w-a-r-m-inventory-system / food-pantry-inventory Goto Github PK
View Code? Open in Web Editor NEWNew Inventory System for Westerville Area Resource Ministry
License: MIT License
New Inventory System for Westerville Area Resource Ministry
License: MIT License
Shelby was alerted to a vulnerability in PyYAML (by GitHub) which was just added to the requirements file. The alert text (summarized):
Known high severity security vulnerability detected in pyyaml <4.2b1 defined in requirements.txt.
... update suggested: pyyaml ~> 4.2b1.
My analysis:
In this case the vulnerability comes about if we use PyYAML to process raw data coming in from the Internet. The existing version of this library (the one we are referencing) has this vulnerability. Since we are not (yet) contemplating using YAML as a data format, we know that it is not a problem for us. We do need to keep this in mind which means that we should prefer JSON or XML as a data format. If we want to use YAML as a data format, we will need to update the PyYAML library to a safe version (e.g. 5.1)
There is more information about this vulnerability at yaml/pyyaml#207.
Scan a QR code and present the appropriate screen.
See T9 in the Outstanding Tasks document located in the /docs/source directory.
Need description of how this is to work. Label as enhancement and milestone 1
"author = 'Travis Risner'
project = "WordTrekSolver"
creation_date = "04/01/2019""
I think this is left in from a past project.
Probably a temporary placeholder, I just wanted to practice making an issue and set a reminder.
When the profile was changed from holding an active location to holding an active pallet record id, the manual menu an some other manual screens are not broken (Throw exceptions, etc.). They need to be brought into alignment with the new thinking.
Isolate all box updating to one class. This will include methods for the following actions:
add_box - will add a new Box record to the db with appropriate number and box type.
fill_box - will fill an existing box with product, location, and expiration date.
move_box - will change the location of a filled box.
consume_box - will empty a box, e.g. clear product, location, and expiration date information.
Note: these methods will also ensure that the appropriate activity records are written.
This issue does not specify at this time how to handle errors. Details of these method calls and how errors are handled must be documented before this issue can be closed.
With a logged out session, clicking a link to a page that requires a logged in user gives DisallowedRedirect
error instead of loading the login screen
The Action class was an attempt to maintain the state of what the user is trying to do across the multiple tabs caused when using external scanning app.
To make the project more accessible, the documentation should be published somewhere so a newcomer can read it without needing to clone the repo, install dependencies, etc...
Read The Docs (RTD) is a good place that hosts Python open source projects for free and handles the doc builds and publishing of different versions all on their own infrastructure. They host the HTML version and also make available PDF and EPUB versions.
We can stop building it ourselves in Github Actions and offload that to RTD.
ManualMenuView
(path /fpiweb/manualmenu/
) fails if the current user doesn't have an associated Profile
record.
Provide a way to manage both individual boxes and pallets of boxes (Checkin, move, checkout) without having to have a camera to enter the box numbers.
If all other QR screens are similarly configured, this additional code may not be needed at all.
Attached is the results of Mike's initial testing. When you address any of these issues, please create a separate issue for it so it can be assigned to you.
QWebPageCheck.pdf
The test suite is currently failing due to an invalid template variable:
Failed: Undefined template variable 'box.location.loc_row.loc_row' in
'.../Food-Pantry-Inventory/fpiweb/templates/fpiweb/manual_move_box.html'
We've been aware of this test failure for a while, just documenting it here.
Reduce duplication of data. Allow potential of creating a location w/out row,bin,tier (i.e. "pallet assembly location A", "In the broom closet", etc).
Getting following error and traceback:
WARNING: autodoc: failed to import module 'views' from module 'fpiweb'; the following exception was raised:
Traceback (most recent call last):
File "/Volumes/MBPC/Dvl/Python/PythonProjects/Food-Pantry-Inventory/venv/lib/python3.7/site-packages/sphinx/ext/autodoc/importer.py", line 232, in import_module
import(modname)
File "/Volumes/MBPC/Dvl/Python/PythonProjects/Food-Pantry-Inventory/fpiweb/views.py", line 6, in
from django.contrib.auth.mixins import LoginRequiredMixin
File "/Volumes/MBPC/Dvl/Python/PythonProjects/Food-Pantry-Inventory/venv/lib/python3.7/site-packages/django/contrib/auth/mixins.py", line 3, in
from django.contrib.auth.views import redirect_to_login
File "/Volumes/MBPC/Dvl/Python/PythonProjects/Food-Pantry-Inventory/venv/lib/python3.7/site-packages/django/contrib/auth/views.py", line 10, in
from django.contrib.auth.forms import (
File "/Volumes/MBPC/Dvl/Python/PythonProjects/Food-Pantry-Inventory/venv/lib/python3.7/site-packages/django/contrib/auth/forms.py", line 10, in
from django.contrib.auth.models import User
File "/Volumes/MBPC/Dvl/Python/PythonProjects/Food-Pantry-Inventory/venv/lib/python3.7/site-packages/django/contrib/auth/models.py", line 3, in
from django.contrib.contenttypes.models import ContentType
File "/Volumes/MBPC/Dvl/Python/PythonProjects/Food-Pantry-Inventory/venv/lib/python3.7/site-packages/django/contrib/contenttypes/models.py", line 133, in
class ContentType(models.Model):
File "/Volumes/MBPC/Dvl/Python/PythonProjects/Food-Pantry-Inventory/venv/lib/python3.7/site-packages/django/db/models/base.py", line 111, in new
"INSTALLED_APPS." % (module, name)
RuntimeError: Model class django.contrib.contenttypes.models.ContentType doesn't declare an explicit app_label and isn't in an application in INSTALLED_APPS.
To clarify what options a move box operation should permit:
Currently if a user is missing a profile record, we get a dump whenever it goes to a page that looks for the user's title. The login view should create a profile record with a default title of "User" so the rest of the site does not need to test for the profile record.
There is already code in fpiweb/support/BoxActivity.py to create new Activity records or modify existing Activity records based on the action a box it taking. However, it is not hooked into the box management code. These hooks need to be added and. tested.
Some of the names of variables, etc. need to be changed now so they are Pep8 compliant. It will only be worse if we wait until later to do this. Since this is my fault, I will fix it now. (Travis)
The project now displays logging messages to the console. Unfortunately, the messages we want to see are drowned out by all the filewatcher messages. We need to add a filter to the logging settings in settings.py to strip those messages from the console.
Add more comments about what the project does, how it plans to accomplish it, sample screen shots, etc. The goal is to provide a first-time visitor with a what they can expect to accomplish with this project.
Perhaps comments about how it could be extended to be used for other food pantries would be helpful.
We need to add a program to print a sheet of QR codes on Avery llabels (or equivalent). More documentation will be added in the next few days.
We may want to consider printing to a dedicated label printer such as a Dymo printer.
Recently we added a new table - product_examples. We need screens to list/add/change/delete the entries in this table. Each entry is associated with exactly one product.
More documentation about this table will be added in the next few days.
Improve the flow to the startup documentation so it is either all in the README.md or linked directly so that someone does not need to visit the wiki and then dig in the docs to find out how to set up their copy of the project.
Add the ability to move a (presumably filled) box from one location to another. Details are given in the Outstanding Tasks document located in the ./docs/source directory.
/fpiweb/
homepage.A Dockerfile needs to be made to build an image of the Inventory system so that it can be ran locally in a container. This ultimately might be expanded later to having the app and its components in containers.
An administrative user should be able to select a menu pick and dump the full Activity table to the local computer as a CSV file.
Our requirements.txt
specifies wrapt==1.12.0
but the library that needs it specifies 1.11.*
sphinx-autoapi==1.2.1
- astroid [required: Any, installed: 2.3.3]
- lazy-object-proxy [required: ==1.4.*, installed: 1.4.3]
- six [required: ~=1.12, installed: 1.14.0]
- wrapt [required: ==1.11.*, installed: 1.11.2]
pip throws an error but continues. pipenv fails to install
Activity records currently have a field for recording the date and time a box was filled and when it it consumed or emptied. In the interest of making it easier for the end user who will be manipulating this information in a spreadsheet, only the date needs to be recorded in the Activity record.
Activity records only have the descriptions for various fields recorded in them. They do not have foreign keys back to the master tables such as product or location. This is so that if the master tables are updated, the original (historical) values will be kept in Activity.
Currently, Activity records have separate row, bin, and tier fields. This is so the end user can use them to sort and/or filter the records in additional ways in the spreadsheet. If they are replaced with a single location field, then it will require a SQL statement to export the data in the desired format. Currently, additional options such as PostgreSQL or Django manage commands can be used.
Build screens to list, add, change, and delete box types.
Node this pair of lines. The code is trying to access self.activity.date_consumed
right after setting self.activity
to None
self.activity = None
logger.debug(f'Act Box Fill: Activity box consumed: '
f'{self.activity.date_consumed}')
Need screens to list, add, change, and delete product categories.
You ain't going to need it. There's ways of getting at the meta data of field. Validation against max length of field happens automatically. I think there's somewhere we're referencing one of the variables for help_text
somewhere, but we can probably pull help_text
from field data if needed so we might want to revisit the decision to create variables for the help_text
values.
The current version of the QR label print program does not provide an easy API to be used by a web-based call or a GUI standalone program. It needs to be reworked so that a simple call can be made to get back the SVG XML. Perhaps it should also be able to provide a png on request.
Here's a couple of things we might want to document:
How to clone your fork onto your computer
git clone https://github.com/USERNAMEFood-Pantry-Inventory.git
How to add the main w-a-r-m-inventory-system/Food-Pantry-Inventory repository on your computer so you can pull changes from the main repo into your fork.
git remote add upstream https://github.com/w-a-r-m-inventory-system/Food-Pantry-Inventory.git
This script just changes directory to the docs directory, runs Sphinx and returns to the root directory. The Windows version of this script needs to run the make.bat file in the docs subdirectory. This does not require the make program to be installed. This could be written as a powershell script or as a simple dos batch script.
Using the CLI version as a base, write a GUI front end to it.
This should be written after the initial release of FPI.
Build screens to list, add, change, and delete products.
Tests are throwing 'QuerySet' object has no attribute 'get_latest_by'
on current dev branch
======================================================================
ERROR: test_box_consume (Food-Pantry-Inventory.fpiweb.tests.test_support_activity.ActivitySupportTestCase)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/home/jallman112/PycharmProjects/Food-Pantry-Inventory/fpiweb/tests/test_support_activity.py", line 151, in test_box_consume
ba.box_empty(empty_box.id)
File "/home/jallman112/PycharmProjects/Food-Pantry-Inventory/fpiweb/support/BoxActivity.py", line 163, in box_empty
self.activity = Activity.objects.filter(
AttributeError: 'QuerySet' object has no attribute 'get_latest_by'
----------------------------------------------------------------------
Build screens that will allow one to list all constraints, and add, change, or delete a constraint.
<select>
elements. Upon submit display form with errors if the location doesn't exist or there are no boxes at that location.<select>
elements to select the "Move to" Location. This page will also list the boxes at the "Move from" location. Upon submit display form with errors if the "Move to" location doesn't existBoxManagementClass.pallet_finish
to update the database.When any page using base.html template loads you'll notice requests going to urls outside our app (Content Delivery Network) sites. Change template to have it load file from our static directory. This may require adding JQuery ... min.js files to the project.
Please assign to @jocassid
When using a QR code to scan a box, the product and expiration date will default to whatever the previous box contained -- including the beginning and ending months. That is valid behavior. The product and expiration date can be adjusted as needed. However, if the previous box had a non-zero start and end month, the start and end month for this box cannot be set back to zero.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.