Flaschengeist/flaschengeist
Flaschengeist
/
flaschengeist
7
0
Fork 0
Code Issues 20 Pull Requests Packages Projects Releases 2 Wiki Activity

Merge branch 'feature/dienstverwaltung' into develop

This commit is contained in:
Tim Gröger 2020-01-19 21:33:58 +01:00
parent d61a97387c 635051d615
commit f7d3b17680
14 changed files with 433 additions and 412 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
geruecht/__init__.py
View File

@ -5,6 +5,8 @@
"""
from .logger import getLogger
from geruecht.controller import dbConfig
from flask_mysqldb import MySQL
LOGGER = getLogger(__name__)
LOGGER.info("Initialize App")
@ -15,14 +17,22 @@ from flask_cors import CORS
LOGGER.info("Build APP")
app = Flask(__name__)
CORS(app)
# app.config['SECRET_KEY'] = '0a657b97ef546da90b2db91862ad4e29'
app.config['SECRET_KEY'] = '0a657b97ef546da90b2db91862ad4e29'
app.config['MYSQL_HOST'] = dbConfig['URL']
app.config['MYSQL_USER'] = dbConfig['user']
app.config['MYSQL_PASSWORD'] = dbConfig['passwd']
app.config['MYSQL_DB'] = dbConfig['database']
app.config['MYSQL_CURSORCLASS'] = 'DictCursor'
db = MySQL(app)
from geruecht import routes
from geruecht.baruser.routes import baruser
from geruecht.finanzer.routes import finanzer
from geruecht.user.routes import user
from geruecht.vorstand.routes import vorstand
LOGGER.info("Registrate bluebrints")
app.register_blueprint(baruser)
app.register_blueprint(finanzer)
app.register_blueprint(user)
app.register_blueprint(vorstand)

173
geruecht/baruser/routes.py
View File

@ -1,12 +1,20 @@
from flask import Blueprint, request, jsonify
from geruecht.controller import ldapController as ldap, accesTokenController, userController
import geruecht.controller as gc
import geruecht.controller.ldapController as lc
import geruecht.controller.userController as uc
from datetime import datetime
from geruecht.model import BAR, MONEY
from geruecht.decorator import login_required
baruser = Blueprint("baruser", __name__)
ldap= lc.LDAPController(gc.ldapConfig['URL'], gc.ldapConfig['dn'])
userController = uc.UserController()
@baruser.route("/bar")
def _bar():
@login_required(groups=[BAR])
def _bar(**kwargs):
""" Main function for Baruser
Returns JSON-file with all Users, who hast amounts in this month.
@ -15,38 +23,33 @@ def _bar():
JSON-File with Users, who has amounts in this month
or ERROR 401 Permission Denied
"""
print(request.headers)
token = request.headers.get("Token")
print(token)
accToken = accesTokenController.validateAccessToken(token, BAR)
dic = {}
if accToken:
users = userController.getAllUsersfromDB()
for user in users:
geruecht = None
geruecht = user.getGeruecht(datetime.now().year)
if geruecht is not None:
month = geruecht.getMonth(datetime.now().month)
amount = month[0] - month[1]
all = geruecht.getSchulden()
if all != 0:
if all >= 0:
type = 'credit'
else:
type = 'amount'
dic[user.uid] = {"username": user.uid,
"firstname": user.firstname,
"lastname": user.lastname,
"amount": abs(all),
"locked": user.locked,
"type": type
}
return jsonify(dic)
return jsonify({"error": "permission denied"}), 401
users = userController.getAllUsersfromDB()
for user in users:
geruecht = None
geruecht = user.getGeruecht(datetime.now().year)
if geruecht is not None:
month = geruecht.getMonth(datetime.now().month)
amount = month[0] - month[1]
all = geruecht.getSchulden()
if all != 0:
if all >= 0:
type = 'credit'
else:
type = 'amount'
dic[user.uid] = {"username": user.uid,
"firstname": user.firstname,
"lastname": user.lastname,
"amount": abs(all),
"locked": user.locked,
"type": type
}
return jsonify(dic)
@baruser.route("/baradd", methods=['POST'])
def _baradd():
@login_required(groups=[BAR])
def _baradd(**kwargs):
""" Function for Baruser to add amount
This function added to the user with the posted userID the posted amount.
@ -55,35 +58,31 @@ def _baradd():
JSON-File with userID and the amount
or ERROR 401 Permission Denied
"""
token = request.headers.get("Token")
print(token)
accToken = accesTokenController.validateAccessToken(token, BAR)
data = request.get_json()
userID = data['userId']
amount = int(data['amount'])
if accToken:
data = request.get_json()
userID = data['userId']
amount = int(data['amount'])
date = datetime.now()
userController.addAmount(userID, amount, year=date.year, month=date.month)
user = userController.getUser(userID)
geruecht = user.getGeruecht(year=date.year)
month = geruecht.getMonth(month=date.month)
amount = abs(month[0] - month[1])
all = geruecht.getSchulden()
if all >= 0:
type = 'credit'
else:
type = 'amount'
dic = user.toJSON()
dic['amount'] = abs(all)
dic['type'] = type
date = datetime.now()
userController.addAmount(userID, amount, year=date.year, month=date.month)
user = userController.getUser(userID)
geruecht = user.getGeruecht(year=date.year)
month = geruecht.getMonth(month=date.month)
amount = abs(month[0] - month[1])
all = geruecht.getSchulden()
if all >= 0:
type = 'credit'
else:
type = 'amount'
dic = user.toJSON()
dic['amount'] = abs(all)
dic['type'] = type
return jsonify(dic)
return jsonify(dic)
return jsonify({"error", "permission denied"}), 401
@baruser.route("/barGetUsers")
def _getUsers():
@login_required(groups=[BAR, MONEY])
def _getUsers(**kwargs):
""" Get Users without amount
This Function returns all Users, who hasn't an amount in this month.
@ -92,49 +91,33 @@ def _getUsers():
JSON-File with Users
or ERROR 401 Permission Denied
"""
token = request.headers.get("Token")
print(token)
accToken = accesTokenController.validateAccessToken(token, BAR)
retVal = {}
if accToken:
retVal = ldap.getAllUser()
return jsonify(retVal)
return jsonify({"error": "permission denied"}), 401
retVal = ldap.getAllUser()
return jsonify(retVal)
@baruser.route("/barGetUser", methods=['POST'])
def _getUser():
token = request.headers.get("Token")
accToken = accesTokenController.validateAccessToken(token, BAR)
if accToken:
data = request.get_json()
username = data['userId']
user = userController.getUser(username)
amount = user.getGeruecht(datetime.now().year).getSchulden()
if amount >= 0:
type = 'credit'
else:
type = 'amount'
@login_required(groups=[BAR])
def _getUser(**kwargs):
data = request.get_json()
username = data['userId']
user = userController.getUser(username)
amount = user.getGeruecht(datetime.now().year).getSchulden()
if amount >= 0:
type = 'credit'
else:
type = 'amount'
retVal = user.toJSON()
retVal['amount'] = amount
retVal['type'] = type
return jsonify(retVal)
retVal = user.toJSON()
retVal['amount'] = amount
retVal['type'] = type
return jsonify(retVal)
return jsonify("error", "permission denied"), 401
@baruser.route("/search", methods=['POST'])
def _search():
token = request.headers.get("Token")
print(token)
accToken = accesTokenController.validateAccessToken(token, BAR)
accToken2 = accesTokenController.validateAccessToken(token, MONEY)
if accToken or accToken2:
data = request.get_json()
searchString = data['searchString']
retVal = ldap.searchUser(searchString)
return jsonify(retVal)
return jsonify({"error": "permission denied"}), 401
@login_required(groups=[BAR, MONEY])
def _search(**kwargs):
data = request.get_json()
searchString = data['searchString']
retVal = ldap.searchUser(searchString)
return jsonify(retVal)

5
geruecht/configparser.py
View File

@ -1,6 +1,7 @@
import yaml
import sys
from . import LOGGER
from .logger import getLogger
LOGGER = getLogger(__name__)
default = {
'AccessTokenLifeTime': 1800,
@ -34,7 +35,7 @@ class ConifgParser():
self.ldap = self.config['LDAP']
LOGGER.info("Set LDAPconfig: {}".format(self.ldap))
if 'AccessTokenLifeTime' in self.config:
self.accessTokenLifeTime = self.config['AccessTokenLifeTime']
self.accessTokenLifeTime = int(self.config['AccessTokenLifeTime'])
LOGGER.info("Set AccessTokenLifeTime: {}".format(self.accessTokenLifeTime))
else:
self.accessTokenLifeTime = default['AccessTokenLifeTime']

22
geruecht/controller/__init__.py
View File

@ -15,29 +15,7 @@ class Singleton(type):
cls._instances[cls] = super(Singleton, cls).__call__(*args, **kwargs)
return cls._instances[cls]
from .databaseController import DatabaseController
def getDatabesController():
if db is not None:
return db
else:
return DatabaseController(dbConfig['URL'], dbConfig['user'], dbConfig['passwd'], dbConfig['database'])
from .ldapController import LDAPController
def getLDAPController():
if ldapController is not None:
return ldapController
else:
return LDAPController(ldapConfig['URL'], ldapConfig['dn'])
from .accesTokenController import AccesTokenController
dbConfig = config.getDatabase()
ldapConfig = config.getLDAP()
accConfig = config.getAccessToken()
mailConfig = config.getMail()
db = DatabaseController(dbConfig['URL'], dbConfig['user'], dbConfig['passwd'], dbConfig['database'])
ldapController = LDAPController(ldapConfig['URL'], ldapConfig['dn'])
accesTokenController = AccesTokenController(accConfig)
from . emailController import EmailController
emailController = EmailController(mailConfig['URL'], mailConfig['user'], mailConfig['passwd'], mailConfig['port'], mailConfig['email'])
from . userController import UserController
userController = UserController()

27
geruecht/controller/accesTokenController.py
View File

@ -1,9 +1,14 @@
from geruecht.model.accessToken import AccessToken
import geruecht.controller as gc
import geruecht.controller.userController as uc
from geruecht.model import BAR
from geruecht.controller import LOGGER
from datetime import datetime, timedelta
import hashlib
from . import Singleton
userController = uc.UserController()
class AccesTokenController(metaclass=Singleton):
""" Control all createt AccesToken
@ -22,10 +27,16 @@ class AccesTokenController(metaclass=Singleton):
Initialize Thread and set tokenList empty.
"""
LOGGER.info("Initialize AccessTokenController")
self.lifetime = lifetime
self.lifetime = gc.accConfig
self.tokenList = []
def checkBar(self, user):
if (userController.checkBarUser(user)):
user.group.append(BAR)
elif BAR in user.group:
user.group.remove(BAR)
def validateAccessToken(self, token, group):
""" Verify Accestoken
@ -47,6 +58,7 @@ class AccesTokenController(metaclass=Singleton):
now = datetime.now()
LOGGER.debug("Check if AccessToken's Endtime {} is bigger then now {}".format(endTime, now))
if now <= endTime:
self.checkBar(accToken.user)
LOGGER.debug("Check if AccesToken {} has same group {}".format(accToken, group))
if self.isSameGroup(accToken, group):
accToken.updateTimestamp()
@ -72,24 +84,27 @@ class AccesTokenController(metaclass=Singleton):
LOGGER.info("Create AccessToken")
now = datetime.ctime(datetime.now())
token = hashlib.md5((now + user.dn).encode('utf-8')).hexdigest()
self.checkBar(user)
accToken = AccessToken(user, token, datetime.now())
LOGGER.debug("Add AccessToken {} to current Tokens".format(accToken))
self.tokenList.append(accToken)
LOGGER.info("Finished create AccessToken {} with Token {}".format(accToken, token))
return token
def isSameGroup(self, accToken, group):
def isSameGroup(self, accToken, groups):
""" Verify group in AccessToken
Verify if the User in the AccesToken has the right group.
Args:
accToken: AccessToken to verify.
group: Group to verify.
groups: Group to verify.
Returns:
A Bool. If the same then True else False
"""
print("controll if", accToken, "hase group", group)
LOGGER.debug("Check if AccessToken {} has group {}".format(accToken, group))
return True if group in accToken.user.group else False
print("controll if", accToken, "hase groups", groups)
LOGGER.debug("Check if AccessToken {} has group {}".format(accToken, groups))
for group in groups:
if group in accToken.user.group: return True
return False

199
geruecht/controller/databaseController.py
View File

@ -1,8 +1,9 @@
import pymysql
from . import Singleton
from geruecht import db
from geruecht.model.user import User
from geruecht.model.creditList import CreditList
from datetime import datetime
from datetime import datetime, timedelta
class DatabaseController(metaclass=Singleton):
'''
@ -11,29 +12,13 @@ class DatabaseController(metaclass=Singleton):
Connect to the Database and execute sql-executions
'''
def __init__(self, url='192.168.5.108', user='wu5', password='E1n$tein', database='geruecht'):
self.url = url
self.user = user
self.password = password
self.database = database
self.connect()
def connect(self):
try:
self.db = pymysql.connect(self.url, self.user, self.password, self.database, cursorclass=pymysql.cursors.DictCursor)
except Exception as err:
raise err
def __init__(self):
self.db = db
def getAllUser(self):
self.connect()
cursor = self.db.cursor()
try:
cursor.execute("select * from user")
data = cursor.fetchall()
self.db.close()
except Exception as err:
raise err
cursor = self.db.connection.cursor()
cursor.execute("select * from user")
data = cursor.fetchall()
if data:
retVal = []
@ -45,15 +30,10 @@ class DatabaseController(metaclass=Singleton):
return retVal
def getUser(self, username):
self.connect()
retVal = None
cursor = self.db.cursor()
try:
cursor.execute("select * from user where uid='{}'".format(username))
data = cursor.fetchone()
self.db.close()
except Exception as err:
raise err
cursor = self.db.connection.cursor()
cursor.execute("select * from user where uid='{}'".format(username))
data = cursor.fetchone()
if data:
retVal = User(data)
creditLists = self.getCreditListFromUser(retVal)
@ -61,6 +41,17 @@ class DatabaseController(metaclass=Singleton):
return retVal
def getUserById(self, id):
retVal = None
cursor = self.db.connection.cursor()
cursor.execute("select * from user where id={}".format(id))
data = cursor.fetchone()
if data:
retVal = User(data)
creditLists = self.getCreditListFromUser(retVal)
retVal.initGeruechte(creditLists)
return retVal
def _convertGroupToString(self, groups):
retVal = ''
for group in groups:
@ -69,101 +60,93 @@ class DatabaseController(metaclass=Singleton):
retVal += group
return retVal
def insertUser(self, user):
self.connect()
cursor = self.db.cursor()
cursor = self.db.connection.cursor()
groups = self._convertGroupToString(user.group)
try:
cursor.execute("insert into user (uid, dn, firstname, lastname, gruppe, lockLimit, locked, autoLock, mail) VALUES ('{}','{}','{}','{}','{}',{},{},{},'{}')".format(
user.uid, user.dn, user.firstname, user.lastname, groups, user.limit, user.locked, user.autoLock, user.mail))
self.db.commit()
except Exception as err:
self.db.rollback()
self.db.close()
raise err
self.db.close()
cursor.execute("insert into user (uid, dn, firstname, lastname, gruppe, lockLimit, locked, autoLock, mail) VALUES ('{}','{}','{}','{}','{}',{},{},{},'{}')".format(
user.uid, user.dn, user.firstname, user.lastname, groups, user.limit, user.locked, user.autoLock, user.mail))
self.db.connection.commit()
def updateUser(self, user):
self.connect()
cursor = self.db.cursor()
cursor = self.db.connection.cursor()
groups = self._convertGroupToString(user.group)
try:
sql = "update user set dn='{}', firstname='{}', lastname='{}', gruppe='{}', lockLimit={}, locked={}, autoLock={}, mail='{}' where uid='{}'".format(
user.dn, user.firstname, user.lastname, groups, user.limit, user.locked, user.autoLock, user.mail, user.uid)
print(sql)
cursor.execute(sql)
self.db.commit()
except Exception as err:
self.db.rollback()
self.db.close()
print(err.__traceback__)
raise err
sql = "update user set dn='{}', firstname='{}', lastname='{}', gruppe='{}', lockLimit={}, locked={}, autoLock={}, mail='{}' where uid='{}'".format(
user.dn, user.firstname, user.lastname, groups, user.limit, user.locked, user.autoLock, user.mail, user.uid)
print(sql)
cursor.execute(sql)
self.db.connection.commit()
self.db.close()
def getCreditListFromUser(self, user, **kwargs):
self.connect()
cursor = self.db.cursor()
try:
if 'year' in kwargs:
sql = "select * from creditList where user_id={} and year_date={}".format(user.id, kwargs['year'])
else:
sql = "select * from creditList where user_id={}".format(user.id)
cursor.execute(sql)
data = cursor.fetchall()
self.db.close()
except Exception as err:
self.db.close()
raise err
cursor = self.db.connection.cursor()
if 'year' in kwargs:
sql = "select * from creditList where user_id={} and year_date={}".format(user.id, kwargs['year'])
else:
sql = "select * from creditList where user_id={}".format(user.id)
cursor.execute(sql)
data = cursor.fetchall()
if len(data) == 1:
return [CreditList(data[0])]
else:
return [CreditList(value) for value in data]
def createCreditList(self, user_id, year=datetime.now().year):
self.connect()
cursor = self.db.cursor()
try:
cursor.execute("insert into creditList (year_date, user_id) values ({},{})".format(year, user_id))
self.db.commit()
self.db.close()
except Exception as err:
self.db.close()
raise err
cursor = self.db.connection.cursor()
cursor.execute("insert into creditList (year_date, user_id) values ({},{})".format(year, user_id))
self.db.connection.commit()
def updateCreditList(self, creditlist):
self.connect()
cursor = self.db.cursor()
try:
cursor.execute("select * from creditList where user_id={} and year_date={}".format(creditlist.user_id, creditlist.year))
data = cursor.fetchall()
self.db.close()
if len(data) == 0:
self.createCreditList(creditlist.user_id, creditlist.year)
sql = "update creditList set jan_guthaben={}, jan_schulden={},feb_guthaben={}, feb_schulden={}, maer_guthaben={}, maer_schulden={}, apr_guthaben={}, apr_schulden={}, mai_guthaben={}, mai_schulden={}, jun_guthaben={}, jun_schulden={}, jul_guthaben={}, jul_schulden={}, aug_guthaben={}, aug_schulden={},sep_guthaben={}, sep_schulden={},okt_guthaben={}, okt_schulden={}, nov_guthaben={}, nov_schulden={}, dez_guthaben={}, dez_schulden={}, last_schulden={} where year_date={} and user_id={}".format(creditlist.jan_guthaben, creditlist.jan_schulden,
creditlist.feb_guthaben, creditlist.feb_schulden,
creditlist.maer_guthaben, creditlist.maer_schulden,
creditlist.apr_guthaben, creditlist.apr_schulden,
creditlist.mai_guthaben, creditlist.mai_schulden,
creditlist.jun_guthaben, creditlist.jun_schulden,
creditlist.jul_guthaben, creditlist.jul_schulden,
creditlist.aug_guthaben, creditlist.aug_schulden,
creditlist.sep_guthaben, creditlist.sep_schulden,
creditlist.okt_guthaben, creditlist.okt_schulden,
creditlist.nov_guthaben, creditlist.nov_schulden,
creditlist.dez_guthaben, creditlist.dez_schulden,
creditlist.last_schulden, creditlist.year, creditlist.user_id)
print(sql)
self.connect()
cursor = self.db.cursor()
cursor.execute(sql)
self.db.commit()
self.db.close()
except Exception as err:
self.db.rollback()
self.db.close()
raise err
cursor = self.db.connection.cursor()
cursor.execute("select * from creditList where user_id={} and year_date={}".format(creditlist.user_id, creditlist.year))
data = cursor.fetchall()
if len(data) == 0:
self.createCreditList(creditlist.user_id, creditlist.year)
sql = "update creditList set jan_guthaben={}, jan_schulden={},feb_guthaben={}, feb_schulden={}, maer_guthaben={}, maer_schulden={}, apr_guthaben={}, apr_schulden={}, mai_guthaben={}, mai_schulden={}, jun_guthaben={}, jun_schulden={}, jul_guthaben={}, jul_schulden={}, aug_guthaben={}, aug_schulden={},sep_guthaben={}, sep_schulden={},okt_guthaben={}, okt_schulden={}, nov_guthaben={}, nov_schulden={}, dez_guthaben={}, dez_schulden={}, last_schulden={} where year_date={} and user_id={}".format(creditlist.jan_guthaben, creditlist.jan_schulden,
creditlist.feb_guthaben, creditlist.feb_schulden,
creditlist.maer_guthaben, creditlist.maer_schulden,
creditlist.apr_guthaben, creditlist.apr_schulden,
creditlist.mai_guthaben, creditlist.mai_schulden,
creditlist.jun_guthaben, creditlist.jun_schulden,
creditlist.jul_guthaben, creditlist.jul_schulden,
creditlist.aug_guthaben, creditlist.aug_schulden,
creditlist.sep_guthaben, creditlist.sep_schulden,
creditlist.okt_guthaben, creditlist.okt_schulden,
creditlist.nov_guthaben, creditlist.nov_schulden,
creditlist.dez_guthaben, creditlist.dez_schulden,
creditlist.last_schulden, creditlist.year, creditlist.user_id)
print(sql)
cursor = self.db.connection.cursor()
cursor.execute(sql)
self.db.connection.commit()
def getWorker(self, user, date):
cursor = self.db.connection.cursor()
cursor.execute("select * from bardienste where user_id={} and startdatetime='{}'".format(user.id, date))
data = cursor.fetchone()
return {"user": user.toJSON(), "startdatetime": data['startdatetime'], "enddatetime": data['enddatetime']} if data else None
def getWorkers(self, date):
cursor = self.db.connection.cursor()
cursor.execute("select * from bardienste where startdatetime='{}'".format(date))
data = cursor.fetchall()
return [{"user": self.getUserById(work['user_id']).toJSON(), "startdatetime": work['startdatetime'], "enddatetime": work['enddatetime']} for work in data]
def setWorker(self, user, date):
cursor = self.db.connection.cursor()
cursor.execute("insert into bardienste (user_id, startdatetime, enddatetime) values ({},'{}','{}')".format(user.id, date, date + timedelta(days=1)))
self.db.connection.commit()
def deleteWorker(self, user, date):
cursor = self.db.connection.cursor()
cursor.execute("delete from bardienste where user_id={} and startdatetime='{}'".format(user.id, date))
self.db.connection.commit()
if __name__ == '__main__':
db = DatabaseController()

41
geruecht/controller/userController.py
View File

@ -1,13 +1,36 @@
from . import LOGGER, Singleton, db, ldapController as ldap, emailController
from . import LOGGER, Singleton, ldapConfig, dbConfig, mailConfig
import geruecht.controller.databaseController as dc
import geruecht.controller.ldapController as lc
import geruecht.controller.emailController as ec
from geruecht.model.user import User
from geruecht.exceptions import PermissionDenied
from datetime import datetime
from datetime import datetime, timedelta
db = dc.DatabaseController()
ldap = lc.LDAPController(ldapConfig['URL'], ldapConfig['dn'])
emailController = ec.EmailController(mailConfig['URL'], mailConfig['user'], mailConfig['passwd'], mailConfig['port'], mailConfig['email'])
class UserController(metaclass=Singleton):
def __init__(self):
pass
def getWorker(self, date, username=None):
if (username):
user = self.getUser(username)
return [db.getWorker(user, date)]
return db.getWorkers(date)
def addWorker(self, username, date):
user = self.getUser(username)
if (not db.getWorker(user, date)):
db.setWorker(user, date)
return self.getWorker(date, username=username)
def deleteWorker(self, username, date):
user = self.getUser(username)
db.deleteWorker(user, date)
def lockUser(self, username, locked):
user = self.getUser(username)
user.updateData({'locked': locked})
@ -54,6 +77,20 @@ class UserController(metaclass=Singleton):
self.__updateGeruechte(user)
return db.getAllUser()
def checkBarUser(self, user):
date = datetime.now()
zero = date.replace(hour=0, minute=0, second=0, microsecond=0)
end = zero + timedelta(hours=11)
startdatetime = date.replace(hour=11, minute=0, second=0, microsecond=0)
if date > zero and end > date:
startdatetime = startdatetime - timedelta(days=1)
enddatetime = startdatetime + timedelta(days=1)
result = False
if date >= startdatetime and date < enddatetime:
result = db.getWorker(user, startdatetime)
return True if result else False
def getUser(self, username):
user = db.getUser(username)
groups = ldap.getGroup(username)

21
geruecht/decorator.py Normal file
View File

@ -0,0 +1,21 @@
from functools import wraps
def login_required(**kwargs):
import geruecht.controller.accesTokenController as ac
from geruecht.model import BAR, USER, MONEY, GASTRO
from flask import request, jsonify
accessController = ac.AccesTokenController()
groups = [USER, BAR, GASTRO, MONEY]
if "groups" in kwargs:
groups = kwargs["groups"]
def real_decorator(func):
@wraps(func)
def wrapper(*args, **kwargs):
token = request.headers.get('Token')
accToken = accessController.validateAccessToken(token, groups)
kwargs['accToken'] = accToken
if accToken:
return func(*args, **kwargs)
else:
return jsonify({"error": "error", "message": "permission denied"}), 401
return wrapper
return real_decorator

244
geruecht/finanzer/routes.py
View File

@ -1,14 +1,18 @@
from flask import Blueprint, request, jsonify
from geruecht.finanzer import LOGGER
from datetime import datetime
from geruecht.controller import accesTokenController, userController
import geruecht.controller.userController as uc
from geruecht.model import MONEY
from geruecht.decorator import login_required
finanzer = Blueprint("finanzer", __name__)
userController = uc.UserController()
@finanzer.route("/getFinanzerMain")
def _getFinanzer():
@login_required(groups=[MONEY])
def _getFinanzer(**kwargs):
""" Function for /getFinanzerMain
Retrieves all User for the groupe 'moneymaster'
@ -17,26 +21,20 @@ def _getFinanzer():
A JSON-File with Users
or ERROR 401 Permission Denied.
"""
LOGGER.info("Get main for Finanzer")
token = request.headers.get("Token")
LOGGER.debug("Verify AccessToken with Token {}".format(token))
accToken = accesTokenController.validateAccessToken(token, MONEY)
if accToken:
LOGGER.debug("Get all Useres")
users = userController.getAllUsersfromDB()
dic = {}
for user in users:
LOGGER.debug("Add User {} to ReturnValue".format(user))
dic[user.uid] = user.toJSON()
dic[user.uid]['creditList'] = {credit.year: credit.toJSON() for credit in user.geruechte}
LOGGER.debug("ReturnValue is {}".format(dic))
LOGGER.info("Send main for Finanzer")
return jsonify(dic)
LOGGER.info("Permission Denied")
return jsonify({"error": "permission denied"}), 401
LOGGER.debug("Get all Useres")
users = userController.getAllUsersfromDB()
dic = {}
for user in users:
LOGGER.debug("Add User {} to ReturnValue".format(user))
dic[user.uid] = user.toJSON()
dic[user.uid]['creditList'] = {credit.year: credit.toJSON() for credit in user.geruechte}
LOGGER.debug("ReturnValue is {}".format(dic))
LOGGER.info("Send main for Finanzer")
return jsonify(dic)
@finanzer.route("/finanzerAddAmount", methods=['POST'])
def _addAmount():
@login_required(groups=[MONEY])
def _addAmount(**kwargs):
""" Add Amount to User
This Function add an amount to the user with posted userID.
@ -47,39 +45,32 @@ def _addAmount():
JSON-File with geruecht of year
or ERROR 401 Permission Denied
"""
LOGGER.info("Add Amount")
token = request.headers.get("Token")
LOGGER.debug("Verify AccessToken with Token {}".format(token))
accToken = accesTokenController.validateAccessToken(token, MONEY)
if accToken:
data = request.get_json()
LOGGER.debug("Get data {}".format(data))
userID = data['userId']
amount = int(data['amount'])
LOGGER.debug("UserID is {} and amount is {}".format(userID, amount))
try:
year = int(data['year'])
except KeyError as er:
LOGGER.error("KeyError in year. Year is set to default.")
year = datetime.now().year
try:
month = int(data['month'])
except KeyError as er:
LOGGER.error("KeyError in month. Month is set to default.")
month = datetime.now().month
LOGGER.debug("Year is {} and Month is {}".format(year, month))
userController.addAmount(userID, amount, year=year, month=month, finanzer=True)
user = userController.getUser(userID)
retVal = {str(geruecht.year): geruecht.toJSON() for geruecht in user.geruechte}
retVal['locked'] = user.locked
LOGGER.info("Send updated Geruecht")
return jsonify(retVal)
LOGGER.info("Permission Denied")
return jsonify({"error": "permission denied"}), 401
data = request.get_json()
LOGGER.debug("Get data {}".format(data))
userID = data['userId']
amount = int(data['amount'])
LOGGER.debug("UserID is {} and amount is {}".format(userID, amount))
try:
year = int(data['year'])
except KeyError as er:
LOGGER.error("KeyError in year. Year is set to default.")
year = datetime.now().year
try:
month = int(data['month'])
except KeyError as er:
LOGGER.error("KeyError in month. Month is set to default.")
month = datetime.now().month
LOGGER.debug("Year is {} and Month is {}".format(year, month))
userController.addAmount(userID, amount, year=year, month=month, finanzer=True)
user = userController.getUser(userID)
retVal = {str(geruecht.year): geruecht.toJSON() for geruecht in user.geruechte}
retVal['locked'] = user.locked
LOGGER.info("Send updated Geruecht")
return jsonify(retVal)
@finanzer.route("/finanzerAddCredit", methods=['POST'])
def _addCredit():
@login_required(groups=[MONEY])
def _addCredit(**kwargs):
""" Add Credit to User
This Function add an credit to the user with posted userID.
@ -90,106 +81,79 @@ def _addCredit():
JSON-File with geruecht of year
or ERROR 401 Permission Denied
"""
LOGGER.info("Add Amount")
token = request.headers.get("Token")
LOGGER.debug("Verify AccessToken with Token {}".format(token))
accToken = accesTokenController.validateAccessToken(token, MONEY)
data = request.get_json()
print(data)
LOGGER.debug("Get data {}".format(data))
userID = data['userId']
credit = int(data['credit'])
LOGGER.debug("UserID is {} and credit is {}".format(userID, credit))
if accToken:
try:
year = int(data['year'])
except KeyError as er:
LOGGER.error("KeyError in year. Year is set to default.")
year = datetime.now().year
try:
month = int(data['month'])
except KeyError as er:
LOGGER.error("KeyError in month. Month is set to default.")
month = datetime.now().month
data = request.get_json()
print(data)
LOGGER.debug("Get data {}".format(data))
userID = data['userId']
credit = int(data['credit'])
LOGGER.debug("UserID is {} and credit is {}".format(userID, credit))
LOGGER.debug("Year is {} and Month is {}".format(year, month))
userController.addCredit(userID, credit, year=year, month=month).toJSON()
user = userController.getUser(userID)
retVal = {str(geruecht.year): geruecht.toJSON() for geruecht in user.geruechte}
retVal['locked'] = user.locked
LOGGER.info("Send updated Geruecht")
return jsonify(retVal)
try:
year = int(data['year'])
except KeyError as er:
LOGGER.error("KeyError in year. Year is set to default.")
year = datetime.now().year
try:
month = int(data['month'])
except KeyError as er:
LOGGER.error("KeyError in month. Month is set to default.")
month = datetime.now().month
LOGGER.debug("Year is {} and Month is {}".format(year, month))
userController.addCredit(userID, credit, year=year, month=month).toJSON()
user = userController.getUser(userID)
retVal = {str(geruecht.year): geruecht.toJSON() for geruecht in user.geruechte}
retVal['locked'] = user.locked
LOGGER.info("Send updated Geruecht")
return jsonify(retVal)
LOGGER.info("Permission Denied")
return jsonify({"error": "permission denied"}), 401
@finanzer.route("/finanzerLock", methods=['POST'])
def _finanzerLock():
token = request.headers.get("Token")
accToken = accesTokenController.validateAccessToken(token, MONEY)
@login_required(groups=[MONEY])
def _finanzerLock(**kwargs):
data = request.get_json()
username = data['userId']
locked = bool(data['locked'])
retVal = userController.lockUser(username, locked).toJSON()
return jsonify(retVal)
if accToken:
data = request.get_json()
username = data['userId']
locked = bool(data['locked'])
retVal = userController.lockUser(username, locked).toJSON()
return jsonify(retVal)
return jsonify({"error": "permission denied"}), 401
@finanzer.route("/finanzerSetConfig", methods=['POST'])
def _finanzerSetConfig():
token = request.headers.get("Token")
accToken = accesTokenController.validateAccessToken(token, MONEY)
if accToken:
data = request.get_json()
username = data['userId']
autoLock = bool(data['autoLock'])
limit = int(data['limit'])
retVal = userController.updateConfig(username, {'lockLimit': limit, 'autoLock': autoLock}).toJSON()
return jsonify(retVal)
return jsonify({"error": "permission denied"}), 401
@login_required(groups=[MONEY])
def _finanzerSetConfig(**kwargs):
data = request.get_json()
username = data['userId']
autoLock = bool(data['autoLock'])
limit = int(data['limit'])
retVal = userController.updateConfig(username, {'lockLimit': limit, 'autoLock': autoLock}).toJSON()
return jsonify(retVal)
@finanzer.route("/finanzerAddUser", methods=['POST'])
def _finanzerAddUser():
token = request.headers.get("Token")
accToken = accesTokenController.validateAccessToken(token, MONEY)
if accToken:
data = request.get_json()
username = data['userId']
userController.getUser(username)
LOGGER.debug("Get all Useres")
users = userController.getAllUsersfromDB()
dic = {}
for user in users:
LOGGER.debug("Add User {} to ReturnValue".format(user))
dic[user.uid] = user.toJSON()
dic[user.uid]['creditList'] = {credit.year: credit.toJSON() for credit in user.geruechte}
LOGGER.debug("ReturnValue is {}".format(dic))
return jsonify(dic), 200
return jsonify({"error": "permission denied"}), 401
@login_required(groups=[MONEY])
def _finanzerAddUser(**kwargs):
data = request.get_json()
username = data['userId']
userController.getUser(username)
LOGGER.debug("Get all Useres")
users = userController.getAllUsersfromDB()
dic = {}
for user in users:
LOGGER.debug("Add User {} to ReturnValue".format(user))
dic[user.uid] = user.toJSON()
dic[user.uid]['creditList'] = {credit.year: credit.toJSON() for credit in user.geruechte}
LOGGER.debug("ReturnValue is {}".format(dic))
return jsonify(dic), 200
@finanzer.route("/finanzerSendOneMail", methods=['POST'])
def _finanzerSendOneMail():
token = request.headers.get("Token")
accToken = accesTokenController.validateAccessToken(token, MONEY)
if accToken:
data = request.get_json()
username = data['userId']
retVal = userController.sendMail(username)
return jsonify(retVal)
return jsonify({"error:", "permission denied"}), 401
@login_required(groups=[MONEY])
def _finanzerSendOneMail(**kwargs):
data = request.get_json()
username = data['userId']
retVal = userController.sendMail(username)
return jsonify(retVal)
@finanzer.route("/finanzerSendAllMail", methods=['GET'])
def _finanzerSendAllMail():
token = request.headers.get("Token")
accToken = accesTokenController.validateAccessToken(token, MONEY)
if accToken:
retVal = userController.sendAllMail()
return jsonify(retVal)
return jsonify({"error": "permission denied"}), 401
@login_required(groups=[MONEY])
def _finanzerSendAllMail(**kwargs):
retVal = userController.sendAllMail()
return jsonify(retVal)

17
geruecht/model/priceList.py
View File

@ -1,17 +0,0 @@
from geruecht.controller import db
class PriceList(db.Model):
""" Database Model for PriceList
PriceList has lots of Drinks and safe all Prices (normal, for club, for other clubs, which catagory, etc)
"""
id = db.Column(db.Integer, primary_key=True)
name = db.Column(db.String, nullable=False, unique=True)
price = db.Column(db.Integer, nullable=False)
price_club = db.Column(db.Integer, nullable=False)
price_ext_club = db.Column(db.Integer, nullable=False)
category = db.Column(db.Integer, nullable=False)
upPrice = db.Column(db.Integer)
upPrice_club = db.Column(db.Integer)
upPrice_ext_club = db.Column(db.Integer)

15
geruecht/routes.py
View File

@ -1,9 +1,12 @@
from geruecht import app, LOGGER
from geruecht.exceptions import PermissionDenied
from geruecht.controller import accesTokenController, userController
import geruecht.controller.accesTokenController as ac
import geruecht.controller.userController as uc
from geruecht.model import MONEY, BAR, USER, GASTRO
from flask import request, jsonify
accesTokenController = ac.AccesTokenController()
userController = uc.UserController()
def login(user, password):
return user.login(password)
@ -12,16 +15,16 @@ def login(user, password):
@app.route("/valid")
def _valid():
token = request.headers.get("Token")
accToken = accesTokenController.validateAccessToken(token, MONEY)
accToken = accesTokenController.validateAccessToken(token, [MONEY])
if accToken:
return jsonify(accToken.user.toJSON())
accToken = accesTokenController.validateAccessToken(token, BAR)
accToken = accesTokenController.validateAccessToken(token, [BAR])
if accToken:
return jsonify(accToken.user.toJSON())
accToken = accesTokenController.validateAccessToken(token, GASTRO)
accToken = accesTokenController.validateAccessToken(token, [GASTRO])
if accToken:
return jsonify(accToken.user.toJSON())
accToken = accesTokenController.validateAccessToken(token, USER)
accToken = accesTokenController.validateAccessToken(token, [USER])
if accToken:
return jsonify(accToken.user.toJSON())
return jsonify({"error": "permission denied"}), 401
@ -48,7 +51,7 @@ def _login():
user = userController.loginUser(username, password)
user.password = password
token = accesTokenController.createAccesToken(user)
dic = user.toJSON()
dic = accesTokenController.validateAccessToken(token, [USER]).user.toJSON()
dic["token"] = token
dic["accessToken"] = token
LOGGER.info("User {} success login.".format(username))

28
geruecht/user/routes.py
View File

@ -1,28 +1,30 @@
from flask import Blueprint, request, jsonify
from geruecht.controller import userController, accesTokenController
from geruecht.decorator import login_required
import geruecht.controller.userController as uc
from geruecht.model import USER
from datetime import datetime
user = Blueprint("user", __name__)
@user.route("/user/main")
def _main():
userController = uc.UserController()
token = request.headers.get("Token")
accToken = accesTokenController.validateAccessToken(token, USER)
if accToken:
@user.route("/user/main")
@login_required(groups=[USER])
def _main(**kwargs):
if 'accToken' in kwargs:
accToken = kwargs['accToken']
accToken.user = userController.getUser(accToken.user.uid)
retVal = accToken.user.toJSON()
retVal['creditList'] = {credit.year: credit.toJSON() for credit in accToken.user.geruechte}
return jsonify(retVal)
return jsonify({"error": "permission denied"}), 401
return jsonify("error", "something went wrong"), 500
@user.route("/user/addAmount", methods=['POST'])
def _addAmount():
token = request.headers.get("Token")
accToken = accesTokenController.validateAccessToken(token, USER)
if accToken:
@login_required(groups=[USER])
def _addAmount(**kwargs):
if 'accToken' in kwargs:
accToken = kwargs['accToken']
data = request.get_json()
amount = int(data['amount'])
date = datetime.now()
@ -31,4 +33,4 @@ def _addAmount():
retVal = accToken.user.toJSON()
retVal['creditList'] = {credit.year: credit.toJSON() for credit in accToken.user.geruechte}
return jsonify(retVal)
return jsonify({"error": "permission denied"}), 401
return jsonify({"error": "something went wrong"}), 500

0
geruecht/vorstand/__init__.py Normal file
View File

41
geruecht/vorstand/routes.py Normal file
View File

@ -0,0 +1,41 @@
from flask import Blueprint, request, jsonify
from datetime import datetime
import geruecht.controller.userController as uc
from geruecht.decorator import login_required
from geruecht.model import MONEY, GASTRO
vorstand = Blueprint("vorstand", __name__)
userController = uc.UserController()
@vorstand.route("/sm/addUser", methods=['POST', 'GET'])
@login_required(groups=[MONEY, GASTRO])
def _addUser(**kwargs):
if request.method == 'GET':
return "<h1>HEllo World</h1>"
data = request.get_json()
user = data['user']
date = datetime.utcfromtimestamp(int(data['date']))
retVal = userController.addWorker(user['username'], date)
print(retVal)
return jsonify(retVal)
@vorstand.route("/sm/getUser", methods=['POST'])
@login_required(groups=[MONEY, GASTRO])
def _getUser(**kwargs):
data = request.get_json()
date = datetime.utcfromtimestamp(int(data['date']))
retVal = userController.getWorker(date)
print(retVal)
return jsonify(retVal)
@vorstand.route("/sm/deleteUser", methods=['POST'])
@login_required(groups=[MONEY, GASTRO])
def _deletUser(**kwargs):
data = request.get_json()
user = data['user']
date = datetime.utcfromtimestamp(int(data['date']))
userController.deleteWorker(user['username'], date)
return jsonify({"ok": "ok"})