yannik/asta-inventarsystem
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
1063266f0d4b7fc0d2d9187ceb4ef2e7a09f9b3a
asta-inventarsystem/inventorysystem/views.py
Yannik Enss 930064c9d2 init
2022-10-03 19:21:59 +02:00

68 lines
2.1 KiB
Python
Raw Blame History

import flask
import psycopg2
import functools
from flask import request, session
from inventorysystem import app
def show_message(message):
return flask.render_template("message.html", message=message)
def user_has_permission(user_id, permission, oe=None)
db = psycopg2.connect(app.config["DSN"])
cur = db.cursor()
cur.execute("select count(*) from permissions where id=%s and permission=%s and (oe=%s or oe=NULL)", (user_id, permission, oe))
allowed = cur.fetchone()[0] > 0
db.close()
def login_required(f):
@functools.wraps(f)
def inner_function(*args, **kwargs):
if "username" not in session:
return flask.redirect(flask.url_for("login"))
return f(*args, **kwargs)
return inner_function
def permission_required(f, permission, oe=None):
@functools.wraps(f)
def inner_function(*args, **kwargs):
if "username" not in session:
return flask.redirect(flask.url_for("login"))
if not user_has_permission(session["user_id"], permission, oe):
return show_message("Permission denied")
return f(*args, **kwargs)
return inner_function
@app.route('/')
@login_required
def index():
return flask.render_template("index.html")
@app.route('/login', methods=["GET", "POST"])
def login():
if "username" in session:
return flask.redirect(flask.url_for("index"))
if request.method == "GET":
return flask.render_template("login.html")
elif request.method == "POST":
db = psycopg2.connect(app.config["DSN"])
username = request.form["user"]
password = request.form["pass"]
#FIXME hash password
cur = db.cursor()
cur.execute("select id,full_name from users where username=%s and password=%s",(username,password))
result = cur.fetchall()
if not result:
return show_message("Failed to log in, are username and password correct?")
else:
session["username"] = username
session["user_id"] = result[0][0]
session["full_name"] = result[0][1]
return flask.redirect(flask.url_for("index"))
Reference in New Issue View Git Blame Copy Permalink