diff --git a/geruecht/__init__.py b/geruecht/__init__.py index 012a56e..a303078 100644 --- a/geruecht/__init__.py +++ b/geruecht/__init__.py @@ -15,7 +15,7 @@ from flask_cors import CORS LOGGER.info("Build APP") app = Flask(__name__) CORS(app) -# app.config['SECRET_KEY'] = '0a657b97ef546da90b2db91862ad4e29' +app.config['SECRET_KEY'] = '0a657b97ef546da90b2db91862ad4e29' from geruecht import routes from geruecht.baruser.routes import baruser diff --git a/geruecht/baruser/routes.py b/geruecht/baruser/routes.py index 7f6248d..92ac2bb 100644 --- a/geruecht/baruser/routes.py +++ b/geruecht/baruser/routes.py @@ -1,19 +1,20 @@ from flask import Blueprint, request, jsonify import geruecht.controller as gc import geruecht.controller.ldapController as lc -import geruecht.controller.accesTokenController as ac import geruecht.controller.userController as uc from datetime import datetime from geruecht.model import BAR, MONEY +from geruecht.decorator import login_required baruser = Blueprint("baruser", __name__) ldap= lc.LDAPController(gc.ldapConfig['URL'], gc.ldapConfig['dn']) -accesTokenController = ac.AccesTokenController() userController = uc.UserController() + @baruser.route("/bar") -def _bar(): +@login_required(groups=[BAR]) +def _bar(**kwargs): """ Main function for Baruser Returns JSON-file with all Users, who hast amounts in this month. @@ -22,38 +23,33 @@ def _bar(): JSON-File with Users, who has amounts in this month or ERROR 401 Permission Denied """ - print(request.headers) - token = request.headers.get("Token") - print(token) - accToken = accesTokenController.validateAccessToken(token, [BAR]) - dic = {} - if accToken: - users = userController.getAllUsersfromDB() - for user in users: - geruecht = None - geruecht = user.getGeruecht(datetime.now().year) - if geruecht is not None: - month = geruecht.getMonth(datetime.now().month) - amount = month[0] - month[1] - all = geruecht.getSchulden() - if all != 0: - if all >= 0: - type = 'credit' - else: - type = 'amount' - dic[user.uid] = {"username": user.uid, - "firstname": user.firstname, - "lastname": user.lastname, - "amount": abs(all), - "locked": user.locked, - "type": type - } - return jsonify(dic) - return jsonify({"error": "permission denied"}), 401 + users = userController.getAllUsersfromDB() + for user in users: + geruecht = None + geruecht = user.getGeruecht(datetime.now().year) + if geruecht is not None: + month = geruecht.getMonth(datetime.now().month) + amount = month[0] - month[1] + all = geruecht.getSchulden() + if all != 0: + if all >= 0: + type = 'credit' + else: + type = 'amount' + dic[user.uid] = {"username": user.uid, + "firstname": user.firstname, + "lastname": user.lastname, + "amount": abs(all), + "locked": user.locked, + "type": type + } + return jsonify(dic) + @baruser.route("/baradd", methods=['POST']) -def _baradd(): +@login_required(groups=[BAR]) +def _baradd(**kwargs): """ Function for Baruser to add amount This function added to the user with the posted userID the posted amount. @@ -62,35 +58,31 @@ def _baradd(): JSON-File with userID and the amount or ERROR 401 Permission Denied """ - token = request.headers.get("Token") - print(token) - accToken = accesTokenController.validateAccessToken(token, [BAR]) + data = request.get_json() + userID = data['userId'] + amount = int(data['amount']) - if accToken: - data = request.get_json() - userID = data['userId'] - amount = int(data['amount']) + date = datetime.now() + userController.addAmount(userID, amount, year=date.year, month=date.month) + user = userController.getUser(userID) + geruecht = user.getGeruecht(year=date.year) + month = geruecht.getMonth(month=date.month) + amount = abs(month[0] - month[1]) + all = geruecht.getSchulden() + if all >= 0: + type = 'credit' + else: + type = 'amount' + dic = user.toJSON() + dic['amount'] = abs(all) + dic['type'] = type - date = datetime.now() - userController.addAmount(userID, amount, year=date.year, month=date.month) - user = userController.getUser(userID) - geruecht = user.getGeruecht(year=date.year) - month = geruecht.getMonth(month=date.month) - amount = abs(month[0] - month[1]) - all = geruecht.getSchulden() - if all >= 0: - type = 'credit' - else: - type = 'amount' - dic = user.toJSON() - dic['amount'] = abs(all) - dic['type'] = type + return jsonify(dic) - return jsonify(dic) - return jsonify({"error", "permission denied"}), 401 @baruser.route("/barGetUsers") -def _getUsers(): +@login_required(groups=[BAR, MONEY]) +def _getUsers(**kwargs): """ Get Users without amount This Function returns all Users, who hasn't an amount in this month. @@ -99,48 +91,33 @@ def _getUsers(): JSON-File with Users or ERROR 401 Permission Denied """ - token = request.headers.get("Token") - print(token) - accToken = accesTokenController.validateAccessToken(token, [BAR]) - retVal = {} - if accToken: - retVal = ldap.getAllUser() - return jsonify(retVal) - return jsonify({"error": "permission denied"}), 401 + retVal = ldap.getAllUser() + return jsonify(retVal) + @baruser.route("/barGetUser", methods=['POST']) -def _getUser(): - token = request.headers.get("Token") - accToken = accesTokenController.validateAccessToken(token, [BAR]) - if accToken: - data = request.get_json() - username = data['userId'] - user = userController.getUser(username) - amount = user.getGeruecht(datetime.now().year).getSchulden() - if amount >= 0: - type = 'credit' - else: - type = 'amount' +@login_required(groups=[BAR]) +def _getUser(**kwargs): + data = request.get_json() + username = data['userId'] + user = userController.getUser(username) + amount = user.getGeruecht(datetime.now().year).getSchulden() + if amount >= 0: + type = 'credit' + else: + type = 'amount' + + retVal = user.toJSON() + retVal['amount'] = amount + retVal['type'] = type + return jsonify(retVal) - retVal = user.toJSON() - retVal['amount'] = amount - retVal['type'] = type - return jsonify(retVal) - return jsonify("error", "permission denied"), 401 @baruser.route("/search", methods=['POST']) -def _search(): - token = request.headers.get("Token") - print(token) - accToken = accesTokenController.validateAccessToken(token, [BAR, MONEY]) - - if accToken: - data = request.get_json() - - searchString = data['searchString'] - - retVal = ldap.searchUser(searchString) - - return jsonify(retVal) - return jsonify({"error": "permission denied"}), 401 +@login_required(groups=[BAR, MONEY]) +def _search(**kwargs): + data = request.get_json() + searchString = data['searchString'] + retVal = ldap.searchUser(searchString) + return jsonify(retVal) diff --git a/geruecht/controller/databaseController.py b/geruecht/controller/databaseController.py index 50153c7..a1df38e 100644 --- a/geruecht/controller/databaseController.py +++ b/geruecht/controller/databaseController.py @@ -4,6 +4,14 @@ from geruecht.model.user import User from geruecht.model.creditList import CreditList from datetime import datetime, timedelta +def connected(func): + def wrapper(*args, **kwargs): + self = args[0] + if not self.db.open: + self.connect() + return func(*args,**kwargs) + return wrapper + class DatabaseController(metaclass=Singleton): ''' DatabaesController @@ -24,16 +32,12 @@ class DatabaseController(metaclass=Singleton): self.db = pymysql.connect(self.url, self.user, self.password, self.database, cursorclass=pymysql.cursors.DictCursor) except Exception as err: raise err - + @connected def getAllUser(self): - self.connect() cursor = self.db.cursor() - try: - cursor.execute("select * from user") - data = cursor.fetchall() - self.db.close() - except Exception as err: - raise err + cursor.execute("select * from user") + data = cursor.fetchall() + self.db.close() if data: retVal = [] @@ -43,34 +47,26 @@ class DatabaseController(metaclass=Singleton): user.initGeruechte(creditLists) retVal.append(user) return retVal - + @connected def getUser(self, username): - self.connect() retVal = None cursor = self.db.cursor() - try: - cursor.execute("select * from user where uid='{}'".format(username)) - data = cursor.fetchone() - self.db.close() - except Exception as err: - raise err + cursor.execute("select * from user where uid='{}'".format(username)) + data = cursor.fetchone() + self.db.close() if data: retVal = User(data) creditLists = self.getCreditListFromUser(retVal) retVal.initGeruechte(creditLists) return retVal - + @connected def getUserById(self, id): - self.connect() retVal = None - try: - cursor = self.db.cursor() - cursor.execute("select * from user where id={}".format(id)) - data = cursor.fetchone() - self.db.close() - except Exception as err: - raise err + cursor = self.db.cursor() + cursor.execute("select * from user where id={}".format(id)) + data = cursor.fetchone() + self.db.close() if data: retVal = User(data) creditLists = self.getCreditListFromUser(retVal) @@ -85,8 +81,8 @@ class DatabaseController(metaclass=Singleton): retVal += group return retVal + @connected def insertUser(self, user): - self.connect() cursor = self.db.cursor() groups = self._convertGroupToString(user.group) try: @@ -99,8 +95,8 @@ class DatabaseController(metaclass=Singleton): raise err self.db.close() + @connected def updateUser(self, user): - self.connect() cursor = self.db.cursor() groups = self._convertGroupToString(user.group) try: @@ -117,38 +113,35 @@ class DatabaseController(metaclass=Singleton): self.db.close() + @connected def getCreditListFromUser(self, user, **kwargs): - self.connect() cursor = self.db.cursor() - try: - if 'year' in kwargs: - sql = "select * from creditList where user_id={} and year_date={}".format(user.id, kwargs['year']) - else: - sql = "select * from creditList where user_id={}".format(user.id) - cursor.execute(sql) - data = cursor.fetchall() - self.db.close() - except Exception as err: - self.db.close() - raise err + if 'year' in kwargs: + sql = "select * from creditList where user_id={} and year_date={}".format(user.id, kwargs['year']) + else: + sql = "select * from creditList where user_id={}".format(user.id) + cursor.execute(sql) + data = cursor.fetchall() + self.db.close() if len(data) == 1: return [CreditList(data[0])] else: return [CreditList(value) for value in data] + @connected def createCreditList(self, user_id, year=datetime.now().year): - self.connect() cursor = self.db.cursor() try: cursor.execute("insert into creditList (year_date, user_id) values ({},{})".format(year, user_id)) self.db.commit() self.db.close() except Exception as err: + self.db.rollback() self.db.close() raise err + @connected def updateCreditList(self, creditlist): - self.connect() cursor = self.db.cursor() try: cursor.execute("select * from creditList where user_id={} and year_date={}".format(creditlist.user_id, creditlist.year)) @@ -179,32 +172,24 @@ class DatabaseController(metaclass=Singleton): self.db.rollback() self.db.close() raise err - + @connected def getWorker(self, user, date): - self.connect() - try: - cursor = self.db.cursor() - cursor.execute("select * from bardienste where user_id={} and startdatetime='{}'".format(user.id, date)) - data = cursor.fetchone() - self.db.close() - except Exception as err: - raise err + cursor = self.db.cursor() + cursor.execute("select * from bardienste where user_id={} and startdatetime='{}'".format(user.id, date)) + data = cursor.fetchone() + self.db.close() return {"user": user, "startdatetime": data['startdatetime'], "enddatetime": data['enddatetime']} if data else None + @connected def getWorkers(self, date): - self.connect() - try: - cursor = self.db.cursor() - cursor.execute("select * from bardienste where startdatetime='{}'".format(date)) - data = cursor.fetchall() - self.db.close() - except Exception as err: - raise err - + cursor = self.db.cursor() + cursor.execute("select * from bardienste where startdatetime='{}'".format(date)) + data = cursor.fetchall() + self.db.close() return [{"user": self.getUserById(work['user_id']).toJSON(), "startdatetime": work['startdatetime'], "enddatetime": work['enddatetime']} for work in data] + @connected def setWorker(self, user, date): - self.connect() try: cursor = self.db.cursor() cursor.execute("insert into bardienste (user_id, startdatetime, enddatetime) values ({},'{}','{}')".format(user.id, date, date + timedelta(days=1))) @@ -215,8 +200,8 @@ class DatabaseController(metaclass=Singleton): self.db.close() raise err + @connected def deleteWorker(self, user, date): - self.connect() try: cursor = self.db.cursor() cursor.execute("delete from bardienste where user_id={} and startdatetime='{}'".format(user.id, date)) diff --git a/geruecht/decorator.py b/geruecht/decorator.py new file mode 100644 index 0000000..4addb6a --- /dev/null +++ b/geruecht/decorator.py @@ -0,0 +1,21 @@ +from functools import wraps +def login_required(**kwargs): + import geruecht.controller.accesTokenController as ac + from geruecht.model import BAR, USER, MONEY, GASTRO + from flask import request, jsonify + accessController = ac.AccesTokenController() + groups = [USER, BAR, GASTRO, MONEY] + if "groups" in kwargs: + groups = kwargs["groups"] + def real_decorator(func): + @wraps(func) + def wrapper(*args, **kwargs): + token = request.headers.get('Token') + accToken = accessController.validateAccessToken(token, groups) + kwargs['accToken'] = accToken + if accToken: + return func(*args, **kwargs) + else: + return jsonify({"error": "error", "message": "permission denied"}), 401 + return wrapper + return real_decorator \ No newline at end of file diff --git a/geruecht/finanzer/routes.py b/geruecht/finanzer/routes.py index 15bfc3b..92d7be1 100644 --- a/geruecht/finanzer/routes.py +++ b/geruecht/finanzer/routes.py @@ -2,16 +2,17 @@ from flask import Blueprint, request, jsonify from geruecht.finanzer import LOGGER from datetime import datetime import geruecht.controller.userController as uc -import geruecht.controller.accesTokenController as ac from geruecht.model import MONEY +from geruecht.decorator import login_required finanzer = Blueprint("finanzer", __name__) -accesTokenController = ac.AccesTokenController() userController = uc.UserController() + @finanzer.route("/getFinanzerMain") -def _getFinanzer(): +@login_required(groups=[MONEY]) +def _getFinanzer(**kwargs): """ Function for /getFinanzerMain Retrieves all User for the groupe 'moneymaster' @@ -20,26 +21,20 @@ def _getFinanzer(): A JSON-File with Users or ERROR 401 Permission Denied. """ - LOGGER.info("Get main for Finanzer") - token = request.headers.get("Token") - LOGGER.debug("Verify AccessToken with Token {}".format(token)) - accToken = accesTokenController.validateAccessToken(token, [MONEY]) - if accToken: - LOGGER.debug("Get all Useres") - users = userController.getAllUsersfromDB() - dic = {} - for user in users: - LOGGER.debug("Add User {} to ReturnValue".format(user)) - dic[user.uid] = user.toJSON() - dic[user.uid]['creditList'] = {credit.year: credit.toJSON() for credit in user.geruechte} - LOGGER.debug("ReturnValue is {}".format(dic)) - LOGGER.info("Send main for Finanzer") - return jsonify(dic) - LOGGER.info("Permission Denied") - return jsonify({"error": "permission denied"}), 401 + LOGGER.debug("Get all Useres") + users = userController.getAllUsersfromDB() + dic = {} + for user in users: + LOGGER.debug("Add User {} to ReturnValue".format(user)) + dic[user.uid] = user.toJSON() + dic[user.uid]['creditList'] = {credit.year: credit.toJSON() for credit in user.geruechte} + LOGGER.debug("ReturnValue is {}".format(dic)) + LOGGER.info("Send main for Finanzer") + return jsonify(dic) @finanzer.route("/finanzerAddAmount", methods=['POST']) -def _addAmount(): +@login_required(groups=[MONEY]) +def _addAmount(**kwargs): """ Add Amount to User This Function add an amount to the user with posted userID. @@ -50,39 +45,32 @@ def _addAmount(): JSON-File with geruecht of year or ERROR 401 Permission Denied """ - LOGGER.info("Add Amount") - token = request.headers.get("Token") - LOGGER.debug("Verify AccessToken with Token {}".format(token)) - accToken = accesTokenController.validateAccessToken(token, [MONEY]) - - if accToken: - data = request.get_json() - LOGGER.debug("Get data {}".format(data)) - userID = data['userId'] - amount = int(data['amount']) - LOGGER.debug("UserID is {} and amount is {}".format(userID, amount)) - try: - year = int(data['year']) - except KeyError as er: - LOGGER.error("KeyError in year. Year is set to default.") - year = datetime.now().year - try: - month = int(data['month']) - except KeyError as er: - LOGGER.error("KeyError in month. Month is set to default.") - month = datetime.now().month - LOGGER.debug("Year is {} and Month is {}".format(year, month)) - userController.addAmount(userID, amount, year=year, month=month, finanzer=True) - user = userController.getUser(userID) - retVal = {str(geruecht.year): geruecht.toJSON() for geruecht in user.geruechte} - retVal['locked'] = user.locked - LOGGER.info("Send updated Geruecht") - return jsonify(retVal) - LOGGER.info("Permission Denied") - return jsonify({"error": "permission denied"}), 401 + data = request.get_json() + LOGGER.debug("Get data {}".format(data)) + userID = data['userId'] + amount = int(data['amount']) + LOGGER.debug("UserID is {} and amount is {}".format(userID, amount)) + try: + year = int(data['year']) + except KeyError as er: + LOGGER.error("KeyError in year. Year is set to default.") + year = datetime.now().year + try: + month = int(data['month']) + except KeyError as er: + LOGGER.error("KeyError in month. Month is set to default.") + month = datetime.now().month + LOGGER.debug("Year is {} and Month is {}".format(year, month)) + userController.addAmount(userID, amount, year=year, month=month, finanzer=True) + user = userController.getUser(userID) + retVal = {str(geruecht.year): geruecht.toJSON() for geruecht in user.geruechte} + retVal['locked'] = user.locked + LOGGER.info("Send updated Geruecht") + return jsonify(retVal) @finanzer.route("/finanzerAddCredit", methods=['POST']) -def _addCredit(): +@login_required(groups=[MONEY]) +def _addCredit(**kwargs): """ Add Credit to User This Function add an credit to the user with posted userID. @@ -93,106 +81,79 @@ def _addCredit(): JSON-File with geruecht of year or ERROR 401 Permission Denied """ - LOGGER.info("Add Amount") - token = request.headers.get("Token") - LOGGER.debug("Verify AccessToken with Token {}".format(token)) - accToken = accesTokenController.validateAccessToken(token, [MONEY]) + data = request.get_json() + print(data) + LOGGER.debug("Get data {}".format(data)) + userID = data['userId'] + credit = int(data['credit']) + LOGGER.debug("UserID is {} and credit is {}".format(userID, credit)) - if accToken: + try: + year = int(data['year']) + except KeyError as er: + LOGGER.error("KeyError in year. Year is set to default.") + year = datetime.now().year + try: + month = int(data['month']) + except KeyError as er: + LOGGER.error("KeyError in month. Month is set to default.") + month = datetime.now().month - data = request.get_json() - print(data) - LOGGER.debug("Get data {}".format(data)) - userID = data['userId'] - credit = int(data['credit']) - LOGGER.debug("UserID is {} and credit is {}".format(userID, credit)) + LOGGER.debug("Year is {} and Month is {}".format(year, month)) + userController.addCredit(userID, credit, year=year, month=month).toJSON() + user = userController.getUser(userID) + retVal = {str(geruecht.year): geruecht.toJSON() for geruecht in user.geruechte} + retVal['locked'] = user.locked + LOGGER.info("Send updated Geruecht") + return jsonify(retVal) - try: - year = int(data['year']) - except KeyError as er: - LOGGER.error("KeyError in year. Year is set to default.") - year = datetime.now().year - try: - month = int(data['month']) - except KeyError as er: - LOGGER.error("KeyError in month. Month is set to default.") - month = datetime.now().month - - LOGGER.debug("Year is {} and Month is {}".format(year, month)) - userController.addCredit(userID, credit, year=year, month=month).toJSON() - user = userController.getUser(userID) - retVal = {str(geruecht.year): geruecht.toJSON() for geruecht in user.geruechte} - retVal['locked'] = user.locked - LOGGER.info("Send updated Geruecht") - return jsonify(retVal) - LOGGER.info("Permission Denied") - return jsonify({"error": "permission denied"}), 401 @finanzer.route("/finanzerLock", methods=['POST']) -def _finanzerLock(): - token = request.headers.get("Token") - accToken = accesTokenController.validateAccessToken(token, [MONEY]) +@login_required(groups=[MONEY]) +def _finanzerLock(**kwargs): + data = request.get_json() + username = data['userId'] + locked = bool(data['locked']) + retVal = userController.lockUser(username, locked).toJSON() + return jsonify(retVal) - if accToken: - data = request.get_json() - username = data['userId'] - locked = bool(data['locked']) - retVal = userController.lockUser(username, locked).toJSON() - return jsonify(retVal) - return jsonify({"error": "permission denied"}), 401 @finanzer.route("/finanzerSetConfig", methods=['POST']) -def _finanzerSetConfig(): - token = request.headers.get("Token") - accToken = accesTokenController.validateAccessToken(token, [MONEY]) - - if accToken: - data = request.get_json() - username = data['userId'] - autoLock = bool(data['autoLock']) - limit = int(data['limit']) - retVal = userController.updateConfig(username, {'lockLimit': limit, 'autoLock': autoLock}).toJSON() - return jsonify(retVal) - return jsonify({"error": "permission denied"}), 401 +@login_required(groups=[MONEY]) +def _finanzerSetConfig(**kwargs): + data = request.get_json() + username = data['userId'] + autoLock = bool(data['autoLock']) + limit = int(data['limit']) + retVal = userController.updateConfig(username, {'lockLimit': limit, 'autoLock': autoLock}).toJSON() + return jsonify(retVal) @finanzer.route("/finanzerAddUser", methods=['POST']) -def _finanzerAddUser(): - token = request.headers.get("Token") - accToken = accesTokenController.validateAccessToken(token, [MONEY]) - - if accToken: - data = request.get_json() - username = data['userId'] - userController.getUser(username) - LOGGER.debug("Get all Useres") - users = userController.getAllUsersfromDB() - dic = {} - for user in users: - LOGGER.debug("Add User {} to ReturnValue".format(user)) - dic[user.uid] = user.toJSON() - dic[user.uid]['creditList'] = {credit.year: credit.toJSON() for credit in user.geruechte} - LOGGER.debug("ReturnValue is {}".format(dic)) - return jsonify(dic), 200 - return jsonify({"error": "permission denied"}), 401 +@login_required(groups=[MONEY]) +def _finanzerAddUser(**kwargs): + data = request.get_json() + username = data['userId'] + userController.getUser(username) + LOGGER.debug("Get all Useres") + users = userController.getAllUsersfromDB() + dic = {} + for user in users: + LOGGER.debug("Add User {} to ReturnValue".format(user)) + dic[user.uid] = user.toJSON() + dic[user.uid]['creditList'] = {credit.year: credit.toJSON() for credit in user.geruechte} + LOGGER.debug("ReturnValue is {}".format(dic)) + return jsonify(dic), 200 @finanzer.route("/finanzerSendOneMail", methods=['POST']) -def _finanzerSendOneMail(): - token = request.headers.get("Token") - accToken = accesTokenController.validateAccessToken(token, [MONEY]) - - if accToken: - data = request.get_json() - username = data['userId'] - retVal = userController.sendMail(username) - return jsonify(retVal) - return jsonify({"error:", "permission denied"}), 401 +@login_required(groups=[MONEY]) +def _finanzerSendOneMail(**kwargs): + data = request.get_json() + username = data['userId'] + retVal = userController.sendMail(username) + return jsonify(retVal) @finanzer.route("/finanzerSendAllMail", methods=['GET']) -def _finanzerSendAllMail(): - token = request.headers.get("Token") - accToken = accesTokenController.validateAccessToken(token, [MONEY]) - - if accToken: - retVal = userController.sendAllMail() - return jsonify(retVal) - return jsonify({"error": "permission denied"}), 401 \ No newline at end of file +@login_required(groups=[MONEY]) +def _finanzerSendAllMail(**kwargs): + retVal = userController.sendAllMail() + return jsonify(retVal) \ No newline at end of file diff --git a/geruecht/user/routes.py b/geruecht/user/routes.py index 089f3c7..5b30297 100644 --- a/geruecht/user/routes.py +++ b/geruecht/user/routes.py @@ -1,33 +1,30 @@ from flask import Blueprint, request, jsonify -import geruecht.controller as gc +from geruecht.decorator import login_required import geruecht.controller.userController as uc -import geruecht.controller.accesTokenController as ac from geruecht.model import USER from datetime import datetime user = Blueprint("user", __name__) -accesTokenController = ac.AccesTokenController() userController = uc.UserController() -@user.route("/user/main") -def _main(): - token = request.headers.get("Token") - accToken = accesTokenController.validateAccessToken(token, [USER]) - if accToken: +@user.route("/user/main") +@login_required(groups=[USER]) +def _main(**kwargs): + if 'accToken' in kwargs: + accToken = kwargs['accToken'] accToken.user = userController.getUser(accToken.user.uid) retVal = accToken.user.toJSON() retVal['creditList'] = {credit.year: credit.toJSON() for credit in accToken.user.geruechte} return jsonify(retVal) - return jsonify({"error": "permission denied"}), 401 + return jsonify("error", "something went wrong"), 500 @user.route("/user/addAmount", methods=['POST']) -def _addAmount(): - - token = request.headers.get("Token") - accToken = accesTokenController.validateAccessToken(token, [USER]) - if accToken: +@login_required(groups=[USER]) +def _addAmount(**kwargs): + if 'accToken' in kwargs: + accToken = kwargs['accToken'] data = request.get_json() amount = int(data['amount']) date = datetime.now() @@ -36,4 +33,4 @@ def _addAmount(): retVal = accToken.user.toJSON() retVal['creditList'] = {credit.year: credit.toJSON() for credit in accToken.user.geruechte} return jsonify(retVal) - return jsonify({"error": "permission denied"}), 401 \ No newline at end of file + return jsonify({"error": "something went wrong"}), 500 \ No newline at end of file diff --git a/geruecht/vorstand/routes.py b/geruecht/vorstand/routes.py index a0535a8..3d69f90 100644 --- a/geruecht/vorstand/routes.py +++ b/geruecht/vorstand/routes.py @@ -1,24 +1,25 @@ from flask import Blueprint, request, jsonify from datetime import datetime -from geruecht.controller import accesTokenController, userController +import geruecht.controller.userController as uc +from geruecht.decorator import login_required from geruecht.model import MONEY, GASTRO vorstand = Blueprint("vorstand", __name__) +userController = uc.UserController() + @vorstand.route("/sm/addUser", methods=['POST', 'GET']) + +@login_required(groups=[MONEY, GASTRO]) def _addUser(): if request.method == 'GET': return "

HEllo World

" - token = request.headers.get("Token") - accToken = accesTokenController.validateAccessToken(token, [MONEY, GASTRO]) - if accToken: - data = request.get_json() - user = data['user'] - date = datetime.utcfromtimestamp(int(data['date'])) - userController.addWorker(user['username'], date) + data = request.get_json() + user = data['user'] + date = datetime.utcfromtimestamp(int(data['date'])) + userController.addWorker(user['username'], date) - print(data) - return jsonify({"date": date}) - return jsonify({"error": "permission denied"}), 401 \ No newline at end of file + print(data) + return jsonify({"date": date}) \ No newline at end of file