Microtasks module

Handles all microtask-related operations.

🔧 Workflow

📄 GET Request (/task/{task_id}/create-microtask)

• Renders the microtask creation form for a specific task.

• Checks that the task exists before displaying the form:

  task = request.dbsession.query(Task).get(task_id)
  if not task:
      return HTTPFound(location=request.route_url('task_by_id', id=task_id))

---

📝 POST Request (/task/{task_id}/create-microtask)

• Creates a new microtask under the specified task.

• Validates that all required fields (name, description, due_date) are provided.

• Adds the new microtask to the database with default values:

  • percentage_complete: 0.0

  • status: 'undone'

  • date_created: current timestamp

• Redirects back to the parent task page.

new_microtask = Microtask(
    task_id=task_id,
    name=microtask_name,
    description=microtask_description,
    ...
)
request.dbsession.add(new_microtask)

---

🔒 Security Measures

✅ Session Enforcement

All views use the @verify_session decorator, requiring an active user session.

✅ Admin-Only Access

Both GET and POST routes are restricted to users with "admin" permission:

@view_config(..., permission="admin")

---

✅ Validations

📌 Task Existence

Verifies that the parent task exists before proceeding:

task = request.dbsession.query(Task).get(task_id)
if not task:
    return HTTPFound(...)

🧱 Required Fields

Ensures that all fields are present before creating a microtask:

• name

• description

• due_date

Missing fields return an error to the frontend:

if not microtask_name or not microtask_description or not due_date:
    return { ..., "error_ping": "All fields are required." }

🕒 Date Parsing

Due date strings are parsed into datetime objects using:

datetime.strptime(due_date, '%Y-%m-%d')

Invalid formats will raise an exception, caught and handled.

---

🧠 Design Rationale

• Modularity: Microtasks are subordinate to tasks, supporting hierarchical task breakdown.

• Validation: Input validation is enforced at form and database level.

• Security: Session and permission checks prevent unauthorized access.

• Error Handling: SQL errors are caught and trigger a rollback with a user-friendly error message.

• Consistency: Mirrors the task creation process for uniformity.