97 lines
3.0 KiB
Python
97 lines
3.0 KiB
Python
import flask
|
|
import psycopg2
|
|
import functools
|
|
from flask import request, session
|
|
from inventorysystem import app
|
|
|
|
def show_message(message):
|
|
return flask.render_template("message.html", message=message)
|
|
|
|
def user_has_permission(user_id, permission, oe=None):
|
|
db = psycopg2.connect(app.config["DSN"])
|
|
cur = db.cursor()
|
|
cur.execute("select count(*) from permissions where \"user\"=%s and permission=%s and (oe=%s or oe is NULL)", (user_id, permission, oe))
|
|
allowed = cur.fetchone()[0] > 0
|
|
db.close()
|
|
return allowed
|
|
|
|
def login_required(f):
|
|
@functools.wraps(f)
|
|
def inner_function(*args, **kwargs):
|
|
if "username" not in session:
|
|
return flask.redirect(flask.url_for("login"))
|
|
return f(*args, **kwargs)
|
|
return inner_function
|
|
|
|
def permission_required(f, permission, oe=None):
|
|
@functools.wraps(f)
|
|
def inner_function(*args, **kwargs):
|
|
if "username" not in session:
|
|
return flask.redirect(flask.url_for("login"))
|
|
if not user_has_permission(session["user_id"], permission, oe):
|
|
return show_message("Permission denied")
|
|
return f(*args, **kwargs)
|
|
return inner_function
|
|
|
|
@app.route('/')
|
|
@login_required
|
|
def index():
|
|
return flask.render_template("index.html")
|
|
|
|
|
|
@app.route('/login', methods=["GET", "POST"])
|
|
def login():
|
|
if "username" in session:
|
|
return flask.redirect(flask.url_for("index"))
|
|
|
|
if request.method == "GET":
|
|
return flask.render_template("login.html")
|
|
|
|
elif request.method == "POST":
|
|
db = psycopg2.connect(app.config["DSN"])
|
|
username = request.form["user"]
|
|
password = request.form["pass"]
|
|
#FIXME hash password
|
|
|
|
cur = db.cursor()
|
|
cur.execute("select id,full_name from users where username=%s and password=%s",(username,password))
|
|
result = cur.fetchall()
|
|
if not result:
|
|
return show_message("Failed to log in, are username and password correct?")
|
|
else:
|
|
session["username"] = username
|
|
session["user_id"] = result[0][0]
|
|
session["full_name"] = result[0][1]
|
|
|
|
return flask.redirect(flask.url_for("index"))
|
|
|
|
@app.route("/oes")
|
|
@login_required
|
|
def list_oes():
|
|
db = psycopg2.connect(app.config["DSN"])
|
|
cur = db.cursor()
|
|
cur.execute("select id, name from organizational_units")
|
|
result = cur.fetchall()
|
|
db.close()
|
|
|
|
return flask.render_template("list_oes.html", dbresult=result)
|
|
|
|
|
|
@app.route("/inventory/<int:oe>")
|
|
def show_inventory(oe):
|
|
if not user_has_permission(session["user_id"], "show_inventory", oe):
|
|
return show_message("Permission denied"), 403
|
|
|
|
db = psycopg2.connect(app.config["DSN"])
|
|
cur = db.cursor()
|
|
cur.execute("select id,serial,innenauftrag,description,location,purchase_date,old_inventory_id from inventory where oe=%s", (oe,))
|
|
result = cur.fetchall()
|
|
cur.execute("select name from organizational_units where id=%s", (oe,))
|
|
oe_name = cur.fetchone()[0]
|
|
db.close()
|
|
|
|
return flask.render_template("show_inventory.html", dbresult=result, oe_name=oe_name)
|
|
|
|
|
|
|