Compare commits

...

12 Commits

Author SHA1 Message Date
Aiirondev_dev c0f49ab8de feat: Ensure admin users have full access to permissions regardless of presets 2026-04-17 22:59:03 +02:00
Aiirondev_dev c23e128d2e feat: Enhance permission handling in fallback endpoints for improved user experience 2026-04-17 22:54:21 +02:00
Aiirondev_dev b611173ea9 feat: Add admin functionality to anonymize stored names and implement name aliasing 2026-04-17 21:57:49 +02:00
Aiirondev_dev 5cf9a4f1dd feat: Implement user permission management with presets and dynamic access control 2026-04-17 21:14:30 +02:00
Aiirondev_dev 88a67160f2 feat: Refactor mobile navigation styles for improved layout and responsiveness 2026-04-17 20:58:19 +02:00
Aiirondev_dev 2068af106f feat: Enhance mobile navigation layout and styling for improved user experience 2026-04-17 20:30:43 +02:00
Aiirondev_dev 06c2270842 feat: Enhance mobile responsiveness for container and modal styles in main and admin templates 2026-04-17 19:18:46 +02:00
Aiirondev_dev 20556f3500 feat: Simplify scheduled job setup by removing dynamic update timing and buffer management 2026-04-17 19:08:45 +02:00
Aiirondev_dev 7f1d616bb3 feat: Improve mobile layout handling for item loading indicators and prefetching logic 2026-04-17 19:05:34 +02:00
Aiirondev_dev 09cea7a0f8 feat: Implement update scheduling with dynamic timing and update buffer management 2026-04-17 18:58:10 +02:00
Aiirondev_dev 061f975727 feat: Implement Redis caching for notification status and add Redis service to Docker 2026-04-17 18:54:22 +02:00
Aiirondev_dev 68f0efa296 feat: Enhance navbar responsiveness with compact and ultra-compact modes 2026-04-17 18:43:46 +02:00
10 changed files with 1426 additions and 67 deletions
+482 -14
View File
@@ -50,6 +50,11 @@ import io
import html
import logging
import secrets
import importlib
try:
redis = importlib.import_module('redis')
except Exception:
redis = None
# QR Code functionality deactivated
# import qrcode
# from qrcode.constants import ERROR_CORRECT_L
@@ -129,9 +134,91 @@ SSL_KEY = cfg.SSL_KEY
LIBRARY_ITEM_TYPES = ['book', 'cd', 'dvd', 'media']
INVOICE_CURRENCY = 'EUR'
NOTIFICATION_STATUS_CACHE_TTL = max(3, int(os.getenv('INVENTAR_NOTIFICATION_STATUS_CACHE_TTL', '8')))
_NOTIFICATION_CACHE_PREFIX = 'inventar:notif'
_NOTIFICATION_REDIS_CLIENT = None
_NOTIFICATION_REDIS_FAILED = False
_NOTIFICATION_LOCAL_CACHE = {}
_NOTIFICATION_LOCAL_VERSIONS = {'admin': 0}
_NOTIFICATION_CACHE_LOCK = threading.Lock()
SCHOOL_PERIODS = cfg.SCHOOL_PERIODS
PERMISSION_ACTION_OPTIONS = [
('can_borrow', 'Ausleihe erlauben'),
('can_insert', 'Einfügen/Hochladen erlauben'),
('can_edit', 'Bearbeiten erlauben'),
('can_delete', 'Löschen erlauben'),
('can_manage_users', 'Benutzerverwaltung erlauben'),
('can_manage_settings', 'Systemverwaltung erlauben'),
('can_view_logs', 'Logs/Audit einsehen erlauben'),
]
PERMISSION_PAGE_OPTIONS = [
('home', 'Artikel (Inventar)'),
('tutorial_page', 'Tutorial'),
('my_borrowed_items', 'Meine Ausleihen'),
('notifications_view', 'Benachrichtigungen'),
('impressum', 'Impressum'),
('license', 'Lizenz'),
('library_view', 'Bibliothek (Medien)'),
('terminplan', 'Terminplan'),
('home_admin', 'Admin Startseite'),
('upload_admin', 'Admin Upload Inventar'),
('library_admin', 'Admin Upload Bibliothek'),
('admin_borrowings', 'Admin Ausleihen'),
('library_loans_admin', 'Admin Bibliotheks-Ausleihen'),
('admin_damaged_items', 'Admin Defekte Items'),
('admin_audit_dashboard', 'Admin Audit Dashboard'),
('logs', 'System-Logs'),
('user_del', 'Benutzerverwaltung'),
('register', 'Benutzer anlegen'),
('manage_filters', 'Filter verwalten'),
('manage_locations', 'Orte verwalten'),
]
PERMISSION_EXEMPT_ENDPOINTS = {
'static',
'login',
'logout',
'impressum',
'license',
'uploaded_file',
'thumbnail_file',
'preview_file',
}
PERMISSION_ACTION_ENDPOINTS = {
'upload_item': 'can_insert',
'upload_inventory_excel': 'can_insert',
'upload_library_excel': 'can_insert',
'upload_student_cards_excel': 'can_insert',
'edit_item': 'can_edit',
'api_library_item_update': 'can_edit',
'admin_update_user_name': 'can_edit',
'delete_item': 'can_delete',
'delete_user': 'can_delete',
'ausleihen': 'can_borrow',
'zurueckgeben': 'can_borrow',
'api_library_scan_action': 'can_borrow',
'user_del': 'can_manage_users',
'register': 'can_manage_users',
'admin_reset_user_password': 'can_manage_users',
'admin_update_user_permissions': 'can_manage_users',
'admin_anonymize_names': 'can_manage_users',
'home_admin': 'can_manage_settings',
'upload_admin': 'can_manage_settings',
'library_admin': 'can_manage_settings',
'admin_borrowings': 'can_manage_settings',
'library_loans_admin': 'can_manage_settings',
'admin_damaged_items': 'can_manage_settings',
'manage_filters': 'can_manage_settings',
'manage_locations': 'can_manage_settings',
'admin_audit_dashboard': 'can_view_logs',
'logs': 'can_view_logs',
}
# Apply the configuration for general use throughout the app
APP_VERSION = __version__
RELEASE_STATE_FILE = os.path.join(os.path.dirname(BASE_DIR), '.release-version')
@@ -186,6 +273,47 @@ def _enforce_csrf_protection():
return None
@app.before_request
def _enforce_user_permissions():
endpoint = request.endpoint
if not endpoint:
return None
if endpoint == 'static' or endpoint.startswith('static'):
return None
if endpoint in PERMISSION_EXEMPT_ENDPOINTS:
return None
if 'username' not in session:
return None
permissions = _get_current_user_permissions()
if not permissions:
return None
if not _page_access_allowed(permissions, endpoint):
message = 'Diese Seite ist für Ihren Benutzer aktuell gesperrt.'
if request.path.startswith('/api/') or request.is_json:
return jsonify({'ok': False, 'message': message}), 403
flash(message, 'error')
fallback_endpoint = _permission_denied_fallback_endpoint(permissions, current_endpoint=endpoint)
return redirect(url_for(fallback_endpoint))
action_key = PERMISSION_ACTION_ENDPOINTS.get(endpoint)
if action_key and not _action_access_allowed(permissions, action_key):
message = 'Für diese Aktion fehlen Ihnen die erforderlichen Berechtigungen.'
if request.path.startswith('/api/') or request.is_json:
return jsonify({'ok': False, 'message': message}), 403
flash(message, 'error')
fallback_endpoint = _permission_denied_fallback_endpoint(permissions, current_endpoint=endpoint)
return redirect(url_for(fallback_endpoint))
return None
def _get_asset_version():
"""Return a cache-busting asset version tied to deployment state."""
env_version = os.getenv('INVENTAR_ASSET_VERSION', '').strip()
@@ -224,6 +352,45 @@ def _get_current_module(path):
return 'inventory'
def _get_current_user_permissions():
username = session.get('username')
if not username:
return None
try:
return us.get_effective_permissions(username)
except Exception:
return us.build_default_permission_payload('standard_user')
def _page_access_allowed(permissions, endpoint):
if not permissions or not endpoint:
return True
page_permissions = permissions.get('pages', {})
return bool(page_permissions.get(endpoint, True))
def _action_access_allowed(permissions, action_key):
if not permissions or not action_key:
return True
action_permissions = permissions.get('actions', {})
return bool(action_permissions.get(action_key, True))
def _permission_denied_fallback_endpoint(permissions, current_endpoint=None):
username = session.get('username')
is_admin_user = bool(username and us.check_admin(username))
admin_home_allowed = _page_access_allowed(permissions, 'home_admin') and _action_access_allowed(permissions, 'can_manage_settings')
for candidate in ('my_borrowed_items', 'tutorial_page', 'notifications_view', 'impressum', 'home'):
if current_endpoint and candidate == current_endpoint:
continue
if candidate == 'home' and is_admin_user and not admin_home_allowed:
continue
if _page_access_allowed(permissions, candidate):
return candidate
return 'logout'
def _append_audit_event(db, event_type, payload):
"""Write an audit entry; never break business flow on audit failures."""
try:
@@ -551,9 +718,154 @@ def _create_notification(db, *, audience, notif_type, title, message, target_use
'UpdatedAt': now,
}
notifications_col.insert_one(payload)
if audience == 'user' and target_user:
_bump_notification_version(f'user:{target_user}')
elif audience == 'admin':
_bump_notification_version('admin')
return True
def _get_notification_cache_client():
"""Return shared Redis client for distributed notification cache if available."""
global _NOTIFICATION_REDIS_CLIENT, _NOTIFICATION_REDIS_FAILED
if _NOTIFICATION_REDIS_CLIENT is not None:
return _NOTIFICATION_REDIS_CLIENT
if _NOTIFICATION_REDIS_FAILED or redis is None:
return None
try:
redis_host = os.getenv('INVENTAR_REDIS_HOST', 'redis')
redis_port = int(os.getenv('INVENTAR_REDIS_PORT', 6379))
redis_db = int(os.getenv('INVENTAR_REDIS_CACHE_DB', 1))
client = redis.Redis(
host=redis_host,
port=redis_port,
db=redis_db,
decode_responses=True,
socket_keepalive=True,
socket_timeout=1,
socket_connect_timeout=1,
)
client.ping()
_NOTIFICATION_REDIS_CLIENT = client
app.logger.info(f'Notification cache backend enabled: {redis_host}:{redis_port}/db{redis_db}')
return _NOTIFICATION_REDIS_CLIENT
except Exception as exc:
_NOTIFICATION_REDIS_FAILED = True
app.logger.warning(f'Notification cache backend unavailable, using local cache fallback: {exc}')
return None
def _notification_scope_key(scope):
return f'{_NOTIFICATION_CACHE_PREFIX}:ver:{scope}'
def _notification_status_key(username, is_admin, version_tag):
role = 'admin' if is_admin else 'user'
return f'{_NOTIFICATION_CACHE_PREFIX}:status:{role}:{username}:{version_tag}'
def _get_notification_version_tag(username, is_admin=False):
user_scope = f'user:{username}'
cache_client = _get_notification_cache_client()
if cache_client:
user_version = cache_client.get(_notification_scope_key(user_scope)) or '0'
if is_admin:
admin_version = cache_client.get(_notification_scope_key('admin')) or '0'
return f'u{user_version}-a{admin_version}'
return f'u{user_version}'
with _NOTIFICATION_CACHE_LOCK:
user_version = _NOTIFICATION_LOCAL_VERSIONS.get(user_scope, 0)
if is_admin:
admin_version = _NOTIFICATION_LOCAL_VERSIONS.get('admin', 0)
return f'u{user_version}-a{admin_version}'
return f'u{user_version}'
def _bump_notification_version(scope):
cache_client = _get_notification_cache_client()
if cache_client:
try:
cache_client.incr(_notification_scope_key(scope))
return
except Exception as exc:
app.logger.warning(f'Could not bump notification cache version for {scope}: {exc}')
with _NOTIFICATION_CACHE_LOCK:
current = int(_NOTIFICATION_LOCAL_VERSIONS.get(scope, 0))
_NOTIFICATION_LOCAL_VERSIONS[scope] = current + 1
# Prevent stale local payload reuse after version bump.
_NOTIFICATION_LOCAL_CACHE.clear()
def _get_cached_unread_status(username, is_admin=False):
version_tag = _get_notification_version_tag(username, is_admin=is_admin)
key = _notification_status_key(username, is_admin, version_tag)
cache_client = _get_notification_cache_client()
if cache_client:
try:
cached = cache_client.get(key)
if cached:
return json.loads(cached), version_tag
except Exception as exc:
app.logger.warning(f'Could not read notification status cache for {username}: {exc}')
return None, version_tag
now = time.time()
with _NOTIFICATION_CACHE_LOCK:
cached = _NOTIFICATION_LOCAL_CACHE.get(key)
if not cached:
return None, version_tag
if cached.get('expires_at', 0) <= now:
_NOTIFICATION_LOCAL_CACHE.pop(key, None)
return None, version_tag
return cached.get('payload'), version_tag
def _set_cached_unread_status(username, is_admin, version_tag, payload):
key = _notification_status_key(username, is_admin, version_tag)
cache_client = _get_notification_cache_client()
if cache_client:
try:
cache_client.setex(key, NOTIFICATION_STATUS_CACHE_TTL, json.dumps(payload, default=str))
return
except Exception as exc:
app.logger.warning(f'Could not write notification status cache for {username}: {exc}')
with _NOTIFICATION_CACHE_LOCK:
_NOTIFICATION_LOCAL_CACHE[key] = {
'expires_at': time.time() + NOTIFICATION_STATUS_CACHE_TTL,
'payload': payload,
}
def _build_unread_status_etag(version_tag, payload):
unread_count = int(payload.get('unread_count', 0))
latest = payload.get('latest_unread') or {}
latest_created = latest.get('created_at') or ''
latest_type = latest.get('type') or ''
return f'W/"notif-{version_tag}-{unread_count}-{latest_type}-{latest_created}"'
def _build_cached_json_response(payload, etag_value):
incoming_etag = (request.headers.get('If-None-Match') or '').strip()
if incoming_etag and incoming_etag == etag_value:
response = make_response('', 304)
else:
response = jsonify(payload)
response.headers['Cache-Control'] = f'private, max-age={NOTIFICATION_STATUS_CACHE_TTL}, must-revalidate'
response.headers['ETag'] = etag_value
response.headers['Vary'] = 'Cookie'
return response
def _get_notifications_for_user(db, username, is_admin=False, limit=150):
"""Fetch notifications visible to the current user, newest first."""
query = {
@@ -687,12 +999,18 @@ def inject_version():
asset_version = _get_asset_version()
csrf_token = _get_csrf_token()
unread_notification_count = 0
current_permissions = us.build_default_permission_payload('standard_user')
if 'username' in session:
try:
is_admin = us.check_admin(session['username'])
except Exception:
is_admin = False
try:
current_permissions = us.get_effective_permissions(session['username'])
except Exception:
current_permissions = us.build_default_permission_payload('standard_user')
client = None
try:
client = MongoClient(MONGODB_HOST, MONGODB_PORT)
@@ -716,6 +1034,10 @@ def inject_version():
'student_cards_module_enabled': cfg.STUDENT_CARDS_MODULE_ENABLED,
'is_admin': is_admin,
'unread_notification_count': unread_notification_count,
'current_permissions': current_permissions,
'permission_action_options': PERMISSION_ACTION_OPTIONS,
'permission_page_options': PERMISSION_PAGE_OPTIONS,
'permission_presets': us.get_permission_preset_definitions(),
}
# Create necessary directories at startup
@@ -1275,14 +1597,25 @@ def _student_card_id_slug(value):
return re.sub(r'[^a-z0-9]+', '', normalized).upper()
def _name_to_alias(full_name):
"""Convert clear names to deterministic aliases, e.g. Simon Frings -> SimFri."""
text = sanitize_form_value(full_name)
if not text:
return 'User'
parts = [p for p in re.split(r'\s+', text) if p]
if len(parts) >= 2:
return us.build_name_synonym(parts[0], parts[-1])
return us.build_name_synonym(parts[0], '')
def _build_student_card_excel_id(student_name, class_name, row_number, used_ids):
"""Create a stable student-card ID when the spreadsheet does not provide one."""
name_slug = _student_card_id_slug(student_name)
"""Create a stable student-card ID without embedding personal names."""
class_slug = _student_card_id_slug(class_name)
base_parts = [part for part in (class_slug, name_slug) if part]
base_parts = [part for part in (class_slug,) if part]
if base_parts:
base_id = f"SC-{'-'.join(base_parts[:2])}"
base_id = f"SC-{'-'.join(base_parts[:1])}-ROW-{row_number}"
else:
base_id = f"SC-ROW-{row_number}"
@@ -1402,6 +1735,8 @@ def _upload_student_cards_excel():
student_name = f'{first_name} {last_name}'.strip()
validation_warnings.append((row_number, 'Schülername wurde aus Vorname und Nachname zusammengesetzt'))
student_name_alias = _name_to_alias(student_name)
if not ausweis_id and not student_name and not class_name:
continue
@@ -1426,7 +1761,7 @@ def _upload_student_cards_excel():
planned_rows.append({
'row_number': row_number,
'ausweis_id': ausweis_id,
'student_name': student_name,
'student_name': student_name_alias,
'class_name': class_name,
'notes': notes,
'default_borrow_days': default_borrow_days,
@@ -2080,7 +2415,14 @@ def home():
student_max_borrow_days=cfg.STUDENT_MAX_BORROW_DAYS
)
else:
return redirect(url_for('home_admin'))
permissions = _get_current_user_permissions() or us.build_default_permission_payload('standard_user')
if _page_access_allowed(permissions, 'home_admin') and _action_access_allowed(permissions, 'can_manage_settings'):
return redirect(url_for('home_admin'))
fallback_endpoint = _permission_denied_fallback_endpoint(permissions, current_endpoint='home')
if fallback_endpoint == 'logout':
flash('Für diesen Benutzer sind aktuell keine Seiten freigegeben.', 'error')
return redirect(url_for(fallback_endpoint))
@app.route('/home_admin')
@@ -2859,6 +3201,7 @@ def student_cards_admin():
action = request.form.get('action', 'add')
ausweis_id = request.form.get('ausweis_id', '').strip().upper()
student_name = request.form.get('student_name', '').strip()
student_name_alias = _name_to_alias(student_name)
default_borrow_days = request.form.get('default_borrow_days', 14)
class_name = request.form.get('class_name', '').strip()
notes = request.form.get('notes', '').strip()
@@ -2885,7 +3228,7 @@ def student_cards_admin():
else:
encrypted_payload = encrypt_document_fields(
{
'SchülerName': student_name,
'SchülerName': student_name_alias,
'Klasse': class_name,
'Notizen': notes,
},
@@ -2918,7 +3261,7 @@ def student_cards_admin():
try:
encrypted_payload = encrypt_document_fields(
{
'SchülerName': student_name,
'SchülerName': student_name_alias,
'Klasse': class_name,
'Notizen': notes,
},
@@ -3388,7 +3731,11 @@ def login():
session['admin'] = is_admin_user
session['is_admin'] = is_admin_user
if is_admin_user:
return redirect(url_for('home_admin'))
permissions = us.get_effective_permissions(username)
if _page_access_allowed(permissions, 'home_admin') and _action_access_allowed(permissions, 'can_manage_settings'):
return redirect(url_for('home_admin'))
fallback_endpoint = _permission_denied_fallback_endpoint(permissions, current_endpoint='login')
return redirect(url_for(fallback_endpoint))
else:
return redirect(url_for('home'))
else:
@@ -6419,6 +6766,10 @@ def user_del():
break
if username and username != session['username']:
try:
permissions_payload = us.get_effective_permissions(username)
except Exception:
permissions_payload = us.build_default_permission_payload('standard_user')
try:
name = us.get_name(username)
last_name = us.get_last_name(username)
@@ -6439,7 +6790,10 @@ def user_del():
'admin': user.get('Admin', False),
'fullname': fullname,
'name': name,
'last_name': last_name
'last_name': last_name,
'permission_preset': permissions_payload.get('preset', 'standard_user'),
'action_permissions': permissions_payload.get('actions', {}),
'page_permissions': permissions_payload.get('pages', {}),
})
return render_template(
@@ -7456,6 +7810,107 @@ def admin_update_user_name():
return redirect(url_for('user_del'))
@app.route('/admin_update_user_permissions', methods=['POST'])
def admin_update_user_permissions():
"""Admin route to update permission preset and per-endpoint overrides for a user."""
if 'username' not in session or not us.check_admin(session['username']):
flash('Nicht autorisierter Zugriff', 'error')
return redirect(url_for('login'))
username = request.form.get('username', '').strip()
preset_key = request.form.get('permission_preset', 'standard_user').strip()
if not username:
flash('Kein Benutzer ausgewählt', 'error')
return redirect(url_for('user_del'))
target_user = us.get_user(username)
if not target_user:
flash(f'Benutzer {username} nicht gefunden', 'error')
return redirect(url_for('user_del'))
action_permissions = {}
for action_key, _ in PERMISSION_ACTION_OPTIONS:
action_permissions[action_key] = request.form.get(f'action_{action_key}') == 'on'
page_permissions = {}
for endpoint_name, _ in PERMISSION_PAGE_OPTIONS:
page_permissions[endpoint_name] = request.form.get(f'page_{endpoint_name}') == 'on'
if us.update_user_permissions(username, preset_key, action_permissions, page_permissions):
flash(f'Berechtigungen für {username} wurden aktualisiert.', 'success')
else:
flash('Fehler beim Aktualisieren der Berechtigungen.', 'error')
return redirect(url_for('user_del'))
@app.route('/admin_anonymize_names', methods=['POST'])
def admin_anonymize_names():
"""Anonymize already stored personal names into short aliases."""
if 'username' not in session or not us.check_admin(session['username']):
flash('Nicht autorisierter Zugriff', 'error')
return redirect(url_for('login'))
client = None
try:
client = MongoClient(MONGODB_HOST, MONGODB_PORT)
db = client[MONGODB_DB]
users_col = db['users']
student_cards_col = db['student_cards']
users_updated = 0
cards_updated = 0
for user_doc in users_col.find({}, {'name': 1, 'last_name': 1, 'Username': 1, 'username': 1}):
first = str(user_doc.get('name') or '').strip()
last = str(user_doc.get('last_name') or '').strip()
fallback = str(user_doc.get('Username') or user_doc.get('username') or '').strip()
alias = us.build_name_synonym(first or fallback, last)
result = users_col.update_one(
{'_id': user_doc['_id']},
{'$set': {'name': alias, 'last_name': ''}}
)
if result.modified_count > 0:
users_updated += 1
for card_doc in student_cards_col.find({}, {'SchülerName': 1, 'Klasse': 1, 'Notizen': 1}):
decrypted = _decrypt_student_card_doc(card_doc)
alias = _name_to_alias(decrypted.get('SchülerName', ''))
class_name = sanitize_form_value(decrypted.get('Klasse', ''))
notes = sanitize_form_value(decrypted.get('Notizen', ''))
encrypted_payload = encrypt_document_fields(
{
'SchülerName': alias,
'Klasse': class_name,
'Notizen': notes,
},
STUDENT_CARD_ENCRYPTED_FIELDS,
)
result = student_cards_col.update_one(
{'_id': card_doc['_id']},
{'$set': {'Aktualisiert': datetime.datetime.now(), **encrypted_payload}}
)
if result.modified_count > 0:
cards_updated += 1
flash(
f'Anonymisierung abgeschlossen: {users_updated} Benutzer und {cards_updated} Ausweise aktualisiert.',
'success'
)
except Exception as exc:
app.logger.error(f'Error anonymizing names: {exc}')
flash('Fehler bei der Anonymisierung der Namen.', 'error')
finally:
if client:
client.close()
return redirect(url_for('user_del'))
@app.route('/logs')
def logs():
"""
@@ -8284,13 +8739,15 @@ def mark_notification_read(notification_id):
try:
client = MongoClient(MONGODB_HOST, MONGODB_PORT)
db = client[MONGODB_DB]
db['notifications'].update_one(
result = db['notifications'].update_one(
{'_id': ObjectId(notification_id)},
{
'$addToSet': {'ReadBy': username},
'$set': {'UpdatedAt': datetime.datetime.now()}
}
)
if result.modified_count > 0:
_bump_notification_version(f'user:{username}')
except Exception as exc:
app.logger.warning(f"Could not mark notification as read {notification_id}: {exc}")
finally:
@@ -8325,13 +8782,15 @@ def mark_all_notifications_read():
try:
client = MongoClient(MONGODB_HOST, MONGODB_PORT)
db = client[MONGODB_DB]
db['notifications'].update_many(
result = db['notifications'].update_many(
query,
{
'$addToSet': {'ReadBy': username},
'$set': {'UpdatedAt': datetime.datetime.now()}
}
)
if result.modified_count > 0:
_bump_notification_version(f'user:{username}')
except Exception as exc:
app.logger.warning(f"Could not mark all notifications as read for {username}: {exc}")
finally:
@@ -8354,6 +8813,11 @@ def notifications_unread_status():
except Exception:
is_admin_user = False
cached_payload, version_tag = _get_cached_unread_status(username, is_admin=is_admin_user)
if cached_payload is not None:
cached_etag = _build_unread_status_etag(version_tag, cached_payload)
return _build_cached_json_response(cached_payload, cached_etag)
client = None
try:
client = MongoClient(MONGODB_HOST, MONGODB_PORT)
@@ -8397,11 +8861,15 @@ def notifications_unread_status():
'severity': latest_unread.get('Severity', 'info'),
}
return jsonify({
payload = {
'ok': True,
'unread_count': unread_count,
'latest_unread': latest_payload,
})
}
_set_cached_unread_status(username, is_admin_user, version_tag, payload)
etag_value = _build_unread_status_etag(version_tag, payload)
return _build_cached_json_response(payload, etag_value)
except Exception as exc:
app.logger.warning(f"Could not fetch unread notification status for {username}: {exc}")
return jsonify({'ok': False, 'error': 'status_fetch_failed'}), 500
+1
View File
@@ -9,6 +9,7 @@ apscheduler
python-dateutil
pytz
requests
redis
reportlab
python-barcode
openpyxl
+6 -4
View File
@@ -155,10 +155,12 @@ select:focus {
@media (max-width: 900px) {
.container {
width: calc(100% - 18px);
padding: 14px;
margin: 10px auto;
border-radius: 10px;
width: 100%;
max-width: 100%;
padding: 12px 12px 18px;
margin: 0;
border-radius: 0;
box-sizing: border-box;
}
}
+385 -13
View File
@@ -136,6 +136,10 @@
top: 0;
z-index: 1900;
}
.navbar .container-fluid {
gap: 10px;
}
.navbar-brand {
font-weight: bold;
@@ -152,6 +156,51 @@
font-weight: 600;
padding: 0.6rem 0.85rem;
border-radius: 8px;
transition: padding .18s ease, font-size .18s ease;
}
.navbar.nav-compact .navbar-brand {
font-size: 1.18rem;
}
.navbar.nav-compact .navbar-nav .nav-link {
font-size: 0.93rem;
padding: 0.48rem 0.62rem;
}
.navbar.nav-compact .function-search-wrap {
width: min(320px, 34vw);
}
.navbar.nav-compact .function-search-input,
.navbar.nav-compact .function-search-btn {
min-height: 34px;
padding-top: 6px;
padding-bottom: 6px;
}
.navbar.nav-ultra-compact .navbar-brand {
font-size: 1.04rem;
}
.navbar.nav-ultra-compact .navbar-nav .nav-link {
font-size: 0.86rem;
padding: 0.4rem 0.52rem;
}
.navbar.nav-ultra-compact .function-search-wrap {
width: min(270px, 30vw);
}
.navbar.nav-ultra-compact .function-search-btn {
padding-left: 9px;
padding-right: 9px;
font-size: 0.82rem;
}
.navbar.nav-ultra-compact .navbar-text {
margin-right: 0.45rem !important;
font-size: 0.86rem;
}
.navbar-nav .nav-link.nav-active {
@@ -493,22 +542,194 @@
}
@media (max-width: 768px) {
.module-selector-bar {
padding: 8px 12px;
.navbar {
border-bottom-left-radius: 14px;
border-bottom-right-radius: 14px;
}
.navbar .container-fluid {
align-items: flex-start;
flex-wrap: wrap;
padding-top: 0.2rem;
padding-bottom: 0.35rem;
}
.navbar-brand {
order: 1;
flex: 1 1 auto;
min-width: 0;
font-size: 1.08rem;
line-height: 1.1;
display: flex;
align-items: center;
gap: 6px;
padding-top: 0.2rem;
padding-bottom: 0.2rem;
}
.navbar-toggler {
order: 2;
margin-left: auto;
flex: 0 0 auto;
align-self: flex-start;
}
.navbar-collapse {
order: 4;
width: 100%;
margin-top: 8px;
padding: 10px 10px 6px;
border-radius: 14px;
background: rgba(15, 23, 42, 0.18);
backdrop-filter: blur(10px);
-webkit-backdrop-filter: blur(10px);
}
.navbar-collapse.show,
.navbar-collapse.collapsing {
display: block;
}
.navbar-nav {
width: 100%;
align-items: stretch;
gap: 8px;
padding-top: 2px;
}
.navbar-nav .nav-item {
width: 100%;
}
.navbar-nav .nav-link {
width: 100%;
justify-content: flex-start;
min-height: 46px;
padding: 0.8rem 0.95rem;
border-radius: 12px;
background: rgba(255, 255, 255, 0.08);
box-shadow: inset 0 0 0 1px rgba(255, 255, 255, 0.08);
}
.navbar-nav .nav-link.nav-active,
.navbar-nav .nav-link.quick-link-pill,
.navbar-nav .nav-link.nav-priority-link {
background: rgba(255, 255, 255, 0.16);
}
.navbar-nav .nav-item.dropdown {
width: 100%;
}
.navbar-nav .nav-item.dropdown .nav-link.dropdown-toggle {
width: 100%;
justify-content: space-between;
}
.navbar-nav .dropdown-menu {
width: 100%;
margin-left: 0;
margin-top: 6px;
border-radius: 12px;
}
.module-selector-bar {
padding: 8px 10px;
gap: 8px;
flex-wrap: wrap;
}
.module-selector-bar .module-label {
display: none;
}
.module-selector-bar .module-tabs {
width: 100%;
gap: 8px;
}
.module-selector-bar .module-tab {
padding: 5px 12px;
font-size: 0.9rem;
width: 100%;
text-align: center;
padding: 8px 12px;
font-size: 0.92rem;
}
.module-separator {
height: 18px;
display: none;
}
.function-search-wrap {
order: 3;
width: 100%;
margin: 0;
}
.function-search-form {
width: 100%;
flex-wrap: nowrap;
gap: 8px;
}
.function-search-input {
flex: 1 1 auto;
min-width: 0;
min-height: 44px;
}
.function-search-btn {
flex: 0 0 auto;
min-height: 44px;
min-width: 72px;
white-space: nowrap;
}
.navbar-text {
order: 5;
width: 100%;
margin: 0 !important;
padding: 8px 10px;
border-radius: 12px;
background: rgba(255, 255, 255, 0.08);
text-align: center;
}
.user-menu-wrap {
order: 6;
width: 100%;
margin-right: 0 !important;
}
.user-menu-btn {
width: 100%;
min-height: 46px;
border-radius: 12px;
justify-content: center;
}
.dropdown-menu-end {
width: 100%;
}
@media (max-width: 520px) {
.function-search-form {
flex-direction: column;
}
.function-search-input,
.function-search-btn,
.user-menu-btn,
.module-selector-bar .module-tab {
width: 100%;
}
.module-selector-bar .module-tabs {
flex-direction: column;
}
.navbar-text {
font-size: 0.88rem;
}
}
}
</style>
@@ -548,18 +769,24 @@
</button>
<div class="collapse navbar-collapse" id="inventoryNavContent">
<ul class="navbar-nav me-auto mb-2 mb-lg-0" id="inventoryNavList">
{% if current_permissions.pages.get('home', True) %}
<li class="nav-item" data-nav-fixed="true">
<a class="nav-link {% if current_path == url_for('home') %}nav-active{% endif %}" href="{{ url_for('home') }}">Artikel</a>
</li>
{% endif %}
{% if 'username' in session %}
{% if current_permissions.pages.get('my_borrowed_items', True) %}
<li class="nav-item" data-nav-fixed="true">
<a class="nav-link quick-link-pill {% if current_path == url_for('my_borrowed_items') %}nav-active{% endif %}" href="{{ url_for('my_borrowed_items') }}">Meine Ausleihen</a>
</li>
{% endif %}
{% if current_permissions.pages.get('tutorial_page', True) %}
<li class="nav-item" data-nav-fixed="true">
<a class="nav-link quick-link-pill {% if current_path == url_for('tutorial_page') %}nav-active{% endif %}" href="{{ url_for('tutorial_page') }}">Tutorial</a>
</li>
{% endif %}
{% if 'username' in session and (session.get('admin', False) or is_admin) %}
{% endif %}
{% if 'username' in session and (session.get('admin', False) or is_admin) and current_permissions.pages.get('upload_admin', True) and current_permissions.actions.get('can_manage_settings', True) %}
<li class="nav-item">
<a class="nav-link nav-priority-link {% if current_path == url_for('upload_admin') %}nav-active{% endif %}" href="{{ url_for('upload_admin') }}"> Hochladen</a>
</li>
@@ -570,24 +797,46 @@
</a>
<ul class="dropdown-menu dropdown-menu-end" aria-labelledby="invMoreDropdown">
{% if 'username' in session %}
{% if current_permissions.pages.get('my_borrowed_items', True) %}
<li><a class="dropdown-item" href="{{ url_for('my_borrowed_items') }}">Meine Ausleihen</a></li>
{% endif %}
{% if current_permissions.pages.get('tutorial_page', True) %}
<li><a class="dropdown-item" href="{{ url_for('tutorial_page') }}">Tutorial</a></li>
{% endif %}
<li><hr class="dropdown-divider"></li>
{% endif %}
{% if 'username' in session and (session.get('admin', False) or is_admin) %}
{% if 'username' in session and (session.get('admin', False) or is_admin) and current_permissions.actions.get('can_manage_settings', True) %}
<li><h6 class="dropdown-header">Verwaltung</h6></li>
{% if current_permissions.pages.get('manage_filters', True) %}
<li><a class="dropdown-item" href="{{ url_for('manage_filters') }}">Filter verwalten</a></li>
{% endif %}
{% if current_permissions.pages.get('manage_locations', True) %}
<li><a class="dropdown-item" href="{{ url_for('manage_locations') }}">Orte verwalten</a></li>
{% endif %}
{% if current_permissions.pages.get('admin_borrowings', True) %}
<li><a class="dropdown-item" href="{{ url_for('admin_borrowings') }}">Ausleihen</a></li>
{% endif %}
{% if current_permissions.pages.get('admin_damaged_items', True) %}
<li><a class="dropdown-item" href="{{ url_for('admin_damaged_items') }}">Defekte Items</a></li>
{% endif %}
{% if current_permissions.actions.get('can_view_logs', True) and current_permissions.pages.get('admin_audit_dashboard', True) %}
<li><a class="dropdown-item" href="{{ url_for('admin_audit_dashboard') }}">Audit Dashboard</a></li>
{% endif %}
{% if current_permissions.actions.get('can_view_logs', True) and current_permissions.pages.get('logs', True) %}
<li><a class="dropdown-item" href="{{ url_for('logs') }}">Logs</a></li>
{% endif %}
<li><hr class="dropdown-divider"></li>
{% if current_permissions.actions.get('can_manage_users', True) %}
<li><h6 class="dropdown-header">System</h6></li>
{% if current_permissions.pages.get('user_del', True) %}
<li><a class="dropdown-item" href="{{ url_for('user_del') }}">Benutzer verwalten</a></li>
{% endif %}
{% if current_permissions.pages.get('register', True) %}
<li><a class="dropdown-item" href="{{ url_for('register') }}">Neuer Benutzer</a></li>
{% endif %}
<li><hr class="dropdown-divider"></li>
{% endif %}
{% endif %}
<li><a class="dropdown-item" href="{{ url_for('impressum') }}">Impressum</a></li>
<li><a class="dropdown-item" href="{{ url_for('license') }}">Lizenz</a></li>
</ul>
@@ -616,7 +865,9 @@
<span class="user-notification-dot {% if unread_notification_count and unread_notification_count > 0 %}visible{% endif %}" aria-hidden="true"></span>
</button>
<ul class="dropdown-menu dropdown-menu-end" aria-labelledby="invUserMenuDropdown">
{% if current_permissions.pages.get('notifications_view', True) %}
<li><a class="dropdown-item" href="{{ url_for('notifications_view') }}">Benachrichtigungen</a></li>
{% endif %}
<li><hr class="dropdown-divider"></li>
<li><a class="dropdown-item" href="{{ url_for('change_password') }}">Passwort ändern</a></li>
<li><hr class="dropdown-divider"></li>
@@ -639,18 +890,24 @@
</button>
<div class="collapse navbar-collapse" id="libraryNavContent">
<ul class="navbar-nav me-auto mb-2 mb-lg-0" id="libraryNavList">
{% if current_permissions.pages.get('library_view', True) %}
<li class="nav-item" data-nav-fixed="true">
<a class="nav-link {% if current_path == url_for('library_view') %}nav-active{% endif %}" href="{{ url_for('library_view') }}">Medien</a>
</li>
{% endif %}
{% if 'username' in session %}
{% if current_permissions.pages.get('my_borrowed_items', True) %}
<li class="nav-item" data-nav-fixed="true">
<a class="nav-link quick-link-pill {% if current_path == url_for('my_borrowed_items') %}nav-active{% endif %}" href="{{ url_for('my_borrowed_items') }}">Meine Medien</a>
</li>
{% endif %}
{% if current_permissions.pages.get('tutorial_page', True) %}
<li class="nav-item" data-nav-fixed="true">
<a class="nav-link quick-link-pill {% if current_path == url_for('tutorial_page') %}nav-active{% endif %}" href="{{ url_for('tutorial_page') }}">Tutorial</a>
</li>
{% endif %}
{% if 'username' in session and (session.get('admin', False) or is_admin) %}
{% endif %}
{% if 'username' in session and (session.get('admin', False) or is_admin) and current_permissions.actions.get('can_manage_settings', True) and current_permissions.pages.get('library_admin', True) %}
<li class="nav-item">
<a class="nav-link nav-priority-link {% if current_path == url_for('library_admin') %}nav-active{% endif %}" href="{{ url_for('library_admin') }}">📖 Hochladen</a>
</li>
@@ -661,23 +918,37 @@
</a>
<ul class="dropdown-menu dropdown-menu-end" aria-labelledby="libMoreDropdown">
{% if 'username' in session %}
{% if current_permissions.pages.get('my_borrowed_items', True) %}
<li><a class="dropdown-item" href="{{ url_for('my_borrowed_items') }}">Meine Medien</a></li>
{% endif %}
{% if current_permissions.pages.get('tutorial_page', True) %}
<li><a class="dropdown-item" href="{{ url_for('tutorial_page') }}">Tutorial</a></li>
{% endif %}
<li><hr class="dropdown-divider"></li>
{% endif %}
{% if 'username' in session and (session.get('admin', False) or is_admin) %}
{% if 'username' in session and (session.get('admin', False) or is_admin) and current_permissions.actions.get('can_manage_settings', True) %}
<li><h6 class="dropdown-header">Bibliotheks-Verwaltung</h6></li>
{% if current_permissions.pages.get('library_loans_admin', True) %}
<li><a class="dropdown-item" href="{{ url_for('library_loans_admin') }}">Ausleihen</a></li>
{% endif %}
{% if current_permissions.pages.get('admin_damaged_items', True) %}
<li><a class="dropdown-item" href="{{ url_for('admin_damaged_items') }}">Defekte Items</a></li>
{% endif %}
{% if student_cards_module_enabled %}
<li><a class="dropdown-item" href="{{ url_for('student_cards_admin') }}">Bibliotheksausweis</a></li>
{% endif %}
<li><hr class="dropdown-divider"></li>
{% if current_permissions.actions.get('can_manage_users', True) %}
<li><h6 class="dropdown-header">System</h6></li>
{% if current_permissions.pages.get('user_del', True) %}
<li><a class="dropdown-item" href="{{ url_for('user_del') }}">Benutzer verwalten</a></li>
{% endif %}
{% if current_permissions.pages.get('register', True) %}
<li><a class="dropdown-item" href="{{ url_for('register') }}">Neuer Benutzer</a></li>
{% endif %}
<li><hr class="dropdown-divider"></li>
{% endif %}
{% endif %}
<li><a class="dropdown-item" href="{{ url_for('impressum') }}">Impressum</a></li>
<li><a class="dropdown-item" href="{{ url_for('license') }}">Lizenz</a></li>
</ul>
@@ -706,7 +977,9 @@
<span class="user-notification-dot {% if unread_notification_count and unread_notification_count > 0 %}visible{% endif %}" aria-hidden="true"></span>
</button>
<ul class="dropdown-menu dropdown-menu-end" aria-labelledby="libUserMenuDropdown">
{% if current_permissions.pages.get('notifications_view', True) %}
<li><a class="dropdown-item" href="{{ url_for('notifications_view') }}">Benachrichtigungen</a></li>
{% endif %}
<li><hr class="dropdown-divider"></li>
<li><a class="dropdown-item" href="{{ url_for('change_password') }}">Passwort ändern</a></li>
<li><hr class="dropdown-divider"></li>
@@ -1233,6 +1506,27 @@
function initNavbarOverflow(navList, navOverflowAnchor) {
if (!navList || !navOverflowAnchor) return;
const navRoot = navList.closest('nav.navbar');
const navCollapse = navList.closest('.navbar-collapse');
const navContainer = navList.closest('.container-fluid') || navList.parentElement;
function applyCompactMode() {
if (!navRoot || !navContainer) return;
const width = navContainer.clientWidth || window.innerWidth;
navRoot.classList.remove('nav-compact', 'nav-ultra-compact');
if (window.innerWidth < 992) {
return;
}
if (width < 1220) {
navRoot.classList.add('nav-compact');
}
if (width < 1080) {
navRoot.classList.add('nav-ultra-compact');
}
}
function collectTopLevelNavSources() {
if (!navList) return [];
return Array.from(navList.children).filter(function(li){
@@ -1267,13 +1561,67 @@
li.className = 'nav-item dropdown';
li.dataset.overflowControl = 'true';
const toggleId = navOverflowAnchor.id + '-toggle';
const menuId = navOverflowAnchor.id + '-menu';
li.innerHTML =
'<a class="nav-link dropdown-toggle" href="#" id="overflowMenuToggle" role="button" data-bs-toggle="dropdown" aria-expanded="false">⋮ Weitere</a>' +
'<ul class="dropdown-menu" aria-labelledby="overflowMenuToggle" id="overflowMenu"></ul>';
'<a class="nav-link dropdown-toggle" href="#" id="' + toggleId + '" role="button" data-bs-toggle="dropdown" aria-expanded="false" aria-controls="' + menuId + '">⋮ Weitere</a>' +
'<ul class="dropdown-menu" aria-labelledby="' + toggleId + '" id="' + menuId + '"></ul>';
return li;
}
function getNavCandidatePriority(item) {
if (!(item instanceof HTMLElement)) {
return -1;
}
const topLink = item.querySelector(':scope > a.nav-link');
if (!topLink) {
return 10;
}
if (topLink.classList.contains('nav-active')) {
return 1000;
}
if (topLink.classList.contains('nav-priority-link')) {
return 900;
}
if (topLink.classList.contains('quick-link-pill')) {
return 700;
}
if (item.classList.contains('dropdown')) {
return 300;
}
return 500;
}
function pickNextNavItemToHide(candidates) {
if (!Array.isArray(candidates) || candidates.length === 0) {
return null;
}
let selected = candidates[0];
let selectedIndex = 0;
let selectedPriority = getNavCandidatePriority(selected);
for (let i = 1; i < candidates.length; i += 1) {
const candidate = candidates[i];
const candidatePriority = getNavCandidatePriority(candidate);
if (candidatePriority < selectedPriority || (candidatePriority === selectedPriority && i > selectedIndex)) {
selected = candidate;
selectedIndex = i;
selectedPriority = candidatePriority;
}
}
return selected;
}
function appendSourceToOverflowMenu(sourceItem, menu) {
const topLink = sourceItem.querySelector(':scope > a.nav-link');
if (!topLink) return;
@@ -1309,6 +1657,10 @@
const control = createOverflowControl();
const menu = control.querySelector('ul.dropdown-menu');
const controlLink = control.querySelector(':scope > a.nav-link');
if (controlLink) {
controlLink.textContent = '⋮ Weitere (' + hiddenSources.length + ')';
}
hiddenSources.forEach(function(source){
appendSourceToOverflowMenu(source, menu);
@@ -1325,6 +1677,8 @@
function adaptNavbarByWidth() {
if (!navList || !navOverflowAnchor) return;
applyCompactMode();
if (window.innerWidth < 992) {
restoreAllNavItems();
return;
@@ -1336,7 +1690,10 @@
let candidates = collectTopLevelNavSources();
while (navList.scrollWidth > navList.clientWidth && candidates.length > 0) {
const toHide = candidates[candidates.length - 1];
const toHide = pickNextNavItemToHide(candidates);
if (!toHide) {
break;
}
toHide.style.display = 'none';
hiddenSources.unshift(toHide);
candidates = collectTopLevelNavSources();
@@ -1346,7 +1703,10 @@
candidates = collectTopLevelNavSources();
while (navList.scrollWidth > navList.clientWidth && candidates.length > 0) {
const toHide = candidates[candidates.length - 1];
const toHide = pickNextNavItemToHide(candidates);
if (!toHide) {
break;
}
toHide.style.display = 'none';
hiddenSources.unshift(toHide);
rebuildOverflowControl(hiddenSources);
@@ -1364,6 +1724,18 @@
adaptNavbarByWidth();
window.addEventListener('resize', debounceAdapt);
if (navCollapse) {
navCollapse.addEventListener('shown.bs.collapse', debounceAdapt);
navCollapse.addEventListener('hidden.bs.collapse', debounceAdapt);
}
if ('ResizeObserver' in window && navContainer) {
const resizeObserver = new ResizeObserver(function() {
debounceAdapt();
});
resizeObserver.observe(navContainer);
}
}
// Initialize overflow control for inventory navbar
+46 -11
View File
@@ -774,8 +774,18 @@
return;
}
const distanceToEnd = itemsContainer.scrollWidth - (itemsContainer.scrollLeft + itemsContainer.clientWidth);
const prefetchThreshold = Math.max(260, itemsContainer.clientWidth * 1.4);
const styles = window.getComputedStyle(itemsContainer);
const isMobileLayout =
window.matchMedia('(max-width: 768px)').matches ||
styles.display === 'grid' ||
styles.flexDirection === 'column';
const distanceToEnd = isMobileLayout
? itemsContainer.scrollHeight - (itemsContainer.scrollTop + itemsContainer.clientHeight)
: itemsContainer.scrollWidth - (itemsContainer.scrollLeft + itemsContainer.clientWidth);
const prefetchThreshold = isMobileLayout
? Math.max(220, itemsContainer.clientHeight * 0.9)
: Math.max(260, itemsContainer.clientWidth * 1.4);
if (distanceToEnd > prefetchThreshold) {
return;
}
@@ -1142,6 +1152,12 @@
const itemsContainer = ensureMainItemsSentinel();
if (!itemsContainer) return;
const styles = window.getComputedStyle(itemsContainer);
const isMobileLayout =
window.matchMedia('(max-width: 768px)').matches ||
styles.display === 'grid' ||
styles.flexDirection === 'column';
if (mainItemsObserver) {
mainItemsObserver.disconnect();
mainItemsObserver = null;
@@ -1172,7 +1188,7 @@
}, {
root: itemsContainer,
threshold: 0.15,
rootMargin: '0px 900px 0px 0px'
rootMargin: isMobileLayout ? '0px 0px 900px 0px' : '0px 900px 0px 0px'
});
mainItemsObserver.observe(mainItemsSentinel);
@@ -2942,6 +2958,22 @@
animation: items-loader-slide 1.05s ease-in-out infinite;
}
@media (max-width: 768px) {
.items-loading-indicator {
width: 100%;
min-width: 0;
max-width: none;
min-height: 120px;
height: auto;
padding: 14px 10px;
scroll-snap-align: none;
}
.items-loading-indicator .loading-track {
width: min(240px, 82%);
}
}
@keyframes items-loader-slide {
0% { transform: translateX(-100%); }
100% { transform: translateX(260%); }
@@ -3342,9 +3374,12 @@
/* Mobile-responsive styles for user interface */
.container {
width: 95% !important;
margin: 10px auto !important;
padding: 15px !important;
width: 100% !important;
max-width: 100% !important;
margin: 0 !important;
padding: 12px 12px 18px !important;
border-radius: 0 !important;
box-sizing: border-box !important;
}
h1, h2 {
@@ -3414,7 +3449,7 @@
display: grid !important;
grid-template-columns: 1fr !important;
gap: 15px !important;
padding: 10px 0 !important;
padding: 10px 0 0 !important;
overflow-x: visible !important;
}
@@ -3431,12 +3466,12 @@
/* Modal improvements for mobile */
.modal-content {
width: 95% !important;
max-width: 500px !important;
margin: 20px auto !important;
width: calc(100vw - 16px) !important;
max-width: none !important;
margin: 8px auto !important;
max-height: 85vh !important;
overflow-y: auto !important;
padding: 20px !important;
padding: 16px !important;
}
/* Button improvements */
+61 -21
View File
@@ -369,6 +369,22 @@
animation: items-loader-slide 1.05s ease-in-out infinite;
}
@media (max-width: 768px) {
.items-loading-indicator {
width: 100%;
min-width: 0;
max-width: none;
min-height: 120px;
height: auto;
padding: 14px 10px;
scroll-snap-align: none;
}
.items-loading-indicator .loading-track {
width: min(240px, 82%);
}
}
@keyframes items-loader-slide {
0% { transform: translateX(-100%); }
100% { transform: translateX(260%); }
@@ -1221,9 +1237,11 @@
/* Mobile-responsive styles for admin interface */
.admin-content-container {
width: 95% !important;
margin: 10px auto !important;
padding: 15px !important;
width: 100% !important;
max-width: 100% !important;
margin: 0 !important;
padding: 12px 12px 18px !important;
box-sizing: border-box !important;
overflow-x: hidden !important;
}
@@ -1347,11 +1365,12 @@
/* Modal improvements for admin */
.modal-content {
width: 95% !important;
max-width: 500px !important;
margin: 20px auto !important;
width: calc(100vw - 16px) !important;
max-width: none !important;
margin: 8px auto !important;
max-height: 85vh !important;
overflow-y: auto !important;
padding: 16px !important;
}
/* Admin card improvements */
@@ -1510,9 +1529,11 @@
/* Mobile-responsive styles for admin interface */
@media screen and (max-width: 768px) {
.admin-content-container {
width: 95% !important;
margin: 10px auto !important;
padding: 15px !important;
width: 100% !important;
max-width: 100% !important;
margin: 0 !important;
padding: 12px 12px 18px !important;
box-sizing: border-box !important;
}
h1, h2 {
@@ -1599,12 +1620,12 @@
/* Modal improvements for admin */
.modal-content {
width: 95% !important;
max-width: 500px !important;
margin: 20px auto !important;
width: calc(100vw - 16px) !important;
max-width: none !important;
margin: 8px auto !important;
max-height: 85vh !important;
overflow-y: auto !important;
padding: 20px !important;
padding: 16px !important;
}
/* Button improvements */
@@ -1792,9 +1813,11 @@
}
.admin-content-container {
width: 95%;
margin: 10px auto;
padding: 15px;
width: 100%;
max-width: 100%;
margin: 0;
padding: 12px 12px 18px;
box-sizing: border-box;
overflow-x: hidden;
}
@@ -1808,12 +1831,13 @@
/* Better modal sizing for mobile */
.modal-content {
width: 95% !important;
width: calc(100vw - 16px) !important;
max-width: none !important;
margin: 10px auto !important;
margin: 8px auto !important;
max-height: 90vh !important;
overflow-y: auto !important;
-webkit-overflow-scrolling: touch !important;
padding: 16px !important;
}
}
@@ -3366,8 +3390,18 @@ document.addEventListener('DOMContentLoaded', ()=>{
return;
}
const distanceToEnd = itemsContainer.scrollWidth - (itemsContainer.scrollLeft + itemsContainer.clientWidth);
const prefetchThreshold = Math.max(260, itemsContainer.clientWidth * 1.4);
const styles = window.getComputedStyle(itemsContainer);
const isMobileLayout =
window.matchMedia('(max-width: 768px)').matches ||
styles.display === 'grid' ||
styles.flexDirection === 'column';
const distanceToEnd = isMobileLayout
? itemsContainer.scrollHeight - (itemsContainer.scrollTop + itemsContainer.clientHeight)
: itemsContainer.scrollWidth - (itemsContainer.scrollLeft + itemsContainer.clientWidth);
const prefetchThreshold = isMobileLayout
? Math.max(220, itemsContainer.clientHeight * 0.9)
: Math.max(260, itemsContainer.clientWidth * 1.4);
if (distanceToEnd > prefetchThreshold) {
return;
}
@@ -3729,6 +3763,12 @@ document.addEventListener('DOMContentLoaded', ()=>{
const itemsContainer = ensureMainAdminItemsSentinel();
if (!itemsContainer) return;
const styles = window.getComputedStyle(itemsContainer);
const isMobileLayout =
window.matchMedia('(max-width: 768px)').matches ||
styles.display === 'grid' ||
styles.flexDirection === 'column';
if (mainAdminItemsObserver) {
mainAdminItemsObserver.disconnect();
mainAdminItemsObserver = null;
@@ -3759,7 +3799,7 @@ document.addEventListener('DOMContentLoaded', ()=>{
}, {
root: itemsContainer,
threshold: 0.15,
rootMargin: '0px 900px 0px 0px'
rootMargin: isMobileLayout ? '0px 0px 900px 0px' : '0px 900px 0px 0px'
});
mainAdminItemsObserver.observe(mainAdminItemsSentinel);
+160
View File
@@ -17,6 +17,16 @@
<div class="user-management-container">
<h2>Benutzer</h2>
<form method="POST" action="{{ url_for('admin_anonymize_names') }}" class="mb-3">
<button
type="submit"
class="btn btn-outline-danger"
onclick="return confirm('Sollen alle gespeicherten Klarnamen dauerhaft in Synonym-Kuerzel umgewandelt werden?')"
>
Gespeicherte Namen anonymisieren
</button>
</form>
<div class="filter-bar mb-3">
<div class="row g-2 align-items-end">
<div class="col-md-3">
@@ -62,6 +72,7 @@
<th>Vorname</th>
<th>Nachname</th>
<th>Administrator</th>
<th>Rechte-Preset</th>
<th>Aktionen</th>
</tr>
</thead>
@@ -72,6 +83,7 @@
<td>{{ user.name if user.name else user.username }}</td>
<td>{{ user.last_name if user.last_name else '' }}</td>
<td>{{ "Ja" if user.admin else "Nein" }}</td>
<td>{{ permission_presets.get(user.permission_preset, {}).get('label', user.permission_preset) }}</td>
<td class="actions">
<form method="POST" action="{{ url_for('delete_user') }}" class="d-inline">
<input type="hidden" name="username" value="{{ user.username }}">
@@ -90,6 +102,14 @@
onclick="openResetPasswordModal('{{ user.username }}')">
Passwort zurücksetzen
</button>
<button type="button" class="btn btn-info btn-sm"
data-username="{{ user.username }}"
data-preset="{{ user.permission_preset }}"
data-action-permissions='{{ user.action_permissions | tojson }}'
data-page-permissions='{{ user.page_permissions | tojson }}'
onclick="openPermissionsModal(this)">
Berechtigungen
</button>
</td>
</tr>
{% endfor %}
@@ -99,6 +119,62 @@
</div>
</div>
<!-- Permission Modal -->
<div class="modal fade" id="permissionsModal" tabindex="-1" aria-labelledby="permissionsModalLabel" aria-hidden="true">
<div class="modal-dialog modal-lg">
<div class="modal-content">
<div class="modal-header">
<h5 class="modal-title" id="permissionsModalLabel">Berechtigungen bearbeiten</h5>
<button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button>
</div>
<form method="POST" action="{{ url_for('admin_update_user_permissions') }}">
<div class="modal-body permissions-modal-body">
<input type="hidden" id="perm-username" name="username">
<div class="mb-3">
<label for="perm-username-display" class="form-label">Benutzer</label>
<input type="text" class="form-control" id="perm-username-display" disabled>
</div>
<div class="mb-3">
<label for="permission-preset" class="form-label">Preset</label>
<select class="form-select" id="permission-preset" name="permission_preset">
{% for preset_key, preset_value in permission_presets.items() %}
<option value="{{ preset_key }}">{{ preset_value.label }}</option>
{% endfor %}
</select>
</div>
<div class="permissions-grid">
<div class="permissions-group">
<h6>Aktionsrechte</h6>
{% for action_key, action_label in permission_action_options %}
<div class="form-check">
<input class="form-check-input permission-action-checkbox" type="checkbox" id="action-{{ action_key }}" name="action_{{ action_key }}">
<label class="form-check-label" for="action-{{ action_key }}">{{ action_label }}</label>
</div>
{% endfor %}
</div>
<div class="permissions-group">
<h6>Seitenrechte</h6>
{% for endpoint_name, endpoint_label in permission_page_options %}
<div class="form-check">
<input class="form-check-input permission-page-checkbox" type="checkbox" id="page-{{ endpoint_name }}" name="page_{{ endpoint_name }}">
<label class="form-check-label" for="page-{{ endpoint_name }}">{{ endpoint_label }}</label>
</div>
{% endfor %}
</div>
</div>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Abbrechen</button>
<button type="submit" class="btn btn-primary">Berechtigungen speichern</button>
</div>
</form>
</div>
</div>
</div>
<!-- Edit User Modal -->
<div class="modal fade" id="editUserModal" tabindex="-1" aria-labelledby="editUserModalLabel" aria-hidden="true">
<div class="modal-dialog">
@@ -165,6 +241,24 @@
</div>
<script>
var permissionPresets = {{ permission_presets | tojson }};
function applyPresetToPermissionForm(presetKey) {
var preset = permissionPresets[presetKey] || {};
var actionDefaults = preset.actions || {};
var pageDefaults = preset.pages || {};
document.querySelectorAll('.permission-action-checkbox').forEach(function (checkbox) {
var key = checkbox.name.replace('action_', '');
checkbox.checked = !!actionDefaults[key];
});
document.querySelectorAll('.permission-page-checkbox').forEach(function (checkbox) {
var key = checkbox.name.replace('page_', '');
checkbox.checked = !!pageDefaults[key];
});
}
function applyFilters() {
var search = document.getElementById('filter-search').value.toLowerCase();
var adminFilter = document.getElementById('filter-admin').value.toLowerCase();
@@ -229,6 +323,13 @@
document.getElementById('filter-admin').addEventListener('change', applyFilters);
document.getElementById('filter-column').addEventListener('change', applyFilters);
document.getElementById('filter-direction').addEventListener('change', applyFilters);
var presetSelect = document.getElementById('permission-preset');
if (presetSelect) {
presetSelect.addEventListener('change', function () {
applyPresetToPermissionForm(this.value);
});
}
});
function openEditUserModal(button) {
@@ -253,6 +354,42 @@
var modal = new bootstrap.Modal(document.getElementById('resetPasswordModal'));
modal.show();
}
function openPermissionsModal(button) {
var username = button.getAttribute('data-username') || '';
var preset = button.getAttribute('data-preset') || 'standard_user';
var actionPermissions = {};
var pagePermissions = {};
try {
actionPermissions = JSON.parse(button.getAttribute('data-action-permissions') || '{}');
} catch (err) {
actionPermissions = {};
}
try {
pagePermissions = JSON.parse(button.getAttribute('data-page-permissions') || '{}');
} catch (err) {
pagePermissions = {};
}
document.getElementById('perm-username').value = username;
document.getElementById('perm-username-display').value = username;
document.getElementById('permission-preset').value = preset;
document.querySelectorAll('.permission-action-checkbox').forEach(function (checkbox) {
var key = checkbox.name.replace('action_', '');
checkbox.checked = !!actionPermissions[key];
});
document.querySelectorAll('.permission-page-checkbox').forEach(function (checkbox) {
var key = checkbox.name.replace('page_', '');
checkbox.checked = !!pagePermissions[key];
});
var modal = new bootstrap.Modal(document.getElementById('permissionsModal'));
modal.show();
}
</script>
<style>
@@ -286,5 +423,28 @@
.password-requirements p {
margin-bottom: 5px;
}
.permissions-modal-body {
max-height: 70vh;
overflow-y: auto;
}
.permissions-grid {
display: grid;
grid-template-columns: repeat(auto-fit, minmax(260px, 1fr));
gap: 18px;
}
.permissions-group {
border: 1px solid #dee2e6;
border-radius: 8px;
padding: 12px;
background: #f8fafc;
}
.permissions-group h6 {
font-weight: 700;
margin-bottom: 10px;
}
</style>
{% endblock %}
+264 -4
View File
@@ -11,6 +11,8 @@ Provides methods for creating, validating, and retrieving user information.
For commercial licensing inquiries: https://github.com/AIIrondev
'''
import hashlib
import copy
import re
from bson.objectid import ObjectId
import settings as cfg
from settings import MongoClient
@@ -23,6 +25,256 @@ def normalize_student_card_id(card_id):
return str(card_id).strip().upper()
def _clean_name_fragment(value):
cleaned = re.sub(r'[^A-Za-zÄÖÜäöüß]', '', str(value or '').strip())
if not cleaned:
return ''
replacements = {
'ä': 'ae',
'ö': 'oe',
'ü': 'ue',
'ß': 'ss',
'Ä': 'Ae',
'Ö': 'Oe',
'Ü': 'Ue',
}
for old_char, new_char in replacements.items():
cleaned = cleaned.replace(old_char, new_char)
return cleaned
def build_name_synonym(first_name, last_name=''):
"""Build a deterministic, non-personalized short alias like 'SimFri'."""
first = _clean_name_fragment(first_name)
last = _clean_name_fragment(last_name)
if first and last:
return (first[:3] + last[:3]).title()
combined = (first + last)
if not combined:
return 'User'
return combined[:6].title()
ACTION_PERMISSION_KEYS = (
'can_borrow',
'can_insert',
'can_edit',
'can_delete',
'can_manage_users',
'can_manage_settings',
'can_view_logs',
)
DEFAULT_ACTION_PERMISSIONS = {
'can_borrow': True,
'can_insert': False,
'can_edit': False,
'can_delete': False,
'can_manage_users': False,
'can_manage_settings': False,
'can_view_logs': False,
}
DEFAULT_PAGE_PERMISSIONS = {
'home': True,
'tutorial_page': True,
'my_borrowed_items': True,
'notifications_view': True,
'impressum': True,
'license': True,
'library_view': True,
'terminplan': True,
'home_admin': False,
'upload_admin': False,
'library_admin': False,
'admin_borrowings': False,
'library_loans_admin': False,
'admin_damaged_items': False,
'admin_audit_dashboard': False,
'logs': False,
'user_del': False,
'register': False,
'manage_filters': False,
'manage_locations': False,
}
PERMISSION_PRESETS = {
'standard_user': {
'label': 'Standard (Ausleihe)',
'actions': {
'can_borrow': True,
},
'pages': {
'home': True,
'tutorial_page': True,
'my_borrowed_items': True,
'notifications_view': True,
'impressum': True,
'license': True,
'library_view': True,
'terminplan': True,
},
},
'editor': {
'label': 'Editor (Einfügen/Bearbeiten)',
'actions': {
'can_borrow': True,
'can_insert': True,
'can_edit': True,
},
'pages': {
'home': True,
'tutorial_page': True,
'my_borrowed_items': True,
'notifications_view': True,
'impressum': True,
'license': True,
'library_view': True,
'terminplan': True,
'upload_admin': True,
'library_admin': True,
},
},
'manager': {
'label': 'Manager (inkl. Löschen)',
'actions': {
'can_borrow': True,
'can_insert': True,
'can_edit': True,
'can_delete': True,
'can_manage_settings': True,
'can_view_logs': True,
},
'pages': {
'home': True,
'tutorial_page': True,
'my_borrowed_items': True,
'notifications_view': True,
'impressum': True,
'license': True,
'library_view': True,
'terminplan': True,
'home_admin': True,
'upload_admin': True,
'library_admin': True,
'admin_borrowings': True,
'library_loans_admin': True,
'admin_damaged_items': True,
'admin_audit_dashboard': True,
'logs': True,
'manage_filters': True,
'manage_locations': True,
},
},
'full_access': {
'label': 'Vollzugriff',
'actions': {
'can_borrow': True,
'can_insert': True,
'can_edit': True,
'can_delete': True,
'can_manage_users': True,
'can_manage_settings': True,
'can_view_logs': True,
},
'pages': {
'home': True,
'tutorial_page': True,
'my_borrowed_items': True,
'notifications_view': True,
'impressum': True,
'license': True,
'library_view': True,
'terminplan': True,
'home_admin': True,
'upload_admin': True,
'library_admin': True,
'admin_borrowings': True,
'library_loans_admin': True,
'admin_damaged_items': True,
'admin_audit_dashboard': True,
'logs': True,
'user_del': True,
'register': True,
'manage_filters': True,
'manage_locations': True,
},
},
}
def _normalize_bool_map(source, defaults):
result = dict(defaults)
if isinstance(source, dict):
for key, value in source.items():
result[str(key)] = bool(value)
return result
def get_permission_preset_definitions():
return copy.deepcopy(PERMISSION_PRESETS)
def build_default_permission_payload(preset_key='standard_user'):
selected_key = preset_key if preset_key in PERMISSION_PRESETS else 'standard_user'
preset = PERMISSION_PRESETS.get(selected_key, {})
action_defaults = _normalize_bool_map(preset.get('actions', {}), DEFAULT_ACTION_PERMISSIONS)
page_defaults = _normalize_bool_map(preset.get('pages', {}), DEFAULT_PAGE_PERMISSIONS)
return {
'preset': selected_key,
'actions': action_defaults,
'pages': page_defaults,
}
def get_effective_permissions(username):
user = get_user(username)
if not user:
return build_default_permission_payload('standard_user')
# Admin users always have full access, independent of custom presets.
if bool(user.get('Admin', False)):
return build_default_permission_payload('full_access')
preset_key = user.get('PermissionPreset') or 'standard_user'
payload = build_default_permission_payload(preset_key)
payload['actions'] = _normalize_bool_map(user.get('ActionPermissions', {}), payload['actions'])
payload['pages'] = _normalize_bool_map(user.get('PagePermissions', {}), payload['pages'])
return payload
def update_user_permissions(username, preset_key, action_permissions=None, page_permissions=None):
selected_key = preset_key if preset_key in PERMISSION_PRESETS else 'standard_user'
payload = build_default_permission_payload(selected_key)
if isinstance(action_permissions, dict):
for key, value in action_permissions.items():
payload['actions'][str(key)] = bool(value)
if isinstance(page_permissions, dict):
for key, value in page_permissions.items():
payload['pages'][str(key)] = bool(value)
update_data = {
'PermissionPreset': payload['preset'],
'ActionPermissions': payload['actions'],
'PagePermissions': payload['pages'],
}
client = MongoClient(cfg.MONGODB_HOST, cfg.MONGODB_PORT)
db = client[cfg.MONGODB_DB]
users = db['users']
result = users.update_one({'Username': username}, {'$set': update_data})
if result.matched_count == 0:
result = users.update_one({'username': username}, {'$set': update_data})
client.close()
return result.matched_count > 0
# === FAVORITES MANAGEMENT ===
def get_favorites(username):
"""Return a list of favorite item ObjectId strings for the user."""
@@ -144,14 +396,21 @@ def add_user(username, password, name, last_name, is_student=False, student_card
users = db['users']
if not check_password_strength(password):
return False
permission_defaults = build_default_permission_payload('standard_user')
name_alias = build_name_synonym(name, last_name)
user_doc = {
'Username': username,
'Password': hashing(password),
'Admin': False,
'active_ausleihung': None,
'name': name,
'last_name': last_name,
'IsStudent': bool(is_student)
'name': name_alias,
'last_name': '',
'IsStudent': bool(is_student),
'PermissionPreset': permission_defaults['preset'],
'ActionPermissions': permission_defaults['actions'],
'PagePermissions': permission_defaults['pages'],
}
normalized_card = normalize_student_card_id(student_card_id)
@@ -494,13 +753,14 @@ def update_user_name(username, name, last_name):
bool: True if updated successfully, False otherwise
"""
try:
name_alias = build_name_synonym(name, last_name)
client = MongoClient(cfg.MONGODB_HOST, cfg.MONGODB_PORT)
db = client[cfg.MONGODB_DB]
users = db['users']
result = users.update_one(
{'Username': username},
{'$set': {'name': name, 'last_name': last_name}}
{'$set': {'name': name_alias, 'last_name': ''}}
)
client.close()
+20
View File
@@ -24,6 +24,19 @@ services:
timeout: 5s
retries: 10
redis:
image: redis:7-alpine
container_name: inventarsystem-redis
restart: unless-stopped
command: ["redis-server", "--appendonly", "yes", "--save", "60", "1000"]
volumes:
- redis_data:/data
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 10s
timeout: 3s
retries: 10
app:
build:
context: .
@@ -35,10 +48,16 @@ services:
depends_on:
mongodb:
condition: service_healthy
redis:
condition: service_healthy
environment:
INVENTAR_MONGODB_HOST: mongodb
INVENTAR_MONGODB_PORT: "27017"
INVENTAR_MONGODB_DB: Inventarsystem
INVENTAR_REDIS_HOST: redis
INVENTAR_REDIS_PORT: "6379"
INVENTAR_REDIS_CACHE_DB: "1"
INVENTAR_NOTIFICATION_STATUS_CACHE_TTL: "8"
INVENTAR_BACKUP_FOLDER: /data/backups
INVENTAR_LOGS_FOLDER: /data/logs
INVENTAR_DELETED_ARCHIVE_FOLDER: /data/deleted-archives
@@ -64,3 +83,4 @@ volumes:
app_backups:
app_logs:
app_deleted_archives:
redis_data:
+1
View File
@@ -8,6 +8,7 @@ apscheduler
python-dateutil
pytz
requests
redis
reportlab
python-barcode
openpyxl