neuer stand

inventorysystem/views.py

@@ -7,12 +7,13 @@ from inventorysystem import app
 def show_message(message):
     return flask.render_template("message.html", message=message)
 
-def user_has_permission(user_id, permission, oe=None)
+def user_has_permission(user_id, permission, oe=None):
     db = psycopg2.connect(app.config["DSN"])
     cur = db.cursor()
-    cur.execute("select count(*) from permissions where id=%s and permission=%s and (oe=%s or oe=NULL)", (user_id, permission, oe))
+    cur.execute("select count(*) from permissions where \"user\"=%s and permission=%s and (oe=%s or oe is NULL)", (user_id, permission, oe))
     allowed = cur.fetchone()[0] > 0
     db.close()
+    return allowed
 
 def login_required(f):
     @functools.wraps(f)
@@ -64,4 +65,32 @@ def login():
 
         return flask.redirect(flask.url_for("index"))
 
+@app.route("/oes")
+@login_required
+def list_oes():
+    db = psycopg2.connect(app.config["DSN"])
+    cur = db.cursor()
+    cur.execute("select id, name from organizational_units")
+    result = cur.fetchall()
+    db.close()
+    
+    return flask.render_template("list_oes.html", dbresult=result)
+
+
+@app.route("/inventory/<int:oe>")
+def show_inventory(oe):
+    if not user_has_permission(session["user_id"], "show_inventory", oe):
+        return show_message("Permission denied"), 403
+
+    db = psycopg2.connect(app.config["DSN"])
+    cur = db.cursor()
+    cur.execute("select id,serial,innenauftrag,description,location,purchase_date,old_inventory_id from inventory where oe=%s", (oe,))
+    result = cur.fetchall()
+    cur.execute("select name from organizational_units where id=%s", (oe,))
+    oe_name = cur.fetchone()[0]
+    db.close()
+
+    return flask.render_template("show_inventory.html", dbresult=result, oe_name=oe_name)
+        
+