from flask import Blueprint, render_template, redirect, url_for, request, flash, session from .models import User from . import db bp = Blueprint('main', __name__) @bp.route('/login', methods=['GET', 'POST']) def login(): if request.method == 'POST': username = request.form['username'] password = request.form['password'] user = User.query.filter_by(username=username, password=password).first() if user: session['user'] = user.username session['role'] = user.role return redirect(url_for('main.dashboard')) else: flash('Invalid credentials. Please try again.') return render_template('login.html') @bp.route('/dashboard') def dashboard(): if 'user' not in session: return redirect(url_for('main.login')) return render_template('dashboard.html') @bp.route('/settings') def settings(): if 'role' not in session or session['role'] != 'superadmin': flash('Access denied: Superadmin only.') return redirect(url_for('main.dashboard')) # Fetch all users from the database users = User.query.all() return render_template('settings.html', users=users) @bp.route('/quality') def quality(): if 'role' not in session or session['role'] not in ['superadmin', 'quality']: flash('Access denied: Quality users only.') return redirect(url_for('main.dashboard')) return render_template('quality.html') @bp.route('/warehouse') def warehouse(): if 'role' not in session or session['role'] not in ['superadmin', 'warehouse']: flash('Access denied: Warehouse users only.') return redirect(url_for('main.dashboard')) return render_template('warehouse.html') @bp.route('/scan') def scan(): if 'role' not in session or session['role'] not in ['superadmin', 'scan']: flash('Access denied: Scan users only.') return redirect(url_for('main.dashboard')) return render_template('scan.html') @bp.route('/logout') def logout(): session.pop('user', None) session.pop('role', None) return redirect(url_for('main.login')) @bp.route('/create_user', methods=['POST']) def create_user(): if 'role' not in session or session['role'] != 'superadmin': flash('Access denied: Superadmin only.') return redirect(url_for('main.settings')) username = request.form['username'] password = request.form['password'] role = request.form['role'] # Check if the username already exists if User.query.filter_by(username=username).first(): flash('User already exists.') return redirect(url_for('main.settings')) # Create a new user new_user = User(username=username, password=password, role=role) db.session.add(new_user) db.session.commit() flash('User created successfully.') return redirect(url_for('main.settings')) @bp.route('/edit_user', methods=['POST']) def edit_user(): if 'role' not in session or session['role'] != 'superadmin': flash('Access denied: Superadmin only.') return redirect(url_for('main.settings')) user_id = request.form['user_id'] password = request.form['password'] role = request.form['role'] # Fetch the user from the database user = User.query.get(user_id) if not user: flash('User not found.') return redirect(url_for('main.settings')) # Update the user's details if password: user.password = password user.role = role db.session.commit() flash('User updated successfully.') return redirect(url_for('main.settings')) @bp.route('/delete_user', methods=['POST']) def delete_user(): if 'role' not in session or session['role'] != 'superadmin': flash('Access denied: Superadmin only.') return redirect(url_for('main.settings')) user_id = request.form['user_id'] # Fetch the user from the database user = User.query.get(user_id) if not user: flash('User not found.') return redirect(url_for('main.settings')) # Delete the user db.session.delete(user) db.session.commit() flash('User deleted successfully.') return redirect(url_for('main.settings'))