structure for adding items

2022-10-06 01:34:31 +02:00
parent c6dc363c68
commit 8092e8b6bb
3 changed files with 96 additions and 15 deletions
--- a/inventorysystem/views.py
+++ b/inventorysystem/views.py
@@ -8,8 +8,14 @@ from inventorysystem import app
 def show_message(message):
    return flask.render_template("message.html", message=message)

+def get_db():
+    return psycopg2.connect(app.config["DSN"], cursor_factory=psycopg2.extras.NamedTupleCursor)
+
+def current_user_has_permission(permission, oe=None):
+    return user_has_permission(session["user_id"], permission, oe)
+
 def user_has_permission(user_id, permission, oe=None):
-    db = psycopg2.connect(app.config["DSN"])
+    db = get_db()
    cur = db.cursor()
    cur.execute("select count(*) from permissions where \"user\"=%s and permission=%s and (oe=%s or oe is NULL)", (user_id, permission, oe))
    allowed = cur.fetchone()[0] > 0
@@ -29,7 +35,7 @@ def permission_required(f, permission, oe=None):
    def inner_function(*args, **kwargs):
        if "username" not in session:
            return flask.redirect(flask.url_for("login"))
-        if not user_has_permission(session["user_id"], permission, oe):
+        if not current_user_has_permission(permission, oe):
            return show_message("Permission denied")
        return f(*args, **kwargs)
    return inner_function
@@ -44,28 +50,28 @@ def login():
        return flask.render_template("login.html")

    elif request.method == "POST":
-        db = psycopg2.connect(app.config["DSN"])
        username = request.form["user"]
        password = request.form["pass"]
        #FIXME hash password

-        cur = db.cursor(cursor_factory=psycopg2.extras.RealDictCursor)
+        db = get_db()
+        cur = db.cursor()
        cur.execute("select id,full_name from users where username=%s and password=%s",(username,password))
        result = cur.fetchall()
        if not result:
            return show_message("Failed to log in, are username and password correct?")
        else:
            session["username"] = username
-            session["user_id"] = result[0]["id"]
-            session["full_name"] = result[0]["full_name"]
+            session["user_id"] = result[0].id
+            session["full_name"] = result[0].full_name

        return flask.redirect(flask.url_for("index"))

@app.route('/')
@login_required
 def index():
-    db = psycopg2.connect(app.config["DSN"])
-    cur = db.cursor(cursor_factory=psycopg2.extras.RealDictCursor)
+    db = get_db()
+    cur = db.cursor()
    cur.execute("select id, name from organizational_units")
    result = cur.fetchall()
    db.close()
@@ -79,7 +85,7 @@ def list_of_dicts_to_table(l, headers, default=None):
    for d in l:
        tmp_list = []
        for header in headers:
-            tmp_list.append(d.get(header,default))
+            tmp_list.append(getattr(d, header, default))
        table["rows"].append(tmp_list)
    return table

@@ -88,17 +94,30 @@ def show_inventory(oe):
    if not user_has_permission(session["user_id"], "show_inventory", oe):
        return show_message("Permission denied"), 403

-    db = psycopg2.connect(app.config["DSN"])
-    cur = db.cursor(cursor_factory=psycopg2.extras.RealDictCursor)
+    db = get_db()
+    cur = db.cursor()
    cur.execute("select id,serial,innenauftrag,description,location,purchase_date,purchase_price,old_inventory_id from inventory where oe=%s", (oe,))
    result = cur.fetchall()
-    cur.execute("select name from organizational_units where id=%s", (oe,))
-    oe_name = cur.fetchone()["name"]
+    cur.execute("select id,name from organizational_units where id=%s", (oe,))
+    oe = cur.fetchone()
    db.close()

    table = list_of_dicts_to_table(result, ["id", "serial", "description", "location", "innenauftrag", "purchase_date", "purchase_price", "old_inventory_id"])

-    return flask.render_template("show_inventory.html", table=table, oe_name=oe_name)
+    return flask.render_template("show_inventory.html", table=table, oe=oe)
        

+@app.route("/inventory/<int:oe>/new", methods=["GET", "POST"])
+def new_inventory(oe):
+    if not user_has_permission(session["user_id"], "create_inventory_entry", oe):
+        return show_message("Permission denied"), 403
+    if request.method == "GET":
+        db = get_db()
+        cur = db.cursor()
+        cur.execute("select id,name from organizational_units where id=%s", (oe,))
+        oe = cur.fetchone()
+        db.close()
+
+        return flask.render_template("new_inventory.html", oe=oe)
+