updated control access

2025-10-16 02:36:32 +03:00
parent 50c791e242
commit c96039542d
266 changed files with 32656 additions and 9 deletions
--- a/py_app/app/access_control.py
+++ b/py_app/app/access_control.py
@@ -0,0 +1,90 @@
+"""
+Simple access control decorators for the 4-tier system
+"""
+from functools import wraps
+from flask import session, redirect, url_for, flash, request
+from .permissions_simple import check_access, ROLES
+
+def requires_role(min_role_level=None, required_modules=None, page=None):
+    """
+    Simple role-based access decorator
+    
+    Args:
+        min_role_level (int): Minimum role level required (50, 70, 90, 100)
+        required_modules (list): Required modules for access
+        page (str): Page name for automatic access checking
+    """
+    def decorator(f):
+        @wraps(f)
+        def decorated_function(*args, **kwargs):
+            # Check if user is logged in
+            if 'user' not in session:
+                flash('Please log in to access this page.')
+                return redirect(url_for('main.login'))
+            
+            user_role = session.get('role')
+            user_modules = session.get('modules', [])
+            
+            # If page is specified, use automatic access checking
+            if page:
+                if not check_access(user_role, user_modules, page):
+                    flash('Access denied: You do not have permission to access this page.')
+                    return redirect(url_for('main.dashboard'))
+                return f(*args, **kwargs)
+            
+            # Manual role level checking
+            if min_role_level:
+                user_level = ROLES.get(user_role, {}).get('level', 0)
+                if user_level < min_role_level:
+                    flash('Access denied: Insufficient privileges.')
+                    return redirect(url_for('main.dashboard'))
+            
+            # Module requirement checking
+            if required_modules:
+                if user_role in ['superadmin', 'admin']:
+                    # Superadmin and admin have access to all modules
+                    pass
+                else:
+                    if not any(module in user_modules for module in required_modules):
+                        flash('Access denied: You do not have access to this module.')
+                        return redirect(url_for('main.dashboard'))
+            
+            return f(*args, **kwargs)
+        return decorated_function
+    return decorator
+
+def superadmin_only(f):
+    """Decorator for superadmin-only pages"""
+    return requires_role(min_role_level=100)(f)
+
+def admin_plus(f):
+    """Decorator for admin and superadmin access"""
+    return requires_role(min_role_level=90)(f)
+
+def manager_plus(f):
+    """Decorator for manager, admin, and superadmin access"""
+    return requires_role(min_role_level=70)(f)
+
+def requires_quality_module(f):
+    """Decorator for quality module access"""
+    return requires_role(required_modules=['quality'])(f)
+
+def requires_warehouse_module(f):
+    """Decorator for warehouse module access"""
+    return requires_role(required_modules=['warehouse'])(f)
+
+def requires_labels_module(f):
+    """Decorator for labels module access"""
+    return requires_role(required_modules=['labels'])(f)
+
+def quality_manager_plus(f):
+    """Decorator for quality module manager+ access"""
+    return requires_role(min_role_level=70, required_modules=['quality'])(f)
+
+def warehouse_manager_plus(f):
+    """Decorator for warehouse module manager+ access"""
+    return requires_role(min_role_level=70, required_modules=['warehouse'])(f)
+
+def labels_manager_plus(f):
+    """Decorator for labels module manager+ access"""
+    return requires_role(min_role_level=70, required_modules=['labels'])(f)