structure for adding items

inventorysystem/templates/new_inventory.html

@@ -0,0 +1,60 @@
+{% extends "base.html" %}
+{% block content %}
+<h1>Neuer Inventareintrag</h1>
+<h2>{{oe.name}}</h2>
+
+<form method=post>
+
+<label>
+    Beschreibung
+    <textarea name=description></textarea>
+</label>
+
+<br>
+
+<label>
+    IA-Nummer
+    <input type=text name=innenauftrag>
+<label>
+
+<br>
+
+<label>
+    Seriennummer
+    <input type=text name=serial>
+<label>
+
+<br>
+
+<label>
+    Ort
+    <input type=text name=location>
+<label>
+
+<br>
+
+<label>
+    Legacy-Inventarnummer
+    <input type=text name=old_inventory_id>
+<label>
+
+<br>
+
+<label>
+    Kaufdatum
+    <input type=date name=purchase_date>
+<label>
+
+<br>
+
+<label>
+    Kaufpreis
+    <input type=number step=0.01 name=purchase_price>
+<label>
+
+<br>
+
+<input type=submit>
+</form>
+
+{% endblock %}

inventorysystem/templates/show_inventory.html

@@ -1,7 +1,7 @@
 {% extends "base.html" %}
 {% block content %}
 <h1>Inventar</h1>
-<h2>{{oe_name}}</h2>
+<h2>{{oe.name}}</h2>
 
 <table>
 <tr>
@@ -20,4 +20,6 @@
 
 </table>
 
+<a href={{url_for("new_inventory", oe=oe.id)}}>Neuer Eintrag</a>
+
 {% endblock %}

inventorysystem/views.py

@@ -8,8 +8,14 @@ from inventorysystem import app
 def show_message(message):
     return flask.render_template("message.html", message=message)
 
+def get_db():
+    return psycopg2.connect(app.config["DSN"], cursor_factory=psycopg2.extras.NamedTupleCursor)
+
+def current_user_has_permission(permission, oe=None):
+    return user_has_permission(session["user_id"], permission, oe)
+
 def user_has_permission(user_id, permission, oe=None):
-    db = psycopg2.connect(app.config["DSN"])
+    db = get_db()
     cur = db.cursor()
     cur.execute("select count(*) from permissions where \"user\"=%s and permission=%s and (oe=%s or oe is NULL)", (user_id, permission, oe))
     allowed = cur.fetchone()[0] > 0
@@ -29,7 +35,7 @@ def permission_required(f, permission, oe=None):
     def inner_function(*args, **kwargs):
         if "username" not in session:
             return flask.redirect(flask.url_for("login"))
-        if not user_has_permission(session["user_id"], permission, oe):
+        if not current_user_has_permission(permission, oe):
             return show_message("Permission denied")
         return f(*args, **kwargs)
     return inner_function
@@ -44,28 +50,28 @@ def login():
         return flask.render_template("login.html")
 
     elif request.method == "POST":
-        db = psycopg2.connect(app.config["DSN"])
         username = request.form["user"]
         password = request.form["pass"]
         #FIXME hash password
 
-        cur = db.cursor(cursor_factory=psycopg2.extras.RealDictCursor)
+        db = get_db()
+        cur = db.cursor()
         cur.execute("select id,full_name from users where username=%s and password=%s",(username,password))
         result = cur.fetchall()
         if not result:
             return show_message("Failed to log in, are username and password correct?")
         else:
             session["username"] = username
-            session["user_id"] = result[0]["id"]
+            session["user_id"] = result[0].id
-            session["full_name"] = result[0]["full_name"]
+            session["full_name"] = result[0].full_name
 
         return flask.redirect(flask.url_for("index"))
 
 @app.route('/')
 @login_required
 def index():
-    db = psycopg2.connect(app.config["DSN"])
+    db = get_db()
-    cur = db.cursor(cursor_factory=psycopg2.extras.RealDictCursor)
+    cur = db.cursor()
     cur.execute("select id, name from organizational_units")
     result = cur.fetchall()
     db.close()
@@ -79,7 +85,7 @@ def list_of_dicts_to_table(l, headers, default=None):
     for d in l:
         tmp_list = []
         for header in headers:
-            tmp_list.append(d.get(header,default))
+            tmp_list.append(getattr(d, header, default))
         table["rows"].append(tmp_list)
     return table
 
@@ -88,17 +94,30 @@ def show_inventory(oe):
     if not user_has_permission(session["user_id"], "show_inventory", oe):
         return show_message("Permission denied"), 403
 
-    db = psycopg2.connect(app.config["DSN"])
+    db = get_db()
-    cur = db.cursor(cursor_factory=psycopg2.extras.RealDictCursor)
+    cur = db.cursor()
     cur.execute("select id,serial,innenauftrag,description,location,purchase_date,purchase_price,old_inventory_id from inventory where oe=%s", (oe,))
     result = cur.fetchall()
-    cur.execute("select name from organizational_units where id=%s", (oe,))
+    cur.execute("select id,name from organizational_units where id=%s", (oe,))
-    oe_name = cur.fetchone()["name"]
+    oe = cur.fetchone()
     db.close()
 
     table = list_of_dicts_to_table(result, ["id", "serial", "description", "location", "innenauftrag", "purchase_date", "purchase_price", "old_inventory_id"])
 
-    return flask.render_template("show_inventory.html", table=table, oe_name=oe_name)
+    return flask.render_template("show_inventory.html", table=table, oe=oe)
         
 
+@app.route("/inventory/<int:oe>/new", methods=["GET", "POST"])
+def new_inventory(oe):
+    if not user_has_permission(session["user_id"], "create_inventory_entry", oe):
+        return show_message("Permission denied"), 403
+    if request.method == "GET":
+        db = get_db()
+        cur = db.cursor()
+        cur.execute("select id,name from organizational_units where id=%s", (oe,))
+        oe = cur.fetchone()
+        db.close()
+
+        return flask.render_template("new_inventory.html", oe=oe)
+