diff --git a/geruecht/baruser/routes.py b/geruecht/baruser/routes.py index 5aba339..155ae6c 100644 --- a/geruecht/baruser/routes.py +++ b/geruecht/baruser/routes.py @@ -38,6 +38,7 @@ def _bar(): "firstname": user.firstname, "lastname": user.lastname, "amount": abs(month[0] - month[1]), + "locked": user.locked, "type": type } return jsonify(dic) @@ -68,7 +69,7 @@ def _baradd(): month = user.getGeruecht(year=date.year).getMonth(month=date.month) amount = abs(month[0] - month[1]) - return jsonify({"userId": user.uid, "amount": amount}) + return jsonify({"userId": user.uid, "amount": amount, 'locked': user.locked}) return jsonify({"error", "permission denied"}), 401 @baruser.route("/barGetUsers") @@ -91,6 +92,17 @@ def _getUsers(): return jsonify(retVal) return jsonify({"error": "permission denied"}), 401 +@baruser.route("/barGetUser", methods=['POST']) +def _getUser(): + token = request.headers.get("Token") + accToken = accesTokenController.validateAccessToken(token, BAR) + if accToken: + data = request.get_json() + username = data['userId'] + retVal = userController.getUser(username).toJSON() + return jsonify(retVal) + return jsonify("error", "permission denied"), 401 + @baruser.route("/search", methods=['POST']) def _search(): token = request.headers.get("Token") diff --git a/geruecht/controller/databaseController.py b/geruecht/controller/databaseController.py index 54f5f15..9d7fb68 100644 --- a/geruecht/controller/databaseController.py +++ b/geruecht/controller/databaseController.py @@ -74,8 +74,8 @@ class DatabaseController(metaclass=Singleton): cursor = self.db.cursor() groups = self._convertGroupToString(user.group) try: - cursor.execute("insert into user (uid, dn, firstname, lastname, gruppe, limit, locked, autoLock) VALUES ('{}','{}','{}','{}','{}',{},{},{})".format( - user.uid, user.dn, user.firstname, user.lastname, groups)) + cursor.execute("insert into user (uid, dn, firstname, lastname, gruppe, lockLimit, locked, autoLock) VALUES ('{}','{}','{}','{}','{}',{},{},{})".format( + user.uid, user.dn, user.firstname, user.lastname, groups, user.limit, user.locked, user.autoLock)) self.db.commit() except Exception as err: self.db.rollback() @@ -88,8 +88,10 @@ class DatabaseController(metaclass=Singleton): cursor = self.db.cursor() groups = self._convertGroupToString(user.group) try: - cursor.execute("update user set dn='{}', firstname='{}', lastname='{}', gruppe='{}, limit={}, locked={}, autoLock={}' where uid='{}'".format( - user.dn, user.firstname, user.lastname, groups, user.limit, user.locked, user.autoLock, user.uid)) + sql = "update user set dn='{}', firstname='{}', lastname='{}', gruppe='{}', lockLimit={}, locked={}, autoLock={} where uid='{}'".format( + user.dn, user.firstname, user.lastname, groups, user.limit, user.locked, user.autoLock, user.uid) + print(sql) + cursor.execute(sql) self.db.commit() except Exception as err: self.db.rollback() diff --git a/geruecht/controller/userController.py b/geruecht/controller/userController.py index 21ee2f5..fcf3d7e 100644 --- a/geruecht/controller/userController.py +++ b/geruecht/controller/userController.py @@ -1,24 +1,41 @@ from . import LOGGER, Singleton, db, ldapController as ldap from geruecht.model.user import User from geruecht.exceptions import PermissionDenied +from datetime import datetime class UserController(metaclass=Singleton): def __init__(self): pass + def lockUser(self, username, locked): + user = self.getUser(username) + user.updateData({'locked': locked}) + db.updateUser(user) + return self.getUser(username) + def updateConfig(self, username, data): user = self.getUser(username) user.updateData(data) db.updateUser(user) return self.getUser(username) - def addAmount(self, username, amount, year, month): + def autoLock(self, user): + if user.autoLock: + if user.getGeruecht(year=datetime.now().year).getSchulden() <= (-1*user.limit): + user.updateData({'locked': True}) + else: + user.updateData({'locked': False}) + db.updateUser(user) + + def addAmount(self, username, amount, year, month, finanzer=False): user = self.getUser(username) - user.addAmount(amount, year=year, month=month) - creditLists = user.updateGeruecht() - for creditList in creditLists: - db.updateCreditList(creditList) + if not user.locked or finanzer: + user.addAmount(amount, year=year, month=month) + creditLists = user.updateGeruecht() + for creditList in creditLists: + db.updateCreditList(creditList) + self.autoLock(user) return user.getGeruecht(year) def addCredit(self, username, credit, year, month): @@ -27,6 +44,7 @@ class UserController(metaclass=Singleton): creditLists = user.updateGeruecht() for creditList in creditLists: db.updateCreditList(creditList) + self.autoLock(user) return user.getGeruecht(year) def getAllUsersfromDB(self): @@ -36,6 +54,7 @@ class UserController(metaclass=Singleton): user = db.getUser(username) groups = ldap.getGroup(username) user_data = ldap.getUserData(username) + user_data['gruppe'] = groups user_data['group'] = groups if user is None: user = User(user_data) diff --git a/geruecht/finanzer/routes.py b/geruecht/finanzer/routes.py index a7cb678..f81ce0b 100644 --- a/geruecht/finanzer/routes.py +++ b/geruecht/finanzer/routes.py @@ -69,7 +69,7 @@ def _addAmount(): LOGGER.error("KeyError in month. Month is set to default.") month = datetime.now().month LOGGER.debug("Year is {} and Month is {}".format(year, month)) - userController.addAmount(userID, amount, year=year, month=month) + userController.addAmount(userID, amount, year=year, month=month, finanzer=True) retVal = {geruecht.year: geruecht.toJSON() for geruecht in userController.getUser(userID).geruechte} LOGGER.info("Send updated Geruecht") return jsonify(retVal) @@ -120,3 +120,30 @@ def _addCredit(): return jsonify(retVal) LOGGER.info("Permission Denied") return jsonify({"error": "permission denied"}), 401 + +@finanzer.route("/finanzerLock", methods=['POST']) +def _finanzerLock(): + token = request.headers.get("Token") + accToken = accesTokenController.validateAccessToken(token, MONEY) + + if accToken: + data = request.get_json() + username = data['userId'] + locked = bool(data['locked']) + retVal = userController.lockUser(username, locked).toJSON() + return jsonify(retVal) + return jsonify({"error": "permission denied"}), 401 + +@finanzer.route("/finanzerSetConfig", methods=['POST']) +def _finanzerSetConfig(): + token = request.headers.get("Token") + accToken = accesTokenController.validateAccessToken(token, MONEY) + + if accToken: + data = request.get_json() + username = data['userId'] + autoLock = bool(data['autoLock']) + limit = int(data['limit']) + retVal = userController.updateConfig(username, {'lockLimit': limit, 'autoLock': autoLock}).toJSON() + return jsonify(retVal) + return jsonify({"error": "permission denied"}), 401 \ No newline at end of file diff --git a/geruecht/model/user.py b/geruecht/model/user.py index d709939..85c6b7a 100644 --- a/geruecht/model/user.py +++ b/geruecht/model/user.py @@ -20,14 +20,15 @@ class User(): password: salted hashed password for the User. """ def __init__(self, data): - self.id = int(data['id']) + if 'id' in data: + self.id = int(data['id']) self.uid = data['uid'] self.dn = data['dn'] self.firstname = data['firstname'] self.lastname = data['lastname'] self.group = data['gruppe'] - if 'limit' in data: - self.limit = data['limit'] + if 'lockLimit' in data: + self.limit = int(data['lockLimit']) else: self.limit = 4200 if 'locked' in data: @@ -54,8 +55,8 @@ class User(): self.lastname = data['lastname'] if 'gruppe' in data: self.group = data['gruppe'] - if 'limit' in data: - self.limit = data['limit'] + if 'lockLimit' in data: + self.limit = int(data['lockLimit']) if 'locked' in data: self.locked = bool(data['locked']) if 'autoLock' in data: