created user settings in the settings page

2025-04-17 10:00:46 +03:00
parent db465d6e4e
commit d3b29052e8
16 changed files with 478 additions and 28 deletions
--- a/py_app/app/routes.py
+++ b/py_app/app/routes.py
@@ -1,17 +1,18 @@
 from flask import Blueprint, render_template, redirect, url_for, request, flash, session
+from .models import User
+from . import db

 bp = Blueprint('main', __name__)

-# Dummy user data
-users = {"admin@home.com": "1234"}
-
@bp.route('/login', methods=['GET', 'POST'])
 def login():
    if request.method == 'POST':
-        email = request.form['email']
+        username = request.form['username']
        password = request.form['password']
-        if email in users and users[email] == password:
-            session['user'] = email
+        user = User.query.filter_by(username=username, password=password).first()
+        if user:
+            session['user'] = user.username
+            session['role'] = user.role
            return redirect(url_for('main.dashboard'))
        else:
            flash('Invalid credentials. Please try again.')
@@ -23,11 +24,108 @@ def dashboard():
        return redirect(url_for('main.login'))
    return render_template('dashboard.html')

+@bp.route('/settings')
+def settings():
+    if 'role' not in session or session['role'] != 'superadmin':
+        flash('Access denied: Superadmin only.')
+        return redirect(url_for('main.dashboard'))
+    
+    # Fetch all users from the database
+    users = User.query.all()
+    return render_template('settings.html', users=users)
+
+@bp.route('/quality')
+def quality():
+    if 'role' not in session or session['role'] not in ['superadmin', 'quality']:
+        flash('Access denied: Quality users only.')
+        return redirect(url_for('main.dashboard'))
+    return render_template('quality.html')
+
+@bp.route('/warehouse')
+def warehouse():
+    if 'role' not in session or session['role'] not in ['superadmin', 'warehouse']:
+        flash('Access denied: Warehouse users only.')
+        return redirect(url_for('main.dashboard'))
+    return render_template('warehouse.html')
+
+@bp.route('/scan')
+def scan():
+    if 'role' not in session or session['role'] not in ['superadmin', 'scan']:
+        flash('Access denied: Scan users only.')
+        return redirect(url_for('main.dashboard'))
+    return render_template('scan.html')
+
@bp.route('/logout')
 def logout():
    session.pop('user', None)
+    session.pop('role', None)
    return redirect(url_for('main.login'))

-@bp.route('/settings')
-def settings():
-    return render_template('settings.html')
+@bp.route('/create_user', methods=['POST'])
+def create_user():
+    if 'role' not in session or session['role'] != 'superadmin':
+        flash('Access denied: Superadmin only.')
+        return redirect(url_for('main.settings'))
+
+    username = request.form['username']
+    password = request.form['password']
+    role = request.form['role']
+
+    # Check if the username already exists
+    if User.query.filter_by(username=username).first():
+        flash('User already exists.')
+        return redirect(url_for('main.settings'))
+
+    # Create a new user
+    new_user = User(username=username, password=password, role=role)
+    db.session.add(new_user)
+    db.session.commit()
+
+    flash('User created successfully.')
+    return redirect(url_for('main.settings'))
+
+@bp.route('/edit_user', methods=['POST'])
+def edit_user():
+    if 'role' not in session or session['role'] != 'superadmin':
+        flash('Access denied: Superadmin only.')
+        return redirect(url_for('main.settings'))
+
+    user_id = request.form['user_id']
+    password = request.form['password']
+    role = request.form['role']
+
+    # Fetch the user from the database
+    user = User.query.get(user_id)
+    if not user:
+        flash('User not found.')
+        return redirect(url_for('main.settings'))
+
+    # Update the user's details
+    if password:
+        user.password = password
+    user.role = role
+    db.session.commit()
+
+    flash('User updated successfully.')
+    return redirect(url_for('main.settings'))
+
+@bp.route('/delete_user', methods=['POST'])
+def delete_user():
+    if 'role' not in session or session['role'] != 'superadmin':
+        flash('Access denied: Superadmin only.')
+        return redirect(url_for('main.settings'))
+
+    user_id = request.form['user_id']
+
+    # Fetch the user from the database
+    user = User.query.get(user_id)
+    if not user:
+        flash('User not found.')
+        return redirect(url_for('main.settings'))
+
+    # Delete the user
+    db.session.delete(user)
+    db.session.commit()
+
+    flash('User deleted successfully.')
+    return redirect(url_for('main.settings'))