Загрузка данных

from flask import Flask, render_template, redirect, url_for, request, flash, session
from sqlmodel import Session, select
from models import User, Product, engine, create_db_and_tables


app = Flask(__name__)
app.secret_key = "pofwejpofewpojfjpowejpofyu9023h0f2"

#! ОПРЕДЕЛЯЕТ ТЫ АДМИН ИЛИ ПОЛЬЗОВАТЕЛЬ
def get_current_user():
    if "user_id" in session:
        with Session(engine) as db_session:
            return db_session.get(User, session["user_id"])
    return None


@app.route("/")
def index():
    with Session(engine) as db_session:
        products = db_session.exec(select(Product)).all()
    return render_template("index.html", products=products, user=get_current_user())



@app.route("/admin", methods=["GET", "POST"])
def admin():
    user = get_current_user()
    if not user or not user.is_admin:
        return "Доступ запрещен", 403
    
    if request.method == "POST":
        with Session(engine) as db_session:
            new_product = Product(
                name=request.form["name"],
                description=request.form["description"],
                price=float(request.form["price"]),
                main_image=request.form["main_image"],
                image_2=request.form.get("image_2"),
                image_3=request.form.get("image_3"),
                image_4=request.form.get("image_4")                
            )
            db_session.add(new_product)
            db_session.commit()
            return redirect(url_for("admin"))
        
    with Session(engine) as db_session:
        products = db_session.exec(select(Product)).all()
    return render_template("admin.html", products=products, user=user)

@app.route("/register", methods=["GET", "POST"])
def register():
    if request.method == "POST":
        with Session(engine) as db_session:
            #! Если пользователей еще нет, первый станет админом
            is_first = db_session.exec(select(User)).first() is None
            new_user = User(
                username=request.form["username"],
                password=request.form["password"],
                is_admin=is_first
            )
            db_session.add(new_user)
            db_session.commit()
            flash("Регистрация успешна! Войдите в аккаунт.")
            return redirect(url_for("login"))
        
    return render_template("register.html")


@app.route("/login", methods=["GET", "POST"])
def login():
    if request.method == "POST":
        
        with Session(engine) as db_session:
            #! Проверяем, есть ли такой пользователь
            #! если мы нашли человека, то вытаскиваем его из базы
            user = db_session.exec(
                select(User).where(
                    User.username == request.form["username"]
                )
            ).first()
            #! если Тимофей == Тимофей и 12345 == 12345
            if user and user.password == request.form["password"]:
                session["user_id"] = user.id #! сохраняем в браузере информацию о человеке
                return redirect(url_for("index")) #! переводим человека на главную страницу
            flash("Неверный логин или пароль")
    return render_template("login.html")

@app.route("/product/<int:product_id>")
def product_detail(product_id):
    with Session(engine) as db_session:
        product = db_session.get(Product, product_id)
        if not product:
            return "Товар не найден", 404
    return render_template("product.html", product=product, user=get_current_user())

@app.route("/logout")
def logout():
    session.clear()
    return redirect(url_for("index"))

if __name__ == "__main__":
    create_db_and_tables()
    app.run(debug=True)