From 8a7aa193dc224d1f1493013de98278bcf0efb6cb Mon Sep 17 00:00:00 2001 From: Scheianu Ionut Date: Sun, 14 Sep 2025 21:26:29 +0300 Subject: [PATCH] updated permissions --- py_app/app/__pycache__/routes.cpython-312.pyc | Bin 47935 -> 52083 bytes .../app/__pycache__/settings.cpython-312.pyc | Bin 20064 -> 24175 bytes py_app/app/routes.py | 128 ++- py_app/app/settings.py | 113 +++ py_app/app/templates/quality.html | 2 + py_app/app/templates/role_permissions.html | 914 ++++++------------ py_app/documentation.md | 594 ++++++++---- 7 files changed, 957 insertions(+), 794 deletions(-) diff --git a/py_app/app/__pycache__/routes.cpython-312.pyc b/py_app/app/__pycache__/routes.cpython-312.pyc index 31ec46bc1b1330cd3860c52cfe9870066e501462..f3b6de2d6639f5ed36d70c4d0bff70b6a18a7565 100644 GIT binary patch delta 10223 zcmb_i33wF8mF}MIp8M1}x(AR1BY~~~gv6}_Fd%W7aC$tb8zeE(C^aJvd4|DWC&6oC z3}wgQ*npFm!;mcYgoNbVO$a`+35N&EUdxkgjYn!PQxjZY*tFoY7oqE8_QUUC9R}fwm!^loUD{}uc8lDX3~S%2HMVBB)3`;ZmKEe>1n726*XfVYGxX$k)aOVm*pA+VxBZ7 zRWf0=oINIlIcautRn**ZsCj9qc`9oDIMjkP)O;1Sa2%>B4YeSJqQ8)Gq=jlOTbm;_ zrE&#})n;9iX4{<7(_MgWQFG5jt~He_Xj5(5(`*-|^i-!SloqFQ1*=r_>NNBcRli2n zuT9h6lhRMPcidN5mxfxZqCPbawLT5COes%}qDdR%Y`|&Ky358i+;SDS=`V1b({OEj zc=s0igzhcgNW1lZkcw*03;u`Zj zP$$IBKrloW(B1ZaehU4-KA*3pRgPR~9VlnSmO3^V%hyA4Aa|kP@7fk1JucZ7^0|o8 zp>*w3Mh+><0y#crE52T~RcT*EV7LKH6LS7{8qUvDh`K6$=)jSPUYeleCA1 zUA<%{D3`^wuAr0(AX+wY?p8EmE)`6veu)mV7$dU<&87ni{>cK(HoOn zpo*L+XDs(Y-mM`K)Vb)@DHUM*yD7ybQ7jnez{NlyVjNv?GLN>oD|t_BkGoUSr`*v0 zsH)U@5x1V^SI_0kV(Y8#7ot8akx{S)S%;}^6gyD(K_s*tfu5eO5b42^b}W%v2?-E_ zjhWDIQ$ih`Fb-G~x~=5z5cV*N&!G4$iqD}aL$MzPL4ma-XuW6Z)DUJL0l_+{Ys`-g z5AqNqP<%Uf&@)YFYQj9e8QBfOEwWFV5c&drX`gg#8zr>RF9Q7`au_T)p8jd(OlasC z^-WC=pbMT9!ed;!CQKbf@r4vNj>!`M(89cRJN12w2TiWH=z{P2t@;HEM%)zK!Hq#B z1M(E8jo?J>B!z>f;<#80P8w!4)sHwSx`PvwtoW5wEJp!g1vlhLM0)5;vli!$*cOko zrS^uL{4YXbMtba%22Evgu?$QXG$c*W@FZuv>9K~KyyH-qi&Z^?S|pnRM|DUEhG?WQ zuT2Yi0sh~90U%FtGB0cVTn``NcuWg^O^*=ad&G#QM~VnN+KAYri%3i-`t?1Ah_=TV z(c$7Ktm)3dMb9Qlof@<|ra(jGfKHNisZxd&piGqYsj}2_4QIew4G@7jqGw2bYOND7 zgbkG6S|~=0VIz%aW!Yt8%8uv4#_kgO-1-8Ksf&x4!=@H)i=E>(iyRlRM63~8#2&VW zZDG4?dPWGF!hw z73lTvsUk=XXZS?^c9_MK-5~`i+3%INdOHHWy-G)@E71GV#x4kfIn~V0 zy92`+{*vKp{~E&?$1xluOFH+EMHu18S_g1sM%V!y3B>{FsD%ZkTQgYp!eU>U&#NCj*6d>CZ`~lo*$guVI}303u-@jV9>r4hDJ?*(nFn6v?vk0T*LY zmp|Z>fjk+br@cxL=rxO+N5726Uc}U0N$(}psyvzyvEn3~jxIe9Af+a>z`jba%m_6h z$^AWjLBe>|nXKooRjA&{x3DsmS4j-B$f)G&D8_PW!Zz9-9xo%`qD4 za|_70@rK#8zvc0&AzNm=pz=o4RypLZjN4r&vToSRhs=dX*4{8reB124VRoOcddu7} ztOFbHmm+z1MSr+HE+nX}Q-r12*;3BE zQf_F?5MHTvwpxT&bv&eBwMZc8YYnSYOY2Q|ujMOm8$6)?S9fhto~ngQm*3Seaa9PpVF>RH{>F4Rm*7Q*>mVkJOs( z5weNA6wo`q?~zwPzdyaMse`7fxLB2}t8}!k(SwZfK9X}HJ=j>eY9xmIJH(KGcL(G( zz#m8tV%ngoIxbejQG{-GuSxqu^mirpz@m-9qEbkoF_PD@C=TKybMs2qqJB7jXb#8< zc>~J_QM`%bEfoKP;%yW|AQJrafhKxl+2mN$(&-wv>WJJx#7|M&(Mjz1^5->Cwzyk| zAjU}|Iuv>XyU1iL+loS6?FOhVyDfjedLCsXL%TzYKBeTH`-pWy4suc+jo&0nJn{T2LsF~5I}hW|0W)O*>9ogB6nnyMNW zP!J}02!hnorvr7G?HYPL@Y!585Pk;=RSRkI2YPVVWK$;?kdH9`aqQW?PKo~s)$aUW z;UBT&6YQ*~N9_Pg{~XAnRlAmcQdRsJ`psQoIL?^9yG8t~74YxUe+-w4ACEepQ$%2= z_=!>R@6kxaE#kJFMRY0R`NW9cr*(U$I85l(jKYF~<6}GaI{4`O*aYJ`*Vx`fet{6| zO$j}m$-!<4*8FN8N*LGq{QU}>jT1t!zXya8Vw2)%mviS3?6Aq+$hw>*2&V@fA!Un< zy+t9vMD=J7v?{y1g19SU+TfV32*6(<`oock;E>WQhZ0(tm*Gixd^-&a6HnLgn{8md zHV42s8x|(#Lg=l%u=|7Ki)5E26T#rOvFrQZGxPsOW1nAXDZ?uEgK!Jv&(!|d#OQmF zX?GjQI@GX1s1CT~2peq^0op0KF3_jFl!R{@B)>-cG7ON_!3G$MQ4fmL$V!F@o6fEM zBW<81Q^4krv2Q+hKd&qTEH3=fF8SNZ2hF27nMXR7H9P8|8hc1cp=3c8W$77p87gbH zY4DUHB&mqelMVXd>?~Nj()-tC)AQMSF~Wx=dMPtYG{EwguA*>ck-nhkyDfNRQLagI zW(;d&Q$Ig;BA*_ zE^HE}p(QnHjAD9V^y9sz`DF>-n`FDpYXNd*|Oj#XJ@m#VTQKTeiBA#B~or|zUMJobU|>qZ*E4#!7Xc%(&^ zr@i3Bu=R_aJn2~><&V7=eC$%WR4$Xt<;n6CISWspWVf8P&5-6FcUBN;Cw$e>H?3g) zD%1VRQzMREXBuW&*ba48jUd%6C>+aGGfmC2Ld22QQ#|r?>{oQ!letm$L7|1+*xc}( z!8-oTXM{tV1DPV%p^50j5}bjV{(jdJvvn`z|BJ34lOUIt0M{95(mtJ|nn94I~?H6)4FpI}E z2e$o9wmIVimvbW$9Py>RZG9yyLsXc$ZhcxRFW}O|?@4_R+yZb1*s}KIb zfB#MIQ#;<1To-Xz)sXlDbCV%W`pb~qV_vH=;&s9 z(Ll@H4>CvhXF<4_`gDI6fekX;Rk5q8t-he*!gDZ~}G($>z9Tgd9M@ z)|lVMR5?0gll;G9maR(v9#U}Ps7~u-27+*wA~P|i&V&g)@#%LZ*Ns6MKbEH{<>{}E zDRAkx>Uido`2fy`IV|`zRIra5)^mF66Q8=FEBuP?wDvjM`8jX6=Kt81Gn896l)dSu zBsh(?Il*p%O`OFJJ3G4_&*$vJ##sOH`^D%o@OH9hMHTnG+=cdK1>EH+JY+6cR4;dN zFXz{_>9|+S8Yp?i*4XCZUNvO2RcT)>$i{Sy0OhYvFKaL2UdzjFcZ#o7*)cuO4&~ps zHD|BTa6c@yLgt5cIV;@OEBXvbUnwvwFA}blRxNi5S2LnKWUgk4pt$OkFkOURueuCv zqHxu1Up`;B+Mvaf`4W^|6H$9jXK1SwuG#Hv<-#==YOj?`SW?NfRT4yZ&0}cK7Ou^) zw%dj4M#NmVOHgt>8!^|N5=45v$gsJ6zHq(V+TJK!pUyyy5|+$I(CZq*igMv~lYPYm z;q?O4zCJ<1l5#z!s|+h$!t3?LD+`2pHV^4|fdq2EP_4i{aVOjc(evd`k6!V`pZCo1 z!q*dhsyan?kY!AQEML0fh%eEsBNMHBdZ7=bvnaOR>+K+%WG>*UP5MGr)?_JzoVd(*7IOTvizyO3`y{x!fl&|RdrUYH24 zoPG9M!~0l`f&v>KE{WFzfWWjkW-FF3p^J`yzrUw9NVb6XJG9_j1NgZ2+*e>D^wBv_ z4cmDzCp_B{q~gX1EbK5rZGij1!K-x3R~zAG`N&sKY52`_!TD@{FyqS%*aj1^|V zc|ZKAgx4SF@ZrT((AyE*Nge{!t#pr#@0cbJn%r^G&4!M#2zlr8vXg0a9EDObXs$8hl5q8;IOh13Y6=j<~iNH0r!u|w={rN_6 z1GEz@_MljWVlRq^P#i|_1d69n97TcGz2rEG3n=iwkz7J?8O19o@F<3SfC9H-Y_CJQ zk@%B*fWw=OPlDr(jUP4y2zF-HAz629={rrk-}ZfB>HEVJ!yHk0oEA6b`c z;Wk+f{66RZzyCY`Irl%$n?I0V|C4CHYO|#Z@ay}-m98g_9k%C)T`7kv&l1DoUzOGo zK@?P3v8uD57ZD@~+e)~`rqh%v_6LP+WopUYZR}lF25TcOxk9VmM_iUlB?Ay1P4^-x zl&iGb$AGWaY8j$S&edv#-Db8{w8?WcO;F5{u%%C*%4AQ91@c_YG6|kFT8&7v<;eFGttvR|7EqUouPBB@|&t^4IV_yT#+x2!3o$O}bU3nFF@ zg@aV}`DwVjGoXg(d{9=iKiaa1ml^Hq%6ddLpt$9eHt45nR}k9pQMErv!y(!T2;>Xd zLEJBVWXYSzub;FuOc)xdH~OM|LbSGkC1&UfhQf3)`)=9*DQ6^o38`hv(zE5wV62bs zOy8PHwy>9H6_^$wTA(e_4`yvAMyx@(wQw;pF2(W=_RXS4$y(-gyGvG}VkL@IAYv&> zH|_KHsxgz#x2HRx`h2vFZE}0du?=cPVM1XB;jz+PSdQ~!X(@Zo-9oz9@7%>{e1POY zaBp`X4TJH{Xl`*xP6Y6H`RvvXbm5epSkicD3RaVb&8+xCUAu#Rs?b3&|CoJR-Ug$* zq~gxp=}6j+-YA}7$0{-bbFSh9*}-;IE+ISFla+G|lkgG5qj(PfhZeCLXS3KBl~v&A z@tm~n0HsHy_aUf|edwtIlGLigq9IfyF%@zUh%*AadN!AJR8DtEq8|me5@Tx{=FFp5eFOwgL-({FPj`Ah zB2b)%|DjbPn>d>peXSuwvMdD!#Xiz~EY_G;FnwTRMo5F;K$t!Th%W?|*0cad_l~CJ z%lCuALuf8~Ciz%&laW3S00S(7H!V=W8B#cDaZecB)XT0lEnPZAlQ#p6Syj5jd`8pn zgV_Wmp#;gSNlW2`p%6&cH!p9TBFUeD#GCQhYX)Cu z$iGkZsrQCem{bkN+vC36NWOrNE}G3W#em>Wlu4>k{H>Ug|74?pv=Mu zM$w8(3(H&c_4QLO*-0)?jb-s5Xb>iJze;<%L!s_qUx+>lwp{&)R8Cr|CJa^3tMhBN zBzl!I1EGtmAvNr~jd2XH1$su$q@{YoP>t)@oqZPL)5vu^TJnu;(&E`rKAB2Sq6+8U zXVw)P-Kz%z0r!faqS8~SKaJuA6fdH93B?%{{}6rku1?XTIaA!>=_@E^bd0Xqeq0<* znq3Bf$E3dCAT2}34itRGeTN$YY9GaQpUNn37V?Qlzl|k64{^cv*yvO6CuUImVZUxt z$>E^l-%pPt_#PBh0_)k;#OGPa28!EfSj@2(2bFINK2G-*;EJQ~?fOrb1sjRa-k(JO zX`tI+c@`D%0cEQX>@r_~dWl(V4gEQ=;7!zyi zct9Z$>TWl!Wy=rF6aSmAeFq=TdTS^pJ_AE5YHc>K^JLRrh9qI|wzL;m%t6wg5MB&44M z?2+icLmyemYi#?GjW%uj@JRH1cK*oh;hzCygU3uaBO`{Q>nxu$+DwT_&|`|-^q6#! z%h;U|y@IZPLBZSLQwH~>kO@R$uEft>upaLonChsJijb3!Mtw&+NXi#*boilQX7{|D z#m?7SS@43JO|+SFNEk5jpCTqsy99ua(QNjilFBxYx~qmn9m)_96?uR>Asp4=BVwp9 zBHV3ZXIy#gUq-E2icv{XOh+`xCczvhwJVle%|r-07RY2TjiwgpTChe8)7g16qGD%v zjCwL0xe)GZvR8H^pvN4#Be z-4+YDvi~@iX~WHe{~{*E!E8@u7u_1D?1*K0fQhbW!pI4VL&*(Td#yt@yl+NqjJPtH zyT-&G$;)&qd5IQ>?8!!}lCK#Z%sJ{ZDYGK>J>+?jtsSi>i+9`^aVn0UN=SzFx(*gZ z>`w?v;Zcb_HtH@_iWIj}tjtzQ6i37!aVVvVV~;s;>mve$TZCV#iwHW7GR{$cR7wOv z1f^mqtuIH1sf;+G9nTa})*-97rTVBelorM{od1*>r54kL6+E3i%;SgAEX5B9f9vqC z;yofA7DqA+LZ>)nipUXT#G=fL$k0lCBn?K{pfnsYCED2}ln7zmTKKP2pv^;)E;@5W zy8XK((CiggI;Q4ENX^tZP@kZk;#NVChopnjrm4S!WKg(Q+A0i^q(<|nHELtU$FsL` z&&R}(J#mh&=$n=tu#!F`C*lCMZ7_6)kLNe*yPP|%^{iwDop%xU&KfoiCJ)B zK}J6RfAwchGLtfQD9x^gL`GWwYDk`G-I||Fq{}IzvLJ5#s-Mr(c%XT+8VbAd;IP{t zQr#^7L^V5g;`?MZTlQ?DC6*Ez=~!=#?igkgM#sCtHkvfc&8+qLt5$ zh-5oEduk^!u#D49&i7Hz7v(Robb)O@y=>SSKPe?G_|w;VzRc6_pcCKhjQ;+9wNIe} ztS|A6?dNDKL-8#Tp7dKg0(BsW-$(GAd~0WjnW%rzSIkdFxIe@U-C?yiX6p?0?Ncf4 zj1ozf!#-YeS*%j$nt%J9byQY=5UT9m|d8bDY*XK*uvW%d)mM^2mjn-===C%~++8k$_C|zqo>$oU`W;_M0 zn?c%Xz~$s zz0lk)O4lo#8(O97jojKQgXV^40_%-bb9;+)BcrgrQM%zJSZeJ)`d+4?Lx(>imPD1$E zR^JaBzrSj|SOf&^?DwxNgy)r#3n#>EY;W)H-#_))j?>1aF=Hs~hZi|IoBihXnC_Z&Xd#?N!VNbqwC%fxyD{FoGp0p4l YmYb3w&izEh;wN`UUw`{0V!+Y-KR|W;ZvX%Q diff --git a/py_app/app/__pycache__/settings.cpython-312.pyc b/py_app/app/__pycache__/settings.cpython-312.pyc index b5f7fbfc703a6ede9f99493451a94f77a57ff60b..18658835fba24d6295087a2f6727311eb3c5fe08 100644 GIT binary patch delta 2824 zcma);du&tJ8Nko+^>zHZe#EhT6UWJQ5|X&25e<-p)DXxE2qYazfOQ3>p05Le5NFp8 z5OYoTM>mBjQj#4_WChxEqbx0ZWUDqIb((_IqDWoWYncrTbt{$n|4d*~7j1OkxsDez z`p1ss?|$ceuj6y>`JMaVD*pTLvE?Ibnj+PRZ8uIc*1(Qr(V-XKT1EAg8o-d)DO z1xb7THmMDs5-lNVsrU(5>V8rGQ&9bS={kATU5no)r3ZH7ci%gH;0o4+5J}=9O^o@W z-Az938q^M>n;KHTw}JeQ7sw|X1H;6u#O(7rbz;Fy4dj8A(2Dv5E8|mk;;S#Qb)e%* z2pt1sLYF9z8M1qO5ic5K-4M=2U~~c{^m0Kqq7Wil*CPxGqioC$55aKF`miZsmd()j zLQ+mPTtT8yHmQ=kg08U%i>yE8%+4lX%9fir+sA0ST#Kgt@Y|zBvL14kLM}^odR3xH z*2xxGJH%{EQD#MRoC7Czx(q_p|IsLNvQD(b+_@^UK34%|W4*@6TG2M7-AFS18wk}9 zp{7hLYfgFS0%<#gFf>h>2;x)Rol)_x?a&vW=3I?ud}&SAeh?&}Yp4GY1M5kZQKgoUxNbY?gj z9gd7fg0_2k&3>(pw?TeU&D8q%i!hQCc6xL70>92v~c zS(J*Xb$}YI8B7>P6v1TNp84LzgNk#<;{wM1 zVn&bbWefJCtzwSLn7}_{L!4u#_fjwTm)gMJ;hwL(zI9d4aAP>LnJz$P8!~V+rc0)2E=@|h951BZo^)~jVq!6(>^yY0@33-YDAjjDIdoDv zIjXoL4_SscK0=Jm1ceNyFCQDp&ky=HZSUgHZCghG9(OoHR}*u`D;p0e_mgxhM=u>K`t*qlvCkrc?!Nm0AF;F$j65e0i6|d^=JlNSjpt5RkG53W)k;|^zC&#rJfq($8!XF` ztU`6)K-v4?QwMiV^!qBxo@WDJ!=(p$%Z%lcMRD)EtKXHb^#82&t=3fKw!hf6&$rJy zW)BgUV%t8&f_R2tF87oPjI*a&WF}q%86M zA1o=I|4z~-%$X=ld|$_s>gx_=Q*+9euvD^Xif!g%{O`nAHJQuB zol$dgkjn|iC7Y#PZCSah*n(1vQ%e+z=1xxXQf8btxy?&XVm{C$KTUxmCm>w}GPj5Y zL@b!R$IF^yA&{xbQM73Ce=iM|#X!#FdoHq*J-ihdmv7GWp3TUr$>^u4I{917R< + {% if session.get('role') == 'superadmin' %} + {% endif %} diff --git a/py_app/app/templates/role_permissions.html b/py_app/app/templates/role_permissions.html index 735880d..5d03e90 100644 --- a/py_app/app/templates/role_permissions.html +++ b/py_app/app/templates/role_permissions.html @@ -5,345 +5,178 @@ {% block head %} {% endblock %} {% block content %}
-
-

Role Permissions Management

-

Configure granular access permissions for each role in the system

+
+

+ 🔐 Role Permissions Management +

+

+ Configure granular access permissions for each role in the system +

- -
- {% for role_name, role_data in roles.items() %} -
-
{{ role_data.display_name }}
- Level {{ role_data.level }} -
- {% endfor %} -
- - {% for role_name, role_data in roles.items() %} -
- - -
-

{{ role_data.display_name }} Permissions Summary

-

{{ role_data.description }}

-
-
-
0
-
Total Permissions
-
-
-
0
-
Granted
-
-
-
0
-
Denied
-
-
-
- - -
- {% for page_key, page_data in pages.items() %} -
-
- - - {{ page_data.name }} - - 0/0 -
-
- {% for section_key, section_data in page_data.sections.items() %} -
-
- - - {{ section_data.name }} - - 0/{{ section_data.actions|length }} -
-
-
- {% for action in section_data.actions %} -
-
-
- {% if action == 'view' %}👁{% elif action == 'create' %}➕{% elif action == 'edit' %}✏️{% elif action == 'delete' %}🗑{% elif action == 'upload' %}📤{% elif action == 'download' %}📥{% elif action == 'export' %}📊{% elif action == 'import' %}📈{% endif %} -
- {{ action_names.get(action, action) }} + +
+ + + + + + + + + + + {% set current_role = '' %} + {% set current_module = '' %} + {% for role_name, role_data in roles.items() %} + {% for page_key, page_data in pages.items() %} + {% for section_key, section_data in page_data.sections.items() %} + + + {% if current_role != role_name %} + {% set current_role = role_name %} + + + + {% endif %} + + + {% if current_module != page_key %} + {% set current_module = page_key %} + + + + + {% endif %} + + + + + + + + {% endfor %} + {% set current_module = '' %} {% endfor %} - - - {% endfor %} - + {% endfor %} + +
👤 Role Name🏢 Module Name📄 Page Name⚙️ Functions & Permissions
+
+ {{ role_data.display_name }} (Level {{ role_data.level }})
- +
+
+ {{ page_data.name }} +
+
+
+ 👤 + {{ role_data.display_name }}
- {% endfor %} - - - + 		+ {{ page_data.name }} + +
+ 📋 + {{ section_data.name }} +
+ 		+
+ {% for action in section_data.actions %} + {% set permission_key = page_key + '.' + section_key + '.' + action %} +
+ + {{ action_names[action] }} +
+ {% endfor %} +
+
+
- + +
- - - + +
- {% endfor %}
{% endblock %} \ No newline at end of file diff --git a/py_app/documentation.md b/py_app/documentation.md index 4398313..46a17e7 100644 --- a/py_app/documentation.md +++ b/py_app/documentation.md @@ -1,198 +1,422 @@ -Here is the content for the `documentation.md` file that explains the functionality of the application: +# Quality Control Management System - Documentation + +## Table of Contents +1. [Login System](#login-system) +2. [Dashboard System](#dashboard-system) +3. [User Authentication](#user-authentication) +4. [Role-Based Access Control](#role-based-access-control) --- -### Documentation for Quality Recticel Application +## Login System + +### Overview +The Quality Control Management System features a dual-database authentication system that provides flexible user management and robust access control. The login system supports both internal SQLite database users and external MariaDB database users. + +### Authentication Flow + +#### 1. Login Page Access +- **URL**: `/login` +- **Template**: `login.html` +- **Methods**: `GET`, `POST` + +#### 2. User Interface +The login page features: +- **Company Logo**: Displayed prominently on the left side +- **Login Form**: Clean, centered form on the right side +- **Required Fields**: + - Username (text input) + - Password (password input) +- **Responsive Design**: Adapts to different screen sizes + +#### 3. Authentication Methods + +##### Internal Database Authentication +Users can access the system using the internal SQLite database by prefixing their username with `#`: + +**Format**: `#username` +**Example**: `#admin` for internal admin user + +**Database Details**: +- **Location**: `py_app/instance/users.db` +- **Table**: `users` +- **Schema**: `username, password, role` +- **Use Case**: System administrators, fallback authentication + +##### External Database Authentication +Standard authentication uses the external MariaDB database: + +**Format**: `username` (no prefix) +**Example**: `john.doe` for external user + +**Database Details**: +- **Type**: MariaDB +- **Configuration**: Loaded from `external_database_settings` +- **Table**: `users` +- **Schema**: `username, password, role` +- **Use Case**: Regular operational users + +#### 4. Authentication Logic + +```python +# Authentication Process Flow +if username.startswith('#'): + # Internal SQLite Database Authentication + username_clean = username[1:].strip() + # Query: py_app/instance/users.db + +else: + # External MariaDB Database Authentication + # Primary: External database query + # Fallback: Internal database if external fails +``` + +#### 5. Security Features + +##### Input Validation +- **Required Fields**: Both username and password must be provided +- **Sanitization**: Automatic trimming of whitespace +- **Error Handling**: Clear error messages for invalid inputs + +##### Database Connection Security +- **Dual Fallback**: External database with internal fallback +- **Error Isolation**: Database errors don't expose system details +- **Connection Management**: Proper connection opening/closing + +##### Session Management +- **Secure Sessions**: User credentials stored in Flask session +- **Role Tracking**: User role preserved for authorization +- **Session Data**: + - `session['user']`: Username + - `session['role']`: User role + +#### 6. User Roles + +The system supports multiple user roles with different access levels: + +- **superadmin**: Full system access, all modules and administrative functions +- **admin**: Administrative access with some limitations +- **quality**: Quality control module access +- **warehouse**: Warehouse management module access +- **scan**: Scanning operations access +- **etichete**: Label management access +- **management**: Management reporting and oversight + +#### 7. Login Process + +1. **User Navigation**: User accesses `/login` URL +2. **Form Display**: Login form rendered with company branding +3. **Credential Submission**: User enters username/password and submits +4. **Authentication Check**: + - Internal users: Check SQLite database + - External users: Check MariaDB database with SQLite fallback +5. **Session Creation**: Valid credentials create user session +6. **Redirect**: Successful login redirects to `/dashboard` +7. **Error Handling**: Invalid credentials display error message + +#### 8. Error Messages + +- **Missing Credentials**: "Please enter both username and password." +- **Invalid Credentials**: "Invalid credentials. Please try again." +- **Database Errors**: Handled gracefully with fallback mechanisms + +#### 9. Post-Login Behavior + +After successful authentication: +- **Session Establishment**: User session created with username and role +- **Dashboard Redirect**: User redirected to main dashboard +- **Access Control**: Role-based permissions applied throughout system +- **Navigation**: Header displays logged-in user information + +#### 10. Security Considerations + +##### Password Security +- **Storage**: Passwords stored in plaintext (consider encryption upgrade) +- **Transmission**: Form-based submission over HTTPS recommended +- **Session**: Password not stored in session, only username/role + +##### Database Security +- **Connection Strings**: External database settings in separate config +- **Error Handling**: Database errors logged but not exposed to users +- **Fallback System**: Ensures availability even if external database fails + +### Technical Implementation + +#### Frontend Components +- **Template**: `templates/login.html` +- **Styling**: Login-specific CSS in `static/style.css` +- **Assets**: Company logo (`static/logo_login.jpg`) + +#### Backend Components +- **Route Handler**: `@bp.route('/login', methods=['GET', 'POST'])` +- **Database Connections**: SQLite and MariaDB integration +- **Session Management**: Flask session handling +- **Error Handling**: Comprehensive exception management + +#### Configuration Files +- **External Database**: Configuration loaded from `external_database_settings` +- **Internal Database**: SQLite database in `instance/users.db` + +### Usage Examples + +#### Standard User Login +``` +Username: john.doe +Password: userpassword +Result: Queries external MariaDB database +``` + +#### Internal Admin Login +``` +Username: #admin +Password: adminpassword +Result: Queries internal SQLite database +``` + +#### System Administrator Login +``` +Username: #superadmin +Password: superpass +Result: Internal database, full system access +``` --- -#### **Overview** -The Quality Recticel application is a web-based system designed to manage and monitor quality control processes, user roles, and database interactions. It includes modules for scanning, quality assurance, warehouse management, and administrative settings. +## Dashboard System + +### Overview +The dashboard serves as the central hub of the Quality Control Management System, providing authenticated users with access to various system modules based on their assigned roles. It features a clean, card-based interface that displays available modules and ensures proper access control. + +### Dashboard Access + +#### 1. Dashboard Page Access +- **URL**: `/dashboard` +- **Template**: `dashboard.html` +- **Methods**: `GET` +- **Authentication Required**: Yes (redirects to login if not authenticated) + +#### 2. User Interface Design + +The dashboard features a modern, responsive card-based layout: +- **Container**: Full-width responsive grid layout +- **Module Cards**: Individual cards for each system module +- **Visual Hierarchy**: Clear headings, descriptions, and call-to-action buttons +- **Responsive Design**: Adapts to different screen sizes and devices + +#### 3. Available Modules + +##### Scanning Module +- **Card Title**: "Access Scanning Module" +- **Description**: "Final scanning module for production orders" +- **Button**: "Launch Scanning Module" +- **Route**: `/scan` +- **Required Roles**: `superadmin`, `scan` +- **Purpose**: Quality control scanning operations for production orders + +##### Reports Module (Quality) +- **Card Title**: "Access Reports Module" +- **Description**: "Module for verification and quality settings configuration" +- **Button**: "Launch Reports Module" +- **Route**: `/quality` +- **Required Roles**: `superadmin`, `quality` +- **Purpose**: Quality reporting, defects analysis, and quality control reports + +##### Warehouse Module +- **Card Title**: "Access Warehouse Module" +- **Description**: "Access warehouse module functionalities" +- **Button**: "Open Warehouse" +- **Route**: `/warehouse` +- **Required Roles**: `superadmin`, `warehouse` +- **Purpose**: Warehouse management operations and inventory control + +##### Labels Module +- **Card Title**: "Access Labels Module" +- **Description**: "Module for label management" +- **Button**: "Launch Labels Module" +- **Route**: `/etichete` +- **Required Roles**: `superadmin`, `etichete` +- **Purpose**: Label creation, template management, and printing operations + +##### Settings Module +- **Card Title**: "Manage Settings" +- **Description**: "Access and manage application settings" +- **Button**: "Access Settings Page" +- **Route**: `/settings` +- **Required Roles**: `superadmin` only +- **Purpose**: System configuration, user management, and administrative settings + +#### 4. Access Control Logic + +The dashboard implements role-based access control at both the display and route levels: + +##### Frontend Display Control +All module cards are displayed to all authenticated users, but access is controlled at the route level. + +##### Backend Route Protection +Each module route implements permission checking: + +```python +# Quality Module Access Control +@bp.route('/quality') +def quality(): + if 'role' not in session or session['role'] not in ['superadmin', 'quality']: + flash('Access denied: Quality users only.') + return redirect(url_for('main.dashboard')) + +# Warehouse Module Access Control +@bp.route('/warehouse') +def warehouse(): + if 'role' not in session or session['role'] not in ['superadmin', 'warehouse']: + flash('Access denied: Warehouse users only.') + return redirect(url_for('main.dashboard')) + +# Scanning Module Access Control +@bp.route('/scan') +def scan(): + if 'role' not in session or session['role'] not in ['superadmin', 'scan']: + flash('Access denied: Scan users only.') + return redirect(url_for('main.dashboard')) + +# Labels Module Access Control +@bp.route('/etichete') +def etichete(): + if 'role' not in session or session['role'] not in ['superadmin', 'etichete']: + flash('Access denied: Etichete users only.') + return redirect(url_for('main.dashboard')) + +# Settings Module Access Control (Superadmin Only) +def settings_handler(): + if 'role' not in session or session['role'] != 'superadmin': + flash('Access denied: Superadmin only.') + return redirect(url_for('main.dashboard')) +``` + +#### 5. User Experience Flow + +1. **Authentication Check**: User must be logged in to access dashboard +2. **Dashboard Display**: All module cards shown regardless of role +3. **Module Selection**: User clicks on desired module button +4. **Permission Validation**: System checks user role against module requirements +5. **Access Grant/Deny**: + - **Authorized**: User redirected to module interface + - **Unauthorized**: Error message displayed, user remains on dashboard + +#### 6. Session Management + +The dashboard relies on Flask session management: +- **Session Check**: `if 'user' not in session` validates authentication +- **Role Access**: `session['role']` determines module permissions +- **Debug Logging**: Session information logged for troubleshooting + +#### 7. Error Handling + +##### Authentication Errors +- **Unauthenticated Users**: Automatic redirect to login page +- **Session Timeout**: Redirect to login with appropriate messaging + +##### Authorization Errors +- **Insufficient Permissions**: Flash message with specific role requirements +- **Access Denied**: User returned to dashboard with error notification +- **Clear Messaging**: Specific error messages indicate required permissions + +#### 8. Security Features + +##### Session Security +- **Authentication Required**: All dashboard access requires valid session +- **Role Validation**: Each module validates user role before access +- **Automatic Redirect**: Unauthorized access redirected safely + +##### Access Control +- **Principle of Least Privilege**: Users only access modules for their role +- **Superadmin Override**: Superadmin role has access to all modules +- **Route-Level Protection**: Backend validation prevents unauthorized access + +#### 9. Module Descriptions + +##### Quality Reports Module +- **Primary Function**: Generate quality control reports and analytics +- **Key Features**: + - Daily, weekly, and custom date range reports + - Quality defects analysis and tracking + - Export capabilities (CSV format) + - Database testing tools (superadmin only) + +##### Scanning Module +- **Primary Function**: Production order scanning and quality validation +- **Key Features**: + - Barcode/QR code scanning interface + - Real-time quality validation + - Production order processing + +##### Warehouse Module +- **Primary Function**: Warehouse operations and inventory management +- **Key Features**: + - Inventory tracking and management + - Location management + - Warehouse reporting + +##### Labels Module +- **Primary Function**: Label design, generation, and printing +- **Key Features**: + - Label template creation and management + - Dynamic label generation + - Print management system + +##### Settings Module +- **Primary Function**: System administration and configuration +- **Key Features**: + - User account management + - Role and permission configuration + - Database settings management + - System configuration options + +#### 10. Technical Implementation + +##### Frontend Components +- **Template**: `templates/dashboard.html` +- **Styling**: Dashboard-specific CSS classes in `static/style.css` +- **Layout**: CSS Grid/Flexbox responsive card layout +- **Navigation**: Base template integration with header/footer + +##### Backend Components +- **Route Handler**: `@bp.route('/dashboard')` +- **Session Management**: Flask session integration +- **Authentication Check**: User session validation +- **Logging**: Debug output for troubleshooting + +##### Styling Classes +- `.dashboard-container`: Main container with responsive grid +- `.dashboard-card`: Individual module cards +- `.btn`: Standardized button styling +- Responsive breakpoints for mobile/tablet adaptation + +### Usage Examples + +#### Superadmin User Dashboard Access +``` +Role: superadmin +Available Modules: All (Scanning, Quality, Warehouse, Labels, Settings) +Special Access: Settings module exclusive access +``` + +#### Quality Control User Dashboard Access +``` +Role: quality +Available Modules: Quality Reports module only +Restricted Access: Cannot access other modules +``` + +#### Multi-Role Access Example +``` +Role: warehouse +Available Modules: Warehouse module only +Access Pattern: Click → Permission Check → Module Access +``` --- -### **Features** +*This documentation covers the dashboard system implementation. For specific module details, see their respective documentation sections.* -#### 1. **User Management** -- **Roles**: - - `superadmin`: Full access to all features and settings. - - `administrator`: Limited administrative access. - - `quality`: Access to quality assurance features. - - `warehouse`: Access to warehouse management features. - - `scan`: Access to scanning features. -- **Functionalities**: - - Create, edit, and delete users. - - Assign roles to users. - - Manage user credentials. -#### 2. **Scan Module** -- **Input Form**: - - Allows users to input scan data, including: - - Operator Code - - CP Code - - OC1 Code - - OC2 Code - - Defect Code - - Date and Time -- **Latest Scans Table**: - - Displays the last 15 scans with details such as: - - Approved Quantity - - Rejected Quantity - - Data is dynamically fetched from the database. -#### 3. **Quality Module** -- Provides tools for quality assurance personnel to monitor and manage quality-related data. -#### 4. **Warehouse Module** -- Enables warehouse personnel to manage inventory and related processes. - -#### 5. **Settings Module** -- **External Database Configuration**: - - Allows the `superadmin` to configure external database settings, including: - - Server Domain/IP - - Port - - Database Name - - Username and Password -- **User Management**: - - Provides an interface to manage users and their roles. - ---- - -### **Database Structure** - -#### **Table: `scan1_orders`** -- **Columns**: - - `Id`: Auto-incremented primary key. - - `operator_code`: Operator code (4 characters). - - `CP_full_code`: Full CP code (15 characters, unique). - - `OC1_code`: OC1 code (4 characters). - - `OC2_code`: OC2 code (4 characters). - - `CP_base_code`: Auto-generated base code (first 10 characters of `CP_full_code`). - - `quality_code`: Quality code (3 digits). - - `date`: Date in `yyyy-mm-dd` format. - - `time`: Time in `hh:mm:ss` format. - - `approved_quantity`: Number of approved items (calculated dynamically). - - `rejected_quantity`: Number of rejected items (calculated dynamically). - -#### **Triggers** -- **`increment_approved_quantity`**: - - Updates `approved_quantity` based on the number of rows with the same `CP_base_code` and `quality_code = 000`. -- **`increment_rejected_quantity`**: - - Updates `rejected_quantity` based on the number of rows with the same `CP_base_code` and `quality_code != 000`. - ---- - -### **Key Files** - -#### 1. **`run.py`** -- Entry point for the application. -- Starts the Flask server. - -#### 2. **`routes.py`** -- Defines the routes and logic for the application. -- Handles user authentication, form submissions, and database interactions. - -#### 3. **`models.py`** -- Defines the `User` model for managing user data. - -#### 4. **`create_scan_1db.py`** -- Script to create the `scan1_orders` table in the database. - -#### 5. **`create_triggers.py`** -- Script to create database triggers for dynamically updating `approved_quantity` and `rejected_quantity`. - -#### 6. **`seed.py`** -- Seeds the database with default users. - -#### 7. **Templates** -- **`scan.html`**: - - Interface for the Scan Module. -- **`settings.html`**: - - Interface for managing users and external database settings. - ---- - -### **How to Run the Application** - -1. **Set Up the Environment**: - - Install dependencies: - ```bash - pip install flask mariadb - ``` - -2. **Configure the Database**: - - Update the `external_server.conf` file with the correct database credentials. - -3. **Create the Database and Triggers**: - - Run the create_scan_1db.py script: - ```bash - python py_app/app/db_create_scripts/create_scan_1db.py - ``` - - Run the create_triggers.py script: - ```bash - python py_app/app/db_create_scripts/create_triggers.py - ``` - -4. **Seed the Database**: - - Run the seed.py script: - ```bash - python py_app/seed.py - ``` - -5. **Start the Application**: - - Run the run.py file: - ```bash - python py_app/run.py - ``` - -6. **Access the Application**: - - Open a browser and navigate to: - ``` - http://127.0.0.1:5000 - ``` - ---- - -### **Troubleshooting** - -1. **Database Connection Issues**: - - Ensure the `external_server.conf` file is correctly configured. - - Verify that the database server is running. - -2. **Trigger Errors**: - - Check the trigger definitions in the database using: - ```sql - SHOW TRIGGERS; - ``` - -3. **Form Submission Errors**: - - Verify that all required fields in the form are filled out. - -4. **Permission Issues**: - - Ensure the user has the correct role for accessing specific modules. - ---- - -### **Future Enhancements** -- Add detailed logging for debugging. -- Implement role-based access control for more granular permissions. -- Add support for exporting scan data to CSV or Excel. - ---- - -Save this content as `documentation.md` in the root directory of your project.3. **Form Submission Errors**: - - Verify that all required fields in the form are filled out. - -4. **Permission Issues**: - - Ensure the user has the correct role for accessing specific modules. - ---- - -### **Future Enhancements** -- Add detailed logging for debugging. -- Implement role-based access control for more granular permissions. -- Add support for exporting scan data to CSV or Excel. - ---- - -Save this content as `documentation.md` in the root directory of your project. \ No newline at end of file