From b0924ae0bc45a20835c2b67429c7ec123ba3c320 Mon Sep 17 00:00:00 2001
From: Anton Kamalov <kamalov.anton@csoftcom.com>
Date: Mon, 4 Nov 2024 21:01:39 +0300
Subject: [PATCH] =?UTF-8?q?=D0=94=D0=BE=D0=B1=D0=B0=D0=B2=D0=BB=D0=B5?=
 =?UTF-8?q?=D0=BD=D0=B8=D0=B5=20=D0=BD=D0=BE=D0=B2=D0=BE=D0=B3=D0=BE=20?=
 =?UTF-8?q?=D1=82=D0=B8=D0=BF=D0=B0=20=D0=BF=D0=BE=D0=BB=D1=8C=D0=B7=D0=BE?=
 =?UTF-8?q?=D0=B2=D0=B0=D1=82=D0=B5=D0=BB=D1=8F=20+=20=D0=B8=D1=81=D0=BF?=
 =?UTF-8?q?=D1=80=D0=B0=D0=B2=D0=BB=D0=B5=D0=BD=D0=B8=D1=8F=20=D0=B8=D0=B7?=
 =?UTF-8?q?=20=D0=B2=D1=82=D0=BE=D1=80=D0=BE=D0=B9=20=D0=BB=D0=B0=D0=B1?=
 =?UTF-8?q?=D1=8B?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 App/Auth/auth.py              |  3 ++-
 App/Auth/auth_route.py        |  8 +++++---
 App/Auth/sql/auth.sql         |  5 ++---
 App/Auth/templates/auth.html  |  1 +
 App/Auth/templates/error.html |  2 +-
 App/app.py                    |  3 +++
 App/checker.py                | 23 +++++++++++------------
 App/data/db_access.json       |  3 ++-
 App/templates/error.html      | 14 ++++++++++++++
 App/templates/index.html      | 16 ----------------
 10 files changed, 41 insertions(+), 37 deletions(-)
 create mode 100644 App/templates/error.html
 delete mode 100644 App/templates/index.html

diff --git a/App/Auth/auth.py b/App/Auth/auth.py
index 861f89a..d5e3b20 100644
--- a/App/Auth/auth.py
+++ b/App/Auth/auth.py
@@ -12,11 +12,12 @@ def auth():
         return render_template('auth.html')
     else:
         data = request.form.to_dict()
+        data['table'] = 'internal_users' if 'internal' in data else 'external_users'
         auth_data = route(current_app.config['db_config'], data, sql_provider, 'auth.sql')
         if auth_data.status:
             session.update({
                 'login': auth_data.result[0]['login'],
-                'role': auth_data.result[0]['role'],
+                'role': auth_data.result[0]['user_role'],
                 'db_config': current_app.config['db_config'],
                 'permanent': True
             })
diff --git a/App/Auth/auth_route.py b/App/Auth/auth_route.py
index 8b77d0c..c65e492 100644
--- a/App/Auth/auth_route.py
+++ b/App/Auth/auth_route.py
@@ -8,8 +8,10 @@ class InfoRespronse:
 
 def route(db_config, input_data, sql_provider, name) -> InfoRespronse:
     _sql = sql_provider.get(name, input_data)
-    print("sql = ", _sql)
+    # print("sql = ", _sql)
     result = select_list(db_config, _sql)
-    if result is None or len(result) == 0:
-        return InfoRespronse(result, error_message = 'Произошла ошибка на этапе авторизации :(', status=False)
+    if result is None:
+        return InfoRespronse(result, error_message = 'Произошла ошибка на этапе авторизации', status=False)
+    elif len(result) == 0:
+        return InfoRespronse(result, error_message = 'Пользователь не найден', status=False)
     return InfoRespronse(result, error_message='', status=True)
\ No newline at end of file
diff --git a/App/Auth/sql/auth.sql b/App/Auth/sql/auth.sql
index b8f6e0b..33bc64a 100644
--- a/App/Auth/sql/auth.sql
+++ b/App/Auth/sql/auth.sql
@@ -1,4 +1,3 @@
-SELECT login, role FROM user_table
-WHERE 1=1
-AND login = '$login'
+SELECT login, user_role FROM $table
+WHERE login = '$login'
 AND password = '$password';
\ No newline at end of file
diff --git a/App/Auth/templates/auth.html b/App/Auth/templates/auth.html
index 1c62c3f..5ce4b62 100644
--- a/App/Auth/templates/auth.html
+++ b/App/Auth/templates/auth.html
@@ -13,6 +13,7 @@
             <input type="text" name="login" required>
             <label for="password">Пароль: </label>
             <input type="password" name="password" required><br>
+            <p><input type="checkbox" name="internal">Внутренний пользователь</p>
             <input type="submit" value="Вход">
         </form>
     </div>
diff --git a/App/Auth/templates/error.html b/App/Auth/templates/error.html
index c779d6c..bff5bb4 100644
--- a/App/Auth/templates/error.html
+++ b/App/Auth/templates/error.html
@@ -8,6 +8,6 @@
 <body>
     <h1>Сожалеем</h1>
     <p>{{ error_message }}</p>
-    <p><a href="{{ url_for('auth_bp.auth') }}">Вернуться</a></p>
+    <a href="{{ url_for('index') }}"><button>На главную страницу</button></a>
 </body>
 </html>
diff --git a/App/app.py b/App/app.py
index d8104d1..8952206 100644
--- a/App/app.py
+++ b/App/app.py
@@ -7,6 +7,9 @@ import os, json
 app = Flask(__name__)
 app.secret_key = 'suplex'
 
+# app.config.from_file(os.path.join(os.path.dirname(__file__), 'data/db_access.json'), load=json.load)
+# app.config.from_file(os.path.join(os.path.dirname(__file__), 'data/config.json'), load=json.load)
+
 with open(os.path.join(os.path.dirname(__file__), 'data/db_access.json')) as f:
     app.config['db_access'] = json.load(f)
 with open(os.path.join(os.path.dirname(__file__), 'data/config.json')) as f:
diff --git a/App/checker.py b/App/checker.py
index eff7dd5..e7f61d9 100644
--- a/App/checker.py
+++ b/App/checker.py
@@ -1,4 +1,4 @@
-from flask import redirect, url_for, session, request, current_app
+from flask import redirect, url_for, session, request, current_app, render_template
 from functools import wraps
 
 
@@ -10,18 +10,17 @@ def check_auth(func):
         return func(*args, **kwargs)
     return wrapper
 
-
 def group_required(func):
     @wraps(func)
     def wrapper(*args, **kwargs):
-        if 'role' in session:
-            user_role = session.get('role')
-            user_request = request.endpoint
-            print('request_endpoint=', user_request)
-            user_bp = user_request.split('.')[0]
-            access = current_app.config['db_access']
-            if user_role in access and user_bp in access[user_role]:
-                return func(*args, **kwargs)
-            else:
-                return redirect(url_for('index'))
+        user_role = session.get('role')
+        user_request = request.endpoint
+        print('request_endpoint=', user_request)
+        user_bp = user_request.split('.')[0]
+        access = current_app.config['db_access']
+        if user_role in access and user_bp in access[user_role]:
+            return func(*args, **kwargs)
+        else:
+            return render_template('error.html', error_message='Недостаточно прав')
+            
     return wrapper
\ No newline at end of file
diff --git a/App/data/db_access.json b/App/data/db_access.json
index 116f540..a45fba0 100644
--- a/App/data/db_access.json
+++ b/App/data/db_access.json
@@ -1,4 +1,5 @@
 {
     "manager": ["auth_bp", "requests_bp"],
-    "admin": ["auth_bp", "requests_bp"]
+    "admin": ["auth_bp", "requests_bp"],
+    "sellers": ["auth_bp", "requests_bp"]
   }
\ No newline at end of file
diff --git a/App/templates/error.html b/App/templates/error.html
new file mode 100644
index 0000000..78d23eb
--- /dev/null
+++ b/App/templates/error.html
@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <title>Ошибка</title>
+    <link href="/static/css/auth.css" type="text/css" rel="stylesheet">
+    <link href="/static/css/main.css" type="text/css" rel="stylesheet">
+</head>
+<body>
+    <h1>Сожалеем</h1>
+    <p>{{ error_message }}</p>
+    <a href="{{ url_for('index') }}"><button>На главную страницу</button></a>
+</body>
+</html>
diff --git a/App/templates/index.html b/App/templates/index.html
deleted file mode 100644
index e829fc2..0000000
--- a/App/templates/index.html
+++ /dev/null
@@ -1,16 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-    <meta charset="UTF-8">
-    <title>Привет мир!</title>
-    <link href="static/css/main.css" type="text/css" rel="stylesheet">
-</head>
-<body>
-    <h1>Hello World</h1>
-    <nav class="menu">
-        {% for point in menu %}
-            <a class="middle" href="{{ point['url'] }}">{{ point['name'] }}</a>
-        {% endfor %}
-    </nav>
-</body>
-</html>
\ No newline at end of file