updated creation of the database for users

py_app/app/routes.py

@@ -9,7 +9,14 @@ from reportlab.pdfgen import canvas
 from flask import Blueprint, render_template, request, redirect, url_for, flash
 import csv
 from .warehouse import add_location
-from .settings import settings_handler, edit_access_roles_handler
+from .settings import (
+    settings_handler, 
+    edit_access_roles_handler, 
+    create_user_handler, 
+    edit_user_handler, 
+    delete_user_handler, 
+    save_external_db_handler
+)
 
 bp = Blueprint('main', __name__)
 warehouse_bp = Blueprint('warehouse', __name__)
@@ -53,8 +60,18 @@ def get_db_connection():
 def login():
     import sqlite3
     if request.method == 'POST':
-        username = request.form['username']
+        # Debug: print all form data received
-        password = request.form['password']
+        print("All form data received:", dict(request.form))
+        
+        # Safely get username and password with fallback
+        username = request.form.get('username', '').strip()
+        password = request.form.get('password', '').strip()
+        
+        if not username or not password:
+            print("Missing username or password")
+            flash('Please enter both username and password.')
+            return render_template('login.html')
+            
         user = None
         print("Raw form input:", repr(username), repr(password))
         
@@ -233,98 +250,19 @@ def logout():
 
 @bp.route('/create_user', methods=['POST'])
 def create_user():
-    if 'role' not in session or session['role'] != 'superadmin':
+    return create_user_handler()
-        flash('Access denied: Superadmin only.')
-        return redirect(url_for('main.settings'))
-
-    username = request.form['username']
-    password = request.form['password']
-    role = request.form['role']
-
-    # Check if the username already exists
-    if User.query.filter_by(username=username).first():
-        flash('User already exists.')
-        return redirect(url_for('main.settings'))
-
-    # Create a new user
-    new_user = User(username=username, password=password, role=role)
-    db.session.add(new_user)
-    db.session.commit()
-
-    flash('User created successfully.')
-    return redirect(url_for('main.settings'))
 
 @bp.route('/edit_user', methods=['POST'])
 def edit_user():
-    if 'role' not in session or session['role'] != 'superadmin':
+    return edit_user_handler()
-        flash('Access denied: Superadmin only.')
-        return redirect(url_for('main.settings'))
-
-    user_id = request.form['user_id']
-    password = request.form['password']
-    role = request.form['role']
-
-    # Fetch the user from the database
-    user = User.query.get(user_id)
-    if not user:
-        flash('User not found.')
-        return redirect(url_for('main.settings'))
-
-    # Update the user's details
-    if password:
-        user.password = password
-    user.role = role
-    db.session.commit()
-
-    flash('User updated successfully.')
-    return redirect(url_for('main.settings'))
 
 @bp.route('/delete_user', methods=['POST'])
 def delete_user():
-    if 'role' not in session or session['role'] != 'superadmin':
+    return delete_user_handler()
-        flash('Access denied: Superadmin only.')
-        return redirect(url_for('main.settings'))
-
-    user_id = request.form['user_id']
-
-    # Fetch the user from the database
-    user = User.query.get(user_id)
-    if not user:
-        flash('User not found.')
-        return redirect(url_for('main.settings'))
-
-    # Delete the user
-    db.session.delete(user)
-    db.session.commit()
-
-    flash('User deleted successfully.')
-    return redirect(url_for('main.settings'))
 
 @bp.route('/save_external_db', methods=['POST'])
 def save_external_db():
-    if 'role' not in session or session['role'] != 'superadmin':
+    return save_external_db_handler()
-        flash('Access denied: Superadmin only.')
-        return redirect(url_for('main.settings'))
-
-    # Get form data
-    server_domain = request.form['server_domain']
-    port = request.form['port']
-    database_name = request.form['database_name']
-    username = request.form['username']
-    password = request.form['password']
-
-    # Save data to a file in the instance folder
-    settings_file = os.path.join(current_app.instance_path, 'external_server.conf')
-    os.makedirs(os.path.dirname(settings_file), exist_ok=True)
-    with open(settings_file, 'w') as f:
-        f.write(f"server_domain={server_domain}\n")
-        f.write(f"port={port}\n")
-        f.write(f"database_name={database_name}\n")
-        f.write(f"username={username}\n")
-        f.write(f"password={password}\n")
-
-    flash('External database settings saved/updated successfully.')
-    return redirect(url_for('main.settings'))
 
 @bp.route('/get_report_data', methods=['GET'])
 def get_report_data():

py_app/app/settings.py

@@ -1,6 +1,8 @@
-from flask import render_template, request, session, redirect, url_for, flash
+from flask import render_template, request, session, redirect, url_for, flash, current_app
 from .models import User
 from . import db
+import mariadb
+import os
 
 # Settings module logic
 import sqlite3
@@ -60,17 +62,224 @@ def settings_handler():
     if 'role' not in session or session['role'] != 'superadmin':
         flash('Access denied: Superadmin only.')
         return redirect(url_for('main.dashboard'))
-    users = User.query.all()
+    
+    # Get users from external MariaDB database
+    users = []
+    try:
+        conn = get_external_db_connection()
+        cursor = conn.cursor()
+        
+        # Create users table if it doesn't exist
+        cursor.execute('''
+            CREATE TABLE IF NOT EXISTS users (
+                id INT AUTO_INCREMENT PRIMARY KEY,
+                username VARCHAR(50) UNIQUE NOT NULL,
+                password VARCHAR(255) NOT NULL,
+                role VARCHAR(50) NOT NULL
+            )
+        ''')
+        
+        # Get all users from external database
+        cursor.execute("SELECT id, username, password, role FROM users")
+        users_data = cursor.fetchall()
+        
+        # Convert to list of dictionaries for template compatibility
+        users = []
+        for user_data in users_data:
+            users.append({
+                'id': user_data[0],
+                'username': user_data[1], 
+                'password': user_data[2],
+                'role': user_data[3]
+            })
+        
+        conn.close()
+        
+    except Exception as e:
+        print(f"Error fetching users from external database: {e}")
+        flash(f'Error loading users: {e}')
+    
     # Load external database settings from the instance folder
     external_settings = {}
-    import os
-    from flask import current_app
     settings_file = os.path.join(current_app.instance_path, 'external_server.conf')
     if os.path.exists(settings_file):
         with open(settings_file, 'r') as f:
             for line in f:
                 key, value = line.strip().split('=', 1)
                 external_settings[key] = value
+    
     return render_template('settings.html', users=users, external_settings=external_settings)
 
-# Add more settings-related functions here as needed
+# Helper function to get external database connection
+def get_external_db_connection():
+    """Reads the external_server.conf file and returns a MariaDB database connection."""
+    settings_file = os.path.join(current_app.instance_path, 'external_server.conf')
+    if not os.path.exists(settings_file):
+        raise FileNotFoundError("The external_server.conf file is missing in the instance folder.")
+
+    # Read settings from the configuration file
+    settings = {}
+    with open(settings_file, 'r') as f:
+        for line in f:
+            key, value = line.strip().split('=', 1)
+            settings[key] = value
+
+    # Create a database connection
+    return mariadb.connect(
+        user=settings['username'],
+        password=settings['password'],
+        host=settings['server_domain'],
+        port=int(settings['port']),
+        database=settings['database_name']
+    )
+
+# User management handlers
+def create_user_handler():
+    if 'role' not in session or session['role'] != 'superadmin':
+        flash('Access denied: Superadmin only.')
+        return redirect(url_for('main.settings'))
+
+    username = request.form['username']
+    password = request.form['password']
+    role = request.form['role']
+
+    try:
+        # Connect to external MariaDB database
+        conn = get_external_db_connection()
+        cursor = conn.cursor()
+        
+        # Create users table if it doesn't exist
+        cursor.execute('''
+            CREATE TABLE IF NOT EXISTS users (
+                id INT AUTO_INCREMENT PRIMARY KEY,
+                username VARCHAR(50) UNIQUE NOT NULL,
+                password VARCHAR(255) NOT NULL,
+                role VARCHAR(50) NOT NULL
+            )
+        ''')
+        
+        # Check if the username already exists
+        cursor.execute("SELECT id FROM users WHERE username = %s", (username,))
+        if cursor.fetchone():
+            flash('User already exists.')
+            conn.close()
+            return redirect(url_for('main.settings'))
+
+        # Create a new user in external MariaDB
+        cursor.execute("""
+            INSERT INTO users (username, password, role)
+            VALUES (%s, %s, %s)
+        """, (username, password, role))
+        
+        conn.commit()
+        conn.close()
+        flash('User created successfully in external database.')
+        
+    except Exception as e:
+        print(f"Error creating user in external database: {e}")
+        flash(f'Error creating user: {e}')
+
+    return redirect(url_for('main.settings'))
+
+def edit_user_handler():
+    if 'role' not in session or session['role'] != 'superadmin':
+        flash('Access denied: Superadmin only.')
+        return redirect(url_for('main.settings'))
+
+    user_id = request.form.get('user_id')
+    password = request.form.get('password', '').strip()
+    role = request.form.get('role')
+
+    if not user_id or not role:
+        flash('Missing required fields.')
+        return redirect(url_for('main.settings'))
+
+    try:
+        # Connect to external MariaDB database
+        conn = get_external_db_connection()
+        cursor = conn.cursor()
+        
+        # Check if the user exists
+        cursor.execute("SELECT id FROM users WHERE id = %s", (user_id,))
+        if not cursor.fetchone():
+            flash('User not found.')
+            conn.close()
+            return redirect(url_for('main.settings'))
+
+        # Update the user's details in external MariaDB
+        if password:  # Only update password if provided
+            cursor.execute("""
+                UPDATE users SET password = %s, role = %s WHERE id = %s
+            """, (password, role, user_id))
+            flash('User updated successfully (including password).')
+        else:  # Just update role if no password provided
+            cursor.execute("""
+                UPDATE users SET role = %s WHERE id = %s
+            """, (role, user_id))
+            flash('User role updated successfully.')
+        
+        conn.commit()
+        conn.close()
+        
+    except Exception as e:
+        print(f"Error updating user in external database: {e}")
+        flash(f'Error updating user: {e}')
+
+    return redirect(url_for('main.settings'))
+
+def delete_user_handler():
+    if 'role' not in session or session['role'] != 'superadmin':
+        flash('Access denied: Superadmin only.')
+        return redirect(url_for('main.settings'))
+
+    user_id = request.form['user_id']
+
+    try:
+        # Connect to external MariaDB database
+        conn = get_external_db_connection()
+        cursor = conn.cursor()
+        
+        # Check if the user exists
+        cursor.execute("SELECT id FROM users WHERE id = %s", (user_id,))
+        if not cursor.fetchone():
+            flash('User not found.')
+            conn.close()
+            return redirect(url_for('main.settings'))
+
+        # Delete the user from external MariaDB
+        cursor.execute("DELETE FROM users WHERE id = %s", (user_id,))
+        
+        conn.commit()
+        conn.close()
+        flash('User deleted successfully from external database.')
+        
+    except Exception as e:
+        print(f"Error deleting user from external database: {e}")
+        flash(f'Error deleting user: {e}')
+
+    return redirect(url_for('main.settings'))
+
+def save_external_db_handler():
+    if 'role' not in session or session['role'] != 'superadmin':
+        flash('Access denied: Superadmin only.')
+        return redirect(url_for('main.settings'))
+
+    # Get form data
+    server_domain = request.form['server_domain']
+    port = request.form['port']
+    database_name = request.form['database_name']
+    username = request.form['username']
+    password = request.form['password']
+
+    # Save data to a file in the instance folder
+    settings_file = os.path.join(current_app.instance_path, 'external_server.conf')
+    os.makedirs(os.path.dirname(settings_file), exist_ok=True)
+    with open(settings_file, 'w') as f:
+        f.write(f"server_domain={server_domain}\n")
+        f.write(f"port={port}\n")
+        f.write(f"database_name={database_name}\n")
+        f.write(f"username={username}\n")
+        f.write(f"password={password}\n")
+
+    flash('External database settings saved/updated successfully.')
+    return redirect(url_for('main.settings'))

py_app/app/templates/settings.html

@@ -12,7 +12,7 @@
                 <span class="user-name">{{ user.username }}</span>
                 <span class="user-role">Role: {{ user.role }}</span>
                 <button class="btn edit-user-btn" data-user-id="{{ user.id }}" data-username="{{ user.username }}" data-email="{{ user.email if user.email else '' }}" data-role="{{ user.role }}">Edit User</button>
-                <button class="btn delete-btn">Delete User</button>
+                <button class="btn delete-btn delete-user-btn" data-user-id="{{ user.id }}" data-username="{{ user.username }}">Delete User</button>
             </li>
             {% endfor %}
         </ul>
@@ -48,10 +48,11 @@
     <div class="popup-content" style="margin:auto; padding:32px; border-radius:8px; box-shadow:0 2px 8px #333; min-width:320px; max-width:400px; text-align:center;">
         <h3 id="user-popup-title">Create/Edit User</h3>
         <form id="user-form" method="POST" action="{{ url_for('main.create_user') }}">
+            <input type="hidden" id="user-id" name="user_id">
             <label for="username">Username:</label>
             <input type="text" id="username" name="username" required>
-            <label for="email">Email Address:</label>
+            <label for="email">Email (Optional):</label>
-            <input type="email" id="email" name="email" required>
+            <input type="email" id="email" name="email">
             <label for="password">Password:</label>
             <input type="password" id="password" name="password" required>
             <label for="role">Role:</label>
@@ -87,21 +88,43 @@ document.getElementById('create-user-btn').onclick = function() {
     document.getElementById('user-popup-title').innerText = 'Create User';
     document.getElementById('user-form').reset();
     document.getElementById('user-form').setAttribute('action', '{{ url_for("main.create_user") }}');
+    document.getElementById('user-id').value = '';
+    document.getElementById('password').required = true;
+    document.getElementById('password').placeholder = '';
+    document.getElementById('username').readOnly = false;
 };
+
 document.getElementById('close-user-popup-btn').onclick = function() {
     document.getElementById('user-popup').style.display = 'none';
 };
+
 // Edit User button logic
 Array.from(document.getElementsByClassName('edit-user-btn')).forEach(function(btn) {
     btn.onclick = function() {
         document.getElementById('user-popup').style.display = 'flex';
         document.getElementById('user-popup-title').innerText = 'Edit User';
+        document.getElementById('user-id').value = btn.getAttribute('data-user-id');
         document.getElementById('username').value = btn.getAttribute('data-username');
-        document.getElementById('email').value = btn.getAttribute('data-email');
         document.getElementById('role').value = btn.getAttribute('data-role');
         document.getElementById('password').value = '';
-        document.getElementById('user-form').setAttribute('action', '/edit_user/' + btn.getAttribute('data-user-id'));
+        document.getElementById('password').required = false;
+        document.getElementById('password').placeholder = 'Leave blank to keep current password';
+        document.getElementById('username').readOnly = true;
+        document.getElementById('user-form').setAttribute('action', '{{ url_for("main.edit_user") }}');
     };
 });
+
+// Delete User button logic  
+Array.from(document.getElementsByClassName('delete-user-btn')).forEach(function(btn) {
+    btn.onclick = function() {
+        document.getElementById('delete-user-popup').style.display = 'flex';
+        document.getElementById('delete-username').innerText = btn.getAttribute('data-username');
+        document.getElementById('delete-user-id').value = btn.getAttribute('data-user-id');
+    };
+});
+
+document.getElementById('close-delete-popup-btn').onclick = function() {
+    document.getElementById('delete-user-popup').style.display = 'none';
+};
 </script>
 {% endblock %}