from django.shortcuts import render, redirect from django.http import JsonResponse from django.db import connection from django.contrib import messages from django.views.decorators.csrf import csrf_exempt from django.shortcuts import redirect from functools import wraps def admin_required(view_func): @wraps(view_func) def wrapper(request, *args, **kwargs): usuario = request.session.get("usuario") if not usuario: return redirect("/login/") if usuario.get("rol") != 1: # solo admins return redirect("/") # impedir acceso return view_func(request, *args, **kwargs) return wrapper # ================================================ # 🟦 DASHBOARD DEL ADMIN # ================================================ @admin_required def admin_dashboard(request): total_prod = 0 total_ped = 0 total_usr = 0 actividades = [] try: with connection.cursor() as cur: cur.execute("SELECT COUNT(*) FROM gestion_perfumance.perfume;") total_prod = cur.fetchone()[0] cur.execute("SELECT COUNT(*) FROM gestion_perfumance.venta;") total_ped = cur.fetchone()[0] cur.execute("SELECT COUNT(*) FROM gestion_perfumance.usuario;") total_usr = cur.fetchone()[0] cur.execute(""" SELECT a.descripcion, a.fecha, u.username, r.descripcion AS rol FROM gestion_perfumance.actividad a JOIN gestion_perfumance.usuario u ON a.id_usuario = u.id_usuario JOIN gestion_perfumance.rol r ON u.id_rol = r.id_rol ORDER BY a.fecha DESC LIMIT 8; """) rows = cur.fetchall() actividades = [{ "descripcion": row[0], "fecha": row[1], "username": row[2], "rol": row[3] } for row in rows] except Exception as e: print(f"Error en dashboard: {e}") return render(request, "adminpanel/dashboard.html", { "total_prod": total_prod, "total_ped": total_ped, "total_usr": total_usr, "actividades": actividades }) # ================================================ # 🟪 LISTA DE PRODUCTOS # ================================================ @admin_required def admin_productos(request): perfumes = [] try: with connection.cursor() as cur: cur.execute(""" SELECT p.id_perfume, p.marca, p.presentacion, p.talla, p.stock, g.descripcion FROM gestion_perfumance.perfume p LEFT JOIN gestion_perfumance.genero g ON p.id_genero = g.id_genero ORDER BY p.id_perfume """) rows = cur.fetchall() perfumes = [{ "id_perfume": row[0], "marca": row[1], "presentacion": row[2], "talla": row[3], "stock": row[4], "genero": row[5] or "Sin género" } for row in rows] except Exception as e: messages.error(request, f"Error al cargar productos: {e}") return render(request, "adminpanel/productos.html", {"perfumes": perfumes}) # ================================================ # 🟨 PEDIDOS (Más adelante puedes conectarlo) # ================================================ def admin_pedidos(request): return render(request, "adminpanel/pedidos.html") # ================================================ # 🟧 USUARIOS # ================================================ def admin_usuarios(request): usuarios = [] try: with connection.cursor() as cur: cur.execute(""" SELECT u.id_usuario, u.username, u.email, r.descripcion AS rol FROM gestion_perfumance.usuario u JOIN gestion_perfumance.rol r ON u.id_rol = r.id_rol ORDER BY u.id_usuario; """) rows = cur.fetchall() usuarios = [{ "id_usuario": row[0], "username": row[1], "email": row[2], "rol": row[3] } for row in rows] except Exception as e: messages.error(request, f"Error al cargar usuarios: {e}") return render(request, "adminpanel/usuarios.html", {"usuarios": usuarios}) # ================================================ # 🟧 VISTA CREAR USUARIOS (GET - Mostrar formulario) # ================================================ @admin_required def vista_crear_usuario(request): """Vista para mostrar el formulario de crear usuario""" return render(request, "adminpanel/crear_usuario.html", {}) # ================================================ # 🟧 CREAR USUARIOS # ================================================ def crear_usuario(request): # Vista GET = mostrar formulario if request.method == "GET": try: with connection.cursor() as cur: cur.execute("SELECT id_rol, descripcion FROM gestion_perfumance.rol ORDER BY descripcion;") roles = cur.fetchall() except Exception as e: messages.error(request, f"Error al cargar roles: {e}") roles = [] return render(request, "admin_crear_usuario.html", {"roles": roles}) # Vista POST = insertar usuario username = request.POST.get("username") email = request.POST.get("email") password = request.POST.get("password") id_rol = request.POST.get("id_rol") try: with connection.cursor() as cur: cur.execute(""" INSERT INTO gestion_perfumance.usuario (username, email, password, id_rol) VALUES (%s, %s, %s, %s) """, [username, email, password, id_rol]) # Registrar actividad admin = request.session.get("usuario") if admin: descripcion = f"Creó un nuevo usuario '{username}'." with connection.cursor() as cur: cur.execute(""" INSERT INTO gestion_perfumance.actividad (id_usuario, descripcion) VALUES (%s, %s) """, [admin["id_usuario"], descripcion]) messages.success(request, "Usuario creado con éxito.") except Exception as e: messages.error(request, f"Error al crear usuario: {e}") return redirect("adminpanel:usuarios") # ================================================ # 🟧 VISTA EDITAR USUARIOS (GET - Mostrar formulario) # ================================================ @admin_required def vista_editar_usuario(request, id_usuario): """Vista para mostrar el formulario de editar usuario""" usuario = None try: with connection.cursor() as cur: cur.execute(""" SELECT id_usuario, username, email, id_rol FROM gestion_perfumance.usuario WHERE id_usuario = %s """, [id_usuario]) row = cur.fetchone() if row: usuario = { 'id_usuario': row[0], 'username': row[1], 'email': row[2], 'id_rol': row[3] } except Exception as e: messages.error(request, f"Error al cargar usuario: {e}") if not usuario: return redirect('/adminpanel/usuarios/') return render(request, "adminpanel/editar_usuario.html", {"usuario": usuario}) # ================================================ # 🟧 EDITAR USUARIOS # ================================================ def editar_usuario(request, id_usuario): # GET → cargar formulario con datos if request.method == "GET": try: with connection.cursor() as cur: # Datos del usuario cur.execute(""" SELECT id_usuario, username, email, id_rol FROM gestion_perfumance.usuario WHERE id_usuario = %s """, [id_usuario]) usuario = cur.fetchone() # Roles para dropdown cur.execute("SELECT id_rol, descripcion FROM gestion_perfumance.rol ORDER BY descripcion;") roles = cur.fetchall() except Exception as e: messages.error(request, f"Error al cargar usuario: {e}") return redirect("adminpanel:usuarios") return render(request, "admin_editar_usuario.html", { "usuario": usuario, "roles": roles }) # POST → actualizar usuario username = request.POST.get("username") email = request.POST.get("email") password = request.POST.get("password") id_rol = request.POST.get("id_rol") try: with connection.cursor() as cur: # Si se envió contraseña → actualizarla if password: cur.execute(""" UPDATE gestion_perfumance.usuario SET username = %s, email = %s, password = %s, id_rol = %s WHERE id_usuario = %s """, [username, email, password, id_rol, id_usuario]) else: # Sin cambiar contraseña cur.execute(""" UPDATE gestion_perfumance.usuario SET username = %s, email = %s, id_rol = %s WHERE id_usuario = %s """, [username, email, id_rol, id_usuario]) # Registrar actividad admin = request.session.get("usuario") if admin: descripcion = f"Actualizó el usuario '{username}'." with connection.cursor() as cur: cur.execute(""" INSERT INTO gestion_perfumance.actividad (id_usuario, descripcion) VALUES (%s, %s) """, [admin["id_usuario"], descripcion]) messages.success(request, "Usuario actualizado con éxito.") except Exception as e: messages.error(request, f"Error al actualizar usuario: {e}") return redirect("adminpanel:usuarios") # ================================================ # 🟧 ELIMINAR USUARIOS # ================================================ def eliminar_usuario(request, id_usuario): try: # Obtener nombre (para actividad) with connection.cursor() as cur: cur.execute("SELECT username FROM gestion_perfumance.usuario WHERE id_usuario = %s", [id_usuario]) usuario = cur.fetchone() nombre = usuario[0] if usuario else "Usuario" with connection.cursor() as cur: cur.execute("DELETE FROM gestion_perfumance.usuario WHERE id_usuario = %s", [id_usuario]) # Registrar actividad admin = request.session.get("usuario") if admin: descripcion = f"Eliminó el usuario '{nombre}'." with connection.cursor() as cur: cur.execute(""" INSERT INTO gestion_perfumance.actividad (id_usuario, descripcion) VALUES (%s, %s) """, [admin["id_usuario"], descripcion]) messages.success(request, "Usuario eliminado correctamente.") except Exception as e: messages.error(request, f"Error al eliminar usuario: {e}") return redirect("adminpanel:usuarios") # ================================================ # 🟩 FORMULARIO PARA CREAR PERFUME # ================================================ @admin_required def vista_crear_perfume(request): generos = [] try: with connection.cursor() as cur: cur.execute("SELECT id_genero, descripcion FROM gestion_perfumance.genero ORDER BY descripcion;") rows = cur.fetchall() generos = [{"id": row[0], "nombre": row[1]} for row in rows] except Exception as e: messages.error(request, f"Error al cargar géneros: {e}") return render(request, "adminpanel/crear_perfume.html", {"generos": generos}) # ================================================ # 🟩 CREAR PERFUME (POST) # ================================================ @csrf_exempt @admin_required def crear_perfume(request): if request.method != "POST": return redirect("adminpanel:productos") marca = request.POST.get("marca") presentacion = request.POST.get("presentacion") talla = request.POST.get("talla") id_genero = request.POST.get("id_genero") stock = request.POST.get("stock") precio = request.POST.get("precio") fecha_caducidad = request.POST.get("fecha_caducidad") or None try: with connection.cursor() as cur: cur.execute(""" INSERT INTO gestion_perfumance.perfume (marca, presentacion, talla, id_genero, stock, precio, fecha_caducidad) VALUES (%s, %s, %s, %s, %s, %s, %s) """, [marca, presentacion, talla, id_genero, stock, precio, fecha_caducidad]) # registrar actividad usuario = request.session["usuario"]["id_usuario"] descripcion = f"Agregó perfume {marca}" with connection.cursor() as cur: cur.execute(""" INSERT INTO gestion_perfumance.actividad (id_usuario, descripcion) VALUES (%s, %s) """, [usuario, descripcion]) messages.success(request, "Perfume agregado correctamente.") except Exception as e: messages.error(request, f"Error al crear perfume: {e}") return redirect("adminpanel:productos") # ================================================ # 🟩 EDITAR PERFUME (POST) # ================================================ @csrf_exempt @admin_required def editar_perfume(request, id_perfume): if request.method != "POST": return redirect("adminpanel:productos") marca = request.POST.get("marca") presentacion = request.POST.get("presentacion") talla = request.POST.get("talla") id_genero = request.POST.get("id_genero") stock = request.POST.get("stock") precio = request.POST.get("precio") fecha_caducidad = request.POST.get("fecha_caducidad") or None try: with connection.cursor() as cur: cur.execute(""" UPDATE gestion_perfumance.perfume SET marca=%s, presentacion=%s, talla=%s, id_genero=%s, stock=%s, precio=%s, fecha_caducidad=%s WHERE id_perfume=%s """, [marca, presentacion, talla, id_genero, stock, precio, fecha_caducidad, id_perfume]) # actividad usuario = request.session["usuario"]["id_usuario"] descripcion = f"Editó perfume {marca}" with connection.cursor() as cur: cur.execute(""" INSERT INTO gestion_perfumance.actividad (id_usuario, descripcion) VALUES (%s, %s) """, [usuario, descripcion]) messages.success(request, "Perfume actualizado.") except Exception as e: messages.error(request, f"Error al editar perfume: {e}") return redirect("adminpanel:productos") # ================================================ # 🟩 VISTA EDITAR PERFUME (GET) # ================================================ @admin_required def vista_editar_perfume(request, id_perfume): try: with connection.cursor() as cur: cur.execute(""" SELECT id_perfume, marca, presentacion, talla, stock, precio, id_genero, fecha_caducidad FROM gestion_perfumance.perfume WHERE id_perfume = %s """, [id_perfume]) row = cur.fetchone() cur.execute("SELECT id_genero, descripcion FROM gestion_perfumance.genero") generos = cur.fetchall() if not row: messages.error(request, "Perfume no encontrado.") return redirect("adminpanel:productos") perfume = { "id": row[0], "marca": row[1], "presentacion": row[2], "talla": row[3], "stock": row[4], "precio": row[5], "id_genero": row[6], "fecha_caducidad": row[7] } generos_list = [{"id": g[0], "nombre": g[1]} for g in generos] return render(request, "adminpanel/editar_perfume.html", { "perfume": perfume, "generos": generos_list }) except Exception as e: messages.error(request, f"Error al cargar perfume: {e}") return redirect("adminpanel:productos") # ================================================ # 🟩 ELIMINAR PERFUME # ================================================ @admin_required def eliminar_perfume(request, id_perfume): try: with connection.cursor() as cur: # obtener nombre antes de borrar cur.execute("SELECT marca FROM gestion_perfumance.perfume WHERE id_perfume = %s", [id_perfume]) row = cur.fetchone() marca = row[0] if row else "Perfume" cur.execute("DELETE FROM gestion_perfumance.perfume WHERE id_perfume = %s", [id_perfume]) usuario = request.session["usuario"]["id_usuario"] descripcion = f"Eliminó perfume {marca}" with connection.cursor() as cur: cur.execute(""" INSERT INTO gestion_perfumance.actividad (id_usuario, descripcion) VALUES (%s, %s) """, [usuario, descripcion]) messages.success(request, "Perfume eliminado.") except Exception as e: messages.error(request, f"Error al eliminar: {e}") return redirect("adminpanel:productos")