Flaschengeist/flaschengeist
Flaschengeist
/
flaschengeist
7
0
Fork 0
Code Issues 20 Pull Requests Packages Projects Releases 2 Wiki Activity

added decoratos for connected in database and login_requird in routes

This commit is contained in:
Tim Gröger 2020-01-19 09:07:45 +01:00
parent 29f20b2327
commit f782be934d
7 changed files with 266 additions and 324 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
geruecht/__init__.py
View File

@ -15,7 +15,7 @@ from flask_cors import CORS
LOGGER.info("Build APP") LOGGER.info("Build APP")
app = Flask(__name__) app = Flask(__name__)
CORS(app) CORS(app)
# app.config['SECRET_KEY'] = '0a657b97ef546da90b2db91862ad4e29' app.config['SECRET_KEY'] = '0a657b97ef546da90b2db91862ad4e29'
from geruecht import routes from geruecht import routes
from geruecht.baruser.routes import baruser from geruecht.baruser.routes import baruser

55
geruecht/baruser/routes.py
View File

@ -1,19 +1,20 @@
from flask import Blueprint, request, jsonify from flask import Blueprint, request, jsonify
import geruecht.controller as gc import geruecht.controller as gc
import geruecht.controller.ldapController as lc import geruecht.controller.ldapController as lc
import geruecht.controller.accesTokenController as ac
import geruecht.controller.userController as uc import geruecht.controller.userController as uc
from datetime import datetime from datetime import datetime
from geruecht.model import BAR, MONEY from geruecht.model import BAR, MONEY
from geruecht.decorator import login_required
baruser = Blueprint("baruser", __name__) baruser = Blueprint("baruser", __name__)
ldap= lc.LDAPController(gc.ldapConfig['URL'], gc.ldapConfig['dn']) ldap= lc.LDAPController(gc.ldapConfig['URL'], gc.ldapConfig['dn'])
accesTokenController = ac.AccesTokenController()
userController = uc.UserController() userController = uc.UserController()
@baruser.route("/bar") @baruser.route("/bar")
def _bar(): @login_required(groups=[BAR])
def _bar(**kwargs):
""" Main function for Baruser """ Main function for Baruser
Returns JSON-file with all Users, who hast amounts in this month. Returns JSON-file with all Users, who hast amounts in this month.
@ -22,13 +23,7 @@ def _bar():
JSON-File with Users, who has amounts in this month JSON-File with Users, who has amounts in this month
or ERROR 401 Permission Denied or ERROR 401 Permission Denied
""" """
print(request.headers)
token = request.headers.get("Token")
print(token)
accToken = accesTokenController.validateAccessToken(token, [BAR])
dic = {} dic = {}
if accToken:
users = userController.getAllUsersfromDB() users = userController.getAllUsersfromDB()
for user in users: for user in users:
geruecht = None geruecht = None
@ -50,10 +45,11 @@ def _bar():
"type": type "type": type
} }
return jsonify(dic) return jsonify(dic)
return jsonify({"error": "permission denied"}), 401
@baruser.route("/baradd", methods=['POST']) @baruser.route("/baradd", methods=['POST'])
def _baradd(): @login_required(groups=[BAR])
def _baradd(**kwargs):
""" Function for Baruser to add amount """ Function for Baruser to add amount
This function added to the user with the posted userID the posted amount. This function added to the user with the posted userID the posted amount.
@ -62,11 +58,6 @@ def _baradd():
JSON-File with userID and the amount JSON-File with userID and the amount
or ERROR 401 Permission Denied or ERROR 401 Permission Denied
""" """
token = request.headers.get("Token")
print(token)
accToken = accesTokenController.validateAccessToken(token, [BAR])
if accToken:
data = request.get_json() data = request.get_json()
userID = data['userId'] userID = data['userId']
amount = int(data['amount']) amount = int(data['amount'])
@ -87,10 +78,11 @@ def _baradd():
dic['type'] = type dic['type'] = type
return jsonify(dic) return jsonify(dic)
return jsonify({"error", "permission denied"}), 401
@baruser.route("/barGetUsers") @baruser.route("/barGetUsers")
def _getUsers(): @login_required(groups=[BAR, MONEY])
def _getUsers(**kwargs):
""" Get Users without amount """ Get Users without amount
This Function returns all Users, who hasn't an amount in this month. This Function returns all Users, who hasn't an amount in this month.
@ -99,21 +91,14 @@ def _getUsers():
JSON-File with Users JSON-File with Users
or ERROR 401 Permission Denied or ERROR 401 Permission Denied
""" """
token = request.headers.get("Token")
print(token)
accToken = accesTokenController.validateAccessToken(token, [BAR])
retVal = {} retVal = {}
if accToken:
retVal = ldap.getAllUser() retVal = ldap.getAllUser()
return jsonify(retVal) return jsonify(retVal)
return jsonify({"error": "permission denied"}), 401
@baruser.route("/barGetUser", methods=['POST']) @baruser.route("/barGetUser", methods=['POST'])
def _getUser(): @login_required(groups=[BAR])
token = request.headers.get("Token") def _getUser(**kwargs):
accToken = accesTokenController.validateAccessToken(token, [BAR])
if accToken:
data = request.get_json() data = request.get_json()
username = data['userId'] username = data['userId']
user = userController.getUser(username) user = userController.getUser(username)
@ -127,20 +112,12 @@ def _getUser():
retVal['amount'] = amount retVal['amount'] = amount
retVal['type'] = type retVal['type'] = type
return jsonify(retVal) return jsonify(retVal)
return jsonify("error", "permission denied"), 401
@baruser.route("/search", methods=['POST']) @baruser.route("/search", methods=['POST'])
def _search(): @login_required(groups=[BAR, MONEY])
token = request.headers.get("Token") def _search(**kwargs):
print(token)
accToken = accesTokenController.validateAccessToken(token, [BAR, MONEY])
if accToken:
data = request.get_json() data = request.get_json()
searchString = data['searchString'] searchString = data['searchString']
retVal = ldap.searchUser(searchString) retVal = ldap.searchUser(searchString)
return jsonify(retVal) return jsonify(retVal)
return jsonify({"error": "permission denied"}), 401

57
geruecht/controller/databaseController.py
View File

@ -4,6 +4,14 @@ from geruecht.model.user import User
from geruecht.model.creditList import CreditList from geruecht.model.creditList import CreditList
from datetime import datetime, timedelta from datetime import datetime, timedelta
def connected(func):
def wrapper(*args, **kwargs):
self = args[0]
if not self.db.open:
self.connect()
return func(*args,**kwargs)
return wrapper
class DatabaseController(metaclass=Singleton): class DatabaseController(metaclass=Singleton):
''' '''
DatabaesController DatabaesController
@ -24,16 +32,12 @@ class DatabaseController(metaclass=Singleton):
self.db = pymysql.connect(self.url, self.user, self.password, self.database, cursorclass=pymysql.cursors.DictCursor) self.db = pymysql.connect(self.url, self.user, self.password, self.database, cursorclass=pymysql.cursors.DictCursor)
except Exception as err: except Exception as err:
raise err raise err
@connected
def getAllUser(self): def getAllUser(self):
self.connect()
cursor = self.db.cursor() cursor = self.db.cursor()
try:
cursor.execute("select * from user") cursor.execute("select * from user")
data = cursor.fetchall() data = cursor.fetchall()
self.db.close() self.db.close()
except Exception as err:
raise err
if data: if data:
retVal = [] retVal = []
@ -43,34 +47,26 @@ class DatabaseController(metaclass=Singleton):
user.initGeruechte(creditLists) user.initGeruechte(creditLists)
retVal.append(user) retVal.append(user)
return retVal return retVal
@connected
def getUser(self, username): def getUser(self, username):
self.connect()
retVal = None retVal = None
cursor = self.db.cursor() cursor = self.db.cursor()
try:
cursor.execute("select * from user where uid='{}'".format(username)) cursor.execute("select * from user where uid='{}'".format(username))
data = cursor.fetchone() data = cursor.fetchone()
self.db.close() self.db.close()
except Exception as err:
raise err
if data: if data:
retVal = User(data) retVal = User(data)
creditLists = self.getCreditListFromUser(retVal) creditLists = self.getCreditListFromUser(retVal)
retVal.initGeruechte(creditLists) retVal.initGeruechte(creditLists)
return retVal return retVal
@connected
def getUserById(self, id): def getUserById(self, id):
self.connect()
retVal = None retVal = None
try:
cursor = self.db.cursor() cursor = self.db.cursor()
cursor.execute("select * from user where id={}".format(id)) cursor.execute("select * from user where id={}".format(id))
data = cursor.fetchone() data = cursor.fetchone()
self.db.close() self.db.close()
except Exception as err:
raise err
if data: if data:
retVal = User(data) retVal = User(data)
creditLists = self.getCreditListFromUser(retVal) creditLists = self.getCreditListFromUser(retVal)
@ -85,8 +81,8 @@ class DatabaseController(metaclass=Singleton):
retVal += group retVal += group
return retVal return retVal
@connected
def insertUser(self, user): def insertUser(self, user):
self.connect()
cursor = self.db.cursor() cursor = self.db.cursor()
groups = self._convertGroupToString(user.group) groups = self._convertGroupToString(user.group)
try: try:
@ -99,8 +95,8 @@ class DatabaseController(metaclass=Singleton):
raise err raise err
self.db.close() self.db.close()
@connected
def updateUser(self, user): def updateUser(self, user):
self.connect()
cursor = self.db.cursor() cursor = self.db.cursor()
groups = self._convertGroupToString(user.group) groups = self._convertGroupToString(user.group)
try: try:
@ -117,10 +113,9 @@ class DatabaseController(metaclass=Singleton):
self.db.close() self.db.close()
@connected
def getCreditListFromUser(self, user, **kwargs): def getCreditListFromUser(self, user, **kwargs):
self.connect()
cursor = self.db.cursor() cursor = self.db.cursor()
try:
if 'year' in kwargs: if 'year' in kwargs:
sql = "select * from creditList where user_id={} and year_date={}".format(user.id, kwargs['year']) sql = "select * from creditList where user_id={} and year_date={}".format(user.id, kwargs['year'])
else: else:
@ -128,27 +123,25 @@ class DatabaseController(metaclass=Singleton):
cursor.execute(sql) cursor.execute(sql)
data = cursor.fetchall() data = cursor.fetchall()
self.db.close() self.db.close()
except Exception as err:
self.db.close()
raise err
if len(data) == 1: if len(data) == 1:
return [CreditList(data[0])] return [CreditList(data[0])]
else: else:
return [CreditList(value) for value in data] return [CreditList(value) for value in data]
@connected
def createCreditList(self, user_id, year=datetime.now().year): def createCreditList(self, user_id, year=datetime.now().year):
self.connect()
cursor = self.db.cursor() cursor = self.db.cursor()
try: try:
cursor.execute("insert into creditList (year_date, user_id) values ({},{})".format(year, user_id)) cursor.execute("insert into creditList (year_date, user_id) values ({},{})".format(year, user_id))
self.db.commit() self.db.commit()
self.db.close() self.db.close()
except Exception as err: except Exception as err:
self.db.rollback()
self.db.close() self.db.close()
raise err raise err
@connected
def updateCreditList(self, creditlist): def updateCreditList(self, creditlist):
self.connect()
cursor = self.db.cursor() cursor = self.db.cursor()
try: try:
cursor.execute("select * from creditList where user_id={} and year_date={}".format(creditlist.user_id, creditlist.year)) cursor.execute("select * from creditList where user_id={} and year_date={}".format(creditlist.user_id, creditlist.year))
@ -179,32 +172,24 @@ class DatabaseController(metaclass=Singleton):
self.db.rollback() self.db.rollback()
self.db.close() self.db.close()
raise err raise err
@connected
def getWorker(self, user, date): def getWorker(self, user, date):
self.connect()
try:
cursor = self.db.cursor() cursor = self.db.cursor()
cursor.execute("select * from bardienste where user_id={} and startdatetime='{}'".format(user.id, date)) cursor.execute("select * from bardienste where user_id={} and startdatetime='{}'".format(user.id, date))
data = cursor.fetchone() data = cursor.fetchone()
self.db.close() self.db.close()
except Exception as err:
raise err
return {"user": user, "startdatetime": data['startdatetime'], "enddatetime": data['enddatetime']} if data else None return {"user": user, "startdatetime": data['startdatetime'], "enddatetime": data['enddatetime']} if data else None
@connected
def getWorkers(self, date): def getWorkers(self, date):
self.connect()
try:
cursor = self.db.cursor() cursor = self.db.cursor()
cursor.execute("select * from bardienste where startdatetime='{}'".format(date)) cursor.execute("select * from bardienste where startdatetime='{}'".format(date))
data = cursor.fetchall() data = cursor.fetchall()
self.db.close() self.db.close()
except Exception as err:
raise err
return [{"user": self.getUserById(work['user_id']).toJSON(), "startdatetime": work['startdatetime'], "enddatetime": work['enddatetime']} for work in data] return [{"user": self.getUserById(work['user_id']).toJSON(), "startdatetime": work['startdatetime'], "enddatetime": work['enddatetime']} for work in data]
@connected
def setWorker(self, user, date): def setWorker(self, user, date):
self.connect()
try: try:
cursor = self.db.cursor() cursor = self.db.cursor()
cursor.execute("insert into bardienste (user_id, startdatetime, enddatetime) values ({},'{}','{}')".format(user.id, date, date + timedelta(days=1))) cursor.execute("insert into bardienste (user_id, startdatetime, enddatetime) values ({},'{}','{}')".format(user.id, date, date + timedelta(days=1)))
@ -215,8 +200,8 @@ class DatabaseController(metaclass=Singleton):
self.db.close() self.db.close()
raise err raise err
@connected
def deleteWorker(self, user, date): def deleteWorker(self, user, date):
self.connect()
try: try:
cursor = self.db.cursor() cursor = self.db.cursor()
cursor.execute("delete from bardienste where user_id={} and startdatetime='{}'".format(user.id, date)) cursor.execute("delete from bardienste where user_id={} and startdatetime='{}'".format(user.id, date))

21
geruecht/decorator.py Normal file
View File

@ -0,0 +1,21 @@
from functools import wraps
def login_required(**kwargs):
import geruecht.controller.accesTokenController as ac
from geruecht.model import BAR, USER, MONEY, GASTRO
from flask import request, jsonify
accessController = ac.AccesTokenController()
groups = [USER, BAR, GASTRO, MONEY]
if "groups" in kwargs:
groups = kwargs["groups"]
def real_decorator(func):
@wraps(func)
def wrapper(*args, **kwargs):
token = request.headers.get('Token')
accToken = accessController.validateAccessToken(token, groups)
kwargs['accToken'] = accToken
if accToken:
return func(*args, **kwargs)
else:
return jsonify({"error": "error", "message": "permission denied"}), 401
return wrapper
return real_decorator

79
geruecht/finanzer/routes.py
View File

@ -2,16 +2,17 @@ from flask import Blueprint, request, jsonify
from geruecht.finanzer import LOGGER from geruecht.finanzer import LOGGER
from datetime import datetime from datetime import datetime
import geruecht.controller.userController as uc import geruecht.controller.userController as uc
import geruecht.controller.accesTokenController as ac
from geruecht.model import MONEY from geruecht.model import MONEY
from geruecht.decorator import login_required
finanzer = Blueprint("finanzer", __name__) finanzer = Blueprint("finanzer", __name__)
accesTokenController = ac.AccesTokenController()
userController = uc.UserController() userController = uc.UserController()
@finanzer.route("/getFinanzerMain") @finanzer.route("/getFinanzerMain")
def _getFinanzer(): @login_required(groups=[MONEY])
def _getFinanzer(**kwargs):
""" Function for /getFinanzerMain """ Function for /getFinanzerMain
Retrieves all User for the groupe 'moneymaster' Retrieves all User for the groupe 'moneymaster'
@ -20,11 +21,6 @@ def _getFinanzer():
A JSON-File with Users A JSON-File with Users
or ERROR 401 Permission Denied. or ERROR 401 Permission Denied.
""" """
LOGGER.info("Get main for Finanzer")
token = request.headers.get("Token")
LOGGER.debug("Verify AccessToken with Token {}".format(token))
accToken = accesTokenController.validateAccessToken(token, [MONEY])
if accToken:
LOGGER.debug("Get all Useres") LOGGER.debug("Get all Useres")
users = userController.getAllUsersfromDB() users = userController.getAllUsersfromDB()
dic = {} dic = {}
@ -35,11 +31,10 @@ def _getFinanzer():
LOGGER.debug("ReturnValue is {}".format(dic)) LOGGER.debug("ReturnValue is {}".format(dic))
LOGGER.info("Send main for Finanzer") LOGGER.info("Send main for Finanzer")
return jsonify(dic) return jsonify(dic)
LOGGER.info("Permission Denied")
return jsonify({"error": "permission denied"}), 401
@finanzer.route("/finanzerAddAmount", methods=['POST']) @finanzer.route("/finanzerAddAmount", methods=['POST'])
def _addAmount(): @login_required(groups=[MONEY])
def _addAmount(**kwargs):
""" Add Amount to User """ Add Amount to User
This Function add an amount to the user with posted userID. This Function add an amount to the user with posted userID.
@ -50,12 +45,6 @@ def _addAmount():
JSON-File with geruecht of year JSON-File with geruecht of year
or ERROR 401 Permission Denied or ERROR 401 Permission Denied
""" """
LOGGER.info("Add Amount")
token = request.headers.get("Token")
LOGGER.debug("Verify AccessToken with Token {}".format(token))
accToken = accesTokenController.validateAccessToken(token, [MONEY])
if accToken:
data = request.get_json() data = request.get_json()
LOGGER.debug("Get data {}".format(data)) LOGGER.debug("Get data {}".format(data))
userID = data['userId'] userID = data['userId']
@ -78,11 +67,10 @@ def _addAmount():
retVal['locked'] = user.locked retVal['locked'] = user.locked
LOGGER.info("Send updated Geruecht") LOGGER.info("Send updated Geruecht")
return jsonify(retVal) return jsonify(retVal)
LOGGER.info("Permission Denied")
return jsonify({"error": "permission denied"}), 401
@finanzer.route("/finanzerAddCredit", methods=['POST']) @finanzer.route("/finanzerAddCredit", methods=['POST'])
def _addCredit(): @login_required(groups=[MONEY])
def _addCredit(**kwargs):
""" Add Credit to User """ Add Credit to User
This Function add an credit to the user with posted userID. This Function add an credit to the user with posted userID.
@ -93,13 +81,6 @@ def _addCredit():
JSON-File with geruecht of year JSON-File with geruecht of year
or ERROR 401 Permission Denied or ERROR 401 Permission Denied
""" """
LOGGER.info("Add Amount")
token = request.headers.get("Token")
LOGGER.debug("Verify AccessToken with Token {}".format(token))
accToken = accesTokenController.validateAccessToken(token, [MONEY])
if accToken:
data = request.get_json() data = request.get_json()
print(data) print(data)
LOGGER.debug("Get data {}".format(data)) LOGGER.debug("Get data {}".format(data))
@ -125,42 +106,31 @@ def _addCredit():
retVal['locked'] = user.locked retVal['locked'] = user.locked
LOGGER.info("Send updated Geruecht") LOGGER.info("Send updated Geruecht")
return jsonify(retVal) return jsonify(retVal)
LOGGER.info("Permission Denied")
return jsonify({"error": "permission denied"}), 401
@finanzer.route("/finanzerLock", methods=['POST']) @finanzer.route("/finanzerLock", methods=['POST'])
def _finanzerLock(): @login_required(groups=[MONEY])
token = request.headers.get("Token") def _finanzerLock(**kwargs):
accToken = accesTokenController.validateAccessToken(token, [MONEY])
if accToken:
data = request.get_json() data = request.get_json()
username = data['userId'] username = data['userId']
locked = bool(data['locked']) locked = bool(data['locked'])
retVal = userController.lockUser(username, locked).toJSON() retVal = userController.lockUser(username, locked).toJSON()
return jsonify(retVal) return jsonify(retVal)
return jsonify({"error": "permission denied"}), 401
@finanzer.route("/finanzerSetConfig", methods=['POST']) @finanzer.route("/finanzerSetConfig", methods=['POST'])
def _finanzerSetConfig(): @login_required(groups=[MONEY])
token = request.headers.get("Token") def _finanzerSetConfig(**kwargs):
accToken = accesTokenController.validateAccessToken(token, [MONEY])
if accToken:
data = request.get_json() data = request.get_json()
username = data['userId'] username = data['userId']
autoLock = bool(data['autoLock']) autoLock = bool(data['autoLock'])
limit = int(data['limit']) limit = int(data['limit'])
retVal = userController.updateConfig(username, {'lockLimit': limit, 'autoLock': autoLock}).toJSON() retVal = userController.updateConfig(username, {'lockLimit': limit, 'autoLock': autoLock}).toJSON()
return jsonify(retVal) return jsonify(retVal)
return jsonify({"error": "permission denied"}), 401
@finanzer.route("/finanzerAddUser", methods=['POST']) @finanzer.route("/finanzerAddUser", methods=['POST'])
def _finanzerAddUser(): @login_required(groups=[MONEY])
token = request.headers.get("Token") def _finanzerAddUser(**kwargs):
accToken = accesTokenController.validateAccessToken(token, [MONEY])
if accToken:
data = request.get_json() data = request.get_json()
username = data['userId'] username = data['userId']
userController.getUser(username) userController.getUser(username)
@ -173,26 +143,17 @@ def _finanzerAddUser():
dic[user.uid]['creditList'] = {credit.year: credit.toJSON() for credit in user.geruechte} dic[user.uid]['creditList'] = {credit.year: credit.toJSON() for credit in user.geruechte}
LOGGER.debug("ReturnValue is {}".format(dic)) LOGGER.debug("ReturnValue is {}".format(dic))
return jsonify(dic), 200 return jsonify(dic), 200
return jsonify({"error": "permission denied"}), 401
@finanzer.route("/finanzerSendOneMail", methods=['POST']) @finanzer.route("/finanzerSendOneMail", methods=['POST'])
def _finanzerSendOneMail(): @login_required(groups=[MONEY])
token = request.headers.get("Token") def _finanzerSendOneMail(**kwargs):
accToken = accesTokenController.validateAccessToken(token, [MONEY])
if accToken:
data = request.get_json() data = request.get_json()
username = data['userId'] username = data['userId']
retVal = userController.sendMail(username) retVal = userController.sendMail(username)
return jsonify(retVal) return jsonify(retVal)
return jsonify({"error:", "permission denied"}), 401
@finanzer.route("/finanzerSendAllMail", methods=['GET']) @finanzer.route("/finanzerSendAllMail", methods=['GET'])
def _finanzerSendAllMail(): @login_required(groups=[MONEY])
token = request.headers.get("Token") def _finanzerSendAllMail(**kwargs):
accToken = accesTokenController.validateAccessToken(token, [MONEY])
if accToken:
retVal = userController.sendAllMail() retVal = userController.sendAllMail()
return jsonify(retVal) return jsonify(retVal)
return jsonify({"error": "permission denied"}), 401

27
geruecht/user/routes.py
View File

@ -1,33 +1,30 @@
from flask import Blueprint, request, jsonify from flask import Blueprint, request, jsonify
import geruecht.controller as gc from geruecht.decorator import login_required
import geruecht.controller.userController as uc import geruecht.controller.userController as uc
import geruecht.controller.accesTokenController as ac
from geruecht.model import USER from geruecht.model import USER
from datetime import datetime from datetime import datetime
user = Blueprint("user", __name__) user = Blueprint("user", __name__)
accesTokenController = ac.AccesTokenController()
userController = uc.UserController() userController = uc.UserController()
@user.route("/user/main")
def _main():
token = request.headers.get("Token") @user.route("/user/main")
accToken = accesTokenController.validateAccessToken(token, [USER]) @login_required(groups=[USER])
if accToken: def _main(**kwargs):
if 'accToken' in kwargs:
accToken = kwargs['accToken']
accToken.user = userController.getUser(accToken.user.uid) accToken.user = userController.getUser(accToken.user.uid)
retVal = accToken.user.toJSON() retVal = accToken.user.toJSON()
retVal['creditList'] = {credit.year: credit.toJSON() for credit in accToken.user.geruechte} retVal['creditList'] = {credit.year: credit.toJSON() for credit in accToken.user.geruechte}
return jsonify(retVal) return jsonify(retVal)
return jsonify({"error": "permission denied"}), 401 return jsonify("error", "something went wrong"), 500
@user.route("/user/addAmount", methods=['POST']) @user.route("/user/addAmount", methods=['POST'])
def _addAmount(): @login_required(groups=[USER])
def _addAmount(**kwargs):
token = request.headers.get("Token") if 'accToken' in kwargs:
accToken = accesTokenController.validateAccessToken(token, [USER]) accToken = kwargs['accToken']
if accToken:
data = request.get_json() data = request.get_json()
amount = int(data['amount']) amount = int(data['amount'])
date = datetime.now() date = datetime.now()
@ -36,4 +33,4 @@ def _addAmount():
retVal = accToken.user.toJSON() retVal = accToken.user.toJSON()
retVal['creditList'] = {credit.year: credit.toJSON() for credit in accToken.user.geruechte} retVal['creditList'] = {credit.year: credit.toJSON() for credit in accToken.user.geruechte}
return jsonify(retVal) return jsonify(retVal)
return jsonify({"error": "permission denied"}), 401 return jsonify({"error": "something went wrong"}), 500

11
geruecht/vorstand/routes.py
View File

@ -1,19 +1,21 @@
from flask import Blueprint, request, jsonify from flask import Blueprint, request, jsonify
from datetime import datetime from datetime import datetime
from geruecht.controller import accesTokenController, userController import geruecht.controller.userController as uc
from geruecht.decorator import login_required
from geruecht.model import MONEY, GASTRO from geruecht.model import MONEY, GASTRO
vorstand = Blueprint("vorstand", __name__) vorstand = Blueprint("vorstand", __name__)
userController = uc.UserController()
@vorstand.route("/sm/addUser", methods=['POST', 'GET']) @vorstand.route("/sm/addUser", methods=['POST', 'GET'])
@login_required(groups=[MONEY, GASTRO])
def _addUser(): def _addUser():
if request.method == 'GET': if request.method == 'GET':
return "<h1>HEllo World</h1>" return "<h1>HEllo World</h1>"
token = request.headers.get("Token")
accToken = accesTokenController.validateAccessToken(token, [MONEY, GASTRO])
if accToken:
data = request.get_json() data = request.get_json()
user = data['user'] user = data['user']
date = datetime.utcfromtimestamp(int(data['date'])) date = datetime.utcfromtimestamp(int(data['date']))
@ -21,4 +23,3 @@ def _addUser():
print(data) print(data)
return jsonify({"date": date}) return jsonify({"date": date})
return jsonify({"error": "permission denied"}), 401