aktueller stand

inventorysystem/templates/delete_inventory.html

@@ -0,0 +1,13 @@
+{% extends "base.html" %}
+{% block content %}
+<h1>Inventareintrag löschen</h1>
+
+{% for key,value in dbresult %}
+{{key}}: {{value}} <br>
+{% endfor %}
+
+<form method=post>
+<input type=submit value=Löschen>
+</form>
+
+{% endblock %}

inventorysystem/templates/show_inventory.html

@@ -8,6 +8,7 @@
 {% for entry in table.headers %}
 <th>{{entry}}</th>
 {% endfor %}
+<th>Actions<th>
 </tr>
 
 {% for entry in table.rows %}
@@ -15,6 +16,7 @@
 {% for x in entry %}
 <td>{{x}}</td>
 {% endfor %}
+<td><a href={{url_for("delete_inventory", id=entry[0])}}>Löschen</a></td>
 </tr>
 {% endfor %}
 

inventorysystem/views.py

@@ -2,9 +2,14 @@ import flask
 import psycopg2
 import psycopg2.extras
 import functools
+import datetime
+import decimal
 from flask import request, session
 from inventorysystem import app
 
+psycopg2.extras.register_uuid()
+
+
 def show_message(message):
     return flask.render_template("message.html", message=message)
 
@@ -17,7 +22,7 @@ def current_user_has_permission(permission, oe=None):
 def user_has_permission(user_id, permission, oe=None):
     db = get_db()
     cur = db.cursor()
-    cur.execute("select count(*) from permissions where \"user\"=%s and permission=%s and (oe=%s or oe is NULL)", (user_id, permission, oe))
+    cur.execute("select count(*) from permissions where \"user\"=%s and (permission=%s or permission='admin') and (oe=%s or oe is NULL)", (user_id, permission, oe))
     allowed = cur.fetchone()[0] > 0
     db.close()
     return allowed
@@ -119,5 +124,70 @@ def new_inventory(oe):
         db.close()
 
         return flask.render_template("new_inventory.html", oe=oe)
+    else:
+        description = request.form["description"] or None
+        innenauftrag = request.form["innenauftrag"] or None
+        serial = request.form["serial"] or None 
+        location = request.form["location"] or None 
+        old_inventory_id = request.form["old_inventory_id"] or None
+        purchase_date = request.form["purchase_date"] or None
+        purchase_date = datetime.datetime.fromisoformat(purchase_date)
+        purchase_price = request.form["purchase_price"] or None
+        purchase_price = decimal.Decimal(purchase_price)
+
+        db = get_db()
+        cur = db.cursor()
+        try:
+            cur.execute("insert into inventory (serial, innenauftrag, description, oe, location, purchase_date, purchase_price, old_inventory_id) values (%s,%s,%s,%s,%s,%s,%s,%s)", (serial, innenauftrag, description, oe, location, purchase_date, purchase_price, old_inventory_id))
+        except Exception as e:
+            db.rollback()
+            raise e
+        else:
+            db.commit()
+
+        return flask.redirect(flask.url_for("show_inventory", oe=oe))
+
+@app.route("/inventory/<uuid:id>/delete", methods=["GET", "POST"])
+def delete_inventory(id):
+    db = get_db()
+    cur = db.cursor()
+    cur.execute("select oe from inventory where id=%s", (id,))
+    inventory_oe = cur.fetchone().oe
+    if not current_user_has_permission("delete_inventory_entry", inventory_oe):
+        return show_message("Permission denied"), 403
+
+    if request.method == "GET":
+        cur.execute("select * from inventory where id=%s", (id,))
+        result = cur.fetchone()._asdict().items()
+
+        return flask.render_template("delete_inventory.html", dbresult=result)
+
+    else:
+        try:
+            cur.execute("delete from inventory where id=%s", (id,))
+        except Exception as e:
+            db.rollback()
+            raise e
+        else:
+            db.commit()
+
+        return flask.redirect(flask.url_for("show_inventory", oe=inventory_oe))
+
+@app.route("/users")
+@permission_required("user_admin")
+def list_users():
+    db = get_db()
+    cur = db.cursor()
+    cur.execute("select id,username,full_name from users", (oe,))
+    result = cur.fetchall()
+    cur.execute("select id,name from organizational_units where id=%s", (oe,))
+    oe = cur.fetchone()
+    db.close()
+
+    table = list_of_dicts_to_table(result, ["id", "serial", "description", "location", "innenauftrag", "purchase_date", "purchase_price", "old_inventory_id"])
+
+    return flask.render_template("show_inventory.html", table=table, oe=oe)
+
+
 
 

schema.psql

@@ -18,7 +18,7 @@ CREATE TABLE inventory (
     oe integer NOT NULL REFERENCES organizational_units,
     location text NOT NULL,
     purchase_date timestamp with time zone NOT NULL,
-    purchase_price money NOT NULL,
+    purchase_price numeric(1000,2) NOT NULL,
     old_inventory_id character varying
 );