aktueller stand
This commit is contained in:
@@ -2,9 +2,14 @@ import flask
|
||||
import psycopg2
|
||||
import psycopg2.extras
|
||||
import functools
|
||||
import datetime
|
||||
import decimal
|
||||
from flask import request, session
|
||||
from inventorysystem import app
|
||||
|
||||
psycopg2.extras.register_uuid()
|
||||
|
||||
|
||||
def show_message(message):
|
||||
return flask.render_template("message.html", message=message)
|
||||
|
||||
@@ -17,7 +22,7 @@ def current_user_has_permission(permission, oe=None):
|
||||
def user_has_permission(user_id, permission, oe=None):
|
||||
db = get_db()
|
||||
cur = db.cursor()
|
||||
cur.execute("select count(*) from permissions where \"user\"=%s and permission=%s and (oe=%s or oe is NULL)", (user_id, permission, oe))
|
||||
cur.execute("select count(*) from permissions where \"user\"=%s and (permission=%s or permission='admin') and (oe=%s or oe is NULL)", (user_id, permission, oe))
|
||||
allowed = cur.fetchone()[0] > 0
|
||||
db.close()
|
||||
return allowed
|
||||
@@ -119,5 +124,70 @@ def new_inventory(oe):
|
||||
db.close()
|
||||
|
||||
return flask.render_template("new_inventory.html", oe=oe)
|
||||
else:
|
||||
description = request.form["description"] or None
|
||||
innenauftrag = request.form["innenauftrag"] or None
|
||||
serial = request.form["serial"] or None
|
||||
location = request.form["location"] or None
|
||||
old_inventory_id = request.form["old_inventory_id"] or None
|
||||
purchase_date = request.form["purchase_date"] or None
|
||||
purchase_date = datetime.datetime.fromisoformat(purchase_date)
|
||||
purchase_price = request.form["purchase_price"] or None
|
||||
purchase_price = decimal.Decimal(purchase_price)
|
||||
|
||||
db = get_db()
|
||||
cur = db.cursor()
|
||||
try:
|
||||
cur.execute("insert into inventory (serial, innenauftrag, description, oe, location, purchase_date, purchase_price, old_inventory_id) values (%s,%s,%s,%s,%s,%s,%s,%s)", (serial, innenauftrag, description, oe, location, purchase_date, purchase_price, old_inventory_id))
|
||||
except Exception as e:
|
||||
db.rollback()
|
||||
raise e
|
||||
else:
|
||||
db.commit()
|
||||
|
||||
return flask.redirect(flask.url_for("show_inventory", oe=oe))
|
||||
|
||||
@app.route("/inventory/<uuid:id>/delete", methods=["GET", "POST"])
|
||||
def delete_inventory(id):
|
||||
db = get_db()
|
||||
cur = db.cursor()
|
||||
cur.execute("select oe from inventory where id=%s", (id,))
|
||||
inventory_oe = cur.fetchone().oe
|
||||
if not current_user_has_permission("delete_inventory_entry", inventory_oe):
|
||||
return show_message("Permission denied"), 403
|
||||
|
||||
if request.method == "GET":
|
||||
cur.execute("select * from inventory where id=%s", (id,))
|
||||
result = cur.fetchone()._asdict().items()
|
||||
|
||||
return flask.render_template("delete_inventory.html", dbresult=result)
|
||||
|
||||
else:
|
||||
try:
|
||||
cur.execute("delete from inventory where id=%s", (id,))
|
||||
except Exception as e:
|
||||
db.rollback()
|
||||
raise e
|
||||
else:
|
||||
db.commit()
|
||||
|
||||
return flask.redirect(flask.url_for("show_inventory", oe=inventory_oe))
|
||||
|
||||
@app.route("/users")
|
||||
@permission_required("user_admin")
|
||||
def list_users():
|
||||
db = get_db()
|
||||
cur = db.cursor()
|
||||
cur.execute("select id,username,full_name from users", (oe,))
|
||||
result = cur.fetchall()
|
||||
cur.execute("select id,name from organizational_units where id=%s", (oe,))
|
||||
oe = cur.fetchone()
|
||||
db.close()
|
||||
|
||||
table = list_of_dicts_to_table(result, ["id", "serial", "description", "location", "innenauftrag", "purchase_date", "purchase_price", "old_inventory_id"])
|
||||
|
||||
return flask.render_template("show_inventory.html", table=table, oe=oe)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user