updated control access

2025-10-16 02:36:32 +03:00
parent 50c791e242
commit c96039542d
266 changed files with 32656 additions and 9 deletions
--- a/py_app/app/routes.py
+++ b/py_app/app/routes.py
@@ -32,10 +32,8 @@ bp = Blueprint('main', __name__)
 warehouse_bp = Blueprint('warehouse', __name__)

@bp.route('/main_scan')
+@requires_quality_module
 def main_scan():
-    if 'role' not in session or session['role'] not in ['superadmin', 'admin', 'administrator', 'scan']:
-        flash('Access denied: Scan users only.')
-        return redirect(url_for('main.dashboard'))
    return render_template('main_page_scan.html')

@bp.route('/', methods=['GET', 'POST'])
@@ -386,6 +384,58 @@ def delete_user_simple():
        flash('Error deleting user.')
        return redirect(url_for('main.user_management_simple'))

+@bp.route('/quick_update_modules', methods=['POST'])
+@admin_plus
+def quick_update_modules():
+    """Quick update of user modules without changing other details"""
+    try:
+        user_id = request.form.get('user_id')
+        modules = request.form.getlist('modules')
+        
+        if not user_id:
+            flash('User ID is required.')
+            return redirect(url_for('main.user_management_simple'))
+        
+        # Get current user to validate role
+        conn = get_db_connection()
+        cursor = conn.cursor()
+        cursor.execute("SELECT username, role FROM users WHERE id=%s", (user_id,))
+        user_row = cursor.fetchone()
+        
+        if not user_row:
+            flash('User not found.')
+            conn.close()
+            return redirect(url_for('main.user_management_simple'))
+        
+        username, role = user_row
+        
+        # Validate modules for the role
+        from app.permissions_simple import validate_user_modules
+        is_valid, error_msg = validate_user_modules(role, modules)
+        if not is_valid:
+            flash(f'Invalid module assignment: {error_msg}')
+            conn.close()
+            return redirect(url_for('main.user_management_simple'))
+        
+        # Prepare modules JSON
+        modules_json = None
+        if modules and role in ['manager', 'worker']:
+            import json
+            modules_json = json.dumps(modules)
+        
+        # Update modules only
+        cursor.execute("UPDATE users SET modules=%s WHERE id=%s", (modules_json, user_id))
+        conn.commit()
+        conn.close()
+        
+        flash(f'Modules updated successfully for user "{username}".')
+        return redirect(url_for('main.user_management_simple'))
+        
+    except Exception as e:
+        print(f"Error updating modules: {e}")
+        flash('Error updating modules.')
+        return redirect(url_for('main.user_management_simple'))
+
@bp.route('/reports')
@requires_quality_module
 def reports():
@@ -499,10 +549,8 @@ def logout():

 # Finish Goods Scan Route
@bp.route('/fg_scan', methods=['GET', 'POST'])
+@requires_quality_module
 def fg_scan():
-    if 'role' not in session or session['role'] not in ['superadmin', 'administrator', 'admin', 'scan']:
-        flash('Access denied: Scan users only.')
-        return redirect(url_for('main.dashboard'))

    if request.method == 'POST':
        # Handle form submission