flaschengeist/geruecht/routes.py

112 lines
3.8 KiB
Python
Raw Normal View History

from geruecht import app, LOGGER
2020-03-03 21:33:47 +00:00
from geruecht.decorator import login_required
from geruecht.exceptions import PermissionDenied
import geruecht.controller.accesTokenController as ac
import geruecht.controller.userController as uc
2020-03-04 20:11:41 +00:00
from geruecht.model import MONEY, BAR, USER, GASTRO, VORSTAND, EXTERN
2019-04-11 21:56:55 +00:00
from flask import request, jsonify
accesTokenController = ac.AccesTokenController()
userController = uc.UserController()
def login(user, password):
return user.login(password)
2020-01-17 00:05:58 +00:00
2019-04-23 22:08:25 +00:00
@app.route("/valid")
def _valid():
2019-04-23 22:08:25 +00:00
token = request.headers.get("Token")
2020-01-18 22:31:49 +00:00
accToken = accesTokenController.validateAccessToken(token, [MONEY])
if accToken:
2019-04-23 22:08:25 +00:00
return jsonify(accToken.user.toJSON())
2020-01-18 22:31:49 +00:00
accToken = accesTokenController.validateAccessToken(token, [BAR])
if accToken:
2019-04-23 22:08:25 +00:00
return jsonify(accToken.user.toJSON())
2020-01-18 22:31:49 +00:00
accToken = accesTokenController.validateAccessToken(token, [GASTRO])
if accToken:
2019-04-23 22:08:25 +00:00
return jsonify(accToken.user.toJSON())
2020-01-18 22:31:49 +00:00
accToken = accesTokenController.validateAccessToken(token, [USER])
if accToken:
return jsonify(accToken.user.toJSON())
return jsonify({"error": "permission denied"}), 401
2020-02-27 20:55:00 +00:00
@app.route("/pricelist", methods=['GET'])
def _getPricelist():
try:
retVal = userController.getPricelist()
print(retVal)
return jsonify(retVal)
except Exception as err:
return jsonify({"error": str(err)})
@app.route('/drinkTypes', methods=['GET'])
def getTypes():
try:
retVal = userController.getAllDrinkTypes()
return jsonify(retVal)
except Exception as err:
return jsonify({"error": str(err)}), 500
2020-03-03 21:33:47 +00:00
@app.route('/getAllStatus', methods=['GET'])
2020-03-04 20:11:41 +00:00
@login_required(groups=[USER, MONEY, GASTRO, BAR, VORSTAND])
2020-03-03 21:33:47 +00:00
def _getAllStatus(**kwargs):
try:
retVal = userController.getAllStatus()
return jsonify(retVal)
except Exception as err:
return jsonify({"error": str(err)}), 500
2020-02-27 20:55:00 +00:00
2020-03-03 21:33:47 +00:00
@app.route('/getStatus', methods=['POST'])
2020-03-04 20:11:41 +00:00
@login_required(groups=[USER, MONEY, GASTRO, BAR, VORSTAND])
2020-03-03 21:33:47 +00:00
def _getStatus(**kwargs):
try:
data = request.get_json()
name = data['name']
retVal = userController.getStatus(name)
return jsonify(retVal)
except Exception as err:
return jsonify({"error": str(err)}), 500
@app.route('/getUsers', methods=['GET'])
2020-03-04 20:11:41 +00:00
@login_required(groups=[MONEY, GASTRO, VORSTAND])
2020-03-03 21:33:47 +00:00
def _getUsers(**kwargs):
try:
users = userController.getAllUsersfromDB()
retVal = [user.toJSON() for user in users]
return jsonify(retVal)
except Exception as err:
return jsonify({"error": str(err)}), 500
2020-01-17 00:05:58 +00:00
2019-04-11 21:56:55 +00:00
@app.route("/login", methods=['POST'])
def _login():
2019-04-17 12:46:46 +00:00
""" Login User
2019-04-17 12:46:46 +00:00
Nothing to say.
Login in User and create an AccessToken for the User.
Returns:
A JSON-File with createt Token or Errors
"""
LOGGER.info("Start log in.")
2019-04-11 21:56:55 +00:00
data = request.get_json()
2019-12-22 21:27:39 +00:00
print(data)
LOGGER.debug("JSON from request: {}".format(data))
2019-04-11 21:56:55 +00:00
username = data['username']
password = data['password']
LOGGER.info("search {} in database".format(username))
try:
2020-01-26 22:31:22 +00:00
user, ldap_conn = userController.loginUser(username, password)
2020-01-17 00:05:58 +00:00
user.password = password
2020-01-26 22:31:22 +00:00
token = accesTokenController.createAccesToken(user, ldap_conn)
2020-03-04 20:11:41 +00:00
dic = accesTokenController.validateAccessToken(token, [USER, EXTERN]).user.toJSON()
dic["token"] = token
dic["accessToken"] = token
LOGGER.info("User {} success login.".format(username))
return jsonify(dic)
except PermissionDenied as err:
return jsonify({"error": str(err)}), 401
2020-03-04 20:11:41 +00:00
except Exception as err:
return jsonify({"error": "permission denied"}), 401
LOGGER.info("User {} does not exist.".format(username))
return jsonify({"error": "wrong username"}), 401