improve permissions and general security #3 #4 #6

main.py

@@ -3,6 +3,7 @@
 import branding
 import dbfunctions
 import webbrowser
+import usermanagement as usr
 
 branding.loadBranding()
 
@@ -32,10 +33,10 @@ def loginUser(email, password):
             st.session_state['loginSucceed'] = True
             st.session_state['username'] = username
             st.session_state['userid'] = userid
-            st.info('Welcome back', icon="👋🏻")
+            st.sidebar.info('Welcome back', icon="👋🏻")
         else:
             st.session_state['loginSucceed'] = False
-            st.warning('Wrong password')
+            st.sidebar.warning('Wrong password')
     else:
         createUser(email, password, email)
 
@@ -54,19 +55,24 @@ def loginUser(email, password):
 The tool is currently under development and still has some bugs/problems. If you have a suggestion, feel free to create an issue on GitHub so I can follow up on it.
 """)
 
-if st.button("View on GitHub"):
+if st.button("View project on GitHub"):
     webbrowser.open_new_tab("https://github.com/michivonah/helpdesk")
 
-st.sidebar.markdown("# Login/Register")
+if st.button("Self host"):
+    webbrowser.open_new_tab("https://hub.docker.com/r/michivonah/mangoticket")
 
-st.session_state['loginSucceed'] = False
-email = st.sidebar.text_input('Mail')
-password = st.sidebar.text_input('Password', type="password")        
-loginBtn = st.sidebar.button('Sign in')
+if not usr.checkLogin():
+    st.sidebar.markdown("# Login/Register")
+    st.session_state['loginSucceed'] = False
+    email = st.sidebar.text_input('Mail')
+    password = st.sidebar.text_input('Password', type="password")        
+    loginBtn = st.sidebar.button('Sign in')
 
-if loginBtn:
-    st.session_state['email'] = email
-    passwordHashed = hashlib.sha256(password.encode())
-    st.session_state['password'] = passwordHashed.hexdigest()
-    loginUser(email, st.session_state.password)
+    if loginBtn:
+        st.session_state['email'] = email
+        passwordHashed = hashlib.sha256(password.encode())
+        st.session_state['password'] = passwordHashed.hexdigest()
+        loginUser(email, st.session_state.password)
 
+else:
+    st.sidebar.info('Welcome back', icon="👋🏻")

pages/customers.py

@@ -2,6 +2,7 @@
 import datetime
 import dbfunctions
 import branding
+import usermanagement as usr 
 
 branding.loadBranding()
 
@@ -11,25 +12,29 @@ def createCustomer(custname, mail, phone, address, website, birthdate, notes):
 
 st.write("""
 # Customers
-Here you can see all customers:
 """)
 
-customerList, newCustomer = st.tabs(["All customers", "Create new customer"])
+if usr.checkLogin():
+    st.write('Here you can see all customers:')
 
-with customerList:
-    st.dataframe(dbfunctions.loadTable(f"SELECT * FROM allcustomers"), use_container_width=True)
+    customerList, newCustomer = st.tabs(["All customers", "Create new customer"])
 
-with newCustomer:
-    with st.container():
-        newCustomerName = st.text_input('Customer Name')
-        newCustomerMail = st.text_input('E-Mail Address', placeholder="[email protected]")
-        newCustomerPhone = st.text_input('Phone', placeholder="+41791234567")
-        newCustomerURL = st.text_input('Website', placeholder="https://example.com")
-        newCustomerAddress = st.text_area('Address', placeholder="Example Street 11\n6003 Lucerne")
-        newCustomerBirthdate = st.date_input('Birthdate', min_value=datetime.date(1900, 1, 1))
-        newCustomerNotes = st.text_area('Notes')
-        createCustomerBtn = st.button('Create customer')
+    with customerList:
+        st.dataframe(dbfunctions.loadTable(f"SELECT * FROM allcustomers"), use_container_width=True)
 
-        if createCustomerBtn:
-            createCustomer(newCustomerName, newCustomerMail, newCustomerPhone, newCustomerAddress, newCustomerURL, newCustomerBirthdate, newCustomerNotes)
+    with newCustomer:
+        with st.container():
+            newCustomerName = st.text_input('Customer Name')
+            newCustomerMail = st.text_input('E-Mail Address', placeholder="[email protected]")
+            newCustomerPhone = st.text_input('Phone', placeholder="+41791234567")
+            newCustomerURL = st.text_input('Website', placeholder="https://example.com")
+            newCustomerAddress = st.text_area('Address', placeholder="Example Street 11\n6003 Lucerne")
+            newCustomerBirthdate = st.date_input('Birthdate', min_value=datetime.date(1900, 1, 1))
+            newCustomerNotes = st.text_area('Notes')
+            createCustomerBtn = st.button('Create customer')
 
+            if createCustomerBtn:
+                createCustomer(newCustomerName, newCustomerMail, newCustomerPhone, newCustomerAddress, newCustomerURL, newCustomerBirthdate, newCustomerNotes)
+
+else:
+    usr.showError()

pages/settings.py

@@ -1,17 +1,15 @@
 import streamlit as st
 import dbfunctions
 import branding
+import usermanagement as usr # For detection if user is logged in
 
 branding.loadBranding()
 
 st.write("""
 # Settings
 """)
 
-if 'loginSucceed' not in st.session_state:
-    st.session_state['loginSucceed'] = False
-
-if st.session_state.loginSucceed:
+if usr.checkLogin():
     st.write('You are logged in')
     newUsername = st.text_input('Username', st.session_state.username)
     saveBtn = st.button('Save changes')
@@ -20,4 +18,4 @@
         dbfunctions.executeWithoutFetch(f"UPDATE \"user\" SET username = '{newUsername}' WHERE userid = {int(st.session_state.userid)};")
         st.success('Username changed', icon="✅")
 else:
-    st.write('You are not logged in. Please log in before accessing the settings.')
+    usr.showError()

pages/tickets.py

@@ -1,6 +1,7 @@
 import streamlit as st
 import dbfunctions as db
 import branding
+import usermanagement as usr 
 
 branding.loadBranding()
 
@@ -70,39 +71,42 @@ def updateTicket(ticketid, name, desc, closed, assignment):
 if 'username' not in st.session_state:
     st.session_state['username'] = "SYSTEM"
 
-ticketList, myTickets, newTicket, ticketDetails = st.tabs(["All Tickets", "My Tickets", "Create new ticket", "View ticket"])
+if usr.checkLogin():
+    ticketList, myTickets, newTicket, ticketDetails = st.tabs(["All Tickets", "My Tickets", "Create new ticket", "View ticket"])
 
-with ticketList:
-    toggleClose, toggleCustomer = st.columns(2)
-    showClosedTickets = toggleClose.checkbox('Show completed tickets')
-    orderByName = toggleClose.checkbox('Order by name')
-    selectedCustomers = toggleCustomer.multiselect(
-    'Choose customers to show',
-    getSelectableList('name', 'customer'))
-    if orderByName:
-        loadTicketlist(showClosedTickets, 'Ticketname')
-    else:
-        loadTicketlist(showClosedTickets, 'Ticketnumber')
-    st.write("Press **R** for refreshing the ticket list")
+    with ticketList:
+        toggleClose, toggleCustomer = st.columns(2)
+        showClosedTickets = toggleClose.checkbox('Show completed tickets')
+        orderByName = toggleClose.checkbox('Order by name')
+        selectedCustomers = toggleCustomer.multiselect(
+        'Choose customers to show',
+        getSelectableList('name', 'customer'))
+        if orderByName:
+            loadTicketlist(showClosedTickets, 'Ticketname')
+        else:
+            loadTicketlist(showClosedTickets, 'Ticketnumber')
+        st.write("Press **R** for refreshing the ticket list")
 
-with myTickets:
-    st.dataframe(db.loadTable(f"SELECT * FROM alltickets WHERE \"Status\" = 'Open' AND \"Assigned to\" = '{st.session_state.username}' ORDER BY \"Ticketnumber\""), use_container_width=True)
+    with myTickets:
+        st.dataframe(db.loadTable(f"SELECT * FROM alltickets WHERE \"Status\" = 'Open' AND \"Assigned to\" = '{st.session_state.username}' ORDER BY \"Ticketnumber\""), use_container_width=True)
 
-with newTicket:
-    with st.container():
-        newTicketname = st.text_input('Ticketname')
-        customers = getSelectableList('name', 'customer')
-        users = getSelectableList('username', 'userlist')
-        ticketDescription = st.text_area('Description')
-        ticketCustomer = st.selectbox('Customer', customers)
-        ticketAssignment = st.selectbox('Assign to', users)
-        createTicketBtn = st.button('Create ticket')
+    with newTicket:
+        with st.container():
+            newTicketname = st.text_input('Ticketname')
+            customers = getSelectableList('name', 'customer')
+            users = getSelectableList('username', 'userlist')
+            ticketDescription = st.text_area('Description')
+            ticketCustomer = st.selectbox('Customer', customers)
+            ticketAssignment = st.selectbox('Assign to', users)
+            createTicketBtn = st.button('Create ticket')
 
-    if createTicketBtn:
-        createTicket(newTicketname, ticketDescription, ticketCustomer, ticketAssignment)
+        if createTicketBtn:
+            createTicket(newTicketname, ticketDescription, ticketCustomer, ticketAssignment)
 
-with ticketDetails:
-    # selectTicket = st.selectbox('Select ticket', getSelectableTicketList('SELECT ticketid, "name" FROM ticket;'))
-    selectTicket = st.selectbox('Select ticket', getSelectableList('ticketid', 'ticket'))
-    openTicket(selectTicket)
+    with ticketDetails:
+        # selectTicket = st.selectbox('Select ticket', getSelectableTicketList('SELECT ticketid, "name" FROM ticket;'))
+        selectTicket = st.selectbox('Select ticket', getSelectableList('ticketid', 'ticket'))
+        openTicket(selectTicket)
 
+else:
+    usr.showError()

usermanagement.py

@@ -0,0 +1,20 @@
+# User rights management
+import streamlit as st
+
+def checkLogin():
+    if 'loginSucceed' not in st.session_state:
+        st.session_state['loginSucceed'] = False
+    loginSucceed = st.session_state.loginSucceed
+    return loginSucceed
+
+def showError():
+    st.write('You are not logged in. Please log in before accessing the settings.')
+
+""" Example for use in page
+import usermanagement as usr 
+
+if usr.checkLogin():
+    # Code here
+else:
+    usr.showError()
+"""