added tracking of who added which part; requires database update though.

parts/server.py

@@ -6,7 +6,7 @@ from functools import wraps
 from sqlalchemy.sql import select
 from sqlalchemy.sql import text
 from flask import Flask
-from flask import render_template, send_from_directory, request, Response, send_file
+from flask import render_template, send_from_directory, request, Response, send_file, session
 from PIL import Image, ImageDraw
 from io import BytesIO
 from os import listdir
@@ -30,12 +30,21 @@ def getContainers():
     return containers
 
 def check_auth(username, password):
-    admin_list = []
+    query = "select id, password from users where username=:usrnm;"
-    with open('edit_admin.json', 'r') as admin:
+    r = db_engine.execute(text(query), usrnm=username)
-        admin_list = json.load(admin)
+    results = []
-    for user in admin_list:
+    for row in r:
-        if username == user['username']:
+        results.append(dict(row))
-            return password == user['password']
+    r.close()
+    if len(results)!=1:
+        return False;
+
+    if results[0]['password']==password:
+        session['uid'] = results[0]['id']
+        print (session['uid'])
+        return True
+    else:
+        return False
 
 def authenticate():
     return Response('Could not verify access level. Please retry', 401, {'WWW-Authenticate' :  'Basic realm="Login Required"'})
@@ -97,7 +106,7 @@ def alterLocation(locationID):
     if locationID < 0:
         # New entry
         s =  'insert into locations (name, container_id) '
-        s += 'values (:name, :container);'
+        s += 'values (:name, :container, :userid);'
         s = text(s)
         r = db_engine.execute(s,name=request.form['name'],container=request.form['container']);
         r.close()
@@ -201,8 +210,8 @@ def alter(partID):
     r = {}
     if partID < 0:
         # New entry
-        s =  'insert into parts (partno, description, datasheet, location_id) '
+        s =  'insert into parts (partno, description, datasheet, location_id, whoadded) '
-        s += 'values (:partno, :description, :datasheet, :location_id) returning id;'
+        s += 'values (:partno, :description, :datasheet, :location_id, :user_id) returning id;'
         s = text(s)
         if len(request.files) != 0:
             datasheet_file = request.files['datasheet-file']
@@ -223,7 +232,9 @@ def alter(partID):
         r = db_engine.execute(s, partno=request.form['partno'],
                                  description=request.form['description'],
                                  datasheet=datasheet_filename,
-                                 location_id=request.form['location_id'])
+                                 location_id=request.form['location_id'],
+                                 user_id=session['uid']
+                                 )
     else:
         # Modify entry
         r = db_engine.execute(text('select * from parts where id=:id;'), id=partID)
@@ -316,6 +327,8 @@ def connect(user, password, db, host='localhost', port=5432):
     return con, meta
 
 if __name__ == '__main__':
+    app.secret_key = 'asuiygdiahsdo[ainsfl]asfkjnb;asklnj'
+    app.config['SESSION_TYPE'] = 'memcached'
     with open('admin.json') as f:
         postgres_credentials = json.load(f)
     db_engine, db_metadata = connect(postgres_credentials['username'], postgres_credentials['password'], 'parts_v2')