From 0cabac87a3453b977227cd2f493d3209848f4d24 Mon Sep 17 00:00:00 2001
From: Yannik Enss <adnidor@asta.kit.edu>
Date: Wed, 5 Oct 2022 18:26:08 +0200
Subject: [PATCH] neuer stand

---
 .../__pycache__/__init__.cpython-39.pyc       | Bin 0 -> 368 bytes
 .../__pycache__/views.cpython-39.pyc          | Bin 0 -> 3406 bytes
 inventorysystem/config.toml                   |   2 +-
 inventorysystem/templates/base.html           |   1 +
 inventorysystem/templates/index.html          |   2 +
 inventorysystem/templates/list_oes.html       |   8 +
 inventorysystem/templates/show_inventory.html |   8 +
 inventorysystem/views.py                      |  33 ++-
 schema.psql                                   | 214 ++----------------
 9 files changed, 68 insertions(+), 200 deletions(-)
 create mode 100644 inventorysystem/__pycache__/__init__.cpython-39.pyc
 create mode 100644 inventorysystem/__pycache__/views.cpython-39.pyc
 create mode 100644 inventorysystem/templates/list_oes.html
 create mode 100644 inventorysystem/templates/show_inventory.html

diff --git a/inventorysystem/__pycache__/__init__.cpython-39.pyc b/inventorysystem/__pycache__/__init__.cpython-39.pyc
new file mode 100644
index 0000000000000000000000000000000000000000..173521a1f471fa2a58daf066199d1b32a25f3877
GIT binary patch
literal 368
zcmZ9IzfQw25XSA;3294(gv3K+X;u&jF)^~Rd9kec(z^AZ$__<gWoF_j5O3s_iC194
zZV^J9bZ33vefJwI=JP2^^?GsHy{Gphi@!yaxJe!IkVs;U3}zT3z)(D6Mv_-($|#U^
zxvnGux;~QhrNBs*KzP01PuNrz_o%5p69qLmmbY4j&E3<ibGBE@#o&xiHq}l@R(C65
zmtdfo#j?*qU!=2Gb8dwJ&La`qEu;A;RtG|y^xhfXD-E9H@H9Z@Vc;7W*_pCCu!Hks
z7{dT&u~YCE*vUWp4f*^T`|)+&uAG5ZNUNmt?I9}s0q`S#fi36Cs)6&xc8v9vaq>aK
RHBPXQiO0AuYJ5tn;u~zeXS@Ia

literal 0
HcmV?d00001

diff --git a/inventorysystem/__pycache__/views.cpython-39.pyc b/inventorysystem/__pycache__/views.cpython-39.pyc
new file mode 100644
index 0000000000000000000000000000000000000000..36262843fc4e340e698f4c42119a67894b71e249
GIT binary patch
literal 3406
zcmai0&2JmW72lct;F6*!*~*8NI1S-6X*Ln0q-aqjm0bf#lS{xDaB?9E5F5@=T6ww4
z&J3-XpiVMkU))Rn0TSrNm!5j=p?}6)d&<AyQ-5!kB1Oe*D9zjX{&?^Ae($B5n+*@Y
zAOCT?|8djv{zHw+zW|N9DEgle!V@g_y49C;nQQYd$Cu~c(C_-gpc^n6_w#TVbtBXR
z5kB_1HSwm1MC~!_#v&GV^wh;o(GVNxX~<}{A)0e0>ta*19((8PoOPQrI@u6gVq080
z;^O)<E_TE#G}hg8^IvuIUlXq{=C@q$jX4v$;te-%OR)Q1^43qdxz|a!ttt7}vDC)a
zwA4B)i-cJ}9gX^oW-NYGr$>K=qFWHgJ7I!N@x*5w+xeYIbBN{Xk=#Ev!~8k3wMF|m
zx8Wd9^#i-5WFe&L895x~sgWwgM$bJ(x_<HdgX3~24^mNNqErW2@lX~fRr-;}^hL8&
zj~4BRnLO3|qer%>kIU2E;;0(kjzf4%!E9dNr~2X-;Y-Cm;R{rZH)DpM_=4?vb9UxW
z{aG;g&Vp$$3k9EgQ#R!Tf6keQo@fs1?V>yg&O*$r%{}yoczV#W{^$2QlfP)0%f4y%
z%W+}e{~&1(R5@&qq#9;Ut-5`BER}5E8f&R;-F{cM(?VPtzvy|tlvFKMyOixrw>#f{
z^;M$C07-1)k$%)KM@PT4wSHL?I8TvTY=qVzJHmIYbg67jelPoDBW*m8rhi-((uV!K
z)G~=|jV{p3gl()YXL%_t7vEVQ8`xT!=jEvs&N7wQpi_3-%Hve`Rx8PPnw0IaZ5FfZ
zPO3N2UIP$Wg>Fg~(QiPI_MbxUPrLzuB>3a_oSm^LVbkyQF=6?mrG%8XQS^Hdf*J22
zQ#TBoaTH(hIh$kQQ*Y{JFx%hR->PkFOcyTFAzq)CM_G{siY}mH2pcOYG6fYvBP#C=
zN(HC}sXEd&dT>f#pqLFVy}y+~<*GLr7kvXq*`W&&q&yzu*^~F&89nkR>?`&U^Rl1j
z`p*9PGMrL(Ta;z4ZFs8Ekxsb!HTF^Ok|33;cSty`x7N44j)Ce_sJj)Y1no7TlbV;R
z{uLT4RX<@*0O_T=0r_80_Z=+%U+Ol2aX#^sKV|2>{>X$PIRCjB!j8I$UDR77UWIsZ
z?cUNU+CmnY6iKwQi=rzlGPXmJb7a*<^SNK?=ye);jf7Ja>B#AgFsG@jG6$h?^5F`o
zzi1al*aAYFA>97%q?JiN#CT<rotJD&pkCVLdZhNye!&jbpo}i(0iV%ax+<AQIPfOC
zGihYt$L}41D&n&0f$o*dr`pg>qDxj(=c|3xC((g}iS@ty^EWoQ_x1g6z~kUxb6g6&
zb_wz&D(({hM#UM}`?)`v;3Nd$akU38i$p*^=K4bP{may5v8kUlMC9m`Mm9uk*E?gb
z7NZ6doi#zJM6H{m?g*7TLiJ~@ifZ)_W=k{(HdA=DV22=Eu>qn*LA$wZZ@PBt(7WpO
z!UKl479b;4r~`;e!>Oav<ww-J31I^w1RIP}ttWREgq?}K!8p%*#1j>1)1(W!zF?3G
zdZwkPr4ndQe)mP1<x;dw*~V$@tk`R(VEBtA6~Qm&BQ7W+n?E@!caHEAk$M+gusA%~
zeyJA_|JkUrq^i?XC;+Q166EJ<8^Q+Quc5j|ZDNQ8@q@^n10|ulK||z;2qKF+sa<MD
zO6qZLE`iOt6#451DEbzJb1B|n4U}z$uTP8@vw+2p`?k6B?@4e_%5}8)SWLHcXuFHb
zm9PuWc3~IPPhoe?5LSUUpo7rk!mNo;>cXFL5x86fghIBQBrE&1SGFtFQCeh^ln6S_
zd*dQAda{{k+VpTWhX*)DEWWE=oitvi&6OV2A8?d<g#-l+r~kySlu6oCpOCoXqVdIX
zpJT8Jjy`Ftff94|NAym1RyobVVOE$=OL=E4Vy?OA6iW=CPq_-^Cg9tfh713kiC};P
z%pi9$;YlPy=ZvIGs17RRvsgq^#8~Hcd{%evNWHa7y$xhH<gfwOZBS-onkVG2KAf@f
zjDo~Q$3fP%T)tIhXGq5sAtd_|K(1_(uWSMz%F=v~VqcMt2S%kwdjjB4*@$ejN5Rom
zMq|}SP9b{&IpJQJi{5g3WGR(LE_)V9l*^GOA1_Y(|JGkD$;f4$^G$ZvA5npVt55M3
zTPvkwf}~Z2AHr`HgI?lwS8+la!Bwz?%7qc<ek;V>rkU%oQHSWehoT8?9^Yn76vTK}
znuHvhk+2T^Z&!G9m--F5714y_54*M0R+TMREI~P1^(4v|TzImfDv>0*08+(gf~Gs=
t(%sxGT_zGA4ofl4<sBj}O(6()#vk1@_8V~=HySbHtQmkKc3lna{{qXP3U>ei

literal 0
HcmV?d00001

diff --git a/inventorysystem/config.toml b/inventorysystem/config.toml
index e37931b..d7b47a5 100644
--- a/inventorysystem/config.toml
+++ b/inventorysystem/config.toml
@@ -1,2 +1,2 @@
-DSN = "service=db dbname=inventarsystem password=kail0eiShaht2voh4rei user=adnidor_static"
+DSN = "dbname=inventarsystem dbname=inventarsystem host=/tmp"
 LDAP_URI = "ldap://ldap.yannik.intern.yannikenss.de"
diff --git a/inventorysystem/templates/base.html b/inventorysystem/templates/base.html
index 7d8c1ef..75265df 100644
--- a/inventorysystem/templates/base.html
+++ b/inventorysystem/templates/base.html
@@ -3,6 +3,7 @@
     <title>{% block title %}AStA-Inventarsystem{% endblock %}</title>
 </head>
 <body>
+<a href=/>Home</a> Logged in as {{session.full_name}} ({{session.username}})<br>
     {% block content %}{% endblock %}
 </body
 </html>
diff --git a/inventorysystem/templates/index.html b/inventorysystem/templates/index.html
index c9fcd37..5e17b72 100644
--- a/inventorysystem/templates/index.html
+++ b/inventorysystem/templates/index.html
@@ -1,4 +1,6 @@
 {% extends "base.html" %}
 {% block content %}
 Logged in as {{session.full_name}} ({{session.username}})
+
+<a href=/oes>Show OEs</a>
 {% endblock %}
diff --git a/inventorysystem/templates/list_oes.html b/inventorysystem/templates/list_oes.html
new file mode 100644
index 0000000..b352a0b
--- /dev/null
+++ b/inventorysystem/templates/list_oes.html
@@ -0,0 +1,8 @@
+{% extends "base.html" %}
+{% block content %}
+<h1>OEs</h1>
+
+{% for id,name in dbresult %}
+<a href=/inventory/{{ id }}>{{name}}</a>
+{% endfor %}
+{% endblock %}
diff --git a/inventorysystem/templates/show_inventory.html b/inventorysystem/templates/show_inventory.html
new file mode 100644
index 0000000..0b24a79
--- /dev/null
+++ b/inventorysystem/templates/show_inventory.html
@@ -0,0 +1,8 @@
+{% extends "base.html" %}
+{% block content %}
+<h1>Inventar</h1>
+<h2>{{oe_name}}</h2>
+{% for entry in dbresult %}
+{{entry}}<br>
+{% endfor %}
+{% endblock %}
diff --git a/inventorysystem/views.py b/inventorysystem/views.py
index 4458c59..6489461 100644
--- a/inventorysystem/views.py
+++ b/inventorysystem/views.py
@@ -7,12 +7,13 @@ from inventorysystem import app
 def show_message(message):
     return flask.render_template("message.html", message=message)
 
-def user_has_permission(user_id, permission, oe=None)
+def user_has_permission(user_id, permission, oe=None):
     db = psycopg2.connect(app.config["DSN"])
     cur = db.cursor()
-    cur.execute("select count(*) from permissions where id=%s and permission=%s and (oe=%s or oe=NULL)", (user_id, permission, oe))
+    cur.execute("select count(*) from permissions where \"user\"=%s and permission=%s and (oe=%s or oe is NULL)", (user_id, permission, oe))
     allowed = cur.fetchone()[0] > 0
     db.close()
+    return allowed
 
 def login_required(f):
     @functools.wraps(f)
@@ -64,4 +65,32 @@ def login():
 
         return flask.redirect(flask.url_for("index"))
 
+@app.route("/oes")
+@login_required
+def list_oes():
+    db = psycopg2.connect(app.config["DSN"])
+    cur = db.cursor()
+    cur.execute("select id, name from organizational_units")
+    result = cur.fetchall()
+    db.close()
+    
+    return flask.render_template("list_oes.html", dbresult=result)
+
+
+@app.route("/inventory/<int:oe>")
+def show_inventory(oe):
+    if not user_has_permission(session["user_id"], "show_inventory", oe):
+        return show_message("Permission denied"), 403
+
+    db = psycopg2.connect(app.config["DSN"])
+    cur = db.cursor()
+    cur.execute("select id,serial,innenauftrag,description,location,purchase_date,old_inventory_id from inventory where oe=%s", (oe,))
+    result = cur.fetchall()
+    cur.execute("select name from organizational_units where id=%s", (oe,))
+    oe_name = cur.fetchone()[0]
+    db.close()
+
+    return flask.render_template("show_inventory.html", dbresult=result, oe_name=oe_name)
+        
+
 
diff --git a/schema.psql b/schema.psql
index c3106f5..f01b545 100644
--- a/schema.psql
+++ b/schema.psql
@@ -1,211 +1,31 @@
---
--- PostgreSQL database dump
---
+CREATE TABLE organizational_units (
+    id serial NOT NULL PRIMARY KEY,
+    name integer NOT NULL
+);
 
--- Dumped from database version 13.8 (Debian 13.8-0+deb11u1)
--- Dumped by pg_dump version 14.5
+CREATE TABLE users (
+    id serial NOT NULL PRIMARY KEY,
+    username character varying NOT NULL,
+    full_name character varying NOT NULL,
+    password character varying NOT NULL
+);
 
-SET statement_timeout = 0;
-SET lock_timeout = 0;
-SET idle_in_transaction_session_timeout = 0;
-SET client_encoding = 'SQL_ASCII';
-SET standard_conforming_strings = on;
-SELECT pg_catalog.set_config('search_path', '', false);
-SET check_function_bodies = false;
-SET xmloption = content;
-SET client_min_messages = warning;
-SET row_security = off;
-
-SET default_tablespace = '';
-
-SET default_table_access_method = heap;
-
---
--- Name: inventory; Type: TABLE; Schema: public; Owner: adnidor
---
-
-CREATE TABLE public.inventory (
-    id uuid DEFAULT gen_random_uuid() NOT NULL,
+CREATE TABLE inventory (
+    id uuid DEFAULT gen_random_uuid() NOT NULL PRIMARY KEY,
     serial character varying,
     innenauftrag character varying NOT NULL,
     description character varying NOT NULL,
-    oe integer NOT NULL,
+    oe integer NOT NULL REFERENCES organizational_units,
     location text NOT NULL,
     purchase_date timestamp with time zone NOT NULL,
     purchase_price money NOT NULL,
     old_inventory_id character varying
 );
 
-
-ALTER TABLE public.inventory OWNER TO adnidor;
-
---
--- Name: organizational_units; Type: TABLE; Schema: public; Owner: adnidor
---
-
-CREATE TABLE public.organizational_units (
-    id integer NOT NULL,
-    name integer NOT NULL
-);
-
-
-ALTER TABLE public.organizational_units OWNER TO adnidor;
-
---
--- Name: permissions; Type: TABLE; Schema: public; Owner: adnidor
---
-
-CREATE TABLE public.permissions (
-    id integer NOT NULL,
-    "user" integer NOT NULL,
-    oe integer,
+CREATE TABLE permissions (
+    id serial NOT NULL PRIMARY KEY,
+    "user" integer NOT NULL REFERENCES users,
+    oe integer REFERENCES organizational_units,
     permission character varying NOT NULL
 );
 
-
-ALTER TABLE public.permissions OWNER TO adnidor;
-
---
--- Name: permissions_id_seq; Type: SEQUENCE; Schema: public; Owner: adnidor
---
-
-CREATE SEQUENCE public.permissions_id_seq
-    AS integer
-    START WITH 1
-    INCREMENT BY 1
-    NO MINVALUE
-    NO MAXVALUE
-    CACHE 1;
-
-
-ALTER TABLE public.permissions_id_seq OWNER TO adnidor;
-
---
--- Name: permissions_id_seq; Type: SEQUENCE OWNED BY; Schema: public; Owner: adnidor
---
-
-ALTER SEQUENCE public.permissions_id_seq OWNED BY public.permissions.id;
-
-
---
--- Name: users; Type: TABLE; Schema: public; Owner: adnidor
---
-
-CREATE TABLE public.users (
-    id integer NOT NULL,
-    username character varying NOT NULL,
-    full_name character varying NOT NULL,
-    password character varying NOT NULL
-);
-
-
-ALTER TABLE public.users OWNER TO adnidor;
-
---
--- Name: users_id_seq; Type: SEQUENCE; Schema: public; Owner: adnidor
---
-
-CREATE SEQUENCE public.users_id_seq
-    AS integer
-    START WITH 1
-    INCREMENT BY 1
-    NO MINVALUE
-    NO MAXVALUE
-    CACHE 1;
-
-
-ALTER TABLE public.users_id_seq OWNER TO adnidor;
-
---
--- Name: users_id_seq; Type: SEQUENCE OWNED BY; Schema: public; Owner: adnidor
---
-
-ALTER SEQUENCE public.users_id_seq OWNED BY public.users.id;
-
-
---
--- Name: permissions id; Type: DEFAULT; Schema: public; Owner: adnidor
---
-
-ALTER TABLE ONLY public.permissions ALTER COLUMN id SET DEFAULT nextval('public.permissions_id_seq'::regclass);
-
-
---
--- Name: users id; Type: DEFAULT; Schema: public; Owner: adnidor
---
-
-ALTER TABLE ONLY public.users ALTER COLUMN id SET DEFAULT nextval('public.users_id_seq'::regclass);
-
-
---
--- Name: inventory inventory_id; Type: CONSTRAINT; Schema: public; Owner: adnidor
---
-
-ALTER TABLE ONLY public.inventory
-    ADD CONSTRAINT inventory_id PRIMARY KEY (id);
-
-
---
--- Name: organizational_units organizational_units_id; Type: CONSTRAINT; Schema: public; Owner: adnidor
---
-
-ALTER TABLE ONLY public.organizational_units
-    ADD CONSTRAINT organizational_units_id PRIMARY KEY (id);
-
-
---
--- Name: permissions permissions_pkey; Type: CONSTRAINT; Schema: public; Owner: adnidor
---
-
-ALTER TABLE ONLY public.permissions
-    ADD CONSTRAINT permissions_pkey PRIMARY KEY (id);
-
-
---
--- Name: users users_pkey; Type: CONSTRAINT; Schema: public; Owner: adnidor
---
-
-ALTER TABLE ONLY public.users
-    ADD CONSTRAINT users_pkey PRIMARY KEY (id);
-
-
---
--- Name: inventory inventory_oe_fkey; Type: FK CONSTRAINT; Schema: public; Owner: adnidor
---
-
-ALTER TABLE ONLY public.inventory
-    ADD CONSTRAINT inventory_oe_fkey FOREIGN KEY (oe) REFERENCES public.organizational_units(id);
-
-
---
--- Name: TABLE inventory; Type: ACL; Schema: public; Owner: adnidor
---
-
-GRANT ALL ON TABLE public.inventory TO adnidor_static;
-
-
---
--- Name: TABLE organizational_units; Type: ACL; Schema: public; Owner: adnidor
---
-
-GRANT ALL ON TABLE public.organizational_units TO adnidor_static;
-
-
---
--- Name: TABLE permissions; Type: ACL; Schema: public; Owner: adnidor
---
-
-GRANT ALL ON TABLE public.permissions TO adnidor_static;
-
-
---
--- Name: TABLE users; Type: ACL; Schema: public; Owner: adnidor
---
-
-GRANT ALL ON TABLE public.users TO adnidor_static;
-
-
---
--- PostgreSQL database dump complete
---
-