neuer stand

2022-10-05 18:26:08 +02:00
parent 1063266f0d
commit 0cabac87a3
9 changed files with 68 additions and 200 deletions
--- a/inventorysystem/pycache/init.cpython-39.pyc
+++ b/inventorysystem/pycache/init.cpython-39.pyc
--- a/inventorysystem/pycache/views.cpython-39.pyc
+++ b/inventorysystem/pycache/views.cpython-39.pyc
--- a/inventorysystem/config.toml
+++ b/inventorysystem/config.toml
@@ -1,2 +1,2 @@
-DSN = "service=db dbname=inventarsystem password=kail0eiShaht2voh4rei user=adnidor_static"
+DSN = "dbname=inventarsystem dbname=inventarsystem host=/tmp"
 LDAP_URI = "ldap://ldap.yannik.intern.yannikenss.de"
--- a/inventorysystem/templates/base.html
+++ b/inventorysystem/templates/base.html
@@ -3,6 +3,7 @@
    <title>{% block title %}AStA-Inventarsystem{% endblock %}</title>
 </head>
 <body>
+<a href=/>Home</a> Logged in as {{session.full_name}} ({{session.username}})<br>
    {% block content %}{% endblock %}
 </body
 </html>
--- a/inventorysystem/templates/index.html
+++ b/inventorysystem/templates/index.html
@@ -1,4 +1,6 @@
 {% extends "base.html" %}
 {% block content %}
 Logged in as {{session.full_name}} ({{session.username}})
+
+<a href=/oes>Show OEs</a>
 {% endblock %}
--- a/inventorysystem/templates/list_oes.html
+++ b/inventorysystem/templates/list_oes.html
@@ -0,0 +1,8 @@
+{% extends "base.html" %}
+{% block content %}
+<h1>OEs</h1>
+
+{% for id,name in dbresult %}
+<a href=/inventory/{{ id }}>{{name}}</a>
+{% endfor %}
+{% endblock %}
--- a/inventorysystem/templates/show_inventory.html
+++ b/inventorysystem/templates/show_inventory.html
@@ -0,0 +1,8 @@
+{% extends "base.html" %}
+{% block content %}
+<h1>Inventar</h1>
+<h2>{{oe_name}}</h2>
+{% for entry in dbresult %}
+{{entry}}<br>
+{% endfor %}
+{% endblock %}
--- a/inventorysystem/views.py
+++ b/inventorysystem/views.py
@@ -7,12 +7,13 @@ from inventorysystem import app
 def show_message(message):
    return flask.render_template("message.html", message=message)

-def user_has_permission(user_id, permission, oe=None)
+def user_has_permission(user_id, permission, oe=None):
    db = psycopg2.connect(app.config["DSN"])
    cur = db.cursor()
-    cur.execute("select count(*) from permissions where id=%s and permission=%s and (oe=%s or oe=NULL)", (user_id, permission, oe))
+    cur.execute("select count(*) from permissions where \"user\"=%s and permission=%s and (oe=%s or oe is NULL)", (user_id, permission, oe))
    allowed = cur.fetchone()[0] > 0
    db.close()
+    return allowed

 def login_required(f):
    @functools.wraps(f)
@@ -64,4 +65,32 @@ def login():

        return flask.redirect(flask.url_for("index"))

+@app.route("/oes")
+@login_required
+def list_oes():
+    db = psycopg2.connect(app.config["DSN"])
+    cur = db.cursor()
+    cur.execute("select id, name from organizational_units")
+    result = cur.fetchall()
+    db.close()
+    
+    return flask.render_template("list_oes.html", dbresult=result)
+
+
+@app.route("/inventory/<int:oe>")
+def show_inventory(oe):
+    if not user_has_permission(session["user_id"], "show_inventory", oe):
+        return show_message("Permission denied"), 403
+
+    db = psycopg2.connect(app.config["DSN"])
+    cur = db.cursor()
+    cur.execute("select id,serial,innenauftrag,description,location,purchase_date,old_inventory_id from inventory where oe=%s", (oe,))
+    result = cur.fetchall()
+    cur.execute("select name from organizational_units where id=%s", (oe,))
+    oe_name = cur.fetchone()[0]
+    db.close()
+
+    return flask.render_template("show_inventory.html", dbresult=result, oe_name=oe_name)
+        
+