From 36688b318d9d6a34d7e4a75cdc4969bf28cd6bd6 Mon Sep 17 00:00:00 2001 From: Anton Kamalov Date: Fri, 25 Oct 2024 11:37:41 +0300 Subject: [PATCH 1/2] =?UTF-8?q?=D0=A0=D0=B0=D0=B7=D0=B3=D1=80=D0=B0=D0=BD?= =?UTF-8?q?=D0=B8=D1=87=D0=B5=D0=BD=D0=B8=D0=B5=20=D0=BF=D1=80=D0=B0=D0=B2?= =?UTF-8?q?=20=D0=BD=D0=B0=20=D0=B8=D1=81=D0=BF=D0=BE=D0=BB=D1=8C=D0=B7?= =?UTF-8?q?=D0=BE=D0=B2=D0=B0=D0=BD=D0=B8=D0=B5=20=D1=80=D0=B0=D0=B7=D0=B4?= =?UTF-8?q?=D0=B5=D0=BB=D0=BE=D0=B2?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- App/Auth/auth.py | 11 +++-------- App/Requests/requests.py | 7 +++++-- App/Requests/templates/zapros_menu.html | 4 +--- App/Requests/zapros_menu.json | 6 +++--- App/app.py | 6 ++++++ App/checker.py | 18 +++++++++++++++++- App/{Database => data}/config.json | 0 App/data/db_access.json | 4 ++++ 8 files changed, 39 insertions(+), 17 deletions(-) rename App/{Database => data}/config.json (100%) create mode 100644 App/data/db_access.json diff --git a/App/Auth/auth.py b/App/Auth/auth.py index 838cbeb..861f89a 100644 --- a/App/Auth/auth.py +++ b/App/Auth/auth.py @@ -1,15 +1,10 @@ -from flask import request, Blueprint, render_template, session, redirect, url_for +from flask import request, Blueprint, render_template, session, current_app,redirect, url_for import os from .auth_route import route from Database.sql_provider import SQLProvider -import json sql_provider = SQLProvider(os.path.join(os.path.dirname(__file__), 'sql')) auth_bp = Blueprint('auth_bp', __name__, template_folder='templates') -db_config_path = os.path.join(os.path.dirname(__file__), os.pardir, 'Database/config.json') - -with open(db_config_path) as f: - config = json.load(f) @auth_bp.route('/', methods=['GET', 'POST']) def auth(): @@ -17,12 +12,12 @@ def auth(): return render_template('auth.html') else: data = request.form.to_dict() - auth_data = route(config, data, sql_provider, 'auth.sql') + auth_data = route(current_app.config['db_config'], data, sql_provider, 'auth.sql') if auth_data.status: session.update({ 'login': auth_data.result[0]['login'], 'role': auth_data.result[0]['role'], - 'db_config': config, + 'db_config': current_app.config['db_config'], 'permanent': True }) return redirect(url_for('index')) diff --git a/App/Requests/requests.py b/App/Requests/requests.py index 17a982c..f37b02b 100644 --- a/App/Requests/requests.py +++ b/App/Requests/requests.py @@ -1,7 +1,7 @@ from flask import request, Blueprint, render_template, session from os import path from Database.sql_provider import SQLProvider -from checker import check_auth +from checker import check_auth, group_required from .requests_route import route from datetime import date import json @@ -16,10 +16,11 @@ requests_bp = Blueprint('requests_bp', __name__, template_folder='templates') @check_auth def requests(): if request.method == 'GET': - return render_template('zapros_menu.html', options=requests_list, current_role=session['role']) + return render_template('zapros_menu.html', options=requests_list) @requests_bp.route('/req1', methods=['GET', 'POST']) @check_auth +@group_required def sklad_zapros(): if request.method == 'GET': zagotovki = route(session['db_config'], {}, sql_provider, 'zagotovki.sql') @@ -38,6 +39,7 @@ def sklad_zapros(): @requests_bp.route('/req2', methods=['GET', 'POST']) @check_auth +@group_required def sellers_ship(): if request.method == 'GET': zagotovki = route(session['db_config'], {}, sql_provider, 'sellers.sql') @@ -58,6 +60,7 @@ def sellers_ship(): @requests_bp.route('/req3', methods=['GET', 'POST']) @check_auth +@group_required def zagotovki_ship(): if request.method == 'GET': zagotovki = route(session['db_config'], {}, sql_provider, 'zagotovki.sql') diff --git a/App/Requests/templates/zapros_menu.html b/App/Requests/templates/zapros_menu.html index d930e6d..852a439 100644 --- a/App/Requests/templates/zapros_menu.html +++ b/App/Requests/templates/zapros_menu.html @@ -12,9 +12,7 @@

Выберите вариант запроса

diff --git a/App/Requests/zapros_menu.json b/App/Requests/zapros_menu.json index 865ba67..eacda20 100644 --- a/App/Requests/zapros_menu.json +++ b/App/Requests/zapros_menu.json @@ -1,5 +1,5 @@ [ - {"name": "Количество заготовок на складе", "url": "requests_bp.sklad_zapros", "roles" : "admin, user"}, - {"name": "Поставки заготовок", "url": "requests_bp.zagotovki_ship", "roles" : "admin, user"}, - {"name": "Поставки поставщиком за год", "url": "requests_bp.sellers_ship", "roles" : "admin, user"} + {"name": "Количество заготовок на складе", "url": "requests_bp.sklad_zapros"}, + {"name": "Поставки заготовок", "url": "requests_bp.zagotovki_ship"}, + {"name": "Поставки поставщиком за год", "url": "requests_bp.sellers_ship"} ] \ No newline at end of file diff --git a/App/app.py b/App/app.py index b5cd26c..d8104d1 100644 --- a/App/app.py +++ b/App/app.py @@ -2,10 +2,16 @@ from flask import Flask, render_template, session from Requests.requests import requests_bp from Auth.auth import auth_bp from checker import check_auth +import os, json app = Flask(__name__) app.secret_key = 'suplex' +with open(os.path.join(os.path.dirname(__file__), 'data/db_access.json')) as f: + app.config['db_access'] = json.load(f) +with open(os.path.join(os.path.dirname(__file__), 'data/config.json')) as f: + app.config['db_config'] = json.load(f) + app.register_blueprint(requests_bp, url_prefix='/requests') app.register_blueprint(auth_bp, url_prefix='/auth') diff --git a/App/checker.py b/App/checker.py index 0f90868..eff7dd5 100644 --- a/App/checker.py +++ b/App/checker.py @@ -1,4 +1,4 @@ -from flask import redirect, url_for, session +from flask import redirect, url_for, session, request, current_app from functools import wraps @@ -8,4 +8,20 @@ def check_auth(func): if 'login' not in session: return redirect(url_for('auth_bp.auth')) return func(*args, **kwargs) + return wrapper + + +def group_required(func): + @wraps(func) + def wrapper(*args, **kwargs): + if 'role' in session: + user_role = session.get('role') + user_request = request.endpoint + print('request_endpoint=', user_request) + user_bp = user_request.split('.')[0] + access = current_app.config['db_access'] + if user_role in access and user_bp in access[user_role]: + return func(*args, **kwargs) + else: + return redirect(url_for('index')) return wrapper \ No newline at end of file diff --git a/App/Database/config.json b/App/data/config.json similarity index 100% rename from App/Database/config.json rename to App/data/config.json diff --git a/App/data/db_access.json b/App/data/db_access.json new file mode 100644 index 0000000..116f540 --- /dev/null +++ b/App/data/db_access.json @@ -0,0 +1,4 @@ +{ + "manager": ["auth_bp", "requests_bp"], + "admin": ["auth_bp", "requests_bp"] + } \ No newline at end of file From 3c29e5130770c03000bba283c7ba11db2979034c Mon Sep 17 00:00:00 2001 From: Anton Kamalov Date: Fri, 25 Oct 2024 21:50:49 +0300 Subject: [PATCH 2/2] =?UTF-8?q?=D0=9F=D0=BE=D0=BF=D1=80=D0=B0=D0=B2=D0=BA?= =?UTF-8?q?=D0=B0=20=D0=B2=20=D0=B7=D0=B0=D0=BF=D1=80=D0=BE=D1=81=D0=B0?= =?UTF-8?q?=D1=85?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- App/Report/sql/report1.sql | 11 ++++++++++ App/Requests/requests.py | 43 +++++++++++++++++++------------------- 2 files changed, 33 insertions(+), 21 deletions(-) create mode 100644 App/Report/sql/report1.sql diff --git a/App/Report/sql/report1.sql b/App/Report/sql/report1.sql new file mode 100644 index 0000000..bac1519 --- /dev/null +++ b/App/Report/sql/report1.sql @@ -0,0 +1,11 @@ +SELECT sellers.name AS 'Поставщик', + w.date_of_delivery AS 'Дата поставки', + SUM(wl.count) AS 'Общее количество заготовок', + SUM(wl.price) AS 'Общая стоимость поставленных заготовок' +FROM waybill w +JOIN waybill_lines wl USING(waybill_id) +JOIN workpiece USING(work_id) +JOIN sellers USING(sel_id) +WHERE workpiece.material = '${material}' +AND (w.date_of_delivery BETWEEN '${date_from}' AND '${date_to}') +GROUP BY sellers.name, w.date_of_delivery; diff --git a/App/Requests/requests.py b/App/Requests/requests.py index f37b02b..03af5ca 100644 --- a/App/Requests/requests.py +++ b/App/Requests/requests.py @@ -14,6 +14,7 @@ requests_bp = Blueprint('requests_bp', __name__, template_folder='templates') @requests_bp.route('/', methods=['GET', 'POST']) @check_auth +@group_required def requests(): if request.method == 'GET': return render_template('zapros_menu.html', options=requests_list) @@ -40,6 +41,25 @@ def sklad_zapros(): @requests_bp.route('/req2', methods=['GET', 'POST']) @check_auth @group_required +def zagotovki_ship(): + if request.method == 'GET': + zagotovki = route(session['db_config'], {}, sql_provider, 'zagotovki.sql') + if zagotovki.status: + return render_template('zagotovki.html', materials=zagotovki.result, header='Поставки заготовок') + else: + return render_template('error.html', error_message=zagotovki.error_message) + else: + material = dict(request.form) + zagotovki = route(session['db_config'], material, sql_provider, 'zapros2.sql') + if zagotovki.status: + header = f'Поставки заготовок из материала \'{material['material']}\'' + return render_template('output.html', items=zagotovki.result, object=header) + else: + return render_template('error.html', error_message=zagotovki.error_message) + +@requests_bp.route('/req3', methods=['GET', 'POST']) +@check_auth +@group_required def sellers_ship(): if request.method == 'GET': zagotovki = route(session['db_config'], {}, sql_provider, 'sellers.sql') @@ -51,28 +71,9 @@ def sellers_ship(): return render_template('error.html', error_message=zagotovki.error_message) else: seller = dict(request.form) - zagotovki = route(session['db_config'], seller, sql_provider, 'zapros2.sql') + zagotovki = route(session['db_config'], seller, sql_provider, 'zapros3.sql') if zagotovki.status: - header = f'Заготовки, поставленные поставщиком \'{seller['seller']}\'' - return render_template('output.html', items=zagotovki.result, object=header) - else: - return render_template('error.html', error_message=zagotovki.error_message) - -@requests_bp.route('/req3', methods=['GET', 'POST']) -@check_auth -@group_required -def zagotovki_ship(): - if request.method == 'GET': - zagotovki = route(session['db_config'], {}, sql_provider, 'zagotovki.sql') - if zagotovki.status: - return render_template('zagotovki.html', materials=zagotovki.result, header='Поставки заготовок') - else: - return render_template('error.html', error_message=zagotovki.error_message) - else: - material = dict(request.form) - zagotovki = route(session['db_config'], material, sql_provider, 'zapros3.sql') - if zagotovki.status: - header = f'Поставки заготовок из материала \'{material['material']}\'' + header = f'Поставки от поставщика \'{seller['seller']}\'' return render_template('output.html', items=zagotovki.result, object=header) else: return render_template('error.html', error_message=zagotovki.error_message) \ No newline at end of file