Разграничение прав на использование разделов

2024-10-25 11:37:41 +03:00
parent f708df717c
commit 36688b318d
8 changed files with 39 additions and 17 deletions
--- a/App/Requests/requests.py
+++ b/App/Requests/requests.py
@@ -1,7 +1,7 @@
 from flask import request, Blueprint, render_template, session
 from os import path
 from Database.sql_provider import SQLProvider
-from checker import check_auth
+from checker import check_auth, group_required
 from .requests_route import route
 from datetime import date
 import json
@@ -16,10 +16,11 @@ requests_bp = Blueprint('requests_bp', __name__, template_folder='templates')
@check_auth
 def requests():
    if request.method == 'GET':
-        return render_template('zapros_menu.html', options=requests_list, current_role=session['role'])
+        return render_template('zapros_menu.html', options=requests_list)

@requests_bp.route('/req1', methods=['GET', 'POST'])
@check_auth
+@group_required
 def sklad_zapros():
    if request.method == 'GET':
        zagotovki = route(session['db_config'], {}, sql_provider, 'zagotovki.sql')
@@ -38,6 +39,7 @@ def sklad_zapros():

@requests_bp.route('/req2', methods=['GET', 'POST'])
@check_auth
+@group_required
 def sellers_ship():
    if request.method == 'GET':
        zagotovki = route(session['db_config'], {}, sql_provider, 'sellers.sql')
@@ -58,6 +60,7 @@ def sellers_ship():
        
@requests_bp.route('/req3', methods=['GET', 'POST'])
@check_auth
+@group_required
 def zagotovki_ship():
    if request.method == 'GET':
        zagotovki = route(session['db_config'], {}, sql_provider, 'zagotovki.sql')
--- a/App/Requests/templates/zapros_menu.html
+++ b/App/Requests/templates/zapros_menu.html
@@ -12,9 +12,7 @@
    <h1>Выберите вариант запроса</h1>
    <nav class="menu">
        {% for point in options %}
-            {% if current_role in point['roles'] %}
-                <a href="{{ url_for(point['url']) }}"><button>{{ point['name'] }}</button></a>
-            {% endif %}
+            <a href="{{ url_for(point['url']) }}"><button>{{ point['name'] }}</button></a>
        {% endfor %}
    </nav>
    <div class="return">
--- a/App/Requests/zapros_menu.json
+++ b/App/Requests/zapros_menu.json
@@ -1,5 +1,5 @@
 [
-    {"name": "Количество заготовок на складе", "url": "requests_bp.sklad_zapros", "roles" : "admin, user"},
-    {"name": "Поставки заготовок", "url": "requests_bp.zagotovki_ship", "roles" : "admin, user"},
-    {"name": "Поставки поставщиком за год", "url": "requests_bp.sellers_ship", "roles" : "admin, user"}
+    {"name": "Количество заготовок на складе", "url": "requests_bp.sklad_zapros"},
+    {"name": "Поставки заготовок", "url": "requests_bp.zagotovki_ship"},
+    {"name": "Поставки поставщиком за год", "url": "requests_bp.sellers_ship"}
 ]