From 930064c9d25e0a5cef559d5ced2240d09069564b Mon Sep 17 00:00:00 2001
From: Yannik Enss <me@adnidor.de>
Date: Mon, 3 Oct 2022 19:21:59 +0200
Subject: [PATCH] init

---
 inventorysystem/__init__.py                   |  10 +++
 .../__pycache__/__init__.cpython-310.pyc      | Bin 0 -> 375 bytes
 .../__pycache__/views.cpython-310.pyc         | Bin 0 -> 2346 bytes
 inventorysystem/config.toml                   |   2 +
 inventorysystem/templates/base.html           |   8 +++
 inventorysystem/templates/index.html          |   4 ++
 inventorysystem/templates/login.html          |  15 ++++
 inventorysystem/templates/message.html        |   4 ++
 inventorysystem/views.py                      |  67 ++++++++++++++++++
 9 files changed, 110 insertions(+)
 create mode 100644 inventorysystem/__init__.py
 create mode 100644 inventorysystem/__pycache__/__init__.cpython-310.pyc
 create mode 100644 inventorysystem/__pycache__/views.cpython-310.pyc
 create mode 100644 inventorysystem/config.toml
 create mode 100644 inventorysystem/templates/base.html
 create mode 100644 inventorysystem/templates/index.html
 create mode 100644 inventorysystem/templates/login.html
 create mode 100644 inventorysystem/templates/message.html
 create mode 100644 inventorysystem/views.py

diff --git a/inventorysystem/__init__.py b/inventorysystem/__init__.py
new file mode 100644
index 0000000..0df26be
--- /dev/null
+++ b/inventorysystem/__init__.py
@@ -0,0 +1,10 @@
+from flask import Flask
+app = Flask(__name__)
+
+import toml
+app.config.from_file("config.toml", load=toml.load)
+
+
+app.secret_key = "changeme"
+
+import inventorysystem.views
diff --git a/inventorysystem/__pycache__/__init__.cpython-310.pyc b/inventorysystem/__pycache__/__init__.cpython-310.pyc
new file mode 100644
index 0000000000000000000000000000000000000000..bc6778dddde67e060a071261532796928890cb3d
GIT binary patch
literal 375
zcmZ8ZJ5B>J6!dSG%}+>393su`1prY|($KlFto7T(i9eCO1T8H!2SK@!TPkjVsPHBT
zA)fT+Y39w0Uo565&*8If5Ba{2<nORdZu7<w6jInAi#f&!Fpw9_Y1W8goB`bwn^I9=
zn={2;2}Y^_Dyrju!l#Nnpk?`yThJ1x;?Bspy?>sy-gSCa_uiT;GvlS=RlAmM1s0aG
zRCJ>;kQ_^u5KdYUB2l^9B{qgqd1^?LE_f?CZ6MImJdMx>=*1QWeyQCaT<^mWhuDLy
z_ZpreKmRAcp)kwQBYa&qYj2^E%4y|8BV#X{lV65Y%Mbl+ZG_NH_d?XWAyrq_t49Mj
SI5)<5hB>NmMJ{kj=j0psfolN(

literal 0
HcmV?d00001

diff --git a/inventorysystem/__pycache__/views.cpython-310.pyc b/inventorysystem/__pycache__/views.cpython-310.pyc
new file mode 100644
index 0000000000000000000000000000000000000000..1492e31a9f3568c62abc237af2e31bd994b1a483
GIT binary patch
literal 2346
zcmah~OK%%D5GJ{+)#|N0n!<f<kT#8))B=k3Qn+b=^l=H)08TEt2-_uPuf1BTBo)Pi
ze5nn@m-IJCKrj9q{TaOWlv~d^b%rZjc9Wtja5%%qa5((Fk!&=o1U_@Ko7@Ts`3sGU
zpAW_ZX!<u0oN$_ve$mrDbvElW=vhWaUf&z}eV^jImz73AKLFk5rDM`B^MIG35BW77
z^2#yoS46O=^6HX`kk@$qm>kg~+OLUVugV*|$y+;&w_h@Tg<r+Fex1{8(z*T$;vl^a
zvt=cIod|7gSqrUGnRlr5;_*14xMKC8j#qdHO*cUpvPU_cL%=T?xbu3m`UtkiJ7RO!
zjIvW|%Paeo+0rnJ^}cN>k#nI2MvTT;Y=kO-qf??VbFaVY?#hwq#yn5CRNYvcxSQtB
zL~dfG4>asqnNl6B>}RQ%>do<it?OMm9jwkPV~7kyld3v&m+pb%cn=Sneh-8p3wlD9
z^aUBheK<P~kLV$tV~V_90t?PR+=>Bz3{Bq#!Koq7;0!|-44TK;k}hH637M0W%;_KW
z_ri@0Ct9dH9tm5@<W8D*e1!oh01C085<FERfd`nVY%r7x9>tH<j<&)66njV}9l9*3
z8t!POc@AkDPV&USd*PT4K!mJKn{;;DoiV^?1;2cAE0al_>HC|Px52wqoC_&4ZA()X
zk9CKs>)=Seg94vLT|-fvdf6?`7N^3QzOOdGPViP|AEx;{)gOVePW21=f(^a%bbE8}
z&2(d`@lr0`&q4XGbQ^zBGQnP%dmHeMhiuLk;gTGJ(?x~*hVaq`IbkPs=q(u~Fj`#_
z9&A9{_YZwoU0V_u_x0DN&dWz{K492W4LDyR?5+3xc5n7niwqttO5`LrcRue#LnTMi
zSg29z7^I`=u23RM`M00yD9-tXxwDZwQlKhT1WNDeqemThe}Ks#<qFw0yYl$lU&KY8
z3f^g~VWV0YQX4}G$NC_V<DD;UIgx;j#3;<W4Zs?vJJ3&*mdcjJbCFDpu;EacWLM?@
z$0U<*Ceox+QdiLBRou$>FV=%?wj5`foC<#GIbc{Og{`hHx(20#41z@?fDnmo8qyn1
z`k(<W@2>a#FF4f=@B%b(XuJcu`V7Symq@?@m)G9n7B8^^=T++0R0r(Ww0nuqFyzX>
zLtKk!MtpL|;127}swvc}=dPG3EGflR9VeV{oG7_PH_-!@hpMOULN^P#jw{yt>4zuQ
zfBf_I6R4?B56!OR`ce>xa%?V$KS6OQCvO%N<L{NYx6jlKC^Z51vCz1&5{wN@c@dfl
z6nwxnZ~$j&yu3jUsnbHx*qkitD_%5sWlra8$X1MK!nh9%cxYO@iVT=TY2$PYSix(+
z6lh@A&+Ue@n_J}HrH>OJa%;sGOoh4!VpetOD02A)j$-AtKEmDl<5=t2gB7Dves4I*
zvH=#$f>pTaj8CZJ%o&Gp>r^Ua+3c$y<1`aIGBSeGqBOr3#X!NcEd>i#>w&lmEADrW
zY3hB5<`r_T4+U{`c&Gg~t|@$F8x$|8DqyG&P<)62NvE*TSs#k{NMYqt5!waefJ$df
zyM<F&RDisznA9g|21@8jW-fpYapp=75<uf3Bv+MHp+OJ7&_k*r$qL%Fng6%j(V;yk
z8TcntMENdicmsDe+baHE&;L)03t%m9#oUp`mXw5&;b852UWjZ>gK%pk`6LtfF^TSP
XH6#!XkiQNwg<drbTMYEJ-=zNlfAk;N

literal 0
HcmV?d00001

diff --git a/inventorysystem/config.toml b/inventorysystem/config.toml
new file mode 100644
index 0000000..e37931b
--- /dev/null
+++ b/inventorysystem/config.toml
@@ -0,0 +1,2 @@
+DSN = "service=db dbname=inventarsystem password=kail0eiShaht2voh4rei user=adnidor_static"
+LDAP_URI = "ldap://ldap.yannik.intern.yannikenss.de"
diff --git a/inventorysystem/templates/base.html b/inventorysystem/templates/base.html
new file mode 100644
index 0000000..7d8c1ef
--- /dev/null
+++ b/inventorysystem/templates/base.html
@@ -0,0 +1,8 @@
+<html>
+<head>
+    <title>{% block title %}AStA-Inventarsystem{% endblock %}</title>
+</head>
+<body>
+    {% block content %}{% endblock %}
+</body
+</html>
diff --git a/inventorysystem/templates/index.html b/inventorysystem/templates/index.html
new file mode 100644
index 0000000..c9fcd37
--- /dev/null
+++ b/inventorysystem/templates/index.html
@@ -0,0 +1,4 @@
+{% extends "base.html" %}
+{% block content %}
+Logged in as {{session.full_name}} ({{session.username}})
+{% endblock %}
diff --git a/inventorysystem/templates/login.html b/inventorysystem/templates/login.html
new file mode 100644
index 0000000..20b02e1
--- /dev/null
+++ b/inventorysystem/templates/login.html
@@ -0,0 +1,15 @@
+{% extends "base.html" %}
+{% block title %}Login{% endblock %}
+{% block content %}
+<form method=post>
+<label>
+    Username
+    <input type=text name=user>
+</label>
+<label>
+    Password
+    <input type=password name=pass>
+</label>
+<input type=submit>
+</form>
+{% endblock %}
diff --git a/inventorysystem/templates/message.html b/inventorysystem/templates/message.html
new file mode 100644
index 0000000..54e7d1c
--- /dev/null
+++ b/inventorysystem/templates/message.html
@@ -0,0 +1,4 @@
+{% extends "base.html" %}
+{% block content %}
+{{message}}
+{% endblock %}
diff --git a/inventorysystem/views.py b/inventorysystem/views.py
new file mode 100644
index 0000000..4458c59
--- /dev/null
+++ b/inventorysystem/views.py
@@ -0,0 +1,67 @@
+import flask
+import psycopg2
+import functools
+from flask import request, session
+from inventorysystem import app
+
+def show_message(message):
+    return flask.render_template("message.html", message=message)
+
+def user_has_permission(user_id, permission, oe=None)
+    db = psycopg2.connect(app.config["DSN"])
+    cur = db.cursor()
+    cur.execute("select count(*) from permissions where id=%s and permission=%s and (oe=%s or oe=NULL)", (user_id, permission, oe))
+    allowed = cur.fetchone()[0] > 0
+    db.close()
+
+def login_required(f):
+    @functools.wraps(f)
+    def inner_function(*args, **kwargs):
+        if "username" not in session:
+            return flask.redirect(flask.url_for("login"))
+        return f(*args, **kwargs)
+    return inner_function
+
+def permission_required(f, permission, oe=None):
+    @functools.wraps(f)
+    def inner_function(*args, **kwargs):
+        if "username" not in session:
+            return flask.redirect(flask.url_for("login"))
+        if not user_has_permission(session["user_id"], permission, oe):
+            return show_message("Permission denied")
+        return f(*args, **kwargs)
+    return inner_function
+
+@app.route('/')
+@login_required
+def index():
+    return flask.render_template("index.html")
+
+
+@app.route('/login', methods=["GET", "POST"])
+def login():
+    if "username" in session:
+        return flask.redirect(flask.url_for("index"))
+
+    if request.method == "GET":
+        return flask.render_template("login.html")
+
+    elif request.method == "POST":
+        db = psycopg2.connect(app.config["DSN"])
+        username = request.form["user"]
+        password = request.form["pass"]
+        #FIXME hash password
+
+        cur = db.cursor()
+        cur.execute("select id,full_name from users where username=%s and password=%s",(username,password))
+        result = cur.fetchall()
+        if not result:
+            return show_message("Failed to log in, are username and password correct?")
+        else:
+            session["username"] = username
+            session["user_id"] = result[0][0]
+            session["full_name"] = result[0][1]
+
+        return flask.redirect(flask.url_for("index"))
+
+