Flaschengeist/flaschengeist
Flaschengeist
/
flaschengeist
7
0
Fork 0
Code Issues 20 Pull Requests Packages Projects Releases 2 Wiki Activity

added decoratos for connected in database and login_requird in routes

This commit is contained in:
Tim Gröger 2020-01-19 09:07:45 +01:00
parent 29f20b2327
commit f782be934d
7 changed files with 266 additions and 324 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
geruecht/__init__.py
View File

@ -15,7 +15,7 @@ from flask_cors import CORS
LOGGER.info("Build APP")
app = Flask(__name__)
CORS(app)
# app.config['SECRET_KEY'] = '0a657b97ef546da90b2db91862ad4e29'
app.config['SECRET_KEY'] = '0a657b97ef546da90b2db91862ad4e29'
from geruecht import routes
from geruecht.baruser.routes import baruser

167
geruecht/baruser/routes.py
View File

@ -1,19 +1,20 @@
from flask import Blueprint, request, jsonify
import geruecht.controller as gc
import geruecht.controller.ldapController as lc
import geruecht.controller.accesTokenController as ac
import geruecht.controller.userController as uc
from datetime import datetime
from geruecht.model import BAR, MONEY
from geruecht.decorator import login_required
baruser = Blueprint("baruser", __name__)
ldap= lc.LDAPController(gc.ldapConfig['URL'], gc.ldapConfig['dn'])
accesTokenController = ac.AccesTokenController()
userController = uc.UserController()
@baruser.route("/bar")
def _bar():
@login_required(groups=[BAR])
def _bar(**kwargs):
""" Main function for Baruser
Returns JSON-file with all Users, who hast amounts in this month.
@ -22,38 +23,33 @@ def _bar():
JSON-File with Users, who has amounts in this month
or ERROR 401 Permission Denied
"""
print(request.headers)
token = request.headers.get("Token")
print(token)
accToken = accesTokenController.validateAccessToken(token, [BAR])
dic = {}
if accToken:
users = userController.getAllUsersfromDB()
for user in users:
geruecht = None
geruecht = user.getGeruecht(datetime.now().year)
if geruecht is not None:
month = geruecht.getMonth(datetime.now().month)
amount = month[0] - month[1]
all = geruecht.getSchulden()
if all != 0:
if all >= 0:
type = 'credit'
else:
type = 'amount'
dic[user.uid] = {"username": user.uid,
"firstname": user.firstname,
"lastname": user.lastname,
"amount": abs(all),
"locked": user.locked,
"type": type
}
return jsonify(dic)
return jsonify({"error": "permission denied"}), 401
users = userController.getAllUsersfromDB()
for user in users:
geruecht = None
geruecht = user.getGeruecht(datetime.now().year)
if geruecht is not None:
month = geruecht.getMonth(datetime.now().month)
amount = month[0] - month[1]
all = geruecht.getSchulden()
if all != 0:
if all >= 0:
type = 'credit'
else:
type = 'amount'
dic[user.uid] = {"username": user.uid,
"firstname": user.firstname,
"lastname": user.lastname,
"amount": abs(all),
"locked": user.locked,
"type": type
}
return jsonify(dic)
@baruser.route("/baradd", methods=['POST'])
def _baradd():
@login_required(groups=[BAR])
def _baradd(**kwargs):
""" Function for Baruser to add amount
This function added to the user with the posted userID the posted amount.
@ -62,35 +58,31 @@ def _baradd():
JSON-File with userID and the amount
or ERROR 401 Permission Denied
"""
token = request.headers.get("Token")
print(token)
accToken = accesTokenController.validateAccessToken(token, [BAR])
data = request.get_json()
userID = data['userId']
amount = int(data['amount'])
if accToken:
data = request.get_json()
userID = data['userId']
amount = int(data['amount'])
date = datetime.now()
userController.addAmount(userID, amount, year=date.year, month=date.month)
user = userController.getUser(userID)
geruecht = user.getGeruecht(year=date.year)
month = geruecht.getMonth(month=date.month)
amount = abs(month[0] - month[1])
all = geruecht.getSchulden()
if all >= 0:
type = 'credit'
else:
type = 'amount'
dic = user.toJSON()
dic['amount'] = abs(all)
dic['type'] = type
date = datetime.now()
userController.addAmount(userID, amount, year=date.year, month=date.month)
user = userController.getUser(userID)
geruecht = user.getGeruecht(year=date.year)
month = geruecht.getMonth(month=date.month)
amount = abs(month[0] - month[1])
all = geruecht.getSchulden()
if all >= 0:
type = 'credit'
else:
type = 'amount'
dic = user.toJSON()
dic['amount'] = abs(all)
dic['type'] = type
return jsonify(dic)
return jsonify(dic)
return jsonify({"error", "permission denied"}), 401
@baruser.route("/barGetUsers")
def _getUsers():
@login_required(groups=[BAR, MONEY])
def _getUsers(**kwargs):
""" Get Users without amount
This Function returns all Users, who hasn't an amount in this month.
@ -99,48 +91,33 @@ def _getUsers():
JSON-File with Users
or ERROR 401 Permission Denied
"""
token = request.headers.get("Token")
print(token)
accToken = accesTokenController.validateAccessToken(token, [BAR])
retVal = {}
if accToken:
retVal = ldap.getAllUser()
return jsonify(retVal)
return jsonify({"error": "permission denied"}), 401
retVal = ldap.getAllUser()
return jsonify(retVal)
@baruser.route("/barGetUser", methods=['POST'])
def _getUser():
token = request.headers.get("Token")
accToken = accesTokenController.validateAccessToken(token, [BAR])
if accToken:
data = request.get_json()
username = data['userId']
user = userController.getUser(username)
amount = user.getGeruecht(datetime.now().year).getSchulden()
if amount >= 0:
type = 'credit'
else:
type = 'amount'
@login_required(groups=[BAR])
def _getUser(**kwargs):
data = request.get_json()
username = data['userId']
user = userController.getUser(username)
amount = user.getGeruecht(datetime.now().year).getSchulden()
if amount >= 0:
type = 'credit'
else:
type = 'amount'
retVal = user.toJSON()
retVal['amount'] = amount
retVal['type'] = type
return jsonify(retVal)
retVal = user.toJSON()
retVal['amount'] = amount
retVal['type'] = type
return jsonify(retVal)
return jsonify("error", "permission denied"), 401
@baruser.route("/search", methods=['POST'])
def _search():
token = request.headers.get("Token")
print(token)
accToken = accesTokenController.validateAccessToken(token, [BAR, MONEY])
if accToken:
data = request.get_json()
searchString = data['searchString']
retVal = ldap.searchUser(searchString)
return jsonify(retVal)
return jsonify({"error": "permission denied"}), 401
@login_required(groups=[BAR, MONEY])
def _search(**kwargs):
data = request.get_json()
searchString = data['searchString']
retVal = ldap.searchUser(searchString)
return jsonify(retVal)

107
geruecht/controller/databaseController.py
View File

@ -4,6 +4,14 @@ from geruecht.model.user import User
from geruecht.model.creditList import CreditList
from datetime import datetime, timedelta
def connected(func):
def wrapper(*args, **kwargs):
self = args[0]
if not self.db.open:
self.connect()
return func(*args,**kwargs)
return wrapper
class DatabaseController(metaclass=Singleton):
'''
DatabaesController
@ -24,16 +32,12 @@ class DatabaseController(metaclass=Singleton):
self.db = pymysql.connect(self.url, self.user, self.password, self.database, cursorclass=pymysql.cursors.DictCursor)
except Exception as err:
raise err
@connected
def getAllUser(self):
self.connect()
cursor = self.db.cursor()
try:
cursor.execute("select * from user")
data = cursor.fetchall()
self.db.close()
except Exception as err:
raise err
cursor.execute("select * from user")
data = cursor.fetchall()
self.db.close()
if data:
retVal = []
@ -43,34 +47,26 @@ class DatabaseController(metaclass=Singleton):
user.initGeruechte(creditLists)
retVal.append(user)
return retVal
@connected
def getUser(self, username):
self.connect()
retVal = None
cursor = self.db.cursor()
try:
cursor.execute("select * from user where uid='{}'".format(username))
data = cursor.fetchone()
self.db.close()
except Exception as err:
raise err
cursor.execute("select * from user where uid='{}'".format(username))
data = cursor.fetchone()
self.db.close()
if data:
retVal = User(data)
creditLists = self.getCreditListFromUser(retVal)
retVal.initGeruechte(creditLists)
return retVal
@connected
def getUserById(self, id):
self.connect()
retVal = None
try:
cursor = self.db.cursor()
cursor.execute("select * from user where id={}".format(id))
data = cursor.fetchone()
self.db.close()
except Exception as err:
raise err
cursor = self.db.cursor()
cursor.execute("select * from user where id={}".format(id))
data = cursor.fetchone()
self.db.close()
if data:
retVal = User(data)
creditLists = self.getCreditListFromUser(retVal)
@ -85,8 +81,8 @@ class DatabaseController(metaclass=Singleton):
retVal += group
return retVal
@connected
def insertUser(self, user):
self.connect()
cursor = self.db.cursor()
groups = self._convertGroupToString(user.group)
try:
@ -99,8 +95,8 @@ class DatabaseController(metaclass=Singleton):
raise err
self.db.close()
@connected
def updateUser(self, user):
self.connect()
cursor = self.db.cursor()
groups = self._convertGroupToString(user.group)
try:
@ -117,38 +113,35 @@ class DatabaseController(metaclass=Singleton):
self.db.close()
@connected
def getCreditListFromUser(self, user, **kwargs):
self.connect()
cursor = self.db.cursor()
try:
if 'year' in kwargs:
sql = "select * from creditList where user_id={} and year_date={}".format(user.id, kwargs['year'])
else:
sql = "select * from creditList where user_id={}".format(user.id)
cursor.execute(sql)
data = cursor.fetchall()
self.db.close()
except Exception as err:
self.db.close()
raise err
if 'year' in kwargs:
sql = "select * from creditList where user_id={} and year_date={}".format(user.id, kwargs['year'])
else:
sql = "select * from creditList where user_id={}".format(user.id)
cursor.execute(sql)
data = cursor.fetchall()
self.db.close()
if len(data) == 1:
return [CreditList(data[0])]
else:
return [CreditList(value) for value in data]
@connected
def createCreditList(self, user_id, year=datetime.now().year):
self.connect()
cursor = self.db.cursor()
try:
cursor.execute("insert into creditList (year_date, user_id) values ({},{})".format(year, user_id))
self.db.commit()
self.db.close()
except Exception as err:
self.db.rollback()
self.db.close()
raise err
@connected
def updateCreditList(self, creditlist):
self.connect()
cursor = self.db.cursor()
try:
cursor.execute("select * from creditList where user_id={} and year_date={}".format(creditlist.user_id, creditlist.year))
@ -179,32 +172,24 @@ class DatabaseController(metaclass=Singleton):
self.db.rollback()
self.db.close()
raise err
@connected
def getWorker(self, user, date):
self.connect()
try:
cursor = self.db.cursor()
cursor.execute("select * from bardienste where user_id={} and startdatetime='{}'".format(user.id, date))
data = cursor.fetchone()
self.db.close()
except Exception as err:
raise err
cursor = self.db.cursor()
cursor.execute("select * from bardienste where user_id={} and startdatetime='{}'".format(user.id, date))
data = cursor.fetchone()
self.db.close()
return {"user": user, "startdatetime": data['startdatetime'], "enddatetime": data['enddatetime']} if data else None
@connected
def getWorkers(self, date):
self.connect()
try:
cursor = self.db.cursor()
cursor.execute("select * from bardienste where startdatetime='{}'".format(date))
data = cursor.fetchall()
self.db.close()
except Exception as err:
raise err
cursor = self.db.cursor()
cursor.execute("select * from bardienste where startdatetime='{}'".format(date))
data = cursor.fetchall()
self.db.close()
return [{"user": self.getUserById(work['user_id']).toJSON(), "startdatetime": work['startdatetime'], "enddatetime": work['enddatetime']} for work in data]
@connected
def setWorker(self, user, date):
self.connect()
try:
cursor = self.db.cursor()
cursor.execute("insert into bardienste (user_id, startdatetime, enddatetime) values ({},'{}','{}')".format(user.id, date, date + timedelta(days=1)))
@ -215,8 +200,8 @@ class DatabaseController(metaclass=Singleton):
self.db.close()
raise err
@connected
def deleteWorker(self, user, date):
self.connect()
try:
cursor = self.db.cursor()
cursor.execute("delete from bardienste where user_id={} and startdatetime='{}'".format(user.id, date))

21
geruecht/decorator.py Normal file
View File

@ -0,0 +1,21 @@
from functools import wraps
def login_required(**kwargs):
import geruecht.controller.accesTokenController as ac
from geruecht.model import BAR, USER, MONEY, GASTRO
from flask import request, jsonify
accessController = ac.AccesTokenController()
groups = [USER, BAR, GASTRO, MONEY]
if "groups" in kwargs:
groups = kwargs["groups"]
def real_decorator(func):
@wraps(func)
def wrapper(*args, **kwargs):
token = request.headers.get('Token')
accToken = accessController.validateAccessToken(token, groups)
kwargs['accToken'] = accToken
if accToken:
return func(*args, **kwargs)
else:
return jsonify({"error": "error", "message": "permission denied"}), 401
return wrapper
return real_decorator

243
geruecht/finanzer/routes.py
View File

@ -2,16 +2,17 @@ from flask import Blueprint, request, jsonify
from geruecht.finanzer import LOGGER
from datetime import datetime
import geruecht.controller.userController as uc
import geruecht.controller.accesTokenController as ac
from geruecht.model import MONEY
from geruecht.decorator import login_required
finanzer = Blueprint("finanzer", __name__)
accesTokenController = ac.AccesTokenController()
userController = uc.UserController()
@finanzer.route("/getFinanzerMain")
def _getFinanzer():
@login_required(groups=[MONEY])
def _getFinanzer(**kwargs):
""" Function for /getFinanzerMain
Retrieves all User for the groupe 'moneymaster'
@ -20,26 +21,20 @@ def _getFinanzer():
A JSON-File with Users
or ERROR 401 Permission Denied.
"""
LOGGER.info("Get main for Finanzer")
token = request.headers.get("Token")
LOGGER.debug("Verify AccessToken with Token {}".format(token))
accToken = accesTokenController.validateAccessToken(token, [MONEY])
if accToken:
LOGGER.debug("Get all Useres")
users = userController.getAllUsersfromDB()
dic = {}
for user in users:
LOGGER.debug("Add User {} to ReturnValue".format(user))
dic[user.uid] = user.toJSON()
dic[user.uid]['creditList'] = {credit.year: credit.toJSON() for credit in user.geruechte}
LOGGER.debug("ReturnValue is {}".format(dic))
LOGGER.info("Send main for Finanzer")
return jsonify(dic)
LOGGER.info("Permission Denied")
return jsonify({"error": "permission denied"}), 401
LOGGER.debug("Get all Useres")
users = userController.getAllUsersfromDB()
dic = {}
for user in users:
LOGGER.debug("Add User {} to ReturnValue".format(user))
dic[user.uid] = user.toJSON()
dic[user.uid]['creditList'] = {credit.year: credit.toJSON() for credit in user.geruechte}
LOGGER.debug("ReturnValue is {}".format(dic))
LOGGER.info("Send main for Finanzer")
return jsonify(dic)
@finanzer.route("/finanzerAddAmount", methods=['POST'])
def _addAmount():
@login_required(groups=[MONEY])
def _addAmount(**kwargs):
""" Add Amount to User
This Function add an amount to the user with posted userID.
@ -50,39 +45,32 @@ def _addAmount():
JSON-File with geruecht of year
or ERROR 401 Permission Denied
"""
LOGGER.info("Add Amount")
token = request.headers.get("Token")
LOGGER.debug("Verify AccessToken with Token {}".format(token))
accToken = accesTokenController.validateAccessToken(token, [MONEY])
if accToken:
data = request.get_json()
LOGGER.debug("Get data {}".format(data))
userID = data['userId']
amount = int(data['amount'])
LOGGER.debug("UserID is {} and amount is {}".format(userID, amount))
try:
year = int(data['year'])
except KeyError as er:
LOGGER.error("KeyError in year. Year is set to default.")
year = datetime.now().year
try:
month = int(data['month'])
except KeyError as er:
LOGGER.error("KeyError in month. Month is set to default.")
month = datetime.now().month
LOGGER.debug("Year is {} and Month is {}".format(year, month))
userController.addAmount(userID, amount, year=year, month=month, finanzer=True)
user = userController.getUser(userID)
retVal = {str(geruecht.year): geruecht.toJSON() for geruecht in user.geruechte}
retVal['locked'] = user.locked
LOGGER.info("Send updated Geruecht")
return jsonify(retVal)
LOGGER.info("Permission Denied")
return jsonify({"error": "permission denied"}), 401
data = request.get_json()
LOGGER.debug("Get data {}".format(data))
userID = data['userId']
amount = int(data['amount'])
LOGGER.debug("UserID is {} and amount is {}".format(userID, amount))
try:
year = int(data['year'])
except KeyError as er:
LOGGER.error("KeyError in year. Year is set to default.")
year = datetime.now().year
try:
month = int(data['month'])
except KeyError as er:
LOGGER.error("KeyError in month. Month is set to default.")
month = datetime.now().month
LOGGER.debug("Year is {} and Month is {}".format(year, month))
userController.addAmount(userID, amount, year=year, month=month, finanzer=True)
user = userController.getUser(userID)
retVal = {str(geruecht.year): geruecht.toJSON() for geruecht in user.geruechte}
retVal['locked'] = user.locked
LOGGER.info("Send updated Geruecht")
return jsonify(retVal)
@finanzer.route("/finanzerAddCredit", methods=['POST'])
def _addCredit():
@login_required(groups=[MONEY])
def _addCredit(**kwargs):
""" Add Credit to User
This Function add an credit to the user with posted userID.
@ -93,106 +81,79 @@ def _addCredit():
JSON-File with geruecht of year
or ERROR 401 Permission Denied
"""
LOGGER.info("Add Amount")
token = request.headers.get("Token")
LOGGER.debug("Verify AccessToken with Token {}".format(token))
accToken = accesTokenController.validateAccessToken(token, [MONEY])
data = request.get_json()
print(data)
LOGGER.debug("Get data {}".format(data))
userID = data['userId']
credit = int(data['credit'])
LOGGER.debug("UserID is {} and credit is {}".format(userID, credit))
if accToken:
try:
year = int(data['year'])
except KeyError as er:
LOGGER.error("KeyError in year. Year is set to default.")
year = datetime.now().year
try:
month = int(data['month'])
except KeyError as er:
LOGGER.error("KeyError in month. Month is set to default.")
month = datetime.now().month
data = request.get_json()
print(data)
LOGGER.debug("Get data {}".format(data))
userID = data['userId']
credit = int(data['credit'])
LOGGER.debug("UserID is {} and credit is {}".format(userID, credit))
LOGGER.debug("Year is {} and Month is {}".format(year, month))
userController.addCredit(userID, credit, year=year, month=month).toJSON()
user = userController.getUser(userID)
retVal = {str(geruecht.year): geruecht.toJSON() for geruecht in user.geruechte}
retVal['locked'] = user.locked
LOGGER.info("Send updated Geruecht")
return jsonify(retVal)
try:
year = int(data['year'])
except KeyError as er:
LOGGER.error("KeyError in year. Year is set to default.")
year = datetime.now().year
try:
month = int(data['month'])
except KeyError as er:
LOGGER.error("KeyError in month. Month is set to default.")
month = datetime.now().month
LOGGER.debug("Year is {} and Month is {}".format(year, month))
userController.addCredit(userID, credit, year=year, month=month).toJSON()
user = userController.getUser(userID)
retVal = {str(geruecht.year): geruecht.toJSON() for geruecht in user.geruechte}
retVal['locked'] = user.locked
LOGGER.info("Send updated Geruecht")
return jsonify(retVal)
LOGGER.info("Permission Denied")
return jsonify({"error": "permission denied"}), 401
@finanzer.route("/finanzerLock", methods=['POST'])
def _finanzerLock():
token = request.headers.get("Token")
accToken = accesTokenController.validateAccessToken(token, [MONEY])
@login_required(groups=[MONEY])
def _finanzerLock(**kwargs):
data = request.get_json()
username = data['userId']
locked = bool(data['locked'])
retVal = userController.lockUser(username, locked).toJSON()
return jsonify(retVal)
if accToken:
data = request.get_json()
username = data['userId']
locked = bool(data['locked'])
retVal = userController.lockUser(username, locked).toJSON()
return jsonify(retVal)
return jsonify({"error": "permission denied"}), 401
@finanzer.route("/finanzerSetConfig", methods=['POST'])
def _finanzerSetConfig():
token = request.headers.get("Token")
accToken = accesTokenController.validateAccessToken(token, [MONEY])
if accToken:
data = request.get_json()
username = data['userId']
autoLock = bool(data['autoLock'])
limit = int(data['limit'])
retVal = userController.updateConfig(username, {'lockLimit': limit, 'autoLock': autoLock}).toJSON()
return jsonify(retVal)
return jsonify({"error": "permission denied"}), 401
@login_required(groups=[MONEY])
def _finanzerSetConfig(**kwargs):
data = request.get_json()
username = data['userId']
autoLock = bool(data['autoLock'])
limit = int(data['limit'])
retVal = userController.updateConfig(username, {'lockLimit': limit, 'autoLock': autoLock}).toJSON()
return jsonify(retVal)
@finanzer.route("/finanzerAddUser", methods=['POST'])
def _finanzerAddUser():
token = request.headers.get("Token")
accToken = accesTokenController.validateAccessToken(token, [MONEY])
if accToken:
data = request.get_json()
username = data['userId']
userController.getUser(username)
LOGGER.debug("Get all Useres")
users = userController.getAllUsersfromDB()
dic = {}
for user in users:
LOGGER.debug("Add User {} to ReturnValue".format(user))
dic[user.uid] = user.toJSON()
dic[user.uid]['creditList'] = {credit.year: credit.toJSON() for credit in user.geruechte}
LOGGER.debug("ReturnValue is {}".format(dic))
return jsonify(dic), 200
return jsonify({"error": "permission denied"}), 401
@login_required(groups=[MONEY])
def _finanzerAddUser(**kwargs):
data = request.get_json()
username = data['userId']
userController.getUser(username)
LOGGER.debug("Get all Useres")
users = userController.getAllUsersfromDB()
dic = {}
for user in users:
LOGGER.debug("Add User {} to ReturnValue".format(user))
dic[user.uid] = user.toJSON()
dic[user.uid]['creditList'] = {credit.year: credit.toJSON() for credit in user.geruechte}
LOGGER.debug("ReturnValue is {}".format(dic))
return jsonify(dic), 200
@finanzer.route("/finanzerSendOneMail", methods=['POST'])
def _finanzerSendOneMail():
token = request.headers.get("Token")
accToken = accesTokenController.validateAccessToken(token, [MONEY])
if accToken:
data = request.get_json()
username = data['userId']
retVal = userController.sendMail(username)
return jsonify(retVal)
return jsonify({"error:", "permission denied"}), 401
@login_required(groups=[MONEY])
def _finanzerSendOneMail(**kwargs):
data = request.get_json()
username = data['userId']
retVal = userController.sendMail(username)
return jsonify(retVal)
@finanzer.route("/finanzerSendAllMail", methods=['GET'])
def _finanzerSendAllMail():
token = request.headers.get("Token")
accToken = accesTokenController.validateAccessToken(token, [MONEY])
if accToken:
retVal = userController.sendAllMail()
return jsonify(retVal)
return jsonify({"error": "permission denied"}), 401
@login_required(groups=[MONEY])
def _finanzerSendAllMail(**kwargs):
retVal = userController.sendAllMail()
return jsonify(retVal)

27
geruecht/user/routes.py
View File

@ -1,33 +1,30 @@
from flask import Blueprint, request, jsonify
import geruecht.controller as gc
from geruecht.decorator import login_required
import geruecht.controller.userController as uc
import geruecht.controller.accesTokenController as ac
from geruecht.model import USER
from datetime import datetime
user = Blueprint("user", __name__)
accesTokenController = ac.AccesTokenController()
userController = uc.UserController()
@user.route("/user/main")
def _main():
token = request.headers.get("Token")
accToken = accesTokenController.validateAccessToken(token, [USER])
if accToken:
@user.route("/user/main")
@login_required(groups=[USER])
def _main(**kwargs):
if 'accToken' in kwargs:
accToken = kwargs['accToken']
accToken.user = userController.getUser(accToken.user.uid)
retVal = accToken.user.toJSON()
retVal['creditList'] = {credit.year: credit.toJSON() for credit in accToken.user.geruechte}
return jsonify(retVal)
return jsonify({"error": "permission denied"}), 401
return jsonify("error", "something went wrong"), 500
@user.route("/user/addAmount", methods=['POST'])
def _addAmount():
token = request.headers.get("Token")
accToken = accesTokenController.validateAccessToken(token, [USER])
if accToken:
@login_required(groups=[USER])
def _addAmount(**kwargs):
if 'accToken' in kwargs:
accToken = kwargs['accToken']
data = request.get_json()
amount = int(data['amount'])
date = datetime.now()
@ -36,4 +33,4 @@ def _addAmount():
retVal = accToken.user.toJSON()
retVal['creditList'] = {credit.year: credit.toJSON() for credit in accToken.user.geruechte}
return jsonify(retVal)
return jsonify({"error": "permission denied"}), 401
return jsonify({"error": "something went wrong"}), 500

23
geruecht/vorstand/routes.py
View File

@ -1,24 +1,25 @@
from flask import Blueprint, request, jsonify
from datetime import datetime
from geruecht.controller import accesTokenController, userController
import geruecht.controller.userController as uc
from geruecht.decorator import login_required
from geruecht.model import MONEY, GASTRO
vorstand = Blueprint("vorstand", __name__)
userController = uc.UserController()
@vorstand.route("/sm/addUser", methods=['POST', 'GET'])
@login_required(groups=[MONEY, GASTRO])
def _addUser():
if request.method == 'GET':
return "<h1>HEllo World</h1>"
token = request.headers.get("Token")
accToken = accesTokenController.validateAccessToken(token, [MONEY, GASTRO])
if accToken:
data = request.get_json()
user = data['user']
date = datetime.utcfromtimestamp(int(data['date']))
userController.addWorker(user['username'], date)
data = request.get_json()
user = data['user']
date = datetime.utcfromtimestamp(int(data['date']))
userController.addWorker(user['username'], date)
print(data)
return jsonify({"date": date})
return jsonify({"error": "permission denied"}), 401
print(data)
return jsonify({"date": date})