updated permissions

2025-09-14 21:26:29 +03:00
parent 87938e7459
commit 8a7aa193dc
7 changed files with 957 additions and 794 deletions
--- a/py_app/app/routes.py
+++ b/py_app/app/routes.py
@@ -9,14 +9,16 @@ from reportlab.pdfgen import canvas
 from flask import Blueprint, render_template, request, redirect, url_for, flash
 import csv
 from .warehouse import add_location
-from .settings import (
-    settings_handler, 
+from app.settings import (
+    settings_handler,
    role_permissions_handler,
    save_role_permissions_handler,
    reset_role_permissions_handler,
-    create_user_handler, 
-    edit_user_handler, 
-    delete_user_handler, 
+    save_all_role_permissions_handler,
+    reset_all_role_permissions_handler,
+    edit_user_handler,
+    create_user_handler,
+    delete_user_handler,
    save_external_db_handler
 )

@@ -278,6 +280,107 @@ def save_external_db():
 def role_permissions():
    return role_permissions_handler()

+@bp.route('/test_permissions')
+def test_permissions():
+    from app.settings import role_permissions_handler
+    from flask import render_template, session, redirect, url_for, flash
+    from app.permissions import APP_PERMISSIONS, ACTIONS
+    
+    # Check if superadmin
+    if not session.get('role') == 'superadmin':
+        flash('Access denied: Superadmin only.')
+        return redirect(url_for('main.dashboard'))
+    
+    try:
+        # Get the same data as role_permissions_handler
+        from app.settings import get_external_db_connection
+        
+        conn = get_external_db_connection()
+        cursor = conn.cursor()
+        
+        # Get roles from role_hierarchy table
+        cursor.execute("SELECT role_name, display_name, description, level FROM role_hierarchy ORDER BY level DESC")
+        role_data = cursor.fetchall()
+        
+        roles = {}
+        for role_name, display_name, description, level in role_data:
+            roles[role_name] = {
+                'display_name': display_name,
+                'description': description,
+                'level': level
+            }
+        
+        conn.close()
+        
+        return render_template('test_permissions.html', 
+                             roles=roles,
+                             pages=APP_PERMISSIONS,
+                             action_names=ACTIONS)
+        
+    except Exception as e:
+        return f"Error: {e}"
+
+@bp.route('/role_permissions_simple')
+def role_permissions_simple():
+    # Use the same handler but different template
+    from app.settings import get_external_db_connection
+    from flask import render_template, session, redirect, url_for, flash
+    from app.permissions import APP_PERMISSIONS, ACTIONS
+    import json
+    
+    # Check if superadmin
+    if not session.get('role') == 'superadmin':
+        flash('Access denied: Superadmin only.')
+        return redirect(url_for('main.dashboard'))
+    
+    try:
+        # Get roles and their current permissions
+        conn = get_external_db_connection()
+        cursor = conn.cursor()
+        
+        # Get roles from role_hierarchy table
+        cursor.execute("SELECT role_name, display_name, description, level FROM role_hierarchy ORDER BY level DESC")
+        role_data = cursor.fetchall()
+        
+        roles = {}
+        for role_name, display_name, description, level in role_data:
+            roles[role_name] = {
+                'display_name': display_name,
+                'description': description,
+                'level': level
+            }
+        
+        # Get current role permissions
+        cursor.execute("""
+            SELECT role, permission_key 
+            FROM role_permissions 
+            WHERE granted = TRUE
+        """)
+        permission_data = cursor.fetchall()
+        
+        role_permissions = {}
+        for role, permission_key in permission_data:
+            if role not in role_permissions:
+                role_permissions[role] = []
+            role_permissions[role].append(permission_key)
+        
+        conn.close()
+        
+        # Convert to JSON for JavaScript
+        permissions_json = json.dumps(APP_PERMISSIONS)
+        role_permissions_json = json.dumps(role_permissions)
+        
+        return render_template('role_permissions_simple.html', 
+                             roles=roles,
+                             pages=APP_PERMISSIONS,
+                             action_names=ACTIONS,
+                             permissions_json=permissions_json,
+                             role_permissions_json=role_permissions_json)
+        
+    except Exception as e:
+        flash(f'Error loading role permissions: {e}')
+        return redirect(url_for('main.dashboard'))
+
@bp.route('/settings/save_role_permissions', methods=['POST'])
 def save_role_permissions():
    return save_role_permissions_handler()
@@ -286,6 +389,14 @@ def save_role_permissions():
 def reset_role_permissions():
    return reset_role_permissions_handler()

+@bp.route('/settings/save_all_role_permissions', methods=['POST'])
+def save_all_role_permissions():
+    return save_all_role_permissions_handler()
+
+@bp.route('/settings/reset_all_role_permissions', methods=['POST'])  
+def reset_all_role_permissions():
+    return reset_all_role_permissions_handler()
+
@bp.route('/get_report_data', methods=['GET'])
 def get_report_data():
    report = request.args.get('report')
@@ -683,6 +794,13 @@ def debug_dates():
@bp.route('/test_database', methods=['GET'])
 def test_database():
    """Test database connection and query the scan1_orders table"""
+    # Check if user has superadmin permissions
+    if 'role' not in session or session['role'] != 'superadmin':
+        return jsonify({
+            "success": False,
+            "error": "Access denied: Superadmin permissions required for database testing."
+        }), 403
+    
    try:
        print("DEBUG: Testing database connection...")
        conn = get_db_connection()