From 987487d3c4471cfbcef417cd046f8cde9cee8646 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim=20Gr=C3=B6ger?= Date: Tue, 17 Mar 2020 20:37:01 +0100 Subject: [PATCH] add routes to valid barlock --- geruecht/baruser/routes.py | 20 +++++++++++++++----- geruecht/controller/ldapController.py | 3 +-- geruecht/controller/userController.py | 4 ++++ geruecht/decorator.py | 10 ++++++++-- geruecht/model/accessToken.py | 1 + geruecht/routes.py | 25 +++++++++++++++++++------ 6 files changed, 48 insertions(+), 15 deletions(-) diff --git a/geruecht/baruser/routes.py b/geruecht/baruser/routes.py index f80dcc1..3002613 100644 --- a/geruecht/baruser/routes.py +++ b/geruecht/baruser/routes.py @@ -16,7 +16,7 @@ userController = uc.UserController() @baruser.route("/bar") -@login_required(groups=[BAR]) +@login_required(groups=[BAR], bar=True) def _bar(**kwargs): """ Main function for Baruser @@ -55,7 +55,7 @@ def _bar(**kwargs): @baruser.route("/baradd", methods=['POST']) -@login_required(groups=[BAR]) +@login_required(groups=[BAR], bar=True) def _baradd(**kwargs): """ Function for Baruser to add amount @@ -96,7 +96,7 @@ def _baradd(**kwargs): @baruser.route("/barGetUsers") -@login_required(groups=[BAR, MONEY]) +@login_required(groups=[BAR, MONEY], bar=True) def _getUsers(**kwargs): """ Get Users without amount @@ -118,7 +118,7 @@ def _getUsers(**kwargs): @baruser.route("/bar/storno", methods=['POST']) -@login_required(groups=[BAR]) +@login_required(groups=[BAR], bar=True) def _storno(**kwargs): """ Function for Baruser to storno amount @@ -159,7 +159,7 @@ def _storno(**kwargs): @baruser.route("/barGetUser", methods=['POST']) -@login_required(groups=[BAR]) +@login_required(groups=[BAR], bar=True) def _getUser(**kwargs): debug.info("/barGetUser") try: @@ -197,3 +197,13 @@ def _search(**kwargs): except Exception as err: debug.debug("exception", exc_info=True) return jsonify({"error": str(err)}), 500 + +@baruser.route("/bar/lock", methods=['POST']) +@login_required(groups=[BAR], bar=True) +def _lockbar(**kwargs): + debug.info('/bar/lock') + data = request.get_json() + accToken = kwargs['accToken'] + accToken.lock_bar = [data['value']] + debug.debug('return {{ "value": {} }}'.format(accToken.lock_bar)) + return jsonify({'value': accToken.lock_bar}) diff --git a/geruecht/controller/ldapController.py b/geruecht/controller/ldapController.py index e40eb23..0692f1c 100644 --- a/geruecht/controller/ldapController.py +++ b/geruecht/controller/ldapController.py @@ -68,11 +68,10 @@ class LDAPController(metaclass=Singleton): try: retVal = [] self.ldap.connection.search('ou=user,{}'.format(self.dn), '(uid={})'.format(username), SUBTREE, attributes=['gidNumber']) - response = self.ldap.connection.response main_group_number = self.ldap.connection.response[0]['attributes']['gidNumber'] debug.debug("main group number is {{ {} }}".format(main_group_number)) if main_group_number: - group_data = self.ldap.connection.search('ou=group,{}'.format(self.dn), '(gidNumber={})'.format(main_group_number), attributes=['cn']) + self.ldap.connection.search('ou=group,{}'.format(self.dn), '(gidNumber={})'.format(main_group_number), attributes=['cn']) group_name = self.ldap.connection.response[0]['attributes']['cn'][0] debug.debug("group name is {{ {} }}".format(group_name)) if group_name == 'ldap-user': diff --git a/geruecht/controller/userController.py b/geruecht/controller/userController.py index 63ce79b..0b86736 100644 --- a/geruecht/controller/userController.py +++ b/geruecht/controller/userController.py @@ -505,6 +505,10 @@ class UserController(metaclass=Singleton): except Exception as err: raise Exception(err) + def validateUser(self, username, password): + debug.info("validate user {{ {} }}".format(username)) + ldap.login(username, password) + def loginUser(self, username, password): debug.info("login user {{ {} }}".format(username)) try: diff --git a/geruecht/decorator.py b/geruecht/decorator.py index c01bd77..fe9fb58 100644 --- a/geruecht/decorator.py +++ b/geruecht/decorator.py @@ -5,12 +5,15 @@ DEBUG = getDebugLogger() def login_required(**kwargs): import geruecht.controller.accesTokenController as ac - from geruecht.model import BAR, USER, MONEY, GASTRO + from geruecht.model import BAR, USER, MONEY, GASTRO, VORSTAND, EXTERN from flask import request, jsonify accessController = ac.AccesTokenController() - groups = [USER, BAR, GASTRO, MONEY] + groups = [USER, BAR, GASTRO, MONEY, VORSTAND, EXTERN] + bar = False if "groups" in kwargs: groups = kwargs["groups"] + if "bar" in kwargs: + bar = kwargs["bar"] DEBUG.debug("groups are {{ {} }}".format(groups)) def real_decorator(func): @@ -23,6 +26,9 @@ def login_required(**kwargs): kwargs['accToken'] = accToken if accToken: DEBUG.debug("token {{ {} }} is valid".format(token)) + if accToken.lock_bar and not bar: + return jsonify({"error": "error", + "message": "permission forbidden"}), 403 return func(*args, **kwargs) else: DEBUG.warning("token {{ {} }} is not valid".format(token)) diff --git a/geruecht/model/accessToken.py b/geruecht/model/accessToken.py index 542c190..0e7746c 100644 --- a/geruecht/model/accessToken.py +++ b/geruecht/model/accessToken.py @@ -33,6 +33,7 @@ class AccessToken(): self.lifetime = lifetime self.token = token self.ldap_conn = ldap_conn + self.lock_bar = False debug.debug("accesstoken is {{ {} }}".format(self)) def updateTimestamp(self): diff --git a/geruecht/routes.py b/geruecht/routes.py index ce92b09..b3b6d88 100644 --- a/geruecht/routes.py +++ b/geruecht/routes.py @@ -12,6 +12,19 @@ userController = uc.UserController() debug = getDebugLogger() +@app.route("/valid", methods=['POST']) +@login_required(bar=True) +def _valid(**kwargs): + debug.info('/valid') + try: + accToken = kwargs['accToken'] + data = request.get_json() + userController.validateUser(accToken.user.username, data['password']) + debug.debug('return {{ "ok": "ok" }}') + return jsonify({"ok": "ok"}) + except Exception as err: + debug.warning("exception in valide.", exc_info=True) + return jsonify({"error": str(err)}), 500 @app.route("/pricelist", methods=['GET']) def _getPricelist(): @@ -38,7 +51,7 @@ def getTypes(): @app.route('/getAllStatus', methods=['GET']) -@login_required(groups=[USER, MONEY, GASTRO, BAR, VORSTAND]) +@login_required(groups=[USER, MONEY, GASTRO, BAR, VORSTAND], bar=True) def _getAllStatus(**kwargs): try: debug.info("get all status for users") @@ -51,7 +64,7 @@ def _getAllStatus(**kwargs): @app.route('/getStatus', methods=['POST']) -@login_required(groups=[USER, MONEY, GASTRO, BAR, VORSTAND]) +@login_required(groups=[USER, MONEY, GASTRO, BAR, VORSTAND], bar=True) def _getStatus(**kwargs): try: debug.info("get status from user") @@ -68,7 +81,7 @@ def _getStatus(**kwargs): @app.route('/getUsers', methods=['GET']) -@login_required(groups=[MONEY, GASTRO, VORSTAND]) +@login_required(groups=[MONEY, GASTRO, VORSTAND], bar=True) def _getUsers(**kwargs): try: debug.info("get all users from database") @@ -84,7 +97,7 @@ def _getUsers(**kwargs): @app.route("/getLifeTime", methods=['GET']) -@login_required(groups=[MONEY, GASTRO, VORSTAND, EXTERN, USER]) +@login_required(groups=[MONEY, GASTRO, VORSTAND, EXTERN, USER], bar=True) def _getLifeTime(**kwargs): try: debug.info("get lifetime of accesstoken") @@ -101,7 +114,7 @@ def _getLifeTime(**kwargs): @app.route("/saveLifeTime", methods=['POST']) -@login_required(groups=[MONEY, GASTRO, VORSTAND, EXTERN, USER]) +@login_required(groups=[MONEY, GASTRO, VORSTAND, EXTERN, USER], bar=True) def _saveLifeTime(**kwargs): try: debug.info("save lifetime for accessToken") @@ -127,7 +140,7 @@ def _saveLifeTime(**kwargs): @app.route("/logout", methods=['GET']) -@login_required(groups=[MONEY, GASTRO, VORSTAND, EXTERN, USER]) +@login_required(groups=[MONEY, GASTRO, VORSTAND, EXTERN, USER], bar=True) def _logout(**kwargs): try: debug.info("logout user")