yannik/asta-inventarsystem
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
8092e8b6bb040c4ceab5f5fac583dbd4d2efe349
asta-inventarsystem/inventorysystem/views.py

124 lines
4.0 KiB
Python
Raw Blame History

import flask
import psycopg2
import psycopg2.extras
import functools
from flask import request, session
from inventorysystem import app
def show_message(message):
return flask.render_template("message.html", message=message)
def get_db():
return psycopg2.connect(app.config["DSN"], cursor_factory=psycopg2.extras.NamedTupleCursor)
def current_user_has_permission(permission, oe=None):
return user_has_permission(session["user_id"], permission, oe)
def user_has_permission(user_id, permission, oe=None):
db = get_db()
cur = db.cursor()
cur.execute("select count(*) from permissions where \"user\"=%s and permission=%s and (oe=%s or oe is NULL)", (user_id, permission, oe))
allowed = cur.fetchone()[0] > 0
db.close()
return allowed
def login_required(f):
@functools.wraps(f)
def inner_function(*args, **kwargs):
if "username" not in session:
return flask.redirect(flask.url_for("login"))
return f(*args, **kwargs)
return inner_function
def permission_required(f, permission, oe=None):
@functools.wraps(f)
def inner_function(*args, **kwargs):
if "username" not in session:
return flask.redirect(flask.url_for("login"))
if not current_user_has_permission(permission, oe):
return show_message("Permission denied")
return f(*args, **kwargs)
return inner_function
@app.route('/login', methods=["GET", "POST"])
def login():
if "username" in session:
return flask.redirect(flask.url_for("index"))
if request.method == "GET":
return flask.render_template("login.html")
elif request.method == "POST":
username = request.form["user"]
password = request.form["pass"]
#FIXME hash password
db = get_db()
cur = db.cursor()
cur.execute("select id,full_name from users where username=%s and password=%s",(username,password))
result = cur.fetchall()
if not result:
return show_message("Failed to log in, are username and password correct?")
else:
session["username"] = username
session["user_id"] = result[0].id
session["full_name"] = result[0].full_name
return flask.redirect(flask.url_for("index"))
@app.route('/')
@login_required
def index():
db = get_db()
cur = db.cursor()
cur.execute("select id, name from organizational_units")
result = cur.fetchall()
db.close()
return flask.render_template("index.html", dbresult=result)
def list_of_dicts_to_table(l, headers, default=None):
table = {}
table["headers"] = headers
table["rows"] = []
for d in l:
tmp_list = []
for header in headers:
tmp_list.append(getattr(d, header, default))
table["rows"].append(tmp_list)
return table
@app.route("/inventory/<int:oe>")
def show_inventory(oe):
if not user_has_permission(session["user_id"], "show_inventory", oe):
return show_message("Permission denied"), 403
db = get_db()
cur = db.cursor()
cur.execute("select id,serial,innenauftrag,description,location,purchase_date,purchase_price,old_inventory_id from inventory where oe=%s", (oe,))
result = cur.fetchall()
cur.execute("select id,name from organizational_units where id=%s", (oe,))
oe = cur.fetchone()
db.close()
table = list_of_dicts_to_table(result, ["id", "serial", "description", "location", "innenauftrag", "purchase_date", "purchase_price", "old_inventory_id"])
return flask.render_template("show_inventory.html", table=table, oe=oe)
@app.route("/inventory/<int:oe>/new", methods=["GET", "POST"])
def new_inventory(oe):
if not user_has_permission(session["user_id"], "create_inventory_entry", oe):
return show_message("Permission denied"), 403
if request.method == "GET":
db = get_db()
cur = db.cursor()
cur.execute("select id,name from organizational_units where id=%s", (oe,))
oe = cur.fetchone()
db.close()
return flask.render_template("new_inventory.html", oe=oe)
Reference in New Issue View Git Blame Copy Permalink