feat: make user settings available via touchkey login
feat: add an explicit home button to the navbar
This commit is contained in:
parent
f6f7b5abdb
commit
a7150e123e
13 changed files with 38 additions and 22 deletions
14
CHANGELOG.md
14
CHANGELOG.md
|
@ -1,5 +1,19 @@
|
|||
# Matemat Changelog
|
||||
|
||||
<!-- BEGIN RELEASE v0.4.4 -->
|
||||
## Version 0.4.4
|
||||
|
||||
UI/UX Release
|
||||
|
||||
### Changes
|
||||
|
||||
<!-- BEGIN CHANGES 0.4.4 -->
|
||||
- feat: make user settings available via touchkey login
|
||||
- feat: add an explicit home button to the navbar
|
||||
<!-- END CHANGES 0.4.4 -->
|
||||
|
||||
<!-- END RELEASE v0.4.4 -->
|
||||
|
||||
<!-- BEGIN RELEASE v0.4.3 -->
|
||||
## Version 0.4.3
|
||||
|
||||
|
|
|
@ -1,2 +1,2 @@
|
|||
|
||||
__version__ = '0.4.3'
|
||||
__version__ = '0.4.4'
|
||||
|
|
|
@ -29,8 +29,8 @@ def admin():
|
|||
redirect('/login')
|
||||
authlevel: int = session.get(session_id, 'authentication_level')
|
||||
uid: int = session.get(session_id, 'authenticated_user')
|
||||
# Show a 403 Forbidden error page if no user is logged in (0) or a user logged in via touchkey or token (1)
|
||||
if authlevel < 2:
|
||||
# Show a 403 Forbidden error page if no user is logged in (0) or a user logged in via touchkey (2) or token (1)
|
||||
if authlevel < 3:
|
||||
abort(403)
|
||||
|
||||
# Connect to the database
|
||||
|
|
|
@ -41,7 +41,7 @@ def buy():
|
|||
Notification.success(
|
||||
f'Purchased <strong>{product.name}</strong> for <strong>{format_chf(price)}</strong>', decay=True)
|
||||
# Logout user if configured, logged in via touchkey and no price entry input was shown
|
||||
if user.logout_after_purchase and authlevel < 2 and not product.custom_price:
|
||||
if user.logout_after_purchase and authlevel < 3 and not product.custom_price:
|
||||
redirect('/logout')
|
||||
# Redirect to the main page (where this request should have come from)
|
||||
redirect('/')
|
||||
|
|
|
@ -35,8 +35,8 @@ def login_page():
|
|||
redirect('/login')
|
||||
# Set the user ID session variable
|
||||
session.put(session_id, 'authenticated_user', user.id)
|
||||
# Set the authlevel session variable (0 = none, 1 = touchkey, 2 = password login)
|
||||
session.put(session_id, 'authentication_level', 2)
|
||||
# Set the authlevel session variable (0 = none, 1 = token, 2 = touchkey, 3 = password)
|
||||
session.put(session_id, 'authentication_level', 3)
|
||||
# Redirect to the main page, showing the product list
|
||||
redirect('/')
|
||||
# If neither GET nor POST was used, show a 405 Method Not Allowed error page
|
||||
|
|
|
@ -35,7 +35,7 @@ def main_page():
|
|||
user, token = db.tokenlogin(str(request.params.ean))
|
||||
# Set the user ID session variable
|
||||
session.put(session_id, 'authenticated_user', user.id)
|
||||
# Set the authlevel session variable (0 = none, 1 = touchkey/token, 2 = password login)
|
||||
# Set the authlevel session variable (0 = none, 1 = token, 2 = touchkey, 3 = password)
|
||||
session.put(session_id, 'authentication_level', 1)
|
||||
redirect('/')
|
||||
except AuthenticationError:
|
||||
|
|
|
@ -28,8 +28,8 @@ def modproduct():
|
|||
redirect('/login')
|
||||
authlevel: int = session.get(session_id, 'authentication_level')
|
||||
auth_uid: int = session.get(session_id, 'authenticated_user')
|
||||
# Show a 403 Forbidden error page if no user is logged in (0) or a user logged in via touchkey (1)
|
||||
if authlevel < 2:
|
||||
# Show a 403 Forbidden error page if no user is logged in (0) or a user logged in via token (1) / touchkey (2)
|
||||
if authlevel < 3:
|
||||
abort(403)
|
||||
|
||||
# Connect to the database
|
||||
|
|
|
@ -28,8 +28,8 @@ def moduser():
|
|||
redirect('/login')
|
||||
authlevel: int = session.get(session_id, 'authentication_level')
|
||||
auth_uid: int = session.get(session_id, 'authenticated_user')
|
||||
# Show a 403 Forbidden error page if no user is logged in (0) or a user logged in via touchkey (1)
|
||||
if authlevel < 2:
|
||||
# Show a 403 Forbidden error page if no user is logged in (0) or a user logged in via token (1) / touchkey (2)
|
||||
if authlevel < 3:
|
||||
abort(403)
|
||||
|
||||
# Connect to the database
|
||||
|
|
|
@ -29,7 +29,7 @@ def settings():
|
|||
redirect('/login')
|
||||
authlevel: int = session.get(session_id, 'authentication_level')
|
||||
uid: int = session.get(session_id, 'authenticated_user')
|
||||
# Show a 403 Forbidden error page if no user is logged in (0) or a user logged in via touchkey or token (1)
|
||||
# Show a 403 Forbidden error page if no user is logged in (0) or a user logged in via token (1)
|
||||
if authlevel < 2:
|
||||
abort(403)
|
||||
|
||||
|
@ -123,11 +123,12 @@ def handle_change(args: FormsDict, files: FormsDict, user: User, db: MatematData
|
|||
return
|
||||
token = str(args.token)
|
||||
if len(token) < 6:
|
||||
Notification.error(f'Token must at least be 6 characters long', decay=True)
|
||||
return
|
||||
name = None if 'name' not in args or len(args.name) == 0 else str(args.name)
|
||||
try:
|
||||
tokobj = db.add_token(user, token, name)
|
||||
Notification.success(f'Token {tokobj.name} created successfully')
|
||||
Notification.success(f'Token {tokobj.name} created successfully', decay=True)
|
||||
except DatabaseConsistencyError:
|
||||
Notification.error('Token already exists', decay=True)
|
||||
|
||||
|
|
|
@ -86,8 +86,8 @@ def signup():
|
|||
redirect('/signup')
|
||||
# Set the user ID session variable
|
||||
session.put(session_id, 'authenticated_user', user.id)
|
||||
# Set the authlevel session variable (0 = none, 1 = touchkey, 2 = password login)
|
||||
session.put(session_id, 'authentication_level', 2)
|
||||
# Set the authlevel session variable (0 = none, 1 = token, 2 = touchkey, 3 = password)
|
||||
session.put(session_id, 'authentication_level', 3)
|
||||
# Redirect to the main page, showing the product list
|
||||
redirect('/')
|
||||
elif request.method != 'GET':
|
||||
|
|
|
@ -23,7 +23,7 @@ def statistics():
|
|||
authlevel: int = session.get(session_id, 'authentication_level')
|
||||
auth_uid: int = session.get(session_id, 'authenticated_user')
|
||||
# Show a 403 Forbidden error page if no user is logged in (0) or a user logged in via touchkey (1)
|
||||
if authlevel < 2:
|
||||
if authlevel < 3:
|
||||
abort(403)
|
||||
|
||||
# Connect to the database
|
||||
|
|
|
@ -51,8 +51,8 @@ def touchkey_page():
|
|||
redirect(url)
|
||||
# Set the user ID session variable
|
||||
session.put(session_id, 'authenticated_user', user.id)
|
||||
# Set the authlevel session variable (0 = none, 1 = touchkey, 2 = password login)
|
||||
session.put(session_id, 'authentication_level', 1)
|
||||
# Set the authlevel session variable (0 = none, 1 = token, 2 = touchkey, 3 = password)
|
||||
session.put(session_id, 'authentication_level', 2)
|
||||
if request.params.buypid:
|
||||
buypid = str(request.params.buypid)
|
||||
redirect(f'/buy?pid={buypid}')
|
||||
|
|
|
@ -23,10 +23,11 @@
|
|||
</button>
|
||||
<div class="collapse navbar-collapse" id="navbar-collapse">
|
||||
<ul class="navbar-nav me-auto mb-2 mb-lg-0">
|
||||
<li class="nav-item"><a href="/" class="nav-link"></i>Home</a></li>
|
||||
{# Show a link to the settings, if a user logged in via password (authlevel 2). #}
|
||||
{% if authuser is defined and authlevel|default(0) > 1 %}
|
||||
<li class="nav-item"><a href="/settings" class="nav-link">Settings</a></li>
|
||||
{% if authuser.is_admin %}
|
||||
{% if authuser.is_admin and authlevel|default(0) > 2 %}
|
||||
<li class="nav-item"><a href="/admin" class="nav-link">Administration</a></li>
|
||||
<li class="nav-item"><a href="/statistics" class="nav-link">Sales Statistics</a></li>
|
||||
{% endif %}
|
||||
|
@ -61,7 +62,7 @@
|
|||
|
||||
<footer class="fixed-bottom p-3 bg-light">
|
||||
{% block footer %}
|
||||
<div class="container text-muted">
|
||||
<div class="text-muted">
|
||||
{{ setupname|safe }} | Matemat {{ __version__ }}
|
||||
</div>
|
||||
{% endblock %}
|
||||
|
|
Loading…
Reference in a new issue