Merge branch 'Requests'

2024-10-25 21:51:59 +03:00
parent ef4a7ced8f 3c29e51307
commit 7d3181edc8
9 changed files with 71 additions and 37 deletions
--- a/App/Auth/auth.py
+++ b/App/Auth/auth.py
@@ -1,15 +1,10 @@
-from flask import request, Blueprint, render_template, session, redirect, url_for
+from flask import request, Blueprint, render_template, session, current_app,redirect, url_for
 import os
 from .auth_route import route
 from Database.sql_provider import SQLProvider
-import json

 sql_provider = SQLProvider(os.path.join(os.path.dirname(__file__), 'sql'))
 auth_bp = Blueprint('auth_bp', __name__, template_folder='templates')
-db_config_path = os.path.join(os.path.dirname(__file__), os.pardir, 'Database/config.json')
-
-with open(db_config_path) as f:
-    config = json.load(f)

@auth_bp.route('/', methods=['GET', 'POST'])
 def auth():
@@ -17,12 +12,12 @@ def auth():
        return render_template('auth.html')
    else:
        data = request.form.to_dict()
-        auth_data = route(config, data, sql_provider, 'auth.sql')
+        auth_data = route(current_app.config['db_config'], data, sql_provider, 'auth.sql')
        if auth_data.status:
            session.update({
                'login': auth_data.result[0]['login'],
                'role': auth_data.result[0]['role'],
-                'db_config': config,
+                'db_config': current_app.config['db_config'],
                'permanent': True
            })
            return redirect(url_for('index'))
--- a/App/Report/sql/report1.sql
+++ b/App/Report/sql/report1.sql
@@ -0,0 +1,11 @@
+SELECT sellers.name AS 'Поставщик',
+	   w.date_of_delivery AS 'Дата поставки', 
+       SUM(wl.count) AS 'Общее количество заготовок', 
+       SUM(wl.price) AS 'Общая стоимость поставленных заготовок'
+FROM waybill w
+JOIN waybill_lines wl USING(waybill_id)
+JOIN workpiece USING(work_id)
+JOIN sellers USING(sel_id)
+WHERE workpiece.material = '${material}'
+AND (w.date_of_delivery BETWEEN '${date_from}' AND '${date_to}')
+GROUP BY sellers.name, w.date_of_delivery;
--- a/App/Requests/requests.py
+++ b/App/Requests/requests.py
@@ -1,7 +1,7 @@
 from flask import request, Blueprint, render_template, session
 from os import path
 from Database.sql_provider import SQLProvider
-from checker import check_auth
+from checker import check_auth, group_required
 from .requests_route import route
 from datetime import date
 import json
@@ -14,12 +14,14 @@ requests_bp = Blueprint('requests_bp', __name__, template_folder='templates')

@requests_bp.route('/', methods=['GET', 'POST'])
@check_auth
+@group_required
 def requests():
    if request.method == 'GET':
-        return render_template('zapros_menu.html', options=requests_list, current_role=session['role'])
+        return render_template('zapros_menu.html', options=requests_list)

@requests_bp.route('/req1', methods=['GET', 'POST'])
@check_auth
+@group_required
 def sklad_zapros():
    if request.method == 'GET':
        zagotovki = route(session['db_config'], {}, sql_provider, 'zagotovki.sql')
@@ -38,6 +40,26 @@ def sklad_zapros():

@requests_bp.route('/req2', methods=['GET', 'POST'])
@check_auth
+@group_required
+def zagotovki_ship():
+    if request.method == 'GET':
+        zagotovki = route(session['db_config'], {}, sql_provider, 'zagotovki.sql')
+        if zagotovki.status:
+            return render_template('zagotovki.html', materials=zagotovki.result, header='Поставки заготовок')
+        else:
+            return render_template('error.html', error_message=zagotovki.error_message)
+    else:
+        material = dict(request.form)
+        zagotovki = route(session['db_config'], material, sql_provider, 'zapros2.sql')
+        if zagotovki.status:
+            header = f'Поставки заготовок из материала \'{material['material']}\''
+            return render_template('output.html', items=zagotovki.result, object=header)
+        else:
+            return render_template('error.html', error_message=zagotovki.error_message)
+        
+@requests_bp.route('/req3', methods=['GET', 'POST'])
+@check_auth
+@group_required
 def sellers_ship():
    if request.method == 'GET':
        zagotovki = route(session['db_config'], {}, sql_provider, 'sellers.sql')
@@ -49,27 +71,9 @@ def sellers_ship():
            return render_template('error.html', error_message=zagotovki.error_message)
    else:
        seller = dict(request.form)
-        zagotovki = route(session['db_config'], seller, sql_provider, 'zapros2.sql')
+        zagotovki = route(session['db_config'], seller, sql_provider, 'zapros3.sql')
        if zagotovki.status:
-            header = f'Заготовки, поставленные поставщиком \'{seller['seller']}\''
-            return render_template('output.html', items=zagotovki.result, object=header)
-        else:
-            return render_template('error.html', error_message=zagotovki.error_message)
-        
-@requests_bp.route('/req3', methods=['GET', 'POST'])
-@check_auth
-def zagotovki_ship():
-    if request.method == 'GET':
-        zagotovki = route(session['db_config'], {}, sql_provider, 'zagotovki.sql')
-        if zagotovki.status:
-            return render_template('zagotovki.html', materials=zagotovki.result, header='Поставки заготовок')
-        else:
-            return render_template('error.html', error_message=zagotovki.error_message)
-    else:
-        material = dict(request.form)
-        zagotovki = route(session['db_config'], material, sql_provider, 'zapros3.sql')
-        if zagotovki.status:
-            header = f'Поставки заготовок из материала \'{material['material']}\''
+            header = f'Поставки от поставщика \'{seller['seller']}\''
            return render_template('output.html', items=zagotovki.result, object=header)
        else:
            return render_template('error.html', error_message=zagotovki.error_message)
--- a/App/Requests/templates/zapros_menu.html
+++ b/App/Requests/templates/zapros_menu.html
@@ -12,9 +12,7 @@
    <h1>Выберите вариант запроса</h1>
    <nav class="menu">
        {% for point in options %}
-            {% if current_role in point['roles'] %}
-                <a href="{{ url_for(point['url']) }}"><button>{{ point['name'] }}</button></a>
-            {% endif %}
+            <a href="{{ url_for(point['url']) }}"><button>{{ point['name'] }}</button></a>
        {% endfor %}
    </nav>
    <div class="return">
--- a/App/Requests/zapros_menu.json
+++ b/App/Requests/zapros_menu.json
@@ -1,5 +1,5 @@
 [
-    {"name": "Количество заготовок на складе", "url": "requests_bp.sklad_zapros", "roles" : "admin, user"},
-    {"name": "Поставки заготовок", "url": "requests_bp.zagotovki_ship", "roles" : "admin, user"},
-    {"name": "Поставки поставщиком за год", "url": "requests_bp.sellers_ship", "roles" : "admin, user"}
+    {"name": "Количество заготовок на складе", "url": "requests_bp.sklad_zapros"},
+    {"name": "Поставки заготовок", "url": "requests_bp.zagotovki_ship"},
+    {"name": "Поставки поставщиком за год", "url": "requests_bp.sellers_ship"}
 ]
--- a/App/app.py
+++ b/App/app.py
@@ -2,10 +2,16 @@ from flask import Flask, render_template, session
 from Requests.requests import requests_bp
 from Auth.auth import auth_bp
 from checker import check_auth
+import os, json

 app = Flask(__name__)
 app.secret_key = 'suplex'

+with open(os.path.join(os.path.dirname(__file__), 'data/db_access.json')) as f:
+    app.config['db_access'] = json.load(f)
+with open(os.path.join(os.path.dirname(__file__), 'data/config.json')) as f:
+    app.config['db_config'] = json.load(f)
+
 app.register_blueprint(requests_bp, url_prefix='/requests')
 app.register_blueprint(auth_bp, url_prefix='/auth')

--- a/App/checker.py
+++ b/App/checker.py
@@ -1,4 +1,4 @@
-from flask import redirect, url_for, session
+from flask import redirect, url_for, session, request, current_app
 from functools import wraps


@@ -8,4 +8,20 @@ def check_auth(func):
        if 'login' not in session:
            return redirect(url_for('auth_bp.auth'))
        return func(*args, **kwargs)
+    return wrapper
+
+
+def group_required(func):
+    @wraps(func)
+    def wrapper(*args, **kwargs):
+        if 'role' in session:
+            user_role = session.get('role')
+            user_request = request.endpoint
+            print('request_endpoint=', user_request)
+            user_bp = user_request.split('.')[0]
+            access = current_app.config['db_access']
+            if user_role in access and user_bp in access[user_role]:
+                return func(*args, **kwargs)
+            else:
+                return redirect(url_for('index'))
    return wrapper
--- a/App/Database/config.json
+++ b/App/Database/config.json
--- a/App/data/db_access.json
+++ b/App/data/db_access.json
@@ -0,0 +1,4 @@
+{
+    "manager": ["auth_bp", "requests_bp"],
+    "admin": ["auth_bp", "requests_bp"]
+  }