diff --git a/core/frontend.py b/core/frontend.py index d070aa1..c593828 100644 --- a/core/frontend.py +++ b/core/frontend.py @@ -479,7 +479,8 @@ class FE_User(FE_Base): 'chip_id': c['chip_id'], 'idm': c['idm'], 'type': c_type, - "memo": c['memo'] + "memo": c['memo'], + "id": c['id'], }) if "e" in request.query_params: @@ -522,39 +523,100 @@ class FE_User(FE_Base): return RedirectResponse("/gate/", 303) frm = await request.form() - ac = frm.get("add_access_code", None) + cid = frm.get("card_edit_frm_card_id", None) + if not cid: + return RedirectResponse("/user/?e=999", 303) + + ac = frm.get("card_edit_frm_access_code", None) if not ac: return RedirectResponse("/user/?e=999", 303) - card = await self.data.card.get_card_by_access_code(ac) + card = await self.data.card.get_card_by_id(cid) if not card: return RedirectResponse("/user/?e=2", 303) if card['user'] != usr_sesh.user_id and not self.test_perm_minimum(usr_sesh.permissions, PermissionOffset.USERMOD): return RedirectResponse("/user/?e=11", 303) - if frm.get("add_memo", None): + if frm.get("add_memo", None) or frm.get("add_memo", None) == "": memo = frm.get("add_memo") - if len(memo) > 16 or len(memo) == 0: + if len(memo) > 16: return RedirectResponse("/user/?e=4", 303) await self.data.card.set_memo_by_access_code(ac, memo) - if frm.get("add_felica_idm", None): - idm = frm.get('add_felica_idm') - if not all(c in string.hexdigits for c in idm): - return RedirectResponse("/user/?e=4", 303) - await self.data.card.set_idm_by_access_code(ac, idm) + if False: # Saving this in case I want to allow editing idm/chip ID down the line + if frm.get("add_felica_idm", None): + idm = frm.get('add_felica_idm') + if not all(c in string.hexdigits for c in idm): + return RedirectResponse("/user/?e=4", 303) + await self.data.card.set_idm_by_access_code(ac, idm) - if frm.get("add_mifare_chip_id", None): - chip_id: str = frm.get('add_mifare_chip_id') - if not all(c in string.hexdigits for c in idm): - return RedirectResponse("/user/?e=4", 303) - await self.data.card.set_chip_id_by_access_code(ac, int(chip_id, 16)) + if frm.get("add_mifare_chip_id", None): + chip_id: str = frm.get('add_mifare_chip_id') + if not all(c in string.hexdigits for c in idm): + return RedirectResponse("/user/?e=4", 303) + await self.data.card.set_chip_id_by_access_code(ac, int(chip_id, 16)) return RedirectResponse("/user/?s=4", 303) async def add_card(self, request: Request) -> RedirectResponse: - return RedirectResponse("/user/", 303) + frm = await request.form() + card_type = frm.get("card_add_frm_type", None) + access_code = frm.get("add_access_code", None) + idm = frm.get("add_idm", None) + idm_caps = None + + usr_sesh = self.validate_session(request) + if not usr_sesh or not self.test_perm(usr_sesh.permissions, PermissionOffset.USERMOD): + return RedirectResponse("/gate/", 303) + + if not len(access_code) == 20 or (not access_code.startswith("5") and not access_code.startswith("3") \ + and not access_code.startswith("010") and not access_code.startswith("0008")): + return RedirectResponse("/user/?e=4", 303) + + if card_type == "0" and access_code.startswith("5") and len(idm) == 16: + idm_caps = idm.upper() + + if not all([x in string.hexdigits for x in idm_caps]): + return RedirectResponse("/user/?e=4", 303) + + if access_code.startswith("5") and not idm_caps: + return RedirectResponse("/user/?e=13", 303) + + test = await self.data.card.get_card_by_access_code(access_code) + if test: + return RedirectResponse("/user/?e=12", 303) + + if idm_caps: + test = await self.data.card.get_card_by_idm(idm_caps) + if test and test['user'] != usr_sesh.user_id: + return RedirectResponse("/user/?e=12", 303) + + test = await self.data.card.get_card_by_access_code(self.data.card.to_access_code(idm_caps)) + if test: + if test['user'] != usr_sesh.user_id: + return RedirectResponse("/user/?e=12", 303) + + await self.data.card.set_access_code_by_access_code(test['access_code'], access_code) + self.logger.info(f"Update card {test['id']} from {test['access_code']} to {access_code} for user {usr_sesh.user_id}") + + await self.data.card.set_idm_by_access_code(access_code, idm_caps) + self.logger.info(f"Set IDm for card {access_code} to {idm_caps}") + return RedirectResponse("/user/?s=1", 303) + + if card_type == "0" and access_code.startswith("0008"): + test = await self.data.card.get_card_by_idm(self.data.card.to_idm(access_code)) + if test: + return RedirectResponse("/user/?e=12", 303) + + new_card = await self.data.card.create_card(usr_sesh.user_id, access_code) + self.logger.info(f"Created new card {new_card} with access code {access_code} for user {usr_sesh.user_id}") + + if idm_caps: + await self.data.card.set_idm_by_access_code(access_code, idm_caps) + self.logger.info(f"Set IDm for card {access_code} to {idm_caps}") + + return RedirectResponse("/user/?s=1", 303) async def render_POST(self, request: Request): frm = await request.form() diff --git a/core/templates/user/index.jinja b/core/templates/user/index.jinja index 578702c..c2f3345 100644 --- a/core/templates/user/index.jinja +++ b/core/templates/user/index.jinja @@ -28,12 +28,28 @@ function toggle_add_card_form() { } } -function prep_edit_form(access_code, chip_id, idm, card_type, u_memo) { +function toggle_idm_disabled(is_disabled) { + document.getElementById("btn_add_card"); + let dv = document.getElementById("add_card_container") + + if (dv.style['display'] != "") { + btn.innerText = "Cancel"; + dv.style['display'] = ""; + } else { + btn.innerText = "Add"; + dv.style['display'] = "none"; + } +} + +function prep_edit_form(access_code, chip_id, idm, card_type, u_memo, card_id) { ac = document.getElementById("card_edit_frm_access_code"); cid = document.getElementById("card_edit_frm_chip_id"); fidm = document.getElementById("card_edit_frm_idm"); memo = document.getElementById("card_edit_frm_memo"); + + document.getElementById("card_edit_frm_card_id").value = card_id; + if (chip_id == "None" || chip_id == undefined) { chip_id = "" } @@ -52,7 +68,7 @@ function prep_edit_form(access_code, chip_id, idm, card_type, u_memo) { if (access_code.startsWith("3") || access_code.startsWith("010")) { cid.disabled = false; fidm.disabled = true; - } else if (access_code.startsWith("5")) { + } else if (access_code.startsWith("5") || access_code.startsWith("0008")) { cid.disabled = true; fidm.disabled = false; } else { @@ -87,9 +103,23 @@ Card added successfully {% endif %} diff --git a/core/templates/widgets/err_banner.jinja b/core/templates/widgets/err_banner.jinja index 25208df..f1f4899 100644 --- a/core/templates/widgets/err_banner.jinja +++ b/core/templates/widgets/err_banner.jinja @@ -23,6 +23,10 @@ You must be logged in to preform this action Invalid serial number {% elif error == 11 %} Access Denied +{% elif error == 12 %} +Card already registered +{% elif error == 13 %} +AmusementIC Access Codes beginning with 5 must have IDm {% else %} An unknown error occoured {% endif %}