ske087/enterprise_digital-platform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit: enterprise digital platform with portal SSO, DigiServer, IT Assets, NetworkView, Server Monitor

Browse Source
This commit is contained in:
ske087
2026-05-10 21:07:50 +03:00
commit 8d9df56b0b
364 changed files with 73655 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
portal/app/routes/settings.py
+295
View File
@@ -0,0 +1,295 @@
from flask import Blueprint, render_template, redirect, url_for, flash, request, current_app
from flask_login import login_required, current_user
from werkzeug.security import generate_password_hash
from app.extensions import db
from app.models.user import PortalUser
from app.models.app_access import AppAccess
from app.models.api_key import ApiKey
bp = Blueprint('settings', __name__, url_prefix='/settings')
def _sync_user_to_app(app_id, username, role):
"""
Notify an app's internal /internal/sync-user endpoint so the user is
pre-created / role-updated in that app's own DB.
Silently swallows errors so it never breaks the portal flow.
"""
import urllib.request
import json
registered = {a['id']: a for a in current_app.config.get('REGISTERED_APPS', [])}
app_meta = registered.get(app_id)
if not app_meta or not app_meta.get('internal_url'):
return
secret = current_app.config.get('INTERNAL_SYNC_SECRET', '')
url = app_meta['internal_url'].rstrip('/') + '/internal/sync-user'
body = json.dumps({'username': username, 'role': role}).encode()
req = urllib.request.Request(
url,
data=body,
headers={
'Content-Type': 'application/json',
'X-Internal-Token': secret,
},
method='POST',
)
try:
with urllib.request.urlopen(req, timeout=3):
pass
except Exception:
pass # Best-effort; SSO will sync on first login anyway
def _admin_required(f):
from functools import wraps
from flask_login import current_user
from flask import abort
@wraps(f)
def decorated(*args, **kwargs):
if not current_user.is_admin:
abort(403)
return f(*args, **kwargs)
return decorated
@bp.route('/')
@login_required
@_admin_required
def index():
users = PortalUser.query.order_by(PortalUser.username).all()
registered_apps = current_app.config['REGISTERED_APPS']
return render_template('settings/index.html', users=users, registered_apps=registered_apps)
# ── User management ────────────────────────────────────────────────────────────
@bp.route('/users/new', methods=['GET', 'POST'])
@login_required
@_admin_required
def new_user():
registered_apps = current_app.config['REGISTERED_APPS']
if request.method == 'POST':
username = request.form.get('username', '').strip()
email = request.form.get('email', '').strip()
password = request.form.get('password', '')
is_admin = request.form.get('is_admin') == 'on'
if not username or not email or not password:
flash('Username, email and password are required.', 'danger')
return render_template('settings/new_user.html', registered_apps=registered_apps)
if PortalUser.query.filter_by(username=username).first():
flash('Username already exists.', 'danger')
return render_template('settings/new_user.html', registered_apps=registered_apps)
user = PortalUser(
username=username,
email=email,
password_hash=generate_password_hash(password),
is_admin=is_admin,
is_active=True,
)
db.session.add(user)
db.session.flush()
for app in registered_apps:
app_id = app['id']
role_val = request.form.get(f'role_{app_id}', 'none').strip()
if role_val in ('admin', 'user'):
db.session.add(AppAccess(user_id=user.id, app_name=app_id,
is_active=True, app_role=role_val))
db.session.commit()
# Best-effort: pre-create user in each app that supports sync
for app in registered_apps:
app_id = app['id']
role_val = request.form.get(f'role_{app_id}', 'none').strip()
if role_val in ('admin', 'user'):
_sync_user_to_app(app_id, username, role_val)
flash(f'User "{username}" created successfully.', 'success')
return redirect(url_for('settings.index'))
return render_template('settings/new_user.html', registered_apps=registered_apps)
@bp.route('/users/<int:user_id>/access', methods=['POST'])
@login_required
@_admin_required
def update_access(user_id):
user = PortalUser.query.get_or_404(user_id)
registered_apps = current_app.config['REGISTERED_APPS']
for app in registered_apps:
app_id = app['id']
# The UI sends role_<app_id> = 'admin' | 'user' | 'none'
role_val = request.form.get(f'role_{app_id}', 'none').strip()
should_have = role_val in ('admin', 'user')
app_role = role_val if role_val in ('admin', 'user') else None
existing = AppAccess.query.filter_by(user_id=user.id, app_name=app_id).first()
if existing:
existing.is_active = should_have
existing.app_role = app_role
elif should_have:
db.session.add(AppAccess(user_id=user.id, app_name=app_id,
is_active=True, app_role=app_role))
db.session.commit()
# Best-effort: pre-create / update user in each app that supports sync
for app in registered_apps:
app_id = app['id']
role_val = request.form.get(f'role_{app_id}', 'none').strip()
if role_val in ('admin', 'user'):
_sync_user_to_app(app_id, user.username, role_val)
flash(f'Access for "{user.username}" updated.', 'success')
return redirect(url_for('settings.index'))
@bp.route('/users/<int:user_id>/delete', methods=['POST'])
@login_required
@_admin_required
def delete_user(user_id):
if user_id == current_user.id:
flash('You cannot delete your own account.', 'danger')
return redirect(url_for('settings.index'))
user = PortalUser.query.get_or_404(user_id)
db.session.delete(user)
db.session.commit()
flash(f'User "{user.username}" deleted.', 'success')
return redirect(url_for('settings.index'))
# ── API key management ─────────────────────────────────────────────────────────
@bp.route('/api-keys')
@login_required
@_admin_required
def api_keys():
keys = ApiKey.query.order_by(ApiKey.created_at.desc()).all()
registered_apps = current_app.config['REGISTERED_APPS']
users = PortalUser.query.order_by(PortalUser.username).all()
return render_template('settings/api_keys.html', keys=keys, registered_apps=registered_apps, users=users)
@bp.route('/api-keys/new', methods=['POST'])
@login_required
@_admin_required
def new_api_key():
user_id = request.form.get('user_id', type=int)
app_name = request.form.get('app_name', '').strip()
description = request.form.get('description', '').strip()
if not user_id or not app_name:
flash('User and application are required.', 'danger')
return redirect(url_for('settings.api_keys'))
key = ApiKey(
user_id=user_id,
key=ApiKey.generate_key(),
app_name=app_name,
description=description or None,
)
db.session.add(key)
db.session.commit()
flash(f'API key created: {key.key}', 'success')
return redirect(url_for('settings.api_keys'))
@bp.route('/api-keys/<int:key_id>/revoke', methods=['POST'])
@login_required
@_admin_required
def revoke_api_key(key_id):
key = ApiKey.query.get_or_404(key_id)
key.is_active = False
db.session.commit()
flash('API key revoked.', 'success')
return redirect(url_for('settings.api_keys'))
# ── Module management ──────────────────────────────────────────────────────────
@bp.route('/modules')
@login_required
@_admin_required
def modules():
from app.models.module_config import ModuleConfig
from app.services import module_manager
registered_apps = current_app.config['REGISTERED_APPS']
cfg_map = {m.app_id: m for m in ModuleConfig.query.all()}
module_statuses = []
for app in registered_apps:
cfg = cfg_map.get(app['id'])
enabled = cfg.enabled if cfg else True
running = module_manager.is_running(app['id'])
module_statuses.append({
'app': app,
'enabled': enabled,
'running': running,
})
return render_template('settings/modules.html', module_statuses=module_statuses)
@bp.route('/modules/<app_id>/toggle', methods=['POST'])
@login_required
@_admin_required
def toggle_module(app_id):
from app.models.module_config import ModuleConfig
from app.services import module_manager
registered_ids = {a['id'] for a in current_app.config['REGISTERED_APPS']}
if app_id not in registered_ids:
flash('Unknown application.', 'danger')
return redirect(url_for('settings.modules'))
action = request.form.get('action') # 'enable' or 'disable'
if action not in ('enable', 'disable'):
flash('Invalid action.', 'danger')
return redirect(url_for('settings.modules'))
cfg = ModuleConfig.query.filter_by(app_id=app_id).first()
if cfg is None:
cfg = ModuleConfig(app_id=app_id, enabled=True)
db.session.add(cfg)
app_meta = next(a for a in current_app.config['REGISTERED_APPS'] if a['id'] == app_id)
name = app_meta['name']
if action == 'disable':
cfg.enabled = False
db.session.commit()
module_manager.write_module_state(app_id, False)
if module_manager.is_running(app_id):
module_manager.stop_service(app_id)
flash(f'{name} has been disabled and stopped.', 'success')
else:
flash(f'{name} has been disabled.', 'success')
else: # enable
cfg.enabled = True
db.session.commit()
module_manager.write_module_state(app_id, True)
if not module_manager.is_running(app_id):
ok = module_manager.start_service(app_id)
if ok:
flash(f'{name} has been enabled and is starting up.', 'success')
else:
flash(
f'{name} enabled. No launch spec found — '
'run ./start-dev.sh to start it.',
'warning',
)
else:
flash(f'{name} is already running and has been re-enabled.', 'success')
return redirect(url_for('settings.modules'))