flaschengeist/geruecht/routes.py

78 lines
2.4 KiB
Python
Raw Normal View History

from geruecht import app, db, accesTokenController, MONEY, BAR, USER, GASTRO
2019-04-11 21:56:55 +00:00
from geruecht.model.user import User
from geruecht.model.creditList import CreditList
from geruecht.model.priceList import PriceList
2019-04-23 22:08:25 +00:00
from datetime import datetime
2019-04-11 21:56:55 +00:00
from flask import request, jsonify
def verifyAccessToken(token, group):
2019-04-17 12:46:46 +00:00
""" Verify Accestoken
Verify an Accestoken and Group so if the User has permission or not.
Retrieves the accestoken if valid else retrieves None
Args:
token: Token to verify.
group: Group like 'moneymaster', 'gastro', 'user' or 'bar'
Returns:
An the AccesToken for this given Token or None.
2019-04-17 12:46:46 +00:00
"""
2019-04-11 21:56:55 +00:00
accToken = accesTokenController.findAccesToken(token)
print(accToken)
if accToken is not None:
if accesTokenController.isSameGroup(accToken, group):
accToken.updateTimestamp()
return accToken
return None
2019-04-23 22:08:25 +00:00
@app.route("/valid")
def _valid():
2019-04-23 22:08:25 +00:00
token = request.headers.get("Token")
accToken = verifyAccessToken(token, MONEY)
2019-04-23 22:08:25 +00:00
if accToken is not None:
return jsonify(accToken.user.toJSON())
accToken = verifyAccessToken(token, BAR)
if accToken is not None:
return jsonify(accToken.user.toJSON())
accToken = verifyAccessToken(token, GASTRO)
if accToken is not None:
return jsonify(accToken.user.toJSON())
accToken = verifyAccessToken(token, USER)
if accToken is not None:
return jsonify(accToken.user.toJSON())
return jsonify({"error": "permission denied"}), 401
2019-04-11 21:56:55 +00:00
@app.route("/login", methods=['POST'])
def _login():
2019-04-17 12:46:46 +00:00
""" Login User
2019-04-17 12:46:46 +00:00
Nothing to say.
Login in User and create an AccessToken for the User.
Returns:
A JSON-File with createt Token or Errors
"""
2019-04-11 21:56:55 +00:00
data = request.get_json()
print(data)
username = data['username']
password = data['password']
user = User.query.filter_by(username=username).first()
if user:
if user.login(password):
token = accesTokenController.createAccesToken(user)
dic = user.toJSON()
dic["token"] = token
return jsonify(dic)
else:
2019-04-11 21:56:55 +00:00
return jsonify({"error": "wrong password"}), 401
return jsonify({"error": "wrong username"}), 402
2019-04-11 21:56:55 +00:00
@app.route("/getFinanzer")
def getFinanzer():
users = User.query.all()
dic = {}
for user in users:
dic[user.userID] = user.toJSON()
2019-04-11 21:56:55 +00:00
print(dic)
return jsonify(dic)