From e8c9c6e66ca73b96b227a78224e33c3e1abcaee1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim=20Gr=C3=B6ger?= Date: Sun, 28 Mar 2021 16:41:20 +0200 Subject: [PATCH] [pricelist][drinks] return only public drinkprices if not logged in --- flaschengeist/plugins/pricelist/__init__.py | 20 +++++++---- .../plugins/pricelist/pricelist_controller.py | 35 +++++++++++++++---- 2 files changed, 42 insertions(+), 13 deletions(-) diff --git a/flaschengeist/plugins/pricelist/__init__.py b/flaschengeist/plugins/pricelist/__init__.py index c20e564..58c1ba8 100644 --- a/flaschengeist/plugins/pricelist/__init__.py +++ b/flaschengeist/plugins/pricelist/__init__.py @@ -4,8 +4,8 @@ from flask import Blueprint, jsonify, request from http.client import NO_CONTENT from flaschengeist.plugins import Plugin -from flaschengeist.utils.decorators import login_required -from werkzeug.exceptions import BadRequest, Forbidden +from flaschengeist.utils.decorators import login_required,extract_session +from werkzeug.exceptions import BadRequest, Forbidden, Unauthorized from flaschengeist.config import config from . import models @@ -103,12 +103,18 @@ def delete_tag(identifier, current_session): @pricelist_bp.route("/drinks", methods=["GET"]) @pricelist_bp.route("/drinks/", methods=["GET"]) def get_drinks(identifier=None): - if identifier: - result = pricelist_controller.get_drink(identifier) - else: - result = pricelist_controller.get_drinks() - return jsonify(result) + public = True + try: + extract_session() + public = False + except Unauthorized: + public = True + if identifier: + result = pricelist_controller.get_drink(identifier, public=public) + else: + result = pricelist_controller.get_drinks(public=public) + return jsonify(result) @pricelist_bp.route("/drinks/search/", methods=["GET"]) def search_drinks(name): diff --git a/flaschengeist/plugins/pricelist/pricelist_controller.py b/flaschengeist/plugins/pricelist/pricelist_controller.py index 0ce42dd..925a1b2 100644 --- a/flaschengeist/plugins/pricelist/pricelist_controller.py +++ b/flaschengeist/plugins/pricelist/pricelist_controller.py @@ -105,21 +105,44 @@ def delete_drink_type(identifier): except IntegrityError: raise BadRequest("DrinkType still in use") +def _create_public_drink(drink): + _volumes = [] + for volume in drink.volumes: + _prices = [] + for price in volume.prices: + price: DrinkPrice + if price.public: + _prices.append(price) + volume.prices = _prices + if len(volume.prices) > 0: + _volumes.append(volume) + drink.volumes = _volumes + if len(drink.volumes) > 0: + return drink + return None -def get_drinks(name=None): +def get_drinks(name=None, public=False): if name: - return Drink.query.filter(Drink.name.contains(name)).all() - return Drink.query.all() + drinks = Drink.query.filter(Drink.name.contains(name)).all() + drinks = Drink.query.all() + if public: + return [_create_public_drink(drink) for drink in drinks if _create_public_drink(drink)] + return drinks -def get_drink(identifier): +def get_drink(identifier, public=False): + drink = None if isinstance(identifier, int): - return Drink.query.get(identifier) + drink = Drink.query.get(identifier) elif isinstance(identifier, str): - return Drink.query.filter(Tag.name == identifier).one_or_none() + drink = Drink.query.filter(Tag.name == identifier).one_or_none() else: logger.debug("Invalid identifier type for Drink") raise BadRequest + if drink: + if public: + return _create_public_drink(drink) + return drink raise NotFound