yannik/asta-inventarsystem
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

init

Browse Source
This commit is contained in:
adnidor
2022-10-03 19:21:59 +02:00
commit 930064c9d2
9 changed files with 110 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
inventorysystem/__init__.py Normal file
View File

@@ -0,0 +1,10 @@
from flask import Flask
app = Flask(__name__)
import toml
app.config.from_file("config.toml", load=toml.load)
app.secret_key = "changeme"
import inventorysystem.views

BIN
inventorysystem/__pycache__/__init__.cpython-310.pyc Normal file
View File

Binary file not shown.

BIN
inventorysystem/__pycache__/views.cpython-310.pyc Normal file
View File

Binary file not shown.

2
inventorysystem/config.toml Normal file
View File

@@ -0,0 +1,2 @@
DSN = "service=db dbname=inventarsystem password=kail0eiShaht2voh4rei user=adnidor_static"
LDAP_URI = "ldap://ldap.yannik.intern.yannikenss.de"

8
inventorysystem/templates/base.html Normal file
View File

@@ -0,0 +1,8 @@
<html>
<head>
<title>{% block title %}AStA-Inventarsystem{% endblock %}</title>
</head>
<body>
{% block content %}{% endblock %}
</body
</html>

4
inventorysystem/templates/index.html Normal file
View File

@@ -0,0 +1,4 @@
{% extends "base.html" %}
{% block content %}
Logged in as {{session.full_name}} ({{session.username}})
{% endblock %}

15
inventorysystem/templates/login.html Normal file
View File

@@ -0,0 +1,15 @@
{% extends "base.html" %}
{% block title %}Login{% endblock %}
{% block content %}
<form method=post>
<label>
Username
<input type=text name=user>
</label>
<label>
Password
<input type=password name=pass>
</label>
<input type=submit>
</form>
{% endblock %}

4
inventorysystem/templates/message.html Normal file
View File

@@ -0,0 +1,4 @@
{% extends "base.html" %}
{% block content %}
{{message}}
{% endblock %}

67
inventorysystem/views.py Normal file
View File

@@ -0,0 +1,67 @@
import flask
import psycopg2
import functools
from flask import request, session
from inventorysystem import app
def show_message(message):
return flask.render_template("message.html", message=message)
def user_has_permission(user_id, permission, oe=None)
db = psycopg2.connect(app.config["DSN"])
cur = db.cursor()
cur.execute("select count(*) from permissions where id=%s and permission=%s and (oe=%s or oe=NULL)", (user_id, permission, oe))
allowed = cur.fetchone()[0] > 0
db.close()
def login_required(f):
@functools.wraps(f)
def inner_function(*args, **kwargs):
if "username" not in session:
return flask.redirect(flask.url_for("login"))
return f(*args, **kwargs)
return inner_function
def permission_required(f, permission, oe=None):
@functools.wraps(f)
def inner_function(*args, **kwargs):
if "username" not in session:
return flask.redirect(flask.url_for("login"))
if not user_has_permission(session["user_id"], permission, oe):
return show_message("Permission denied")
return f(*args, **kwargs)
return inner_function
@app.route('/')
@login_required
def index():
return flask.render_template("index.html")
@app.route('/login', methods=["GET", "POST"])
def login():
if "username" in session:
return flask.redirect(flask.url_for("index"))
if request.method == "GET":
return flask.render_template("login.html")
elif request.method == "POST":
db = psycopg2.connect(app.config["DSN"])
username = request.form["user"]
password = request.form["pass"]
#FIXME hash password
cur = db.cursor()
cur.execute("select id,full_name from users where username=%s and password=%s",(username,password))
result = cur.fetchall()
if not result:
return show_message("Failed to log in, are username and password correct?")
else:
session["username"] = username
session["user_id"] = result[0][0]
session["full_name"] = result[0][1]
return flask.redirect(flask.url_for("index"))