updated access

2025-11-06 21:33:52 +02:00
parent 9571526e0a
commit 7f19a4e94c
5 changed files with 383 additions and 5 deletions
--- a/py_app/app/daily_mirror.py
+++ b/py_app/app/daily_mirror.py
@@ -28,15 +28,21 @@ def check_daily_mirror_access():
        
    # Superadmin has access to everything
    user_role = session.get('role', '')
+    user_modules = session.get('modules', [])
+    
+    # Debug logging
+    print(f"Daily Mirror Access Check - User: {session.get('user')}, Role: {user_role}, Modules: {user_modules}")
+    
    if user_role == 'superadmin':
        return None  # Access granted
    
    # Check if user has daily_mirror module access
-    user_modules = session.get('modules', [])
    if 'daily_mirror' not in user_modules:
+        print(f"Access DENIED - daily_mirror not in modules: {user_modules}")
        flash('Access denied: Daily Mirror module access required.')
        return redirect(url_for('main.dashboard'))
    
+    print("Access GRANTED to Daily Mirror")
    return None  # Access granted


--- a/py_app/app/routes.py
+++ b/py_app/app/routes.py
@@ -1704,13 +1704,12 @@ def generate_fg_report():
    return jsonify(data)

@bp.route('/etichete')
+@requires_labels_module
 def etichete():
-    if 'role' not in session or session['role'] not in ['superadmin', 'admin', 'administrator', 'etichete']:
-        flash('Access denied: Etichete users only.')
-        return redirect(url_for('main.dashboard'))
    return render_template('main_page_etichete.html')

@bp.route('/upload_data', methods=['GET', 'POST'])
+@requires_labels_module
 def upload_data():
    if request.method == 'POST':
        action = request.form.get('action', 'preview')
@@ -1921,6 +1920,7 @@ def upload_orders():
    return redirect(url_for('main.upload_data'))

@bp.route('/print_module')
+@requires_labels_module
 def print_module():
    try:
        # Get unprinted orders data
@@ -1932,6 +1932,7 @@ def print_module():
        return render_template('print_module.html', orders=[])

@bp.route('/print_lost_labels')
+@requires_labels_module
 def print_lost_labels():
    """Print lost labels module - shows orders with printed labels for reprinting"""
    try:
@@ -1945,6 +1946,7 @@ def print_lost_labels():
        return render_template('print_lost_labels.html', orders=[])

@bp.route('/view_orders')
+@requires_labels_module
 def view_orders():
    """View all orders in a table format"""
    try: