feat: admin panel

.gitignore

@@ -6,4 +6,5 @@ __pycache__/
 .env
 test.*
 test/
-apks/
+apks/
+*.log

app.py

@@ -20,7 +20,7 @@ migrate = Migrate(app, database.db)
 server_session = Session(app)
 
 # CORS config
-CORS(app, supports_credentials=True)
+CORS(app, expose_headers=["Content-Range", 'Authorization'], supports_credentials=True)
 jwt = JWTManager(app)
 blueprints = [
     (routes.auth_blueprint, '/auth'),
@@ -31,6 +31,7 @@ blueprints = [
     (routes.general_blueprint, '/general'),
     (routes.application_blueprint, '/application'),
     (routes.sipro_blueprint, '/sipro'),
+    (routes.admin_blueprint, '/admin'),
 ]
 
 for blueprint, url_prefix in blueprints:

database/models.py

@@ -11,6 +11,9 @@ class User(db.Model):
     password_hash = db.Column(db.String, nullable=False, comment='Пароль')
 
     sipro_id = db.Column(db.Integer, nullable=True, comment='ID пользователя в SIPRO')
+    is_admin = db.Column(db.Boolean, nullable=False, default=False, server_default='0', comment='Админ ли юзверь')
+
+    city_id = db.Column(db.Integer, nullable=False, default='1', server_default='1', comment='ID страны')
 
 
 class Assembly(db.Model):

routes/__init__.py

@@ -6,3 +6,4 @@ from routes.assembly import assembly_blueprint
 from routes.general import general_blueprint
 from routes.application import application_blueprint
 from routes.sipro import sipro_blueprint
+from routes.admin import admin_blueprint

routes/admin.py

@@ -0,0 +1,89 @@
+import json
+
+from flask import Blueprint, request, make_response, jsonify
+from flask_jwt_extended import get_jwt_identity, verify_jwt_in_request
+from werkzeug.security import generate_password_hash
+
+import database
+import sipro.api.general
+
+admin_blueprint = Blueprint('admin', __name__)
+
+
+@admin_blueprint.before_request
+def admin_check():
+    if request.method == 'OPTIONS':
+        return
+    if not verify_jwt_in_request(optional=True):
+        return {'error': 'Unauthorized'}, 401
+
+    user_id = get_jwt_identity()
+    is_admin = database.db.session.get(database.User, user_id).is_admin
+    if not is_admin:
+        return {'error': 'Unauthorized'}, 401
+
+
+def format_user(user: database.User):
+    return {
+        'id': user.id,
+        'login': user.login,
+        'city_id': user.city_id,
+        'is_admin': user.is_admin
+    }
+
+
+@admin_blueprint.get('/ping')
+def ping():
+    return {"response": "pong"}
+
+
+@admin_blueprint.get('/user')
+def get_users():
+    response = make_response(jsonify(
+        [format_user(user) for user in database.User.query.all()]
+    ))
+
+    response.headers['Content-Range'] = 'user 0-1/1'
+    return response
+
+
+@admin_blueprint.get('/user/<int:user_id>')
+def get_user(user_id):
+    user = database.db.session.get(database.User, user_id)
+    return format_user(user)
+
+
+@admin_blueprint.put('/user/<int:user_id>')
+def put_user(user_id):
+    params: dict = request.json
+    password = params.get('password').strip()
+    if password:
+        params['password_hash'] = generate_password_hash(password)
+    del params['password']
+    database.db.session.bulk_update_mappings(database.User, [params])
+    database.db.session.commit()
+    user = database.db.session.get(database.User, user_id)
+    return format_user(user)
+
+
+@admin_blueprint.get('/city')
+def get_cities():
+    filters = request.args.get('filter')
+    if filters:
+        filters = json.loads(filters)
+    else:
+        filters = {}
+    cities = sipro.api.general.get_cities()
+    for key, value in filters.items():
+        match key:
+            case 'id':
+                cities = list(filter(lambda city: city['id'] in value, cities))
+    total_cities = len(cities)
+    range_start, range_end = 0, total_cities - 1
+    range_raw = request.args.get('range')
+    if range_raw:
+        range_start, range_end = json.loads(range_raw)
+        cities = cities[range_start:range_end + 1]
+    response = make_response(jsonify(cities))
+    response.headers['Content-Range'] = f'city {range_start}-{range_end}/{total_cities}'
+    return response

routes/orders.py

@@ -1,4 +1,7 @@
+import database
 from flask import Blueprint, jsonify, request
+from flask_jwt_extended import get_jwt_identity
+
 from routes.utils import jwt_protect_blueprint
 import sipro.api.orders
 
@@ -30,8 +33,10 @@ def get_orders():
 
 @orders_blueprint.get('/getByProductId')
 def get_orders_by_supplier_product_id():
+    #user_id = get_jwt_identity()
+    #city_id = database.db.session.get(database.User, user_id).city_id
     params = dict(request.args)
-    # product_id = args.get('productId')
+    #params['city'] = city_id
     return sipro.api.orders.get_orders_from_barcode(params=params)