added groups will add a small file containing useful commands for adding users in it

2021-03-15 23:59:19 +02:00 · 2021-03-15 23:59:19 +02:00 · d007ab0997
commit d007ab0997
parent 1913e45328
8 changed files with 82 additions and 70 deletions
--- a/reValuate/db.sqlite3
+++ b/reValuate/db.sqlite3
--- a/reValuate/home/pycache/views.cpython-38.pyc
+++ b/reValuate/home/pycache/views.cpython-38.pyc
--- a/reValuate/home/views.py
+++ b/reValuate/home/views.py
@ -7,12 +7,19 @@ from django.conf import settings
 def homePage(request):
    iter_var = 0
    all_balance = []
-    
+    Cashier = False
+    Processor = False

    try:
        balObject = Balance.objects.filter(user=request.user.id)
        userBalance = balObject.values("balanceValue")
        userQR = f"Name = {request.user.username}, Date Joined = {request.user.date_joined.date()}, ID = {request.user.id}, Balance = {userBalance[0]['balanceValue']}"
+        if request.user.groups.filter(name='Cashier').exists():
+            Cashier = True
+        elif request.user.groups.filter(name='Processor').exists():
+            Processor = True
+        else:
+            pass
        a = Balance.objects.all()

        for user in a:
@ -20,6 +27,8 @@ def homePage(request):
        print(f"{all_balance}")
        limited_coins = settings.ALL_COINS - sum(all_balance)
        context = {
+            "isCashier": Cashier,
+            "isProcessor": Processor,
            "userQR":userQR,
            "fullbalance": limited_coins,
            "currencyTotal": sum(all_balance),
--- a/reValuate/templates/adminView.html
+++ b/reValuate/templates/adminView.html
@ -42,7 +42,6 @@

 {% block content %}
 <div class="centered">
-{% if request.user.is_superuser %}

    {% if image %}
      <form method="post">
@ -83,12 +82,7 @@
    </div>


-{% else %}

-  <h1>Unauthorized</h1>
-	</div>
-
-{% endif %}
 {% endblock %}


--- a/reValuate/templates/home.html
+++ b/reValuate/templates/home.html
@ -34,13 +34,18 @@
 {% endif %}

                       </li>
+					   
+					   {% if isProcessor %}
 					   <li class="nav-item d-none d-md-block" >
-      
-						{% if user.is_superuser %}
 											  <a class="nav-link" href="/admin/">Админ</a>
+							</li>
 						{% endif %}
 						
-											   </li>
+						{% if isCashier %}
+						<li class="nav-item d-none d-md-block">
+							<a class="nav-link" href="/remove_balance/">Каса</a>
+						</li>
+						{% endif %}
     
                  </ul>
                  <ul class="navbar-nav ml-auto" style="right: 0; left: auto;">
--- a/reValuate/templates/removeBalance.html
+++ b/reValuate/templates/removeBalance.html
@ -4,26 +4,20 @@


 {% block content %}
-<div class="centered">
+<div class="centered" style="text-align: center;">

-{% if request.user.is_superuser %}

 	
-	<p>Hello, {{ user.username }} !</p>
+	<p>Hello, {{ user.username }} !</p><br>
 		
 		<form method="post" enctype="multipart/form-data">
 			{% csrf_token %}
-			<input name="user_instance" id="user_instance" placeholder="Pencho Slaveikov"><br>
-			<input name="tokens" id="tokens" placeholder="523...">
-			<button type="submit">Upload</button>
+			<input name="user_instance" id="user_instance" placeholder="Enter userID here"><br><br>
+
+			<input name="tokens" id="tokens" placeholder="Enter number of tokens to remove"><br><br>
+			<button type="submit" class="Buttons">Upload</button>
 		</form>
 		
 		
 	
-{% else %}
-
-		<h1>Unauthorized</h1>
-		</div>
-
-{% endif %}
 {% endblock %}
--- a/reValuate/users/pycache/views.cpython-38.pyc
+++ b/reValuate/users/pycache/views.cpython-38.pyc
--- a/reValuate/users/views.py
+++ b/reValuate/users/views.py
@ -6,6 +6,8 @@ from django.shortcuts import render, redirect, get_object_or_404
 from django.contrib.auth.models import User
 from django.contrib import messages
 from upload.models import Media
+from django.core.exceptions import PermissionDenied
+

 # need to make oauth facebook login
 class SignUpView(generic.CreateView):
@ -37,23 +39,26 @@ def addToBalance(request):
        return render(request,"addBalance.html")

 def removeBalance(request):
-    balRem = None
-    if request.method == "POST":
-        tokens = request.POST["tokens"]
-        tokens = int(tokens) * -1
-        user_given = request.POST["user_instance"]
-        try:
-            user_instance = Balance.objects.get(user=user_given)
-            sum_balance = user_instance.balanceValue + tokens
-            balRem = Balance(balanceValue=sum_balance, user_id=user_instance)
-            balRem.save()
-            print(balRem)
-        except Balance.DoesNotExist:
-            balRem = Balance(balanceValue=tokens, user_id=user_given)
-            balRem.save()
-        return render(request,"getBalance.html", {"userBalance":balRem})
+    if request.user.groups.filter(name='Cashier').exists():
+        balRem = None
+        if request.method == "POST":
+            tokens = request.POST["tokens"]
+            tokens = int(tokens) * -1
+            user_given = request.POST["user_instance"]
+            try:
+                user_instance = Balance.objects.get(user=user_given)
+                sum_balance = user_instance.balanceValue + tokens
+                balRem = Balance(balanceValue=sum_balance, user_id=user_instance)
+                balRem.save()
+                print(balRem)
+            except Balance.DoesNotExist:
+                balRem = Balance(balanceValue=tokens, user_id=user_given)
+                balRem.save()
+            return render(request,"getBalance.html", {"userBalance":balRem})
+        else:
+            return render(request,"removeBalance.html")
    else:
-        return render(request,"removeBalance.html")
+        raise PermissionDenied("Unauthorized")

 def getBalance(request):
    balObject = Balance.objects.filter(user=request.user.id)
@ -65,38 +70,43 @@ def getBalance(request):
    return render(request,"getBalance.html", {"userBalance":userBalance} )
    
 def adminView(request):
-    try:
-        latestPicture = Media.objects.filter(tokenized=None)
-        latestPicture, userId, date, time, is_video = latestPicture.values("image")[0]["image"], latestPicture.values("user_id")[0]["user_id"], latestPicture.values("date")[0]["date"], latestPicture.values("time")[0]["time"], latestPicture.values("is_video")[0]["is_video"]
-        username = User.objects.get(pk=userId)
+    
+    if request.user.groups.filter(name='Processor').exists():

-        if request.method == "POST":
-            if request.POST['isValid'] == "Valid":
-                try:
-                    user_instance = Balance.objects.get(user=userId)
-                    sum_balance = 5 + user_instance.balanceValue
-                    balAdd = Balance(balanceValue=sum_balance, user_id=user_instance)
-                    balAdd.save()
-                    print(balAdd)
-                except Balance.DoesNotExist:
-                    balAdd = Balance(balanceValue=5, user_id=userId)
-                    balAdd.save()
+        try:
+            latestPicture = Media.objects.filter(tokenized=None)
+            latestPicture, userId, date, time, is_video = latestPicture.values("image")[0]["image"], latestPicture.values("user_id")[0]["user_id"], latestPicture.values("date")[0]["date"], latestPicture.values("time")[0]["time"], latestPicture.values("is_video")[0]["is_video"]
+            username = User.objects.get(pk=userId)
+
+            if request.method == "POST":
+                if request.POST['isValid'] == "Valid":
+                    try:
+                        user_instance = Balance.objects.get(user=userId)
+                        sum_balance = 5 + user_instance.balanceValue
+                        balAdd = Balance(balanceValue=sum_balance, user_id=user_instance)
+                        balAdd.save()
+                        print(balAdd)
+                    except Balance.DoesNotExist:
+                        balAdd = Balance(balanceValue=5, user_id=userId)
+                        balAdd.save()
+                    
+                    imageObj = Media.objects.get(image=latestPicture, user_id=userId)
+                    imageObj.tokenized = True
+                    imageObj.save()
+
+                    return redirect("/admin/")
+                elif request.POST['isValid'] == "Invalid":
+                    imageObj = Media.objects.get(image=latestPicture, user_id=userId)
+                    imageObj.tokenized=False
+                    imageObj.reason="Invalid"
+                    imageObj.save()
+                    return render(request, "adminView.html", {"time":time, "date":date,"image":latestPicture, "userId":userId, "username":username, "is_video":is_video})
                
-                imageObj = Media.objects.get(image=latestPicture, user_id=userId)
-                imageObj.tokenized = True
-                imageObj.save()

-                return redirect("/admin/")
-            elif request.POST['isValid'] == "Invalid":
-                imageObj = Media.objects.get(image=latestPicture, user_id=userId)
-                imageObj.tokenized=False
-                imageObj.reason="Invalid"
-                imageObj.save()
-                return render(request, "adminView.html", {"time":time, "date":date,"image":latestPicture, "userId":userId, "username":username, "is_video":is_video})
-            
-
-            else:
-                return render(request, "adminView")
-        return render(request, "adminView.html", {"time":time, "date":date,"image":latestPicture, "userId":userId, "username":username, "is_video":is_video})   
-    except IndexError:
-        return render(request, "adminView.html")   
+                else:
+                    return render(request, "adminView")
+            return render(request, "adminView.html", {"time":time, "date":date,"image":latestPicture, "userId":userId, "username":username, "is_video":is_video})   
+        except IndexError:
+            return render(request, "adminView.html")   
+    else:
+        raise PermissionDenied("Unauthorized")