From 5f8dc20312706133f84d80b90191bdf97125b520 Mon Sep 17 00:00:00 2001
From: Lance Edgar <lance@edbob.org>
Date: Tue, 25 Feb 2020 15:35:39 -0600
Subject: [PATCH] Raise 404 not found instead of error, when user is not
 employee

i.e. when they try to view "employee schedule" or "time sheet"
---
 tailbone/views/shifts/lib.py       | 4 +++-
 tailbone/views/shifts/timesheet.py | 2 ++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/tailbone/views/shifts/lib.py b/tailbone/views/shifts/lib.py
index 2706b10e..73d9603a 100644
--- a/tailbone/views/shifts/lib.py
+++ b/tailbone/views/shifts/lib.py
@@ -158,8 +158,8 @@ class TimeSheetView(View):
         # force current user if not allowed to view all data
         if not self.request.has_perm('{}.viewall'.format(self.key)):
             employee = self.request.user.employee
-            assert employee
 
+        # note that employee may still be None, e.g. if current user is not employee
         return {'date': date, 'employee': employee}
 
     def process_filter_form(self, form):
@@ -257,6 +257,8 @@ class TimeSheetView(View):
         View time sheet for single employee.
         """
         context = self.get_employee_context()
+        if not context['employee']:
+            raise self.notfound()
         form = self.make_employee_filter_form(context)
         self.process_employee_filter_form(form)
         context['form'] = form
diff --git a/tailbone/views/shifts/timesheet.py b/tailbone/views/shifts/timesheet.py
index a5e06d1a..84d303e9 100644
--- a/tailbone/views/shifts/timesheet.py
+++ b/tailbone/views/shifts/timesheet.py
@@ -49,6 +49,8 @@ class TimeSheetView(BaseTimeSheetView):
         """
         # process filters; redirect if any were received
         context = self.get_employee_context()
+        if not context['employee']:
+            raise self.notfound()
         form = self.make_employee_filter_form(context)
         self.process_employee_filter_form(form)