added tracking of who added which part; requires database update though.

master
Marek Baczynski 6 years ago
parent e5f6341d4e
commit e3f25e76f2

@ -6,7 +6,7 @@ from functools import wraps
from sqlalchemy.sql import select
from sqlalchemy.sql import text
from flask import Flask
from flask import render_template, send_from_directory, request, Response, send_file
from flask import render_template, send_from_directory, request, Response, send_file, session
from PIL import Image, ImageDraw
from io import BytesIO
from os import listdir
@ -30,12 +30,21 @@ def getContainers():
return containers
def check_auth(username, password):
admin_list = []
with open('edit_admin.json', 'r') as admin:
admin_list = json.load(admin)
for user in admin_list:
if username == user['username']:
return password == user['password']
query = "select id, password from users where username=:usrnm;"
r = db_engine.execute(text(query), usrnm=username)
results = []
for row in r:
results.append(dict(row))
r.close()
if len(results)!=1:
return False;
if results[0]['password']==password:
session['uid'] = results[0]['id']
print (session['uid'])
return True
else:
return False
def authenticate():
return Response('Could not verify access level. Please retry', 401, {'WWW-Authenticate' : 'Basic realm="Login Required"'})
@ -97,7 +106,7 @@ def alterLocation(locationID):
if locationID < 0:
# New entry
s = 'insert into locations (name, container_id) '
s += 'values (:name, :container);'
s += 'values (:name, :container, :userid);'
s = text(s)
r = db_engine.execute(s,name=request.form['name'],container=request.form['container']);
r.close()
@ -201,8 +210,8 @@ def alter(partID):
r = {}
if partID < 0:
# New entry
s = 'insert into parts (partno, description, datasheet, location_id) '
s += 'values (:partno, :description, :datasheet, :location_id) returning id;'
s = 'insert into parts (partno, description, datasheet, location_id, whoadded) '
s += 'values (:partno, :description, :datasheet, :location_id, :user_id) returning id;'
s = text(s)
if len(request.files) != 0:
datasheet_file = request.files['datasheet-file']
@ -223,7 +232,9 @@ def alter(partID):
r = db_engine.execute(s, partno=request.form['partno'],
description=request.form['description'],
datasheet=datasheet_filename,
location_id=request.form['location_id'])
location_id=request.form['location_id'],
user_id=session['uid']
)
else:
# Modify entry
r = db_engine.execute(text('select * from parts where id=:id;'), id=partID)
@ -316,6 +327,8 @@ def connect(user, password, db, host='localhost', port=5432):
return con, meta
if __name__ == '__main__':
app.secret_key = 'asuiygdiahsdo[ainsfl]asfkjnb;asklnj'
app.config['SESSION_TYPE'] = 'memcached'
with open('admin.json') as f:
postgres_credentials = json.load(f)
db_engine, db_metadata = connect(postgres_credentials['username'], postgres_credentials['password'], 'parts_v2')

Loading…
Cancel
Save