diff --git a/geruecht/baruser/routes.py b/geruecht/baruser/routes.py index e86a6c4..2fc7b59 100644 --- a/geruecht/baruser/routes.py +++ b/geruecht/baruser/routes.py @@ -1,8 +1,9 @@ from flask import Blueprint, request, jsonify import geruecht.controller.ldapController as lc import geruecht.controller.mainController as mc +import geruecht.controller.accesTokenController as ac from datetime import datetime -from geruecht.model import BAR, MONEY, USER, VORSTAND +from geruecht.model import BAR, MONEY, USER, VORSTAND, EXTERN from geruecht.decorator import login_required from geruecht.logger import getDebugLogger, getCreditLogger @@ -13,6 +14,7 @@ baruser = Blueprint("baruser", __name__) ldap = lc.LDAPController() mainController = mc.MainController() +accesTokenController = ac.AccesTokenController() @baruser.route("/bar") @@ -208,6 +210,8 @@ def _lockbar(**kwargs): if request.method == "POST": data = request.get_json() accToken.lock_bar = data['value'] + accToken = accesTokenController.updateAccessToken(accToken) + accToken = accesTokenController.validateAccessToken(accToken.token, [USER, EXTERN]) debug.debug('return {{ "value": {} }}'.format(accToken.lock_bar)) return jsonify({'value': accToken.lock_bar}) diff --git a/geruecht/controller/accesTokenController.py b/geruecht/controller/accesTokenController.py index 58675e2..bec7703 100644 --- a/geruecht/controller/accesTokenController.py +++ b/geruecht/controller/accesTokenController.py @@ -39,10 +39,12 @@ class AccesTokenController(metaclass=Singleton): if BAR not in user.group: debug.debug("append bar to user {{ {} }}".format(user)) user.group.append(BAR) + return True else: while BAR in user.group: debug.debug("delete bar from user {{ {} }}".format(user)) user.group.remove(BAR) + return False debug.debug("user {{ {} }} groups are {{ {} }}".format(user, user.group)) def validateAccessToken(self, token, group): @@ -66,7 +68,8 @@ class AccesTokenController(metaclass=Singleton): if now <= endTime: debug.debug("check if token {{ {} }} is same as {{ {} }}".format(token, accToken)) if accToken == token: - self.checkBar(accToken.user) + if not self.checkBar(accToken.user): + accToken.lock_bar = False debug.debug("check if accestoken {{ {} }} has group {{ {} }}".format(accToken, group)) if self.isSameGroup(accToken, group): accToken.updateTimestamp() diff --git a/geruecht/controller/databaseController/dbAccessTokenController.py b/geruecht/controller/databaseController/dbAccessTokenController.py index 2182976..13ae442 100644 --- a/geruecht/controller/databaseController/dbAccessTokenController.py +++ b/geruecht/controller/databaseController/dbAccessTokenController.py @@ -16,7 +16,7 @@ class Base: raise DatabaseExecption("item as no type int or str. name={}, type={}".format(item, type(item))) cursor.execute(sql) session = cursor.fetchone() - retVal = AccessToken(session['id'], self.getUserById(session['user']), session['token'], session['lifetime'], session['timestamp'], browser=session['browser'], platform=session['platform']) if session != None else None + retVal = AccessToken(session['id'], self.getUserById(session['user']), session['token'], session['lifetime'], lock_bar=bool(session['lock_bar']),timestamp=session['timestamp'], browser=session['browser'], platform=session['platform']) if session != None else None return retVal except Exception as err: traceback.print_exc() @@ -30,7 +30,7 @@ class Base: sessions = cursor.fetchall() retVal = [ AccessToken(session['id'], self.getUserById(session['user']), session['token'], session['lifetime'], - session['timestamp'], browser=session['browser'], platform=session['platform']) for session in sessions] + lock_bar=bool(session['lock_bar']), timestamp=session['timestamp'], browser=session['browser'], platform=session['platform']) for session in sessions] return retVal except Exception as err: traceback.print_exc() @@ -42,7 +42,7 @@ class Base: cursor = self.db.connection.cursor() cursor.execute("select * from session") sessions = cursor.fetchall() - retVal = [AccessToken(session['id'], self.getUserById(session['user']), session['token'], session['lifetime'], session['timestamp'], browser=session['browser'], platform=session['platform']) for session in sessions] + retVal = [AccessToken(session['id'], self.getUserById(session['user']), session['token'], session['lifetime'], lock_bar=bool(session['lock_bar']),timestamp=session['timestamp'], browser=session['browser'], platform=session['platform']) for session in sessions] return retVal except Exception as err: traceback.print_exc() diff --git a/geruecht/model/accessToken.py b/geruecht/model/accessToken.py index 91586c9..6e777f7 100644 --- a/geruecht/model/accessToken.py +++ b/geruecht/model/accessToken.py @@ -16,7 +16,7 @@ class AccessToken(): user = None token = None - def __init__(self, id, user, token, lifetime, timestamp=datetime.now(), browser=None, platform=None): + def __init__(self, id, user, token, lifetime, lock_bar=False, timestamp=datetime.now(), browser=None, platform=None): """ Initialize Class AccessToken No more to say. @@ -32,7 +32,7 @@ class AccessToken(): self.timestamp = timestamp self.lifetime = lifetime self.token = token - self.lock_bar = False + self.lock_bar = lock_bar self.browser = browser self.platform = platform debug.debug("accesstoken is {{ {} }}".format(self))