39e4aZ!5}7OLyo9(Se#y<jHDQm`;HnDwB>msq
z`Te>4Ct$APx;OV9KJ!2&+4slpK^n8L%ZRrkSu=%E_&_Wa7N8-*!Xq=vToD(>*Ive*
zkvT?t0po5bSoe4<=sLMbp)|19(dPYMY!ZXxxo1`J`}nN+9-1dbsW=6$m@l4#FU8H`
zG*EG`xCR%Mh%u2V<#OMuWuc*<fdQ;3W=oG$WBw|gIlHEOj{fwZq=`C}uFJgc2CXwJ
z#u+)(GSQegs&;gHV)0beGc1H{AX*5b(8%2AQ?}(Y8umM!y&d)9kBM>kP9!FeK~JTx
zi2CFc;G$YSzJn5^!CC*`q}fABF>)1=MLdV_5e(rVZX#|WJj9`!FsHnYB%|x<x~Zeu
z$p2%8T>MZz4ybV&eiBD2RoE7<RDLsG!!RdAb?W;3CYlq7Nkk2?jJS$uASj}V=pnWd
W#i;IIr)qZITCmF2td+Oo*682$cQEPz

diff --git a/hr_module/static/js/csrf_token.js b/hr_module/static/js/csrf_token.js
index d75d2b2..e32f7e3 100644
--- a/hr_module/static/js/csrf_token.js
+++ b/hr_module/static/js/csrf_token.js
@@ -1,4 +1,4 @@
-const csrftoken = getCookie('csrftoken');
+
 
 function getCookie(name) {
     let cookieValue = null;
diff --git a/hr_module/static/js/hr_module_change_employee_data.js b/hr_module/static/js/hr_module_change_employee_data.js
index 3d2be1e..6d3156f 100644
--- a/hr_module/static/js/hr_module_change_employee_data.js
+++ b/hr_module/static/js/hr_module_change_employee_data.js
@@ -1,3 +1,4 @@
+const csrftoken = getCookie('csrftoken');
 
 var searchEmployeeButton = document.getElementById('load_employee_data_button')
 searchEmployeeButton.addEventListener('click', function(){
diff --git a/hr_module/static/js/hr_module_create_schedule.js b/hr_module/static/js/hr_module_create_schedule.js
index f800718..cc50259 100644
--- a/hr_module/static/js/hr_module_create_schedule.js
+++ b/hr_module/static/js/hr_module_create_schedule.js
@@ -1,3 +1,4 @@
+const csrftoken = getCookie('csrftoken');
 
 var searchInput = document.getElementById('searched_string');
 searchInput.addEventListener("click", fetchSearchOptions);
diff --git a/hr_module/static/js/hr_module_show_schedule.js b/hr_module/static/js/hr_module_show_schedule.js
index 9f67999..b7405bd 100644
--- a/hr_module/static/js/hr_module_show_schedule.js
+++ b/hr_module/static/js/hr_module_show_schedule.js
@@ -1,4 +1,6 @@
 
+const csrftoken = getCookie('csrftoken');
+
 var parent = document.getElementById('calendar_box')
 document.onload = parent.appendChild(addCalendar(monthsAhead=3))
 formatCalendarContainerSize(document.getElementById('calendar_container'))
diff --git a/hr_module/templates/hr_module_base.html b/hr_module/templates/hr_module_base.html
index 9ad7294..5a3caed 100644
--- a/hr_module/templates/hr_module_base.html
+++ b/hr_module/templates/hr_module_base.html
@@ -8,6 +8,7 @@
 
 
 {% block core_content %}
+<script src="{% static '/js/csrf_token.js' %}"></script>
 
 <div class="sidebar">
 
@@ -43,6 +44,6 @@
 {% endblock %}
 </div>
 
-<script src="{% static '/js/csrf_token.js' %}"></script>
+
 
 {% endblock %}
\ No newline at end of file
diff --git a/hr_module/views.py b/hr_module/views.py
index 51b451e..22f0848 100644
--- a/hr_module/views.py
+++ b/hr_module/views.py
@@ -22,20 +22,45 @@ def change_employee_data(request):
     return render(request, template_name)
 
 def change_employee_data_api(request):
-
     if request.method == 'POST':
-        body = json.loads(request.body)
-        username = body['username']
+        if request.user.is_authenticated:
+            session_user = User.objects.select_related('employee').get(username=request.user.username)
+            session_user_username = session_user.username
+            session_user_manager_flag = session_user.employee.manager_flag
 
-        empl = User.objects.select_related('employee').get(username=username)
+            body = json.loads(request.body)
+            username = body['username']
 
-        record_employee = empl.employee.__dict__
-        record_user = empl.__dict__
-        response_dict = dict(record_user, **record_employee)
-        for i in ['_state', 'password']:
-            response_dict.pop(i)
-        print(response_dict)
-        return JsonResponse(response_dict, safe=False)
+            if request.user.is_superuser:
+                try:
+                    empl = User.objects.select_related('employee').get(username=username)
+                except Exception as e:
+                    print(e)
+                    empl = None
+            elif session_user_manager_flag == True:
+                try:
+                    print('checking manager flag')
+                    empl = User.objects.select_related('employee').get(username=username)
+                    if empl.employee.manager_username != session_user_username:
+                        empl = None
+                except Exception as e:
+                    print(e)
+                    empl = None
+            else:
+                empl = None
+
+            if empl is None:
+                return JsonResponse({'error': 'no_access_or_no_username'})
+
+            record_employee = empl.employee.__dict__
+            record_user = empl.__dict__
+            response_dict = dict(record_user, **record_employee)
+            for i in ['_state', 'password']:
+                response_dict.pop(i)
+            print(response_dict)
+            return JsonResponse(response_dict, safe=False)
+        else:
+            return JsonResponse({'error': 'not_authenticated'})
 
 
 def create_employees(request):