diff --git a/App/Auth/auth.py b/App/Auth/auth.py
index 838cbeb..861f89a 100644
--- a/App/Auth/auth.py
+++ b/App/Auth/auth.py
@@ -1,15 +1,10 @@
-from flask import request, Blueprint, render_template, session, redirect, url_for
+from flask import request, Blueprint, render_template, session, current_app,redirect, url_for
import os
from .auth_route import route
from Database.sql_provider import SQLProvider
-import json
sql_provider = SQLProvider(os.path.join(os.path.dirname(__file__), 'sql'))
auth_bp = Blueprint('auth_bp', __name__, template_folder='templates')
-db_config_path = os.path.join(os.path.dirname(__file__), os.pardir, 'Database/config.json')
-
-with open(db_config_path) as f:
- config = json.load(f)
@auth_bp.route('/', methods=['GET', 'POST'])
def auth():
@@ -17,12 +12,12 @@ def auth():
return render_template('auth.html')
else:
data = request.form.to_dict()
- auth_data = route(config, data, sql_provider, 'auth.sql')
+ auth_data = route(current_app.config['db_config'], data, sql_provider, 'auth.sql')
if auth_data.status:
session.update({
'login': auth_data.result[0]['login'],
'role': auth_data.result[0]['role'],
- 'db_config': config,
+ 'db_config': current_app.config['db_config'],
'permanent': True
})
return redirect(url_for('index'))
diff --git a/App/Requests/requests.py b/App/Requests/requests.py
index 17a982c..f37b02b 100644
--- a/App/Requests/requests.py
+++ b/App/Requests/requests.py
@@ -1,7 +1,7 @@
from flask import request, Blueprint, render_template, session
from os import path
from Database.sql_provider import SQLProvider
-from checker import check_auth
+from checker import check_auth, group_required
from .requests_route import route
from datetime import date
import json
@@ -16,10 +16,11 @@ requests_bp = Blueprint('requests_bp', __name__, template_folder='templates')
@check_auth
def requests():
if request.method == 'GET':
- return render_template('zapros_menu.html', options=requests_list, current_role=session['role'])
+ return render_template('zapros_menu.html', options=requests_list)
@requests_bp.route('/req1', methods=['GET', 'POST'])
@check_auth
+@group_required
def sklad_zapros():
if request.method == 'GET':
zagotovki = route(session['db_config'], {}, sql_provider, 'zagotovki.sql')
@@ -38,6 +39,7 @@ def sklad_zapros():
@requests_bp.route('/req2', methods=['GET', 'POST'])
@check_auth
+@group_required
def sellers_ship():
if request.method == 'GET':
zagotovki = route(session['db_config'], {}, sql_provider, 'sellers.sql')
@@ -58,6 +60,7 @@ def sellers_ship():
@requests_bp.route('/req3', methods=['GET', 'POST'])
@check_auth
+@group_required
def zagotovki_ship():
if request.method == 'GET':
zagotovki = route(session['db_config'], {}, sql_provider, 'zagotovki.sql')
diff --git a/App/Requests/templates/zapros_menu.html b/App/Requests/templates/zapros_menu.html
index d930e6d..852a439 100644
--- a/App/Requests/templates/zapros_menu.html
+++ b/App/Requests/templates/zapros_menu.html
@@ -12,9 +12,7 @@
Выберите вариант запроса
diff --git a/App/Requests/zapros_menu.json b/App/Requests/zapros_menu.json
index 865ba67..eacda20 100644
--- a/App/Requests/zapros_menu.json
+++ b/App/Requests/zapros_menu.json
@@ -1,5 +1,5 @@
[
- {"name": "Количество заготовок на складе", "url": "requests_bp.sklad_zapros", "roles" : "admin, user"},
- {"name": "Поставки заготовок", "url": "requests_bp.zagotovki_ship", "roles" : "admin, user"},
- {"name": "Поставки поставщиком за год", "url": "requests_bp.sellers_ship", "roles" : "admin, user"}
+ {"name": "Количество заготовок на складе", "url": "requests_bp.sklad_zapros"},
+ {"name": "Поставки заготовок", "url": "requests_bp.zagotovki_ship"},
+ {"name": "Поставки поставщиком за год", "url": "requests_bp.sellers_ship"}
]
\ No newline at end of file
diff --git a/App/app.py b/App/app.py
index b5cd26c..d8104d1 100644
--- a/App/app.py
+++ b/App/app.py
@@ -2,10 +2,16 @@ from flask import Flask, render_template, session
from Requests.requests import requests_bp
from Auth.auth import auth_bp
from checker import check_auth
+import os, json
app = Flask(__name__)
app.secret_key = 'suplex'
+with open(os.path.join(os.path.dirname(__file__), 'data/db_access.json')) as f:
+ app.config['db_access'] = json.load(f)
+with open(os.path.join(os.path.dirname(__file__), 'data/config.json')) as f:
+ app.config['db_config'] = json.load(f)
+
app.register_blueprint(requests_bp, url_prefix='/requests')
app.register_blueprint(auth_bp, url_prefix='/auth')
diff --git a/App/checker.py b/App/checker.py
index 0f90868..eff7dd5 100644
--- a/App/checker.py
+++ b/App/checker.py
@@ -1,4 +1,4 @@
-from flask import redirect, url_for, session
+from flask import redirect, url_for, session, request, current_app
from functools import wraps
@@ -8,4 +8,20 @@ def check_auth(func):
if 'login' not in session:
return redirect(url_for('auth_bp.auth'))
return func(*args, **kwargs)
+ return wrapper
+
+
+def group_required(func):
+ @wraps(func)
+ def wrapper(*args, **kwargs):
+ if 'role' in session:
+ user_role = session.get('role')
+ user_request = request.endpoint
+ print('request_endpoint=', user_request)
+ user_bp = user_request.split('.')[0]
+ access = current_app.config['db_access']
+ if user_role in access and user_bp in access[user_role]:
+ return func(*args, **kwargs)
+ else:
+ return redirect(url_for('index'))
return wrapper
\ No newline at end of file
diff --git a/App/Database/config.json b/App/data/config.json
similarity index 100%
rename from App/Database/config.json
rename to App/data/config.json
diff --git a/App/data/db_access.json b/App/data/db_access.json
new file mode 100644
index 0000000..116f540
--- /dev/null
+++ b/App/data/db_access.json
@@ -0,0 +1,4 @@
+{
+ "manager": ["auth_bp", "requests_bp"],
+ "admin": ["auth_bp", "requests_bp"]
+ }
\ No newline at end of file