update to lock user and if bar user add a locked user, he see it

This commit is contained in:
Tim Gröger 2019-12-29 17:55:21 +01:00
parent 5607ec72f7
commit 92c2c95a34
5 changed files with 77 additions and 16 deletions

View File

@ -38,6 +38,7 @@ def _bar():
"firstname": user.firstname,
"lastname": user.lastname,
"amount": abs(month[0] - month[1]),
"locked": user.locked,
"type": type
}
return jsonify(dic)
@ -68,7 +69,7 @@ def _baradd():
month = user.getGeruecht(year=date.year).getMonth(month=date.month)
amount = abs(month[0] - month[1])
return jsonify({"userId": user.uid, "amount": amount})
return jsonify({"userId": user.uid, "amount": amount, 'locked': user.locked})
return jsonify({"error", "permission denied"}), 401
@baruser.route("/barGetUsers")
@ -91,6 +92,17 @@ def _getUsers():
return jsonify(retVal)
return jsonify({"error": "permission denied"}), 401
@baruser.route("/barGetUser", methods=['POST'])
def _getUser():
token = request.headers.get("Token")
accToken = accesTokenController.validateAccessToken(token, BAR)
if accToken:
data = request.get_json()
username = data['userId']
retVal = userController.getUser(username).toJSON()
return jsonify(retVal)
return jsonify("error", "permission denied"), 401
@baruser.route("/search", methods=['POST'])
def _search():
token = request.headers.get("Token")

View File

@ -74,8 +74,8 @@ class DatabaseController(metaclass=Singleton):
cursor = self.db.cursor()
groups = self._convertGroupToString(user.group)
try:
cursor.execute("insert into user (uid, dn, firstname, lastname, gruppe, limit, locked, autoLock) VALUES ('{}','{}','{}','{}','{}',{},{},{})".format(
user.uid, user.dn, user.firstname, user.lastname, groups))
cursor.execute("insert into user (uid, dn, firstname, lastname, gruppe, lockLimit, locked, autoLock) VALUES ('{}','{}','{}','{}','{}',{},{},{})".format(
user.uid, user.dn, user.firstname, user.lastname, groups, user.limit, user.locked, user.autoLock))
self.db.commit()
except Exception as err:
self.db.rollback()
@ -88,8 +88,10 @@ class DatabaseController(metaclass=Singleton):
cursor = self.db.cursor()
groups = self._convertGroupToString(user.group)
try:
cursor.execute("update user set dn='{}', firstname='{}', lastname='{}', gruppe='{}, limit={}, locked={}, autoLock={}' where uid='{}'".format(
user.dn, user.firstname, user.lastname, groups, user.limit, user.locked, user.autoLock, user.uid))
sql = "update user set dn='{}', firstname='{}', lastname='{}', gruppe='{}', lockLimit={}, locked={}, autoLock={} where uid='{}'".format(
user.dn, user.firstname, user.lastname, groups, user.limit, user.locked, user.autoLock, user.uid)
print(sql)
cursor.execute(sql)
self.db.commit()
except Exception as err:
self.db.rollback()

View File

@ -1,24 +1,41 @@
from . import LOGGER, Singleton, db, ldapController as ldap
from geruecht.model.user import User
from geruecht.exceptions import PermissionDenied
from datetime import datetime
class UserController(metaclass=Singleton):
def __init__(self):
pass
def lockUser(self, username, locked):
user = self.getUser(username)
user.updateData({'locked': locked})
db.updateUser(user)
return self.getUser(username)
def updateConfig(self, username, data):
user = self.getUser(username)
user.updateData(data)
db.updateUser(user)
return self.getUser(username)
def addAmount(self, username, amount, year, month):
def autoLock(self, user):
if user.autoLock:
if user.getGeruecht(year=datetime.now().year).getSchulden() <= (-1*user.limit):
user.updateData({'locked': True})
else:
user.updateData({'locked': False})
db.updateUser(user)
def addAmount(self, username, amount, year, month, finanzer=False):
user = self.getUser(username)
if not user.locked or finanzer:
user.addAmount(amount, year=year, month=month)
creditLists = user.updateGeruecht()
for creditList in creditLists:
db.updateCreditList(creditList)
self.autoLock(user)
return user.getGeruecht(year)
def addCredit(self, username, credit, year, month):
@ -27,6 +44,7 @@ class UserController(metaclass=Singleton):
creditLists = user.updateGeruecht()
for creditList in creditLists:
db.updateCreditList(creditList)
self.autoLock(user)
return user.getGeruecht(year)
def getAllUsersfromDB(self):
@ -36,6 +54,7 @@ class UserController(metaclass=Singleton):
user = db.getUser(username)
groups = ldap.getGroup(username)
user_data = ldap.getUserData(username)
user_data['gruppe'] = groups
user_data['group'] = groups
if user is None:
user = User(user_data)

View File

@ -69,7 +69,7 @@ def _addAmount():
LOGGER.error("KeyError in month. Month is set to default.")
month = datetime.now().month
LOGGER.debug("Year is {} and Month is {}".format(year, month))
userController.addAmount(userID, amount, year=year, month=month)
userController.addAmount(userID, amount, year=year, month=month, finanzer=True)
retVal = {geruecht.year: geruecht.toJSON() for geruecht in userController.getUser(userID).geruechte}
LOGGER.info("Send updated Geruecht")
return jsonify(retVal)
@ -120,3 +120,30 @@ def _addCredit():
return jsonify(retVal)
LOGGER.info("Permission Denied")
return jsonify({"error": "permission denied"}), 401
@finanzer.route("/finanzerLock", methods=['POST'])
def _finanzerLock():
token = request.headers.get("Token")
accToken = accesTokenController.validateAccessToken(token, MONEY)
if accToken:
data = request.get_json()
username = data['userId']
locked = bool(data['locked'])
retVal = userController.lockUser(username, locked).toJSON()
return jsonify(retVal)
return jsonify({"error": "permission denied"}), 401
@finanzer.route("/finanzerSetConfig", methods=['POST'])
def _finanzerSetConfig():
token = request.headers.get("Token")
accToken = accesTokenController.validateAccessToken(token, MONEY)
if accToken:
data = request.get_json()
username = data['userId']
autoLock = bool(data['autoLock'])
limit = int(data['limit'])
retVal = userController.updateConfig(username, {'lockLimit': limit, 'autoLock': autoLock}).toJSON()
return jsonify(retVal)
return jsonify({"error": "permission denied"}), 401

View File

@ -20,14 +20,15 @@ class User():
password: salted hashed password for the User.
"""
def __init__(self, data):
if 'id' in data:
self.id = int(data['id'])
self.uid = data['uid']
self.dn = data['dn']
self.firstname = data['firstname']
self.lastname = data['lastname']
self.group = data['gruppe']
if 'limit' in data:
self.limit = data['limit']
if 'lockLimit' in data:
self.limit = int(data['lockLimit'])
else:
self.limit = 4200
if 'locked' in data:
@ -54,8 +55,8 @@ class User():
self.lastname = data['lastname']
if 'gruppe' in data:
self.group = data['gruppe']
if 'limit' in data:
self.limit = data['limit']
if 'lockLimit' in data:
self.limit = int(data['lockLimit'])
if 'locked' in data:
self.locked = bool(data['locked'])
if 'autoLock' in data: