Compare commits
12 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| c0f49ab8de | |||
| c23e128d2e | |||
| b611173ea9 | |||
| 5cf9a4f1dd | |||
| 88a67160f2 | |||
| 2068af106f | |||
| 06c2270842 | |||
| 20556f3500 | |||
| 7f1d616bb3 | |||
| 09cea7a0f8 | |||
| 061f975727 | |||
| 68f0efa296 |
+482
-14
@@ -50,6 +50,11 @@ import io
|
||||
import html
|
||||
import logging
|
||||
import secrets
|
||||
import importlib
|
||||
try:
|
||||
redis = importlib.import_module('redis')
|
||||
except Exception:
|
||||
redis = None
|
||||
# QR Code functionality deactivated
|
||||
# import qrcode
|
||||
# from qrcode.constants import ERROR_CORRECT_L
|
||||
@@ -129,9 +134,91 @@ SSL_KEY = cfg.SSL_KEY
|
||||
LIBRARY_ITEM_TYPES = ['book', 'cd', 'dvd', 'media']
|
||||
INVOICE_CURRENCY = 'EUR'
|
||||
|
||||
NOTIFICATION_STATUS_CACHE_TTL = max(3, int(os.getenv('INVENTAR_NOTIFICATION_STATUS_CACHE_TTL', '8')))
|
||||
_NOTIFICATION_CACHE_PREFIX = 'inventar:notif'
|
||||
_NOTIFICATION_REDIS_CLIENT = None
|
||||
_NOTIFICATION_REDIS_FAILED = False
|
||||
_NOTIFICATION_LOCAL_CACHE = {}
|
||||
_NOTIFICATION_LOCAL_VERSIONS = {'admin': 0}
|
||||
_NOTIFICATION_CACHE_LOCK = threading.Lock()
|
||||
|
||||
|
||||
SCHOOL_PERIODS = cfg.SCHOOL_PERIODS
|
||||
|
||||
PERMISSION_ACTION_OPTIONS = [
|
||||
('can_borrow', 'Ausleihe erlauben'),
|
||||
('can_insert', 'Einfügen/Hochladen erlauben'),
|
||||
('can_edit', 'Bearbeiten erlauben'),
|
||||
('can_delete', 'Löschen erlauben'),
|
||||
('can_manage_users', 'Benutzerverwaltung erlauben'),
|
||||
('can_manage_settings', 'Systemverwaltung erlauben'),
|
||||
('can_view_logs', 'Logs/Audit einsehen erlauben'),
|
||||
]
|
||||
|
||||
PERMISSION_PAGE_OPTIONS = [
|
||||
('home', 'Artikel (Inventar)'),
|
||||
('tutorial_page', 'Tutorial'),
|
||||
('my_borrowed_items', 'Meine Ausleihen'),
|
||||
('notifications_view', 'Benachrichtigungen'),
|
||||
('impressum', 'Impressum'),
|
||||
('license', 'Lizenz'),
|
||||
('library_view', 'Bibliothek (Medien)'),
|
||||
('terminplan', 'Terminplan'),
|
||||
('home_admin', 'Admin Startseite'),
|
||||
('upload_admin', 'Admin Upload Inventar'),
|
||||
('library_admin', 'Admin Upload Bibliothek'),
|
||||
('admin_borrowings', 'Admin Ausleihen'),
|
||||
('library_loans_admin', 'Admin Bibliotheks-Ausleihen'),
|
||||
('admin_damaged_items', 'Admin Defekte Items'),
|
||||
('admin_audit_dashboard', 'Admin Audit Dashboard'),
|
||||
('logs', 'System-Logs'),
|
||||
('user_del', 'Benutzerverwaltung'),
|
||||
('register', 'Benutzer anlegen'),
|
||||
('manage_filters', 'Filter verwalten'),
|
||||
('manage_locations', 'Orte verwalten'),
|
||||
]
|
||||
|
||||
PERMISSION_EXEMPT_ENDPOINTS = {
|
||||
'static',
|
||||
'login',
|
||||
'logout',
|
||||
'impressum',
|
||||
'license',
|
||||
'uploaded_file',
|
||||
'thumbnail_file',
|
||||
'preview_file',
|
||||
}
|
||||
|
||||
PERMISSION_ACTION_ENDPOINTS = {
|
||||
'upload_item': 'can_insert',
|
||||
'upload_inventory_excel': 'can_insert',
|
||||
'upload_library_excel': 'can_insert',
|
||||
'upload_student_cards_excel': 'can_insert',
|
||||
'edit_item': 'can_edit',
|
||||
'api_library_item_update': 'can_edit',
|
||||
'admin_update_user_name': 'can_edit',
|
||||
'delete_item': 'can_delete',
|
||||
'delete_user': 'can_delete',
|
||||
'ausleihen': 'can_borrow',
|
||||
'zurueckgeben': 'can_borrow',
|
||||
'api_library_scan_action': 'can_borrow',
|
||||
'user_del': 'can_manage_users',
|
||||
'register': 'can_manage_users',
|
||||
'admin_reset_user_password': 'can_manage_users',
|
||||
'admin_update_user_permissions': 'can_manage_users',
|
||||
'admin_anonymize_names': 'can_manage_users',
|
||||
'home_admin': 'can_manage_settings',
|
||||
'upload_admin': 'can_manage_settings',
|
||||
'library_admin': 'can_manage_settings',
|
||||
'admin_borrowings': 'can_manage_settings',
|
||||
'library_loans_admin': 'can_manage_settings',
|
||||
'admin_damaged_items': 'can_manage_settings',
|
||||
'manage_filters': 'can_manage_settings',
|
||||
'manage_locations': 'can_manage_settings',
|
||||
'admin_audit_dashboard': 'can_view_logs',
|
||||
'logs': 'can_view_logs',
|
||||
}
|
||||
|
||||
# Apply the configuration for general use throughout the app
|
||||
APP_VERSION = __version__
|
||||
RELEASE_STATE_FILE = os.path.join(os.path.dirname(BASE_DIR), '.release-version')
|
||||
@@ -186,6 +273,47 @@ def _enforce_csrf_protection():
|
||||
return None
|
||||
|
||||
|
||||
@app.before_request
|
||||
def _enforce_user_permissions():
|
||||
endpoint = request.endpoint
|
||||
if not endpoint:
|
||||
return None
|
||||
|
||||
if endpoint == 'static' or endpoint.startswith('static'):
|
||||
return None
|
||||
|
||||
if endpoint in PERMISSION_EXEMPT_ENDPOINTS:
|
||||
return None
|
||||
|
||||
if 'username' not in session:
|
||||
return None
|
||||
|
||||
permissions = _get_current_user_permissions()
|
||||
if not permissions:
|
||||
return None
|
||||
|
||||
if not _page_access_allowed(permissions, endpoint):
|
||||
message = 'Diese Seite ist für Ihren Benutzer aktuell gesperrt.'
|
||||
if request.path.startswith('/api/') or request.is_json:
|
||||
return jsonify({'ok': False, 'message': message}), 403
|
||||
|
||||
flash(message, 'error')
|
||||
fallback_endpoint = _permission_denied_fallback_endpoint(permissions, current_endpoint=endpoint)
|
||||
return redirect(url_for(fallback_endpoint))
|
||||
|
||||
action_key = PERMISSION_ACTION_ENDPOINTS.get(endpoint)
|
||||
if action_key and not _action_access_allowed(permissions, action_key):
|
||||
message = 'Für diese Aktion fehlen Ihnen die erforderlichen Berechtigungen.'
|
||||
if request.path.startswith('/api/') or request.is_json:
|
||||
return jsonify({'ok': False, 'message': message}), 403
|
||||
|
||||
flash(message, 'error')
|
||||
fallback_endpoint = _permission_denied_fallback_endpoint(permissions, current_endpoint=endpoint)
|
||||
return redirect(url_for(fallback_endpoint))
|
||||
|
||||
return None
|
||||
|
||||
|
||||
def _get_asset_version():
|
||||
"""Return a cache-busting asset version tied to deployment state."""
|
||||
env_version = os.getenv('INVENTAR_ASSET_VERSION', '').strip()
|
||||
@@ -224,6 +352,45 @@ def _get_current_module(path):
|
||||
return 'inventory'
|
||||
|
||||
|
||||
def _get_current_user_permissions():
|
||||
username = session.get('username')
|
||||
if not username:
|
||||
return None
|
||||
try:
|
||||
return us.get_effective_permissions(username)
|
||||
except Exception:
|
||||
return us.build_default_permission_payload('standard_user')
|
||||
|
||||
|
||||
def _page_access_allowed(permissions, endpoint):
|
||||
if not permissions or not endpoint:
|
||||
return True
|
||||
page_permissions = permissions.get('pages', {})
|
||||
return bool(page_permissions.get(endpoint, True))
|
||||
|
||||
|
||||
def _action_access_allowed(permissions, action_key):
|
||||
if not permissions or not action_key:
|
||||
return True
|
||||
action_permissions = permissions.get('actions', {})
|
||||
return bool(action_permissions.get(action_key, True))
|
||||
|
||||
|
||||
def _permission_denied_fallback_endpoint(permissions, current_endpoint=None):
|
||||
username = session.get('username')
|
||||
is_admin_user = bool(username and us.check_admin(username))
|
||||
admin_home_allowed = _page_access_allowed(permissions, 'home_admin') and _action_access_allowed(permissions, 'can_manage_settings')
|
||||
|
||||
for candidate in ('my_borrowed_items', 'tutorial_page', 'notifications_view', 'impressum', 'home'):
|
||||
if current_endpoint and candidate == current_endpoint:
|
||||
continue
|
||||
if candidate == 'home' and is_admin_user and not admin_home_allowed:
|
||||
continue
|
||||
if _page_access_allowed(permissions, candidate):
|
||||
return candidate
|
||||
return 'logout'
|
||||
|
||||
|
||||
def _append_audit_event(db, event_type, payload):
|
||||
"""Write an audit entry; never break business flow on audit failures."""
|
||||
try:
|
||||
@@ -551,9 +718,154 @@ def _create_notification(db, *, audience, notif_type, title, message, target_use
|
||||
'UpdatedAt': now,
|
||||
}
|
||||
notifications_col.insert_one(payload)
|
||||
|
||||
if audience == 'user' and target_user:
|
||||
_bump_notification_version(f'user:{target_user}')
|
||||
elif audience == 'admin':
|
||||
_bump_notification_version('admin')
|
||||
|
||||
return True
|
||||
|
||||
|
||||
def _get_notification_cache_client():
|
||||
"""Return shared Redis client for distributed notification cache if available."""
|
||||
global _NOTIFICATION_REDIS_CLIENT, _NOTIFICATION_REDIS_FAILED
|
||||
if _NOTIFICATION_REDIS_CLIENT is not None:
|
||||
return _NOTIFICATION_REDIS_CLIENT
|
||||
if _NOTIFICATION_REDIS_FAILED or redis is None:
|
||||
return None
|
||||
|
||||
try:
|
||||
redis_host = os.getenv('INVENTAR_REDIS_HOST', 'redis')
|
||||
redis_port = int(os.getenv('INVENTAR_REDIS_PORT', 6379))
|
||||
redis_db = int(os.getenv('INVENTAR_REDIS_CACHE_DB', 1))
|
||||
client = redis.Redis(
|
||||
host=redis_host,
|
||||
port=redis_port,
|
||||
db=redis_db,
|
||||
decode_responses=True,
|
||||
socket_keepalive=True,
|
||||
socket_timeout=1,
|
||||
socket_connect_timeout=1,
|
||||
)
|
||||
client.ping()
|
||||
_NOTIFICATION_REDIS_CLIENT = client
|
||||
app.logger.info(f'Notification cache backend enabled: {redis_host}:{redis_port}/db{redis_db}')
|
||||
return _NOTIFICATION_REDIS_CLIENT
|
||||
except Exception as exc:
|
||||
_NOTIFICATION_REDIS_FAILED = True
|
||||
app.logger.warning(f'Notification cache backend unavailable, using local cache fallback: {exc}')
|
||||
return None
|
||||
|
||||
|
||||
def _notification_scope_key(scope):
|
||||
return f'{_NOTIFICATION_CACHE_PREFIX}:ver:{scope}'
|
||||
|
||||
|
||||
def _notification_status_key(username, is_admin, version_tag):
|
||||
role = 'admin' if is_admin else 'user'
|
||||
return f'{_NOTIFICATION_CACHE_PREFIX}:status:{role}:{username}:{version_tag}'
|
||||
|
||||
|
||||
def _get_notification_version_tag(username, is_admin=False):
|
||||
user_scope = f'user:{username}'
|
||||
cache_client = _get_notification_cache_client()
|
||||
|
||||
if cache_client:
|
||||
user_version = cache_client.get(_notification_scope_key(user_scope)) or '0'
|
||||
if is_admin:
|
||||
admin_version = cache_client.get(_notification_scope_key('admin')) or '0'
|
||||
return f'u{user_version}-a{admin_version}'
|
||||
return f'u{user_version}'
|
||||
|
||||
with _NOTIFICATION_CACHE_LOCK:
|
||||
user_version = _NOTIFICATION_LOCAL_VERSIONS.get(user_scope, 0)
|
||||
if is_admin:
|
||||
admin_version = _NOTIFICATION_LOCAL_VERSIONS.get('admin', 0)
|
||||
return f'u{user_version}-a{admin_version}'
|
||||
return f'u{user_version}'
|
||||
|
||||
|
||||
def _bump_notification_version(scope):
|
||||
cache_client = _get_notification_cache_client()
|
||||
if cache_client:
|
||||
try:
|
||||
cache_client.incr(_notification_scope_key(scope))
|
||||
return
|
||||
except Exception as exc:
|
||||
app.logger.warning(f'Could not bump notification cache version for {scope}: {exc}')
|
||||
|
||||
with _NOTIFICATION_CACHE_LOCK:
|
||||
current = int(_NOTIFICATION_LOCAL_VERSIONS.get(scope, 0))
|
||||
_NOTIFICATION_LOCAL_VERSIONS[scope] = current + 1
|
||||
# Prevent stale local payload reuse after version bump.
|
||||
_NOTIFICATION_LOCAL_CACHE.clear()
|
||||
|
||||
|
||||
def _get_cached_unread_status(username, is_admin=False):
|
||||
version_tag = _get_notification_version_tag(username, is_admin=is_admin)
|
||||
key = _notification_status_key(username, is_admin, version_tag)
|
||||
cache_client = _get_notification_cache_client()
|
||||
|
||||
if cache_client:
|
||||
try:
|
||||
cached = cache_client.get(key)
|
||||
if cached:
|
||||
return json.loads(cached), version_tag
|
||||
except Exception as exc:
|
||||
app.logger.warning(f'Could not read notification status cache for {username}: {exc}')
|
||||
return None, version_tag
|
||||
|
||||
now = time.time()
|
||||
with _NOTIFICATION_CACHE_LOCK:
|
||||
cached = _NOTIFICATION_LOCAL_CACHE.get(key)
|
||||
if not cached:
|
||||
return None, version_tag
|
||||
if cached.get('expires_at', 0) <= now:
|
||||
_NOTIFICATION_LOCAL_CACHE.pop(key, None)
|
||||
return None, version_tag
|
||||
return cached.get('payload'), version_tag
|
||||
|
||||
|
||||
def _set_cached_unread_status(username, is_admin, version_tag, payload):
|
||||
key = _notification_status_key(username, is_admin, version_tag)
|
||||
cache_client = _get_notification_cache_client()
|
||||
|
||||
if cache_client:
|
||||
try:
|
||||
cache_client.setex(key, NOTIFICATION_STATUS_CACHE_TTL, json.dumps(payload, default=str))
|
||||
return
|
||||
except Exception as exc:
|
||||
app.logger.warning(f'Could not write notification status cache for {username}: {exc}')
|
||||
|
||||
with _NOTIFICATION_CACHE_LOCK:
|
||||
_NOTIFICATION_LOCAL_CACHE[key] = {
|
||||
'expires_at': time.time() + NOTIFICATION_STATUS_CACHE_TTL,
|
||||
'payload': payload,
|
||||
}
|
||||
|
||||
|
||||
def _build_unread_status_etag(version_tag, payload):
|
||||
unread_count = int(payload.get('unread_count', 0))
|
||||
latest = payload.get('latest_unread') or {}
|
||||
latest_created = latest.get('created_at') or ''
|
||||
latest_type = latest.get('type') or ''
|
||||
return f'W/"notif-{version_tag}-{unread_count}-{latest_type}-{latest_created}"'
|
||||
|
||||
|
||||
def _build_cached_json_response(payload, etag_value):
|
||||
incoming_etag = (request.headers.get('If-None-Match') or '').strip()
|
||||
if incoming_etag and incoming_etag == etag_value:
|
||||
response = make_response('', 304)
|
||||
else:
|
||||
response = jsonify(payload)
|
||||
|
||||
response.headers['Cache-Control'] = f'private, max-age={NOTIFICATION_STATUS_CACHE_TTL}, must-revalidate'
|
||||
response.headers['ETag'] = etag_value
|
||||
response.headers['Vary'] = 'Cookie'
|
||||
return response
|
||||
|
||||
|
||||
def _get_notifications_for_user(db, username, is_admin=False, limit=150):
|
||||
"""Fetch notifications visible to the current user, newest first."""
|
||||
query = {
|
||||
@@ -687,12 +999,18 @@ def inject_version():
|
||||
asset_version = _get_asset_version()
|
||||
csrf_token = _get_csrf_token()
|
||||
unread_notification_count = 0
|
||||
current_permissions = us.build_default_permission_payload('standard_user')
|
||||
if 'username' in session:
|
||||
try:
|
||||
is_admin = us.check_admin(session['username'])
|
||||
except Exception:
|
||||
is_admin = False
|
||||
|
||||
try:
|
||||
current_permissions = us.get_effective_permissions(session['username'])
|
||||
except Exception:
|
||||
current_permissions = us.build_default_permission_payload('standard_user')
|
||||
|
||||
client = None
|
||||
try:
|
||||
client = MongoClient(MONGODB_HOST, MONGODB_PORT)
|
||||
@@ -716,6 +1034,10 @@ def inject_version():
|
||||
'student_cards_module_enabled': cfg.STUDENT_CARDS_MODULE_ENABLED,
|
||||
'is_admin': is_admin,
|
||||
'unread_notification_count': unread_notification_count,
|
||||
'current_permissions': current_permissions,
|
||||
'permission_action_options': PERMISSION_ACTION_OPTIONS,
|
||||
'permission_page_options': PERMISSION_PAGE_OPTIONS,
|
||||
'permission_presets': us.get_permission_preset_definitions(),
|
||||
}
|
||||
|
||||
# Create necessary directories at startup
|
||||
@@ -1275,14 +1597,25 @@ def _student_card_id_slug(value):
|
||||
return re.sub(r'[^a-z0-9]+', '', normalized).upper()
|
||||
|
||||
|
||||
def _name_to_alias(full_name):
|
||||
"""Convert clear names to deterministic aliases, e.g. Simon Frings -> SimFri."""
|
||||
text = sanitize_form_value(full_name)
|
||||
if not text:
|
||||
return 'User'
|
||||
|
||||
parts = [p for p in re.split(r'\s+', text) if p]
|
||||
if len(parts) >= 2:
|
||||
return us.build_name_synonym(parts[0], parts[-1])
|
||||
return us.build_name_synonym(parts[0], '')
|
||||
|
||||
|
||||
def _build_student_card_excel_id(student_name, class_name, row_number, used_ids):
|
||||
"""Create a stable student-card ID when the spreadsheet does not provide one."""
|
||||
name_slug = _student_card_id_slug(student_name)
|
||||
"""Create a stable student-card ID without embedding personal names."""
|
||||
class_slug = _student_card_id_slug(class_name)
|
||||
|
||||
base_parts = [part for part in (class_slug, name_slug) if part]
|
||||
base_parts = [part for part in (class_slug,) if part]
|
||||
if base_parts:
|
||||
base_id = f"SC-{'-'.join(base_parts[:2])}"
|
||||
base_id = f"SC-{'-'.join(base_parts[:1])}-ROW-{row_number}"
|
||||
else:
|
||||
base_id = f"SC-ROW-{row_number}"
|
||||
|
||||
@@ -1402,6 +1735,8 @@ def _upload_student_cards_excel():
|
||||
student_name = f'{first_name} {last_name}'.strip()
|
||||
validation_warnings.append((row_number, 'Schülername wurde aus Vorname und Nachname zusammengesetzt'))
|
||||
|
||||
student_name_alias = _name_to_alias(student_name)
|
||||
|
||||
if not ausweis_id and not student_name and not class_name:
|
||||
continue
|
||||
|
||||
@@ -1426,7 +1761,7 @@ def _upload_student_cards_excel():
|
||||
planned_rows.append({
|
||||
'row_number': row_number,
|
||||
'ausweis_id': ausweis_id,
|
||||
'student_name': student_name,
|
||||
'student_name': student_name_alias,
|
||||
'class_name': class_name,
|
||||
'notes': notes,
|
||||
'default_borrow_days': default_borrow_days,
|
||||
@@ -2080,7 +2415,14 @@ def home():
|
||||
student_max_borrow_days=cfg.STUDENT_MAX_BORROW_DAYS
|
||||
)
|
||||
else:
|
||||
return redirect(url_for('home_admin'))
|
||||
permissions = _get_current_user_permissions() or us.build_default_permission_payload('standard_user')
|
||||
if _page_access_allowed(permissions, 'home_admin') and _action_access_allowed(permissions, 'can_manage_settings'):
|
||||
return redirect(url_for('home_admin'))
|
||||
|
||||
fallback_endpoint = _permission_denied_fallback_endpoint(permissions, current_endpoint='home')
|
||||
if fallback_endpoint == 'logout':
|
||||
flash('Für diesen Benutzer sind aktuell keine Seiten freigegeben.', 'error')
|
||||
return redirect(url_for(fallback_endpoint))
|
||||
|
||||
|
||||
@app.route('/home_admin')
|
||||
@@ -2859,6 +3201,7 @@ def student_cards_admin():
|
||||
action = request.form.get('action', 'add')
|
||||
ausweis_id = request.form.get('ausweis_id', '').strip().upper()
|
||||
student_name = request.form.get('student_name', '').strip()
|
||||
student_name_alias = _name_to_alias(student_name)
|
||||
default_borrow_days = request.form.get('default_borrow_days', 14)
|
||||
class_name = request.form.get('class_name', '').strip()
|
||||
notes = request.form.get('notes', '').strip()
|
||||
@@ -2885,7 +3228,7 @@ def student_cards_admin():
|
||||
else:
|
||||
encrypted_payload = encrypt_document_fields(
|
||||
{
|
||||
'SchülerName': student_name,
|
||||
'SchülerName': student_name_alias,
|
||||
'Klasse': class_name,
|
||||
'Notizen': notes,
|
||||
},
|
||||
@@ -2918,7 +3261,7 @@ def student_cards_admin():
|
||||
try:
|
||||
encrypted_payload = encrypt_document_fields(
|
||||
{
|
||||
'SchülerName': student_name,
|
||||
'SchülerName': student_name_alias,
|
||||
'Klasse': class_name,
|
||||
'Notizen': notes,
|
||||
},
|
||||
@@ -3388,7 +3731,11 @@ def login():
|
||||
session['admin'] = is_admin_user
|
||||
session['is_admin'] = is_admin_user
|
||||
if is_admin_user:
|
||||
return redirect(url_for('home_admin'))
|
||||
permissions = us.get_effective_permissions(username)
|
||||
if _page_access_allowed(permissions, 'home_admin') and _action_access_allowed(permissions, 'can_manage_settings'):
|
||||
return redirect(url_for('home_admin'))
|
||||
fallback_endpoint = _permission_denied_fallback_endpoint(permissions, current_endpoint='login')
|
||||
return redirect(url_for(fallback_endpoint))
|
||||
else:
|
||||
return redirect(url_for('home'))
|
||||
else:
|
||||
@@ -6419,6 +6766,10 @@ def user_del():
|
||||
break
|
||||
|
||||
if username and username != session['username']:
|
||||
try:
|
||||
permissions_payload = us.get_effective_permissions(username)
|
||||
except Exception:
|
||||
permissions_payload = us.build_default_permission_payload('standard_user')
|
||||
try:
|
||||
name = us.get_name(username)
|
||||
last_name = us.get_last_name(username)
|
||||
@@ -6439,7 +6790,10 @@ def user_del():
|
||||
'admin': user.get('Admin', False),
|
||||
'fullname': fullname,
|
||||
'name': name,
|
||||
'last_name': last_name
|
||||
'last_name': last_name,
|
||||
'permission_preset': permissions_payload.get('preset', 'standard_user'),
|
||||
'action_permissions': permissions_payload.get('actions', {}),
|
||||
'page_permissions': permissions_payload.get('pages', {}),
|
||||
})
|
||||
|
||||
return render_template(
|
||||
@@ -7456,6 +7810,107 @@ def admin_update_user_name():
|
||||
return redirect(url_for('user_del'))
|
||||
|
||||
|
||||
@app.route('/admin_update_user_permissions', methods=['POST'])
|
||||
def admin_update_user_permissions():
|
||||
"""Admin route to update permission preset and per-endpoint overrides for a user."""
|
||||
if 'username' not in session or not us.check_admin(session['username']):
|
||||
flash('Nicht autorisierter Zugriff', 'error')
|
||||
return redirect(url_for('login'))
|
||||
|
||||
username = request.form.get('username', '').strip()
|
||||
preset_key = request.form.get('permission_preset', 'standard_user').strip()
|
||||
|
||||
if not username:
|
||||
flash('Kein Benutzer ausgewählt', 'error')
|
||||
return redirect(url_for('user_del'))
|
||||
|
||||
target_user = us.get_user(username)
|
||||
if not target_user:
|
||||
flash(f'Benutzer {username} nicht gefunden', 'error')
|
||||
return redirect(url_for('user_del'))
|
||||
|
||||
action_permissions = {}
|
||||
for action_key, _ in PERMISSION_ACTION_OPTIONS:
|
||||
action_permissions[action_key] = request.form.get(f'action_{action_key}') == 'on'
|
||||
|
||||
page_permissions = {}
|
||||
for endpoint_name, _ in PERMISSION_PAGE_OPTIONS:
|
||||
page_permissions[endpoint_name] = request.form.get(f'page_{endpoint_name}') == 'on'
|
||||
|
||||
if us.update_user_permissions(username, preset_key, action_permissions, page_permissions):
|
||||
flash(f'Berechtigungen für {username} wurden aktualisiert.', 'success')
|
||||
else:
|
||||
flash('Fehler beim Aktualisieren der Berechtigungen.', 'error')
|
||||
|
||||
return redirect(url_for('user_del'))
|
||||
|
||||
|
||||
@app.route('/admin_anonymize_names', methods=['POST'])
|
||||
def admin_anonymize_names():
|
||||
"""Anonymize already stored personal names into short aliases."""
|
||||
if 'username' not in session or not us.check_admin(session['username']):
|
||||
flash('Nicht autorisierter Zugriff', 'error')
|
||||
return redirect(url_for('login'))
|
||||
|
||||
client = None
|
||||
try:
|
||||
client = MongoClient(MONGODB_HOST, MONGODB_PORT)
|
||||
db = client[MONGODB_DB]
|
||||
users_col = db['users']
|
||||
student_cards_col = db['student_cards']
|
||||
|
||||
users_updated = 0
|
||||
cards_updated = 0
|
||||
|
||||
for user_doc in users_col.find({}, {'name': 1, 'last_name': 1, 'Username': 1, 'username': 1}):
|
||||
first = str(user_doc.get('name') or '').strip()
|
||||
last = str(user_doc.get('last_name') or '').strip()
|
||||
fallback = str(user_doc.get('Username') or user_doc.get('username') or '').strip()
|
||||
|
||||
alias = us.build_name_synonym(first or fallback, last)
|
||||
result = users_col.update_one(
|
||||
{'_id': user_doc['_id']},
|
||||
{'$set': {'name': alias, 'last_name': ''}}
|
||||
)
|
||||
if result.modified_count > 0:
|
||||
users_updated += 1
|
||||
|
||||
for card_doc in student_cards_col.find({}, {'SchülerName': 1, 'Klasse': 1, 'Notizen': 1}):
|
||||
decrypted = _decrypt_student_card_doc(card_doc)
|
||||
alias = _name_to_alias(decrypted.get('SchülerName', ''))
|
||||
class_name = sanitize_form_value(decrypted.get('Klasse', ''))
|
||||
notes = sanitize_form_value(decrypted.get('Notizen', ''))
|
||||
|
||||
encrypted_payload = encrypt_document_fields(
|
||||
{
|
||||
'SchülerName': alias,
|
||||
'Klasse': class_name,
|
||||
'Notizen': notes,
|
||||
},
|
||||
STUDENT_CARD_ENCRYPTED_FIELDS,
|
||||
)
|
||||
|
||||
result = student_cards_col.update_one(
|
||||
{'_id': card_doc['_id']},
|
||||
{'$set': {'Aktualisiert': datetime.datetime.now(), **encrypted_payload}}
|
||||
)
|
||||
if result.modified_count > 0:
|
||||
cards_updated += 1
|
||||
|
||||
flash(
|
||||
f'Anonymisierung abgeschlossen: {users_updated} Benutzer und {cards_updated} Ausweise aktualisiert.',
|
||||
'success'
|
||||
)
|
||||
except Exception as exc:
|
||||
app.logger.error(f'Error anonymizing names: {exc}')
|
||||
flash('Fehler bei der Anonymisierung der Namen.', 'error')
|
||||
finally:
|
||||
if client:
|
||||
client.close()
|
||||
|
||||
return redirect(url_for('user_del'))
|
||||
|
||||
|
||||
@app.route('/logs')
|
||||
def logs():
|
||||
"""
|
||||
@@ -8284,13 +8739,15 @@ def mark_notification_read(notification_id):
|
||||
try:
|
||||
client = MongoClient(MONGODB_HOST, MONGODB_PORT)
|
||||
db = client[MONGODB_DB]
|
||||
db['notifications'].update_one(
|
||||
result = db['notifications'].update_one(
|
||||
{'_id': ObjectId(notification_id)},
|
||||
{
|
||||
'$addToSet': {'ReadBy': username},
|
||||
'$set': {'UpdatedAt': datetime.datetime.now()}
|
||||
}
|
||||
)
|
||||
if result.modified_count > 0:
|
||||
_bump_notification_version(f'user:{username}')
|
||||
except Exception as exc:
|
||||
app.logger.warning(f"Could not mark notification as read {notification_id}: {exc}")
|
||||
finally:
|
||||
@@ -8325,13 +8782,15 @@ def mark_all_notifications_read():
|
||||
try:
|
||||
client = MongoClient(MONGODB_HOST, MONGODB_PORT)
|
||||
db = client[MONGODB_DB]
|
||||
db['notifications'].update_many(
|
||||
result = db['notifications'].update_many(
|
||||
query,
|
||||
{
|
||||
'$addToSet': {'ReadBy': username},
|
||||
'$set': {'UpdatedAt': datetime.datetime.now()}
|
||||
}
|
||||
)
|
||||
if result.modified_count > 0:
|
||||
_bump_notification_version(f'user:{username}')
|
||||
except Exception as exc:
|
||||
app.logger.warning(f"Could not mark all notifications as read for {username}: {exc}")
|
||||
finally:
|
||||
@@ -8354,6 +8813,11 @@ def notifications_unread_status():
|
||||
except Exception:
|
||||
is_admin_user = False
|
||||
|
||||
cached_payload, version_tag = _get_cached_unread_status(username, is_admin=is_admin_user)
|
||||
if cached_payload is not None:
|
||||
cached_etag = _build_unread_status_etag(version_tag, cached_payload)
|
||||
return _build_cached_json_response(cached_payload, cached_etag)
|
||||
|
||||
client = None
|
||||
try:
|
||||
client = MongoClient(MONGODB_HOST, MONGODB_PORT)
|
||||
@@ -8397,11 +8861,15 @@ def notifications_unread_status():
|
||||
'severity': latest_unread.get('Severity', 'info'),
|
||||
}
|
||||
|
||||
return jsonify({
|
||||
payload = {
|
||||
'ok': True,
|
||||
'unread_count': unread_count,
|
||||
'latest_unread': latest_payload,
|
||||
})
|
||||
}
|
||||
|
||||
_set_cached_unread_status(username, is_admin_user, version_tag, payload)
|
||||
etag_value = _build_unread_status_etag(version_tag, payload)
|
||||
return _build_cached_json_response(payload, etag_value)
|
||||
except Exception as exc:
|
||||
app.logger.warning(f"Could not fetch unread notification status for {username}: {exc}")
|
||||
return jsonify({'ok': False, 'error': 'status_fetch_failed'}), 500
|
||||
|
||||
@@ -9,6 +9,7 @@ apscheduler
|
||||
python-dateutil
|
||||
pytz
|
||||
requests
|
||||
redis
|
||||
reportlab
|
||||
python-barcode
|
||||
openpyxl
|
||||
|
||||
@@ -155,10 +155,12 @@ select:focus {
|
||||
|
||||
@media (max-width: 900px) {
|
||||
.container {
|
||||
width: calc(100% - 18px);
|
||||
padding: 14px;
|
||||
margin: 10px auto;
|
||||
border-radius: 10px;
|
||||
width: 100%;
|
||||
max-width: 100%;
|
||||
padding: 12px 12px 18px;
|
||||
margin: 0;
|
||||
border-radius: 0;
|
||||
box-sizing: border-box;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
+385
-13
@@ -136,6 +136,10 @@
|
||||
top: 0;
|
||||
z-index: 1900;
|
||||
}
|
||||
|
||||
.navbar .container-fluid {
|
||||
gap: 10px;
|
||||
}
|
||||
|
||||
.navbar-brand {
|
||||
font-weight: bold;
|
||||
@@ -152,6 +156,51 @@
|
||||
font-weight: 600;
|
||||
padding: 0.6rem 0.85rem;
|
||||
border-radius: 8px;
|
||||
transition: padding .18s ease, font-size .18s ease;
|
||||
}
|
||||
|
||||
.navbar.nav-compact .navbar-brand {
|
||||
font-size: 1.18rem;
|
||||
}
|
||||
|
||||
.navbar.nav-compact .navbar-nav .nav-link {
|
||||
font-size: 0.93rem;
|
||||
padding: 0.48rem 0.62rem;
|
||||
}
|
||||
|
||||
.navbar.nav-compact .function-search-wrap {
|
||||
width: min(320px, 34vw);
|
||||
}
|
||||
|
||||
.navbar.nav-compact .function-search-input,
|
||||
.navbar.nav-compact .function-search-btn {
|
||||
min-height: 34px;
|
||||
padding-top: 6px;
|
||||
padding-bottom: 6px;
|
||||
}
|
||||
|
||||
.navbar.nav-ultra-compact .navbar-brand {
|
||||
font-size: 1.04rem;
|
||||
}
|
||||
|
||||
.navbar.nav-ultra-compact .navbar-nav .nav-link {
|
||||
font-size: 0.86rem;
|
||||
padding: 0.4rem 0.52rem;
|
||||
}
|
||||
|
||||
.navbar.nav-ultra-compact .function-search-wrap {
|
||||
width: min(270px, 30vw);
|
||||
}
|
||||
|
||||
.navbar.nav-ultra-compact .function-search-btn {
|
||||
padding-left: 9px;
|
||||
padding-right: 9px;
|
||||
font-size: 0.82rem;
|
||||
}
|
||||
|
||||
.navbar.nav-ultra-compact .navbar-text {
|
||||
margin-right: 0.45rem !important;
|
||||
font-size: 0.86rem;
|
||||
}
|
||||
|
||||
.navbar-nav .nav-link.nav-active {
|
||||
@@ -493,22 +542,194 @@
|
||||
}
|
||||
|
||||
@media (max-width: 768px) {
|
||||
.module-selector-bar {
|
||||
padding: 8px 12px;
|
||||
.navbar {
|
||||
border-bottom-left-radius: 14px;
|
||||
border-bottom-right-radius: 14px;
|
||||
}
|
||||
|
||||
.navbar .container-fluid {
|
||||
align-items: flex-start;
|
||||
flex-wrap: wrap;
|
||||
padding-top: 0.2rem;
|
||||
padding-bottom: 0.35rem;
|
||||
}
|
||||
|
||||
.navbar-brand {
|
||||
order: 1;
|
||||
flex: 1 1 auto;
|
||||
min-width: 0;
|
||||
font-size: 1.08rem;
|
||||
line-height: 1.1;
|
||||
display: flex;
|
||||
align-items: center;
|
||||
gap: 6px;
|
||||
padding-top: 0.2rem;
|
||||
padding-bottom: 0.2rem;
|
||||
}
|
||||
|
||||
.navbar-toggler {
|
||||
order: 2;
|
||||
margin-left: auto;
|
||||
flex: 0 0 auto;
|
||||
align-self: flex-start;
|
||||
}
|
||||
|
||||
.navbar-collapse {
|
||||
order: 4;
|
||||
width: 100%;
|
||||
margin-top: 8px;
|
||||
padding: 10px 10px 6px;
|
||||
border-radius: 14px;
|
||||
background: rgba(15, 23, 42, 0.18);
|
||||
backdrop-filter: blur(10px);
|
||||
-webkit-backdrop-filter: blur(10px);
|
||||
}
|
||||
|
||||
.navbar-collapse.show,
|
||||
.navbar-collapse.collapsing {
|
||||
display: block;
|
||||
}
|
||||
|
||||
.navbar-nav {
|
||||
width: 100%;
|
||||
align-items: stretch;
|
||||
gap: 8px;
|
||||
padding-top: 2px;
|
||||
}
|
||||
|
||||
.navbar-nav .nav-item {
|
||||
width: 100%;
|
||||
}
|
||||
|
||||
.navbar-nav .nav-link {
|
||||
width: 100%;
|
||||
justify-content: flex-start;
|
||||
min-height: 46px;
|
||||
padding: 0.8rem 0.95rem;
|
||||
border-radius: 12px;
|
||||
background: rgba(255, 255, 255, 0.08);
|
||||
box-shadow: inset 0 0 0 1px rgba(255, 255, 255, 0.08);
|
||||
}
|
||||
|
||||
.navbar-nav .nav-link.nav-active,
|
||||
.navbar-nav .nav-link.quick-link-pill,
|
||||
.navbar-nav .nav-link.nav-priority-link {
|
||||
background: rgba(255, 255, 255, 0.16);
|
||||
}
|
||||
|
||||
.navbar-nav .nav-item.dropdown {
|
||||
width: 100%;
|
||||
}
|
||||
|
||||
.navbar-nav .nav-item.dropdown .nav-link.dropdown-toggle {
|
||||
width: 100%;
|
||||
justify-content: space-between;
|
||||
}
|
||||
|
||||
.navbar-nav .dropdown-menu {
|
||||
width: 100%;
|
||||
margin-left: 0;
|
||||
margin-top: 6px;
|
||||
border-radius: 12px;
|
||||
}
|
||||
|
||||
.module-selector-bar {
|
||||
padding: 8px 10px;
|
||||
gap: 8px;
|
||||
flex-wrap: wrap;
|
||||
}
|
||||
|
||||
.module-selector-bar .module-label {
|
||||
display: none;
|
||||
}
|
||||
|
||||
.module-selector-bar .module-tabs {
|
||||
width: 100%;
|
||||
gap: 8px;
|
||||
}
|
||||
|
||||
.module-selector-bar .module-tab {
|
||||
padding: 5px 12px;
|
||||
font-size: 0.9rem;
|
||||
width: 100%;
|
||||
text-align: center;
|
||||
padding: 8px 12px;
|
||||
font-size: 0.92rem;
|
||||
}
|
||||
|
||||
.module-separator {
|
||||
height: 18px;
|
||||
display: none;
|
||||
}
|
||||
|
||||
.function-search-wrap {
|
||||
order: 3;
|
||||
width: 100%;
|
||||
margin: 0;
|
||||
}
|
||||
|
||||
.function-search-form {
|
||||
width: 100%;
|
||||
flex-wrap: nowrap;
|
||||
gap: 8px;
|
||||
}
|
||||
|
||||
.function-search-input {
|
||||
flex: 1 1 auto;
|
||||
min-width: 0;
|
||||
min-height: 44px;
|
||||
}
|
||||
|
||||
.function-search-btn {
|
||||
flex: 0 0 auto;
|
||||
min-height: 44px;
|
||||
min-width: 72px;
|
||||
white-space: nowrap;
|
||||
}
|
||||
|
||||
.navbar-text {
|
||||
order: 5;
|
||||
width: 100%;
|
||||
margin: 0 !important;
|
||||
padding: 8px 10px;
|
||||
border-radius: 12px;
|
||||
background: rgba(255, 255, 255, 0.08);
|
||||
text-align: center;
|
||||
}
|
||||
|
||||
.user-menu-wrap {
|
||||
order: 6;
|
||||
width: 100%;
|
||||
margin-right: 0 !important;
|
||||
}
|
||||
|
||||
.user-menu-btn {
|
||||
width: 100%;
|
||||
min-height: 46px;
|
||||
border-radius: 12px;
|
||||
justify-content: center;
|
||||
}
|
||||
|
||||
.dropdown-menu-end {
|
||||
width: 100%;
|
||||
}
|
||||
|
||||
@media (max-width: 520px) {
|
||||
.function-search-form {
|
||||
flex-direction: column;
|
||||
}
|
||||
|
||||
.function-search-input,
|
||||
.function-search-btn,
|
||||
.user-menu-btn,
|
||||
.module-selector-bar .module-tab {
|
||||
width: 100%;
|
||||
}
|
||||
|
||||
.module-selector-bar .module-tabs {
|
||||
flex-direction: column;
|
||||
}
|
||||
|
||||
.navbar-text {
|
||||
font-size: 0.88rem;
|
||||
}
|
||||
}
|
||||
}
|
||||
</style>
|
||||
@@ -548,18 +769,24 @@
|
||||
</button>
|
||||
<div class="collapse navbar-collapse" id="inventoryNavContent">
|
||||
<ul class="navbar-nav me-auto mb-2 mb-lg-0" id="inventoryNavList">
|
||||
{% if current_permissions.pages.get('home', True) %}
|
||||
<li class="nav-item" data-nav-fixed="true">
|
||||
<a class="nav-link {% if current_path == url_for('home') %}nav-active{% endif %}" href="{{ url_for('home') }}">Artikel</a>
|
||||
</li>
|
||||
{% endif %}
|
||||
{% if 'username' in session %}
|
||||
{% if current_permissions.pages.get('my_borrowed_items', True) %}
|
||||
<li class="nav-item" data-nav-fixed="true">
|
||||
<a class="nav-link quick-link-pill {% if current_path == url_for('my_borrowed_items') %}nav-active{% endif %}" href="{{ url_for('my_borrowed_items') }}">Meine Ausleihen</a>
|
||||
</li>
|
||||
{% endif %}
|
||||
{% if current_permissions.pages.get('tutorial_page', True) %}
|
||||
<li class="nav-item" data-nav-fixed="true">
|
||||
<a class="nav-link quick-link-pill {% if current_path == url_for('tutorial_page') %}nav-active{% endif %}" href="{{ url_for('tutorial_page') }}">Tutorial</a>
|
||||
</li>
|
||||
{% endif %}
|
||||
{% if 'username' in session and (session.get('admin', False) or is_admin) %}
|
||||
{% endif %}
|
||||
{% if 'username' in session and (session.get('admin', False) or is_admin) and current_permissions.pages.get('upload_admin', True) and current_permissions.actions.get('can_manage_settings', True) %}
|
||||
<li class="nav-item">
|
||||
<a class="nav-link nav-priority-link {% if current_path == url_for('upload_admin') %}nav-active{% endif %}" href="{{ url_for('upload_admin') }}">➕ Hochladen</a>
|
||||
</li>
|
||||
@@ -570,24 +797,46 @@
|
||||
</a>
|
||||
<ul class="dropdown-menu dropdown-menu-end" aria-labelledby="invMoreDropdown">
|
||||
{% if 'username' in session %}
|
||||
{% if current_permissions.pages.get('my_borrowed_items', True) %}
|
||||
<li><a class="dropdown-item" href="{{ url_for('my_borrowed_items') }}">Meine Ausleihen</a></li>
|
||||
{% endif %}
|
||||
{% if current_permissions.pages.get('tutorial_page', True) %}
|
||||
<li><a class="dropdown-item" href="{{ url_for('tutorial_page') }}">Tutorial</a></li>
|
||||
{% endif %}
|
||||
<li><hr class="dropdown-divider"></li>
|
||||
{% endif %}
|
||||
{% if 'username' in session and (session.get('admin', False) or is_admin) %}
|
||||
{% if 'username' in session and (session.get('admin', False) or is_admin) and current_permissions.actions.get('can_manage_settings', True) %}
|
||||
<li><h6 class="dropdown-header">Verwaltung</h6></li>
|
||||
{% if current_permissions.pages.get('manage_filters', True) %}
|
||||
<li><a class="dropdown-item" href="{{ url_for('manage_filters') }}">Filter verwalten</a></li>
|
||||
{% endif %}
|
||||
{% if current_permissions.pages.get('manage_locations', True) %}
|
||||
<li><a class="dropdown-item" href="{{ url_for('manage_locations') }}">Orte verwalten</a></li>
|
||||
{% endif %}
|
||||
{% if current_permissions.pages.get('admin_borrowings', True) %}
|
||||
<li><a class="dropdown-item" href="{{ url_for('admin_borrowings') }}">Ausleihen</a></li>
|
||||
{% endif %}
|
||||
{% if current_permissions.pages.get('admin_damaged_items', True) %}
|
||||
<li><a class="dropdown-item" href="{{ url_for('admin_damaged_items') }}">Defekte Items</a></li>
|
||||
{% endif %}
|
||||
{% if current_permissions.actions.get('can_view_logs', True) and current_permissions.pages.get('admin_audit_dashboard', True) %}
|
||||
<li><a class="dropdown-item" href="{{ url_for('admin_audit_dashboard') }}">Audit Dashboard</a></li>
|
||||
{% endif %}
|
||||
{% if current_permissions.actions.get('can_view_logs', True) and current_permissions.pages.get('logs', True) %}
|
||||
<li><a class="dropdown-item" href="{{ url_for('logs') }}">Logs</a></li>
|
||||
{% endif %}
|
||||
<li><hr class="dropdown-divider"></li>
|
||||
{% if current_permissions.actions.get('can_manage_users', True) %}
|
||||
<li><h6 class="dropdown-header">System</h6></li>
|
||||
{% if current_permissions.pages.get('user_del', True) %}
|
||||
<li><a class="dropdown-item" href="{{ url_for('user_del') }}">Benutzer verwalten</a></li>
|
||||
{% endif %}
|
||||
{% if current_permissions.pages.get('register', True) %}
|
||||
<li><a class="dropdown-item" href="{{ url_for('register') }}">Neuer Benutzer</a></li>
|
||||
{% endif %}
|
||||
<li><hr class="dropdown-divider"></li>
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
<li><a class="dropdown-item" href="{{ url_for('impressum') }}">Impressum</a></li>
|
||||
<li><a class="dropdown-item" href="{{ url_for('license') }}">Lizenz</a></li>
|
||||
</ul>
|
||||
@@ -616,7 +865,9 @@
|
||||
<span class="user-notification-dot {% if unread_notification_count and unread_notification_count > 0 %}visible{% endif %}" aria-hidden="true"></span>
|
||||
</button>
|
||||
<ul class="dropdown-menu dropdown-menu-end" aria-labelledby="invUserMenuDropdown">
|
||||
{% if current_permissions.pages.get('notifications_view', True) %}
|
||||
<li><a class="dropdown-item" href="{{ url_for('notifications_view') }}">Benachrichtigungen</a></li>
|
||||
{% endif %}
|
||||
<li><hr class="dropdown-divider"></li>
|
||||
<li><a class="dropdown-item" href="{{ url_for('change_password') }}">Passwort ändern</a></li>
|
||||
<li><hr class="dropdown-divider"></li>
|
||||
@@ -639,18 +890,24 @@
|
||||
</button>
|
||||
<div class="collapse navbar-collapse" id="libraryNavContent">
|
||||
<ul class="navbar-nav me-auto mb-2 mb-lg-0" id="libraryNavList">
|
||||
{% if current_permissions.pages.get('library_view', True) %}
|
||||
<li class="nav-item" data-nav-fixed="true">
|
||||
<a class="nav-link {% if current_path == url_for('library_view') %}nav-active{% endif %}" href="{{ url_for('library_view') }}">Medien</a>
|
||||
</li>
|
||||
{% endif %}
|
||||
{% if 'username' in session %}
|
||||
{% if current_permissions.pages.get('my_borrowed_items', True) %}
|
||||
<li class="nav-item" data-nav-fixed="true">
|
||||
<a class="nav-link quick-link-pill {% if current_path == url_for('my_borrowed_items') %}nav-active{% endif %}" href="{{ url_for('my_borrowed_items') }}">Meine Medien</a>
|
||||
</li>
|
||||
{% endif %}
|
||||
{% if current_permissions.pages.get('tutorial_page', True) %}
|
||||
<li class="nav-item" data-nav-fixed="true">
|
||||
<a class="nav-link quick-link-pill {% if current_path == url_for('tutorial_page') %}nav-active{% endif %}" href="{{ url_for('tutorial_page') }}">Tutorial</a>
|
||||
</li>
|
||||
{% endif %}
|
||||
{% if 'username' in session and (session.get('admin', False) or is_admin) %}
|
||||
{% endif %}
|
||||
{% if 'username' in session and (session.get('admin', False) or is_admin) and current_permissions.actions.get('can_manage_settings', True) and current_permissions.pages.get('library_admin', True) %}
|
||||
<li class="nav-item">
|
||||
<a class="nav-link nav-priority-link {% if current_path == url_for('library_admin') %}nav-active{% endif %}" href="{{ url_for('library_admin') }}">📖 Hochladen</a>
|
||||
</li>
|
||||
@@ -661,23 +918,37 @@
|
||||
</a>
|
||||
<ul class="dropdown-menu dropdown-menu-end" aria-labelledby="libMoreDropdown">
|
||||
{% if 'username' in session %}
|
||||
{% if current_permissions.pages.get('my_borrowed_items', True) %}
|
||||
<li><a class="dropdown-item" href="{{ url_for('my_borrowed_items') }}">Meine Medien</a></li>
|
||||
{% endif %}
|
||||
{% if current_permissions.pages.get('tutorial_page', True) %}
|
||||
<li><a class="dropdown-item" href="{{ url_for('tutorial_page') }}">Tutorial</a></li>
|
||||
{% endif %}
|
||||
<li><hr class="dropdown-divider"></li>
|
||||
{% endif %}
|
||||
{% if 'username' in session and (session.get('admin', False) or is_admin) %}
|
||||
{% if 'username' in session and (session.get('admin', False) or is_admin) and current_permissions.actions.get('can_manage_settings', True) %}
|
||||
<li><h6 class="dropdown-header">Bibliotheks-Verwaltung</h6></li>
|
||||
{% if current_permissions.pages.get('library_loans_admin', True) %}
|
||||
<li><a class="dropdown-item" href="{{ url_for('library_loans_admin') }}">Ausleihen</a></li>
|
||||
{% endif %}
|
||||
{% if current_permissions.pages.get('admin_damaged_items', True) %}
|
||||
<li><a class="dropdown-item" href="{{ url_for('admin_damaged_items') }}">Defekte Items</a></li>
|
||||
{% endif %}
|
||||
{% if student_cards_module_enabled %}
|
||||
<li><a class="dropdown-item" href="{{ url_for('student_cards_admin') }}">Bibliotheksausweis</a></li>
|
||||
{% endif %}
|
||||
<li><hr class="dropdown-divider"></li>
|
||||
{% if current_permissions.actions.get('can_manage_users', True) %}
|
||||
<li><h6 class="dropdown-header">System</h6></li>
|
||||
{% if current_permissions.pages.get('user_del', True) %}
|
||||
<li><a class="dropdown-item" href="{{ url_for('user_del') }}">Benutzer verwalten</a></li>
|
||||
{% endif %}
|
||||
{% if current_permissions.pages.get('register', True) %}
|
||||
<li><a class="dropdown-item" href="{{ url_for('register') }}">Neuer Benutzer</a></li>
|
||||
{% endif %}
|
||||
<li><hr class="dropdown-divider"></li>
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
<li><a class="dropdown-item" href="{{ url_for('impressum') }}">Impressum</a></li>
|
||||
<li><a class="dropdown-item" href="{{ url_for('license') }}">Lizenz</a></li>
|
||||
</ul>
|
||||
@@ -706,7 +977,9 @@
|
||||
<span class="user-notification-dot {% if unread_notification_count and unread_notification_count > 0 %}visible{% endif %}" aria-hidden="true"></span>
|
||||
</button>
|
||||
<ul class="dropdown-menu dropdown-menu-end" aria-labelledby="libUserMenuDropdown">
|
||||
{% if current_permissions.pages.get('notifications_view', True) %}
|
||||
<li><a class="dropdown-item" href="{{ url_for('notifications_view') }}">Benachrichtigungen</a></li>
|
||||
{% endif %}
|
||||
<li><hr class="dropdown-divider"></li>
|
||||
<li><a class="dropdown-item" href="{{ url_for('change_password') }}">Passwort ändern</a></li>
|
||||
<li><hr class="dropdown-divider"></li>
|
||||
@@ -1233,6 +1506,27 @@
|
||||
function initNavbarOverflow(navList, navOverflowAnchor) {
|
||||
if (!navList || !navOverflowAnchor) return;
|
||||
|
||||
const navRoot = navList.closest('nav.navbar');
|
||||
const navCollapse = navList.closest('.navbar-collapse');
|
||||
const navContainer = navList.closest('.container-fluid') || navList.parentElement;
|
||||
|
||||
function applyCompactMode() {
|
||||
if (!navRoot || !navContainer) return;
|
||||
const width = navContainer.clientWidth || window.innerWidth;
|
||||
navRoot.classList.remove('nav-compact', 'nav-ultra-compact');
|
||||
|
||||
if (window.innerWidth < 992) {
|
||||
return;
|
||||
}
|
||||
|
||||
if (width < 1220) {
|
||||
navRoot.classList.add('nav-compact');
|
||||
}
|
||||
if (width < 1080) {
|
||||
navRoot.classList.add('nav-ultra-compact');
|
||||
}
|
||||
}
|
||||
|
||||
function collectTopLevelNavSources() {
|
||||
if (!navList) return [];
|
||||
return Array.from(navList.children).filter(function(li){
|
||||
@@ -1267,13 +1561,67 @@
|
||||
li.className = 'nav-item dropdown';
|
||||
li.dataset.overflowControl = 'true';
|
||||
|
||||
const toggleId = navOverflowAnchor.id + '-toggle';
|
||||
const menuId = navOverflowAnchor.id + '-menu';
|
||||
|
||||
li.innerHTML =
|
||||
'<a class="nav-link dropdown-toggle" href="#" id="overflowMenuToggle" role="button" data-bs-toggle="dropdown" aria-expanded="false">⋮ Weitere</a>' +
|
||||
'<ul class="dropdown-menu" aria-labelledby="overflowMenuToggle" id="overflowMenu"></ul>';
|
||||
'<a class="nav-link dropdown-toggle" href="#" id="' + toggleId + '" role="button" data-bs-toggle="dropdown" aria-expanded="false" aria-controls="' + menuId + '">⋮ Weitere</a>' +
|
||||
'<ul class="dropdown-menu" aria-labelledby="' + toggleId + '" id="' + menuId + '"></ul>';
|
||||
|
||||
return li;
|
||||
}
|
||||
|
||||
function getNavCandidatePriority(item) {
|
||||
if (!(item instanceof HTMLElement)) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
const topLink = item.querySelector(':scope > a.nav-link');
|
||||
if (!topLink) {
|
||||
return 10;
|
||||
}
|
||||
|
||||
if (topLink.classList.contains('nav-active')) {
|
||||
return 1000;
|
||||
}
|
||||
|
||||
if (topLink.classList.contains('nav-priority-link')) {
|
||||
return 900;
|
||||
}
|
||||
|
||||
if (topLink.classList.contains('quick-link-pill')) {
|
||||
return 700;
|
||||
}
|
||||
|
||||
if (item.classList.contains('dropdown')) {
|
||||
return 300;
|
||||
}
|
||||
|
||||
return 500;
|
||||
}
|
||||
|
||||
function pickNextNavItemToHide(candidates) {
|
||||
if (!Array.isArray(candidates) || candidates.length === 0) {
|
||||
return null;
|
||||
}
|
||||
|
||||
let selected = candidates[0];
|
||||
let selectedIndex = 0;
|
||||
let selectedPriority = getNavCandidatePriority(selected);
|
||||
|
||||
for (let i = 1; i < candidates.length; i += 1) {
|
||||
const candidate = candidates[i];
|
||||
const candidatePriority = getNavCandidatePriority(candidate);
|
||||
if (candidatePriority < selectedPriority || (candidatePriority === selectedPriority && i > selectedIndex)) {
|
||||
selected = candidate;
|
||||
selectedIndex = i;
|
||||
selectedPriority = candidatePriority;
|
||||
}
|
||||
}
|
||||
|
||||
return selected;
|
||||
}
|
||||
|
||||
function appendSourceToOverflowMenu(sourceItem, menu) {
|
||||
const topLink = sourceItem.querySelector(':scope > a.nav-link');
|
||||
if (!topLink) return;
|
||||
@@ -1309,6 +1657,10 @@
|
||||
|
||||
const control = createOverflowControl();
|
||||
const menu = control.querySelector('ul.dropdown-menu');
|
||||
const controlLink = control.querySelector(':scope > a.nav-link');
|
||||
if (controlLink) {
|
||||
controlLink.textContent = '⋮ Weitere (' + hiddenSources.length + ')';
|
||||
}
|
||||
|
||||
hiddenSources.forEach(function(source){
|
||||
appendSourceToOverflowMenu(source, menu);
|
||||
@@ -1325,6 +1677,8 @@
|
||||
function adaptNavbarByWidth() {
|
||||
if (!navList || !navOverflowAnchor) return;
|
||||
|
||||
applyCompactMode();
|
||||
|
||||
if (window.innerWidth < 992) {
|
||||
restoreAllNavItems();
|
||||
return;
|
||||
@@ -1336,7 +1690,10 @@
|
||||
let candidates = collectTopLevelNavSources();
|
||||
|
||||
while (navList.scrollWidth > navList.clientWidth && candidates.length > 0) {
|
||||
const toHide = candidates[candidates.length - 1];
|
||||
const toHide = pickNextNavItemToHide(candidates);
|
||||
if (!toHide) {
|
||||
break;
|
||||
}
|
||||
toHide.style.display = 'none';
|
||||
hiddenSources.unshift(toHide);
|
||||
candidates = collectTopLevelNavSources();
|
||||
@@ -1346,7 +1703,10 @@
|
||||
|
||||
candidates = collectTopLevelNavSources();
|
||||
while (navList.scrollWidth > navList.clientWidth && candidates.length > 0) {
|
||||
const toHide = candidates[candidates.length - 1];
|
||||
const toHide = pickNextNavItemToHide(candidates);
|
||||
if (!toHide) {
|
||||
break;
|
||||
}
|
||||
toHide.style.display = 'none';
|
||||
hiddenSources.unshift(toHide);
|
||||
rebuildOverflowControl(hiddenSources);
|
||||
@@ -1364,6 +1724,18 @@
|
||||
|
||||
adaptNavbarByWidth();
|
||||
window.addEventListener('resize', debounceAdapt);
|
||||
|
||||
if (navCollapse) {
|
||||
navCollapse.addEventListener('shown.bs.collapse', debounceAdapt);
|
||||
navCollapse.addEventListener('hidden.bs.collapse', debounceAdapt);
|
||||
}
|
||||
|
||||
if ('ResizeObserver' in window && navContainer) {
|
||||
const resizeObserver = new ResizeObserver(function() {
|
||||
debounceAdapt();
|
||||
});
|
||||
resizeObserver.observe(navContainer);
|
||||
}
|
||||
}
|
||||
|
||||
// Initialize overflow control for inventory navbar
|
||||
|
||||
+46
-11
@@ -774,8 +774,18 @@
|
||||
return;
|
||||
}
|
||||
|
||||
const distanceToEnd = itemsContainer.scrollWidth - (itemsContainer.scrollLeft + itemsContainer.clientWidth);
|
||||
const prefetchThreshold = Math.max(260, itemsContainer.clientWidth * 1.4);
|
||||
const styles = window.getComputedStyle(itemsContainer);
|
||||
const isMobileLayout =
|
||||
window.matchMedia('(max-width: 768px)').matches ||
|
||||
styles.display === 'grid' ||
|
||||
styles.flexDirection === 'column';
|
||||
|
||||
const distanceToEnd = isMobileLayout
|
||||
? itemsContainer.scrollHeight - (itemsContainer.scrollTop + itemsContainer.clientHeight)
|
||||
: itemsContainer.scrollWidth - (itemsContainer.scrollLeft + itemsContainer.clientWidth);
|
||||
const prefetchThreshold = isMobileLayout
|
||||
? Math.max(220, itemsContainer.clientHeight * 0.9)
|
||||
: Math.max(260, itemsContainer.clientWidth * 1.4);
|
||||
if (distanceToEnd > prefetchThreshold) {
|
||||
return;
|
||||
}
|
||||
@@ -1142,6 +1152,12 @@
|
||||
const itemsContainer = ensureMainItemsSentinel();
|
||||
if (!itemsContainer) return;
|
||||
|
||||
const styles = window.getComputedStyle(itemsContainer);
|
||||
const isMobileLayout =
|
||||
window.matchMedia('(max-width: 768px)').matches ||
|
||||
styles.display === 'grid' ||
|
||||
styles.flexDirection === 'column';
|
||||
|
||||
if (mainItemsObserver) {
|
||||
mainItemsObserver.disconnect();
|
||||
mainItemsObserver = null;
|
||||
@@ -1172,7 +1188,7 @@
|
||||
}, {
|
||||
root: itemsContainer,
|
||||
threshold: 0.15,
|
||||
rootMargin: '0px 900px 0px 0px'
|
||||
rootMargin: isMobileLayout ? '0px 0px 900px 0px' : '0px 900px 0px 0px'
|
||||
});
|
||||
|
||||
mainItemsObserver.observe(mainItemsSentinel);
|
||||
@@ -2942,6 +2958,22 @@
|
||||
animation: items-loader-slide 1.05s ease-in-out infinite;
|
||||
}
|
||||
|
||||
@media (max-width: 768px) {
|
||||
.items-loading-indicator {
|
||||
width: 100%;
|
||||
min-width: 0;
|
||||
max-width: none;
|
||||
min-height: 120px;
|
||||
height: auto;
|
||||
padding: 14px 10px;
|
||||
scroll-snap-align: none;
|
||||
}
|
||||
|
||||
.items-loading-indicator .loading-track {
|
||||
width: min(240px, 82%);
|
||||
}
|
||||
}
|
||||
|
||||
@keyframes items-loader-slide {
|
||||
0% { transform: translateX(-100%); }
|
||||
100% { transform: translateX(260%); }
|
||||
@@ -3342,9 +3374,12 @@
|
||||
|
||||
/* Mobile-responsive styles for user interface */
|
||||
.container {
|
||||
width: 95% !important;
|
||||
margin: 10px auto !important;
|
||||
padding: 15px !important;
|
||||
width: 100% !important;
|
||||
max-width: 100% !important;
|
||||
margin: 0 !important;
|
||||
padding: 12px 12px 18px !important;
|
||||
border-radius: 0 !important;
|
||||
box-sizing: border-box !important;
|
||||
}
|
||||
|
||||
h1, h2 {
|
||||
@@ -3414,7 +3449,7 @@
|
||||
display: grid !important;
|
||||
grid-template-columns: 1fr !important;
|
||||
gap: 15px !important;
|
||||
padding: 10px 0 !important;
|
||||
padding: 10px 0 0 !important;
|
||||
overflow-x: visible !important;
|
||||
}
|
||||
|
||||
@@ -3431,12 +3466,12 @@
|
||||
|
||||
/* Modal improvements for mobile */
|
||||
.modal-content {
|
||||
width: 95% !important;
|
||||
max-width: 500px !important;
|
||||
margin: 20px auto !important;
|
||||
width: calc(100vw - 16px) !important;
|
||||
max-width: none !important;
|
||||
margin: 8px auto !important;
|
||||
max-height: 85vh !important;
|
||||
overflow-y: auto !important;
|
||||
padding: 20px !important;
|
||||
padding: 16px !important;
|
||||
}
|
||||
|
||||
/* Button improvements */
|
||||
|
||||
@@ -369,6 +369,22 @@
|
||||
animation: items-loader-slide 1.05s ease-in-out infinite;
|
||||
}
|
||||
|
||||
@media (max-width: 768px) {
|
||||
.items-loading-indicator {
|
||||
width: 100%;
|
||||
min-width: 0;
|
||||
max-width: none;
|
||||
min-height: 120px;
|
||||
height: auto;
|
||||
padding: 14px 10px;
|
||||
scroll-snap-align: none;
|
||||
}
|
||||
|
||||
.items-loading-indicator .loading-track {
|
||||
width: min(240px, 82%);
|
||||
}
|
||||
}
|
||||
|
||||
@keyframes items-loader-slide {
|
||||
0% { transform: translateX(-100%); }
|
||||
100% { transform: translateX(260%); }
|
||||
@@ -1221,9 +1237,11 @@
|
||||
|
||||
/* Mobile-responsive styles for admin interface */
|
||||
.admin-content-container {
|
||||
width: 95% !important;
|
||||
margin: 10px auto !important;
|
||||
padding: 15px !important;
|
||||
width: 100% !important;
|
||||
max-width: 100% !important;
|
||||
margin: 0 !important;
|
||||
padding: 12px 12px 18px !important;
|
||||
box-sizing: border-box !important;
|
||||
overflow-x: hidden !important;
|
||||
}
|
||||
|
||||
@@ -1347,11 +1365,12 @@
|
||||
|
||||
/* Modal improvements for admin */
|
||||
.modal-content {
|
||||
width: 95% !important;
|
||||
max-width: 500px !important;
|
||||
margin: 20px auto !important;
|
||||
width: calc(100vw - 16px) !important;
|
||||
max-width: none !important;
|
||||
margin: 8px auto !important;
|
||||
max-height: 85vh !important;
|
||||
overflow-y: auto !important;
|
||||
padding: 16px !important;
|
||||
}
|
||||
|
||||
/* Admin card improvements */
|
||||
@@ -1510,9 +1529,11 @@
|
||||
/* Mobile-responsive styles for admin interface */
|
||||
@media screen and (max-width: 768px) {
|
||||
.admin-content-container {
|
||||
width: 95% !important;
|
||||
margin: 10px auto !important;
|
||||
padding: 15px !important;
|
||||
width: 100% !important;
|
||||
max-width: 100% !important;
|
||||
margin: 0 !important;
|
||||
padding: 12px 12px 18px !important;
|
||||
box-sizing: border-box !important;
|
||||
}
|
||||
|
||||
h1, h2 {
|
||||
@@ -1599,12 +1620,12 @@
|
||||
|
||||
/* Modal improvements for admin */
|
||||
.modal-content {
|
||||
width: 95% !important;
|
||||
max-width: 500px !important;
|
||||
margin: 20px auto !important;
|
||||
width: calc(100vw - 16px) !important;
|
||||
max-width: none !important;
|
||||
margin: 8px auto !important;
|
||||
max-height: 85vh !important;
|
||||
overflow-y: auto !important;
|
||||
padding: 20px !important;
|
||||
padding: 16px !important;
|
||||
}
|
||||
|
||||
/* Button improvements */
|
||||
@@ -1792,9 +1813,11 @@
|
||||
}
|
||||
|
||||
.admin-content-container {
|
||||
width: 95%;
|
||||
margin: 10px auto;
|
||||
padding: 15px;
|
||||
width: 100%;
|
||||
max-width: 100%;
|
||||
margin: 0;
|
||||
padding: 12px 12px 18px;
|
||||
box-sizing: border-box;
|
||||
overflow-x: hidden;
|
||||
}
|
||||
|
||||
@@ -1808,12 +1831,13 @@
|
||||
|
||||
/* Better modal sizing for mobile */
|
||||
.modal-content {
|
||||
width: 95% !important;
|
||||
width: calc(100vw - 16px) !important;
|
||||
max-width: none !important;
|
||||
margin: 10px auto !important;
|
||||
margin: 8px auto !important;
|
||||
max-height: 90vh !important;
|
||||
overflow-y: auto !important;
|
||||
-webkit-overflow-scrolling: touch !important;
|
||||
padding: 16px !important;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -3366,8 +3390,18 @@ document.addEventListener('DOMContentLoaded', ()=>{
|
||||
return;
|
||||
}
|
||||
|
||||
const distanceToEnd = itemsContainer.scrollWidth - (itemsContainer.scrollLeft + itemsContainer.clientWidth);
|
||||
const prefetchThreshold = Math.max(260, itemsContainer.clientWidth * 1.4);
|
||||
const styles = window.getComputedStyle(itemsContainer);
|
||||
const isMobileLayout =
|
||||
window.matchMedia('(max-width: 768px)').matches ||
|
||||
styles.display === 'grid' ||
|
||||
styles.flexDirection === 'column';
|
||||
|
||||
const distanceToEnd = isMobileLayout
|
||||
? itemsContainer.scrollHeight - (itemsContainer.scrollTop + itemsContainer.clientHeight)
|
||||
: itemsContainer.scrollWidth - (itemsContainer.scrollLeft + itemsContainer.clientWidth);
|
||||
const prefetchThreshold = isMobileLayout
|
||||
? Math.max(220, itemsContainer.clientHeight * 0.9)
|
||||
: Math.max(260, itemsContainer.clientWidth * 1.4);
|
||||
if (distanceToEnd > prefetchThreshold) {
|
||||
return;
|
||||
}
|
||||
@@ -3729,6 +3763,12 @@ document.addEventListener('DOMContentLoaded', ()=>{
|
||||
const itemsContainer = ensureMainAdminItemsSentinel();
|
||||
if (!itemsContainer) return;
|
||||
|
||||
const styles = window.getComputedStyle(itemsContainer);
|
||||
const isMobileLayout =
|
||||
window.matchMedia('(max-width: 768px)').matches ||
|
||||
styles.display === 'grid' ||
|
||||
styles.flexDirection === 'column';
|
||||
|
||||
if (mainAdminItemsObserver) {
|
||||
mainAdminItemsObserver.disconnect();
|
||||
mainAdminItemsObserver = null;
|
||||
@@ -3759,7 +3799,7 @@ document.addEventListener('DOMContentLoaded', ()=>{
|
||||
}, {
|
||||
root: itemsContainer,
|
||||
threshold: 0.15,
|
||||
rootMargin: '0px 900px 0px 0px'
|
||||
rootMargin: isMobileLayout ? '0px 0px 900px 0px' : '0px 900px 0px 0px'
|
||||
});
|
||||
|
||||
mainAdminItemsObserver.observe(mainAdminItemsSentinel);
|
||||
|
||||
@@ -17,6 +17,16 @@
|
||||
<div class="user-management-container">
|
||||
<h2>Benutzer</h2>
|
||||
|
||||
<form method="POST" action="{{ url_for('admin_anonymize_names') }}" class="mb-3">
|
||||
<button
|
||||
type="submit"
|
||||
class="btn btn-outline-danger"
|
||||
onclick="return confirm('Sollen alle gespeicherten Klarnamen dauerhaft in Synonym-Kuerzel umgewandelt werden?')"
|
||||
>
|
||||
Gespeicherte Namen anonymisieren
|
||||
</button>
|
||||
</form>
|
||||
|
||||
<div class="filter-bar mb-3">
|
||||
<div class="row g-2 align-items-end">
|
||||
<div class="col-md-3">
|
||||
@@ -62,6 +72,7 @@
|
||||
<th>Vorname</th>
|
||||
<th>Nachname</th>
|
||||
<th>Administrator</th>
|
||||
<th>Rechte-Preset</th>
|
||||
<th>Aktionen</th>
|
||||
</tr>
|
||||
</thead>
|
||||
@@ -72,6 +83,7 @@
|
||||
<td>{{ user.name if user.name else user.username }}</td>
|
||||
<td>{{ user.last_name if user.last_name else '' }}</td>
|
||||
<td>{{ "Ja" if user.admin else "Nein" }}</td>
|
||||
<td>{{ permission_presets.get(user.permission_preset, {}).get('label', user.permission_preset) }}</td>
|
||||
<td class="actions">
|
||||
<form method="POST" action="{{ url_for('delete_user') }}" class="d-inline">
|
||||
<input type="hidden" name="username" value="{{ user.username }}">
|
||||
@@ -90,6 +102,14 @@
|
||||
onclick="openResetPasswordModal('{{ user.username }}')">
|
||||
Passwort zurücksetzen
|
||||
</button>
|
||||
<button type="button" class="btn btn-info btn-sm"
|
||||
data-username="{{ user.username }}"
|
||||
data-preset="{{ user.permission_preset }}"
|
||||
data-action-permissions='{{ user.action_permissions | tojson }}'
|
||||
data-page-permissions='{{ user.page_permissions | tojson }}'
|
||||
onclick="openPermissionsModal(this)">
|
||||
Berechtigungen
|
||||
</button>
|
||||
</td>
|
||||
</tr>
|
||||
{% endfor %}
|
||||
@@ -99,6 +119,62 @@
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<!-- Permission Modal -->
|
||||
<div class="modal fade" id="permissionsModal" tabindex="-1" aria-labelledby="permissionsModalLabel" aria-hidden="true">
|
||||
<div class="modal-dialog modal-lg">
|
||||
<div class="modal-content">
|
||||
<div class="modal-header">
|
||||
<h5 class="modal-title" id="permissionsModalLabel">Berechtigungen bearbeiten</h5>
|
||||
<button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button>
|
||||
</div>
|
||||
<form method="POST" action="{{ url_for('admin_update_user_permissions') }}">
|
||||
<div class="modal-body permissions-modal-body">
|
||||
<input type="hidden" id="perm-username" name="username">
|
||||
<div class="mb-3">
|
||||
<label for="perm-username-display" class="form-label">Benutzer</label>
|
||||
<input type="text" class="form-control" id="perm-username-display" disabled>
|
||||
</div>
|
||||
|
||||
<div class="mb-3">
|
||||
<label for="permission-preset" class="form-label">Preset</label>
|
||||
<select class="form-select" id="permission-preset" name="permission_preset">
|
||||
{% for preset_key, preset_value in permission_presets.items() %}
|
||||
<option value="{{ preset_key }}">{{ preset_value.label }}</option>
|
||||
{% endfor %}
|
||||
</select>
|
||||
</div>
|
||||
|
||||
<div class="permissions-grid">
|
||||
<div class="permissions-group">
|
||||
<h6>Aktionsrechte</h6>
|
||||
{% for action_key, action_label in permission_action_options %}
|
||||
<div class="form-check">
|
||||
<input class="form-check-input permission-action-checkbox" type="checkbox" id="action-{{ action_key }}" name="action_{{ action_key }}">
|
||||
<label class="form-check-label" for="action-{{ action_key }}">{{ action_label }}</label>
|
||||
</div>
|
||||
{% endfor %}
|
||||
</div>
|
||||
|
||||
<div class="permissions-group">
|
||||
<h6>Seitenrechte</h6>
|
||||
{% for endpoint_name, endpoint_label in permission_page_options %}
|
||||
<div class="form-check">
|
||||
<input class="form-check-input permission-page-checkbox" type="checkbox" id="page-{{ endpoint_name }}" name="page_{{ endpoint_name }}">
|
||||
<label class="form-check-label" for="page-{{ endpoint_name }}">{{ endpoint_label }}</label>
|
||||
</div>
|
||||
{% endfor %}
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div class="modal-footer">
|
||||
<button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Abbrechen</button>
|
||||
<button type="submit" class="btn btn-primary">Berechtigungen speichern</button>
|
||||
</div>
|
||||
</form>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<!-- Edit User Modal -->
|
||||
<div class="modal fade" id="editUserModal" tabindex="-1" aria-labelledby="editUserModalLabel" aria-hidden="true">
|
||||
<div class="modal-dialog">
|
||||
@@ -165,6 +241,24 @@
|
||||
</div>
|
||||
|
||||
<script>
|
||||
var permissionPresets = {{ permission_presets | tojson }};
|
||||
|
||||
function applyPresetToPermissionForm(presetKey) {
|
||||
var preset = permissionPresets[presetKey] || {};
|
||||
var actionDefaults = preset.actions || {};
|
||||
var pageDefaults = preset.pages || {};
|
||||
|
||||
document.querySelectorAll('.permission-action-checkbox').forEach(function (checkbox) {
|
||||
var key = checkbox.name.replace('action_', '');
|
||||
checkbox.checked = !!actionDefaults[key];
|
||||
});
|
||||
|
||||
document.querySelectorAll('.permission-page-checkbox').forEach(function (checkbox) {
|
||||
var key = checkbox.name.replace('page_', '');
|
||||
checkbox.checked = !!pageDefaults[key];
|
||||
});
|
||||
}
|
||||
|
||||
function applyFilters() {
|
||||
var search = document.getElementById('filter-search').value.toLowerCase();
|
||||
var adminFilter = document.getElementById('filter-admin').value.toLowerCase();
|
||||
@@ -229,6 +323,13 @@
|
||||
document.getElementById('filter-admin').addEventListener('change', applyFilters);
|
||||
document.getElementById('filter-column').addEventListener('change', applyFilters);
|
||||
document.getElementById('filter-direction').addEventListener('change', applyFilters);
|
||||
|
||||
var presetSelect = document.getElementById('permission-preset');
|
||||
if (presetSelect) {
|
||||
presetSelect.addEventListener('change', function () {
|
||||
applyPresetToPermissionForm(this.value);
|
||||
});
|
||||
}
|
||||
});
|
||||
|
||||
function openEditUserModal(button) {
|
||||
@@ -253,6 +354,42 @@
|
||||
var modal = new bootstrap.Modal(document.getElementById('resetPasswordModal'));
|
||||
modal.show();
|
||||
}
|
||||
|
||||
function openPermissionsModal(button) {
|
||||
var username = button.getAttribute('data-username') || '';
|
||||
var preset = button.getAttribute('data-preset') || 'standard_user';
|
||||
var actionPermissions = {};
|
||||
var pagePermissions = {};
|
||||
|
||||
try {
|
||||
actionPermissions = JSON.parse(button.getAttribute('data-action-permissions') || '{}');
|
||||
} catch (err) {
|
||||
actionPermissions = {};
|
||||
}
|
||||
|
||||
try {
|
||||
pagePermissions = JSON.parse(button.getAttribute('data-page-permissions') || '{}');
|
||||
} catch (err) {
|
||||
pagePermissions = {};
|
||||
}
|
||||
|
||||
document.getElementById('perm-username').value = username;
|
||||
document.getElementById('perm-username-display').value = username;
|
||||
document.getElementById('permission-preset').value = preset;
|
||||
|
||||
document.querySelectorAll('.permission-action-checkbox').forEach(function (checkbox) {
|
||||
var key = checkbox.name.replace('action_', '');
|
||||
checkbox.checked = !!actionPermissions[key];
|
||||
});
|
||||
|
||||
document.querySelectorAll('.permission-page-checkbox').forEach(function (checkbox) {
|
||||
var key = checkbox.name.replace('page_', '');
|
||||
checkbox.checked = !!pagePermissions[key];
|
||||
});
|
||||
|
||||
var modal = new bootstrap.Modal(document.getElementById('permissionsModal'));
|
||||
modal.show();
|
||||
}
|
||||
</script>
|
||||
|
||||
<style>
|
||||
@@ -286,5 +423,28 @@
|
||||
.password-requirements p {
|
||||
margin-bottom: 5px;
|
||||
}
|
||||
|
||||
.permissions-modal-body {
|
||||
max-height: 70vh;
|
||||
overflow-y: auto;
|
||||
}
|
||||
|
||||
.permissions-grid {
|
||||
display: grid;
|
||||
grid-template-columns: repeat(auto-fit, minmax(260px, 1fr));
|
||||
gap: 18px;
|
||||
}
|
||||
|
||||
.permissions-group {
|
||||
border: 1px solid #dee2e6;
|
||||
border-radius: 8px;
|
||||
padding: 12px;
|
||||
background: #f8fafc;
|
||||
}
|
||||
|
||||
.permissions-group h6 {
|
||||
font-weight: 700;
|
||||
margin-bottom: 10px;
|
||||
}
|
||||
</style>
|
||||
{% endblock %}
|
||||
+264
-4
@@ -11,6 +11,8 @@ Provides methods for creating, validating, and retrieving user information.
|
||||
For commercial licensing inquiries: https://github.com/AIIrondev
|
||||
'''
|
||||
import hashlib
|
||||
import copy
|
||||
import re
|
||||
from bson.objectid import ObjectId
|
||||
import settings as cfg
|
||||
from settings import MongoClient
|
||||
@@ -23,6 +25,256 @@ def normalize_student_card_id(card_id):
|
||||
return str(card_id).strip().upper()
|
||||
|
||||
|
||||
def _clean_name_fragment(value):
|
||||
cleaned = re.sub(r'[^A-Za-zÄÖÜäöüß]', '', str(value or '').strip())
|
||||
if not cleaned:
|
||||
return ''
|
||||
replacements = {
|
||||
'ä': 'ae',
|
||||
'ö': 'oe',
|
||||
'ü': 'ue',
|
||||
'ß': 'ss',
|
||||
'Ä': 'Ae',
|
||||
'Ö': 'Oe',
|
||||
'Ü': 'Ue',
|
||||
}
|
||||
for old_char, new_char in replacements.items():
|
||||
cleaned = cleaned.replace(old_char, new_char)
|
||||
return cleaned
|
||||
|
||||
|
||||
def build_name_synonym(first_name, last_name=''):
|
||||
"""Build a deterministic, non-personalized short alias like 'SimFri'."""
|
||||
first = _clean_name_fragment(first_name)
|
||||
last = _clean_name_fragment(last_name)
|
||||
|
||||
if first and last:
|
||||
return (first[:3] + last[:3]).title()
|
||||
|
||||
combined = (first + last)
|
||||
if not combined:
|
||||
return 'User'
|
||||
return combined[:6].title()
|
||||
|
||||
|
||||
ACTION_PERMISSION_KEYS = (
|
||||
'can_borrow',
|
||||
'can_insert',
|
||||
'can_edit',
|
||||
'can_delete',
|
||||
'can_manage_users',
|
||||
'can_manage_settings',
|
||||
'can_view_logs',
|
||||
)
|
||||
|
||||
DEFAULT_ACTION_PERMISSIONS = {
|
||||
'can_borrow': True,
|
||||
'can_insert': False,
|
||||
'can_edit': False,
|
||||
'can_delete': False,
|
||||
'can_manage_users': False,
|
||||
'can_manage_settings': False,
|
||||
'can_view_logs': False,
|
||||
}
|
||||
|
||||
DEFAULT_PAGE_PERMISSIONS = {
|
||||
'home': True,
|
||||
'tutorial_page': True,
|
||||
'my_borrowed_items': True,
|
||||
'notifications_view': True,
|
||||
'impressum': True,
|
||||
'license': True,
|
||||
'library_view': True,
|
||||
'terminplan': True,
|
||||
'home_admin': False,
|
||||
'upload_admin': False,
|
||||
'library_admin': False,
|
||||
'admin_borrowings': False,
|
||||
'library_loans_admin': False,
|
||||
'admin_damaged_items': False,
|
||||
'admin_audit_dashboard': False,
|
||||
'logs': False,
|
||||
'user_del': False,
|
||||
'register': False,
|
||||
'manage_filters': False,
|
||||
'manage_locations': False,
|
||||
}
|
||||
|
||||
PERMISSION_PRESETS = {
|
||||
'standard_user': {
|
||||
'label': 'Standard (Ausleihe)',
|
||||
'actions': {
|
||||
'can_borrow': True,
|
||||
},
|
||||
'pages': {
|
||||
'home': True,
|
||||
'tutorial_page': True,
|
||||
'my_borrowed_items': True,
|
||||
'notifications_view': True,
|
||||
'impressum': True,
|
||||
'license': True,
|
||||
'library_view': True,
|
||||
'terminplan': True,
|
||||
},
|
||||
},
|
||||
'editor': {
|
||||
'label': 'Editor (Einfügen/Bearbeiten)',
|
||||
'actions': {
|
||||
'can_borrow': True,
|
||||
'can_insert': True,
|
||||
'can_edit': True,
|
||||
},
|
||||
'pages': {
|
||||
'home': True,
|
||||
'tutorial_page': True,
|
||||
'my_borrowed_items': True,
|
||||
'notifications_view': True,
|
||||
'impressum': True,
|
||||
'license': True,
|
||||
'library_view': True,
|
||||
'terminplan': True,
|
||||
'upload_admin': True,
|
||||
'library_admin': True,
|
||||
},
|
||||
},
|
||||
'manager': {
|
||||
'label': 'Manager (inkl. Löschen)',
|
||||
'actions': {
|
||||
'can_borrow': True,
|
||||
'can_insert': True,
|
||||
'can_edit': True,
|
||||
'can_delete': True,
|
||||
'can_manage_settings': True,
|
||||
'can_view_logs': True,
|
||||
},
|
||||
'pages': {
|
||||
'home': True,
|
||||
'tutorial_page': True,
|
||||
'my_borrowed_items': True,
|
||||
'notifications_view': True,
|
||||
'impressum': True,
|
||||
'license': True,
|
||||
'library_view': True,
|
||||
'terminplan': True,
|
||||
'home_admin': True,
|
||||
'upload_admin': True,
|
||||
'library_admin': True,
|
||||
'admin_borrowings': True,
|
||||
'library_loans_admin': True,
|
||||
'admin_damaged_items': True,
|
||||
'admin_audit_dashboard': True,
|
||||
'logs': True,
|
||||
'manage_filters': True,
|
||||
'manage_locations': True,
|
||||
},
|
||||
},
|
||||
'full_access': {
|
||||
'label': 'Vollzugriff',
|
||||
'actions': {
|
||||
'can_borrow': True,
|
||||
'can_insert': True,
|
||||
'can_edit': True,
|
||||
'can_delete': True,
|
||||
'can_manage_users': True,
|
||||
'can_manage_settings': True,
|
||||
'can_view_logs': True,
|
||||
},
|
||||
'pages': {
|
||||
'home': True,
|
||||
'tutorial_page': True,
|
||||
'my_borrowed_items': True,
|
||||
'notifications_view': True,
|
||||
'impressum': True,
|
||||
'license': True,
|
||||
'library_view': True,
|
||||
'terminplan': True,
|
||||
'home_admin': True,
|
||||
'upload_admin': True,
|
||||
'library_admin': True,
|
||||
'admin_borrowings': True,
|
||||
'library_loans_admin': True,
|
||||
'admin_damaged_items': True,
|
||||
'admin_audit_dashboard': True,
|
||||
'logs': True,
|
||||
'user_del': True,
|
||||
'register': True,
|
||||
'manage_filters': True,
|
||||
'manage_locations': True,
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
|
||||
def _normalize_bool_map(source, defaults):
|
||||
result = dict(defaults)
|
||||
if isinstance(source, dict):
|
||||
for key, value in source.items():
|
||||
result[str(key)] = bool(value)
|
||||
return result
|
||||
|
||||
|
||||
def get_permission_preset_definitions():
|
||||
return copy.deepcopy(PERMISSION_PRESETS)
|
||||
|
||||
|
||||
def build_default_permission_payload(preset_key='standard_user'):
|
||||
selected_key = preset_key if preset_key in PERMISSION_PRESETS else 'standard_user'
|
||||
preset = PERMISSION_PRESETS.get(selected_key, {})
|
||||
action_defaults = _normalize_bool_map(preset.get('actions', {}), DEFAULT_ACTION_PERMISSIONS)
|
||||
page_defaults = _normalize_bool_map(preset.get('pages', {}), DEFAULT_PAGE_PERMISSIONS)
|
||||
return {
|
||||
'preset': selected_key,
|
||||
'actions': action_defaults,
|
||||
'pages': page_defaults,
|
||||
}
|
||||
|
||||
|
||||
def get_effective_permissions(username):
|
||||
user = get_user(username)
|
||||
if not user:
|
||||
return build_default_permission_payload('standard_user')
|
||||
|
||||
# Admin users always have full access, independent of custom presets.
|
||||
if bool(user.get('Admin', False)):
|
||||
return build_default_permission_payload('full_access')
|
||||
|
||||
preset_key = user.get('PermissionPreset') or 'standard_user'
|
||||
payload = build_default_permission_payload(preset_key)
|
||||
payload['actions'] = _normalize_bool_map(user.get('ActionPermissions', {}), payload['actions'])
|
||||
payload['pages'] = _normalize_bool_map(user.get('PagePermissions', {}), payload['pages'])
|
||||
return payload
|
||||
|
||||
|
||||
def update_user_permissions(username, preset_key, action_permissions=None, page_permissions=None):
|
||||
selected_key = preset_key if preset_key in PERMISSION_PRESETS else 'standard_user'
|
||||
payload = build_default_permission_payload(selected_key)
|
||||
|
||||
if isinstance(action_permissions, dict):
|
||||
for key, value in action_permissions.items():
|
||||
payload['actions'][str(key)] = bool(value)
|
||||
|
||||
if isinstance(page_permissions, dict):
|
||||
for key, value in page_permissions.items():
|
||||
payload['pages'][str(key)] = bool(value)
|
||||
|
||||
update_data = {
|
||||
'PermissionPreset': payload['preset'],
|
||||
'ActionPermissions': payload['actions'],
|
||||
'PagePermissions': payload['pages'],
|
||||
}
|
||||
|
||||
client = MongoClient(cfg.MONGODB_HOST, cfg.MONGODB_PORT)
|
||||
db = client[cfg.MONGODB_DB]
|
||||
users = db['users']
|
||||
result = users.update_one({'Username': username}, {'$set': update_data})
|
||||
|
||||
if result.matched_count == 0:
|
||||
result = users.update_one({'username': username}, {'$set': update_data})
|
||||
|
||||
client.close()
|
||||
return result.matched_count > 0
|
||||
|
||||
|
||||
# === FAVORITES MANAGEMENT ===
|
||||
def get_favorites(username):
|
||||
"""Return a list of favorite item ObjectId strings for the user."""
|
||||
@@ -144,14 +396,21 @@ def add_user(username, password, name, last_name, is_student=False, student_card
|
||||
users = db['users']
|
||||
if not check_password_strength(password):
|
||||
return False
|
||||
permission_defaults = build_default_permission_payload('standard_user')
|
||||
|
||||
name_alias = build_name_synonym(name, last_name)
|
||||
|
||||
user_doc = {
|
||||
'Username': username,
|
||||
'Password': hashing(password),
|
||||
'Admin': False,
|
||||
'active_ausleihung': None,
|
||||
'name': name,
|
||||
'last_name': last_name,
|
||||
'IsStudent': bool(is_student)
|
||||
'name': name_alias,
|
||||
'last_name': '',
|
||||
'IsStudent': bool(is_student),
|
||||
'PermissionPreset': permission_defaults['preset'],
|
||||
'ActionPermissions': permission_defaults['actions'],
|
||||
'PagePermissions': permission_defaults['pages'],
|
||||
}
|
||||
|
||||
normalized_card = normalize_student_card_id(student_card_id)
|
||||
@@ -494,13 +753,14 @@ def update_user_name(username, name, last_name):
|
||||
bool: True if updated successfully, False otherwise
|
||||
"""
|
||||
try:
|
||||
name_alias = build_name_synonym(name, last_name)
|
||||
client = MongoClient(cfg.MONGODB_HOST, cfg.MONGODB_PORT)
|
||||
db = client[cfg.MONGODB_DB]
|
||||
users = db['users']
|
||||
|
||||
result = users.update_one(
|
||||
{'Username': username},
|
||||
{'$set': {'name': name, 'last_name': last_name}}
|
||||
{'$set': {'name': name_alias, 'last_name': ''}}
|
||||
)
|
||||
|
||||
client.close()
|
||||
|
||||
@@ -24,6 +24,19 @@ services:
|
||||
timeout: 5s
|
||||
retries: 10
|
||||
|
||||
redis:
|
||||
image: redis:7-alpine
|
||||
container_name: inventarsystem-redis
|
||||
restart: unless-stopped
|
||||
command: ["redis-server", "--appendonly", "yes", "--save", "60", "1000"]
|
||||
volumes:
|
||||
- redis_data:/data
|
||||
healthcheck:
|
||||
test: ["CMD", "redis-cli", "ping"]
|
||||
interval: 10s
|
||||
timeout: 3s
|
||||
retries: 10
|
||||
|
||||
app:
|
||||
build:
|
||||
context: .
|
||||
@@ -35,10 +48,16 @@ services:
|
||||
depends_on:
|
||||
mongodb:
|
||||
condition: service_healthy
|
||||
redis:
|
||||
condition: service_healthy
|
||||
environment:
|
||||
INVENTAR_MONGODB_HOST: mongodb
|
||||
INVENTAR_MONGODB_PORT: "27017"
|
||||
INVENTAR_MONGODB_DB: Inventarsystem
|
||||
INVENTAR_REDIS_HOST: redis
|
||||
INVENTAR_REDIS_PORT: "6379"
|
||||
INVENTAR_REDIS_CACHE_DB: "1"
|
||||
INVENTAR_NOTIFICATION_STATUS_CACHE_TTL: "8"
|
||||
INVENTAR_BACKUP_FOLDER: /data/backups
|
||||
INVENTAR_LOGS_FOLDER: /data/logs
|
||||
INVENTAR_DELETED_ARCHIVE_FOLDER: /data/deleted-archives
|
||||
@@ -64,3 +83,4 @@ volumes:
|
||||
app_backups:
|
||||
app_logs:
|
||||
app_deleted_archives:
|
||||
redis_data:
|
||||
|
||||
@@ -8,6 +8,7 @@ apscheduler
|
||||
python-dateutil
|
||||
pytz
|
||||
requests
|
||||
redis
|
||||
reportlab
|
||||
python-barcode
|
||||
openpyxl
|
||||
|
||||
Reference in New Issue
Block a user