Compare commits
14 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 06ab3e1f4d | |||
| a2c79c80bc | |||
| 7ac66ae3ba | |||
| 444a1df1aa | |||
| 0581b5c5e9 | |||
| 2faf284a0e | |||
| 025e03f9ce | |||
| a96e103733 | |||
| b636d06908 | |||
| a85461711c | |||
| bf0a50ad57 | |||
| 9212ad04f5 | |||
| 1931e07013 | |||
| c81aa882e9 |
@@ -203,6 +203,7 @@ jobs:
|
||||
expose:
|
||||
- "8000"
|
||||
volumes:
|
||||
- ./config.json:/app/config.json:ro
|
||||
- app_uploads:/app/Web/uploads
|
||||
- app_thumbnails:/app/Web/thumbnails
|
||||
- app_previews:/app/Web/previews
|
||||
@@ -225,6 +226,7 @@ jobs:
|
||||
cp stop.sh release-bundle/stop.sh
|
||||
cp restart.sh release-bundle/restart.sh
|
||||
cp backup.sh release-bundle/backup.sh
|
||||
cp config.json release-bundle/config.json
|
||||
cp update.sh release-bundle/update.sh
|
||||
cp init-admin.sh release-bundle/init-admin.sh
|
||||
|
||||
|
||||
@@ -0,0 +1,180 @@
|
||||
# GoBD Hardening Change Report (2026-04-10)
|
||||
|
||||
## Scope
|
||||
This change set implements core hardening measures for GoBD-oriented operation:
|
||||
|
||||
1. Soft-delete instead of hard-delete for inventory and borrowing records.
|
||||
2. Tamper-evident audit log chain for critical accounting/inventory events.
|
||||
3. Invoice immutability model with correction entries instead of overwrite.
|
||||
|
||||
## Implemented Changes
|
||||
|
||||
### 1) Tamper-evident audit chain
|
||||
|
||||
- New module: `Web/audit_log.py`
|
||||
- Audit entries are chained by hash (`prev_hash` -> `entry_hash`) with monotonic `chain_index`.
|
||||
- Canonical JSON serialization is used to make hashing deterministic.
|
||||
|
||||
Current fields per audit event:
|
||||
- `event_type`
|
||||
- `actor`
|
||||
- `source`
|
||||
- `ip`
|
||||
- `payload`
|
||||
- `timestamp`
|
||||
- `created_at`
|
||||
- `prev_hash`
|
||||
- `entry_hash`
|
||||
- `chain_index`
|
||||
|
||||
Integrated event writes in:
|
||||
- Item soft-delete flow
|
||||
- Invoice creation
|
||||
- Invoice paid marking
|
||||
- Invoice finalize+repair
|
||||
- Invoice correction entry creation
|
||||
|
||||
### 1b) Audit operational controls (phase 2)
|
||||
|
||||
- Added index management in `Web/audit_log.py`:
|
||||
- Unique index on `chain_index`
|
||||
- Additional indexes on `created_at` and `event_type`
|
||||
- Added chain verification function in `Web/audit_log.py`.
|
||||
- Added CLI verification tool: `Web/verify_audit_chain.py`.
|
||||
- Added admin verification endpoint:
|
||||
- `GET /admin/audit/verify`
|
||||
- Returns chain integrity result (`200` if valid, `409` on mismatch).
|
||||
- Added lazy index provisioning helper invoked in admin borrowing views.
|
||||
|
||||
### 2) Soft-delete conversion
|
||||
|
||||
#### Inventory items
|
||||
|
||||
- Deletion endpoint now marks records logically deleted:
|
||||
- `Deleted: true`
|
||||
- `DeletedAt`
|
||||
- `DeletedBy`
|
||||
- `LastUpdated`
|
||||
- `Verfuegbar: false`
|
||||
- Item-linked borrow records are also logically deleted (`Status: deleted`) instead of physically removed.
|
||||
- Image files are no longer physically deleted in this flow.
|
||||
|
||||
#### Borrow records
|
||||
|
||||
- `remove_ausleihung` changed to set `Status: deleted` + timestamps.
|
||||
- Retrieval helpers now exclude deleted records by default.
|
||||
|
||||
#### Item reads
|
||||
|
||||
- Item helper queries now exclude `Deleted: true` records.
|
||||
- Grouped item lookups and appointment queries also exclude deleted records.
|
||||
- Code uniqueness checks ignore deleted records, allowing controlled code reuse.
|
||||
|
||||
### 3) Invoice immutability and correction flow
|
||||
|
||||
- Invoice creation now blocks overwrite if an invoice already exists for the borrow record.
|
||||
- New lock marker on invoice creation/update path: `InvoiceLocked: true`.
|
||||
- New correction endpoint:
|
||||
- `POST /admin/borrowings/<borrow_id>/invoice/correction`
|
||||
- Appends entries to `InvoiceCorrections`
|
||||
- Does not mutate existing `InvoiceData` body
|
||||
- Requires correction reason
|
||||
- Supports optional amount delta
|
||||
|
||||
### 3b) UI integration for correction flow (phase 2)
|
||||
|
||||
- Added correction action forms in:
|
||||
- `Web/templates/admin_borrowings.html`
|
||||
- `Web/templates/library_borrowings_admin.html`
|
||||
- Added correction count display (`invoice_corrections_count`) in both admin tables.
|
||||
|
||||
## Detailed File-Level Review
|
||||
|
||||
### `Web/audit_log.py`
|
||||
|
||||
- Introduces chain-based audit persistence.
|
||||
- Uses last chain entry to calculate next `chain_index` and hash.
|
||||
- Adds explicit index provisioning and full chain verification routine.
|
||||
- Tradeoff: application-level sequencing is improved by unique index, but concurrent peak writes may still require retry logic around duplicate key conflicts.
|
||||
|
||||
### `Web/verify_audit_chain.py`
|
||||
|
||||
- New CLI operational tool for manual/cron verification.
|
||||
- Returns non-zero exit code on chain mismatch.
|
||||
|
||||
### `Web/app.py`
|
||||
|
||||
- Added `_append_audit_event(...)` helper and integrated it at critical event boundaries.
|
||||
- Inventory API routes now hide soft-deleted items.
|
||||
- `delete_item` changed from destructive deletion to soft-delete semantics.
|
||||
- Invoice route now rejects overwrite and requires correction route for changes.
|
||||
- Added correction route with immutable invoice core.
|
||||
- Added admin audit verification route and lazy audit index initialization helper.
|
||||
|
||||
Behavioral impact:
|
||||
- Deleted items no longer disappear from DB; they are hidden from normal views.
|
||||
- Existing UI actions for delete continue to work, but now preserve evidence.
|
||||
- Invoice re-creation attempts now return warning and redirect.
|
||||
|
||||
### `Web/items.py`
|
||||
|
||||
- Introduced `_active_record_query(...)` and applied it across item retrieval APIs.
|
||||
- Converted `remove_item` to soft-delete update.
|
||||
- Updated maintenance reset (`unstuck_item`) to status updates instead of `delete_many`.
|
||||
|
||||
Behavioral impact:
|
||||
- Item-level DB history is preserved.
|
||||
- Legacy scripts relying on hard delete semantics may need adaptation.
|
||||
|
||||
### `Web/ausleihung.py`
|
||||
|
||||
- Converted `remove_ausleihung` to soft-delete by status.
|
||||
- Default retrieval paths now exclude deleted records.
|
||||
|
||||
Behavioral impact:
|
||||
- Borrowing history remains in DB for traceability.
|
||||
|
||||
## Validation Performed
|
||||
|
||||
- Static diagnostics reported no errors in modified files:
|
||||
- `Web/app.py`
|
||||
- `Web/items.py`
|
||||
- `Web/ausleihung.py`
|
||||
- `Web/audit_log.py`
|
||||
|
||||
- Additional phase-2 checks:
|
||||
- `python3 -m py_compile Web/app.py Web/audit_log.py Web/verify_audit_chain.py`
|
||||
- No syntax errors
|
||||
- Template diagnostics:
|
||||
- `Web/templates/admin_borrowings.html` no errors
|
||||
- `Web/templates/library_borrowings_admin.html` no errors
|
||||
|
||||
## Residual Risks / Open Points
|
||||
|
||||
1. Concurrency hardening for audit chain:
|
||||
- Current chain append may produce collisions under parallel writes.
|
||||
- Recommendation: transaction or optimistic retry with unique index on `chain_index`.
|
||||
|
||||
2. Broader query coverage:
|
||||
- Some direct Mongo queries outside helper paths may still need explicit `Deleted != true` filters.
|
||||
|
||||
3. Formal GoBD process requirements beyond code:
|
||||
- Verfahrensdokumentation must be updated.
|
||||
- WORM/immutable storage for exported archives should be enforced externally.
|
||||
- Operational controls (RBAC review, periodic reconciliation, restore drills) should be documented.
|
||||
|
||||
## Recommended Next Steps
|
||||
|
||||
1. Add retry strategy for audit write conflicts:
|
||||
- Retry `append_audit_event` on duplicate `chain_index` key errors.
|
||||
|
||||
2. Add admin UI page for chain status and recent audit events:
|
||||
- Human-readable inspection view on top of `/admin/audit/verify`.
|
||||
|
||||
3. Add policy enforcement tests:
|
||||
- Ensure invoice overwrite is blocked.
|
||||
- Ensure soft-deleted records are hidden in APIs.
|
||||
- Ensure deletion endpoints never call physical delete operators.
|
||||
|
||||
4. Infrastructure-level immutability:
|
||||
- Push periodic audit snapshots and invoice archives to immutable/WORM storage.
|
||||
@@ -1,5 +1,7 @@
|
||||
# Inventarsystem
|
||||
|
||||
[](https://github.com/AIIrondev/legendary-octo-garbanzo/actions/workflows/release-docker.yml)
|
||||
|
||||
[](https://wakatime.com/badge/user/30b8509f-5e17-4d16-b6b8-3ca0f3f936d3/project/8a380b7f-389f-4a7e-8877-0fe9e1a4c243)
|
||||
|
||||
**Aktuelle Version: 3.2.1**
|
||||
|
||||
Binary file not shown.
Binary file not shown.
Binary file not shown.
+1098
-34
File diff suppressed because it is too large
Load Diff
@@ -0,0 +1,149 @@
|
||||
"""
|
||||
Tamper-evident audit logging helpers.
|
||||
|
||||
The audit chain stores each entry with a hash of the previous entry.
|
||||
Any mutation in history breaks the chain verification.
|
||||
"""
|
||||
|
||||
import datetime
|
||||
import hashlib
|
||||
import json
|
||||
import random
|
||||
import time
|
||||
|
||||
from pymongo.errors import DuplicateKeyError
|
||||
|
||||
|
||||
def _stable_json(value):
|
||||
"""Serialize dictionaries in a stable way for deterministic hashing."""
|
||||
return json.dumps(value, sort_keys=True, separators=(",", ":"), ensure_ascii=False, default=str)
|
||||
|
||||
|
||||
def _entry_hash(prev_hash, payload):
|
||||
"""Build the chained entry hash from previous hash + canonical payload."""
|
||||
base = f"{prev_hash}|{_stable_json(payload)}"
|
||||
return hashlib.sha256(base.encode("utf-8")).hexdigest()
|
||||
|
||||
|
||||
def append_audit_event(db, event_type, actor, payload, request_ip=None, source="web", max_retries=5):
|
||||
"""
|
||||
Append an audit event to a tamper-evident chain.
|
||||
|
||||
Args:
|
||||
db: MongoDB database handle.
|
||||
event_type (str): Event category.
|
||||
actor (str): User/system who performed the action.
|
||||
payload (dict): Event details.
|
||||
request_ip (str, optional): Request origin.
|
||||
source (str): Source subsystem.
|
||||
|
||||
Returns:
|
||||
dict: Inserted audit entry.
|
||||
"""
|
||||
logs = db["audit_log"]
|
||||
attempts = 0
|
||||
|
||||
while attempts <= max_retries:
|
||||
previous = logs.find_one(sort=[("chain_index", -1)])
|
||||
prev_hash = previous.get("entry_hash", "") if previous else ""
|
||||
chain_index = int(previous.get("chain_index", 0)) + 1 if previous else 1
|
||||
|
||||
timestamp = datetime.datetime.utcnow()
|
||||
entry_payload = {
|
||||
"event_type": event_type,
|
||||
"actor": actor or "system",
|
||||
"source": source,
|
||||
"ip": request_ip or "",
|
||||
"payload": payload or {},
|
||||
"timestamp": timestamp.isoformat() + "Z",
|
||||
}
|
||||
|
||||
entry_hash = _entry_hash(prev_hash, entry_payload)
|
||||
|
||||
entry = {
|
||||
**entry_payload,
|
||||
"created_at": timestamp,
|
||||
"prev_hash": prev_hash,
|
||||
"entry_hash": entry_hash,
|
||||
"chain_index": chain_index,
|
||||
}
|
||||
|
||||
try:
|
||||
logs.insert_one(entry)
|
||||
return entry
|
||||
except DuplicateKeyError:
|
||||
attempts += 1
|
||||
if attempts > max_retries:
|
||||
raise
|
||||
# Exponential backoff with jitter to avoid retry storms.
|
||||
delay = min(0.25, (0.005 * (2 ** attempts)) + random.random() * 0.01)
|
||||
time.sleep(delay)
|
||||
|
||||
|
||||
def ensure_audit_indexes(db):
|
||||
"""Create indexes required for fast and safe audit operations."""
|
||||
logs = db["audit_log"]
|
||||
logs.create_index("chain_index", unique=True, name="audit_chain_index_unique")
|
||||
logs.create_index("created_at", name="audit_created_at_idx")
|
||||
logs.create_index("event_type", name="audit_event_type_idx")
|
||||
|
||||
|
||||
def verify_audit_chain(db):
|
||||
"""Verify hash chain integrity across all stored audit entries."""
|
||||
logs = db["audit_log"]
|
||||
entries = list(logs.find({}, {"_id": 1, "event_type": 1, "actor": 1, "source": 1, "ip": 1, "payload": 1, "timestamp": 1, "prev_hash": 1, "entry_hash": 1, "chain_index": 1}).sort("chain_index", 1))
|
||||
|
||||
previous_hash = ""
|
||||
previous_index = 0
|
||||
mismatches = []
|
||||
|
||||
for entry in entries:
|
||||
chain_index = int(entry.get("chain_index", 0))
|
||||
prev_hash = entry.get("prev_hash", "")
|
||||
entry_hash = entry.get("entry_hash", "")
|
||||
|
||||
payload = {
|
||||
"event_type": entry.get("event_type", ""),
|
||||
"actor": entry.get("actor", ""),
|
||||
"source": entry.get("source", ""),
|
||||
"ip": entry.get("ip", ""),
|
||||
"payload": entry.get("payload", {}),
|
||||
"timestamp": entry.get("timestamp", ""),
|
||||
}
|
||||
|
||||
expected_hash = _entry_hash(previous_hash, payload)
|
||||
|
||||
if chain_index != previous_index + 1:
|
||||
mismatches.append({
|
||||
"chain_index": chain_index,
|
||||
"error": "chain_index_gap",
|
||||
"expected": previous_index + 1,
|
||||
"found": chain_index,
|
||||
})
|
||||
|
||||
if prev_hash != previous_hash:
|
||||
mismatches.append({
|
||||
"chain_index": chain_index,
|
||||
"error": "prev_hash_mismatch",
|
||||
"expected": previous_hash,
|
||||
"found": prev_hash,
|
||||
})
|
||||
|
||||
if entry_hash != expected_hash:
|
||||
mismatches.append({
|
||||
"chain_index": chain_index,
|
||||
"error": "entry_hash_mismatch",
|
||||
"expected": expected_hash,
|
||||
"found": entry_hash,
|
||||
})
|
||||
|
||||
previous_hash = entry_hash
|
||||
previous_index = chain_index
|
||||
|
||||
return {
|
||||
"ok": len(mismatches) == 0,
|
||||
"count": len(entries),
|
||||
"last_chain_index": previous_index,
|
||||
"last_hash": previous_hash,
|
||||
"mismatches": mismatches,
|
||||
}
|
||||
+19
-11
@@ -365,8 +365,7 @@ def cancel_ausleihung(id):
|
||||
|
||||
def remove_ausleihung(id):
|
||||
"""
|
||||
Entfernt einen Ausleihungsdatensatz aus der Datenbank.
|
||||
Hinweis: Normalerweise ist es besser, Datensätze zu markieren als sie zu löschen.
|
||||
Markiert einen Ausleihungsdatensatz als gelöscht (Soft-Delete).
|
||||
|
||||
Args:
|
||||
id (str): ID des zu entfernenden Ausleihungsdatensatzes
|
||||
@@ -378,9 +377,17 @@ def remove_ausleihung(id):
|
||||
client = MongoClient(cfg.MONGODB_HOST, cfg.MONGODB_PORT)
|
||||
db = client[cfg.MONGODB_DB]
|
||||
ausleihungen = db['ausleihungen']
|
||||
result = ausleihungen.delete_one({'_id': ObjectId(id)})
|
||||
now = datetime.datetime.now()
|
||||
result = ausleihungen.update_one(
|
||||
{'_id': ObjectId(id), 'Status': {'$ne': 'deleted'}},
|
||||
{'$set': {
|
||||
'Status': 'deleted',
|
||||
'DeletedAt': now,
|
||||
'LastUpdated': now,
|
||||
}}
|
||||
)
|
||||
client.close()
|
||||
return result.deleted_count > 0
|
||||
return result.modified_count > 0
|
||||
except Exception as e:
|
||||
# print(f"Error removing ausleihung: {e}") # Log the error
|
||||
return False
|
||||
@@ -429,14 +436,15 @@ def get_ausleihungen(status=None, start=None, end=None, date_filter='overlap'):
|
||||
collection = db['ausleihungen']
|
||||
|
||||
# Query erstellen
|
||||
query = {}
|
||||
query = {'Status': {'$ne': 'deleted'}}
|
||||
|
||||
# Status-Filter hinzufügen
|
||||
if status is not None:
|
||||
if isinstance(status, list):
|
||||
query['Status'] = {'$in': status}
|
||||
allowed_status = [s for s in status if s != 'deleted']
|
||||
query['Status'] = {'$in': allowed_status}
|
||||
else:
|
||||
query['Status'] = status
|
||||
query['Status'] = status if status != 'deleted' else '__blocked_deleted_status__'
|
||||
|
||||
# Datum parsen, wenn als String angegeben
|
||||
if start is not None and isinstance(start, str):
|
||||
@@ -561,7 +569,7 @@ def get_ausleihung_by_user(user_id, status=None, use_client_side_verification=Tr
|
||||
db = client[cfg.MONGODB_DB]
|
||||
ausleihungen = db['ausleihungen']
|
||||
|
||||
query = {'User': user_id}
|
||||
query = {'User': user_id, 'Status': {'$ne': 'deleted'}}
|
||||
|
||||
# Wenn clientseitige Verifikation verwendet wird, holen wir ALLE Ausleihungen
|
||||
# und filtern später clientseitig
|
||||
@@ -610,12 +618,12 @@ def get_ausleihung_by_user(user_id, status=None, use_client_side_verification=Tr
|
||||
|
||||
# Status-Matching
|
||||
if isinstance(status, list):
|
||||
if current_status in status:
|
||||
if current_status in status and current_status != 'deleted':
|
||||
# Status aktualisieren und zur Ergebnismenge hinzufügen
|
||||
ausleihung['VerifiedStatus'] = current_status
|
||||
filtered_results.append(ausleihung)
|
||||
else:
|
||||
if current_status == status:
|
||||
if current_status == status and current_status != 'deleted':
|
||||
# Status aktualisieren und zur Ergebnismenge hinzufügen
|
||||
ausleihung['VerifiedStatus'] = current_status
|
||||
filtered_results.append(ausleihung)
|
||||
@@ -644,7 +652,7 @@ def get_ausleihung_by_item(item_id, status=None, include_history=False):
|
||||
ausleihungen = db['ausleihungen']
|
||||
|
||||
# Build query
|
||||
query = {'Item': item_id}
|
||||
query = {'Item': item_id, 'Status': {'$ne': 'deleted'}}
|
||||
if status and not include_history:
|
||||
query['Status'] = status
|
||||
|
||||
|
||||
+45
-22
@@ -43,6 +43,14 @@ def _non_library_query(extra_query=None):
|
||||
return base_query
|
||||
|
||||
|
||||
def _active_record_query(extra_query=None):
|
||||
"""Build a query that excludes logically deleted records."""
|
||||
base_query = {'Deleted': {'$ne': True}}
|
||||
if extra_query:
|
||||
base_query.update(extra_query)
|
||||
return base_query
|
||||
|
||||
|
||||
# === ITEM MANAGEMENT ===
|
||||
|
||||
def add_item(name, ort, beschreibung, images=None, filter=None, filter2=None, filter3=None,
|
||||
@@ -118,7 +126,7 @@ def add_item(name, ort, beschreibung, images=None, filter=None, filter2=None, fi
|
||||
|
||||
def remove_item(id):
|
||||
"""
|
||||
Remove an item from the inventory.
|
||||
Soft-delete an item from the inventory.
|
||||
|
||||
Args:
|
||||
id (str): ID of the item to remove
|
||||
@@ -130,9 +138,17 @@ def remove_item(id):
|
||||
client = MongoClient(cfg.MONGODB_HOST, cfg.MONGODB_PORT)
|
||||
db = client[cfg.MONGODB_DB]
|
||||
items = db['items']
|
||||
result = items.delete_one({'_id': ObjectId(id)})
|
||||
result = items.update_one(
|
||||
{'_id': ObjectId(id), 'Deleted': {'$ne': True}},
|
||||
{'$set': {
|
||||
'Deleted': True,
|
||||
'DeletedAt': datetime.datetime.now(),
|
||||
'LastUpdated': datetime.datetime.now(),
|
||||
'Verfuegbar': False,
|
||||
}}
|
||||
)
|
||||
client.close()
|
||||
return result.deleted_count > 0
|
||||
return result.modified_count > 0
|
||||
except Exception as e:
|
||||
print(f"Error removing item: {e}")
|
||||
return False
|
||||
@@ -155,7 +171,7 @@ def get_group_item_ids(id):
|
||||
db = client[cfg.MONGODB_DB]
|
||||
items = db['items']
|
||||
|
||||
base_item = items.find_one({'_id': ObjectId(id)})
|
||||
base_item = items.find_one(_active_record_query({'_id': ObjectId(id)}))
|
||||
if not base_item:
|
||||
client.close()
|
||||
return []
|
||||
@@ -165,7 +181,7 @@ def get_group_item_ids(id):
|
||||
# Prefer SeriesGroupId because it represents the full logical group.
|
||||
series_group_id = base_item.get('SeriesGroupId')
|
||||
if series_group_id:
|
||||
for group_item in items.find({'SeriesGroupId': series_group_id}, {'_id': 1}):
|
||||
for group_item in items.find(_active_record_query({'SeriesGroupId': series_group_id}), {'_id': 1}):
|
||||
resolved_ids.add(str(group_item['_id']))
|
||||
else:
|
||||
resolved_ids.add(str(base_item['_id']))
|
||||
@@ -173,10 +189,10 @@ def get_group_item_ids(id):
|
||||
parent_item_id = base_item.get('ParentItemId')
|
||||
if parent_item_id:
|
||||
resolved_ids.add(str(parent_item_id))
|
||||
for sibling in items.find({'ParentItemId': str(parent_item_id), 'IsGroupedSubItem': True}, {'_id': 1}):
|
||||
for sibling in items.find(_active_record_query({'ParentItemId': str(parent_item_id), 'IsGroupedSubItem': True}), {'_id': 1}):
|
||||
resolved_ids.add(str(sibling['_id']))
|
||||
else:
|
||||
for child in items.find({'ParentItemId': str(base_item['_id']), 'IsGroupedSubItem': True}, {'_id': 1}):
|
||||
for child in items.find(_active_record_query({'ParentItemId': str(base_item['_id']), 'IsGroupedSubItem': True}), {'_id': 1}):
|
||||
resolved_ids.add(str(child['_id']))
|
||||
|
||||
client.close()
|
||||
@@ -342,7 +358,7 @@ def is_code_unique(code_4, exclude_id=None):
|
||||
items = db['items']
|
||||
|
||||
# Build query to find items with this code
|
||||
query = {'Code_4': code_4}
|
||||
query = {'Code_4': code_4, 'Deleted': {'$ne': True}}
|
||||
|
||||
# If we're editing an item, exclude it from the uniqueness check
|
||||
if exclude_id:
|
||||
@@ -368,7 +384,7 @@ def get_items():
|
||||
client = MongoClient(cfg.MONGODB_HOST, cfg.MONGODB_PORT)
|
||||
db = client[cfg.MONGODB_DB]
|
||||
items = db['items']
|
||||
items_return = items.find(_non_library_query())
|
||||
items_return = items.find(_active_record_query(_non_library_query()))
|
||||
items_list = []
|
||||
for item in items_return:
|
||||
item['_id'] = str(item['_id'])
|
||||
@@ -391,7 +407,7 @@ def get_available_items():
|
||||
client = MongoClient(cfg.MONGODB_HOST, cfg.MONGODB_PORT)
|
||||
db = client[cfg.MONGODB_DB]
|
||||
items = db['items']
|
||||
items_return = items.find(_non_library_query({'Verfuegbar': True}))
|
||||
items_return = items.find(_active_record_query(_non_library_query({'Verfuegbar': True})))
|
||||
items_list = []
|
||||
for item in items_return:
|
||||
item['_id'] = str(item['_id'])
|
||||
@@ -414,7 +430,7 @@ def get_borrowed_items():
|
||||
client = MongoClient(cfg.MONGODB_HOST, cfg.MONGODB_PORT)
|
||||
db = client[cfg.MONGODB_DB]
|
||||
items = db['items']
|
||||
items_return = items.find(_non_library_query({'Verfuegbar': False}))
|
||||
items_return = items.find(_active_record_query(_non_library_query({'Verfuegbar': False})))
|
||||
items_list = []
|
||||
for item in items_return:
|
||||
item['_id'] = str(item['_id'])
|
||||
@@ -440,7 +456,7 @@ def get_item(id):
|
||||
client = MongoClient(cfg.MONGODB_HOST, cfg.MONGODB_PORT)
|
||||
db = client[cfg.MONGODB_DB]
|
||||
items = db['items']
|
||||
item = items.find_one({'_id': ObjectId(id)})
|
||||
item = items.find_one(_active_record_query({'_id': ObjectId(id)}))
|
||||
client.close()
|
||||
return item
|
||||
except Exception as e:
|
||||
@@ -462,7 +478,7 @@ def get_item_by_name(name):
|
||||
client = MongoClient(cfg.MONGODB_HOST, cfg.MONGODB_PORT)
|
||||
db = client[cfg.MONGODB_DB]
|
||||
items = db['items']
|
||||
item = items.find_one({'Name': name})
|
||||
item = items.find_one(_active_record_query({'Name': name}))
|
||||
client.close()
|
||||
return item
|
||||
except Exception as e:
|
||||
@@ -486,13 +502,13 @@ def get_items_by_filter(filter_value):
|
||||
items = db['items']
|
||||
|
||||
# Use $or to find matches in any filter field
|
||||
query = _non_library_query({
|
||||
query = _active_record_query(_non_library_query({
|
||||
'$or': [
|
||||
{'Filter': filter_value},
|
||||
{'Filter2': filter_value},
|
||||
{'Filter3': filter_value}
|
||||
]
|
||||
})
|
||||
}))
|
||||
|
||||
results = list(items.find(query))
|
||||
client.close()
|
||||
@@ -518,7 +534,7 @@ def get_filters():
|
||||
client = MongoClient(cfg.MONGODB_HOST, cfg.MONGODB_PORT)
|
||||
db = client[cfg.MONGODB_DB]
|
||||
items = db['items']
|
||||
non_library = _non_library_query()
|
||||
non_library = _active_record_query(_non_library_query())
|
||||
filters = items.distinct('Filter', non_library)
|
||||
filters2 = items.distinct('Filter2', non_library)
|
||||
filters3 = items.distinct('Filter3', non_library)
|
||||
@@ -550,7 +566,7 @@ def get_primary_filters():
|
||||
client = MongoClient(cfg.MONGODB_HOST, cfg.MONGODB_PORT)
|
||||
db = client[cfg.MONGODB_DB]
|
||||
items = db['items']
|
||||
filters = [f for f in items.distinct('Filter', _non_library_query()) if f]
|
||||
filters = [f for f in items.distinct('Filter', _active_record_query(_non_library_query())) if f]
|
||||
client.close()
|
||||
return filters
|
||||
except Exception as e:
|
||||
@@ -569,7 +585,7 @@ def get_secondary_filters():
|
||||
client = MongoClient(cfg.MONGODB_HOST, cfg.MONGODB_PORT)
|
||||
db = client[cfg.MONGODB_DB]
|
||||
items = db['items']
|
||||
filters = [f for f in items.distinct('Filter2', _non_library_query()) if f]
|
||||
filters = [f for f in items.distinct('Filter2', _active_record_query(_non_library_query())) if f]
|
||||
client.close()
|
||||
return filters
|
||||
except Exception as e:
|
||||
@@ -588,7 +604,7 @@ def get_tertiary_filters():
|
||||
client = MongoClient(cfg.MONGODB_HOST, cfg.MONGODB_PORT)
|
||||
db = client[cfg.MONGODB_DB]
|
||||
items = db['items']
|
||||
filters = [f for f in items.distinct('Filter3', _non_library_query()) if f]
|
||||
filters = [f for f in items.distinct('Filter3', _active_record_query(_non_library_query())) if f]
|
||||
client.close()
|
||||
return filters
|
||||
except Exception as e:
|
||||
@@ -610,7 +626,7 @@ def get_item_by_code_4(code_4):
|
||||
client = MongoClient(cfg.MONGODB_HOST, cfg.MONGODB_PORT)
|
||||
db = client[cfg.MONGODB_DB]
|
||||
items = db['items']
|
||||
results = list(items.find(_non_library_query({"Code_4": code_4})))
|
||||
results = list(items.find(_active_record_query(_non_library_query({"Code_4": code_4}))))
|
||||
|
||||
# Convert ObjectId to string
|
||||
for item in results:
|
||||
@@ -640,7 +656,14 @@ def unstuck_item(id):
|
||||
client = MongoClient(cfg.MONGODB_HOST, cfg.MONGODB_PORT)
|
||||
db = client[cfg.MONGODB_DB]
|
||||
ausleihungen = db['ausleihungen']
|
||||
result = ausleihungen.delete_many({'Item': id})
|
||||
result = ausleihungen.update_many(
|
||||
{'Item': id, 'Status': {'$nin': ['cancelled', 'deleted']}},
|
||||
{'$set': {
|
||||
'Status': 'cancelled',
|
||||
'CancelledReason': 'unstuck_reset',
|
||||
'LastUpdated': datetime.datetime.now()
|
||||
}}
|
||||
)
|
||||
|
||||
# Also reset the item status
|
||||
items = db['items']
|
||||
@@ -980,7 +1003,7 @@ def get_items_with_appointments():
|
||||
db = client[cfg.MONGODB_DB]
|
||||
items = db['items']
|
||||
|
||||
items_return = items.find({'NextAppointment': {'$exists': True}})
|
||||
items_return = items.find({'NextAppointment': {'$exists': True}, 'Deleted': {'$ne': True}})
|
||||
items_list = []
|
||||
for item in items_return:
|
||||
item['_id'] = str(item['_id'])
|
||||
|
||||
@@ -10,4 +10,5 @@ python-dateutil
|
||||
pytz
|
||||
requests
|
||||
reportlab
|
||||
python-barcode
|
||||
python-barcode
|
||||
openpyxl
|
||||
@@ -0,0 +1,94 @@
|
||||
{% extends 'base.html' %}
|
||||
{% block title %}Audit Dashboard - {{ APP_VERSION }}{% endblock %}
|
||||
{% block content %}
|
||||
<div class="container" style="max-width:1400px; margin:0 auto; padding:18px;">
|
||||
<h1>Audit Dashboard</h1>
|
||||
<p>Integritätsstatus der Audit-Chain und letzte Audit-Ereignisse (max. 200 Einträge).</p>
|
||||
|
||||
<div style="display:flex; gap:10px; flex-wrap:wrap; margin:10px 0 18px;">
|
||||
<a class="btn btn-primary" href="{{ url_for('admin_audit_export', format='md') }}">Audit Review exportieren (Markdown)</a>
|
||||
<a class="btn btn-outline-secondary" href="{{ url_for('admin_audit_export', format='json') }}">Audit Review exportieren (JSON)</a>
|
||||
</div>
|
||||
|
||||
<div style="display:grid; grid-template-columns:repeat(auto-fit,minmax(220px,1fr)); gap:12px; margin:16px 0 20px;">
|
||||
<div style="padding:14px; border:1px solid #e2e8f0; border-radius:10px; background:#fff;">
|
||||
<div style="font-size:0.85rem; color:#64748b;">Chain Status</div>
|
||||
{% if verify_result.ok %}
|
||||
<div style="font-size:1.35rem; font-weight:700; color:#166534;">OK</div>
|
||||
{% else %}
|
||||
<div style="font-size:1.35rem; font-weight:700; color:#991b1b;">FEHLER</div>
|
||||
{% endif %}
|
||||
</div>
|
||||
<div style="padding:14px; border:1px solid #e2e8f0; border-radius:10px; background:#fff;">
|
||||
<div style="font-size:0.85rem; color:#64748b;">Einträge</div>
|
||||
<div style="font-size:1.35rem; font-weight:700;">{{ verify_result.count }}</div>
|
||||
</div>
|
||||
<div style="padding:14px; border:1px solid #e2e8f0; border-radius:10px; background:#fff;">
|
||||
<div style="font-size:0.85rem; color:#64748b;">Letzter Index</div>
|
||||
<div style="font-size:1.35rem; font-weight:700;">{{ verify_result.last_chain_index }}</div>
|
||||
</div>
|
||||
<div style="padding:14px; border:1px solid #e2e8f0; border-radius:10px; background:#fff;">
|
||||
<div style="font-size:0.85rem; color:#64748b;">Mismatch Count</div>
|
||||
<div style="font-size:1.35rem; font-weight:700;">{{ verify_result.mismatches|length }}</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
{% if verify_result.mismatches %}
|
||||
<div style="margin-bottom:20px; border:1px solid #fecaca; background:#fff7f7; border-radius:10px; padding:12px;">
|
||||
<h3 style="margin-top:0; color:#991b1b;">Integritätsabweichungen</h3>
|
||||
<div style="max-height:280px; overflow:auto;">
|
||||
<table class="table" style="width:100%; border-collapse:collapse;">
|
||||
<thead>
|
||||
<tr>
|
||||
<th style="text-align:left; padding:8px; border-bottom:1px solid #ddd;">Index</th>
|
||||
<th style="text-align:left; padding:8px; border-bottom:1px solid #ddd;">Typ</th>
|
||||
<th style="text-align:left; padding:8px; border-bottom:1px solid #ddd;">Expected</th>
|
||||
<th style="text-align:left; padding:8px; border-bottom:1px solid #ddd;">Found</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
{% for m in verify_result.mismatches %}
|
||||
<tr>
|
||||
<td style="padding:8px; border-bottom:1px solid #eee;">{{ m.chain_index }}</td>
|
||||
<td style="padding:8px; border-bottom:1px solid #eee;">{{ m.error }}</td>
|
||||
<td style="padding:8px; border-bottom:1px solid #eee; font-family:monospace;">{{ m.expected }}</td>
|
||||
<td style="padding:8px; border-bottom:1px solid #eee; font-family:monospace;">{{ m.found }}</td>
|
||||
</tr>
|
||||
{% endfor %}
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
</div>
|
||||
{% endif %}
|
||||
|
||||
<div style="border:1px solid #e2e8f0; border-radius:10px; background:#fff; padding:12px;">
|
||||
<h3 style="margin-top:0;">Letzte Audit-Ereignisse</h3>
|
||||
<div style="max-height:560px; overflow:auto;">
|
||||
<table class="table" style="width:100%; border-collapse:collapse;">
|
||||
<thead>
|
||||
<tr>
|
||||
<th style="text-align:left; padding:8px; border-bottom:1px solid #ddd;">Index</th>
|
||||
<th style="text-align:left; padding:8px; border-bottom:1px solid #ddd;">Zeit</th>
|
||||
<th style="text-align:left; padding:8px; border-bottom:1px solid #ddd;">Event</th>
|
||||
<th style="text-align:left; padding:8px; border-bottom:1px solid #ddd;">Actor</th>
|
||||
<th style="text-align:left; padding:8px; border-bottom:1px solid #ddd;">Hash</th>
|
||||
<th style="text-align:left; padding:8px; border-bottom:1px solid #ddd;">Payload</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
{% for row in audit_rows %}
|
||||
<tr>
|
||||
<td style="padding:8px; border-bottom:1px solid #eee;">{{ row.chain_index }}</td>
|
||||
<td style="padding:8px; border-bottom:1px solid #eee;">{{ row.timestamp or row.created_at }}</td>
|
||||
<td style="padding:8px; border-bottom:1px solid #eee;">{{ row.event_type }}</td>
|
||||
<td style="padding:8px; border-bottom:1px solid #eee;">{{ row.actor }}</td>
|
||||
<td style="padding:8px; border-bottom:1px solid #eee; font-family:monospace; font-size:0.8rem;">{{ row.entry_hash }}</td>
|
||||
<td style="padding:8px; border-bottom:1px solid #eee;"><pre style="margin:0; white-space:pre-wrap; font-size:0.8rem;">{{ row.payload }}</pre></td>
|
||||
</tr>
|
||||
{% endfor %}
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
{% endblock %}
|
||||
@@ -100,6 +100,9 @@
|
||||
{% if e.invoice_number %}
|
||||
<div style="font-weight:600;">{{ e.invoice_number }}</div>
|
||||
<div style="font-size:0.85rem; color:#666;">{{ e.invoice_amount }}</div>
|
||||
{% if e.invoice_corrections_count %}
|
||||
<div style="font-size:0.78rem; color:#7c2d12; margin-top:4px;">{{ e.invoice_corrections_count }} Korrektur(en)</div>
|
||||
{% endif %}
|
||||
{% if e.invoice_paid %}
|
||||
<div style="display:inline-block; margin-top:6px; padding:2px 8px; border-radius:999px; background:#dcfce7; color:#166534; font-size:0.75rem; font-weight:700;">Bezahlt</div>
|
||||
{% if e.invoice_paid_at %}
|
||||
@@ -129,6 +132,13 @@
|
||||
</button>
|
||||
</form>
|
||||
{% endif %}
|
||||
{% if e.invoice_number %}
|
||||
<form method="post" action="{{ url_for('admin_add_invoice_correction', borrow_id=e.id) }}" onsubmit="return confirm('Korrekturbuchung hinzufügen?');">
|
||||
<input type="text" name="correction_reason" placeholder="Korrekturgrund" required style="padding:6px; border:1px solid #ddd; border-radius:6px; min-width:160px;">
|
||||
<input type="text" name="amount_delta" placeholder="Delta (optional)" style="padding:6px; border:1px solid #ddd; border-radius:6px; width:120px;">
|
||||
<button type="submit" class="btn btn-outline-danger">Korrektur</button>
|
||||
</form>
|
||||
{% endif %}
|
||||
<form method="post" action="{{ url_for('admin_reset_borrowing', borrow_id=e.id) }}" onsubmit="return confirm('Ausleihe zurücksetzen?');">
|
||||
<button type="submit" class="btn btn-warning">Zurücksetzen</button>
|
||||
</form>
|
||||
|
||||
+10
-66
@@ -7,7 +7,7 @@
|
||||
For commercial licensing inquiries: https://github.com/AIIrondev
|
||||
-->
|
||||
<!DOCTYPE html>
|
||||
<html lang="en" data-module="inventory">
|
||||
<html lang="en" data-module="{{ CURRENT_MODULE }}">
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=5.0, user-scalable=yes">
|
||||
@@ -20,8 +20,8 @@
|
||||
<link rel="preconnect" href="https://fonts.googleapis.com">
|
||||
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
|
||||
<link href="https://fonts.googleapis.com/css2?family=Manrope:wght@400;500;600;700;800&display=swap" rel="stylesheet">
|
||||
<link rel="stylesheet" href="{{ url_for('static', filename='css/styles.css', v=APP_VERSION) }}">
|
||||
<link rel="stylesheet" href="{{ url_for('static', filename='css/planned_appointments.css', v=APP_VERSION) }}">
|
||||
<link rel="stylesheet" href="{{ url_for('static', filename='css/styles.css', v=ASSET_VERSION) }}">
|
||||
<link rel="stylesheet" href="{{ url_for('static', filename='css/planned_appointments.css', v=ASSET_VERSION) }}">
|
||||
<link rel="icon" href="{{ url_for('static', filename='favicon.ico') }}">
|
||||
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0-alpha1/dist/js/bootstrap.bundle.min.js"></script>
|
||||
<style>
|
||||
@@ -369,7 +369,7 @@
|
||||
<span class="module-label">Module:</span>
|
||||
<div class="module-tabs">
|
||||
<a href="{{ url_for('home') }}"
|
||||
class="module-tab"
|
||||
class="module-tab {% if CURRENT_MODULE == 'inventory' %}active{% endif %}"
|
||||
id="inventoryModule"
|
||||
data-module="inventory">
|
||||
📦 Inventarsystem
|
||||
@@ -377,7 +377,7 @@
|
||||
{% if library_module_enabled %}
|
||||
<div class="module-separator"></div>
|
||||
<a href="{{ url_for('library_view') }}"
|
||||
class="module-tab"
|
||||
class="module-tab {% if CURRENT_MODULE == 'library' %}active{% endif %}"
|
||||
id="libraryModule"
|
||||
data-module="library">
|
||||
📚 Bibliothek
|
||||
@@ -386,48 +386,7 @@
|
||||
</div>
|
||||
</div>
|
||||
{% endif %}
|
||||
|
||||
<script>
|
||||
(function() {
|
||||
// Detect current module based on URL and update data-module attribute
|
||||
const currentPath = window.location.pathname;
|
||||
const htmlTag = document.documentElement;
|
||||
|
||||
// Detect module and pages
|
||||
const isLibraryModule = currentPath.includes('/library') ||
|
||||
currentPath.includes('/library_admin') ||
|
||||
currentPath.includes('/library_loans') ||
|
||||
currentPath.includes('/student_cards');
|
||||
|
||||
const currentModule = isLibraryModule ? 'library' : 'inventory';
|
||||
htmlTag.setAttribute('data-module', currentModule);
|
||||
|
||||
// Update module selector tabs
|
||||
const invModule = document.getElementById('inventoryModule');
|
||||
const libModule = document.getElementById('libraryModule');
|
||||
|
||||
if (currentModule === 'library') {
|
||||
if (libModule) libModule.classList.add('active');
|
||||
if (invModule) invModule.classList.remove('active');
|
||||
} else {
|
||||
if (invModule) invModule.classList.add('active');
|
||||
if (libModule) libModule.classList.remove('active');
|
||||
}
|
||||
|
||||
// Show/hide appropriate navbar based on current module
|
||||
const invNavbar = document.getElementById('inventoryNavbar');
|
||||
const libNavbar = document.getElementById('libraryNavbar');
|
||||
|
||||
if (currentModule === 'library') {
|
||||
if (invNavbar) invNavbar.style.display = 'none';
|
||||
if (libNavbar) libNavbar.style.display = '';
|
||||
} else {
|
||||
if (invNavbar) invNavbar.style.display = '';
|
||||
if (libNavbar) libNavbar.style.display = 'none';
|
||||
}
|
||||
})();
|
||||
</script>
|
||||
|
||||
{% if CURRENT_MODULE != 'library' %}
|
||||
<nav class="navbar navbar-expand-lg navbar-dark" id="inventoryNavbar">
|
||||
<div class="container-fluid">
|
||||
<a class="navbar-brand" href="{{ url_for('home') }}" data-icon="📦">Inventarsystem</a>
|
||||
@@ -459,6 +418,7 @@
|
||||
<li><a class="dropdown-item" href="{{ url_for('manage_filters') }}">Filter verwalten</a></li>
|
||||
<li><a class="dropdown-item" href="{{ url_for('manage_locations') }}">Orte verwalten</a></li>
|
||||
<li><a class="dropdown-item" href="{{ url_for('admin_borrowings') }}">Ausleihen</a></li>
|
||||
<li><a class="dropdown-item" href="{{ url_for('admin_audit_dashboard') }}">Audit Dashboard</a></li>
|
||||
<li><a class="dropdown-item" href="{{ url_for('logs') }}">Logs</a></li>
|
||||
<li><hr class="dropdown-divider"></li>
|
||||
<li><h6 class="dropdown-header">System</h6></li>
|
||||
@@ -490,9 +450,10 @@
|
||||
</div>
|
||||
</div>
|
||||
</nav>
|
||||
{% endif %}
|
||||
|
||||
{% if library_module_enabled %}
|
||||
<nav class="navbar navbar-expand-lg navbar-dark" id="libraryNavbar" style="display: none;">
|
||||
{% if library_module_enabled and CURRENT_MODULE == 'library' %}
|
||||
<nav class="navbar navbar-expand-lg navbar-dark" id="libraryNavbar">
|
||||
<div class="container-fluid">
|
||||
<a class="navbar-brand" href="{{ url_for('library_view') }}" data-icon="📚">Bibliothek</a>
|
||||
<button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#libraryNavContent">
|
||||
@@ -555,23 +516,6 @@
|
||||
</div>
|
||||
</nav>
|
||||
{% endif %}
|
||||
|
||||
<script>
|
||||
(function() {
|
||||
// Show/hide appropriate navbar based on current module
|
||||
const currentPath = window.location.pathname;
|
||||
const invNavbar = document.getElementById('inventoryNavbar');
|
||||
const libNavbar = document.getElementById('libraryNavbar');
|
||||
|
||||
if (currentPath.includes('/library')) {
|
||||
if (invNavbar) invNavbar.style.display = 'none';
|
||||
if (libNavbar) libNavbar.style.display = '';
|
||||
} else {
|
||||
if (invNavbar) invNavbar.style.display = '';
|
||||
if (libNavbar) libNavbar.style.display = 'none';
|
||||
}
|
||||
})();
|
||||
</script>
|
||||
<div class="container">
|
||||
{% with messages = get_flashed_messages(with_categories=true) %}
|
||||
{% if messages %}
|
||||
|
||||
@@ -282,6 +282,9 @@
|
||||
{% if e.invoice_number %}
|
||||
<div class="mono">{{ e.invoice_number }}</div>
|
||||
<div class="muted">{{ e.invoice_amount }}</div>
|
||||
{% if e.invoice_corrections_count %}
|
||||
<div class="muted" style="color:#7c2d12;">{{ e.invoice_corrections_count }} Korrektur(en)</div>
|
||||
{% endif %}
|
||||
<div style="margin-top:6px;">
|
||||
<a class="btn btn-outline-primary btn-sm" href="{{ url_for('admin_view_invoice_pdf', borrow_id=e.id) }}" target="_blank" rel="noopener">PDF öffnen</a>
|
||||
</div>
|
||||
@@ -326,6 +329,14 @@
|
||||
</form>
|
||||
{% endif %}
|
||||
|
||||
{% if e.invoice_number %}
|
||||
<form method="post" action="{{ url_for('admin_add_invoice_correction', borrow_id=e.id) }}" onsubmit="return confirm('Korrekturbuchung hinzufügen?');">
|
||||
<input type="text" name="correction_reason" placeholder="Korrekturgrund" required style="padding:6px; border:1px solid #ddd; border-radius:6px; min-width:140px;">
|
||||
<input type="text" name="amount_delta" placeholder="Delta optional" style="padding:6px; border:1px solid #ddd; border-radius:6px; width:120px;">
|
||||
<button type="submit" class="btn btn-outline-danger btn-sm">Korrektur</button>
|
||||
</form>
|
||||
{% endif %}
|
||||
|
||||
{% if e.status in ['active', 'planned'] %}
|
||||
<form method="post" action="{{ url_for('admin_reset_borrowing', borrow_id=e.id) }}" onsubmit="return confirm('Ausleihe zurücksetzen?');">
|
||||
<button type="submit" class="btn btn-warning btn-sm">Zurücksetzen</button>
|
||||
|
||||
@@ -1923,6 +1923,42 @@
|
||||
applyFilters();
|
||||
}
|
||||
|
||||
function bulkToggleFilterOptions(filterNum, shouldSelect) {
|
||||
const filterKey = `filter${filterNum}`;
|
||||
const checkboxes = Array.from(document.querySelectorAll(`#filter${filterNum}-options input[type="checkbox"]`));
|
||||
if (checkboxes.length === 0) {
|
||||
return;
|
||||
}
|
||||
|
||||
const nextValues = new Set(activeFilters[filterKey]);
|
||||
|
||||
checkboxes.forEach(checkbox => {
|
||||
const value = checkbox.value;
|
||||
const group = checkbox.dataset.group || '';
|
||||
const filterValue = group ? `${group}:${value}` : value;
|
||||
checkbox.checked = shouldSelect;
|
||||
|
||||
if (shouldSelect) {
|
||||
nextValues.add(filterValue);
|
||||
} else {
|
||||
nextValues.delete(filterValue);
|
||||
}
|
||||
});
|
||||
|
||||
activeFilters[filterKey] = Array.from(nextValues);
|
||||
updateSelectedFilters(filterNum);
|
||||
|
||||
if (filterNum === 1) {
|
||||
rebuildFilter2Options();
|
||||
rebuildFilter3Options();
|
||||
} else if (filterNum === 2) {
|
||||
rebuildFilter3Options();
|
||||
}
|
||||
|
||||
saveFilterState();
|
||||
applyFilters();
|
||||
}
|
||||
|
||||
function populateFilterOptions(containerId, filterValues, filterNum) {
|
||||
const container = document.getElementById(containerId);
|
||||
if (!container) {
|
||||
@@ -1932,6 +1968,27 @@
|
||||
|
||||
container.innerHTML = ''; // Clear previous options
|
||||
|
||||
const bulkActions = document.createElement('div');
|
||||
bulkActions.style.display = 'flex';
|
||||
bulkActions.style.gap = '8px';
|
||||
bulkActions.style.marginBottom = '10px';
|
||||
|
||||
const selectAllBtn = document.createElement('button');
|
||||
selectAllBtn.type = 'button';
|
||||
selectAllBtn.className = 'clear-filter';
|
||||
selectAllBtn.textContent = 'Alle wählen';
|
||||
selectAllBtn.onclick = () => bulkToggleFilterOptions(filterNum, true);
|
||||
|
||||
const clearAllBtn = document.createElement('button');
|
||||
clearAllBtn.type = 'button';
|
||||
clearAllBtn.className = 'clear-filter';
|
||||
clearAllBtn.textContent = 'Alle abwählen';
|
||||
clearAllBtn.onclick = () => bulkToggleFilterOptions(filterNum, false);
|
||||
|
||||
bulkActions.appendChild(selectAllBtn);
|
||||
bulkActions.appendChild(clearAllBtn);
|
||||
container.appendChild(bulkActions);
|
||||
|
||||
// First group values by category/prefix if they exist
|
||||
const groupedValues = {};
|
||||
|
||||
|
||||
+382
-12
@@ -26,6 +26,89 @@
|
||||
font-weight: 600;
|
||||
}
|
||||
|
||||
.bulk-delete-drawer-toggle {
|
||||
position: fixed;
|
||||
right: 0;
|
||||
top: 46%;
|
||||
transform: translateY(-50%);
|
||||
z-index: 220;
|
||||
border: none;
|
||||
border-radius: 10px 0 0 10px;
|
||||
padding: 10px 10px 10px 8px;
|
||||
background: #dc3545;
|
||||
color: #fff;
|
||||
font-weight: 700;
|
||||
font-size: 0.85rem;
|
||||
letter-spacing: 0.02em;
|
||||
cursor: pointer;
|
||||
box-shadow: 0 8px 18px rgba(220, 53, 69, 0.22);
|
||||
}
|
||||
|
||||
.bulk-delete-drawer-toggle .drawer-icon {
|
||||
display: inline-block;
|
||||
margin-right: 4px;
|
||||
}
|
||||
|
||||
.bulk-delete-drawer {
|
||||
position: fixed;
|
||||
right: 12px;
|
||||
top: 50%;
|
||||
transform: translate(120%, -50%);
|
||||
width: min(360px, calc(100vw - 24px));
|
||||
z-index: 219;
|
||||
border: 1px solid #f2c4c4;
|
||||
background: #fff8f8;
|
||||
border-radius: 14px;
|
||||
padding: 14px;
|
||||
box-shadow: 0 18px 34px rgba(0, 0, 0, 0.12);
|
||||
transition: transform 0.25s ease;
|
||||
}
|
||||
|
||||
.bulk-delete-drawer.open {
|
||||
transform: translate(0, -50%);
|
||||
}
|
||||
|
||||
.bulk-delete-drawer strong {
|
||||
display: block;
|
||||
margin-bottom: 2px;
|
||||
}
|
||||
|
||||
.bulk-delete-summary {
|
||||
color: #7a4a4a;
|
||||
font-size: 0.92rem;
|
||||
margin-top: 4px;
|
||||
}
|
||||
|
||||
.bulk-delete-drawer small {
|
||||
color: #7a4a4a;
|
||||
display: block;
|
||||
margin-top: 2px;
|
||||
line-height: 1.35;
|
||||
}
|
||||
|
||||
.bulk-delete-actions {
|
||||
display: flex;
|
||||
flex-direction: column;
|
||||
gap: 8px;
|
||||
margin-top: 12px;
|
||||
}
|
||||
|
||||
.bulk-delete-actions button {
|
||||
border: 1px solid #cfd8dc;
|
||||
border-radius: 8px;
|
||||
padding: 9px 12px;
|
||||
cursor: pointer;
|
||||
background: #fff;
|
||||
font-weight: 600;
|
||||
text-align: left;
|
||||
}
|
||||
|
||||
.bulk-delete-actions .danger {
|
||||
background: #dc3545;
|
||||
color: #fff;
|
||||
border-color: #c82333;
|
||||
}
|
||||
|
||||
/* Filter styles */
|
||||
.filter-container {
|
||||
display: flex;
|
||||
@@ -237,6 +320,12 @@
|
||||
position: relative;
|
||||
}
|
||||
|
||||
.item-card.bulk-selected {
|
||||
border-color: #dc3545;
|
||||
box-shadow: 0 0 0 2px rgba(220, 53, 69, 0.18), 0 0 10px rgba(0, 0, 0, 0.1);
|
||||
background: #fffdfd;
|
||||
}
|
||||
|
||||
.item-card:hover {
|
||||
transform: translateY(-5px);
|
||||
box-shadow: 0 5px 15px rgba(0, 0, 0, 0.2);
|
||||
@@ -257,6 +346,43 @@
|
||||
margin: 10px 0;
|
||||
}
|
||||
|
||||
.bulk-delete-row {
|
||||
display: flex;
|
||||
justify-content: flex-start;
|
||||
align-items: center;
|
||||
margin-bottom: 8px;
|
||||
gap: 8px;
|
||||
}
|
||||
|
||||
.bulk-delete-toggle {
|
||||
display: inline-flex;
|
||||
align-items: center;
|
||||
gap: 6px;
|
||||
font-size: 0.9rem;
|
||||
color: #6b1f1f;
|
||||
cursor: pointer;
|
||||
user-select: none;
|
||||
}
|
||||
|
||||
.bulk-delete-toggle input {
|
||||
width: 16px;
|
||||
height: 16px;
|
||||
accent-color: #dc3545;
|
||||
cursor: pointer;
|
||||
}
|
||||
|
||||
.bulk-delete-drawer-overlay {
|
||||
position: fixed;
|
||||
inset: 0;
|
||||
background: rgba(15, 23, 42, 0.18);
|
||||
z-index: 218;
|
||||
display: none;
|
||||
}
|
||||
|
||||
.bulk-delete-drawer-overlay.open {
|
||||
display: block;
|
||||
}
|
||||
|
||||
.item-card .item-image {
|
||||
width: 100%;
|
||||
height: auto;
|
||||
@@ -2112,6 +2238,20 @@ document.addEventListener('DOMContentLoaded', ()=>{
|
||||
</div>
|
||||
</h1>
|
||||
<div id="items-indicator" class="items-indicator">Objekte im System: 0</div>
|
||||
<button type="button" id="bulk-delete-drawer-toggle" class="bulk-delete-drawer-toggle" aria-expanded="false" onclick="toggleBulkDeleteDrawer()">
|
||||
<span class="drawer-icon">🗑</span> Löschen
|
||||
</button>
|
||||
<div id="bulk-delete-drawer-overlay" class="bulk-delete-drawer-overlay" onclick="setBulkDeleteDrawer(false)"></div>
|
||||
<div id="bulk-delete-drawer" class="bulk-delete-drawer" aria-hidden="true">
|
||||
<strong>Massenlöschung nach Kriterien</strong>
|
||||
<div class="bulk-delete-summary" id="bulk-delete-summary">0 Elemente ausgewählt</div>
|
||||
<small>Filter zuerst setzen, dann alle sichtbaren Elemente markieren oder einzelne Karten per Checkbox auswählen.</small>
|
||||
<div class="bulk-delete-actions">
|
||||
<button type="button" onclick="selectVisibleItems()">Alle sichtbaren auswählen</button>
|
||||
<button type="button" onclick="clearBulkSelection()">Auswahl leeren</button>
|
||||
<button type="button" id="bulk-delete-button" class="danger" onclick="deleteSelectedItems()" disabled>Auswahl löschen</button>
|
||||
</div>
|
||||
</div>
|
||||
<div class="filter-container">
|
||||
<div class="filter-group">
|
||||
<div class="filter-header">
|
||||
@@ -2492,6 +2632,8 @@ document.addEventListener('DOMContentLoaded', ()=>{
|
||||
let descSearchIds = null; // Set of matching IDs or null when disabled
|
||||
let currentUsername = '';
|
||||
let allItems = []; // Cache for all items
|
||||
let bulkDeleteSelection = new Set();
|
||||
let bulkDeleteDrawerOpen = false;
|
||||
const studentCardsModuleEnabled = {{ 'true' if student_cards_module_enabled else 'false' }};
|
||||
const studentDefaultBorrowDays = {{ student_default_borrow_days|default(14) }};
|
||||
const studentMaxBorrowDays = {{ student_max_borrow_days|default(365) }};
|
||||
@@ -2822,6 +2964,137 @@ document.addEventListener('DOMContentLoaded', ()=>{
|
||||
filter3: []
|
||||
};
|
||||
}
|
||||
|
||||
function updateBulkDeleteSummary() {
|
||||
const summary = document.getElementById('bulk-delete-summary');
|
||||
const button = document.getElementById('bulk-delete-button');
|
||||
const count = bulkDeleteSelection.size;
|
||||
|
||||
if (summary) {
|
||||
summary.textContent = `${count} ${count === 1 ? 'Element' : 'Elemente'} ausgewählt`;
|
||||
}
|
||||
if (button) {
|
||||
button.disabled = count === 0;
|
||||
button.textContent = count === 0 ? 'Auswahl löschen' : `Auswahl löschen (${count})`;
|
||||
}
|
||||
}
|
||||
|
||||
function setBulkDeleteDrawer(open) {
|
||||
bulkDeleteDrawerOpen = Boolean(open);
|
||||
const drawer = document.getElementById('bulk-delete-drawer');
|
||||
const overlay = document.getElementById('bulk-delete-drawer-overlay');
|
||||
const toggle = document.getElementById('bulk-delete-drawer-toggle');
|
||||
if (drawer) {
|
||||
drawer.classList.toggle('open', bulkDeleteDrawerOpen);
|
||||
drawer.setAttribute('aria-hidden', bulkDeleteDrawerOpen ? 'false' : 'true');
|
||||
}
|
||||
if (overlay) {
|
||||
overlay.classList.toggle('open', bulkDeleteDrawerOpen);
|
||||
}
|
||||
if (toggle) {
|
||||
toggle.setAttribute('aria-expanded', bulkDeleteDrawerOpen ? 'true' : 'false');
|
||||
toggle.innerHTML = bulkDeleteDrawerOpen ? '<span class="drawer-icon">✕</span> Löschung' : '<span class="drawer-icon">🗑</span> Löschen';
|
||||
}
|
||||
}
|
||||
|
||||
function toggleBulkDeleteDrawer() {
|
||||
setBulkDeleteDrawer(!bulkDeleteDrawerOpen);
|
||||
}
|
||||
|
||||
function setBulkDeleteSelection(itemId, checked) {
|
||||
const normalizedId = String(itemId || '').trim();
|
||||
if (!normalizedId) {
|
||||
return;
|
||||
}
|
||||
|
||||
if (checked) {
|
||||
bulkDeleteSelection.add(normalizedId);
|
||||
} else {
|
||||
bulkDeleteSelection.delete(normalizedId);
|
||||
}
|
||||
|
||||
document.querySelectorAll(`.item-card[data-item-id='${normalizedId}']`).forEach(card => {
|
||||
card.classList.toggle('bulk-selected', checked);
|
||||
const checkbox = card.querySelector('.bulk-delete-checkbox');
|
||||
if (checkbox && checkbox.checked !== checked) {
|
||||
checkbox.checked = checked;
|
||||
}
|
||||
});
|
||||
|
||||
updateBulkDeleteSummary();
|
||||
}
|
||||
|
||||
function selectVisibleItems() {
|
||||
document.querySelectorAll('.item-card').forEach(card => {
|
||||
if (card.style.display === 'none') {
|
||||
return;
|
||||
}
|
||||
const itemId = String(card.dataset.itemId || '').trim();
|
||||
if (!itemId) {
|
||||
return;
|
||||
}
|
||||
bulkDeleteSelection.add(itemId);
|
||||
card.classList.add('bulk-selected');
|
||||
const checkbox = card.querySelector('.bulk-delete-checkbox');
|
||||
if (checkbox) {
|
||||
checkbox.checked = true;
|
||||
}
|
||||
});
|
||||
|
||||
updateBulkDeleteSummary();
|
||||
}
|
||||
|
||||
function clearBulkSelection() {
|
||||
bulkDeleteSelection.clear();
|
||||
document.querySelectorAll('.item-card.bulk-selected').forEach(card => {
|
||||
card.classList.remove('bulk-selected');
|
||||
const checkbox = card.querySelector('.bulk-delete-checkbox');
|
||||
if (checkbox) {
|
||||
checkbox.checked = false;
|
||||
}
|
||||
});
|
||||
|
||||
updateBulkDeleteSummary();
|
||||
}
|
||||
|
||||
document.addEventListener('keydown', function(event) {
|
||||
if (event.key === 'Escape' && bulkDeleteDrawerOpen) {
|
||||
setBulkDeleteDrawer(false);
|
||||
}
|
||||
});
|
||||
|
||||
function deleteSelectedItems() {
|
||||
const selectedIds = [...bulkDeleteSelection];
|
||||
if (selectedIds.length === 0) {
|
||||
alert('Bitte zuerst mindestens ein Element auswählen.');
|
||||
return;
|
||||
}
|
||||
|
||||
if (!confirm(`Wirklich ${selectedIds.length} ausgewählte Elemente revisionssicher deaktivieren?`)) {
|
||||
return;
|
||||
}
|
||||
|
||||
fetch('{{ url_for('bulk_delete_items') }}', {
|
||||
method: 'POST',
|
||||
headers: {
|
||||
'Content-Type': 'application/json',
|
||||
'Accept': 'application/json'
|
||||
},
|
||||
body: JSON.stringify({ item_ids: selectedIds })
|
||||
})
|
||||
.then(async response => {
|
||||
const data = await response.json().catch(() => ({}));
|
||||
if (!response.ok || !data.success) {
|
||||
throw new Error(data.message || 'Fehler beim Sammellöschen.');
|
||||
}
|
||||
clearBulkSelection();
|
||||
alert(data.message || 'Auswahl gelöscht.');
|
||||
loadItems();
|
||||
})
|
||||
.catch(error => {
|
||||
alert(error.message || 'Fehler beim Sammellöschen.');
|
||||
});
|
||||
}
|
||||
|
||||
// Load predefined filter values for dropdowns
|
||||
function loadPredefinedFilterValues(filterNumber) {
|
||||
@@ -2847,6 +3120,11 @@ document.addEventListener('DOMContentLoaded', ()=>{
|
||||
while (select.children.length > 1) {
|
||||
select.removeChild(select.lastChild);
|
||||
}
|
||||
|
||||
const allOption = document.createElement('option');
|
||||
allOption.value = '__ALL__';
|
||||
allOption.textContent = '-- Alle auswählen --';
|
||||
select.appendChild(allOption);
|
||||
|
||||
// Add new options - data.values contains the array
|
||||
data.values.forEach(filter => {
|
||||
@@ -3143,6 +3421,12 @@ document.addEventListener('DOMContentLoaded', ()=>{
|
||||
${appointmentBadge}
|
||||
</div>
|
||||
<div class="actions">
|
||||
<div class="bulk-delete-row">
|
||||
<label class="bulk-delete-toggle">
|
||||
<input type="checkbox" class="bulk-delete-checkbox" data-item-id="${item._id}" ${bulkDeleteSelection.has(String(item._id)) ? 'checked' : ''} onchange="setBulkDeleteSelection('${item._id}', this.checked)">
|
||||
Für Löschung markieren
|
||||
</label>
|
||||
</div>
|
||||
${isAvailableForBorrow && !item.BlockedNow ?
|
||||
`<form method="POST" action="{{ url_for('ausleihen', id='') }}${item._id}">
|
||||
${isGroupedItem ? `
|
||||
@@ -3220,6 +3504,7 @@ document.addEventListener('DOMContentLoaded', ()=>{
|
||||
|
||||
itemsContainer.scrollLeft = 0;
|
||||
applyFilters();
|
||||
updateBulkDeleteSummary();
|
||||
|
||||
// Setup proper image display for all cards
|
||||
setupCardImagesDisplay();
|
||||
@@ -3528,7 +3813,11 @@ document.addEventListener('DOMContentLoaded', ()=>{
|
||||
|
||||
// Display existing images
|
||||
const existingImagesContainer = document.getElementById('edit-existing-images');
|
||||
const editForm = document.getElementById('edit-item-form');
|
||||
existingImagesContainer.innerHTML = '';
|
||||
if (editForm) {
|
||||
editForm.querySelectorAll('input[name="existing_images"], input[name="removed_images"]').forEach(input => input.remove());
|
||||
}
|
||||
if (item.Images && Array.isArray(item.Images)) {
|
||||
item.Images.forEach((image, index) => {
|
||||
const isVideo = isVideoFile(image);
|
||||
@@ -3543,22 +3832,46 @@ document.addEventListener('DOMContentLoaded', ()=>{
|
||||
image :
|
||||
`{{ url_for('uploaded_file', filename='') }}${image}`);
|
||||
|
||||
const row = document.createElement('div');
|
||||
row.style.display = 'flex';
|
||||
row.style.gap = '8px';
|
||||
row.style.alignItems = 'center';
|
||||
|
||||
if (isVideo) {
|
||||
imageDiv.innerHTML = `
|
||||
<div style="display:flex; gap:8px; align-items:center;">
|
||||
<video src="${imageSrc}" style="max-width:100px; max-height:100px; object-fit:contain;" controls></video>
|
||||
<button type="button" class="delete-image-button" onclick="deleteExistingImage('${item._id}', ${index})">Löschen</button>
|
||||
</div>
|
||||
`;
|
||||
const video = document.createElement('video');
|
||||
video.src = imageSrc;
|
||||
video.style.maxWidth = '100px';
|
||||
video.style.maxHeight = '100px';
|
||||
video.style.objectFit = 'contain';
|
||||
video.controls = true;
|
||||
row.appendChild(video);
|
||||
} else {
|
||||
imageDiv.innerHTML = `
|
||||
<div style="display:flex; gap:8px; align-items:center;">
|
||||
<img src="${imageSrc}" style="max-width:100px; max-height:100px; object-fit:contain;" alt="Existierendes Bild ${index + 1}">
|
||||
<button type="button" class="delete-image-button" onclick="deleteExistingImage('${item._id}', ${index})">Löschen</button>
|
||||
</div>
|
||||
`;
|
||||
const img = document.createElement('img');
|
||||
img.src = imageSrc;
|
||||
img.style.maxWidth = '100px';
|
||||
img.style.maxHeight = '100px';
|
||||
img.style.objectFit = 'contain';
|
||||
img.alt = `Existierendes Bild ${index + 1}`;
|
||||
row.appendChild(img);
|
||||
}
|
||||
|
||||
const deleteButton = document.createElement('button');
|
||||
deleteButton.type = 'button';
|
||||
deleteButton.className = 'delete-image-button';
|
||||
deleteButton.textContent = 'Löschen';
|
||||
deleteButton.addEventListener('click', () => removeExistingImage(image, deleteButton));
|
||||
row.appendChild(deleteButton);
|
||||
|
||||
imageDiv.appendChild(row);
|
||||
existingImagesContainer.appendChild(imageDiv);
|
||||
|
||||
if (editForm) {
|
||||
const hiddenInput = document.createElement('input');
|
||||
hiddenInput.type = 'hidden';
|
||||
hiddenInput.name = 'existing_images';
|
||||
hiddenInput.value = image;
|
||||
editForm.appendChild(hiddenInput);
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
@@ -4401,6 +4714,42 @@ document.addEventListener('DOMContentLoaded', ()=>{
|
||||
applyFilters();
|
||||
}
|
||||
|
||||
function bulkToggleFilterOptions(filterNum, shouldSelect) {
|
||||
const filterKey = `filter${filterNum}`;
|
||||
const checkboxes = Array.from(document.querySelectorAll(`#filter${filterNum}-options input[type="checkbox"]`));
|
||||
if (checkboxes.length === 0) {
|
||||
return;
|
||||
}
|
||||
|
||||
const nextValues = new Set(activeFilters[filterKey]);
|
||||
|
||||
checkboxes.forEach(checkbox => {
|
||||
const value = checkbox.value;
|
||||
const group = checkbox.dataset.group || '';
|
||||
const filterValue = group ? `${group}:${value}` : value;
|
||||
checkbox.checked = shouldSelect;
|
||||
|
||||
if (shouldSelect) {
|
||||
nextValues.add(filterValue);
|
||||
} else {
|
||||
nextValues.delete(filterValue);
|
||||
}
|
||||
});
|
||||
|
||||
activeFilters[filterKey] = Array.from(nextValues);
|
||||
updateSelectedFiltersDisplay(filterNum);
|
||||
|
||||
if (filterNum === 1) {
|
||||
rebuildFilter2Options();
|
||||
rebuildFilter3Options();
|
||||
} else if (filterNum === 2) {
|
||||
rebuildFilter3Options();
|
||||
}
|
||||
|
||||
saveFilterState();
|
||||
applyFilters();
|
||||
}
|
||||
|
||||
function populateFilterOptions(containerId, filterValues, filterNum) {
|
||||
const container = document.getElementById(containerId);
|
||||
if (!container) {
|
||||
@@ -4408,6 +4757,27 @@ document.addEventListener('DOMContentLoaded', ()=>{
|
||||
}
|
||||
|
||||
container.innerHTML = '';
|
||||
|
||||
const bulkActions = document.createElement('div');
|
||||
bulkActions.style.display = 'flex';
|
||||
bulkActions.style.gap = '8px';
|
||||
bulkActions.style.marginBottom = '10px';
|
||||
|
||||
const selectAllBtn = document.createElement('button');
|
||||
selectAllBtn.type = 'button';
|
||||
selectAllBtn.className = 'clear-filter';
|
||||
selectAllBtn.textContent = 'Alle wählen';
|
||||
selectAllBtn.onclick = () => bulkToggleFilterOptions(filterNum, true);
|
||||
|
||||
const clearAllBtn = document.createElement('button');
|
||||
clearAllBtn.type = 'button';
|
||||
clearAllBtn.className = 'clear-filter';
|
||||
clearAllBtn.textContent = 'Alle abwählen';
|
||||
clearAllBtn.onclick = () => bulkToggleFilterOptions(filterNum, false);
|
||||
|
||||
bulkActions.appendChild(selectAllBtn);
|
||||
bulkActions.appendChild(clearAllBtn);
|
||||
container.appendChild(bulkActions);
|
||||
|
||||
const groupedValues = {};
|
||||
|
||||
|
||||
@@ -710,6 +710,28 @@
|
||||
|
||||
<div class="upload-container">
|
||||
<a href="{{ url_for(back_target|default('home_admin')) }}" class="nav-back-button">← Zurück zur Artikelübersicht</a>
|
||||
|
||||
{% if show_library_features %}
|
||||
<div style="border:1px solid #dbe4ee; border-radius:8px; padding:14px; margin-bottom:16px; background:#f8fbff;">
|
||||
<h3 style="margin:0 0 8px 0;">Excel-Import Bibliothek (Mehrere Bücher)</h3>
|
||||
<p style="margin:0 0 10px 0; color:#555;">Laden Sie eine <strong>.xlsx</strong>-Datei hoch. Spalten werden automatisch erkannt (z.B. Name, Ort, Beschreibung, ISBN, Code, Anzahl). Für den Bibliotheksimport ist eine gültige ISBN je Zeile erforderlich.</p>
|
||||
<form method="POST" action="{{ url_for('upload_library_excel') }}" enctype="multipart/form-data" style="display:flex; gap:10px; flex-wrap:wrap; align-items:center;">
|
||||
<input type="file" name="library_excel" accept=".xlsx" required>
|
||||
<button type="submit" class="btn btn-secondary" name="excel_action" value="validate">Nur validieren</button>
|
||||
<button type="submit" class="btn btn-primary" name="excel_action" value="import">Bibliothek importieren</button>
|
||||
</form>
|
||||
</div>
|
||||
{% else %}
|
||||
<div style="border:1px solid #dbe4ee; border-radius:8px; padding:14px; margin-bottom:16px; background:#f8fbff;">
|
||||
<h3 style="margin:0 0 8px 0;">Excel-Import Inventar (Mehrere Artikel)</h3>
|
||||
<p style="margin:0 0 10px 0; color:#555;">Laden Sie eine <strong>.xlsx</strong>-Datei hoch. Spalten werden automatisch erkannt (z.B. Name, Ort, Beschreibung, Filter1/2/3, Kosten, Jahr, Code, Anzahl).</p>
|
||||
<form method="POST" action="{{ url_for('upload_inventory_excel') }}" enctype="multipart/form-data" style="display:flex; gap:10px; flex-wrap:wrap; align-items:center;">
|
||||
<input type="file" name="inventory_excel" accept=".xlsx" required>
|
||||
<button type="submit" class="btn btn-secondary" name="excel_action" value="validate">Nur validieren</button>
|
||||
<button type="submit" class="btn btn-primary" name="excel_action" value="import">Inventar importieren</button>
|
||||
</form>
|
||||
</div>
|
||||
{% endif %}
|
||||
|
||||
<div class="upload-form">
|
||||
<h1>{{ page_title|default('Artikel hochladen') }}</h1>
|
||||
@@ -1114,9 +1136,17 @@
|
||||
while (select.children.length > 1) {
|
||||
select.removeChild(select.lastChild);
|
||||
}
|
||||
|
||||
const allOption = document.createElement('option');
|
||||
allOption.value = '__ALL__';
|
||||
allOption.textContent = '-- Alle auswählen --';
|
||||
select.appendChild(allOption);
|
||||
|
||||
// Add new options - data.values contains the array
|
||||
data.values.forEach(value => {
|
||||
if (!value || String(value).trim() === '') {
|
||||
return;
|
||||
}
|
||||
const option = document.createElement('option');
|
||||
option.value = value;
|
||||
option.textContent = value;
|
||||
|
||||
@@ -0,0 +1,31 @@
|
||||
#!/usr/bin/env python3
|
||||
"""CLI utility to verify the tamper-evident audit chain."""
|
||||
|
||||
import json
|
||||
import sys
|
||||
|
||||
from pymongo import MongoClient
|
||||
|
||||
import settings as cfg
|
||||
import audit_log as al
|
||||
|
||||
|
||||
def main():
|
||||
client = None
|
||||
try:
|
||||
client = MongoClient(cfg.MONGODB_HOST, cfg.MONGODB_PORT)
|
||||
db = client[cfg.MONGODB_DB]
|
||||
al.ensure_audit_indexes(db)
|
||||
result = al.verify_audit_chain(db)
|
||||
print(json.dumps(result, ensure_ascii=False, indent=2, default=str))
|
||||
return 0 if result.get("ok") else 2
|
||||
except Exception as exc:
|
||||
print(json.dumps({"ok": False, "error": str(exc)}, ensure_ascii=False))
|
||||
return 1
|
||||
finally:
|
||||
if client:
|
||||
client.close()
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
sys.exit(main())
|
||||
@@ -42,6 +42,7 @@ services:
|
||||
expose:
|
||||
- "8000"
|
||||
volumes:
|
||||
- ./config.json:/app/config.json:ro
|
||||
- ./Web:/app/Web
|
||||
- app_uploads:/app/Web/uploads
|
||||
- app_thumbnails:/app/Web/thumbnails
|
||||
|
||||
+2
-1
@@ -9,4 +9,5 @@ python-dateutil
|
||||
pytz
|
||||
requests
|
||||
reportlab
|
||||
python-barcode
|
||||
python-barcode
|
||||
openpyxl
|
||||
@@ -290,6 +290,44 @@ EOF
|
||||
fi
|
||||
}
|
||||
|
||||
ensure_runtime_config_json() {
|
||||
local config_path backup_path
|
||||
config_path="$SCRIPT_DIR/config.json"
|
||||
|
||||
if [ -d "$config_path" ]; then
|
||||
backup_path="${config_path}.dir.$(date +%Y%m%d-%H%M%S).bak"
|
||||
mv "$config_path" "$backup_path"
|
||||
echo "Warning: moved unexpected directory $config_path to $backup_path"
|
||||
fi
|
||||
|
||||
if [ ! -f "$config_path" ]; then
|
||||
cat > "$config_path" <<'EOF'
|
||||
{
|
||||
"ver": "2.6.5",
|
||||
"dbg": false,
|
||||
"host": "0.0.0.0",
|
||||
"port": 443,
|
||||
"mongodb": {
|
||||
"host": "mongodb",
|
||||
"port": 27017,
|
||||
"db": "Inventarsystem"
|
||||
},
|
||||
"modules": {
|
||||
"library": {
|
||||
"enabled": false
|
||||
},
|
||||
"student_cards": {
|
||||
"enabled": false,
|
||||
"default_borrow_days": 14,
|
||||
"max_borrow_days": 365
|
||||
}
|
||||
}
|
||||
}
|
||||
EOF
|
||||
echo "Created default runtime config at $config_path"
|
||||
fi
|
||||
}
|
||||
|
||||
ensure_app_image_loaded() {
|
||||
if docker image inspect "$APP_IMAGE_VALUE" >/dev/null 2>&1; then
|
||||
return 0
|
||||
@@ -558,6 +596,7 @@ ensure_runtime_dependencies
|
||||
setup_boot_autostart_service
|
||||
ensure_tls_certificates
|
||||
ensure_nginx_config_mount_source
|
||||
ensure_runtime_config_json
|
||||
setup_scheduled_jobs
|
||||
configure_nuitka_mode
|
||||
resolve_app_image
|
||||
|
||||
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
@@ -234,10 +234,26 @@ load_release_image() {
|
||||
log_message "Loading app image from release asset $image_asset"
|
||||
curl -fL "$image_url" -o "$archive"
|
||||
docker load -i "$archive" >> "$LOG_FILE" 2>&1
|
||||
docker tag "$APP_IMAGE_REPO:$tag" "$APP_IMAGE_REPO:latest" >> "$LOG_FILE" 2>&1 || true
|
||||
|
||||
trap - RETURN
|
||||
}
|
||||
|
||||
refresh_runtime_scripts_from_main() {
|
||||
local start_url stop_url restart_url update_url
|
||||
start_url="https://raw.githubusercontent.com/$REPO_SLUG/main/start.sh"
|
||||
stop_url="https://raw.githubusercontent.com/$REPO_SLUG/main/stop.sh"
|
||||
restart_url="https://raw.githubusercontent.com/$REPO_SLUG/main/restart.sh"
|
||||
update_url="https://raw.githubusercontent.com/$REPO_SLUG/main/update.sh"
|
||||
|
||||
curl -fsSL "$start_url" -o "$PROJECT_DIR/start.sh" || log_message "WARNING: Could not refresh start.sh from main"
|
||||
curl -fsSL "$stop_url" -o "$PROJECT_DIR/stop.sh" || log_message "WARNING: Could not refresh stop.sh from main"
|
||||
curl -fsSL "$restart_url" -o "$PROJECT_DIR/restart.sh" || log_message "WARNING: Could not refresh restart.sh from main"
|
||||
curl -fsSL "$update_url" -o "$PROJECT_DIR/update.sh" || log_message "WARNING: Could not refresh update.sh from main"
|
||||
|
||||
chmod +x "$PROJECT_DIR/start.sh" "$PROJECT_DIR/stop.sh" "$PROJECT_DIR/restart.sh" "$PROJECT_DIR/update.sh"
|
||||
}
|
||||
|
||||
find_local_dist_image_archive() {
|
||||
local tag="$1"
|
||||
local archive
|
||||
@@ -277,6 +293,7 @@ load_local_dist_image() {
|
||||
|
||||
log_message "Loading app image from local dist artifact: $archive"
|
||||
if docker load -i "$archive" >> "$LOG_FILE" 2>&1; then
|
||||
docker tag "$APP_IMAGE_REPO:$tag" "$APP_IMAGE_REPO:latest" >> "$LOG_FILE" 2>&1 || true
|
||||
return 0
|
||||
fi
|
||||
|
||||
@@ -308,6 +325,11 @@ download_and_extract_bundle() {
|
||||
cp -f "$tmp_dir/update.sh" "$PROJECT_DIR/update.sh"
|
||||
fi
|
||||
|
||||
if [ ! -f "$PROJECT_DIR/config.json" ] && [ -f "$tmp_dir/config.json" ]; then
|
||||
cp -f "$tmp_dir/config.json" "$PROJECT_DIR/config.json"
|
||||
log_message "Installed default config.json from release bundle"
|
||||
fi
|
||||
|
||||
chmod +x "$PROJECT_DIR/start.sh" "$PROJECT_DIR/stop.sh" "$PROJECT_DIR/restart.sh" "$PROJECT_DIR/update.sh" "$PROJECT_DIR/backup.sh"
|
||||
}
|
||||
|
||||
@@ -342,6 +364,7 @@ EOF
|
||||
|
||||
docker compose --env-file "$ENV_FILE" pull nginx mongodb >> "$LOG_FILE" 2>&1
|
||||
docker compose --env-file "$ENV_FILE" up -d --remove-orphans >> "$LOG_FILE" 2>&1
|
||||
docker tag "$app_image" "$APP_IMAGE_REPO:latest" >> "$LOG_FILE" 2>&1 || true
|
||||
}
|
||||
|
||||
verify_stack_health() {
|
||||
@@ -460,6 +483,7 @@ main() {
|
||||
|
||||
log_message "Updating from release $latest_tag"
|
||||
download_and_extract_bundle "$bundle_url" "$tmp_dir"
|
||||
refresh_runtime_scripts_from_main
|
||||
deploy "$latest_tag" "$meta_file"
|
||||
if ! verify_stack_health; then
|
||||
log_message "ERROR: Updated stack failed health check"
|
||||
|
||||
Reference in New Issue
Block a user