Compare commits
90 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 493ee2ea7f | |||
| 52a2ec0cad | |||
| b5f2c3c5c5 | |||
| 403c281c93 | |||
| 6d121f6110 | |||
| 9d940c6151 | |||
| 980b825e07 | |||
| 94326728eb | |||
| efe17883a6 | |||
| 76f93b3d2e | |||
| 8f793045c2 | |||
| a199439d76 | |||
| 6cec483390 | |||
| 10e2f7cc17 | |||
| 0f8c5a0fec | |||
| 091147ecfd | |||
| 7bedfc1558 | |||
| 7e258e07ab | |||
| 96245bb06b | |||
| 245c3c19dd | |||
| d76c69d836 | |||
| 9527fc10cf | |||
| 1122618a51 | |||
| 54d56fc463 | |||
| 9da4ff3ec8 | |||
| 884464cfe5 | |||
| 0be4e3ca58 | |||
| e2aeea46f9 | |||
| 865fddd45b | |||
| 1835195d2f | |||
| 19a585b2ec | |||
| 925f07e96f | |||
| b8beec8209 | |||
| dd9390c649 | |||
| f31c4e2ff7 | |||
| 71e2895362 | |||
| d2c7e57f8d | |||
| 111d40b787 | |||
| 1a9513d442 | |||
| 3900059eb1 | |||
| 07b1cc5e79 | |||
| 6583f7a368 | |||
| 8e11fbf969 | |||
| 7d13dc264c | |||
| 480bd00a54 | |||
| fdf699363a | |||
| dd495a8b13 | |||
| ca57961d4b | |||
| 3923939387 | |||
| eb9c655398 | |||
| 4c2657218d | |||
| 875cfa01a3 | |||
| c0c61a41a3 | |||
| 9e74d0c16d | |||
| c8818edf0b | |||
| b270bc9367 | |||
| e1c284fc40 | |||
| debd4dceb1 | |||
| db15df57c3 | |||
| bcfe2095d5 | |||
| 69ac6eca63 | |||
| 717e3ce15e | |||
| 007ae04bf3 | |||
| c0947c5cf1 | |||
| c1d2935ad6 | |||
| 9fde0b4b2a | |||
| da7b075cc4 | |||
| 347f258b8f | |||
| 2421f867ed | |||
| 921915e92f | |||
| a4b0866293 | |||
| e10d86da4b | |||
| f160f23e9c | |||
| ca272542de | |||
| 7df9b65389 | |||
| e4af76c9c1 | |||
| f5944bf090 | |||
| 4e68da2368 | |||
| 0d6aca4e8c | |||
| 2bb0cbe599 | |||
| 339487b4d4 | |||
| 3f90e2d4f1 | |||
| b238b52fbf | |||
| 545dd7783c | |||
| f4ce1cf3b4 | |||
| 7bd12bddaa | |||
| b8e23b94d2 | |||
| 06b32b4a3d | |||
| d24bd6ba56 | |||
| d1f48cf184 |
+1
-2
@@ -8,5 +8,4 @@ INVENTAR_APP_MEM_SWAP_LIMIT=768m
|
||||
INVENTAR_WORKERS=4
|
||||
INVENTAR_THREADS=2
|
||||
INVENTAR_WORKER_TIMEOUT=30
|
||||
INVENTAR_WORKER_CONNECTIONS=100
|
||||
|
||||
INVENTAR_WORKER_CONNECTIONS=100
|
||||
@@ -1,5 +1,7 @@
|
||||
services:
|
||||
app:
|
||||
working_dir: /app/Web
|
||||
command: ["gunicorn", "app:app", "--bind", "0.0.0.0:8000", "--workers", "4", "--threads", "2", "--timeout", "30", "--graceful-timeout", "20", "--worker-connections", "100", "--max-requests", "1000", "--max-requests-jitter", "100", "--log-level", "info", "--access-logfile", "-", "--error-logfile", "-"]
|
||||
image: ghcr.io/aiirondev/legendary-octo-garbanzo:v0.7.42
|
||||
build: null
|
||||
ports:
|
||||
|
||||
@@ -556,6 +556,14 @@ sudo chmod 644 certs/inventarsystem.crt
|
||||
|
||||
## Fehlerbehebung
|
||||
|
||||
### Logs Auslesen
|
||||
|
||||
```bash
|
||||
docker logs inventarsystem-app-1
|
||||
docker exec inventarsystem-app-1 cat /data/logs/application.log | tail -n 100
|
||||
docker compose exec mongodb mongosh
|
||||
```
|
||||
|
||||
### Webserver startet nicht
|
||||
|
||||
```bash
|
||||
|
||||
+359
-206
File diff suppressed because it is too large
Load Diff
@@ -1235,5 +1235,5 @@ def reset_item_completely(item_id):
|
||||
except Exception as e:
|
||||
return {
|
||||
'success': False,
|
||||
'message': f'Fehler beim Zurücksetzen: {str(e)}'
|
||||
'message': f'Fehler beim Zurücksetzen.'
|
||||
}
|
||||
@@ -24,7 +24,7 @@ import Web.modules.database.settings as cfg
|
||||
from Web.modules.database.settings import MongoClient
|
||||
|
||||
|
||||
LIBRARY_ITEM_TYPES = ('book', 'cd', 'dvd', 'media')
|
||||
LIBRARY_ITEM_TYPES = ('book', 'cd', 'dvd', 'media', 'schulbuch')
|
||||
|
||||
|
||||
def _non_library_query(extra_query=None):
|
||||
@@ -196,7 +196,7 @@ def get_group_item_ids(id):
|
||||
|
||||
def update_item(id, name, ort, beschreibung, images=None, verfuegbar=True,
|
||||
filter=None, filter2=None, filter3=None, ansch_jahr=None, ansch_kost=None, code_4=None, reservierbar=True,
|
||||
isbn=None, item_type='general'):
|
||||
isbn=None, item_type='general', library_category=None):
|
||||
"""
|
||||
Update an existing inventory item.
|
||||
|
||||
@@ -214,7 +214,7 @@ def update_item(id, name, ort, beschreibung, images=None, verfuegbar=True,
|
||||
ansch_kost (float, optional): Cost of acquisition
|
||||
code_4 (str, optional): 4-digit identification code
|
||||
reservierbar (bool, optional): Whether the item can be reserved in advance
|
||||
|
||||
library_category (str, optional): Library category for the item
|
||||
Returns:
|
||||
bool: True if successful, False otherwise
|
||||
"""
|
||||
@@ -241,6 +241,7 @@ def update_item(id, name, ort, beschreibung, images=None, verfuegbar=True,
|
||||
'Anschaffungskosten': ansch_kost,
|
||||
'Code_4': code_4,
|
||||
'ISBN': isbn,
|
||||
'library_category': library_category,
|
||||
'ItemType': item_type,
|
||||
'LastUpdated': datetime.datetime.now()
|
||||
}
|
||||
|
||||
@@ -284,7 +284,6 @@ def _match_inventory(path):
|
||||
if path == '/' or path.startswith('/home'): return True
|
||||
return path.startswith(('/scanner', '/inventory', '/upload_admin', '/manage_filters', '/manage_locations', '/admin_borrowings', '/admin_damaged_items', '/admin/borrowings', '/admin/damaged_items'))
|
||||
|
||||
|
||||
def _match_terminplan(path):
|
||||
if not path:
|
||||
return False
|
||||
@@ -292,7 +291,7 @@ def _match_terminplan(path):
|
||||
|
||||
def _match_library(path):
|
||||
if not path: return False
|
||||
return path.startswith(('/library', '/library_', '/student_cards'))
|
||||
return path.startswith(('/library', '/library_', '/student_cards', '/admin_damaged_items', '/admin_borrowings', '/admin/library'))
|
||||
|
||||
def _match_student_cards(path):
|
||||
if not path: return False
|
||||
|
||||
+156
-76
@@ -18,9 +18,11 @@ Collection Structure:
|
||||
- Status fields: slots_used_by
|
||||
"""
|
||||
import Web.modules.database.settings as cfg
|
||||
import Web.modules.inventarsystem.data_protection as dp
|
||||
from Web.modules.database.settings import MongoClient
|
||||
from bson.objectid import ObjectId
|
||||
import datetime
|
||||
import ast
|
||||
|
||||
|
||||
def _get_tenant_db(client):
|
||||
@@ -37,8 +39,47 @@ def _active_record_query(extra_query=None):
|
||||
base_query.update(extra_query)
|
||||
return base_query
|
||||
|
||||
def _decrypt_appointment(item):
|
||||
"""Helper function to safely decrypt appointment fields back to their original types."""
|
||||
if not item:
|
||||
return item
|
||||
|
||||
try:
|
||||
if 'user' in item and item['user']:
|
||||
item['user'] = dp.decrypt_text(item['user'])
|
||||
|
||||
if 'note' in item and item['note']:
|
||||
item['note'] = dp.decrypt_text(item['note'])
|
||||
|
||||
if 'title' in item and item['title']:
|
||||
item['title'] = dp.decrypt_text(item['title'])
|
||||
|
||||
if 'mail' in item and item['mail']:
|
||||
decrypted_mail = dp.decrypt_text(item['mail'])
|
||||
try:
|
||||
item['mail'] = ast.literal_eval(decrypted_mail)
|
||||
except Exception:
|
||||
item['mail'] = decrypted_mail
|
||||
|
||||
def add(date_start: str, date_end: str, time_span: list, slots: int, slot_lenght: int, user: str, mail: list=[], note:str="", calendar_enabled: bool=False):
|
||||
if 'custom_fields' in item and item['custom_fields']:
|
||||
item['custom_fields'] = [dp.decrypt_text(field) for field in item['custom_fields']]
|
||||
|
||||
if 'slots_booked' in item and item['slots_booked']:
|
||||
# If it's a string, it was encrypted during an update execution
|
||||
if isinstance(item['slots_booked'], str):
|
||||
decrypted_slots = dp.decrypt_text(item['slots_booked'])
|
||||
try:
|
||||
item['slots_booked'] = ast.literal_eval(decrypted_slots)
|
||||
except Exception:
|
||||
item['slots_booked'] = decrypted_slots
|
||||
except Exception as e:
|
||||
print(f"Error during decryption: {e}")
|
||||
|
||||
return item
|
||||
|
||||
|
||||
def add(date_start: str, date_end: str, time_span: list, slots: int, slot_lenght: int, user: str, mail: list=[], note:str="", calendar_enabled: bool=False, title: str="", custom_fields: list = (), clients_p_slot: int=1):
|
||||
client = None
|
||||
try:
|
||||
client = MongoClient(cfg.MONGODB_HOST, cfg.MONGODB_PORT)
|
||||
db = _get_tenant_db(client)
|
||||
@@ -50,59 +91,53 @@ def add(date_start: str, date_end: str, time_span: list, slots: int, slot_lenght
|
||||
'time_span': time_span,
|
||||
'slots': slots,
|
||||
'slot_lenght': slot_lenght,
|
||||
'user': user,
|
||||
'mail': mail,
|
||||
'note': note,
|
||||
'user': dp.encrypt_text(user.strip()),
|
||||
'mail': dp.encrypt_text(str(mail)),
|
||||
'note': dp.encrypt_text(note),
|
||||
'title': dp.encrypt_text(title),
|
||||
'custom_fields': [dp.encrypt_text(str(field)) for field in custom_fields],
|
||||
'calendar_enabled': bool(calendar_enabled),
|
||||
'slots_booked': [], # -> [(start_time, name), ...]the list gets there indexes as the slot 1-defined so is can be counted without an extra variable
|
||||
'clients_per_slot': clients_p_slot,
|
||||
'slots_booked': [], # -> [(start_time, (names),(custom1, custom2,...)), ...]the list gets there indexes as the slot 1-defined so is can be counted without an extra variable
|
||||
'Created': datetime.datetime.now(),
|
||||
'LastUpdated': datetime.datetime.now()
|
||||
}
|
||||
result = items.insert_one(item)
|
||||
return result.inserted_id
|
||||
except Exception as e:
|
||||
print(f"Exception accured: {e}")
|
||||
|
||||
print(f"Exception occurred in add: {e}")
|
||||
return None
|
||||
finally:
|
||||
if client:
|
||||
client.close()
|
||||
|
||||
def get_item(id):
|
||||
"""
|
||||
Retrieve a specific appointment by its ID.
|
||||
|
||||
Args:
|
||||
id (str): ID of the appointsment to retrieve
|
||||
|
||||
Returns:
|
||||
dict: The appointment document or None if not found
|
||||
"""
|
||||
"""Retrieve a specific appointment by its ID and decrypt it."""
|
||||
client = None
|
||||
try:
|
||||
client = MongoClient(cfg.MONGODB_HOST, cfg.MONGODB_PORT)
|
||||
db = _get_tenant_db(client)
|
||||
items = db['appointments']
|
||||
item = items.find_one(_active_record_query({'_id': ObjectId(id)}))
|
||||
client.close()
|
||||
return item
|
||||
|
||||
return _decrypt_appointment(item)
|
||||
except Exception as e:
|
||||
print(f"Error retrieving item: {e}")
|
||||
return None
|
||||
finally:
|
||||
if client:
|
||||
client.close()
|
||||
|
||||
def update(id,slots_used: list):
|
||||
"""
|
||||
Update an existing appointment.
|
||||
|
||||
Args:
|
||||
id (str): ID of the item to update
|
||||
|
||||
|
||||
Returns:
|
||||
bool: True if successful, False otherwise
|
||||
"""
|
||||
def update(id, slots_used: list):
|
||||
"""Update an existing appointment's booked slots securely."""
|
||||
client = None
|
||||
try:
|
||||
client = MongoClient(cfg.MONGODB_HOST, cfg.MONGODB_PORT)
|
||||
db = _get_tenant_db(client)
|
||||
items = db['appointments']
|
||||
|
||||
update_data = {
|
||||
'slots_booked': slots_used,
|
||||
'slots_booked': dp.encrypt_text(str(slots_used)),
|
||||
'LastUpdated': datetime.datetime.now()
|
||||
}
|
||||
|
||||
@@ -111,53 +146,81 @@ def update(id,slots_used: list):
|
||||
{'$set': update_data}
|
||||
)
|
||||
|
||||
client.close()
|
||||
return result.modified_count > 0
|
||||
except Exception as e:
|
||||
print(f"Error updating item: {e}")
|
||||
return False
|
||||
|
||||
finally:
|
||||
if client:
|
||||
client.close()
|
||||
|
||||
def remove_slot(id, date_start_time, name):
|
||||
"""
|
||||
Remove a booked slot from an appointment's `slots_booked`.
|
||||
|
||||
Args:
|
||||
id (str): Appointment ID
|
||||
date_start_time: The start time value used when booking
|
||||
name (str): Name associated with the booking
|
||||
|
||||
Returns:
|
||||
bool: True if a slot was removed, False otherwise
|
||||
Remove a booked slot from an appointment's encrypted `slots_booked` list.
|
||||
|
||||
Because the array is stored as an encrypted string blob, we must decrypt,
|
||||
modify it in Python, and re-encrypt it.
|
||||
"""
|
||||
client = None
|
||||
try:
|
||||
client = MongoClient(cfg.MONGODB_HOST, cfg.MONGODB_PORT)
|
||||
db = _get_tenant_db(client)
|
||||
items = db['appointments']
|
||||
|
||||
# Attempt to pull the exact element (stored as an array/tuple)
|
||||
item = items.find_one({'_id': ObjectId(id)})
|
||||
if not item or 'slots_booked' not in item or not item['slots_booked']:
|
||||
return False
|
||||
|
||||
try:
|
||||
decrypted_slots = dp.decrypt_text(item['slots_booked'])
|
||||
slots_list = ast.literal_eval(decrypted_slots)
|
||||
except Exception as e:
|
||||
print(f"Failed to decrypt or parse slots: {e}")
|
||||
return False
|
||||
|
||||
# Structure format note: [(start_time, (names), (custom1, custom2...)), ...]
|
||||
updated_slots = []
|
||||
removed_any = False
|
||||
|
||||
for slot in slots_list:
|
||||
slot_start = slot[0]
|
||||
slot_names = slot[1]
|
||||
|
||||
|
||||
if slot_start == date_start_time and (slot_names == name or name in slot_names):
|
||||
removed_any = True
|
||||
continue
|
||||
updated_slots.append(slot)
|
||||
|
||||
if not removed_any:
|
||||
return False
|
||||
|
||||
result = items.update_one(
|
||||
{'_id': ObjectId(id)},
|
||||
{'$pull': {'slots_booked': [date_start_time, name]}}
|
||||
{
|
||||
'$set': {
|
||||
'slots_booked': dp.encrypt_text(str(updated_slots)),
|
||||
'LastUpdated': datetime.datetime.now()
|
||||
}
|
||||
}
|
||||
)
|
||||
|
||||
client.close()
|
||||
return result.modified_count > 0
|
||||
except Exception as e:
|
||||
print(f"Error removing slot: {e}")
|
||||
return False
|
||||
finally:
|
||||
if client:
|
||||
client.close()
|
||||
|
||||
|
||||
def remove(id):
|
||||
"""
|
||||
Soft-delete an appointment by setting its `Deleted` flag.
|
||||
|
||||
Args:
|
||||
id (str): Appointment ID
|
||||
|
||||
Returns:
|
||||
bool: True if the appointment was marked deleted, False otherwise
|
||||
Hard-delete an appointment plan by its ID.
|
||||
(Note: If your docstring mentions a soft-delete 'Deleted' flag,
|
||||
change items.delete_one to items.update_one with {'$set': {'Deleted': True}})
|
||||
"""
|
||||
client = None
|
||||
try:
|
||||
client = MongoClient(cfg.MONGODB_HOST, cfg.MONGODB_PORT)
|
||||
db = _get_tenant_db(client)
|
||||
@@ -165,70 +228,87 @@ def remove(id):
|
||||
|
||||
result = items.delete_one({'_id': ObjectId(id)})
|
||||
|
||||
client.close()
|
||||
return result.deleted_count > 0
|
||||
except Exception as e:
|
||||
print(f"Error removing appointment: {e}")
|
||||
return False
|
||||
finally:
|
||||
if client:
|
||||
client.close()
|
||||
|
||||
|
||||
def remove_done():
|
||||
"""removose already finisched appointments"""
|
||||
"""Remove all expired appointments whose end date is prior to today in a single call."""
|
||||
client = None
|
||||
try:
|
||||
client = MongoClient(cfg.MONGODB_HOST, cfg.MONGODB_PORT)
|
||||
db = _get_tenant_db(client)
|
||||
items = db['appointments']
|
||||
|
||||
today = datetime.date.today().strftime('%Y-%m-%d')
|
||||
removed_count = 0
|
||||
|
||||
cursor = items.find(
|
||||
result = items.delete_many(
|
||||
_active_record_query(
|
||||
{
|
||||
'date_end': {'$lt': today},
|
||||
}
|
||||
)
|
||||
).sort('date_start', 1)
|
||||
)
|
||||
|
||||
for item in cursor:
|
||||
item['_id'] = str(item.get('_id'))
|
||||
result = items.delete_one({'_id': ObjectId(item['_id'])})
|
||||
removed_count += result.deleted_count
|
||||
|
||||
client.close()
|
||||
return removed_count > 0
|
||||
return result.deleted_count > 0
|
||||
except Exception as e:
|
||||
print(f"Error removing appointment: {e}")
|
||||
print(f"Error cleaning up finished appointments: {e}")
|
||||
return False
|
||||
finally:
|
||||
if client:
|
||||
client.close()
|
||||
|
||||
|
||||
def get_upcoming_for_user(user: str, limit: int = 25):
|
||||
"""Return upcoming appointment plans for a user ordered by start date."""
|
||||
remove_done()
|
||||
"""
|
||||
Return upcoming appointment plans for a user, handling encrypted database records.
|
||||
"""
|
||||
try:
|
||||
if hasattr(globals(), 'remove_done'):
|
||||
remove_done()
|
||||
except Exception:
|
||||
pass
|
||||
|
||||
client = None
|
||||
try:
|
||||
client = MongoClient(cfg.MONGODB_HOST, cfg.MONGODB_PORT)
|
||||
db = _get_tenant_db(client)
|
||||
items = db['appointments']
|
||||
|
||||
today = datetime.date.today().strftime('%Y-%m-%d')
|
||||
target_user = str(user or '').strip()
|
||||
|
||||
cursor = items.find(
|
||||
_active_record_query(
|
||||
{
|
||||
'user': str(user or '').strip(),
|
||||
'date_end': {'$gte': today},
|
||||
}
|
||||
)
|
||||
_active_record_query({
|
||||
'date_end': {'$gte': today},
|
||||
})
|
||||
).sort('date_start', 1)
|
||||
|
||||
results = []
|
||||
for item in cursor:
|
||||
item['_id'] = str(item.get('_id'))
|
||||
results.append(item)
|
||||
decrypted_item = _decrypt_appointment(item)
|
||||
if not decrypted_item:
|
||||
continue
|
||||
|
||||
if decrypted_item.get('user', '').strip() != target_user:
|
||||
continue
|
||||
|
||||
decrypted_item['_id'] = str(decrypted_item.get('_id'))
|
||||
results.append(decrypted_item)
|
||||
|
||||
if len(results) >= max(1, int(limit)):
|
||||
break
|
||||
|
||||
client.close()
|
||||
return results
|
||||
except Exception as e:
|
||||
print(f"Error retrieving upcoming appointments: {e}")
|
||||
return []
|
||||
finally:
|
||||
if client:
|
||||
client.close()
|
||||
|
||||
|
||||
+90
-105
@@ -20,6 +20,8 @@ import string
|
||||
from bson.objectid import ObjectId
|
||||
import Web.modules.database.settings as cfg
|
||||
from Web.modules.database.settings import MongoClient
|
||||
import hmac
|
||||
import os
|
||||
|
||||
logger = logging.getLogger('app')
|
||||
logger.setLevel(logging.DEBUG)
|
||||
@@ -430,103 +432,84 @@ def check_password_strength(password):
|
||||
return True
|
||||
|
||||
|
||||
def hashing(password):
|
||||
def hashing(password, salt=None):
|
||||
"""
|
||||
Hash a password using SHA-512.
|
||||
Hasht ein Passwort mit scrypt.
|
||||
- Wenn kein Salt übergeben wird, wird ein sicherer, zufälliger Salt generiert (für neue Passwörter).
|
||||
- Format für neue Hashes: v1$<salt_hex>$<hash_hex>
|
||||
"""
|
||||
password_bytes = password.encode('utf-8') # Explizit UTF-8 für Plattformunabhängigkeit
|
||||
|
||||
Args:
|
||||
password (str): Password to hash
|
||||
|
||||
Returns:
|
||||
str: Hexadecimal digest of the hashed password
|
||||
if salt is None:
|
||||
# Neuer Benutzer / Passwortänderung -> Dynamischer Salt
|
||||
random_salt = os.urandom(16)
|
||||
hashed = hashlib.scrypt(password_bytes, salt=random_salt, n=16384, r=8, p=1)
|
||||
return f"v1${random_salt.hex()}${hashed.hex()}"
|
||||
else:
|
||||
# Bestehender Benutzer (wird zur Verifizierung aufgerufen)
|
||||
hashed = hashlib.scrypt(password_bytes, salt=salt, n=16384, r=8, p=1)
|
||||
return hashed.hex()
|
||||
|
||||
|
||||
def verify_password(provided_password, stored_password_string):
|
||||
"""
|
||||
return hashlib.sha512(password.encode()).hexdigest()
|
||||
Verifiziert ein Passwort gegen einen gespeicherten Hash-String.
|
||||
Unterstützt das alte Format (statischer Salt) und das neue Format (v1$...).
|
||||
"""
|
||||
if not stored_password_string:
|
||||
return False
|
||||
|
||||
# Überprüfung für das neue, sichere Format
|
||||
if stored_password_string.startswith("v1$"):
|
||||
try:
|
||||
_, salt_hex, hash_hex = stored_password_string.split("$")
|
||||
salt_bytes = bytes.fromhex(salt_hex)
|
||||
# Berechne den Hash des eingegebenen Passworts mit dem extrahierten Salt
|
||||
calculated_hash = hashing(provided_password, salt=salt_bytes)
|
||||
# Timing-Attack-sicherer Vergleich
|
||||
return hmac.compare_digest(calculated_hash, hash_hex)
|
||||
except (ValueError, TypeError):
|
||||
logger.error("Ungültiges Hash-Format in der Datenbank entdeckt.")
|
||||
return False
|
||||
else:
|
||||
# Abwärtskompatibilität: Altes Format mit statischem Salt b'some_salt'
|
||||
old_static_salt = b'some_salt'
|
||||
calculated_hash = hashing(provided_password, salt=old_static_salt)
|
||||
return hmac.compare_digest(calculated_hash, stored_password_string)
|
||||
|
||||
|
||||
def check_nm_pwd(username, password):
|
||||
"""
|
||||
Verify username and password combination.
|
||||
|
||||
Args:
|
||||
username (str): Username to check
|
||||
password (str): Password to verify
|
||||
|
||||
Returns:
|
||||
dict: User document if credentials are valid, None otherwise
|
||||
Überprüft die Kombination aus Benutzername und Passwort (optimiert).
|
||||
"""
|
||||
db_name, tenant_id = _resolve_request_tenant_db()
|
||||
ctx = None
|
||||
try:
|
||||
from tenant import get_tenant_context
|
||||
ctx = get_tenant_context()
|
||||
except Exception:
|
||||
ctx = None
|
||||
|
||||
if not db_name:
|
||||
if _has_tenant_configs():
|
||||
logger.warning(
|
||||
"Refusing default DB fallback for login because tenant configs exist and no tenant was resolved."
|
||||
)
|
||||
logger.warning("Default DB fallback verweigert, da Tenant-Konfigurationen existieren.")
|
||||
return None
|
||||
db_name = cfg.MONGODB_DB
|
||||
|
||||
logger.info(
|
||||
"check_nm_pwd start: username=%r tenant=%r db=%r host=%r port=%r uri=%r",
|
||||
username,
|
||||
tenant_id,
|
||||
db_name,
|
||||
cfg.MONGODB_HOST,
|
||||
cfg.MONGODB_PORT,
|
||||
getattr(cfg, 'MONGODB_URI', None),
|
||||
)
|
||||
|
||||
client = MongoClient(cfg.MONGODB_HOST, cfg.MONGODB_PORT)
|
||||
try:
|
||||
hashed_password = hashing(password)
|
||||
logger.info("check_nm_pwd password hash for username=%r: %s", username, hashed_password)
|
||||
available_dbs = []
|
||||
try:
|
||||
available_dbs = client.list_database_names()
|
||||
logger.debug("MongoDB connected. Available databases=%s", available_dbs)
|
||||
except Exception as exc:
|
||||
logger.exception("Unable to list MongoDB databases: %s", exc)
|
||||
|
||||
db = client[db_name]
|
||||
try:
|
||||
existing_collections = db.list_collection_names()
|
||||
except Exception as exc:
|
||||
logger.exception("Unable to list collections for db=%r: %s", db_name, exc)
|
||||
existing_collections = []
|
||||
logger.debug("Tenant db=%r collections=%s", db_name, existing_collections)
|
||||
|
||||
users = db['users']
|
||||
|
||||
query = {'$or': [{'Username': username}, {'username': username}]}
|
||||
logger.debug("Running user lookup on %r: %s", db_name, query)
|
||||
user_record = users.find_one(query)
|
||||
|
||||
if user_record is None:
|
||||
logger.warning("No user document found in db=%r for username=%r", db_name, username)
|
||||
if db_name not in available_dbs:
|
||||
logger.warning("Tenant database %r is missing from available MongoDB databases", db_name)
|
||||
if 'users' not in existing_collections:
|
||||
logger.warning("Tenant database %r has no users collection", db_name)
|
||||
logger.warning("Kein Benutzer für %r in DB %r gefunden.", username, db_name)
|
||||
return None
|
||||
|
||||
logger.info("Found user document for username=%r in db=%r: %s", username, db_name, user_record)
|
||||
stored_password = user_record.get('Password') or user_record.get('password')
|
||||
if stored_password is None:
|
||||
logger.warning("User document for username=%r in db=%r has no password field", username, db_name)
|
||||
|
||||
if not verify_password(password, stored_password):
|
||||
logger.warning("Falsches Passwort für Benutzer %r in DB %r.", username, db_name)
|
||||
return None
|
||||
|
||||
if stored_password != hashed_password:
|
||||
logger.warning(
|
||||
"Password mismatch for username=%r in db=%r: provided_hash=%s stored_hash=%s",
|
||||
username,
|
||||
db_name,
|
||||
hashed_password,
|
||||
stored_password,
|
||||
)
|
||||
return None
|
||||
# Automatische Migration alter Hashes auf das neue Format
|
||||
if not stored_password.startswith("v1$"):
|
||||
users.update_one({'_id': user_record['_id']}, {'$set': {'Password': hashing(password)}})
|
||||
|
||||
return user_record
|
||||
finally:
|
||||
@@ -556,44 +539,46 @@ def add_user(
|
||||
bool: True if user was added successfully, False if password was too weak
|
||||
"""
|
||||
client = MongoClient(cfg.MONGODB_HOST, cfg.MONGODB_PORT)
|
||||
db = _get_tenant_db(client)
|
||||
users = db['users']
|
||||
if not check_password_strength(password):
|
||||
return False
|
||||
permission_defaults = build_default_permission_payload(permission_preset)
|
||||
if isinstance(action_permissions, dict):
|
||||
for key, value in action_permissions.items():
|
||||
permission_defaults['actions'][str(key)] = bool(value)
|
||||
if isinstance(page_permissions, dict):
|
||||
for key, value in page_permissions.items():
|
||||
permission_defaults['pages'][str(key)] = bool(value)
|
||||
try:
|
||||
db = _get_tenant_db(client)
|
||||
users = db['users']
|
||||
if not check_password_strength(password):
|
||||
return False
|
||||
permission_defaults = build_default_permission_payload(permission_preset)
|
||||
if isinstance(action_permissions, dict):
|
||||
for key, value in action_permissions.items():
|
||||
permission_defaults['actions'][str(key)] = bool(value)
|
||||
if isinstance(page_permissions, dict):
|
||||
for key, value in page_permissions.items():
|
||||
permission_defaults['pages'][str(key)] = bool(value)
|
||||
|
||||
user_doc = {
|
||||
'Username': username,
|
||||
'Password': hashing(password),
|
||||
'Admin': False,
|
||||
'active_ausleihung': None,
|
||||
'name': name.strip() if name else '',
|
||||
'last_name': last_name.strip() if last_name else '',
|
||||
'IsStudent': bool(is_student),
|
||||
'PermissionPreset': permission_defaults['preset'],
|
||||
'ActionPermissions': permission_defaults['actions'],
|
||||
'PagePermissions': permission_defaults['pages'],
|
||||
}
|
||||
user_doc = {
|
||||
'Username': username,
|
||||
'Password': hashing(password),
|
||||
'Admin': False,
|
||||
'active_ausleihung': None,
|
||||
'name': name.strip() if name else '',
|
||||
'last_name': last_name.strip() if last_name else '',
|
||||
'IsStudent': bool(is_student),
|
||||
'PermissionPreset': permission_defaults['preset'],
|
||||
'ActionPermissions': permission_defaults['actions'],
|
||||
'PagePermissions': permission_defaults['pages'],
|
||||
}
|
||||
|
||||
normalized_card = normalize_student_card_id(student_card_id)
|
||||
if bool(is_student):
|
||||
if normalized_card:
|
||||
user_doc['StudentCardId'] = normalized_card
|
||||
if max_borrow_days is not None:
|
||||
try:
|
||||
user_doc['MaxBorrowDays'] = int(max_borrow_days)
|
||||
except (TypeError, ValueError):
|
||||
pass
|
||||
normalized_card = normalize_student_card_id(student_card_id)
|
||||
if bool(is_student):
|
||||
if normalized_card:
|
||||
user_doc['StudentCardId'] = normalized_card
|
||||
if max_borrow_days is not None:
|
||||
try:
|
||||
user_doc['MaxBorrowDays'] = int(max_borrow_days)
|
||||
except (TypeError, ValueError):
|
||||
pass
|
||||
|
||||
users.insert_one(user_doc)
|
||||
client.close()
|
||||
return True
|
||||
users.insert_one(user_doc)
|
||||
return True
|
||||
finally:
|
||||
client.close()
|
||||
|
||||
|
||||
def student_card_exists(student_card_id):
|
||||
|
||||
@@ -10,6 +10,7 @@ import hashlib
|
||||
import json
|
||||
import random
|
||||
import time
|
||||
from Web.modules.inventarsystem.data_protection import encrypt_document_fields, decrypt_document_fields
|
||||
|
||||
from pymongo.errors import DuplicateKeyError
|
||||
|
||||
@@ -24,21 +25,34 @@ def _entry_hash(prev_hash, payload):
|
||||
base = f"{prev_hash}|{_stable_json(payload)}"
|
||||
return hashlib.sha256(base.encode("utf-8")).hexdigest()
|
||||
|
||||
|
||||
def append_audit_event(db, event_type, actor, payload, request_ip=None, source="web", max_retries=5):
|
||||
def get_decrypted_audit_logs(db, query=None, decrypt_fields=None):
|
||||
"""
|
||||
Append an audit event to a tamper-evident chain.
|
||||
|
||||
Retrieve and decrypt audit logs for analysis.
|
||||
|
||||
Args:
|
||||
db: MongoDB database handle.
|
||||
event_type (str): Event category.
|
||||
actor (str): User/system who performed the action.
|
||||
payload (dict): Event details.
|
||||
request_ip (str, optional): Request origin.
|
||||
source (str): Source subsystem.
|
||||
query (dict): MongoDB query filter.
|
||||
decrypt_fields (list): Fields within the 'payload' that should be decrypted.
|
||||
"""
|
||||
logs = db["audit_log"]
|
||||
cursor = logs.find(query or {}).sort("chain_index", 1)
|
||||
|
||||
results = []
|
||||
for entry in cursor:
|
||||
# Decrypt specific fields if provided
|
||||
if decrypt_fields:
|
||||
decrypt_document_fields(entry.get("payload", {}), decrypt_fields)
|
||||
results.append(entry)
|
||||
|
||||
return results
|
||||
|
||||
Returns:
|
||||
dict: Inserted audit entry.
|
||||
|
||||
def append_audit_event(db, event_type, actor, payload, request_ip=None, source="web", max_retries=5, encrypt_fields=None):
|
||||
"""
|
||||
Append an audit event, optionally encrypting specific payload fields.
|
||||
|
||||
Args:
|
||||
...
|
||||
encrypt_fields (list, optional): List of keys in 'payload' to encrypt.
|
||||
"""
|
||||
logs = db["audit_log"]
|
||||
attempts = 0
|
||||
@@ -49,15 +63,24 @@ def append_audit_event(db, event_type, actor, payload, request_ip=None, source="
|
||||
chain_index = int(previous.get("chain_index", 0)) + 1 if previous else 1
|
||||
|
||||
timestamp = datetime.datetime.utcnow()
|
||||
|
||||
# 1. Create the payload dictionary
|
||||
event_payload = payload or {}
|
||||
|
||||
# 2. Encrypt sensitive fields in-place if requested
|
||||
if encrypt_fields:
|
||||
encrypt_document_fields(event_payload, encrypt_fields)
|
||||
|
||||
entry_payload = {
|
||||
"event_type": event_type,
|
||||
"actor": actor or "system",
|
||||
"source": source,
|
||||
"ip": request_ip or "",
|
||||
"payload": payload or {},
|
||||
"payload": event_payload,
|
||||
"timestamp": timestamp.isoformat() + "Z",
|
||||
}
|
||||
|
||||
# 3. Hash the payload (which now contains encrypted values)
|
||||
entry_hash = _entry_hash(prev_hash, entry_payload)
|
||||
|
||||
entry = {
|
||||
|
||||
@@ -21,7 +21,7 @@ def log_status_change(ausleihung_id, old_status, new_status, user=None):
|
||||
ausleihung_id: Die ID der Ausleihung
|
||||
old_status: Der alte Status
|
||||
new_status: Der neue Status
|
||||
user: Der Benutzer, der die Änderung vorgenommen hat (optional)
|
||||
|
||||
"""
|
||||
try:
|
||||
# Erstelle Log-Verzeichnis, falls es nicht existiert
|
||||
@@ -34,10 +34,9 @@ def log_status_change(ausleihung_id, old_status, new_status, user=None):
|
||||
|
||||
# Protokolliere die Änderung
|
||||
timestamp = datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S')
|
||||
user_info = f" by {user}" if user else ""
|
||||
|
||||
with open(log_file, 'a', encoding='utf-8') as f:
|
||||
f.write(f"{timestamp}: Ausleihung {ausleihung_id} - Status changed from '{old_status}' to '{new_status}'{user_info}\n")
|
||||
f.write(f"{timestamp}: Ausleihung {ausleihung_id} - Status changed from '{old_status}' to '{new_status}'\n")
|
||||
|
||||
return True
|
||||
except Exception as e:
|
||||
|
||||
@@ -8,6 +8,7 @@ import Web.modules.emailservice.email as mail_service
|
||||
import Web.modules.database.termine as termin
|
||||
import Web.modules.database.settings as cfg
|
||||
from Web.tenant import get_tenant_context
|
||||
import Web.modules.inventarsystem.data_protection as dp
|
||||
|
||||
|
||||
def _resolve_public_base_url() -> str:
|
||||
@@ -99,8 +100,11 @@ def build_calendar_ics(appointment_id: str) -> str | None:
|
||||
return None
|
||||
|
||||
uid = f"terminplaner-{appointment_id}@invario.eu"
|
||||
created_at = datetime.datetime.utcnow().strftime('%Y%m%dT%H%M%SZ')
|
||||
summary = f"Terminplan für {creator}"
|
||||
|
||||
created_at = datetime.datetime.now(datetime.timezone.utc).strftime('%Y%m%dT%H%M%SZ')
|
||||
|
||||
summary = titel if titel else f"Terminplan für {creator}"
|
||||
|
||||
description_lines = [
|
||||
f"Buchungslink: {link}",
|
||||
f"Zeitraum: {date_start} bis {date_end}",
|
||||
@@ -109,7 +113,7 @@ def build_calendar_ics(appointment_id: str) -> str | None:
|
||||
description_lines.append('Zeitfenster: ' + '; '.join(str(entry) for entry in time_span))
|
||||
if note:
|
||||
description_lines.append('Notiz: ' + str(note))
|
||||
if titel:
|
||||
if titel and not summary == titel:
|
||||
description_lines.append('Titel: ' + str(titel))
|
||||
|
||||
ics_lines = [
|
||||
@@ -125,8 +129,7 @@ def build_calendar_ics(appointment_id: str) -> str | None:
|
||||
f'DESCRIPTION:{_escape_ics_text(chr(10).join(description_lines))}',
|
||||
f'URL:{_escape_ics_text(link)}',
|
||||
f'DTSTART;VALUE=DATE:{_format_ics_date(start_date)}',
|
||||
f'DTEND;VALUE=DATE:{_format_ics_date(end_date + timedelta(days=1))}',
|
||||
f'Titel:{_escape_ics_text(titel)}',
|
||||
f'DTEND;VALUE=DATE:{_format_ics_date(end_date + datetime.timedelta(days=1))}',
|
||||
'END:VEVENT',
|
||||
'END:VCALENDAR',
|
||||
'',
|
||||
@@ -146,9 +149,10 @@ def build_client_slot_ics(appointment_id: str, slot_start: str, client_name: str
|
||||
return None
|
||||
|
||||
try:
|
||||
slot_minutes = int(item.get('slot_lenght') or 0)
|
||||
slot_minutes = int(item.get('slot_length') or item.get('slot_lenght') or 0)
|
||||
except Exception:
|
||||
slot_minutes = 0
|
||||
|
||||
if slot_minutes <= 0:
|
||||
slot_minutes = 45
|
||||
|
||||
@@ -171,7 +175,7 @@ def build_client_slot_ics(appointment_id: str, slot_start: str, client_name: str
|
||||
]
|
||||
|
||||
uid = f"terminplaner-slot-{appointment_id}-{start_dt.strftime('%Y%m%d%H%M')}@invario.eu"
|
||||
created_at = datetime.datetime.utcnow().strftime('%Y%m%dT%H%M%SZ')
|
||||
created_at = datetime.datetime.now(datetime.timezone.utc).strftime('%Y%m%dT%H%M%SZ')
|
||||
dt_start = start_dt.strftime('%Y%m%dT%H%M%S')
|
||||
dt_end = end_dt.strftime('%Y%m%dT%H%M%S')
|
||||
|
||||
@@ -197,23 +201,29 @@ def build_client_slot_ics(appointment_id: str, slot_start: str, client_name: str
|
||||
return '\r\n'.join(ics_lines)
|
||||
|
||||
|
||||
def new(date_start: str, date_end: str, time_span: list, slots: int, slot_lenght: int, user: str, mail: list=[], note:str="", calendar_enabled: bool=False, title: str="") -> dict:
|
||||
def new(date_start: str, date_end: str, time_span: list, slots, slot_length, user: str, mail: list=None, note:str="", calendar_enabled: bool=False, title: str="", custom_fields: list = (), clients_per_slot: int=1) -> dict:
|
||||
"""
|
||||
Generates a link for the executive to send to his clients to book a time Slot
|
||||
|
||||
Input:
|
||||
- date_start: start of the time frae area
|
||||
- date_end: end of the time frame area
|
||||
- time_span: Time window for the days as a list [(first day Time Frame), (second day Time frame), (third etc.)]
|
||||
- slots: amount of slots that are available
|
||||
- slot_lenght: the lenght of a slot in minutes
|
||||
|
||||
Output:
|
||||
- link: The link for the user to send to the clients
|
||||
"""
|
||||
try:
|
||||
slots_int = int(slots)
|
||||
except (ValueError, TypeError):
|
||||
slots_int = 0
|
||||
|
||||
try:
|
||||
custom_fields.pop(-1)
|
||||
except :
|
||||
pass
|
||||
|
||||
try:
|
||||
slot_length_int = int(slot_length)
|
||||
except (ValueError, TypeError):
|
||||
slot_length_int = 45
|
||||
|
||||
normalized_time_span = _normalize_time_span(time_span)
|
||||
normalized_mail = _normalize_mail_list(mail)
|
||||
id = termin.add(date_start, date_end, normalized_time_span, slots, slot_lenght, user, normalized_mail, note, calendar_enabled=calendar_enabled, title=title)
|
||||
normalized_mail = _normalize_mail_list(mail or [])
|
||||
|
||||
id = termin.add(date_start, date_end, normalized_time_span, slots_int, slot_length_int, user, normalized_mail, note, calendar_enabled=calendar_enabled, title=title, custom_fields=custom_fields, clients_p_slot=clients_per_slot)
|
||||
id_str = str(id)
|
||||
tenant_id = _current_tenant_id()
|
||||
|
||||
@@ -224,9 +234,11 @@ def new(date_start: str, date_end: str, time_span: list, slots: int, slot_lenght
|
||||
link = host + "/terminplaner/client/" + id_str
|
||||
if tenant_id:
|
||||
link += f"?tenant={tenant_id}"
|
||||
|
||||
subject = f"{title} - Bitte Termin vereinbaren" if title else f"Terminanfrage von {user} - Bitte Termin vereinbaren"
|
||||
note_link = note + f"Bitte klicken sie auf den folgenden Link um einen Termin zu vereinbaren: {link}"
|
||||
calendar_link = None
|
||||
|
||||
if calendar_enabled:
|
||||
try:
|
||||
calendar_link = url_for('terminplaner.calendar_export', appointment_id=id_str, tenant=tenant_id or None, _external=True)
|
||||
@@ -250,20 +262,8 @@ def new(date_start: str, date_end: str, time_span: list, slots: int, slot_lenght
|
||||
}
|
||||
|
||||
|
||||
def book_slot(id, date_start_time, name):
|
||||
"""
|
||||
Updates slot for the booking per a id
|
||||
|
||||
Input:
|
||||
- id: the id is the id you get from the
|
||||
- date_start_time: the date of the booking that was selected with date and time
|
||||
- name: name that the client gave himself
|
||||
|
||||
Output:
|
||||
- bool: if worked or not
|
||||
"""
|
||||
def book_slot(id, date_start_time, name, custom: tuple = ()):
|
||||
try:
|
||||
# Retrieve the current appointment
|
||||
item = termin.get_item(id)
|
||||
if not item:
|
||||
return False
|
||||
@@ -272,40 +272,44 @@ def book_slot(id, date_start_time, name):
|
||||
if not isinstance(slots, list):
|
||||
slots = []
|
||||
|
||||
# 1. Check overall total booking capacity
|
||||
capacity = int(item.get('slots', 0) or 0)
|
||||
if capacity and len(slots) >= capacity:
|
||||
return False
|
||||
|
||||
# 2. Prevent the exact same user from double-booking the exact same slot
|
||||
for existing in slots:
|
||||
if isinstance(existing, (list, tuple)) and len(existing) >= 2:
|
||||
if existing[0] == date_start_time and existing[1] == name:
|
||||
return False
|
||||
|
||||
# Append the new booking as a tuple (start_time, name)
|
||||
slots.append((date_start_time, name))
|
||||
# 3. Check concurrent capacity for this specific time slot
|
||||
clients_per_slot = int(item.get('clients_per_slot', 1) or 1)
|
||||
bookings_at_time = sum(
|
||||
1 for existing in slots
|
||||
if isinstance(existing, (list, tuple)) and len(existing) > 0 and existing[0] == date_start_time
|
||||
)
|
||||
|
||||
if bookings_at_time >= clients_per_slot:
|
||||
return False
|
||||
|
||||
# Update the appointment in the database
|
||||
# Append the new booking successfully
|
||||
slots.append((date_start_time, name, custom))
|
||||
success = termin.update(id, slots)
|
||||
return bool(success)
|
||||
|
||||
except Exception as e:
|
||||
print(f"Error booking slot: {e}")
|
||||
return False
|
||||
|
||||
|
||||
def remove_slot(id, date_start_time, name):
|
||||
"""
|
||||
Remove a booked slot for an appointment.
|
||||
|
||||
Returns True if the removal succeeded, False otherwise.
|
||||
"""
|
||||
try:
|
||||
# Prefer DB-level remove if available
|
||||
if hasattr(termin, 'remove_slot'):
|
||||
removed = termin.remove_slot(id, date_start_time, name)
|
||||
if removed:
|
||||
return True
|
||||
|
||||
# Fallback: fetch, filter, and replace the slot list
|
||||
item = termin.get_item(id)
|
||||
if not item:
|
||||
return False
|
||||
@@ -314,7 +318,6 @@ def remove_slot(id, date_start_time, name):
|
||||
new_slots = []
|
||||
for s in slots:
|
||||
try:
|
||||
# s may be list or tuple like [start_time, name]
|
||||
if isinstance(s, (list, tuple)) and len(s) >= 2 and s[0] == date_start_time and s[1] == name:
|
||||
continue
|
||||
except Exception:
|
||||
@@ -329,9 +332,6 @@ def remove_slot(id, date_start_time, name):
|
||||
|
||||
|
||||
def remove_appointment(id):
|
||||
"""
|
||||
Remove an entire appointment by id.
|
||||
"""
|
||||
try:
|
||||
return bool(termin.remove(id))
|
||||
except Exception as e:
|
||||
@@ -339,17 +339,6 @@ def remove_appointment(id):
|
||||
return False
|
||||
|
||||
def get_available(id):
|
||||
"""
|
||||
Gets the available time slots -> more over it returns the time frame and the allready booked slots also the lenght.
|
||||
And checks if there are slots left.
|
||||
|
||||
Input:
|
||||
- id: id of the appointment
|
||||
|
||||
Output:
|
||||
- dict: all the needet information -> [Start_date, End_date, (first day Time Frame,
|
||||
second day Time frame, third etc.), slot lenght, (bookedslots -> list)]
|
||||
"""
|
||||
try:
|
||||
termin_range = termin.get_item(id)
|
||||
if not termin_range:
|
||||
@@ -358,67 +347,68 @@ def get_available(id):
|
||||
date_start = termin_range.get('date_start')
|
||||
date_end = termin_range.get('date_end')
|
||||
time_span = termin_range.get('time_span', [])
|
||||
slot_lenght = termin_range.get('slot_lenght')
|
||||
total_slots = termin_range.get('slots', 0)
|
||||
# Ensure numeric fields are cast to int when stored as strings
|
||||
|
||||
# Safe integer parsing without heavy try-except blocks
|
||||
try:
|
||||
total_slots = int(termin_range.get('slots', 0) or 0)
|
||||
except Exception:
|
||||
except (ValueError, TypeError):
|
||||
total_slots = 0
|
||||
|
||||
# Support both spellings gracefully
|
||||
raw_length = termin_range.get('slot_length') or termin_range.get('slot_lenght') or 0
|
||||
try:
|
||||
slot_lenght = int(termin_range.get('slot_lenght') or 0)
|
||||
except Exception:
|
||||
slot_lenght = termin_range.get('slot_lenght')
|
||||
slot_length = int(raw_length)
|
||||
except (ValueError, TypeError):
|
||||
slot_length = raw_length
|
||||
|
||||
clients_per_slot = int(termin_range.get('clients_per_slot', 1) or 1)
|
||||
booked = termin_range.get('slots_booked', []) or []
|
||||
|
||||
# Normalize booked entries to dicts for easier consumption
|
||||
# Normalize the bookings list safely
|
||||
normalized = []
|
||||
bookings_by_time = {} # Tracks how many people are in each specific time slot
|
||||
|
||||
for s in booked:
|
||||
if isinstance(s, (list, tuple)) and len(s) >= 2:
|
||||
normalized.append({'start': s[0], 'name': s[1]})
|
||||
slot_time = s[0]
|
||||
item = {'start': slot_time, 'name': s[1]}
|
||||
elif isinstance(s, dict):
|
||||
normalized.append(s)
|
||||
slot_time = s.get('start')
|
||||
item = s
|
||||
else:
|
||||
normalized.append({'value': s})
|
||||
slot_time = str(s)
|
||||
item = {'value': s}
|
||||
|
||||
normalized.append(item)
|
||||
|
||||
# Count concurrent bookings per timestamp
|
||||
if slot_time:
|
||||
bookings_by_time[slot_time] = bookings_by_time.get(slot_time, 0) + 1
|
||||
|
||||
# Calculate remaining total capacity safely
|
||||
slots_used = len(normalized)
|
||||
try:
|
||||
slots_left = max(0, int(total_slots) - slots_used)
|
||||
except Exception:
|
||||
slots_left = max(0, slots_used - slots_used)
|
||||
slots_left = max(0, total_slots - slots_used)
|
||||
|
||||
return {
|
||||
'date_start': date_start,
|
||||
'date_end': date_end,
|
||||
'time_span': time_span,
|
||||
'slot_lenght': slot_lenght,
|
||||
'slot_length': slot_length,
|
||||
'slot_lenght': slot_length,
|
||||
'slots_total': total_slots,
|
||||
'clients_per_slot': clients_per_slot,
|
||||
'slots_booked': normalized,
|
||||
'slots_left': slots_left,
|
||||
'bookings_by_time': bookings_by_time
|
||||
}
|
||||
except Exception as e:
|
||||
print(f"Error getting available slots: {e}")
|
||||
return {}
|
||||
|
||||
def get_available_user(id):
|
||||
"""
|
||||
Gets the available time slots -> more over it returns the time frame and the allready booked slots also the lenght.
|
||||
And checks if there are slots left.
|
||||
|
||||
Input:
|
||||
- id: id of the appointment
|
||||
|
||||
Output:
|
||||
- dict: all the needet information -> [Start_date, End_date, (first day Time Frame,
|
||||
second day Time frame, third etc.), slot lenght, (bookedslots -> list)]
|
||||
"""
|
||||
return get_available(id)
|
||||
|
||||
|
||||
def get_user_upcoming_events(user: str, limit: int = 25) -> list[dict]:
|
||||
"""Return upcoming appointment plans for overview display."""
|
||||
user_name = str(user or '').strip()
|
||||
if not user_name:
|
||||
return []
|
||||
@@ -465,6 +455,7 @@ def get_user_upcoming_events(user: str, limit: int = 25) -> list[dict]:
|
||||
'link': link,
|
||||
'calendar_link': calendar_link if item.get('calendar_enabled') else None,
|
||||
'title': str(item.get('title') or ''),
|
||||
'custom_fields': list(item.get('custom_fields')),
|
||||
}
|
||||
)
|
||||
|
||||
|
||||
@@ -1,14 +1,57 @@
|
||||
from flask import Blueprint, render_template, request, session, url_for, redirect, flash
|
||||
from flask import Response
|
||||
from flask import Blueprint, render_template, request, session, url_for, redirect, flash, make_response, Response, send_file
|
||||
import Web.modules.terminplaner.backend_server as appointment_service
|
||||
import Web.modules.database.settings as cfg
|
||||
import Web.modules.database.termine as termin
|
||||
import Web.modules.database.user as us
|
||||
from Web.modules.terminplaner.backend_server import _resolve_public_base_url
|
||||
import csv
|
||||
import io
|
||||
import qrcode
|
||||
import os
|
||||
import tempfile
|
||||
from reportlab.lib.pagesizes import A4
|
||||
from reportlab.lib.styles import getSampleStyleSheet, ParagraphStyle
|
||||
from reportlab.lib.units import cm
|
||||
from reportlab.lib.colors import grey, HexColor
|
||||
from reportlab.platypus import SimpleDocTemplate, Paragraph, Spacer, Image
|
||||
|
||||
|
||||
# Create a blueprint instance
|
||||
appoint_bp = Blueprint('terminplaner', __name__)
|
||||
|
||||
|
||||
def _get_school_info_for_export():
|
||||
"""
|
||||
Get school information for PDF exports from configuration or database.
|
||||
Returns default info if not configured.
|
||||
"""
|
||||
try:
|
||||
if hasattr(cfg, 'get_school_info'):
|
||||
return cfg.get_school_info()
|
||||
|
||||
school_info = {
|
||||
'name': 'Schulname',
|
||||
'address': 'Schuladresse',
|
||||
'postal_code': 'PLZ',
|
||||
'city': 'Stadt',
|
||||
'school_number': '000000',
|
||||
'it_admin': 'IT-Beauftragter/in',
|
||||
'logo_path': '',
|
||||
}
|
||||
return school_info
|
||||
except Exception:
|
||||
# Return defaults if anything fails
|
||||
return {
|
||||
'name': 'Schulname',
|
||||
'address': 'Schuladresse',
|
||||
'postal_code': 'PLZ',
|
||||
'city': 'Stadt',
|
||||
'school_number': '000000',
|
||||
'it_admin': 'IT-Beauftragter/in',
|
||||
'logo_path': '',
|
||||
}
|
||||
|
||||
|
||||
def _require_module_enabled():
|
||||
if not cfg.MODULES.is_enabled('terminplan'):
|
||||
flash('Der Terminplaner ist deaktiviert.', 'info')
|
||||
@@ -34,10 +77,70 @@ def _current_tenant_id():
|
||||
pass
|
||||
return str(session.get('tenant_id', '') or '').strip()
|
||||
|
||||
@appoint_bp.route('/client/<appointment_id>/export_csv')
|
||||
def export_csv(appointment_id):
|
||||
"""
|
||||
Generiert einen CSV-Export aller Buchungen für den Ersteller.
|
||||
"""
|
||||
# 1. Berechtigungsprüfung (analog zur Client-Route)
|
||||
current_user = str(session.get('username', '') or '').strip()
|
||||
appointment_item = termin.get_item(appointment_id) or {}
|
||||
appointment_owner = str(appointment_item.get('user', '') or '').strip()
|
||||
|
||||
can_view = False
|
||||
if current_user:
|
||||
try:
|
||||
can_view = bool(us.check_admin(current_user) or current_user == appointment_owner)
|
||||
except Exception:
|
||||
can_view = bool(current_user == appointment_owner)
|
||||
|
||||
if not can_view:
|
||||
flash('Nicht autorisiert für diesen Export.', 'error')
|
||||
return redirect(url_for('terminplaner.client', appointment_id=appointment_id))
|
||||
|
||||
custom_fields = appointment_item.get('custom_fields', [])
|
||||
bookings = appointment_item.get('slots_booked', []) or []
|
||||
|
||||
# 2. CSV im Speicher erstellen
|
||||
si = io.StringIO()
|
||||
# Wir nutzen ein Semikolon als Trennzeichen – das öffnet Excel im deutschsprachigen Raum direkt fehlerfrei
|
||||
cw = csv.writer(si, delimiter=';', quoting=csv.QUOTE_MINIMAL)
|
||||
|
||||
# Tabellenkopf schreiben
|
||||
headers = ['Zeitpunkt', 'Name'] + list(custom_fields)
|
||||
cw.writerow(headers)
|
||||
|
||||
# Datenzeilen schreiben
|
||||
for booking in bookings:
|
||||
if isinstance(booking, (list, tuple)):
|
||||
row = [booking[0], booking[1]]
|
||||
|
||||
# Antworten holen und sicherstellen, dass Lücken (falls vorhanden) mit Leerstrings gefüllt werden
|
||||
answers = booking[2] if len(booking) > 2 else []
|
||||
for i in range(len(custom_fields)):
|
||||
if i < len(answers):
|
||||
row.append(answers[i])
|
||||
else:
|
||||
row.append('')
|
||||
cw.writerow(row)
|
||||
|
||||
# 3. Response vorbereiten und UTF-8-BOM für Excel mitsenden
|
||||
response_content = si.getvalue()
|
||||
output = make_response(response_content)
|
||||
|
||||
output.data = b'\xef\xbb\xbf' + output.data
|
||||
|
||||
# Dateiname generieren
|
||||
title_slug = appointment_item.get('title', 'export').replace(' ', '_')
|
||||
output.headers["Content-Disposition"] = f"attachment; filename=buchungen_{title_slug}.csv"
|
||||
output.headers["Content-Type"] = "text/csv; charset=utf-8"
|
||||
|
||||
return output
|
||||
|
||||
@appoint_bp.route('/client/<appointment_id>', methods=['POST', 'GET'])
|
||||
def client(appointment_id):
|
||||
"""
|
||||
The Route for the terminplaner to work with the client
|
||||
The Route for the terminplaner to work with the client and allow owners to manage it.
|
||||
"""
|
||||
guard = _require_module_enabled()
|
||||
if guard:
|
||||
@@ -50,6 +153,10 @@ def client(appointment_id):
|
||||
current_user = str(session.get('username', '') or '').strip()
|
||||
appointment_item = termin.get_item(appointment_id) or {}
|
||||
appointment_owner = str(appointment_item.get('user', '') or '').strip()
|
||||
|
||||
custom_fields = appointment_item.get('custom_fields', [])
|
||||
|
||||
# Permissions check
|
||||
can_view_booking_names = False
|
||||
if current_user:
|
||||
try:
|
||||
@@ -57,6 +164,7 @@ def client(appointment_id):
|
||||
except Exception:
|
||||
can_view_booking_names = bool(current_user == appointment_owner)
|
||||
|
||||
# Sanitize data for public/client view
|
||||
available_for_view = dict(available)
|
||||
if not can_view_booking_names:
|
||||
sanitized_bookings = []
|
||||
@@ -70,31 +178,59 @@ def client(appointment_id):
|
||||
available_for_view['slots_booked'] = sanitized_bookings
|
||||
|
||||
if request.method == 'POST':
|
||||
start_daytime = request.form.get('start_day_time')
|
||||
username = request.form.get('client_name')
|
||||
if not start_daytime or not username:
|
||||
flash('Bitte Name und gewünschte Uhrzeit angeben.', 'error')
|
||||
return render_template(
|
||||
'termin_client.html',
|
||||
appointment_id=appointment_id,
|
||||
available=available_for_view,
|
||||
current_user=session.get('username', ''),
|
||||
tenant_id=_current_tenant_id(),
|
||||
can_view_booking_names=can_view_booking_names,
|
||||
)
|
||||
action = request.form.get('action', 'book')
|
||||
|
||||
if appointment_service.book_slot(appointment_id, start_daytime, username):
|
||||
return redirect(
|
||||
url_for(
|
||||
'terminplaner.client_success',
|
||||
# Case 1: Admin/Owner cancels a booking
|
||||
if action == 'delete' and can_view_booking_names:
|
||||
slot_time = request.form.get('slot_time')
|
||||
client_name = request.form.get('target_client_name')
|
||||
|
||||
current_slots = appointment_item.get('slots_booked', []) or []
|
||||
|
||||
# Keep everything EXCEPT the item targeted for deletion
|
||||
updated_slots = [
|
||||
slot for slot in current_slots
|
||||
if not (isinstance(slot, (list, tuple)) and slot[0] == slot_time and slot[1] == client_name)
|
||||
]
|
||||
|
||||
if termin.update(appointment_id, updated_slots):
|
||||
flash('Buchung wurde erfolgreich gelöscht.', 'success')
|
||||
else:
|
||||
flash('Fehler beim Löschen der Buchung.', 'error')
|
||||
|
||||
return redirect(url_for('terminplaner.client', appointment_id=appointment_id, tenant=_current_tenant_id() or None))
|
||||
|
||||
# Case 2: Client books a slot
|
||||
elif action == 'book':
|
||||
start_daytime = request.form.get('start_day_time')
|
||||
username = request.form.get('client_name')
|
||||
custom_answers = tuple(request.form.getlist('custom_answers')) # Cast to tuple for DB safety
|
||||
|
||||
if not start_daytime or not username:
|
||||
flash('Bitte Name und gewünschte Uhrzeit angeben.', 'error')
|
||||
return render_template(
|
||||
'termin_client.html',
|
||||
appointment_id=appointment_id,
|
||||
tenant=_current_tenant_id() or None,
|
||||
start=start_daytime,
|
||||
name=username,
|
||||
available=available_for_view,
|
||||
current_user=session.get('username', ''),
|
||||
tenant_id=_current_tenant_id(),
|
||||
can_view_booking_names=can_view_booking_names,
|
||||
custom_fields=custom_fields,
|
||||
appointment_module_enabled=cfg.MODULES.is_enabled('terminplan')
|
||||
)
|
||||
)
|
||||
|
||||
flash('Der Termin konnte nicht gespeichert werden.', 'error')
|
||||
if appointment_service.book_slot(appointment_id, start_daytime, username, custom=custom_answers):
|
||||
return redirect(
|
||||
url_for(
|
||||
'terminplaner.client_success',
|
||||
appointment_id=appointment_id,
|
||||
tenant=_current_tenant_id() or None,
|
||||
start=start_daytime,
|
||||
name=username,
|
||||
)
|
||||
)
|
||||
|
||||
flash('Der Termin konnte nicht gespeichert werden. Eventuell ist der Slot bereits voll.', 'error')
|
||||
|
||||
return render_template(
|
||||
'termin_client.html',
|
||||
@@ -103,6 +239,9 @@ def client(appointment_id):
|
||||
current_user=session.get('username', ''),
|
||||
tenant_id=_current_tenant_id(),
|
||||
can_view_booking_names=can_view_booking_names,
|
||||
custom_fields=custom_fields,
|
||||
appointment_item=appointment_item,
|
||||
appointment_module_enabled=cfg.MODULES.is_enabled('terminplan')
|
||||
)
|
||||
|
||||
|
||||
@@ -154,7 +293,7 @@ def delete_appointment(appointment_id):
|
||||
@appoint_bp.route('/configure', methods=['GET', 'POST'])
|
||||
def configure():
|
||||
"""
|
||||
Route for authenticated persons to configure a new appointment for them
|
||||
Route for authenticated persons to configure a new appointment schedule
|
||||
"""
|
||||
guard = _require_module_enabled()
|
||||
if guard:
|
||||
@@ -169,13 +308,19 @@ def configure():
|
||||
end = request.form.get('end_date')
|
||||
time = request.form.get('time_frame')
|
||||
slots_amount = request.form.get('slots_amounts')
|
||||
slot_lenght = request.form.get('slot_lenght')
|
||||
slot_length = request.form.get('slot_length')
|
||||
mail = request.form.get('mail', '')
|
||||
note = request.form.get('note', '')
|
||||
add_to_calendar = request.form.get('add_to_calendar') == 'on'
|
||||
titel = request.form.get('titel', '').strip()
|
||||
title = request.form.get('title', '').strip()
|
||||
custom = request.form.getlist('custom_fields')
|
||||
|
||||
try:
|
||||
clients_p_slot = int(request.form.get('clients_per_slot', 1))
|
||||
except (ValueError, TypeError):
|
||||
clients_p_slot = 1
|
||||
|
||||
if not start or not end or not time or not slots_amount or not slot_lenght or not titel:
|
||||
if not start or not end or not time or not slots_amount or not slot_length or not title:
|
||||
flash('Bitte alle Pflichtfelder ausfüllen.', 'error')
|
||||
return render_template(
|
||||
'termin_configure.html',
|
||||
@@ -184,28 +329,49 @@ def configure():
|
||||
email_service_enabled=cfg.EMAIL_ENABLED,
|
||||
)
|
||||
|
||||
result = appointment_service.new(start, end, time, slots_amount, slot_lenght, session["username"], mail, note, calendar_enabled=add_to_calendar, title=titel)
|
||||
# Call the database service function (standardized to match your underlying code)
|
||||
inserted_id = appointment_service.new(
|
||||
date_start=start,
|
||||
date_end=end,
|
||||
time_span=time,
|
||||
slots=slots_amount,
|
||||
slot_length=slot_length,
|
||||
user=session["username"],
|
||||
mail=mail,
|
||||
note=note,
|
||||
calendar_enabled=add_to_calendar,
|
||||
title=title,
|
||||
custom_fields=custom,
|
||||
clients_per_slot=clients_p_slot
|
||||
)
|
||||
|
||||
if not inserted_id:
|
||||
flash('Fehler beim Erstellen des Terminplans.', 'error')
|
||||
return redirect(url_for('terminplaner.configure'))
|
||||
|
||||
flash('Der Terminplan wurde angelegt.', 'success')
|
||||
return render_template(
|
||||
'termin_configure.html',
|
||||
school_periods=cfg.SCHOOL_PERIODS,
|
||||
generated_link=result['link'],
|
||||
calendar_link=result.get('calendar_link'),
|
||||
generated_link=inserted_id['link'],
|
||||
calendar_link=None,
|
||||
add_to_calendar=add_to_calendar,
|
||||
email_service_enabled=cfg.EMAIL_ENABLED,
|
||||
title=titel,
|
||||
)
|
||||
elif request.method == "GET":
|
||||
return render_template(
|
||||
'termin_configure.html',
|
||||
school_periods=cfg.SCHOOL_PERIODS,
|
||||
generated_link=None,
|
||||
calendar_link=None,
|
||||
add_to_calendar=False,
|
||||
email_service_enabled=cfg.EMAIL_ENABLED,
|
||||
title=None,
|
||||
title=title,
|
||||
appointment_module_enabled=cfg.MODULES.is_enabled('terminplan')
|
||||
)
|
||||
|
||||
return render_template(
|
||||
'termin_configure.html',
|
||||
school_periods=cfg.SCHOOL_PERIODS,
|
||||
generated_link=None,
|
||||
calendar_link=None,
|
||||
add_to_calendar=False,
|
||||
email_service_enabled=cfg.EMAIL_ENABLED,
|
||||
title=None,
|
||||
appointment_module_enabled=cfg.MODULES.is_enabled('terminplan')
|
||||
)
|
||||
|
||||
|
||||
@appoint_bp.route('/calendar/<appointment_id>.ics', methods=['GET'])
|
||||
def calendar_export(appointment_id):
|
||||
@@ -242,6 +408,138 @@ def client_slot_calendar_export(appointment_id):
|
||||
response.headers['Content-Disposition'] = f'attachment; filename=termin-{title}-{appointment_id}-{slot_start.replace(" ", "_").replace(":", "")}.ics'
|
||||
return response
|
||||
|
||||
|
||||
@appoint_bp.route('/export_pdf_brief/<plan_id>', methods=['GET'])
|
||||
def export_pdf_brief(plan_id):
|
||||
# 1. Daten holen (Hier als Beispiel, passe dies auf deine Datenbank an)
|
||||
# terminplan = Terminplan.query.get(plan_id)
|
||||
|
||||
school_info = _get_school_info_for_export()
|
||||
|
||||
school_name = school_info.get('name', 'Schulname')
|
||||
address = school_info.get('address', 'Adresse')
|
||||
postal_code = school_info.get('postal_code', 'PLZ')
|
||||
city = school_info.get('city', 'Stadt')
|
||||
school_number = school_info.get('school_number', '000000')
|
||||
it_admin = school_info.get('it_admin', 'IT-Beauftragter/in')
|
||||
tenant_id = _current_tenant_id()
|
||||
|
||||
try:
|
||||
link = url_for('terminplaner.client', appointment_id=plan_id, tenant=tenant_id or None, _external=True)
|
||||
except Exception:
|
||||
host = _resolve_public_base_url()
|
||||
link = host + "/terminplaner/client/" + plan_id
|
||||
if tenant_id:
|
||||
link += f"?tenant={tenant_id}"
|
||||
|
||||
schul_daten = {
|
||||
"schulname": school_name,
|
||||
"strasse": address,
|
||||
"plz_ort": f"{postal_code} {city}",
|
||||
"schulnummer": school_number,
|
||||
"it_admin": it_admin
|
||||
}
|
||||
|
||||
plan_daten = {
|
||||
"titel": termin.get_item(plan_id).get('title', 'Terminplan'), # terminplan.title
|
||||
"link": link, # terminplan.link
|
||||
"notizen": termin.get_item(plan_id).get('note', '') # terminplan.note
|
||||
}
|
||||
|
||||
# 2. QR-Code Bild im temporären Ordner erstellen
|
||||
qr = qrcode.QRCode(version=1, box_size=10, border=0)
|
||||
qr.add_data(plan_daten["link"])
|
||||
qr.make(fit=True)
|
||||
img = qr.make_image(fill_color="black", back_color="white")
|
||||
|
||||
fd, qr_path = tempfile.mkstemp(suffix=".png")
|
||||
os.close(fd)
|
||||
img.save(qr_path)
|
||||
|
||||
# 3. PDF im Speicher aufbauen (BytesIO)
|
||||
pdf_buffer = io.BytesIO()
|
||||
doc = SimpleDocTemplate(
|
||||
pdf_buffer,
|
||||
pagesize=A4,
|
||||
rightMargin=2*cm,
|
||||
leftMargin=2.5*cm,
|
||||
topMargin=2.5*cm,
|
||||
bottomMargin=2*cm
|
||||
)
|
||||
|
||||
styles = getSampleStyleSheet()
|
||||
styles.add(ParagraphStyle(name='Sender', fontSize=8, textColor=grey))
|
||||
styles.add(ParagraphStyle(name='Address', fontSize=10, leading=14))
|
||||
styles.add(ParagraphStyle(name='Date', fontSize=10, alignment=2))
|
||||
styles.add(ParagraphStyle(name='Subject', fontSize=14, fontName='Helvetica-Bold', spaceAfter=16, textColor=HexColor('#0f4c5c')))
|
||||
styles.add(ParagraphStyle(name='Body', fontSize=11, leading=16, spaceAfter=12))
|
||||
styles.add(ParagraphStyle(name='Notes', fontSize=10, leading=14, textColor=HexColor("#444444")))
|
||||
|
||||
elements = []
|
||||
|
||||
# Absenderzeile
|
||||
sender_text = f"<u>{schul_daten['schulname']} • {schul_daten['strasse']} • {schul_daten['plz_ort']}</u>"
|
||||
elements.append(Paragraph(sender_text, styles['Sender']))
|
||||
elements.append(Spacer(1, 1.5*cm))
|
||||
|
||||
# Sichtfenster-Adresse (Generisch)
|
||||
elements.append(Paragraph("An die<br/>Teilnehmerinnen und Teilnehmer<br/>des Termins", styles['Address']))
|
||||
elements.append(Spacer(1, 2*cm))
|
||||
|
||||
# Datum (Hier statisch zum Test, ggf. dynamisch per datetime)
|
||||
import datetime
|
||||
heute = datetime.datetime.now().strftime("%d.%m.%Y")
|
||||
elements.append(Paragraph(f"{schul_daten['plz_ort']}, den {heute}", styles['Date']))
|
||||
elements.append(Spacer(1, 1*cm))
|
||||
|
||||
# Betreff
|
||||
elements.append(Paragraph(f"Einladung zur Terminbuchung: {plan_daten['titel']}", styles['Subject']))
|
||||
|
||||
# Text
|
||||
elements.append(Paragraph("Sehr geehrte Damen und Herren,", styles['Body']))
|
||||
elements.append(Paragraph("hiermit möchten wir Sie herzlich einladen, einen Termin für unsere anstehende Veranstaltung zu buchen. Um den Prozess für alle Beteiligten so einfach und effizient wie möglich zu gestalten, nutzen wir unser Online-Buchungssystem.", styles['Body']))
|
||||
elements.append(Spacer(1, 0.5*cm))
|
||||
|
||||
# Link
|
||||
elements.append(Paragraph("<b>Ihr persönlicher Buchungslink:</b>", styles['Body']))
|
||||
link_html = f'<a href="{plan_daten["link"]}?" color="#16697a">{plan_daten["link"]}</a>'
|
||||
elements.append(Paragraph(link_html, styles['Body']))
|
||||
|
||||
# Das vorhin erstellte QR-Code Bild einfügen
|
||||
elements.append(Spacer(1, 0.2*cm))
|
||||
elements.append(Image(qr_path, width=3*cm, height=3*cm, hAlign='LEFT'))
|
||||
elements.append(Spacer(1, 0.5*cm))
|
||||
|
||||
# Notizen (falls vorhanden)
|
||||
if plan_daten.get('notizen'):
|
||||
elements.append(Paragraph("<b>Zusätzliche Informationen zum Termin:</b>", styles['Body']))
|
||||
elements.append(Paragraph(plan_daten['notizen'], styles['Notes']))
|
||||
|
||||
elements.append(Spacer(1, 1.5*cm))
|
||||
|
||||
# Grußformel
|
||||
elements.append(Paragraph("Mit freundlichen Grüßen,", styles['Body']))
|
||||
elements.append(Spacer(1, 1.5*cm))
|
||||
elements.append(Paragraph(f"<b>{schul_daten['schulname']}</b>", styles['Body']))
|
||||
|
||||
# PDF fertigstellen
|
||||
doc.build(elements)
|
||||
|
||||
# Temporäres Bild löschen
|
||||
if os.path.exists(qr_path):
|
||||
os.remove(qr_path)
|
||||
|
||||
# Buffer auf Anfang zurücksetzen
|
||||
pdf_buffer.seek(0)
|
||||
|
||||
# An Nutzer ausliefern
|
||||
return send_file(
|
||||
pdf_buffer,
|
||||
mimetype='application/pdf',
|
||||
as_attachment=True,
|
||||
download_name=f"Einladung_{plan_daten['titel'].replace(' ', '_')}.pdf"
|
||||
)
|
||||
|
||||
@appoint_bp.route('/')
|
||||
def main():
|
||||
guard = _require_module_enabled()
|
||||
@@ -252,10 +550,12 @@ def main():
|
||||
upcoming_events = appointment_service.get_user_upcoming_events(current_user) if current_user else []
|
||||
tenant_id = _current_tenant_id()
|
||||
|
||||
|
||||
return render_template(
|
||||
'terminplaner.html',
|
||||
school_periods=cfg.SCHOOL_PERIODS,
|
||||
current_user=current_user,
|
||||
upcoming_events=upcoming_events,
|
||||
tenant_id=tenant_id,
|
||||
appointment_module_enabled=cfg.MODULES.is_enabled('terminplan')
|
||||
)
|
||||
+71
-110
@@ -13,6 +13,7 @@ import logging
|
||||
|
||||
import Web.modules.database.settings as cfg
|
||||
from Web.modules.database.settings import MongoClient
|
||||
from Web.modules.inventarsystem.data_protection import encrypt_text, decrypt_text
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
@@ -44,16 +45,22 @@ if not VAPID_PUBLIC_KEY or not VAPID_PRIVATE_KEY:
|
||||
serialization.PublicFormat.UncompressedPoint
|
||||
)
|
||||
|
||||
VAPID_PUBLIC_KEY = b64urlencode(raw_pub)
|
||||
VAPID_PUBLIC_KEY = b64urlencode(raw_pub).decode('utf-8')
|
||||
VAPID_PRIVATE_KEY = VAPID_PRIVATE_PEM
|
||||
except Exception as e:
|
||||
logger.error(f'Could not load or generate VAPID keys: {e}')
|
||||
|
||||
# Push service endpoint (typically Firebase or Web Push Service)
|
||||
PUSH_SERVICE_URL = 'https://fcm.googleapis.com/fcm/send' # Firebase Cloud Messaging
|
||||
FCM_API_KEY = os.getenv('FCM_API_KEY', '') # Firebase API key
|
||||
|
||||
|
||||
def _get_username_hash(username):
|
||||
"""Generates a deterministic hash for database lookups."""
|
||||
if not username:
|
||||
return None
|
||||
return hashlib.sha256(username.encode('utf-8')).hexdigest()
|
||||
|
||||
|
||||
def get_push_subscriptions_collection(db=None):
|
||||
"""Get MongoDB push subscriptions collection"""
|
||||
if db is None:
|
||||
@@ -64,71 +71,68 @@ def get_push_subscriptions_collection(db=None):
|
||||
|
||||
def get_user_subscriptions(username):
|
||||
"""
|
||||
Get all active push subscriptions for a user
|
||||
|
||||
Args:
|
||||
username (str): Username
|
||||
|
||||
Returns:
|
||||
list: List of subscription documents
|
||||
Get all active push subscriptions for a user, decrypting data on the fly.
|
||||
"""
|
||||
try:
|
||||
client = MongoClient(cfg.MONGODB_HOST, cfg.MONGODB_PORT)
|
||||
db = client[cfg.MONGODB_DB]
|
||||
subs_col = get_push_subscriptions_collection(db)
|
||||
|
||||
subscriptions = list(subs_col.find({
|
||||
'Username': username,
|
||||
# Query using the deterministic hash, NOT the encrypted text directly
|
||||
user_hash = _get_username_hash(username)
|
||||
|
||||
encrypted_subscriptions = list(subs_col.find({
|
||||
'UsernameHash': user_hash,
|
||||
'IsActive': True
|
||||
}))
|
||||
|
||||
client.close()
|
||||
return subscriptions
|
||||
|
||||
# Decrypt endpoints and keys before returning
|
||||
decrypted_subs = []
|
||||
for sub in encrypted_subscriptions:
|
||||
try:
|
||||
sub['Endpoint'] = decrypt_text(sub.get('Endpoint'))
|
||||
|
||||
# Keys are stored as encrypted JSON strings
|
||||
decrypted_keys_str = decrypt_text(sub.get('Keys'))
|
||||
sub['Keys'] = json.loads(decrypted_keys_str) if decrypted_keys_str else {}
|
||||
|
||||
decrypted_subs.append(sub)
|
||||
except Exception as e:
|
||||
logger.error(f"Failed to decrypt subscription payload for hash {user_hash}: {e}")
|
||||
|
||||
return decrypted_subs
|
||||
except Exception as e:
|
||||
logger.error(f'Error getting push subscriptions for {username}: {e}')
|
||||
logger.error(f'Error getting push subscriptions for user: {e}')
|
||||
return []
|
||||
|
||||
|
||||
def save_push_subscription(username, subscription_obj):
|
||||
"""
|
||||
Save a new push subscription for a user
|
||||
|
||||
Args:
|
||||
username (str): Username
|
||||
subscription_obj (dict): Subscription object from Service Worker
|
||||
{
|
||||
'endpoint': 'https://...',
|
||||
'keys': {
|
||||
'p256dh': '...',
|
||||
'auth': '...'
|
||||
}
|
||||
}
|
||||
|
||||
Returns:
|
||||
bool: Success status
|
||||
Save a new push subscription for a user with field-level encryption.
|
||||
"""
|
||||
try:
|
||||
if not subscription_obj.get('endpoint'):
|
||||
logger.warning(f'Invalid subscription object for {username}')
|
||||
endpoint = subscription_obj.get('endpoint')
|
||||
if not endpoint:
|
||||
logger.warning('Invalid subscription object: missing endpoint')
|
||||
return False
|
||||
|
||||
client = MongoClient(cfg.MONGODB_HOST, cfg.MONGODB_PORT)
|
||||
db = client[cfg.MONGODB_DB]
|
||||
subs_col = get_push_subscriptions_collection(db)
|
||||
|
||||
# Create unique hash of subscription to avoid duplicates
|
||||
sub_hash = hashlib.md5(
|
||||
f"{username}:{subscription_obj['endpoint']}".encode()
|
||||
# Create unique hash of subscription using plaintext data to avoid duplicates
|
||||
sub_hash = hashlib.shake_256(
|
||||
f"{username}:{endpoint}".encode('utf-8')
|
||||
).hexdigest()
|
||||
|
||||
# Check if subscription already exists
|
||||
# Check if subscription already exists by Hash
|
||||
existing = subs_col.find_one({
|
||||
'Username': username,
|
||||
'SubscriptionHash': sub_hash
|
||||
})
|
||||
|
||||
if existing:
|
||||
# Update last used time
|
||||
subs_col.update_one(
|
||||
{'_id': existing['_id']},
|
||||
{'$set': {
|
||||
@@ -136,15 +140,19 @@ def save_push_subscription(username, subscription_obj):
|
||||
'IsActive': True
|
||||
}}
|
||||
)
|
||||
logger.info(f'Updated existing subscription for {username}')
|
||||
logger.info('Updated existing push subscription')
|
||||
client.close()
|
||||
return True
|
||||
|
||||
# Save new subscription
|
||||
# Format keys as JSON string for your encrypt_text module
|
||||
keys_str = json.dumps(subscription_obj.get('keys', {}))
|
||||
|
||||
# Save new subscription, encrypting sensitive fields
|
||||
subscription_doc = {
|
||||
'Username': username,
|
||||
'Endpoint': subscription_obj['endpoint'],
|
||||
'Keys': subscription_obj.get('keys', {}),
|
||||
'UsernameHash': _get_username_hash(username),
|
||||
'Username': encrypt_text(username),
|
||||
'Endpoint': encrypt_text(endpoint),
|
||||
'Keys': encrypt_text(keys_str),
|
||||
'SubscriptionHash': sub_hash,
|
||||
'IsActive': True,
|
||||
'CreatedAt': datetime.datetime.now(),
|
||||
@@ -153,36 +161,31 @@ def save_push_subscription(username, subscription_obj):
|
||||
}
|
||||
|
||||
subs_col.insert_one(subscription_doc)
|
||||
logger.info(f'Saved new push subscription for {username}')
|
||||
logger.info('Saved new encrypted push subscription')
|
||||
client.close()
|
||||
return True
|
||||
|
||||
except Exception as e:
|
||||
logger.error(f'Error saving push subscription for {username}: {e}')
|
||||
logger.error(f'Error saving push subscription: {e}')
|
||||
return False
|
||||
|
||||
|
||||
def remove_push_subscription(username, endpoint):
|
||||
"""
|
||||
Remove a push subscription
|
||||
|
||||
Args:
|
||||
username (str): Username
|
||||
endpoint (str): Subscription endpoint URL
|
||||
|
||||
Returns:
|
||||
bool: Success status
|
||||
Remove a push subscription by making it inactive.
|
||||
"""
|
||||
try:
|
||||
client = MongoClient(cfg.MONGODB_HOST, cfg.MONGODB_PORT)
|
||||
db = client[cfg.MONGODB_DB]
|
||||
subs_col = get_push_subscriptions_collection(db)
|
||||
|
||||
# Recreate the deterministic hash to find the specific subscription
|
||||
sub_hash = hashlib.shake_256(
|
||||
f"{username}:{endpoint}".encode('utf-8')
|
||||
).hexdigest()
|
||||
|
||||
result = subs_col.update_one(
|
||||
{
|
||||
'Username': username,
|
||||
'Endpoint': endpoint
|
||||
},
|
||||
{'SubscriptionHash': sub_hash},
|
||||
{'$set': {'IsActive': False}}
|
||||
)
|
||||
|
||||
@@ -190,31 +193,19 @@ def remove_push_subscription(username, endpoint):
|
||||
return result.modified_count > 0
|
||||
|
||||
except Exception as e:
|
||||
logger.error(f'Error removing push subscription for {username}: {e}')
|
||||
logger.error(f'Error removing push subscription: {e}')
|
||||
return False
|
||||
|
||||
|
||||
def send_push_notification(username, title, body, icon=None, url='/', reference=None, tag='notification'):
|
||||
"""
|
||||
Send a push notification to all user's subscriptions
|
||||
|
||||
Args:
|
||||
username (str): Target username
|
||||
title (str): Notification title
|
||||
body (str): Notification body
|
||||
icon (str, optional): Icon URL
|
||||
url (str, optional): URL to open on click
|
||||
reference (dict, optional): Reference data (item_id, etc)
|
||||
tag (str, optional): Notification tag for grouping
|
||||
|
||||
Returns:
|
||||
int: Number of successfully sent notifications
|
||||
Send a push notification to all user's subscriptions.
|
||||
"""
|
||||
try:
|
||||
subscriptions = get_user_subscriptions(username)
|
||||
|
||||
if not subscriptions:
|
||||
logger.debug(f'No active push subscriptions for {username}')
|
||||
logger.debug('No active push subscriptions for user')
|
||||
return 0
|
||||
|
||||
sent_count = 0
|
||||
@@ -232,19 +223,18 @@ def send_push_notification(username, title, body, icon=None, url='/', reference=
|
||||
if success:
|
||||
sent_count += 1
|
||||
else:
|
||||
# Mark subscription as inactive if send fails
|
||||
_mark_subscription_inactive(subscription['_id'])
|
||||
|
||||
logger.info(f'Sent push notification to {username}: {sent_count}/{len(subscriptions)} subscriptions')
|
||||
logger.info(f'Sent push notification: {sent_count}/{len(subscriptions)} subscriptions')
|
||||
return sent_count
|
||||
|
||||
except Exception as e:
|
||||
logger.error(f'Error sending push notification to {username}: {e}')
|
||||
logger.error(f'Error sending push notification: {e}')
|
||||
return 0
|
||||
|
||||
|
||||
def _send_to_subscription(subscription, title, body, icon, url, reference, tag):
|
||||
"""Send push notification to a specific subscription"""
|
||||
"""Send push notification to a specific decrypted subscription"""
|
||||
try:
|
||||
payload = {
|
||||
'title': title,
|
||||
@@ -256,20 +246,17 @@ def _send_to_subscription(subscription, title, body, icon, url, reference, tag):
|
||||
'reference': reference or {},
|
||||
}
|
||||
|
||||
# If using Firebase Cloud Messaging
|
||||
if FCM_API_KEY and subscription.get('Endpoint', '').startswith('https://fcm.'):
|
||||
return _send_fcm_notification(subscription, payload)
|
||||
|
||||
# Otherwise use standard Web Push Protocol
|
||||
return _send_web_push_notification(subscription, payload)
|
||||
|
||||
except Exception as e:
|
||||
logger.error(f'Error sending to subscription {subscription.get("_id")}: {e}')
|
||||
logger.error(f'Error sending to subscription: {e}')
|
||||
return False
|
||||
|
||||
|
||||
def _send_fcm_notification(subscription, payload):
|
||||
"""Send notification via Firebase Cloud Messaging"""
|
||||
try:
|
||||
if not FCM_API_KEY:
|
||||
logger.warning('FCM_API_KEY not configured')
|
||||
@@ -311,9 +298,7 @@ def _send_fcm_notification(subscription, payload):
|
||||
|
||||
|
||||
def _send_web_push_notification(subscription, payload):
|
||||
"""Send notification using standard Web Push Protocol"""
|
||||
try:
|
||||
# This requires pywebpush library
|
||||
from pywebpush import webpush
|
||||
|
||||
webpush(
|
||||
@@ -325,13 +310,13 @@ def _send_web_push_notification(subscription, payload):
|
||||
vapid_private_key=VAPID_PRIVATE_KEY,
|
||||
vapid_claims={'sub': VAPID_SUBJECT},
|
||||
timeout=10,
|
||||
ttl=3600 # Notification expires after 1 hour if device is offline
|
||||
ttl=3600
|
||||
)
|
||||
|
||||
return True
|
||||
|
||||
except ImportError:
|
||||
logger.warning('pywebpush not installed, install with: pip install pywebpush')
|
||||
logger.warning('pywebpush not installed. pip install pywebpush')
|
||||
return False
|
||||
except Exception as e:
|
||||
logger.error(f'Web push error: {e}')
|
||||
@@ -339,7 +324,6 @@ def _send_web_push_notification(subscription, payload):
|
||||
|
||||
|
||||
def _mark_subscription_inactive(subscription_id):
|
||||
"""Mark a subscription as inactive (e.g., after failed send)"""
|
||||
try:
|
||||
client = MongoClient(cfg.MONGODB_HOST, cfg.MONGODB_PORT)
|
||||
db = client[cfg.MONGODB_DB]
|
||||
@@ -349,37 +333,21 @@ def _mark_subscription_inactive(subscription_id):
|
||||
{'_id': ObjectId(subscription_id)},
|
||||
{'$set': {'IsActive': False}}
|
||||
)
|
||||
|
||||
client.close()
|
||||
except Exception as e:
|
||||
logger.error(f'Error marking subscription inactive: {e}')
|
||||
|
||||
|
||||
def send_push_to_all_admins(title, body, icon=None, url='/', reference=None):
|
||||
"""
|
||||
Send a push notification to all admin users
|
||||
|
||||
Args:
|
||||
title (str): Notification title
|
||||
body (str): Notification body
|
||||
icon (str, optional): Icon URL
|
||||
url (str, optional): URL to open on click
|
||||
reference (dict, optional): Reference data
|
||||
|
||||
Returns:
|
||||
int: Total notifications sent
|
||||
"""
|
||||
try:
|
||||
client = MongoClient(cfg.MONGODB_HOST, cfg.MONGODB_PORT)
|
||||
db = client[cfg.MONGODB_DB]
|
||||
users_col = db['users']
|
||||
|
||||
# Get all admin users
|
||||
admin_users = list(users_col.find(
|
||||
{'Admin': True},
|
||||
{'Username': 1}
|
||||
))
|
||||
|
||||
client.close()
|
||||
|
||||
total_sent = 0
|
||||
@@ -404,10 +372,6 @@ def send_push_to_all_admins(title, body, icon=None, url='/', reference=None):
|
||||
|
||||
|
||||
def cleanup_inactive_subscriptions():
|
||||
"""
|
||||
Remove inactive subscriptions older than 30 days
|
||||
Run this periodically as a maintenance task
|
||||
"""
|
||||
try:
|
||||
client = MongoClient(cfg.MONGODB_HOST, cfg.MONGODB_PORT)
|
||||
db = client[cfg.MONGODB_DB]
|
||||
@@ -429,22 +393,19 @@ def cleanup_inactive_subscriptions():
|
||||
return 0
|
||||
|
||||
|
||||
# Database collection schema
|
||||
def ensure_push_subscriptions_collection():
|
||||
"""Ensure the push_subscriptions collection exists with proper indexes"""
|
||||
try:
|
||||
client = MongoClient(cfg.MONGODB_HOST, cfg.MONGODB_PORT)
|
||||
db = client[cfg.MONGODB_DB]
|
||||
subs_col = get_push_subscriptions_collection(db)
|
||||
|
||||
# Create indexes
|
||||
subs_col.create_index('Username')
|
||||
subs_col.create_index([('Username', 1), ('IsActive', 1)])
|
||||
subs_col.create_index([('CreatedAt', 1)]) # TTL-like usage
|
||||
subs_col.create_index('UsernameHash')
|
||||
subs_col.create_index([('UsernameHash', 1), ('IsActive', 1)])
|
||||
subs_col.create_index([('CreatedAt', 1)])
|
||||
subs_col.create_index('SubscriptionHash', unique=True)
|
||||
|
||||
logger.info('Push subscriptions collection indexes created')
|
||||
client.close()
|
||||
|
||||
except Exception as e:
|
||||
logger.error(f'Error ensuring push subscriptions collection: {e}')
|
||||
logger.error(f'Error ensuring push subscriptions collection: {e}')
|
||||
@@ -15,3 +15,4 @@ openpyxl
|
||||
cryptography>=42.0.0
|
||||
pywebpush
|
||||
py-vapid>=1.9.0
|
||||
beautifulsoup4
|
||||
+48
-4
@@ -1144,6 +1144,17 @@
|
||||
<li class="nav-item dropdown ms-lg-auto">
|
||||
<a class="nav-link dropdown-toggle" href="#" id="termMoreDropdown" role="button" data-bs-toggle="dropdown" aria-expanded="false" title="Weitere Optionen">Mehr Optionen</a>
|
||||
<ul class="dropdown-menu dropdown-menu-end" aria-labelledby="termMoreDropdown">
|
||||
{% if 'username' in session %}
|
||||
{% if current_permissions.pages.get('tutorial_page', True) %}
|
||||
<li><a class="dropdown-item" href="{{ url_for('tutorial_page') }}">Tutorial</a></li>
|
||||
{% endif %}
|
||||
<li><a class="dropdown-item" href="{{ url_for('admin_school_settings') }}">Schulstammdaten</a></li>
|
||||
{% if current_permissions.actions.get('can_view_logs', True) and current_permissions.pages.get('admin_audit_dashboard', True) %}
|
||||
<li><a class="dropdown-item" href="{{ url_for('admin_audit_dashboard') }}">Audit Dashboard</a></li>
|
||||
{% endif %}
|
||||
<li><hr class="dropdown-divider"></li>
|
||||
{% endif %}
|
||||
|
||||
{% if current_permissions.pages.get('home', True) %}
|
||||
<li><a class="dropdown-item" href="{{ url_for('home') }}">Inventarsystem</a></li>
|
||||
{% endif %}
|
||||
@@ -1155,6 +1166,42 @@
|
||||
</ul>
|
||||
</li>
|
||||
</ul>
|
||||
<div class="d-flex">
|
||||
{% if 'username' in session %}
|
||||
<div class="function-search-wrap">
|
||||
<form class="function-search-form" data-function-search="true">
|
||||
<input
|
||||
class="function-search-input"
|
||||
type="search"
|
||||
name="function_search"
|
||||
placeholder="Funktion suchen..."
|
||||
list="function-search-options"
|
||||
autocomplete="off"
|
||||
>
|
||||
<button class="function-search-btn" type="submit">Los</button>
|
||||
</form>
|
||||
</div>
|
||||
{% if current_tenant_db %}
|
||||
<span class="navbar-text tenant-badge" title="Aktive Tenant-Datenbank">{{ current_tenant_db }}</span>
|
||||
{% endif %}
|
||||
<span class="navbar-text text-light me-3">{{ session['username'] }}</span>
|
||||
<div class="dropdown me-2 user-menu-wrap">
|
||||
<button class="btn btn-secondary dropdown-toggle user-menu-btn" type="button" id="invUserMenuDropdown" data-bs-toggle="dropdown" aria-expanded="false" data-notification-button="true">
|
||||
👤
|
||||
<span class="user-notification-dot {% if unread_notification_count and unread_notification_count > 0 %}visible{% endif %}" aria-hidden="true"></span>
|
||||
</button>
|
||||
<ul class="dropdown-menu dropdown-menu-end" aria-labelledby="invUserMenuDropdown">
|
||||
{% if current_permissions.pages.get('notifications_view', True) %}
|
||||
<li><a class="dropdown-item" href="{{ url_for('notifications_view') }}">Benachrichtigungen</a></li>
|
||||
{% endif %}
|
||||
<li><hr class="dropdown-divider"></li>
|
||||
<li><a class="dropdown-item" href="{{ url_for('change_password') }}">Passwort ändern</a></li>
|
||||
<li><hr class="dropdown-divider"></li>
|
||||
<li><a class="dropdown-item" href="{{ url_for('logout') }}">Logout</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
{% endif %}
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</nav>
|
||||
@@ -1321,10 +1368,7 @@
|
||||
{% if 'username' in session and (session.get('admin', False) or is_admin) and current_permissions.actions.get('can_manage_settings', True) %}
|
||||
<li><h6 class="dropdown-header">Bibliotheks-Verwaltung</h6></li>
|
||||
{% if current_permissions.pages.get('library_loans_admin', True) %}
|
||||
<li><a class="dropdown-item" href="{{ url_for('library_loans_admin') }}">Ausleihen</a></li>
|
||||
{% endif %}
|
||||
{% if current_permissions.pages.get('admin_damaged_items', True) %}
|
||||
<li><a class="dropdown-item" href="{{ url_for('admin_damaged_items') }}">Defekte Items</a></li>
|
||||
<li><a class="dropdown-item" href="{{ url_for('library_loans_admin') }}">Ausleihen / Defekte Items</a></li>
|
||||
{% endif %}
|
||||
{% if student_cards_module_enabled %}
|
||||
<li><a class="dropdown-item" href="{{ url_for('student_cards_admin') }}">Bibliotheksausweis</a></li>
|
||||
|
||||
@@ -1057,7 +1057,7 @@
|
||||
document.getElementById('detailModal').style.display = 'none';
|
||||
}
|
||||
|
||||
// =========================================================================
|
||||
// =========================================================================
|
||||
// 5. EVENT LISTENERS INITIALIZATION & ON-LOAD INITIALIZER
|
||||
// =========================================================================
|
||||
function wireScannerUi() {
|
||||
|
||||
@@ -28,11 +28,10 @@
|
||||
<li class="nav-item" role="presentation">
|
||||
<button class="nav-link" id="tab-legal" data-bs-toggle="tab" data-bs-target="#pane-legal"
|
||||
type="button" role="tab">Rechtsgrundlage</button>
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
<!-- ── NOTICE ────────────────────────────────────────────────────── -->
|
||||
<div class="tab-pane fade" id="pane-notice" role="tabpanel">
|
||||
<div class="tab-pane" id="pane-notice" role="tabpanel">
|
||||
<div class="license-content">
|
||||
<h2>NOTICE – Urheberrechtliche Hinweise</h2>
|
||||
<p><strong>Invario Modul Suite</strong><br>Copyright © 2026 Invario UG</p>
|
||||
@@ -59,14 +58,14 @@
|
||||
|
||||
<h4>Frontend / Laufzeit-Assets</h4>
|
||||
<ul>
|
||||
<li>html5-qrcode (MIT) © 2020-2025 Manoj Brahmbhatt (mebjas)</li>
|
||||
<li>quagga2 (MIT) © 2014 Christoph Oberhofer, © 2019 Eric Blade and contributors</li>
|
||||
</ul>
|
||||
<hr>
|
||||
</div>
|
||||
</div><!-- /#pane-notice -->
|
||||
|
||||
<!-- ── DATENSCHUTZ ───────────────────────────────────────────────── -->
|
||||
<div class="tab-pane fade" id="pane-privacy" role="tabpanel">
|
||||
<div class="tab-pane" id="pane-privacy" role="tabpanel">
|
||||
<div class="license-content">
|
||||
<h2>Datenschutzerklärung (Privacy Policy)</h2>
|
||||
|
||||
@@ -108,7 +107,7 @@
|
||||
</div><!-- /#pane-privacy -->
|
||||
|
||||
<!-- ── SICHERHEIT ────────────────────────────────────────────────── -->
|
||||
<div class="tab-pane fade" id="pane-security" role="tabpanel">
|
||||
<div class="tab-pane" id="pane-security" role="tabpanel">
|
||||
<div class="license-content">
|
||||
<h2>Sicherheitsrichtlinie (Security Policy)</h2>
|
||||
|
||||
@@ -129,7 +128,7 @@
|
||||
</div><!-- /#pane-security -->
|
||||
|
||||
<!-- ── DATENVERARBEITUNG ─────────────────────────────────────────── -->
|
||||
<div class="tab-pane fade" id="pane-data" role="tabpanel">
|
||||
<div class="tab-pane" id="pane-data" role="tabpanel">
|
||||
<div class="license-content">
|
||||
<h2>Dokumentation der Datenverarbeitung (VVT)</h2>
|
||||
|
||||
@@ -157,7 +156,7 @@
|
||||
</div><!-- /#pane-data -->
|
||||
|
||||
<!-- ── RECHTSGRUNDLAGE ───────────────────────────────────────────── -->
|
||||
<div class="tab-pane fade" id="pane-legal" role="tabpanel">
|
||||
<div class="tab-pane" id="pane-legal" role="tabpanel">
|
||||
<div class="license-content">
|
||||
<h2>Rechtsgrundlage der Nutzung</h2>
|
||||
<p>Um das Inventarsystem DSGVO-konform zu betreiben, muss der Betreiber eine der folgenden Grundlagen festlegen:</p>
|
||||
@@ -170,9 +169,6 @@
|
||||
Einwilligung vorliegen (Art. 6 Abs. 1 lit. a DSGVO).</li>
|
||||
</ol>
|
||||
</div>
|
||||
</div><!-- /#pane-legal -->
|
||||
|
||||
</div><!-- /.tab-content -->
|
||||
</div>
|
||||
</div>
|
||||
|
||||
|
||||
+274
-119
@@ -39,13 +39,19 @@
|
||||
<div class="row justify-content-center">
|
||||
<div class="col-12 col-xxl-11">
|
||||
<div class="row g-4">
|
||||
|
||||
<div class="col-12 col-lg-4">
|
||||
<div class="card border-0 shadow-lg rounded-4 h-100">
|
||||
<div class="card-body p-4 p-md-5">
|
||||
<p class="text-uppercase text-muted fw-semibold mb-2">Terminplaner</p>
|
||||
<h1 class="h3 fw-bold mb-3">Termin buchen</h1>
|
||||
<p class="text-muted mb-4">Wählen Sie im Kalender einen freien Slot aus. Den gewählten Termin können Sie danach direkt wie in einem Kalender-Block verschieben.</p>
|
||||
|
||||
{% if can_view_booking_names %}
|
||||
<h1 class="h3 fw-bold mb-3">Termin Übersicht - {{ available.title }}</h1>
|
||||
<p class="text-muted mb-4">Hier können Sie alle Buchungen, die bereits eingegangen sind, einsehen und verwalten.</p>
|
||||
{% else %}
|
||||
<h1 class="h3 fw-bold mb-3">Termin buchen - {{ available.title }}</h1>
|
||||
<p class="text-muted mb-4">Wählen Sie im Kalender einen freien Slot aus. Den gewählten Termin können Sie danach direkt wie in einem Kalender-Block verschieben.</p>
|
||||
{% endif %}
|
||||
|
||||
<div class="p-3 rounded-3 bg-light mb-3">
|
||||
<div class="fw-semibold">Zeitraum</div>
|
||||
<div>{{ available.date_start }} bis {{ available.date_end }}</div>
|
||||
@@ -58,23 +64,24 @@
|
||||
<div class="fw-semibold">Slot-Länge</div>
|
||||
<div>{{ available.slot_lenght }} Minuten</div>
|
||||
</div>
|
||||
|
||||
|
||||
{% if not can_view_booking_names %}
|
||||
<div class="p-3 rounded-3 bg-light mb-3">
|
||||
<div class="fw-semibold mb-2">Gewählter Termin</div>
|
||||
<div id="selected-slot-badge" class="text-muted small">Noch kein Slot ausgewählt.</div>
|
||||
</div>
|
||||
{% endif %}
|
||||
|
||||
{% if available.slots_booked %}
|
||||
<div class="p-3 rounded-3 bg-light">
|
||||
<div class="fw-semibold mb-2">Bereits gebucht</div>
|
||||
<ul class="mb-0 small">
|
||||
<ul class="mb-0 small text-muted">
|
||||
{% for booking in available.slots_booked %}
|
||||
<li>
|
||||
{{ booking.start }}
|
||||
{% if can_view_booking_names and booking.name %}
|
||||
- {{ booking.name }}
|
||||
{% if booking is mapping %}
|
||||
{{ booking.get('start', '') }} - Belegt
|
||||
{% else %}
|
||||
- Belegt
|
||||
{{ booking[0] }} - {% if can_view_booking_names %}<span class="fw-semibold text-dark">{{ booking[1] }}</span>{% else %}Belegt{% endif %}
|
||||
{% endif %}
|
||||
</li>
|
||||
{% endfor %}
|
||||
@@ -84,39 +91,161 @@
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="col-12 col-lg-8">
|
||||
<div class="card border-0 shadow-lg rounded-4 h-100">
|
||||
<div class="card-body p-4 p-md-5 bg-white">
|
||||
<h2 class="h4 fw-bold mb-3">Termin im Kalender auswählen</h2>
|
||||
|
||||
<div class="day-slider-wrap mb-3">
|
||||
<div class="d-flex justify-content-between align-items-center gap-2 mb-2">
|
||||
<span class="small text-muted">Tag wählen</span>
|
||||
<strong id="day-slider-label" class="small"></strong>
|
||||
|
||||
{% if can_view_booking_names %}
|
||||
<!-- ADMIN / AUTOREN ANSICHT -->
|
||||
<div class="d-flex flex-column flex-md-row justify-content-between align-items-md-center gap-3 mb-4">
|
||||
<div>
|
||||
<h2 class="h4 fw-bold mb-0">Eingegangene Buchungen</h2>
|
||||
<div class="text-muted small">Verwalten Sie die Termine Ihrer Klienten</div>
|
||||
</div>
|
||||
<div class="d-flex gap-2 align-self-start align-self-md-center">
|
||||
<!-- Neuer CSV Export Button -->
|
||||
<a href="{{ url_for('terminplaner.export_csv', appointment_id=appointment_id) }}" class="btn btn-outline-success rounded-3 d-inline-flex align-items-center gap-2">
|
||||
<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" class="bi bi-download" viewBox="0 0 16 16">
|
||||
<path d="M.5 9.9a.5.5 0 0 1 .5.5v2.5a1 1 0 0 0 1 1h12a1 1 0 0 0 1-1v2.5a.5.5 0 0 1 1 0v2.5a2 2 0 0 1-2 2H2a2 2 0 0 1-2-2v2.5a.5.5 0 0 1 .5-.5"/>
|
||||
<path d="M7.646 11.854a.5.5 0 0 0 .708 0l3-3a.5.5 0 0 0-.708-.708L8.5 10.293V1.5a.5.5 0 0 0-1 0v8.793L5.354 8.146a.5.5 0 1 0-.708.708z"/>
|
||||
</svg>
|
||||
Excel / CSV Export
|
||||
</a>
|
||||
<span class="badge bg-primary rounded-pill fs-6 px-3 d-flex align-items-center">
|
||||
{{ available.slots_total - available.slots_left }} von {{ available.slots_total }} belegt
|
||||
</span>
|
||||
</div>
|
||||
</div>
|
||||
<input id="day-slider" type="range" class="form-range m-0" min="0" max="0" value="0">
|
||||
</div>
|
||||
|
||||
<div id="client-slot-calendar" class="mb-4"></div>
|
||||
|
||||
<form id="client-booking-form" method="post" action="{{ url_for('terminplaner.client', appointment_id=appointment_id, tenant=tenant_id) }}" class="vstack gap-3">
|
||||
<div>
|
||||
<label for="start_day_time" class="form-label fw-semibold">Gewünschter Zeitpunkt</label>
|
||||
<input type="text" id="start_day_time" name="start_day_time" class="form-control form-control-lg" placeholder="Bitte im Kalender auswählen" readonly required>
|
||||
<div class="form-text">Klicken Sie auf einen freien Slot oder verschieben Sie den gewählten Block.</div>
|
||||
<div class="bg-light p-3 rounded-3 mb-4">
|
||||
<div class="row g-2 align-items-center">
|
||||
<div class="col-12 col-md-8">
|
||||
<label for="table-search" class="form-label small fw-semibold text-muted mb-1">Live-Filter (Name, Uhrzeit, Zusatzfelder...)</label>
|
||||
<input type="text" id="table-search" class="form-control form-control-lg bg-white border" placeholder="Suchbegriff eingeben...">
|
||||
</div>
|
||||
<div class="col-12 col-md-4 d-flex align-items-end h-100 mt-md-4">
|
||||
<button type="button" id="clear-filter-btn" class="btn btn-outline-secondary w-100 btn-lg">Filter zurücksetzen</button>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div>
|
||||
<label for="client_name" class="form-label fw-semibold">Ihr Name</label>
|
||||
<input type="text" id="client_name" name="client_name" class="form-control form-control-lg" placeholder="Vor- und Nachname" required>
|
||||
|
||||
{% if available.slots_booked %}
|
||||
<div class="table-responsive">
|
||||
<table class="table table-hover align-middle border-top" id="admin-booking-table">
|
||||
<thead class="table-light">
|
||||
<tr>
|
||||
<th scope="col" class="py-3">Zeitpunkt</th>
|
||||
<th scope="col" class="py-3">Name</th>
|
||||
<!-- Spaltenüberschriften für Custom Fields -->
|
||||
{% for field_label in custom_fields %}
|
||||
<th scope="col" class="py-3">{{ field_label }}</th>
|
||||
{% endfor %}
|
||||
<th scope="col" class="py-3 text-end">Aktion</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody id="booking-table-body">
|
||||
{# Wir loopen jetzt über die rohen DB-Daten statt über die beschnittene Service-Funktion #}
|
||||
{% for booking in appointment_item.get('slots_booked', []) %}
|
||||
<tr>
|
||||
<!-- 1. ZEITPUNKT -->
|
||||
<td class="fw-semibold text-primary py-3 text-nowrap">
|
||||
{{ booking[0] }}
|
||||
</td>
|
||||
|
||||
<!-- 2. CLIENT NAME -->
|
||||
<td>
|
||||
<span class="fw-bold text-dark">{{ booking[1] }}</span>
|
||||
</td>
|
||||
|
||||
<!-- 3. CUSTOM FIELDS (Präziser Index-Abgleich gegen Spaltenkopf) -->
|
||||
{% for field in custom_fields %}
|
||||
<td>
|
||||
{# Prüft ob für dieses Feld eine Antwort am exakt gleichen Index existiert #}
|
||||
{% if booking|length > 2 and booking[2] and booking[2]|length > loop.index0 %}
|
||||
{% set answer = booking[2][loop.index0] %}
|
||||
{{ answer if answer else '<span class="text-muted small">-</span>'|safe }}
|
||||
{% else %}
|
||||
<span class="text-muted small">-</span>
|
||||
{% endif %}
|
||||
</td>
|
||||
{% endfor %}
|
||||
|
||||
<!-- 4. AKTION (LÖSCHEN) -->
|
||||
<td class="text-end">
|
||||
<form method="post" action="{{ url_for('terminplaner.client', appointment_id=appointment_id, tenant=tenant_id) }}" onsubmit="return confirm('Möchten Sie diesen Termin wirklich löschen?');" class="d-inline">
|
||||
<input type="hidden" name="action" value="delete">
|
||||
<input type="hidden" name="slot_time" value="{{ booking[0] }}">
|
||||
<input type="hidden" name="target_client_name" value="{{ booking[1] }}">
|
||||
|
||||
<button type="submit" class="btn btn-sm btn-outline-danger px-3 rounded-3">
|
||||
Löschen
|
||||
</button>
|
||||
</form>
|
||||
</td>
|
||||
</tr>
|
||||
{% endfor %}
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
<div class="d-flex flex-column flex-sm-row gap-2 pt-2">
|
||||
<button type="submit" class="btn btn-primary btn-lg">Termin buchen</button>
|
||||
|
||||
<div id="no-results-msg" class="text-center py-4 text-muted d-none">
|
||||
Keine Buchungen entsprechen Ihrem Filter.
|
||||
</div>
|
||||
{% else %}
|
||||
<div class="text-center py-5 text-muted">
|
||||
<p class="mb-0">Bisher sind noch keine Buchungen für diesen Terminplaner eingegangen.</p>
|
||||
</div>
|
||||
{% endif %}
|
||||
|
||||
<div class="pt-4 border-top mt-4">
|
||||
<a class="btn btn-outline-secondary btn-lg" href="{{ url_for('terminplaner.main', tenant=tenant_id) }}">Zur Übersicht</a>
|
||||
</div>
|
||||
</form>
|
||||
|
||||
{% else %}
|
||||
<h2 class="h4 fw-bold mb-3">Termin im Kalender auswählen</h2>
|
||||
|
||||
<div class="day-slider-wrap mb-3">
|
||||
<div class="d-flex justify-content-between align-items-center gap-2 mb-2">
|
||||
<span class="small text-muted">Tag wählen</span>
|
||||
<strong id="day-slider-label" class="small"></strong>
|
||||
</div>
|
||||
<input id="day-slider" type="range" class="form-range m-0" min="0" max="0" value="0">
|
||||
</div>
|
||||
|
||||
<div id="client-slot-calendar" class="mb-4"></div>
|
||||
|
||||
<form id="client-booking-form" method="post" action="{{ url_for('terminplaner.client', appointment_id=appointment_id, tenant=tenant_id) }}" class="vstack gap-3">
|
||||
<div>
|
||||
<label for="start_day_time" class="form-label fw-semibold">Gewünschter Zeitpunkt</label>
|
||||
<input type="text" id="start_day_time" name="start_day_time" class="form-control form-control-lg" placeholder="Bitte im Kalender auswählen" readonly required>
|
||||
<div class="form-text">Klicken Sie auf einen freien Slot oder verschieben Sie den gewählten Block.</div>
|
||||
</div>
|
||||
<div>
|
||||
<label for="client_name" class="form-label fw-semibold">Ihr Name</label>
|
||||
<input type="text" id="client_name" name="client_name" class="form-control form-control-lg" placeholder="Vor- und Nachname" required>
|
||||
</div>
|
||||
|
||||
{% if custom_fields %}
|
||||
{% for field_label in custom_fields %}
|
||||
<div>
|
||||
<label class="form-label fw-semibold">{{ field_label }}</label>
|
||||
<input type="text" name="custom_answers" class="form-control form-control-lg" placeholder="{{ field_label }} eingeben" required>
|
||||
</div>
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
<div class="d-flex flex-column flex-sm-row gap-2 pt-2">
|
||||
<input type="hidden" name="action" value="book">
|
||||
<button type="submit" class="btn btn-primary btn-lg">Termin buchen</button>
|
||||
<a class="btn btn-outline-secondary btn-lg" href="{{ url_for('terminplaner.main', tenant=tenant_id) }}">Zur Übersicht</a>
|
||||
</div>
|
||||
</form>
|
||||
{% endif %}
|
||||
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
@@ -142,11 +271,58 @@
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<script>
|
||||
document.addEventListener('DOMContentLoaded', function () {
|
||||
const searchInput = document.getElementById('table-search');
|
||||
const clearBtn = document.getElementById('clear-filter-btn');
|
||||
const tableBody = document.getElementById('booking-table-body');
|
||||
const noResultsMsg = document.getElementById('no-results-msg');
|
||||
|
||||
if (searchInput && tableBody) {
|
||||
const rows = tableBody.querySelectorAll('tr');
|
||||
|
||||
searchInput.addEventListener('input', function () {
|
||||
const query = this.value.toLowerCase().trim();
|
||||
let visibleRowsCount = 0;
|
||||
|
||||
rows.forEach(row => {
|
||||
// Liest den Textinhalt aller Spalten der Zeile aus
|
||||
const rowText = row.textContent.toLowerCase();
|
||||
|
||||
if (rowText.includes(query)) {
|
||||
row.classList.remove('d-none');
|
||||
visibleRowsCount++;
|
||||
} else {
|
||||
row.classList.add('d-none');
|
||||
}
|
||||
});
|
||||
|
||||
// Falls kein Filterergebnis gefunden wurde, Nachricht einblenden
|
||||
if (visibleRowsCount === 0 && query !== '') {
|
||||
noResultsMsg.classList.remove('d-none');
|
||||
} else {
|
||||
noResultsMsg.classList.add('d-none');
|
||||
}
|
||||
});
|
||||
|
||||
// Filter zurücksetzen Button
|
||||
if (clearBtn) {
|
||||
clearBtn.addEventListener('click', function () {
|
||||
searchInput.value = '';
|
||||
rows.forEach(row => row.classList.remove('d-none'));
|
||||
noResultsMsg.classList.add('d-none');
|
||||
searchInput.focus();
|
||||
});
|
||||
}
|
||||
}
|
||||
});
|
||||
</script>
|
||||
<script src="https://cdn.jsdelivr.net/npm/fullcalendar@6.1.15/index.global.min.js"></script>
|
||||
<script>
|
||||
(function () {
|
||||
const available = {{ available|tojson }};
|
||||
const appointmentId = {{ appointment_id|tojson }};
|
||||
const canViewBookingNames = {{ can_view_booking_names|tojson }}; // Injected from Flask
|
||||
const slider = document.getElementById('day-slider');
|
||||
const sliderLabel = document.getElementById('day-slider-label');
|
||||
const sliderWrap = slider ? slider.closest('.day-slider-wrap') : null;
|
||||
@@ -160,10 +336,10 @@
|
||||
const confirmBookingWithIcsBtn = document.getElementById('confirm-booking-with-ics');
|
||||
const modal = modalEl ? new bootstrap.Modal(modalEl) : null;
|
||||
|
||||
const slotLength = Number.parseInt(available.slot_lenght, 10) || 45;
|
||||
const bookedStarts = new Set((available.slots_booked || []).map(function (entry) {
|
||||
return String(entry.start || '').trim();
|
||||
}).filter(Boolean));
|
||||
// Fallback for both spellings of slot length
|
||||
const slotLength = Number.parseInt(available.slot_length || available.slot_lenght, 10) || 45;
|
||||
const clientsPerSlot = Number.parseInt(available.clients_per_slot, 10) || 1;
|
||||
const bookingsByTime = available.bookings_by_time || {};
|
||||
|
||||
function formatDateForInput(dateObj) {
|
||||
const y = dateObj.getFullYear();
|
||||
@@ -227,6 +403,8 @@
|
||||
return null;
|
||||
}
|
||||
|
||||
const fullyBookedSlots = [];
|
||||
|
||||
function buildCandidateSlots() {
|
||||
const slots = [];
|
||||
const allowedDates = dateRangeInclusive(String(available.date_start || ''), String(available.date_end || ''));
|
||||
@@ -234,9 +412,7 @@
|
||||
|
||||
spans.forEach(function (entry) {
|
||||
const parsed = parseTimeSpanEntry(entry);
|
||||
if (!parsed) {
|
||||
return;
|
||||
}
|
||||
if (!parsed) return;
|
||||
|
||||
const targetDates = parsed.date ? [parsed.date] : allowedDates;
|
||||
targetDates.forEach(function (date) {
|
||||
@@ -249,10 +425,19 @@
|
||||
let cursor = new Date(from);
|
||||
while (addMinutes(cursor, slotLength) <= to) {
|
||||
const slotStart = formatDateForInput(cursor);
|
||||
if (!bookedStarts.has(slotStart)) {
|
||||
const currentBookingsCount = bookingsByTime[slotStart] || 0;
|
||||
|
||||
// Check if the current individual timestamp still has capacity left
|
||||
if (currentBookingsCount < clientsPerSlot) {
|
||||
slots.push({
|
||||
start: slotStart,
|
||||
end: formatDateForInput(addMinutes(cursor, slotLength)),
|
||||
bookingsCount: currentBookingsCount
|
||||
});
|
||||
} else {
|
||||
fullyBookedSlots.push({
|
||||
start: slotStart,
|
||||
end: formatDateForInput(addMinutes(cursor, slotLength))
|
||||
});
|
||||
}
|
||||
cursor = addMinutes(cursor, slotLength);
|
||||
@@ -267,27 +452,8 @@
|
||||
const slotStartSet = new Set(candidateSlots.map(function (slot) { return slot.start; }));
|
||||
const allDays = dateRangeInclusive(String(available.date_start || ''), String(available.date_end || ''));
|
||||
|
||||
// Show the requested UI time window from 08:15 to 20:00 and highlight available slots
|
||||
let slotMinTime = '08:15:00';
|
||||
let slotMinTime = '08:00:00';
|
||||
let slotMaxTime = '20:00:00';
|
||||
if (candidateSlots.length > 0) {
|
||||
const starts = candidateSlots.map(function (slot) {
|
||||
return new Date(slot.start.replace(' ', 'T') + ':00');
|
||||
}).filter(function (d) { return !Number.isNaN(d.getTime()); });
|
||||
const ends = candidateSlots.map(function (slot) {
|
||||
return new Date(slot.end.replace(' ', 'T') + ':00');
|
||||
}).filter(function (d) { return !Number.isNaN(d.getTime()); });
|
||||
|
||||
// Keep the computed min/max for gap calculations below
|
||||
var computedMinStart = null;
|
||||
var computedMaxEnd = null;
|
||||
if (starts.length > 0 && ends.length > 0) {
|
||||
computedMinStart = starts[0];
|
||||
computedMaxEnd = ends[0];
|
||||
starts.forEach(function (d) { if (d < computedMinStart) computedMinStart = d; });
|
||||
ends.forEach(function (d) { if (d > computedMaxEnd) computedMaxEnd = d; });
|
||||
}
|
||||
}
|
||||
|
||||
const visibleStart = allDays[0] || String(available.date_start || '');
|
||||
const visibleEndExclusive = allDays.length > 0
|
||||
@@ -322,14 +488,8 @@
|
||||
slotMinTime: slotMinTime,
|
||||
slotMaxTime: slotMaxTime,
|
||||
nowIndicator: true,
|
||||
validRange: {
|
||||
start: visibleStart,
|
||||
end: visibleEndExclusive,
|
||||
},
|
||||
visibleRange: {
|
||||
start: visibleStart,
|
||||
end: visibleEndExclusive,
|
||||
},
|
||||
validRange: { start: visibleStart, end: visibleEndExclusive },
|
||||
visibleRange: { start: visibleStart, end: visibleEndExclusive },
|
||||
headerToolbar: {
|
||||
left: '',
|
||||
center: 'title',
|
||||
@@ -337,28 +497,22 @@
|
||||
},
|
||||
events: [],
|
||||
eventDrop: function (info) {
|
||||
if (info.event.id !== 'selected-slot') {
|
||||
return;
|
||||
}
|
||||
if (info.event.id !== 'selected-slot') return;
|
||||
const droppedStart = formatDateForInput(info.event.start);
|
||||
if (!slotStartSet.has(droppedStart)) {
|
||||
info.revert();
|
||||
window.alert('Dieser Zeitpunkt ist nicht als freier Slot verfügbar.');
|
||||
window.alert('Dieser Zeitpunkt ist ausgebucht oder nicht verfügbar.');
|
||||
return;
|
||||
}
|
||||
applySelectedSlot(droppedStart);
|
||||
},
|
||||
eventClick: function (info) {
|
||||
const slotType = info.event.extendedProps ? info.event.extendedProps.slotType : '';
|
||||
if (slotType !== 'free') {
|
||||
return;
|
||||
}
|
||||
if (slotType !== 'free') return;
|
||||
applySelectedSlot(info.event.extendedProps.slotStart || '');
|
||||
}
|
||||
});
|
||||
|
||||
// No background greying: show full calendar skeleton and only mark possible slots
|
||||
|
||||
function updateSliderLabel() {
|
||||
const dateList = dateRangeInclusive(String(available.date_start || ''), String(available.date_end || ''));
|
||||
const idx = Number.parseInt(slider.value, 10) || 0;
|
||||
@@ -377,9 +531,7 @@
|
||||
selectedEvent = null;
|
||||
}
|
||||
|
||||
if (!selectedSlot) {
|
||||
return;
|
||||
}
|
||||
if (!selectedSlot) return;
|
||||
|
||||
const start = new Date(selectedSlot.replace(' ', 'T') + ':00');
|
||||
const end = addMinutes(start, slotLength);
|
||||
@@ -398,13 +550,9 @@
|
||||
function getIcsDownloadUrl() {
|
||||
const base = {{ url_for('terminplaner.client_slot_calendar_export', appointment_id=appointment_id, tenant=tenant_id)|tojson }};
|
||||
const url = new URL(base, window.location.origin);
|
||||
if (selectedSlot) {
|
||||
url.searchParams.set('start', selectedSlot);
|
||||
}
|
||||
if (selectedSlot) url.searchParams.set('start', selectedSlot);
|
||||
const name = String(clientNameInput.value || '').trim();
|
||||
if (name) {
|
||||
url.searchParams.set('name', name);
|
||||
}
|
||||
if (name) url.searchParams.set('name', name);
|
||||
return url.toString();
|
||||
}
|
||||
|
||||
@@ -415,14 +563,19 @@
|
||||
}
|
||||
}
|
||||
|
||||
// No background gaps: keep full skeleton/grid visible
|
||||
|
||||
// Add candidate free slots (blue)
|
||||
// Render Active/Available Slots with Live Seat Counts
|
||||
candidateSlots.forEach(function (slot) {
|
||||
const start = new Date(slot.start.replace(' ', 'T') + ':00');
|
||||
const end = new Date(slot.end.replace(' ', 'T') + ':00');
|
||||
|
||||
let displayTitle = 'Freier Slot';
|
||||
if (clientsPerSlot > 1) {
|
||||
const remainingSeats = clientsPerSlot - slot.bookingsCount;
|
||||
displayTitle += ' (' + remainingSeats + '/' + clientsPerSlot + ' frei)';
|
||||
}
|
||||
|
||||
calendar.addEvent({
|
||||
title: 'Freier Slot',
|
||||
title: displayTitle,
|
||||
start: start,
|
||||
end: end,
|
||||
color: '#0d6efd',
|
||||
@@ -435,46 +588,54 @@
|
||||
});
|
||||
});
|
||||
|
||||
(available.slots_booked || []).forEach(function (booking) {
|
||||
const startStr = String(booking.start || '').trim();
|
||||
if (!startStr) {
|
||||
return;
|
||||
}
|
||||
const start = new Date(startStr.replace(' ', 'T') + ':00');
|
||||
const end = addMinutes(start, slotLength);
|
||||
// Client View Optimization: Render solid red events ONLY if a slot is 100% full
|
||||
fullyBookedSlots.forEach(function (slot) {
|
||||
const start = new Date(slot.start.replace(' ', 'T') + ':00');
|
||||
const end = new Date(slot.end.replace(' ', 'T') + ':00');
|
||||
calendar.addEvent({
|
||||
title: 'Gebucht' + (booking.name ? ' - ' + booking.name : ''),
|
||||
title: 'Ausgebucht',
|
||||
start: start,
|
||||
end: end,
|
||||
color: '#dc3545',
|
||||
editable: false,
|
||||
display: 'block',
|
||||
display: 'block'
|
||||
});
|
||||
});
|
||||
|
||||
// Admin Management View: Render detailed name blocks exclusively for management interaction
|
||||
if (canViewBookingNames) {
|
||||
(available.slots_booked || []).forEach(function (booking) {
|
||||
const startStr = String(booking.start || '').trim();
|
||||
if (!startStr) return;
|
||||
const start = new Date(startStr.replace(' ', 'T') + ':00');
|
||||
const end = addMinutes(start, slotLength);
|
||||
calendar.addEvent({
|
||||
title: 'Belegt: ' + (booking.name || 'Anonym'),
|
||||
start: start,
|
||||
end: end,
|
||||
color: '#9e9e9e',
|
||||
editable: false,
|
||||
display: 'block',
|
||||
});
|
||||
});
|
||||
}
|
||||
|
||||
// Event Listeners and Setup
|
||||
form.addEventListener('submit', function (ev) {
|
||||
if (!selectedSlotInput.value) {
|
||||
ev.preventDefault();
|
||||
window.alert('Bitte zuerst im Kalender einen freien Slot auswählen.');
|
||||
return;
|
||||
}
|
||||
|
||||
if (allowImmediateSubmit) {
|
||||
return;
|
||||
}
|
||||
|
||||
if (allowImmediateSubmit) return;
|
||||
ev.preventDefault();
|
||||
if (modal) {
|
||||
modal.show();
|
||||
}
|
||||
if (modal) modal.show();
|
||||
});
|
||||
|
||||
if (confirmBookingOnlyBtn) {
|
||||
confirmBookingOnlyBtn.addEventListener('click', function () {
|
||||
allowImmediateSubmit = true;
|
||||
if (modal) {
|
||||
modal.hide();
|
||||
}
|
||||
if (modal) modal.hide();
|
||||
form.submit();
|
||||
});
|
||||
}
|
||||
@@ -482,13 +643,9 @@
|
||||
if (confirmBookingWithIcsBtn) {
|
||||
confirmBookingWithIcsBtn.addEventListener('click', function () {
|
||||
const icsUrl = confirmBookingWithIcsBtn.getAttribute('data-ics-url') || getIcsDownloadUrl();
|
||||
if (icsUrl) {
|
||||
window.open(icsUrl, '_blank');
|
||||
}
|
||||
if (icsUrl) window.open(icsUrl, '_blank');
|
||||
allowImmediateSubmit = true;
|
||||
if (modal) {
|
||||
modal.hide();
|
||||
}
|
||||
if (modal) modal.hide();
|
||||
form.submit();
|
||||
});
|
||||
}
|
||||
@@ -509,10 +666,8 @@
|
||||
slider.addEventListener('input', function () {
|
||||
const idx = Number.parseInt(slider.value, 10) || 0;
|
||||
updateSliderLabel();
|
||||
if (allDays[idx]) {
|
||||
if (calendar.view.type === 'timeGridDay') {
|
||||
calendar.gotoDate(allDays[idx]);
|
||||
}
|
||||
if (allDays[idx] && calendar.view.type === 'timeGridDay') {
|
||||
calendar.gotoDate(allDays[idx]);
|
||||
}
|
||||
});
|
||||
|
||||
|
||||
@@ -70,6 +70,10 @@
|
||||
<label for="slot_length" class="form-label fw-semibold">Slot-Länge in Minuten</label>
|
||||
<input type="number" id="slot_length" name="slot_length" class="form-control form-control-lg" min="1" value="45">
|
||||
</div>
|
||||
<div>
|
||||
<label class="form-label fw-semibold text-primary">Nutzer pro Slot</label>
|
||||
<input type="number" id="clients_per_slot" name="clients_per_slot" value="1">
|
||||
</div>
|
||||
<div class="col-12 col-md-6">
|
||||
<label class="form-label fw-semibold text-primary">Automatisch berechnete Slots</label>
|
||||
<div id="slots_amounts_display" class="form-control form-control-lg bg-primary-subtle text-primary fw-bold d-flex align-items-center">0</div>
|
||||
@@ -77,6 +81,16 @@
|
||||
<div class="form-text">Wird aus der gebuchten Zeit (abzüglich Pausen) und der Slot-Länge berechnet.</div>
|
||||
</div>
|
||||
</div>
|
||||
<div id="custom-fields-container" class="mt-4">
|
||||
<h3 class="mb-3">Benutzerdefinierte Felder</h3>
|
||||
|
||||
<div class="mb-3 custom-field-row">
|
||||
<input type="text"
|
||||
name="custom_fields"
|
||||
class="form-control form-control-lg custom-dynamic-input"
|
||||
placeholder="Zusatzfeld hinzufügen (z.B. Firma, Kundennummer...)">
|
||||
</div>
|
||||
</div>
|
||||
|
||||
{% if mail_service_enabled %}
|
||||
<div>
|
||||
@@ -139,8 +153,9 @@
|
||||
const defaultPauseEndInput = document.getElementById('default_pause_end');
|
||||
|
||||
const slotLengthInput = document.getElementById('slot_length');
|
||||
const clientsperslot = document.getElementById('clients_per_slot')
|
||||
const slotsAmountsInput = document.getElementById('slots_amounts');
|
||||
const slotsAmountsDisplay = document.getElementById('slots_amounts_display'); // Neu: Anzeige-Element
|
||||
const slotsAmountsDisplay = document.getElementById('slots_amounts_display');
|
||||
|
||||
if (!startDateInput || !endDateInput || !buildButton || !daysContainer || !timeFrameTextarea) {
|
||||
return;
|
||||
@@ -188,16 +203,31 @@
|
||||
if (slotsAmountsDisplay) slotsAmountsDisplay.innerText = totalSlots + " Slots gesamt";
|
||||
}
|
||||
|
||||
// Helper utility in case your timeToMinutes handler doesn't catch empty strings safely
|
||||
function safeTimeToMinutes(timeString) {
|
||||
if (!timeString || typeof timeString !== 'string' || !timeString.includes(':')) {
|
||||
return 0; // Return 0 instead of NaN for empty or missing values
|
||||
}
|
||||
const parts = timeString.split(':');
|
||||
const hours = parseInt(parts[0], 10);
|
||||
const minutes = parseInt(parts[1], 10);
|
||||
if (isNaN(hours) || isNaN(minutes)) return 0;
|
||||
return (hours * 60) + minutes;
|
||||
}
|
||||
|
||||
// Berechnet die Slots basierend auf den konfigurierten Zeiten & Pausen
|
||||
function calculateSlots() {
|
||||
if (!slotLengthInput || !slotsAmountsInput) return;
|
||||
|
||||
if (!slotLengthInput || !slotsAmountsInput || !clientsperslot) return;
|
||||
|
||||
const slotLength = parseInt(slotLengthInput.value, 10);
|
||||
if (isNaN(slotLength) || slotLength <= 0) {
|
||||
updateSlotsDisplay(0);
|
||||
return;
|
||||
}
|
||||
|
||||
// FIX 1: Make sure we parse the input VALUE, defaulting to 1 if empty or invalid
|
||||
const multiplier = parseInt(clientsperslot.value, 10) || 1;
|
||||
|
||||
let totalSlots = 0;
|
||||
const rows = Array.from(daysContainer.querySelectorAll('[data-day-row]'));
|
||||
|
||||
@@ -209,19 +239,20 @@
|
||||
|
||||
if (!startTime || !endTime) return;
|
||||
|
||||
const startMins = timeToMinutes(startTime);
|
||||
const endMins = timeToMinutes(endTime);
|
||||
const pauseStartMins = timeToMinutes(pauseStart);
|
||||
const pauseEndMins = timeToMinutes(pauseEnd);
|
||||
// Using safety parsing to prevent missing values from generating NaN
|
||||
const startMins = safeTimeToMinutes(startTime);
|
||||
const endMins = safeTimeToMinutes(endTime);
|
||||
const pauseStartMins = safeTimeToMinutes(pauseStart);
|
||||
const pauseEndMins = safeTimeToMinutes(pauseEnd);
|
||||
|
||||
if (endMins <= startMins) return; // Ungültige Zeit
|
||||
if (isNaN(startMins) || isNaN(endMins) || endMins <= startMins) return;
|
||||
|
||||
// Wenn eine gültige Pause innerhalb der Start/Endzeit existiert
|
||||
if (pauseStartMins > 0 && pauseEndMins > 0 && pauseStartMins < pauseEndMins && pauseStartMins > startMins && pauseStartMins < endMins) {
|
||||
// Segment 1 (Vor der Pause)
|
||||
const segment1 = pauseStartMins - startMins;
|
||||
totalSlots += Math.floor(segment1 / slotLength);
|
||||
|
||||
|
||||
// Segment 2 (Nach der Pause)
|
||||
const effectivePauseEnd = Math.min(pauseEndMins, endMins);
|
||||
const segment2 = endMins - effectivePauseEnd;
|
||||
@@ -234,7 +265,11 @@
|
||||
}
|
||||
});
|
||||
|
||||
updateSlotsDisplay(totalSlots);
|
||||
// FIX 2: Multiply by our safely parsed input value scalar
|
||||
const totalSlotscomplete = totalSlots * multiplier;
|
||||
|
||||
// Safety check: if anything went wrong anyway, fallback to 0 instead of displaying NaN
|
||||
updateSlotsDisplay(isNaN(totalSlotscomplete) ? 0 : totalSlotscomplete);
|
||||
}
|
||||
|
||||
// Synchronisiert das Textfeld und fügt den Break-Cut hinzu
|
||||
@@ -351,6 +386,39 @@
|
||||
syncTextarea();
|
||||
}
|
||||
|
||||
document.addEventListener('DOMContentLoaded', function () {
|
||||
const container = document.getElementById('custom-fields-container');
|
||||
|
||||
// Monitor inputs inside the container using event delegation
|
||||
container.addEventListener('input', function (event) {
|
||||
// Only trigger if the user is typing inside our dynamic inputs
|
||||
if (event.target.classList.contains('custom-dynamic-input')) {
|
||||
const allInputs = container.querySelectorAll('.custom-dynamic-input');
|
||||
const lastInput = allInputs[allInputs.length - 1];
|
||||
|
||||
// If the user typed something into the absolute last input field, spawn a new one
|
||||
if (lastInput.value.trim() !== '') {
|
||||
createNewFieldRow(container);
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
// Helper function to generate and append a clean new input row
|
||||
function createNewFieldRow(targetContainer) {
|
||||
const rowDiv = document.createElement('div');
|
||||
rowDiv.className = 'mb-3 custom-field-row';
|
||||
|
||||
rowDiv.innerHTML = `
|
||||
<input type="text"
|
||||
name="custom_fields"
|
||||
class="form-control form-control-lg custom-dynamic-input"
|
||||
placeholder="Nächstes Zusatzfeld...">
|
||||
`;
|
||||
|
||||
targetContainer.appendChild(rowDiv);
|
||||
}
|
||||
});
|
||||
|
||||
// Event Listeners Registration
|
||||
buildButton.addEventListener('click', renderRows);
|
||||
startDateInput.addEventListener('change', renderRows);
|
||||
@@ -366,10 +434,27 @@
|
||||
slotLengthInput.addEventListener('input', calculateSlots);
|
||||
slotLengthInput.addEventListener('change', calculateSlots);
|
||||
}
|
||||
if (clientsperslot) {
|
||||
clientsperslot.addEventListener('input', calculateSlots);
|
||||
clientsperslot.addEventListener('change', calculateSlots);
|
||||
}
|
||||
|
||||
if (startDateInput.value && endDateInput.value) {
|
||||
renderRows();
|
||||
}
|
||||
|
||||
|
||||
const configForm = document.querySelector('form');
|
||||
if (configForm) {
|
||||
configForm.addEventListener('keydown', function(event) {
|
||||
if (event.key === 'Enter') {
|
||||
if (event.target.tagName === 'TEXTAREA') return;
|
||||
if (event.target.tagName === 'BUTTON' && event.target.type === 'submit') return;
|
||||
event.preventDefault();
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
})();
|
||||
</script>
|
||||
{% endblock %}
|
||||
@@ -6,6 +6,8 @@
|
||||
<div class="container py-4">
|
||||
<div class="row justify-content-center">
|
||||
<div class="col-12 col-lg-11 col-xl-10">
|
||||
|
||||
<!-- Hero Sektion -->
|
||||
<section class="p-4 p-md-5 rounded-4 shadow-lg" style="background: linear-gradient(135deg, rgba(15,76,92,0.96), rgba(22,105,122,0.92)); color: #fff;">
|
||||
<div class="d-flex flex-column flex-lg-row justify-content-between gap-4 align-items-start align-items-lg-end">
|
||||
<div>
|
||||
@@ -20,6 +22,39 @@
|
||||
</div>
|
||||
</section>
|
||||
|
||||
<!-- NEU EINGEBAUT: Erfolgsmeldung für gerade erstellte Buchungslinks -->
|
||||
{% if generated_link %}
|
||||
<div class="alert alert-success mt-4 shadow-sm rounded-4">
|
||||
<div class="fw-bold mb-1">Buchungslink erstellt</div>
|
||||
<div class="mb-2">
|
||||
{% if mail_service_enabled %}
|
||||
Teilen Sie diesen Link mit den Teilnehmenden oder versenden Sie ihn direkt per E-Mail.
|
||||
{% else %}
|
||||
Der E-Mail-Service ist deaktiviert. Teilen Sie diesen Link manuell mit den Teilnehmenden.
|
||||
{% endif %}
|
||||
</div>
|
||||
<a href="{{ generated_link }}" class="d-inline-block text-break mb-3">{{ generated_link }}</a>
|
||||
|
||||
<!-- PDF Export per ReportLab -->
|
||||
<div class="pt-3 border-top border-success-subtle">
|
||||
<div class="fw-semibold mb-1">Einladungsbrief (inkl. QR-Code)</div>
|
||||
<p class="small text-muted mb-2">Laden Sie einen automatisch generierten Brief herunter, der den Buchungslink und einen passenden QR-Code enthält.</p>
|
||||
<a href="{{ url_for('terminplaner.export_pdf_brief', plan_id=plan_id) }}" class="btn btn-outline-success btn-sm">
|
||||
📄 Brief als PDF herunterladen
|
||||
</a>
|
||||
</div>
|
||||
|
||||
{% if calendar_link %}
|
||||
<div class="mt-3 pt-3 border-top border-success-subtle">
|
||||
<div class="fw-semibold mb-1">Kalendereintrag</div>
|
||||
<a href="{{ calendar_link }}" class="btn btn-outline-primary btn-sm">.ics herunterladen</a>
|
||||
</div>
|
||||
{% endif %}
|
||||
</div>
|
||||
{% endif %}
|
||||
<!-- ENDE NEUER BLOCK -->
|
||||
|
||||
<!-- Info-Karten -->
|
||||
<div class="row g-4 mt-1">
|
||||
<div class="col-12 col-md-4">
|
||||
<div class="card h-100 shadow-sm border-0 rounded-4">
|
||||
@@ -59,6 +94,7 @@
|
||||
<p class="mb-0 text-muted">Sie können Termine anlegen, den Kalender prüfen und Buchungslinks verteilen.</p>
|
||||
</div>
|
||||
|
||||
<!-- "Tabelle" (Liste) der kommenden Termine -->
|
||||
<div class="mt-4 p-4 rounded-4 bg-white shadow-sm">
|
||||
<div class="d-flex flex-column flex-md-row justify-content-between align-items-md-center gap-2 mb-3">
|
||||
<h2 class="h5 fw-bold mb-0">Kommende Termine</h2>
|
||||
@@ -84,10 +120,18 @@
|
||||
<div class="text-lg-end">
|
||||
<div class="small mb-2">Gebucht: <strong>{{ event.slots_booked }}</strong> / {{ event.slots_total }} | Frei: <strong>{{ event.slots_left }}</strong></div>
|
||||
<div class="d-flex flex-wrap gap-2 justify-content-lg-end">
|
||||
<a class="btn btn-sm btn-primary" href="{{ event.link }}" target="_blank" rel="noopener">Client-Link öffnen</a>
|
||||
|
||||
<!-- Hinzugefügt: Direkter PDF-Export auch bei bestehenden Plänen -->
|
||||
<a class="btn btn-sm btn-outline-success" href="{{ url_for('terminplaner.export_pdf_brief', plan_id=event.appointment_id) }}" title="Brief herunterladen">
|
||||
📄 PDF
|
||||
</a>
|
||||
|
||||
<a class="btn btn-sm btn-primary" href="{{ event.link }}" target="_blank" rel="noopener">Client-Link</a>
|
||||
|
||||
{% if event.calendar_link %}
|
||||
<a class="btn btn-sm btn-outline-primary" href="{{ event.calendar_link }}">.ics</a>
|
||||
{% endif %}
|
||||
|
||||
<form method="post" action="{{ url_for('terminplaner.delete_appointment', appointment_id=event.appointment_id, tenant=tenant_id) }}" class="d-inline" onsubmit="return confirm('Diesen Terminplan wirklich löschen?');">
|
||||
<button type="submit" class="btn btn-sm btn-outline-danger">Entfernen</button>
|
||||
</form>
|
||||
@@ -105,4 +149,4 @@
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
{% endblock %}
|
||||
{% endblock %}
|
||||
@@ -788,7 +788,19 @@
|
||||
{% if show_library_features %}
|
||||
<!-- Library Mode: Single Customizable Filter -->
|
||||
<div class="filter-inputs">
|
||||
<h3>Kategorie/Typ (customisierbar):</h3>
|
||||
<h3>Medientyp</h3>
|
||||
<div class="form-group">
|
||||
<select name="item_type_input" id="item_type_input">
|
||||
<option value="" disabled selected>Medientyp auswählen...</option>
|
||||
<option value="Buch">Buch</option>
|
||||
<option value="Schulbuch">Schulbuch</option>
|
||||
<option value="CD">CD</option>
|
||||
<option value="DVD">DVD</option>
|
||||
<option value="Sonstiges">Sonstiges</option>
|
||||
</select>
|
||||
<small style="display:block; color:#666;">Wählen Sie einen Medientyp aus zur Klassifizierung.</small>
|
||||
</div>
|
||||
<h3>Kategorie/Typ:</h3>
|
||||
<div class="form-group">
|
||||
<input type="text" name="library_category" id="library_category" placeholder="z.B. Belletristik, Sachbücher, Nachschlagewerke, etc.">
|
||||
<small style="display:block; color:#666;">Geben Sie hier eine beliebige Kategorie ein zur freien Klassifizierung.</small>
|
||||
@@ -942,7 +954,7 @@
|
||||
<div class="isbn-input-group">
|
||||
<input type="text" id="isbn" name="isbn" placeholder="ISBN oder Barcode eingeben..." required>
|
||||
<button type="button" id="scan-isbn-btn" class="fetch-isbn-button">Barcode scannen</button>
|
||||
<button type="button" class="fetch-isbn-button" onclick="fetchBookInfo('upload')">Bild abrufen</button>
|
||||
<button type="button" class="fetch-isbn-button" onclick="fetchBookInfo('upload')">Informationen abrufen</button>
|
||||
</div>
|
||||
<div id="isbn-scanner" style="width:100%; max-width:520px; display:none; margin-top:10px;"></div>
|
||||
<small id="isbn-scan-status" style="display:block; color:#666; margin-top:6px;">Scannen oder manuell eingeben. Gültige ISBNs helfen beim Abruf von Buchdaten, andere Codes werden trotzdem akzeptiert.</small>
|
||||
@@ -1563,6 +1575,7 @@
|
||||
// Get form fields
|
||||
const nameField = document.getElementById('name');
|
||||
const descriptionField = document.getElementById('beschreibung');
|
||||
const priceField = document.getElementById('anschaffungskosten'); // <-- NEU
|
||||
|
||||
if (!nameField || !descriptionField) {
|
||||
alert('Fehler: Formularfelder nicht gefunden.');
|
||||
@@ -1600,6 +1613,13 @@
|
||||
nameField.value = bookTitle;
|
||||
descriptionField.value = description;
|
||||
|
||||
// Preis in das Formularfeld eintragen
|
||||
if (priceField && currentBookData.price !== null && currentBookData.price !== undefined) {
|
||||
// Wandelt den Float (z.B. 12.25) in einen String mit Komma (12,25) um
|
||||
let formattedPrice = currentBookData.price.toString().replace('.', ',');
|
||||
priceField.value = formattedPrice;
|
||||
}
|
||||
|
||||
// Download and import book cover image if available
|
||||
if (currentBookData.thumbnail) {
|
||||
downloadBookCover(currentBookData.thumbnail);
|
||||
|
||||
@@ -55,6 +55,7 @@ services:
|
||||
interval: 10s
|
||||
timeout: 5s
|
||||
retries: 10
|
||||
start_period: 30s
|
||||
environment:
|
||||
MONGO_INITDB_DATABASE: inventar_default
|
||||
|
||||
|
||||
+108
-136
@@ -23,70 +23,19 @@ ensure_runtime_config_json() {
|
||||
echo "Warning: moved unexpected directory $config_path to $backup_path"
|
||||
fi
|
||||
|
||||
FORCE_REMOVE=false
|
||||
if [ "${2:-}" = "--yes" ] || [ "${2:-}" = "-y" ]; then
|
||||
FORCE_REMOVE=true
|
||||
TENANT_ID="${3:-}"
|
||||
fi
|
||||
|
||||
if [ -z "$TENANT_ID" ]; then
|
||||
if [ ! -f "$config_path" ]; then
|
||||
cat > "$config_path" <<'EOF'
|
||||
{
|
||||
"ver": "2.6.5",
|
||||
"tenants": {}
|
||||
}
|
||||
EOF
|
||||
echo "Created default config.json"
|
||||
fi
|
||||
}
|
||||
|
||||
if [ "$FORCE_REMOVE" != true ]; then
|
||||
echo -n "WARNING: Are you sure you want to permanently delete all data for tenant '$TENANT_ID'? (y/N) "
|
||||
read confirm
|
||||
if [ "$confirm" != "y" ] && [ "$confirm" != "Y" ]; then
|
||||
echo "Removal canceled."
|
||||
exit 0
|
||||
fi
|
||||
fi
|
||||
|
||||
echo "Removing tenant '$TENANT_ID'..."
|
||||
APP_CONTAINER=$(docker ps -qf "name=app" | head -n 1)
|
||||
port_to_remove=""
|
||||
if [ -n "$APP_CONTAINER" ]; then
|
||||
port_to_remove="$({ docker exec "$APP_CONTAINER" python3 - "$TENANT_ID" <<'PY'
|
||||
import sys
|
||||
sys.path.insert(0, '/app')
|
||||
sys.path.insert(0, '/app/Web')
|
||||
from tenant import delete_tenant, get_tenant_config
|
||||
|
||||
tenant_id = sys.argv[1]
|
||||
tenant_cfg = get_tenant_config(tenant_id)
|
||||
port = tenant_cfg.get('port')
|
||||
|
||||
if not delete_tenant(tenant_id):
|
||||
print(f'Error: failed to delete tenant {tenant_id}', file=sys.stderr)
|
||||
sys.exit(1)
|
||||
|
||||
if port is not None:
|
||||
print(port)
|
||||
PY
|
||||
} 2>/dev/null)"
|
||||
echo "Tenant '$TENANT_ID' database and config removed."
|
||||
else
|
||||
echo "Warning: Application container not running. Tenant database may still exist in MongoDB."
|
||||
if port_to_remove="$(remove_tenant_port "$TENANT_ID" 2>/dev/null)"; then
|
||||
:
|
||||
else
|
||||
echo "Warning: tenant '$TENANT_ID' was not configured in config.json or could not be removed."
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ -n "$port_to_remove" ]; then
|
||||
remove_runtime_port "$port_to_remove"
|
||||
fi
|
||||
sync_tenant_port_map
|
||||
if [ -n "$(docker ps -qf 'name=app' | head -n 1)" ]; then
|
||||
restart_app_container
|
||||
fi
|
||||
if [ -n "$port_to_remove" ]; then
|
||||
echo "Removed tenant '$TENANT_ID' and cleaned runtime port $port_to_remove."
|
||||
else
|
||||
echo "Removed tenant '$TENANT_ID'. No port mapping was present."
|
||||
fi
|
||||
get_tenant_aliases() {
|
||||
local tenant_id="$1"
|
||||
local normalized alias
|
||||
normalized="$(printf '%s' "$tenant_id" | tr '[:upper:]' '[:lower:]')"
|
||||
printf '%s\n' "$tenant_id"
|
||||
@@ -212,7 +161,7 @@ existing['modules'] = {
|
||||
'inventory': {'enabled': True},
|
||||
'library': {'enabled': True},
|
||||
'student_cards': {'enabled': True, 'default_borrow_days': 14, 'max_borrow_days': 365},
|
||||
'terminplan': {'enabled': True},
|
||||
'terminplan': {'enabled': True},
|
||||
'mail': {'enabled': True},
|
||||
}
|
||||
existing['trial'] = trial_config
|
||||
@@ -245,8 +194,8 @@ initialize_tenant_database() {
|
||||
return 0
|
||||
fi
|
||||
|
||||
docker exec "$APP_CONTAINER" python3 -c '
|
||||
import sys, re, datetime, hashlib
|
||||
docker exec -i "$APP_CONTAINER" python3 - "$tenant_id" "$mode" <<'PY'
|
||||
import sys, os, re, datetime, hashlib
|
||||
sys.path.insert(0, "/app")
|
||||
sys.path.insert(0, "/app/Web")
|
||||
from Web.modules.database import settings
|
||||
@@ -258,7 +207,11 @@ sanitized = "".join(c for c in tenant_id if c.isalnum() or c == "_")
|
||||
db_name = f"inventar_{sanitized}"
|
||||
client = MongoClient(settings.MONGODB_HOST, int(settings.MONGODB_PORT))
|
||||
db = client[db_name]
|
||||
hashed_pw = hashlib.sha512("admin123".encode()).hexdigest()
|
||||
|
||||
pw_bytes = "admin123".encode("utf-8")
|
||||
random_salt = os.urandom(16)
|
||||
hashed = hashlib.scrypt(pw_bytes, salt=random_salt, n=16384, r=8, p=1)
|
||||
hashed_pw_string = f"v1${random_salt.hex()}${hashed.hex()}"
|
||||
|
||||
action_permissions = {
|
||||
"can_borrow": True,
|
||||
@@ -294,7 +247,7 @@ page_permissions = {
|
||||
if db.users.count_documents({"Username": "admin"}) == 0:
|
||||
db.users.insert_one({
|
||||
"Username": "admin",
|
||||
"Password": hashed_pw,
|
||||
"Password": hashed_pw_string,
|
||||
"Admin": True,
|
||||
"active_ausleihung": None,
|
||||
"name": "Admin",
|
||||
@@ -319,7 +272,7 @@ if mode == "trial":
|
||||
)
|
||||
|
||||
print(f"Tenant {sys.argv[1]} database initialized. Default admin: admin / admin123")
|
||||
' "$tenant_id" "$mode"
|
||||
PY
|
||||
}
|
||||
|
||||
update_runtime_ports() {
|
||||
@@ -435,7 +388,6 @@ restart_app_container() {
|
||||
|
||||
ensure_runtime_config_json
|
||||
|
||||
# If HOST_WORKDIR is set (called from container), use absolute paths so docker daemon resolves them correctly
|
||||
if [ -n "${HOST_WORKDIR:-}" ]; then
|
||||
workdir="$HOST_WORKDIR"
|
||||
compose_args+=( -f "$(readlink -f "$HOST_WORKDIR/docker-compose-multitenant.yml")" )
|
||||
@@ -446,7 +398,6 @@ restart_app_container() {
|
||||
compose_args+=( --env-file "$(readlink -f "$HOST_WORKDIR/.docker-build.env")" )
|
||||
fi
|
||||
else
|
||||
# Normal case: called directly from host
|
||||
compose_args+=( -f "$workdir/docker-compose-multitenant.yml" )
|
||||
if [ -f "$workdir/.docker-compose.runtime.override.yml" ]; then
|
||||
compose_args+=( -f "$workdir/.docker-compose.runtime.override.yml" )
|
||||
@@ -456,7 +407,6 @@ restart_app_container() {
|
||||
fi
|
||||
fi
|
||||
|
||||
# Pass along COMPOSE_PROJECT_NAME if set so the internal docker-compose sees it
|
||||
if [ -n "${COMPOSE_PROJECT_NAME:-}" ]; then
|
||||
compose_args=( -p "$COMPOSE_PROJECT_NAME" "${compose_args[@]}" )
|
||||
fi
|
||||
@@ -566,24 +516,83 @@ remove_runtime_port() {
|
||||
fi
|
||||
}
|
||||
|
||||
show_help() {
|
||||
local HEADER='\033[95m'
|
||||
local BLUE='\033[94m'
|
||||
local GREEN='\033[92m'
|
||||
local YELLOW='\033[93m'
|
||||
local RED='\033[91m'
|
||||
local BOLD='\033[1m'
|
||||
local RESET='\033[0m'
|
||||
|
||||
cat << EOF
|
||||
|
||||
${HEADER}${BOLD}=== MULTI-TENANT INVENTAR MANAGER ===${RESET}
|
||||
${YELLOW}Nutzung:${RESET} $0 <befehl> [tenant_id] [optionen]
|
||||
|
||||
${BLUE}${BOLD}VERFÜGBARE BEFEHLE:${RESET}
|
||||
${GREEN}add${RESET} <tenant_id> [port]
|
||||
Legt einen neuen Tenant an, registriert den Port und initialisiert
|
||||
die MongoDB-Datenbank mit einem Standard-Admin (${YELLOW}admin / admin123${RESET}).
|
||||
|
||||
${GREEN}trial${RESET} <tenant_id> [port] [tage]
|
||||
Erstellt einen temporären Test-Tenant. Standardlaufzeit: 7 Tage.
|
||||
Läuft automatisch ab und löscht sich selbst.
|
||||
|
||||
${GREEN}remove${RESET} [-y|--yes] <tenant_id>
|
||||
Löscht einen Tenant, seine Konfiguration, Ports und die Datenbank.
|
||||
Nutze ${RED}-y${RESET}, um die Bestätigungsabfrage zu überspringen.
|
||||
|
||||
${GREEN}restart-tenant${RESET} <tenant_id>
|
||||
Startet einen spezifischen Tenant neu, indem alle aktiven Sessions
|
||||
und der Cache in der MongoDB geleert werden (Sitzungs-Reset).
|
||||
|
||||
${GREEN}restart-all${RESET}
|
||||
Führt einen Zero-Downtime Rolling-Restart für alle App-Container durch.
|
||||
|
||||
${GREEN}list${RESET}
|
||||
Listet alle registrierten Tenants aus der 'config.json' sowie alle
|
||||
aktiven Tenant-Datenbanken aus der MongoDB auf.
|
||||
|
||||
${GREEN}module${RESET} <tenant_id> <modulname>=<on|off> ...
|
||||
Aktiviert oder deaktiviert bestimmte Features/Module für einen Tenant.
|
||||
Es können mehrere Module gleichzeitig übergeben werden.
|
||||
|
||||
${BLUE}${BOLD}GLOBALE OPTIONEN:${RESET}
|
||||
${GREEN}-h, --help${RESET}
|
||||
Zeigt diese Hilfe an.
|
||||
|
||||
${YELLOW}Beispiele:${RESET}
|
||||
$0 add schule_muenchen 8081
|
||||
$0 trial test_user 8082 14
|
||||
$0 module schule_muenchen barre_code=on leih_historie=off
|
||||
$0 remove -y test_user
|
||||
|
||||
-----------------------------------------------------------------
|
||||
EOF
|
||||
}
|
||||
|
||||
if [ -z "${1:-}" ]; then
|
||||
show_help
|
||||
exit 0
|
||||
fi
|
||||
|
||||
COMMAND="$1"
|
||||
TENANT_ID="${2:-}"
|
||||
|
||||
# === MAIN ROUTING BLOCK ===
|
||||
|
||||
case "$COMMAND" in
|
||||
-h|--help)
|
||||
show_help
|
||||
;;
|
||||
add)
|
||||
TENANT_ID="${2:-}"
|
||||
if [ -z "$TENANT_ID" ]; then
|
||||
echo "Error: Please provide a tenant_id."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
PORT_ARG="$3"
|
||||
PORT_ARG="${3:-}"
|
||||
if [ -n "$PORT_ARG" ]; then
|
||||
if ! printf '%s\n' "$PORT_ARG" | grep -qE '^[0-9]+$'; then
|
||||
echo "Error: Port must be a numeric value."
|
||||
@@ -598,68 +607,13 @@ case "$COMMAND" in
|
||||
fi
|
||||
|
||||
echo "Adding new tenant '$TENANT_ID'..."
|
||||
# Initialize tenant database via Python inside container
|
||||
echo "Initializing database for $TENANT_ID..."
|
||||
APP_CONTAINER=$(docker ps -qf "name=app" | head -n 1)
|
||||
if [ -n "$APP_CONTAINER" ]; then
|
||||
docker exec $APP_CONTAINER python3 -c "
|
||||
import sys, re; sys.path.insert(0, '/app'); sys.path.insert(0, '/app/Web'); from Web.modules.database import settings; from pymongo import MongoClient; import hashlib
|
||||
tenant_id = sys.argv[1].lower()
|
||||
sanitized = ''.join(c for c in tenant_id if c.isalnum() or c == '_')
|
||||
db_name = f'inventar_{sanitized}'
|
||||
client = MongoClient(settings.MONGODB_HOST, int(settings.MONGODB_PORT))
|
||||
db = client[db_name]
|
||||
hashed_pw = hashlib.sha512('admin123'.encode()).hexdigest()
|
||||
if db.users.count_documents({'Username': 'admin'}) == 0:
|
||||
db.users.insert_one({
|
||||
'Username': 'admin',
|
||||
'Password': hashed_pw,
|
||||
'Admin': True,
|
||||
'active_ausleihung': None,
|
||||
'name': 'Admin',
|
||||
'last_name': 'User',
|
||||
'IsStudent': False,
|
||||
'PermissionPreset': 'full_access',
|
||||
'ActionPermissions': {
|
||||
'can_borrow': True,
|
||||
'can_insert': True,
|
||||
'can_edit': True,
|
||||
'can_delete': True,
|
||||
'can_manage_users': True,
|
||||
'can_manage_settings': True,
|
||||
'can_view_logs': True,
|
||||
},
|
||||
'PagePermissions': {
|
||||
'home': True,
|
||||
'tutorial_page': True,
|
||||
'my_borrowed_items': True,
|
||||
'notifications_view': True,
|
||||
'impressum': True,
|
||||
'license': True,
|
||||
'library_view': True,
|
||||
'terminplan': True,
|
||||
'home_admin': True,
|
||||
'upload_admin': True,
|
||||
'library_admin': True,
|
||||
'admin_borrowings': True,
|
||||
'library_loans_admin': True,
|
||||
'admin_damaged_items': True,
|
||||
'admin_audit_dashboard': True,
|
||||
'logs': True,
|
||||
'manage_filters': True,
|
||||
'manage_locations': True,
|
||||
},
|
||||
})
|
||||
print(f'Tenant {sys.argv[1]} database initialized. Default admin: admin / admin123')
|
||||
" "$TENANT_ID"
|
||||
echo "Tenant '$TENANT_ID' successfully added. Ready to use."
|
||||
else
|
||||
echo "Warning: Application container is not running. Please start the multi-tenant system first."
|
||||
echo "Data will be initialized upon first access by the tenant."
|
||||
fi
|
||||
initialize_tenant_database "$TENANT_ID" "standard"
|
||||
echo "Tenant '$TENANT_ID' successfully added. Ready to use."
|
||||
;;
|
||||
|
||||
trial)
|
||||
TENANT_ID="${2:-}"
|
||||
if [ -z "$TENANT_ID" ]; then
|
||||
echo "Error: Please provide a tenant_id."
|
||||
exit 1
|
||||
@@ -691,9 +645,13 @@ print(f'Tenant {sys.argv[1]} database initialized. Default admin: admin / admin1
|
||||
|
||||
remove)
|
||||
FORCE_REMOVE=false
|
||||
if [ "${2:-}" = "--yes" ] || [ "${2:-}" = "-y" ]; then
|
||||
TENANT_ARG="${2:-}"
|
||||
|
||||
if [ "$TENANT_ARG" = "--yes" ] || [ "$TENANT_ARG" = "-y" ]; then
|
||||
FORCE_REMOVE=true
|
||||
TENANT_ID="${3:-}"
|
||||
else
|
||||
TENANT_ID="$TENANT_ARG"
|
||||
fi
|
||||
|
||||
if [ -z "$TENANT_ID" ]; then
|
||||
@@ -713,17 +671,32 @@ print(f'Tenant {sys.argv[1]} database initialized. Default admin: admin / admin1
|
||||
echo "Removing tenant '$TENANT_ID'..."
|
||||
APP_CONTAINER=$(docker ps -qf "name=app" | head -n 1)
|
||||
port_to_remove=""
|
||||
|
||||
if [ -n "$APP_CONTAINER" ]; then
|
||||
# Zuerst die Datenbank via PyMongo hart droppen (Erzwungenes Löschen)
|
||||
port_to_remove="$(docker exec "$APP_CONTAINER" python3 - "$TENANT_ID" <<'PY'
|
||||
import sys
|
||||
import sys, re
|
||||
sys.path.insert(0, '/app')
|
||||
sys.path.insert(0, '/app/Web')
|
||||
from tenant import delete_tenant, get_tenant_config
|
||||
from Web.modules.database import settings
|
||||
from pymongo import MongoClient
|
||||
|
||||
tenant_id = sys.argv[1]
|
||||
tenant_cfg = get_tenant_config(tenant_id)
|
||||
port = tenant_cfg.get('port')
|
||||
|
||||
# Datenbanknamen exakt rekonstruieren
|
||||
sanitized = "".join(c for c in tenant_id if c.isalnum() or c == "_")
|
||||
db_name = f"inventar_{sanitized}"
|
||||
|
||||
try:
|
||||
client = MongoClient(settings.MONGODB_HOST, int(settings.MONGODB_PORT))
|
||||
client.drop_database(db_name)
|
||||
print(f"MongoDB database '{db_name}' dropped successfully.", file=sys.stderr)
|
||||
except Exception as e:
|
||||
print(f"Warning: Could not drop database '{db_name}': {e}", file=sys.stderr)
|
||||
|
||||
if not delete_tenant(tenant_id):
|
||||
print(f'Error: failed to delete tenant {tenant_id}', file=sys.stderr)
|
||||
sys.exit(1)
|
||||
@@ -757,20 +730,19 @@ PY
|
||||
;;
|
||||
|
||||
restart-tenant)
|
||||
TENANT_ID="${2:-}"
|
||||
if [ -z "$TENANT_ID" ]; then
|
||||
echo "Error: Please provide a tenant_id."
|
||||
exit 1
|
||||
fi
|
||||
echo "Restarting tenant '$TENANT_ID' (clearing session/cache)..."
|
||||
# To restart a single tenant without restarting the global python processes,
|
||||
# we can invalidate their cache or drop their sessions collection to sign everyone out
|
||||
APP_CONTAINER=$(docker ps -qf "name=app" | head -n 1)
|
||||
if [ -n "$APP_CONTAINER" ]; then
|
||||
docker exec $APP_CONTAINER python3 -c "
|
||||
import sys; sys.path.insert(0, '/app'); sys.path.insert(0, '/app/Web'); from Web.modules.database import settings; from pymongo import MongoClient
|
||||
client = MongoClient(settings.MONGODB_HOST, int(settings.MONGODB_PORT))
|
||||
db = client[f'{settings.MONGODB_DB}_{sys.argv[1]}']
|
||||
db.sessions.drop() # Force sign-out / session clear
|
||||
db.sessions.drop()
|
||||
print(f'Tenant {sys.argv[1]} session cache cleared. Tenant restarted.')
|
||||
" "$TENANT_ID"
|
||||
echo "Tenant '$TENANT_ID' has been refreshed without impacting others."
|
||||
@@ -833,12 +805,12 @@ PY
|
||||
;;
|
||||
|
||||
module)
|
||||
TENANT_ID="${2:-}"
|
||||
if [ -z "$TENANT_ID" ] || [ -z "${3:-}" ]; then
|
||||
echo "Error: Usage: manage-tenant.sh module <tenant_id> <module_name>=<on|off> [...]"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Pass all remaining arguments to python script
|
||||
shift 2
|
||||
|
||||
if python3 - "$CONFIG_FILE" "$TENANT_ID" "$@" <<'PY'
|
||||
@@ -914,4 +886,4 @@ PY
|
||||
;;
|
||||
esac
|
||||
|
||||
exit 0
|
||||
exit 0
|
||||
@@ -15,3 +15,4 @@ openpyxl
|
||||
cryptography>=42.0.0
|
||||
pywebpush
|
||||
py-vapid>=1.9.0
|
||||
beautifulsoup4
|
||||
Reference in New Issue
Block a user