Добавление нового типа пользователя + исправления из второй лабы
This commit is contained in:
Anton Kamalov
@@ -12,11 +12,12 @@ def auth():
|
||||
return render_template('auth.html')
|
||||
else:
|
||||
data = request.form.to_dict()
|
||||
data['table'] = 'internal_users' if 'internal' in data else 'external_users'
|
||||
auth_data = route(current_app.config['db_config'], data, sql_provider, 'auth.sql')
|
||||
if auth_data.status:
|
||||
session.update({
|
||||
'login': auth_data.result[0]['login'],
|
||||
'role': auth_data.result[0]['role'],
|
||||
'role': auth_data.result[0]['user_role'],
|
||||
'db_config': current_app.config['db_config'],
|
||||
'permanent': True
|
||||
})
|
||||
|
||||
@@ -8,8 +8,10 @@ class InfoRespronse:
|
||||
|
||||
def route(db_config, input_data, sql_provider, name) -> InfoRespronse:
|
||||
_sql = sql_provider.get(name, input_data)
|
||||
print("sql = ", _sql)
|
||||
# print("sql = ", _sql)
|
||||
result = select_list(db_config, _sql)
|
||||
if result is None or len(result) == 0:
|
||||
return InfoRespronse(result, error_message = 'Произошла ошибка на этапе авторизации :(', status=False)
|
||||
if result is None:
|
||||
return InfoRespronse(result, error_message = 'Произошла ошибка на этапе авторизации', status=False)
|
||||
elif len(result) == 0:
|
||||
return InfoRespronse(result, error_message = 'Пользователь не найден', status=False)
|
||||
return InfoRespronse(result, error_message='', status=True)
|
||||
@@ -1,4 +1,3 @@
|
||||
SELECT login, role FROM user_table
|
||||
WHERE 1=1
|
||||
AND login = '$login'
|
||||
SELECT login, user_role FROM $table
|
||||
WHERE login = '$login'
|
||||
AND password = '$password';
|
||||
@@ -13,6 +13,7 @@
|
||||
<input type="text" name="login" required>
|
||||
<label for="password">Пароль: </label>
|
||||
<input type="password" name="password" required><br>
|
||||
<p><input type="checkbox" name="internal">Внутренний пользователь</p>
|
||||
<input type="submit" value="Вход">
|
||||
</form>
|
||||
</div>
|
||||
|
||||
@@ -8,6 +8,6 @@
|
||||
<body>
|
||||
<h1>Сожалеем</h1>
|
||||
<p>{{ error_message }}</p>
|
||||
<p><a href="{{ url_for('auth_bp.auth') }}">Вернуться</a></p>
|
||||
<a href="{{ url_for('index') }}"><button>На главную страницу</button></a>
|
||||
</body>
|
||||
</html>
|
||||
|
||||
@@ -7,6 +7,9 @@ import os, json
|
||||
app = Flask(__name__)
|
||||
app.secret_key = 'suplex'
|
||||
|
||||
# app.config.from_file(os.path.join(os.path.dirname(__file__), 'data/db_access.json'), load=json.load)
|
||||
# app.config.from_file(os.path.join(os.path.dirname(__file__), 'data/config.json'), load=json.load)
|
||||
|
||||
with open(os.path.join(os.path.dirname(__file__), 'data/db_access.json')) as f:
|
||||
app.config['db_access'] = json.load(f)
|
||||
with open(os.path.join(os.path.dirname(__file__), 'data/config.json')) as f:
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
from flask import redirect, url_for, session, request, current_app
|
||||
from flask import redirect, url_for, session, request, current_app, render_template
|
||||
from functools import wraps
|
||||
|
||||
|
||||
@@ -10,18 +10,17 @@ def check_auth(func):
|
||||
return func(*args, **kwargs)
|
||||
return wrapper
|
||||
|
||||
|
||||
def group_required(func):
|
||||
@wraps(func)
|
||||
def wrapper(*args, **kwargs):
|
||||
if 'role' in session:
|
||||
user_role = session.get('role')
|
||||
user_request = request.endpoint
|
||||
print('request_endpoint=', user_request)
|
||||
user_bp = user_request.split('.')[0]
|
||||
access = current_app.config['db_access']
|
||||
if user_role in access and user_bp in access[user_role]:
|
||||
return func(*args, **kwargs)
|
||||
else:
|
||||
return redirect(url_for('index'))
|
||||
user_role = session.get('role')
|
||||
user_request = request.endpoint
|
||||
print('request_endpoint=', user_request)
|
||||
user_bp = user_request.split('.')[0]
|
||||
access = current_app.config['db_access']
|
||||
if user_role in access and user_bp in access[user_role]:
|
||||
return func(*args, **kwargs)
|
||||
else:
|
||||
return render_template('error.html', error_message='Недостаточно прав')
|
||||
|
||||
return wrapper
|
||||
@@ -1,4 +1,5 @@
|
||||
{
|
||||
"manager": ["auth_bp", "requests_bp"],
|
||||
"admin": ["auth_bp", "requests_bp"]
|
||||
"admin": ["auth_bp", "requests_bp"],
|
||||
"sellers": ["auth_bp", "requests_bp"]
|
||||
}
|
||||
14
App/templates/error.html
Normal file
14
App/templates/error.html
Normal file
@@ -0,0 +1,14 @@
|
||||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
<title>Ошибка</title>
|
||||
<link href="/static/css/auth.css" type="text/css" rel="stylesheet">
|
||||
<link href="/static/css/main.css" type="text/css" rel="stylesheet">
|
||||
</head>
|
||||
<body>
|
||||
<h1>Сожалеем</h1>
|
||||
<p>{{ error_message }}</p>
|
||||
<a href="{{ url_for('index') }}"><button>На главную страницу</button></a>
|
||||
</body>
|
||||
</html>
|
||||
@@ -1,16 +0,0 @@
|
||||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
<title>Привет мир!</title>
|
||||
<link href="static/css/main.css" type="text/css" rel="stylesheet">
|
||||
</head>
|
||||
<body>
|
||||
<h1>Hello World</h1>
|
||||
<nav class="menu">
|
||||
{% for point in menu %}
|
||||
<a class="middle" href="{{ point['url'] }}">{{ point['name'] }}</a>
|
||||
{% endfor %}
|
||||
</nav>
|
||||
</body>
|
||||
</html>
|
||||
Reference in New Issue
Block a user