diff --git a/run.py b/run.py index 3210dc5..9c4a1ca 100644 --- a/run.py +++ b/run.py @@ -1,16 +1,18 @@ from flask import Flask, render_template, request, redirect, flash, session, abort, send_file -from storage import Directory, Option, Task -from storage import LocalStorage, DuplicateDirectoryException +from storage import Directory, Option, Task, User +from storage import LocalStorage, DuplicateDirectoryException, DuplicateUserException from crawler import RunningTask, TaskManager import json import os import shutil +import bcrypt import config import humanfriendly from search import Search from PIL import Image from io import BytesIO + app = Flask(__name__) app.secret_key = "A very secret key" storage = LocalStorage(config.db_path) @@ -32,6 +34,59 @@ def get_dir_size(path): return size +@app.route("/user/") +def user_manage(user): + + return user + + +@app.route("/logout") +def logout(): + session.pop("username") + session.pop("admin") + flash("Successfully logged out", "success") + return redirect("/") + + +@app.route("/login", methods=['POST']) +def login(): + username = request.form["username"] + password = request.form["password"] + + if storage.auth_user(username, password): + session["username"] = username + session["admin"] = storage.users()[username].admin + + print(session["admin"]) + flash("Successfully logged in", "success") + else: + flash("Invalid username or password", "danger") + + return redirect("/") + + +@app.route("/user") +def user_page(): + + return render_template("user.html", users=storage.users()) + + +@app.route("/user/add", methods=['POST']) +def user_add(): + + username = request.form["username"] + password = bcrypt.hashpw(request.form["password"].encode("utf-8"), bcrypt.gensalt(config.bcrypt_rounds)) + is_admin = True if "is_admin" in request.form else False + + try: + storage.save_user(User(username, password, is_admin)) + flash("Created new user", "success") + except DuplicateUserException: + flash("Couldn't create user Make sure that the username is unique", "danger") + + return redirect("/user") + + @app.route("/suggest") def suggest(): diff --git a/storage.py b/storage.py index e9464a6..62f3ba1 100644 --- a/storage.py +++ b/storage.py @@ -388,4 +388,36 @@ class LocalStorage: conn.commit() c.close() - conn.close() \ No newline at end of file + conn.close() + + def set_access(self, username, dir_id, has_access): + + conn = sqlite3.connect(self.db_path) + c = conn.cursor() + + if has_access: + try: + c.execute("INSERT INTO User_canRead_Directory VALUES (?,?)", (username, dir_id)) + except sqlite3.IntegrityError: + pass + else: + c.execute("DELETE FROM User_canRead_Directory WHERE username=? AND directory_id=?", (username, dir_id)) + + conn.commit() + c.close() + conn.close() + + def get_access(self, username): + + conn = sqlite3.connect(self.db_path) + c = conn.cursor() + + c.execute("SELECT * FROM User_canRead_Directory WHERE username=?", (username,)) + + accesses = c.fetchall() + access_list = [] + + for access in accesses: + access_list.append(access[1]) + + return access_list \ No newline at end of file diff --git a/templates/layout.html b/templates/layout.html index e65b702..c2e55a4 100644 --- a/templates/layout.html +++ b/templates/layout.html @@ -65,15 +65,27 @@
  • Tasks
    • +
  • + Users +
  • Dashboard
    • -
    - - - -
    + + {% if session["username"] %} + + Logged in as {{ session["username"] }} + {% if session["admin"] %}(Admin){% endif %} + + Logout + {% else %} +
    + + + +
    + {% endif %} diff --git a/templates/user.html b/templates/user.html new file mode 100644 index 0000000..ee92f40 --- /dev/null +++ b/templates/user.html @@ -0,0 +1,61 @@ +{% extends "layout.html" %} + +{% set active_page = "user" %} + +{% block body %} + +
    +
    +
    Create user
    +
    + +
    + +
    +
    +
    + + +
    +
    + +
    + +
    + +
    + +
    +
    +
    + +
    +
    Users
    +
    + + + + + + + + + + + {% for user in users %} + + + + + + {% endfor %} + + +
    UserAdminActions
    {{ user }}Manage
    + +
    +
    + +
    + +{% endblock body %} \ No newline at end of file diff --git a/templates/user_manage.html b/templates/user_manage.html new file mode 100644 index 0000000..e42ab9c --- /dev/null +++ b/templates/user_manage.html @@ -0,0 +1,33 @@ +{% extends "layout.html" %} + +{% block body %} + +
    +
    Directory permissions
    +
    + + + + + + + + + + {% for user in users %} + + + + + + {% endfor %} + + +
    DirectorySearch access
    {{ user }}Manage
    + +
    +
    + + + +{% endblock body %} \ No newline at end of file diff --git a/test/test_LocalStorage.py b/test/test_LocalStorage.py index f572e42..f83d504 100644 --- a/test/test_LocalStorage.py +++ b/test/test_LocalStorage.py @@ -2,8 +2,6 @@ from unittest import TestCase from storage import LocalStorage, Directory, DuplicateDirectoryException, User, DuplicateUserException, Option, Task import os -import os - dir_name = os.path.dirname(os.path.abspath(__file__)) @@ -219,4 +217,20 @@ class LocalStorageTest(TestCase): with self.assertRaises(KeyError): _ = s2.tasks()[task_id] + def test_set_access(self): + s = LocalStorage(dir_name + "/test_database.db") + + dir_id = s.save_directory(Directory("/some/dir", True, [], "my dir")) + dir_id2 = s.save_directory(Directory("/some/dir2", True, [], "my dir2")) + dir_id3 = s.save_directory(Directory("/some/dir3", True, [], "my dir3")) + s.save_user(User("bob", b"", False)) + + s.set_access("bob", dir_id, True) + s.set_access("bob", dir_id2, True) + s.set_access("bob", dir_id3, True) + s.set_access("bob", dir_id3, False) + + self.assertEqual(s.get_access("bob"), [dir_id, dir_id2]) + +