init

2022-10-03 19:21:59 +02:00
commit 930064c9d2
9 changed files with 110 additions and 0 deletions
--- a/inventorysystem/views.py
+++ b/inventorysystem/views.py
@@ -0,0 +1,67 @@
+import flask
+import psycopg2
+import functools
+from flask import request, session
+from inventorysystem import app
+
+def show_message(message):
+    return flask.render_template("message.html", message=message)
+
+def user_has_permission(user_id, permission, oe=None)
+    db = psycopg2.connect(app.config["DSN"])
+    cur = db.cursor()
+    cur.execute("select count(*) from permissions where id=%s and permission=%s and (oe=%s or oe=NULL)", (user_id, permission, oe))
+    allowed = cur.fetchone()[0] > 0
+    db.close()
+
+def login_required(f):
+    @functools.wraps(f)
+    def inner_function(*args, **kwargs):
+        if "username" not in session:
+            return flask.redirect(flask.url_for("login"))
+        return f(*args, **kwargs)
+    return inner_function
+
+def permission_required(f, permission, oe=None):
+    @functools.wraps(f)
+    def inner_function(*args, **kwargs):
+        if "username" not in session:
+            return flask.redirect(flask.url_for("login"))
+        if not user_has_permission(session["user_id"], permission, oe):
+            return show_message("Permission denied")
+        return f(*args, **kwargs)
+    return inner_function
+
+@app.route('/')
+@login_required
+def index():
+    return flask.render_template("index.html")
+
+
+@app.route('/login', methods=["GET", "POST"])
+def login():
+    if "username" in session:
+        return flask.redirect(flask.url_for("index"))
+
+    if request.method == "GET":
+        return flask.render_template("login.html")
+
+    elif request.method == "POST":
+        db = psycopg2.connect(app.config["DSN"])
+        username = request.form["user"]
+        password = request.form["pass"]
+        #FIXME hash password
+
+        cur = db.cursor()
+        cur.execute("select id,full_name from users where username=%s and password=%s",(username,password))
+        result = cur.fetchall()
+        if not result:
+            return show_message("Failed to log in, are username and password correct?")
+        else:
+            session["username"] = username
+            session["user_id"] = result[0][0]
+            session["full_name"] = result[0][1]
+
+        return flask.redirect(flask.url_for("index"))
+
+