chore: Error Handling 404 and pages without permission fixed

Author: codeperfectplus

src/blueprints/additional.py

@@ -18,10 +18,3 @@ def about() -> str:
 @additional_bp.route('/permission-denied')
 def permission_denied():
     return render_template('permission_denied.html')
-
-@additional_bp.errorhandler(404)
-def page_not_found(e):
-    return render_template('404.html'), 404
-
-
-

src/blueprints/admin.py

@@ -17,7 +17,7 @@
 def manage_users():
     system_settings = Settings.query.first()
     if current_user.user_level != 'admin':
-        return redirect(url_for('permission_denied'))
+        return redirect(url_for('additional.permission_denied'))
 
     users = User.query.all()
 
@@ -173,7 +173,7 @@ def dashboard():
 @login_required
 def history():
     if current_user.user_level != 'admin':
-        return redirect(url_for('permission_denied'))
+        return redirect(url_for('additional.permission_denied'))
     selected_type = request.args.get('type', 'all')
 
     if selected_type == 'gold':
@@ -260,6 +260,8 @@ def download_transactions_history():
 @login_required
 def update_jeweller_details():
     system_settings = Settings.query.first()
+    if current_user.user_level != 'admin':
+        return redirect(url_for('additional.permission_denied'))
     if request.method == 'POST':
         jeweller = JewellerDetails.query.first()
 

src/blueprints/gold_calculator.py

@@ -17,7 +17,7 @@ def gold_calculator():
     system_settings = Settings.query.first()
     jeweller_details = JewellerDetails.query.first()
     if not system_settings.is_gold_calculator_enabled:
-        return redirect(url_for('permission_denied'))
+        return redirect(url_for('additional.permission_denied'))
     if request.method == 'POST':
         try:
             weight = float(request.form['weight'])

src/blueprints/silver_calculator.py

@@ -15,7 +15,7 @@ def silver_calculator():
     system_settings = Settings.query.first()
     jeweller_details = JewellerDetails.query.first()
     if not system_settings.is_silver_calculator_enabled:
-        return redirect(url_for('permission_denied'))
+        return redirect(url_for('additional.permission_denied'))
     if request.method == 'POST':
         try:
             weight = float(request.form['weight'])

src/config.py

@@ -1,5 +1,5 @@
 import os
-from flask import Flask
+from flask import Flask, render_template
 from flask_session import Session
 from flask_sqlalchemy import SQLAlchemy
 from flask_bcrypt import Bcrypt
@@ -17,4 +17,14 @@
 db = SQLAlchemy(app)
 bcrypt = Bcrypt(app)
 login_manager = LoginManager(app)
-login_manager.login_view = 'login'
+login_manager.login_view = 'auth.login'
+
+# 404 error handler
+@app.errorhandler(404)
+def page_not_found(e):
+    return render_template('404.html'), 404
+
+# 500 error handler
+@app.errorhandler(500)
+def internal_server_error(e):
+    return render_template('500.html'), 500

src/templates/404.html

@@ -7,6 +7,6 @@
     <div class="error-container">
         <h1>404</h1>
         <p>Oops! The page you're looking for can't be found.</p>
-        <a href="{{ url_for('home') }}" class="btn btn-hero mt-4">Go to Home Page</a>
+        <a href="{{ url_for('homepage.home') }}" class="btn btn-hero mt-4">Go to Home Page</a>
     </div>
 {% endblock %}

src/templates/permission_denied.html

@@ -7,6 +7,6 @@
     <div class="container">
         <h1>Permission Denied</h1>
         <p>You do not have enough permissions to access this page.</p>
-        <a href="{{ url_for('home') }}" class="btn btn-hero mt-4">Go to Home Page</a>
+        <a href="{{ url_for('homepage.home') }}" class="btn btn-hero mt-4">Go to Home Page</a>
     </div>
 {% endblock %}