Разграничение прав на использование разделов

2024-10-25 11:37:41 +03:00
parent f708df717c
commit 36688b318d
8 changed files with 39 additions and 17 deletions
--- a/App/Auth/auth.py
+++ b/App/Auth/auth.py
@@ -1,15 +1,10 @@
-from flask import request, Blueprint, render_template, session, redirect, url_for
+from flask import request, Blueprint, render_template, session, current_app,redirect, url_for
 import os
 from .auth_route import route
 from Database.sql_provider import SQLProvider
-import json

 sql_provider = SQLProvider(os.path.join(os.path.dirname(__file__), 'sql'))
 auth_bp = Blueprint('auth_bp', __name__, template_folder='templates')
-db_config_path = os.path.join(os.path.dirname(__file__), os.pardir, 'Database/config.json')
-
-with open(db_config_path) as f:
-    config = json.load(f)

@auth_bp.route('/', methods=['GET', 'POST'])
 def auth():
@@ -17,12 +12,12 @@ def auth():
        return render_template('auth.html')
    else:
        data = request.form.to_dict()
-        auth_data = route(config, data, sql_provider, 'auth.sql')
+        auth_data = route(current_app.config['db_config'], data, sql_provider, 'auth.sql')
        if auth_data.status:
            session.update({
                'login': auth_data.result[0]['login'],
                'role': auth_data.result[0]['role'],
-                'db_config': config,
+                'db_config': current_app.config['db_config'],
                'permanent': True
            })
            return redirect(url_for('index'))
--- a/App/Requests/requests.py
+++ b/App/Requests/requests.py
@@ -1,7 +1,7 @@
 from flask import request, Blueprint, render_template, session
 from os import path
 from Database.sql_provider import SQLProvider
-from checker import check_auth
+from checker import check_auth, group_required
 from .requests_route import route
 from datetime import date
 import json
@@ -16,10 +16,11 @@ requests_bp = Blueprint('requests_bp', __name__, template_folder='templates')
@check_auth
 def requests():
    if request.method == 'GET':
-        return render_template('zapros_menu.html', options=requests_list, current_role=session['role'])
+        return render_template('zapros_menu.html', options=requests_list)

@requests_bp.route('/req1', methods=['GET', 'POST'])
@check_auth
+@group_required
 def sklad_zapros():
    if request.method == 'GET':
        zagotovki = route(session['db_config'], {}, sql_provider, 'zagotovki.sql')
@@ -38,6 +39,7 @@ def sklad_zapros():

@requests_bp.route('/req2', methods=['GET', 'POST'])
@check_auth
+@group_required
 def sellers_ship():
    if request.method == 'GET':
        zagotovki = route(session['db_config'], {}, sql_provider, 'sellers.sql')
@@ -58,6 +60,7 @@ def sellers_ship():
        
@requests_bp.route('/req3', methods=['GET', 'POST'])
@check_auth
+@group_required
 def zagotovki_ship():
    if request.method == 'GET':
        zagotovki = route(session['db_config'], {}, sql_provider, 'zagotovki.sql')
--- a/App/Requests/templates/zapros_menu.html
+++ b/App/Requests/templates/zapros_menu.html
@@ -12,9 +12,7 @@
    <h1>Выберите вариант запроса</h1>
    <nav class="menu">
        {% for point in options %}
-            {% if current_role in point['roles'] %}
-                <a href="{{ url_for(point['url']) }}"><button>{{ point['name'] }}</button></a>
-            {% endif %}
+            <a href="{{ url_for(point['url']) }}"><button>{{ point['name'] }}</button></a>
        {% endfor %}
    </nav>
    <div class="return">
--- a/App/Requests/zapros_menu.json
+++ b/App/Requests/zapros_menu.json
@@ -1,5 +1,5 @@
 [
-    {"name": "Количество заготовок на складе", "url": "requests_bp.sklad_zapros", "roles" : "admin, user"},
-    {"name": "Поставки заготовок", "url": "requests_bp.zagotovki_ship", "roles" : "admin, user"},
-    {"name": "Поставки поставщиком за год", "url": "requests_bp.sellers_ship", "roles" : "admin, user"}
+    {"name": "Количество заготовок на складе", "url": "requests_bp.sklad_zapros"},
+    {"name": "Поставки заготовок", "url": "requests_bp.zagotovki_ship"},
+    {"name": "Поставки поставщиком за год", "url": "requests_bp.sellers_ship"}
 ]
--- a/App/app.py
+++ b/App/app.py
@@ -2,10 +2,16 @@ from flask import Flask, render_template, session
 from Requests.requests import requests_bp
 from Auth.auth import auth_bp
 from checker import check_auth
+import os, json

 app = Flask(__name__)
 app.secret_key = 'suplex'

+with open(os.path.join(os.path.dirname(__file__), 'data/db_access.json')) as f:
+    app.config['db_access'] = json.load(f)
+with open(os.path.join(os.path.dirname(__file__), 'data/config.json')) as f:
+    app.config['db_config'] = json.load(f)
+
 app.register_blueprint(requests_bp, url_prefix='/requests')
 app.register_blueprint(auth_bp, url_prefix='/auth')

--- a/App/checker.py
+++ b/App/checker.py
@@ -1,4 +1,4 @@
-from flask import redirect, url_for, session
+from flask import redirect, url_for, session, request, current_app
 from functools import wraps


@@ -8,4 +8,20 @@ def check_auth(func):
        if 'login' not in session:
            return redirect(url_for('auth_bp.auth'))
        return func(*args, **kwargs)
+    return wrapper
+
+
+def group_required(func):
+    @wraps(func)
+    def wrapper(*args, **kwargs):
+        if 'role' in session:
+            user_role = session.get('role')
+            user_request = request.endpoint
+            print('request_endpoint=', user_request)
+            user_bp = user_request.split('.')[0]
+            access = current_app.config['db_access']
+            if user_role in access and user_bp in access[user_role]:
+                return func(*args, **kwargs)
+            else:
+                return redirect(url_for('index'))
    return wrapper
--- a/App/Database/config.json
+++ b/App/Database/config.json
--- a/App/data/db_access.json
+++ b/App/data/db_access.json
@@ -0,0 +1,4 @@
+{
+    "manager": ["auth_bp", "requests_bp"],
+    "admin": ["auth_bp", "requests_bp"]
+  }