Merge branch 'feature/dienstverwaltung' into develop
This commit is contained in:
commit
f7d3b17680
|
@ -5,6 +5,8 @@
|
||||||
|
|
||||||
"""
|
"""
|
||||||
from .logger import getLogger
|
from .logger import getLogger
|
||||||
|
from geruecht.controller import dbConfig
|
||||||
|
from flask_mysqldb import MySQL
|
||||||
|
|
||||||
LOGGER = getLogger(__name__)
|
LOGGER = getLogger(__name__)
|
||||||
LOGGER.info("Initialize App")
|
LOGGER.info("Initialize App")
|
||||||
|
@ -15,14 +17,22 @@ from flask_cors import CORS
|
||||||
LOGGER.info("Build APP")
|
LOGGER.info("Build APP")
|
||||||
app = Flask(__name__)
|
app = Flask(__name__)
|
||||||
CORS(app)
|
CORS(app)
|
||||||
# app.config['SECRET_KEY'] = '0a657b97ef546da90b2db91862ad4e29'
|
app.config['SECRET_KEY'] = '0a657b97ef546da90b2db91862ad4e29'
|
||||||
|
app.config['MYSQL_HOST'] = dbConfig['URL']
|
||||||
|
app.config['MYSQL_USER'] = dbConfig['user']
|
||||||
|
app.config['MYSQL_PASSWORD'] = dbConfig['passwd']
|
||||||
|
app.config['MYSQL_DB'] = dbConfig['database']
|
||||||
|
app.config['MYSQL_CURSORCLASS'] = 'DictCursor'
|
||||||
|
db = MySQL(app)
|
||||||
|
|
||||||
from geruecht import routes
|
from geruecht import routes
|
||||||
from geruecht.baruser.routes import baruser
|
from geruecht.baruser.routes import baruser
|
||||||
from geruecht.finanzer.routes import finanzer
|
from geruecht.finanzer.routes import finanzer
|
||||||
from geruecht.user.routes import user
|
from geruecht.user.routes import user
|
||||||
|
from geruecht.vorstand.routes import vorstand
|
||||||
|
|
||||||
LOGGER.info("Registrate bluebrints")
|
LOGGER.info("Registrate bluebrints")
|
||||||
app.register_blueprint(baruser)
|
app.register_blueprint(baruser)
|
||||||
app.register_blueprint(finanzer)
|
app.register_blueprint(finanzer)
|
||||||
app.register_blueprint(user)
|
app.register_blueprint(user)
|
||||||
|
app.register_blueprint(vorstand)
|
||||||
|
|
|
@ -1,12 +1,20 @@
|
||||||
from flask import Blueprint, request, jsonify
|
from flask import Blueprint, request, jsonify
|
||||||
from geruecht.controller import ldapController as ldap, accesTokenController, userController
|
import geruecht.controller as gc
|
||||||
|
import geruecht.controller.ldapController as lc
|
||||||
|
import geruecht.controller.userController as uc
|
||||||
from datetime import datetime
|
from datetime import datetime
|
||||||
from geruecht.model import BAR, MONEY
|
from geruecht.model import BAR, MONEY
|
||||||
|
from geruecht.decorator import login_required
|
||||||
|
|
||||||
baruser = Blueprint("baruser", __name__)
|
baruser = Blueprint("baruser", __name__)
|
||||||
|
|
||||||
|
ldap= lc.LDAPController(gc.ldapConfig['URL'], gc.ldapConfig['dn'])
|
||||||
|
userController = uc.UserController()
|
||||||
|
|
||||||
|
|
||||||
@baruser.route("/bar")
|
@baruser.route("/bar")
|
||||||
def _bar():
|
@login_required(groups=[BAR])
|
||||||
|
def _bar(**kwargs):
|
||||||
""" Main function for Baruser
|
""" Main function for Baruser
|
||||||
|
|
||||||
Returns JSON-file with all Users, who hast amounts in this month.
|
Returns JSON-file with all Users, who hast amounts in this month.
|
||||||
|
@ -15,38 +23,33 @@ def _bar():
|
||||||
JSON-File with Users, who has amounts in this month
|
JSON-File with Users, who has amounts in this month
|
||||||
or ERROR 401 Permission Denied
|
or ERROR 401 Permission Denied
|
||||||
"""
|
"""
|
||||||
print(request.headers)
|
|
||||||
token = request.headers.get("Token")
|
|
||||||
print(token)
|
|
||||||
accToken = accesTokenController.validateAccessToken(token, BAR)
|
|
||||||
|
|
||||||
dic = {}
|
dic = {}
|
||||||
if accToken:
|
users = userController.getAllUsersfromDB()
|
||||||
users = userController.getAllUsersfromDB()
|
for user in users:
|
||||||
for user in users:
|
geruecht = None
|
||||||
geruecht = None
|
geruecht = user.getGeruecht(datetime.now().year)
|
||||||
geruecht = user.getGeruecht(datetime.now().year)
|
if geruecht is not None:
|
||||||
if geruecht is not None:
|
month = geruecht.getMonth(datetime.now().month)
|
||||||
month = geruecht.getMonth(datetime.now().month)
|
amount = month[0] - month[1]
|
||||||
amount = month[0] - month[1]
|
all = geruecht.getSchulden()
|
||||||
all = geruecht.getSchulden()
|
if all != 0:
|
||||||
if all != 0:
|
if all >= 0:
|
||||||
if all >= 0:
|
type = 'credit'
|
||||||
type = 'credit'
|
else:
|
||||||
else:
|
type = 'amount'
|
||||||
type = 'amount'
|
dic[user.uid] = {"username": user.uid,
|
||||||
dic[user.uid] = {"username": user.uid,
|
"firstname": user.firstname,
|
||||||
"firstname": user.firstname,
|
"lastname": user.lastname,
|
||||||
"lastname": user.lastname,
|
"amount": abs(all),
|
||||||
"amount": abs(all),
|
"locked": user.locked,
|
||||||
"locked": user.locked,
|
"type": type
|
||||||
"type": type
|
}
|
||||||
}
|
return jsonify(dic)
|
||||||
return jsonify(dic)
|
|
||||||
return jsonify({"error": "permission denied"}), 401
|
|
||||||
|
|
||||||
@baruser.route("/baradd", methods=['POST'])
|
@baruser.route("/baradd", methods=['POST'])
|
||||||
def _baradd():
|
@login_required(groups=[BAR])
|
||||||
|
def _baradd(**kwargs):
|
||||||
""" Function for Baruser to add amount
|
""" Function for Baruser to add amount
|
||||||
|
|
||||||
This function added to the user with the posted userID the posted amount.
|
This function added to the user with the posted userID the posted amount.
|
||||||
|
@ -55,35 +58,31 @@ def _baradd():
|
||||||
JSON-File with userID and the amount
|
JSON-File with userID and the amount
|
||||||
or ERROR 401 Permission Denied
|
or ERROR 401 Permission Denied
|
||||||
"""
|
"""
|
||||||
token = request.headers.get("Token")
|
data = request.get_json()
|
||||||
print(token)
|
userID = data['userId']
|
||||||
accToken = accesTokenController.validateAccessToken(token, BAR)
|
amount = int(data['amount'])
|
||||||
|
|
||||||
if accToken:
|
date = datetime.now()
|
||||||
data = request.get_json()
|
userController.addAmount(userID, amount, year=date.year, month=date.month)
|
||||||
userID = data['userId']
|
user = userController.getUser(userID)
|
||||||
amount = int(data['amount'])
|
geruecht = user.getGeruecht(year=date.year)
|
||||||
|
month = geruecht.getMonth(month=date.month)
|
||||||
|
amount = abs(month[0] - month[1])
|
||||||
|
all = geruecht.getSchulden()
|
||||||
|
if all >= 0:
|
||||||
|
type = 'credit'
|
||||||
|
else:
|
||||||
|
type = 'amount'
|
||||||
|
dic = user.toJSON()
|
||||||
|
dic['amount'] = abs(all)
|
||||||
|
dic['type'] = type
|
||||||
|
|
||||||
date = datetime.now()
|
return jsonify(dic)
|
||||||
userController.addAmount(userID, amount, year=date.year, month=date.month)
|
|
||||||
user = userController.getUser(userID)
|
|
||||||
geruecht = user.getGeruecht(year=date.year)
|
|
||||||
month = geruecht.getMonth(month=date.month)
|
|
||||||
amount = abs(month[0] - month[1])
|
|
||||||
all = geruecht.getSchulden()
|
|
||||||
if all >= 0:
|
|
||||||
type = 'credit'
|
|
||||||
else:
|
|
||||||
type = 'amount'
|
|
||||||
dic = user.toJSON()
|
|
||||||
dic['amount'] = abs(all)
|
|
||||||
dic['type'] = type
|
|
||||||
|
|
||||||
return jsonify(dic)
|
|
||||||
return jsonify({"error", "permission denied"}), 401
|
|
||||||
|
|
||||||
@baruser.route("/barGetUsers")
|
@baruser.route("/barGetUsers")
|
||||||
def _getUsers():
|
@login_required(groups=[BAR, MONEY])
|
||||||
|
def _getUsers(**kwargs):
|
||||||
""" Get Users without amount
|
""" Get Users without amount
|
||||||
|
|
||||||
This Function returns all Users, who hasn't an amount in this month.
|
This Function returns all Users, who hasn't an amount in this month.
|
||||||
|
@ -92,49 +91,33 @@ def _getUsers():
|
||||||
JSON-File with Users
|
JSON-File with Users
|
||||||
or ERROR 401 Permission Denied
|
or ERROR 401 Permission Denied
|
||||||
"""
|
"""
|
||||||
token = request.headers.get("Token")
|
|
||||||
print(token)
|
|
||||||
accToken = accesTokenController.validateAccessToken(token, BAR)
|
|
||||||
|
|
||||||
retVal = {}
|
retVal = {}
|
||||||
if accToken:
|
retVal = ldap.getAllUser()
|
||||||
retVal = ldap.getAllUser()
|
return jsonify(retVal)
|
||||||
return jsonify(retVal)
|
|
||||||
return jsonify({"error": "permission denied"}), 401
|
|
||||||
|
|
||||||
@baruser.route("/barGetUser", methods=['POST'])
|
@baruser.route("/barGetUser", methods=['POST'])
|
||||||
def _getUser():
|
@login_required(groups=[BAR])
|
||||||
token = request.headers.get("Token")
|
def _getUser(**kwargs):
|
||||||
accToken = accesTokenController.validateAccessToken(token, BAR)
|
data = request.get_json()
|
||||||
if accToken:
|
username = data['userId']
|
||||||
data = request.get_json()
|
user = userController.getUser(username)
|
||||||
username = data['userId']
|
amount = user.getGeruecht(datetime.now().year).getSchulden()
|
||||||
user = userController.getUser(username)
|
if amount >= 0:
|
||||||
amount = user.getGeruecht(datetime.now().year).getSchulden()
|
type = 'credit'
|
||||||
if amount >= 0:
|
else:
|
||||||
type = 'credit'
|
type = 'amount'
|
||||||
else:
|
|
||||||
type = 'amount'
|
retVal = user.toJSON()
|
||||||
|
retVal['amount'] = amount
|
||||||
|
retVal['type'] = type
|
||||||
|
return jsonify(retVal)
|
||||||
|
|
||||||
retVal = user.toJSON()
|
|
||||||
retVal['amount'] = amount
|
|
||||||
retVal['type'] = type
|
|
||||||
return jsonify(retVal)
|
|
||||||
return jsonify("error", "permission denied"), 401
|
|
||||||
|
|
||||||
@baruser.route("/search", methods=['POST'])
|
@baruser.route("/search", methods=['POST'])
|
||||||
def _search():
|
@login_required(groups=[BAR, MONEY])
|
||||||
token = request.headers.get("Token")
|
def _search(**kwargs):
|
||||||
print(token)
|
data = request.get_json()
|
||||||
accToken = accesTokenController.validateAccessToken(token, BAR)
|
searchString = data['searchString']
|
||||||
accToken2 = accesTokenController.validateAccessToken(token, MONEY)
|
retVal = ldap.searchUser(searchString)
|
||||||
|
return jsonify(retVal)
|
||||||
if accToken or accToken2:
|
|
||||||
data = request.get_json()
|
|
||||||
|
|
||||||
searchString = data['searchString']
|
|
||||||
|
|
||||||
retVal = ldap.searchUser(searchString)
|
|
||||||
|
|
||||||
return jsonify(retVal)
|
|
||||||
return jsonify({"error": "permission denied"}), 401
|
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
import yaml
|
import yaml
|
||||||
import sys
|
import sys
|
||||||
from . import LOGGER
|
from .logger import getLogger
|
||||||
|
LOGGER = getLogger(__name__)
|
||||||
|
|
||||||
default = {
|
default = {
|
||||||
'AccessTokenLifeTime': 1800,
|
'AccessTokenLifeTime': 1800,
|
||||||
|
@ -34,7 +35,7 @@ class ConifgParser():
|
||||||
self.ldap = self.config['LDAP']
|
self.ldap = self.config['LDAP']
|
||||||
LOGGER.info("Set LDAPconfig: {}".format(self.ldap))
|
LOGGER.info("Set LDAPconfig: {}".format(self.ldap))
|
||||||
if 'AccessTokenLifeTime' in self.config:
|
if 'AccessTokenLifeTime' in self.config:
|
||||||
self.accessTokenLifeTime = self.config['AccessTokenLifeTime']
|
self.accessTokenLifeTime = int(self.config['AccessTokenLifeTime'])
|
||||||
LOGGER.info("Set AccessTokenLifeTime: {}".format(self.accessTokenLifeTime))
|
LOGGER.info("Set AccessTokenLifeTime: {}".format(self.accessTokenLifeTime))
|
||||||
else:
|
else:
|
||||||
self.accessTokenLifeTime = default['AccessTokenLifeTime']
|
self.accessTokenLifeTime = default['AccessTokenLifeTime']
|
||||||
|
|
|
@ -15,29 +15,7 @@ class Singleton(type):
|
||||||
cls._instances[cls] = super(Singleton, cls).__call__(*args, **kwargs)
|
cls._instances[cls] = super(Singleton, cls).__call__(*args, **kwargs)
|
||||||
return cls._instances[cls]
|
return cls._instances[cls]
|
||||||
|
|
||||||
from .databaseController import DatabaseController
|
|
||||||
def getDatabesController():
|
|
||||||
if db is not None:
|
|
||||||
return db
|
|
||||||
else:
|
|
||||||
return DatabaseController(dbConfig['URL'], dbConfig['user'], dbConfig['passwd'], dbConfig['database'])
|
|
||||||
from .ldapController import LDAPController
|
|
||||||
def getLDAPController():
|
|
||||||
if ldapController is not None:
|
|
||||||
return ldapController
|
|
||||||
else:
|
|
||||||
return LDAPController(ldapConfig['URL'], ldapConfig['dn'])
|
|
||||||
from .accesTokenController import AccesTokenController
|
|
||||||
|
|
||||||
dbConfig = config.getDatabase()
|
dbConfig = config.getDatabase()
|
||||||
ldapConfig = config.getLDAP()
|
ldapConfig = config.getLDAP()
|
||||||
accConfig = config.getAccessToken()
|
accConfig = config.getAccessToken()
|
||||||
mailConfig = config.getMail()
|
mailConfig = config.getMail()
|
||||||
|
|
||||||
db = DatabaseController(dbConfig['URL'], dbConfig['user'], dbConfig['passwd'], dbConfig['database'])
|
|
||||||
ldapController = LDAPController(ldapConfig['URL'], ldapConfig['dn'])
|
|
||||||
accesTokenController = AccesTokenController(accConfig)
|
|
||||||
from . emailController import EmailController
|
|
||||||
emailController = EmailController(mailConfig['URL'], mailConfig['user'], mailConfig['passwd'], mailConfig['port'], mailConfig['email'])
|
|
||||||
from . userController import UserController
|
|
||||||
userController = UserController()
|
|
|
@ -1,9 +1,14 @@
|
||||||
from geruecht.model.accessToken import AccessToken
|
from geruecht.model.accessToken import AccessToken
|
||||||
|
import geruecht.controller as gc
|
||||||
|
import geruecht.controller.userController as uc
|
||||||
|
from geruecht.model import BAR
|
||||||
from geruecht.controller import LOGGER
|
from geruecht.controller import LOGGER
|
||||||
from datetime import datetime, timedelta
|
from datetime import datetime, timedelta
|
||||||
import hashlib
|
import hashlib
|
||||||
from . import Singleton
|
from . import Singleton
|
||||||
|
|
||||||
|
userController = uc.UserController()
|
||||||
|
|
||||||
class AccesTokenController(metaclass=Singleton):
|
class AccesTokenController(metaclass=Singleton):
|
||||||
""" Control all createt AccesToken
|
""" Control all createt AccesToken
|
||||||
|
|
||||||
|
@ -22,10 +27,16 @@ class AccesTokenController(metaclass=Singleton):
|
||||||
Initialize Thread and set tokenList empty.
|
Initialize Thread and set tokenList empty.
|
||||||
"""
|
"""
|
||||||
LOGGER.info("Initialize AccessTokenController")
|
LOGGER.info("Initialize AccessTokenController")
|
||||||
self.lifetime = lifetime
|
self.lifetime = gc.accConfig
|
||||||
|
|
||||||
self.tokenList = []
|
self.tokenList = []
|
||||||
|
|
||||||
|
def checkBar(self, user):
|
||||||
|
if (userController.checkBarUser(user)):
|
||||||
|
user.group.append(BAR)
|
||||||
|
elif BAR in user.group:
|
||||||
|
user.group.remove(BAR)
|
||||||
|
|
||||||
def validateAccessToken(self, token, group):
|
def validateAccessToken(self, token, group):
|
||||||
""" Verify Accestoken
|
""" Verify Accestoken
|
||||||
|
|
||||||
|
@ -47,6 +58,7 @@ class AccesTokenController(metaclass=Singleton):
|
||||||
now = datetime.now()
|
now = datetime.now()
|
||||||
LOGGER.debug("Check if AccessToken's Endtime {} is bigger then now {}".format(endTime, now))
|
LOGGER.debug("Check if AccessToken's Endtime {} is bigger then now {}".format(endTime, now))
|
||||||
if now <= endTime:
|
if now <= endTime:
|
||||||
|
self.checkBar(accToken.user)
|
||||||
LOGGER.debug("Check if AccesToken {} has same group {}".format(accToken, group))
|
LOGGER.debug("Check if AccesToken {} has same group {}".format(accToken, group))
|
||||||
if self.isSameGroup(accToken, group):
|
if self.isSameGroup(accToken, group):
|
||||||
accToken.updateTimestamp()
|
accToken.updateTimestamp()
|
||||||
|
@ -72,24 +84,27 @@ class AccesTokenController(metaclass=Singleton):
|
||||||
LOGGER.info("Create AccessToken")
|
LOGGER.info("Create AccessToken")
|
||||||
now = datetime.ctime(datetime.now())
|
now = datetime.ctime(datetime.now())
|
||||||
token = hashlib.md5((now + user.dn).encode('utf-8')).hexdigest()
|
token = hashlib.md5((now + user.dn).encode('utf-8')).hexdigest()
|
||||||
|
self.checkBar(user)
|
||||||
accToken = AccessToken(user, token, datetime.now())
|
accToken = AccessToken(user, token, datetime.now())
|
||||||
LOGGER.debug("Add AccessToken {} to current Tokens".format(accToken))
|
LOGGER.debug("Add AccessToken {} to current Tokens".format(accToken))
|
||||||
self.tokenList.append(accToken)
|
self.tokenList.append(accToken)
|
||||||
LOGGER.info("Finished create AccessToken {} with Token {}".format(accToken, token))
|
LOGGER.info("Finished create AccessToken {} with Token {}".format(accToken, token))
|
||||||
return token
|
return token
|
||||||
|
|
||||||
def isSameGroup(self, accToken, group):
|
def isSameGroup(self, accToken, groups):
|
||||||
""" Verify group in AccessToken
|
""" Verify group in AccessToken
|
||||||
|
|
||||||
Verify if the User in the AccesToken has the right group.
|
Verify if the User in the AccesToken has the right group.
|
||||||
|
|
||||||
Args:
|
Args:
|
||||||
accToken: AccessToken to verify.
|
accToken: AccessToken to verify.
|
||||||
group: Group to verify.
|
groups: Group to verify.
|
||||||
|
|
||||||
Returns:
|
Returns:
|
||||||
A Bool. If the same then True else False
|
A Bool. If the same then True else False
|
||||||
"""
|
"""
|
||||||
print("controll if", accToken, "hase group", group)
|
print("controll if", accToken, "hase groups", groups)
|
||||||
LOGGER.debug("Check if AccessToken {} has group {}".format(accToken, group))
|
LOGGER.debug("Check if AccessToken {} has group {}".format(accToken, groups))
|
||||||
return True if group in accToken.user.group else False
|
for group in groups:
|
||||||
|
if group in accToken.user.group: return True
|
||||||
|
return False
|
||||||
|
|
|
@ -1,8 +1,9 @@
|
||||||
import pymysql
|
import pymysql
|
||||||
from . import Singleton
|
from . import Singleton
|
||||||
|
from geruecht import db
|
||||||
from geruecht.model.user import User
|
from geruecht.model.user import User
|
||||||
from geruecht.model.creditList import CreditList
|
from geruecht.model.creditList import CreditList
|
||||||
from datetime import datetime
|
from datetime import datetime, timedelta
|
||||||
|
|
||||||
class DatabaseController(metaclass=Singleton):
|
class DatabaseController(metaclass=Singleton):
|
||||||
'''
|
'''
|
||||||
|
@ -11,29 +12,13 @@ class DatabaseController(metaclass=Singleton):
|
||||||
Connect to the Database and execute sql-executions
|
Connect to the Database and execute sql-executions
|
||||||
'''
|
'''
|
||||||
|
|
||||||
def __init__(self, url='192.168.5.108', user='wu5', password='E1n$tein', database='geruecht'):
|
def __init__(self):
|
||||||
self.url = url
|
self.db = db
|
||||||
self.user = user
|
|
||||||
self.password = password
|
|
||||||
self.database = database
|
|
||||||
self.connect()
|
|
||||||
|
|
||||||
|
|
||||||
def connect(self):
|
|
||||||
try:
|
|
||||||
self.db = pymysql.connect(self.url, self.user, self.password, self.database, cursorclass=pymysql.cursors.DictCursor)
|
|
||||||
except Exception as err:
|
|
||||||
raise err
|
|
||||||
|
|
||||||
def getAllUser(self):
|
def getAllUser(self):
|
||||||
self.connect()
|
cursor = self.db.connection.cursor()
|
||||||
cursor = self.db.cursor()
|
cursor.execute("select * from user")
|
||||||
try:
|
data = cursor.fetchall()
|
||||||
cursor.execute("select * from user")
|
|
||||||
data = cursor.fetchall()
|
|
||||||
self.db.close()
|
|
||||||
except Exception as err:
|
|
||||||
raise err
|
|
||||||
|
|
||||||
if data:
|
if data:
|
||||||
retVal = []
|
retVal = []
|
||||||
|
@ -45,15 +30,10 @@ class DatabaseController(metaclass=Singleton):
|
||||||
return retVal
|
return retVal
|
||||||
|
|
||||||
def getUser(self, username):
|
def getUser(self, username):
|
||||||
self.connect()
|
|
||||||
retVal = None
|
retVal = None
|
||||||
cursor = self.db.cursor()
|
cursor = self.db.connection.cursor()
|
||||||
try:
|
cursor.execute("select * from user where uid='{}'".format(username))
|
||||||
cursor.execute("select * from user where uid='{}'".format(username))
|
data = cursor.fetchone()
|
||||||
data = cursor.fetchone()
|
|
||||||
self.db.close()
|
|
||||||
except Exception as err:
|
|
||||||
raise err
|
|
||||||
if data:
|
if data:
|
||||||
retVal = User(data)
|
retVal = User(data)
|
||||||
creditLists = self.getCreditListFromUser(retVal)
|
creditLists = self.getCreditListFromUser(retVal)
|
||||||
|
@ -61,6 +41,17 @@ class DatabaseController(metaclass=Singleton):
|
||||||
|
|
||||||
return retVal
|
return retVal
|
||||||
|
|
||||||
|
def getUserById(self, id):
|
||||||
|
retVal = None
|
||||||
|
cursor = self.db.connection.cursor()
|
||||||
|
cursor.execute("select * from user where id={}".format(id))
|
||||||
|
data = cursor.fetchone()
|
||||||
|
if data:
|
||||||
|
retVal = User(data)
|
||||||
|
creditLists = self.getCreditListFromUser(retVal)
|
||||||
|
retVal.initGeruechte(creditLists)
|
||||||
|
return retVal
|
||||||
|
|
||||||
def _convertGroupToString(self, groups):
|
def _convertGroupToString(self, groups):
|
||||||
retVal = ''
|
retVal = ''
|
||||||
for group in groups:
|
for group in groups:
|
||||||
|
@ -69,101 +60,93 @@ class DatabaseController(metaclass=Singleton):
|
||||||
retVal += group
|
retVal += group
|
||||||
return retVal
|
return retVal
|
||||||
|
|
||||||
|
|
||||||
def insertUser(self, user):
|
def insertUser(self, user):
|
||||||
self.connect()
|
cursor = self.db.connection.cursor()
|
||||||
cursor = self.db.cursor()
|
|
||||||
groups = self._convertGroupToString(user.group)
|
groups = self._convertGroupToString(user.group)
|
||||||
try:
|
cursor.execute("insert into user (uid, dn, firstname, lastname, gruppe, lockLimit, locked, autoLock, mail) VALUES ('{}','{}','{}','{}','{}',{},{},{},'{}')".format(
|
||||||
cursor.execute("insert into user (uid, dn, firstname, lastname, gruppe, lockLimit, locked, autoLock, mail) VALUES ('{}','{}','{}','{}','{}',{},{},{},'{}')".format(
|
user.uid, user.dn, user.firstname, user.lastname, groups, user.limit, user.locked, user.autoLock, user.mail))
|
||||||
user.uid, user.dn, user.firstname, user.lastname, groups, user.limit, user.locked, user.autoLock, user.mail))
|
self.db.connection.commit()
|
||||||
self.db.commit()
|
|
||||||
except Exception as err:
|
|
||||||
self.db.rollback()
|
|
||||||
self.db.close()
|
|
||||||
raise err
|
|
||||||
self.db.close()
|
|
||||||
|
|
||||||
def updateUser(self, user):
|
def updateUser(self, user):
|
||||||
self.connect()
|
cursor = self.db.connection.cursor()
|
||||||
cursor = self.db.cursor()
|
|
||||||
groups = self._convertGroupToString(user.group)
|
groups = self._convertGroupToString(user.group)
|
||||||
try:
|
sql = "update user set dn='{}', firstname='{}', lastname='{}', gruppe='{}', lockLimit={}, locked={}, autoLock={}, mail='{}' where uid='{}'".format(
|
||||||
sql = "update user set dn='{}', firstname='{}', lastname='{}', gruppe='{}', lockLimit={}, locked={}, autoLock={}, mail='{}' where uid='{}'".format(
|
user.dn, user.firstname, user.lastname, groups, user.limit, user.locked, user.autoLock, user.mail, user.uid)
|
||||||
user.dn, user.firstname, user.lastname, groups, user.limit, user.locked, user.autoLock, user.mail, user.uid)
|
print(sql)
|
||||||
print(sql)
|
cursor.execute(sql)
|
||||||
cursor.execute(sql)
|
self.db.connection.commit()
|
||||||
self.db.commit()
|
|
||||||
except Exception as err:
|
|
||||||
self.db.rollback()
|
|
||||||
self.db.close()
|
|
||||||
print(err.__traceback__)
|
|
||||||
raise err
|
|
||||||
|
|
||||||
self.db.close()
|
|
||||||
|
|
||||||
def getCreditListFromUser(self, user, **kwargs):
|
def getCreditListFromUser(self, user, **kwargs):
|
||||||
self.connect()
|
cursor = self.db.connection.cursor()
|
||||||
cursor = self.db.cursor()
|
if 'year' in kwargs:
|
||||||
try:
|
sql = "select * from creditList where user_id={} and year_date={}".format(user.id, kwargs['year'])
|
||||||
if 'year' in kwargs:
|
else:
|
||||||
sql = "select * from creditList where user_id={} and year_date={}".format(user.id, kwargs['year'])
|
sql = "select * from creditList where user_id={}".format(user.id)
|
||||||
else:
|
cursor.execute(sql)
|
||||||
sql = "select * from creditList where user_id={}".format(user.id)
|
data = cursor.fetchall()
|
||||||
cursor.execute(sql)
|
|
||||||
data = cursor.fetchall()
|
|
||||||
self.db.close()
|
|
||||||
except Exception as err:
|
|
||||||
self.db.close()
|
|
||||||
raise err
|
|
||||||
if len(data) == 1:
|
if len(data) == 1:
|
||||||
return [CreditList(data[0])]
|
return [CreditList(data[0])]
|
||||||
else:
|
else:
|
||||||
return [CreditList(value) for value in data]
|
return [CreditList(value) for value in data]
|
||||||
|
|
||||||
|
|
||||||
def createCreditList(self, user_id, year=datetime.now().year):
|
def createCreditList(self, user_id, year=datetime.now().year):
|
||||||
self.connect()
|
cursor = self.db.connection.cursor()
|
||||||
cursor = self.db.cursor()
|
cursor.execute("insert into creditList (year_date, user_id) values ({},{})".format(year, user_id))
|
||||||
try:
|
self.db.connection.commit()
|
||||||
cursor.execute("insert into creditList (year_date, user_id) values ({},{})".format(year, user_id))
|
|
||||||
self.db.commit()
|
|
||||||
self.db.close()
|
|
||||||
except Exception as err:
|
|
||||||
self.db.close()
|
|
||||||
raise err
|
|
||||||
|
|
||||||
def updateCreditList(self, creditlist):
|
def updateCreditList(self, creditlist):
|
||||||
self.connect()
|
cursor = self.db.connection.cursor()
|
||||||
cursor = self.db.cursor()
|
cursor.execute("select * from creditList where user_id={} and year_date={}".format(creditlist.user_id, creditlist.year))
|
||||||
try:
|
data = cursor.fetchall()
|
||||||
cursor.execute("select * from creditList where user_id={} and year_date={}".format(creditlist.user_id, creditlist.year))
|
if len(data) == 0:
|
||||||
data = cursor.fetchall()
|
self.createCreditList(creditlist.user_id, creditlist.year)
|
||||||
self.db.close()
|
sql = "update creditList set jan_guthaben={}, jan_schulden={},feb_guthaben={}, feb_schulden={}, maer_guthaben={}, maer_schulden={}, apr_guthaben={}, apr_schulden={}, mai_guthaben={}, mai_schulden={}, jun_guthaben={}, jun_schulden={}, jul_guthaben={}, jul_schulden={}, aug_guthaben={}, aug_schulden={},sep_guthaben={}, sep_schulden={},okt_guthaben={}, okt_schulden={}, nov_guthaben={}, nov_schulden={}, dez_guthaben={}, dez_schulden={}, last_schulden={} where year_date={} and user_id={}".format(creditlist.jan_guthaben, creditlist.jan_schulden,
|
||||||
if len(data) == 0:
|
creditlist.feb_guthaben, creditlist.feb_schulden,
|
||||||
self.createCreditList(creditlist.user_id, creditlist.year)
|
creditlist.maer_guthaben, creditlist.maer_schulden,
|
||||||
sql = "update creditList set jan_guthaben={}, jan_schulden={},feb_guthaben={}, feb_schulden={}, maer_guthaben={}, maer_schulden={}, apr_guthaben={}, apr_schulden={}, mai_guthaben={}, mai_schulden={}, jun_guthaben={}, jun_schulden={}, jul_guthaben={}, jul_schulden={}, aug_guthaben={}, aug_schulden={},sep_guthaben={}, sep_schulden={},okt_guthaben={}, okt_schulden={}, nov_guthaben={}, nov_schulden={}, dez_guthaben={}, dez_schulden={}, last_schulden={} where year_date={} and user_id={}".format(creditlist.jan_guthaben, creditlist.jan_schulden,
|
creditlist.apr_guthaben, creditlist.apr_schulden,
|
||||||
creditlist.feb_guthaben, creditlist.feb_schulden,
|
creditlist.mai_guthaben, creditlist.mai_schulden,
|
||||||
creditlist.maer_guthaben, creditlist.maer_schulden,
|
creditlist.jun_guthaben, creditlist.jun_schulden,
|
||||||
creditlist.apr_guthaben, creditlist.apr_schulden,
|
creditlist.jul_guthaben, creditlist.jul_schulden,
|
||||||
creditlist.mai_guthaben, creditlist.mai_schulden,
|
creditlist.aug_guthaben, creditlist.aug_schulden,
|
||||||
creditlist.jun_guthaben, creditlist.jun_schulden,
|
creditlist.sep_guthaben, creditlist.sep_schulden,
|
||||||
creditlist.jul_guthaben, creditlist.jul_schulden,
|
creditlist.okt_guthaben, creditlist.okt_schulden,
|
||||||
creditlist.aug_guthaben, creditlist.aug_schulden,
|
creditlist.nov_guthaben, creditlist.nov_schulden,
|
||||||
creditlist.sep_guthaben, creditlist.sep_schulden,
|
creditlist.dez_guthaben, creditlist.dez_schulden,
|
||||||
creditlist.okt_guthaben, creditlist.okt_schulden,
|
creditlist.last_schulden, creditlist.year, creditlist.user_id)
|
||||||
creditlist.nov_guthaben, creditlist.nov_schulden,
|
print(sql)
|
||||||
creditlist.dez_guthaben, creditlist.dez_schulden,
|
cursor = self.db.connection.cursor()
|
||||||
creditlist.last_schulden, creditlist.year, creditlist.user_id)
|
cursor.execute(sql)
|
||||||
print(sql)
|
self.db.connection.commit()
|
||||||
self.connect()
|
|
||||||
cursor = self.db.cursor()
|
|
||||||
cursor.execute(sql)
|
|
||||||
self.db.commit()
|
|
||||||
self.db.close()
|
|
||||||
except Exception as err:
|
|
||||||
self.db.rollback()
|
|
||||||
self.db.close()
|
|
||||||
raise err
|
|
||||||
|
|
||||||
|
def getWorker(self, user, date):
|
||||||
|
cursor = self.db.connection.cursor()
|
||||||
|
cursor.execute("select * from bardienste where user_id={} and startdatetime='{}'".format(user.id, date))
|
||||||
|
data = cursor.fetchone()
|
||||||
|
return {"user": user.toJSON(), "startdatetime": data['startdatetime'], "enddatetime": data['enddatetime']} if data else None
|
||||||
|
|
||||||
|
|
||||||
|
def getWorkers(self, date):
|
||||||
|
cursor = self.db.connection.cursor()
|
||||||
|
cursor.execute("select * from bardienste where startdatetime='{}'".format(date))
|
||||||
|
data = cursor.fetchall()
|
||||||
|
return [{"user": self.getUserById(work['user_id']).toJSON(), "startdatetime": work['startdatetime'], "enddatetime": work['enddatetime']} for work in data]
|
||||||
|
|
||||||
|
|
||||||
|
def setWorker(self, user, date):
|
||||||
|
cursor = self.db.connection.cursor()
|
||||||
|
cursor.execute("insert into bardienste (user_id, startdatetime, enddatetime) values ({},'{}','{}')".format(user.id, date, date + timedelta(days=1)))
|
||||||
|
self.db.connection.commit()
|
||||||
|
|
||||||
|
|
||||||
|
def deleteWorker(self, user, date):
|
||||||
|
cursor = self.db.connection.cursor()
|
||||||
|
cursor.execute("delete from bardienste where user_id={} and startdatetime='{}'".format(user.id, date))
|
||||||
|
self.db.connection.commit()
|
||||||
|
|
||||||
if __name__ == '__main__':
|
if __name__ == '__main__':
|
||||||
db = DatabaseController()
|
db = DatabaseController()
|
||||||
|
|
|
@ -1,13 +1,36 @@
|
||||||
from . import LOGGER, Singleton, db, ldapController as ldap, emailController
|
from . import LOGGER, Singleton, ldapConfig, dbConfig, mailConfig
|
||||||
|
import geruecht.controller.databaseController as dc
|
||||||
|
import geruecht.controller.ldapController as lc
|
||||||
|
import geruecht.controller.emailController as ec
|
||||||
from geruecht.model.user import User
|
from geruecht.model.user import User
|
||||||
from geruecht.exceptions import PermissionDenied
|
from geruecht.exceptions import PermissionDenied
|
||||||
from datetime import datetime
|
from datetime import datetime, timedelta
|
||||||
|
|
||||||
|
db = dc.DatabaseController()
|
||||||
|
ldap = lc.LDAPController(ldapConfig['URL'], ldapConfig['dn'])
|
||||||
|
emailController = ec.EmailController(mailConfig['URL'], mailConfig['user'], mailConfig['passwd'], mailConfig['port'], mailConfig['email'])
|
||||||
|
|
||||||
class UserController(metaclass=Singleton):
|
class UserController(metaclass=Singleton):
|
||||||
|
|
||||||
def __init__(self):
|
def __init__(self):
|
||||||
pass
|
pass
|
||||||
|
|
||||||
|
def getWorker(self, date, username=None):
|
||||||
|
if (username):
|
||||||
|
user = self.getUser(username)
|
||||||
|
return [db.getWorker(user, date)]
|
||||||
|
return db.getWorkers(date)
|
||||||
|
|
||||||
|
def addWorker(self, username, date):
|
||||||
|
user = self.getUser(username)
|
||||||
|
if (not db.getWorker(user, date)):
|
||||||
|
db.setWorker(user, date)
|
||||||
|
return self.getWorker(date, username=username)
|
||||||
|
|
||||||
|
def deleteWorker(self, username, date):
|
||||||
|
user = self.getUser(username)
|
||||||
|
db.deleteWorker(user, date)
|
||||||
|
|
||||||
def lockUser(self, username, locked):
|
def lockUser(self, username, locked):
|
||||||
user = self.getUser(username)
|
user = self.getUser(username)
|
||||||
user.updateData({'locked': locked})
|
user.updateData({'locked': locked})
|
||||||
|
@ -54,6 +77,20 @@ class UserController(metaclass=Singleton):
|
||||||
self.__updateGeruechte(user)
|
self.__updateGeruechte(user)
|
||||||
return db.getAllUser()
|
return db.getAllUser()
|
||||||
|
|
||||||
|
def checkBarUser(self, user):
|
||||||
|
date = datetime.now()
|
||||||
|
zero = date.replace(hour=0, minute=0, second=0, microsecond=0)
|
||||||
|
end = zero + timedelta(hours=11)
|
||||||
|
startdatetime = date.replace(hour=11, minute=0, second=0, microsecond=0)
|
||||||
|
if date > zero and end > date:
|
||||||
|
startdatetime = startdatetime - timedelta(days=1)
|
||||||
|
enddatetime = startdatetime + timedelta(days=1)
|
||||||
|
result = False
|
||||||
|
if date >= startdatetime and date < enddatetime:
|
||||||
|
result = db.getWorker(user, startdatetime)
|
||||||
|
return True if result else False
|
||||||
|
|
||||||
|
|
||||||
def getUser(self, username):
|
def getUser(self, username):
|
||||||
user = db.getUser(username)
|
user = db.getUser(username)
|
||||||
groups = ldap.getGroup(username)
|
groups = ldap.getGroup(username)
|
||||||
|
|
|
@ -0,0 +1,21 @@
|
||||||
|
from functools import wraps
|
||||||
|
def login_required(**kwargs):
|
||||||
|
import geruecht.controller.accesTokenController as ac
|
||||||
|
from geruecht.model import BAR, USER, MONEY, GASTRO
|
||||||
|
from flask import request, jsonify
|
||||||
|
accessController = ac.AccesTokenController()
|
||||||
|
groups = [USER, BAR, GASTRO, MONEY]
|
||||||
|
if "groups" in kwargs:
|
||||||
|
groups = kwargs["groups"]
|
||||||
|
def real_decorator(func):
|
||||||
|
@wraps(func)
|
||||||
|
def wrapper(*args, **kwargs):
|
||||||
|
token = request.headers.get('Token')
|
||||||
|
accToken = accessController.validateAccessToken(token, groups)
|
||||||
|
kwargs['accToken'] = accToken
|
||||||
|
if accToken:
|
||||||
|
return func(*args, **kwargs)
|
||||||
|
else:
|
||||||
|
return jsonify({"error": "error", "message": "permission denied"}), 401
|
||||||
|
return wrapper
|
||||||
|
return real_decorator
|
|
@ -1,14 +1,18 @@
|
||||||
from flask import Blueprint, request, jsonify
|
from flask import Blueprint, request, jsonify
|
||||||
from geruecht.finanzer import LOGGER
|
from geruecht.finanzer import LOGGER
|
||||||
from datetime import datetime
|
from datetime import datetime
|
||||||
from geruecht.controller import accesTokenController, userController
|
import geruecht.controller.userController as uc
|
||||||
from geruecht.model import MONEY
|
from geruecht.model import MONEY
|
||||||
|
from geruecht.decorator import login_required
|
||||||
|
|
||||||
finanzer = Blueprint("finanzer", __name__)
|
finanzer = Blueprint("finanzer", __name__)
|
||||||
|
|
||||||
|
userController = uc.UserController()
|
||||||
|
|
||||||
|
|
||||||
@finanzer.route("/getFinanzerMain")
|
@finanzer.route("/getFinanzerMain")
|
||||||
def _getFinanzer():
|
@login_required(groups=[MONEY])
|
||||||
|
def _getFinanzer(**kwargs):
|
||||||
""" Function for /getFinanzerMain
|
""" Function for /getFinanzerMain
|
||||||
|
|
||||||
Retrieves all User for the groupe 'moneymaster'
|
Retrieves all User for the groupe 'moneymaster'
|
||||||
|
@ -17,26 +21,20 @@ def _getFinanzer():
|
||||||
A JSON-File with Users
|
A JSON-File with Users
|
||||||
or ERROR 401 Permission Denied.
|
or ERROR 401 Permission Denied.
|
||||||
"""
|
"""
|
||||||
LOGGER.info("Get main for Finanzer")
|
LOGGER.debug("Get all Useres")
|
||||||
token = request.headers.get("Token")
|
users = userController.getAllUsersfromDB()
|
||||||
LOGGER.debug("Verify AccessToken with Token {}".format(token))
|
dic = {}
|
||||||
accToken = accesTokenController.validateAccessToken(token, MONEY)
|
for user in users:
|
||||||
if accToken:
|
LOGGER.debug("Add User {} to ReturnValue".format(user))
|
||||||
LOGGER.debug("Get all Useres")
|
dic[user.uid] = user.toJSON()
|
||||||
users = userController.getAllUsersfromDB()
|
dic[user.uid]['creditList'] = {credit.year: credit.toJSON() for credit in user.geruechte}
|
||||||
dic = {}
|
LOGGER.debug("ReturnValue is {}".format(dic))
|
||||||
for user in users:
|
LOGGER.info("Send main for Finanzer")
|
||||||
LOGGER.debug("Add User {} to ReturnValue".format(user))
|
return jsonify(dic)
|
||||||
dic[user.uid] = user.toJSON()
|
|
||||||
dic[user.uid]['creditList'] = {credit.year: credit.toJSON() for credit in user.geruechte}
|
|
||||||
LOGGER.debug("ReturnValue is {}".format(dic))
|
|
||||||
LOGGER.info("Send main for Finanzer")
|
|
||||||
return jsonify(dic)
|
|
||||||
LOGGER.info("Permission Denied")
|
|
||||||
return jsonify({"error": "permission denied"}), 401
|
|
||||||
|
|
||||||
@finanzer.route("/finanzerAddAmount", methods=['POST'])
|
@finanzer.route("/finanzerAddAmount", methods=['POST'])
|
||||||
def _addAmount():
|
@login_required(groups=[MONEY])
|
||||||
|
def _addAmount(**kwargs):
|
||||||
""" Add Amount to User
|
""" Add Amount to User
|
||||||
|
|
||||||
This Function add an amount to the user with posted userID.
|
This Function add an amount to the user with posted userID.
|
||||||
|
@ -47,39 +45,32 @@ def _addAmount():
|
||||||
JSON-File with geruecht of year
|
JSON-File with geruecht of year
|
||||||
or ERROR 401 Permission Denied
|
or ERROR 401 Permission Denied
|
||||||
"""
|
"""
|
||||||
LOGGER.info("Add Amount")
|
data = request.get_json()
|
||||||
token = request.headers.get("Token")
|
LOGGER.debug("Get data {}".format(data))
|
||||||
LOGGER.debug("Verify AccessToken with Token {}".format(token))
|
userID = data['userId']
|
||||||
accToken = accesTokenController.validateAccessToken(token, MONEY)
|
amount = int(data['amount'])
|
||||||
|
LOGGER.debug("UserID is {} and amount is {}".format(userID, amount))
|
||||||
if accToken:
|
try:
|
||||||
data = request.get_json()
|
year = int(data['year'])
|
||||||
LOGGER.debug("Get data {}".format(data))
|
except KeyError as er:
|
||||||
userID = data['userId']
|
LOGGER.error("KeyError in year. Year is set to default.")
|
||||||
amount = int(data['amount'])
|
year = datetime.now().year
|
||||||
LOGGER.debug("UserID is {} and amount is {}".format(userID, amount))
|
try:
|
||||||
try:
|
month = int(data['month'])
|
||||||
year = int(data['year'])
|
except KeyError as er:
|
||||||
except KeyError as er:
|
LOGGER.error("KeyError in month. Month is set to default.")
|
||||||
LOGGER.error("KeyError in year. Year is set to default.")
|
month = datetime.now().month
|
||||||
year = datetime.now().year
|
LOGGER.debug("Year is {} and Month is {}".format(year, month))
|
||||||
try:
|
userController.addAmount(userID, amount, year=year, month=month, finanzer=True)
|
||||||
month = int(data['month'])
|
user = userController.getUser(userID)
|
||||||
except KeyError as er:
|
retVal = {str(geruecht.year): geruecht.toJSON() for geruecht in user.geruechte}
|
||||||
LOGGER.error("KeyError in month. Month is set to default.")
|
retVal['locked'] = user.locked
|
||||||
month = datetime.now().month
|
LOGGER.info("Send updated Geruecht")
|
||||||
LOGGER.debug("Year is {} and Month is {}".format(year, month))
|
return jsonify(retVal)
|
||||||
userController.addAmount(userID, amount, year=year, month=month, finanzer=True)
|
|
||||||
user = userController.getUser(userID)
|
|
||||||
retVal = {str(geruecht.year): geruecht.toJSON() for geruecht in user.geruechte}
|
|
||||||
retVal['locked'] = user.locked
|
|
||||||
LOGGER.info("Send updated Geruecht")
|
|
||||||
return jsonify(retVal)
|
|
||||||
LOGGER.info("Permission Denied")
|
|
||||||
return jsonify({"error": "permission denied"}), 401
|
|
||||||
|
|
||||||
@finanzer.route("/finanzerAddCredit", methods=['POST'])
|
@finanzer.route("/finanzerAddCredit", methods=['POST'])
|
||||||
def _addCredit():
|
@login_required(groups=[MONEY])
|
||||||
|
def _addCredit(**kwargs):
|
||||||
""" Add Credit to User
|
""" Add Credit to User
|
||||||
|
|
||||||
This Function add an credit to the user with posted userID.
|
This Function add an credit to the user with posted userID.
|
||||||
|
@ -90,106 +81,79 @@ def _addCredit():
|
||||||
JSON-File with geruecht of year
|
JSON-File with geruecht of year
|
||||||
or ERROR 401 Permission Denied
|
or ERROR 401 Permission Denied
|
||||||
"""
|
"""
|
||||||
LOGGER.info("Add Amount")
|
data = request.get_json()
|
||||||
token = request.headers.get("Token")
|
print(data)
|
||||||
LOGGER.debug("Verify AccessToken with Token {}".format(token))
|
LOGGER.debug("Get data {}".format(data))
|
||||||
accToken = accesTokenController.validateAccessToken(token, MONEY)
|
userID = data['userId']
|
||||||
|
credit = int(data['credit'])
|
||||||
|
LOGGER.debug("UserID is {} and credit is {}".format(userID, credit))
|
||||||
|
|
||||||
if accToken:
|
try:
|
||||||
|
year = int(data['year'])
|
||||||
|
except KeyError as er:
|
||||||
|
LOGGER.error("KeyError in year. Year is set to default.")
|
||||||
|
year = datetime.now().year
|
||||||
|
try:
|
||||||
|
month = int(data['month'])
|
||||||
|
except KeyError as er:
|
||||||
|
LOGGER.error("KeyError in month. Month is set to default.")
|
||||||
|
month = datetime.now().month
|
||||||
|
|
||||||
data = request.get_json()
|
LOGGER.debug("Year is {} and Month is {}".format(year, month))
|
||||||
print(data)
|
userController.addCredit(userID, credit, year=year, month=month).toJSON()
|
||||||
LOGGER.debug("Get data {}".format(data))
|
user = userController.getUser(userID)
|
||||||
userID = data['userId']
|
retVal = {str(geruecht.year): geruecht.toJSON() for geruecht in user.geruechte}
|
||||||
credit = int(data['credit'])
|
retVal['locked'] = user.locked
|
||||||
LOGGER.debug("UserID is {} and credit is {}".format(userID, credit))
|
LOGGER.info("Send updated Geruecht")
|
||||||
|
return jsonify(retVal)
|
||||||
|
|
||||||
try:
|
|
||||||
year = int(data['year'])
|
|
||||||
except KeyError as er:
|
|
||||||
LOGGER.error("KeyError in year. Year is set to default.")
|
|
||||||
year = datetime.now().year
|
|
||||||
try:
|
|
||||||
month = int(data['month'])
|
|
||||||
except KeyError as er:
|
|
||||||
LOGGER.error("KeyError in month. Month is set to default.")
|
|
||||||
month = datetime.now().month
|
|
||||||
|
|
||||||
LOGGER.debug("Year is {} and Month is {}".format(year, month))
|
|
||||||
userController.addCredit(userID, credit, year=year, month=month).toJSON()
|
|
||||||
user = userController.getUser(userID)
|
|
||||||
retVal = {str(geruecht.year): geruecht.toJSON() for geruecht in user.geruechte}
|
|
||||||
retVal['locked'] = user.locked
|
|
||||||
LOGGER.info("Send updated Geruecht")
|
|
||||||
return jsonify(retVal)
|
|
||||||
LOGGER.info("Permission Denied")
|
|
||||||
return jsonify({"error": "permission denied"}), 401
|
|
||||||
|
|
||||||
@finanzer.route("/finanzerLock", methods=['POST'])
|
@finanzer.route("/finanzerLock", methods=['POST'])
|
||||||
def _finanzerLock():
|
@login_required(groups=[MONEY])
|
||||||
token = request.headers.get("Token")
|
def _finanzerLock(**kwargs):
|
||||||
accToken = accesTokenController.validateAccessToken(token, MONEY)
|
data = request.get_json()
|
||||||
|
username = data['userId']
|
||||||
|
locked = bool(data['locked'])
|
||||||
|
retVal = userController.lockUser(username, locked).toJSON()
|
||||||
|
return jsonify(retVal)
|
||||||
|
|
||||||
if accToken:
|
|
||||||
data = request.get_json()
|
|
||||||
username = data['userId']
|
|
||||||
locked = bool(data['locked'])
|
|
||||||
retVal = userController.lockUser(username, locked).toJSON()
|
|
||||||
return jsonify(retVal)
|
|
||||||
return jsonify({"error": "permission denied"}), 401
|
|
||||||
|
|
||||||
@finanzer.route("/finanzerSetConfig", methods=['POST'])
|
@finanzer.route("/finanzerSetConfig", methods=['POST'])
|
||||||
def _finanzerSetConfig():
|
@login_required(groups=[MONEY])
|
||||||
token = request.headers.get("Token")
|
def _finanzerSetConfig(**kwargs):
|
||||||
accToken = accesTokenController.validateAccessToken(token, MONEY)
|
data = request.get_json()
|
||||||
|
username = data['userId']
|
||||||
if accToken:
|
autoLock = bool(data['autoLock'])
|
||||||
data = request.get_json()
|
limit = int(data['limit'])
|
||||||
username = data['userId']
|
retVal = userController.updateConfig(username, {'lockLimit': limit, 'autoLock': autoLock}).toJSON()
|
||||||
autoLock = bool(data['autoLock'])
|
return jsonify(retVal)
|
||||||
limit = int(data['limit'])
|
|
||||||
retVal = userController.updateConfig(username, {'lockLimit': limit, 'autoLock': autoLock}).toJSON()
|
|
||||||
return jsonify(retVal)
|
|
||||||
return jsonify({"error": "permission denied"}), 401
|
|
||||||
|
|
||||||
@finanzer.route("/finanzerAddUser", methods=['POST'])
|
@finanzer.route("/finanzerAddUser", methods=['POST'])
|
||||||
def _finanzerAddUser():
|
@login_required(groups=[MONEY])
|
||||||
token = request.headers.get("Token")
|
def _finanzerAddUser(**kwargs):
|
||||||
accToken = accesTokenController.validateAccessToken(token, MONEY)
|
data = request.get_json()
|
||||||
|
username = data['userId']
|
||||||
if accToken:
|
userController.getUser(username)
|
||||||
data = request.get_json()
|
LOGGER.debug("Get all Useres")
|
||||||
username = data['userId']
|
users = userController.getAllUsersfromDB()
|
||||||
userController.getUser(username)
|
dic = {}
|
||||||
LOGGER.debug("Get all Useres")
|
for user in users:
|
||||||
users = userController.getAllUsersfromDB()
|
LOGGER.debug("Add User {} to ReturnValue".format(user))
|
||||||
dic = {}
|
dic[user.uid] = user.toJSON()
|
||||||
for user in users:
|
dic[user.uid]['creditList'] = {credit.year: credit.toJSON() for credit in user.geruechte}
|
||||||
LOGGER.debug("Add User {} to ReturnValue".format(user))
|
LOGGER.debug("ReturnValue is {}".format(dic))
|
||||||
dic[user.uid] = user.toJSON()
|
return jsonify(dic), 200
|
||||||
dic[user.uid]['creditList'] = {credit.year: credit.toJSON() for credit in user.geruechte}
|
|
||||||
LOGGER.debug("ReturnValue is {}".format(dic))
|
|
||||||
return jsonify(dic), 200
|
|
||||||
return jsonify({"error": "permission denied"}), 401
|
|
||||||
|
|
||||||
@finanzer.route("/finanzerSendOneMail", methods=['POST'])
|
@finanzer.route("/finanzerSendOneMail", methods=['POST'])
|
||||||
def _finanzerSendOneMail():
|
@login_required(groups=[MONEY])
|
||||||
token = request.headers.get("Token")
|
def _finanzerSendOneMail(**kwargs):
|
||||||
accToken = accesTokenController.validateAccessToken(token, MONEY)
|
data = request.get_json()
|
||||||
|
username = data['userId']
|
||||||
if accToken:
|
retVal = userController.sendMail(username)
|
||||||
data = request.get_json()
|
return jsonify(retVal)
|
||||||
username = data['userId']
|
|
||||||
retVal = userController.sendMail(username)
|
|
||||||
return jsonify(retVal)
|
|
||||||
return jsonify({"error:", "permission denied"}), 401
|
|
||||||
|
|
||||||
@finanzer.route("/finanzerSendAllMail", methods=['GET'])
|
@finanzer.route("/finanzerSendAllMail", methods=['GET'])
|
||||||
def _finanzerSendAllMail():
|
@login_required(groups=[MONEY])
|
||||||
token = request.headers.get("Token")
|
def _finanzerSendAllMail(**kwargs):
|
||||||
accToken = accesTokenController.validateAccessToken(token, MONEY)
|
retVal = userController.sendAllMail()
|
||||||
|
return jsonify(retVal)
|
||||||
if accToken:
|
|
||||||
retVal = userController.sendAllMail()
|
|
||||||
return jsonify(retVal)
|
|
||||||
return jsonify({"error": "permission denied"}), 401
|
|
|
@ -1,17 +0,0 @@
|
||||||
from geruecht.controller import db
|
|
||||||
|
|
||||||
class PriceList(db.Model):
|
|
||||||
""" Database Model for PriceList
|
|
||||||
|
|
||||||
PriceList has lots of Drinks and safe all Prices (normal, for club, for other clubs, which catagory, etc)
|
|
||||||
"""
|
|
||||||
id = db.Column(db.Integer, primary_key=True)
|
|
||||||
|
|
||||||
name = db.Column(db.String, nullable=False, unique=True)
|
|
||||||
price = db.Column(db.Integer, nullable=False)
|
|
||||||
price_club = db.Column(db.Integer, nullable=False)
|
|
||||||
price_ext_club = db.Column(db.Integer, nullable=False)
|
|
||||||
category = db.Column(db.Integer, nullable=False)
|
|
||||||
upPrice = db.Column(db.Integer)
|
|
||||||
upPrice_club = db.Column(db.Integer)
|
|
||||||
upPrice_ext_club = db.Column(db.Integer)
|
|
|
@ -1,9 +1,12 @@
|
||||||
from geruecht import app, LOGGER
|
from geruecht import app, LOGGER
|
||||||
from geruecht.exceptions import PermissionDenied
|
from geruecht.exceptions import PermissionDenied
|
||||||
from geruecht.controller import accesTokenController, userController
|
import geruecht.controller.accesTokenController as ac
|
||||||
|
import geruecht.controller.userController as uc
|
||||||
from geruecht.model import MONEY, BAR, USER, GASTRO
|
from geruecht.model import MONEY, BAR, USER, GASTRO
|
||||||
from flask import request, jsonify
|
from flask import request, jsonify
|
||||||
|
|
||||||
|
accesTokenController = ac.AccesTokenController()
|
||||||
|
userController = uc.UserController()
|
||||||
|
|
||||||
def login(user, password):
|
def login(user, password):
|
||||||
return user.login(password)
|
return user.login(password)
|
||||||
|
@ -12,16 +15,16 @@ def login(user, password):
|
||||||
@app.route("/valid")
|
@app.route("/valid")
|
||||||
def _valid():
|
def _valid():
|
||||||
token = request.headers.get("Token")
|
token = request.headers.get("Token")
|
||||||
accToken = accesTokenController.validateAccessToken(token, MONEY)
|
accToken = accesTokenController.validateAccessToken(token, [MONEY])
|
||||||
if accToken:
|
if accToken:
|
||||||
return jsonify(accToken.user.toJSON())
|
return jsonify(accToken.user.toJSON())
|
||||||
accToken = accesTokenController.validateAccessToken(token, BAR)
|
accToken = accesTokenController.validateAccessToken(token, [BAR])
|
||||||
if accToken:
|
if accToken:
|
||||||
return jsonify(accToken.user.toJSON())
|
return jsonify(accToken.user.toJSON())
|
||||||
accToken = accesTokenController.validateAccessToken(token, GASTRO)
|
accToken = accesTokenController.validateAccessToken(token, [GASTRO])
|
||||||
if accToken:
|
if accToken:
|
||||||
return jsonify(accToken.user.toJSON())
|
return jsonify(accToken.user.toJSON())
|
||||||
accToken = accesTokenController.validateAccessToken(token, USER)
|
accToken = accesTokenController.validateAccessToken(token, [USER])
|
||||||
if accToken:
|
if accToken:
|
||||||
return jsonify(accToken.user.toJSON())
|
return jsonify(accToken.user.toJSON())
|
||||||
return jsonify({"error": "permission denied"}), 401
|
return jsonify({"error": "permission denied"}), 401
|
||||||
|
@ -48,7 +51,7 @@ def _login():
|
||||||
user = userController.loginUser(username, password)
|
user = userController.loginUser(username, password)
|
||||||
user.password = password
|
user.password = password
|
||||||
token = accesTokenController.createAccesToken(user)
|
token = accesTokenController.createAccesToken(user)
|
||||||
dic = user.toJSON()
|
dic = accesTokenController.validateAccessToken(token, [USER]).user.toJSON()
|
||||||
dic["token"] = token
|
dic["token"] = token
|
||||||
dic["accessToken"] = token
|
dic["accessToken"] = token
|
||||||
LOGGER.info("User {} success login.".format(username))
|
LOGGER.info("User {} success login.".format(username))
|
||||||
|
|
|
@ -1,28 +1,30 @@
|
||||||
from flask import Blueprint, request, jsonify
|
from flask import Blueprint, request, jsonify
|
||||||
from geruecht.controller import userController, accesTokenController
|
from geruecht.decorator import login_required
|
||||||
|
import geruecht.controller.userController as uc
|
||||||
from geruecht.model import USER
|
from geruecht.model import USER
|
||||||
from datetime import datetime
|
from datetime import datetime
|
||||||
|
|
||||||
user = Blueprint("user", __name__)
|
user = Blueprint("user", __name__)
|
||||||
|
|
||||||
@user.route("/user/main")
|
userController = uc.UserController()
|
||||||
def _main():
|
|
||||||
|
|
||||||
token = request.headers.get("Token")
|
|
||||||
accToken = accesTokenController.validateAccessToken(token, USER)
|
@user.route("/user/main")
|
||||||
if accToken:
|
@login_required(groups=[USER])
|
||||||
|
def _main(**kwargs):
|
||||||
|
if 'accToken' in kwargs:
|
||||||
|
accToken = kwargs['accToken']
|
||||||
accToken.user = userController.getUser(accToken.user.uid)
|
accToken.user = userController.getUser(accToken.user.uid)
|
||||||
retVal = accToken.user.toJSON()
|
retVal = accToken.user.toJSON()
|
||||||
retVal['creditList'] = {credit.year: credit.toJSON() for credit in accToken.user.geruechte}
|
retVal['creditList'] = {credit.year: credit.toJSON() for credit in accToken.user.geruechte}
|
||||||
return jsonify(retVal)
|
return jsonify(retVal)
|
||||||
return jsonify({"error": "permission denied"}), 401
|
return jsonify("error", "something went wrong"), 500
|
||||||
|
|
||||||
@user.route("/user/addAmount", methods=['POST'])
|
@user.route("/user/addAmount", methods=['POST'])
|
||||||
def _addAmount():
|
@login_required(groups=[USER])
|
||||||
|
def _addAmount(**kwargs):
|
||||||
token = request.headers.get("Token")
|
if 'accToken' in kwargs:
|
||||||
accToken = accesTokenController.validateAccessToken(token, USER)
|
accToken = kwargs['accToken']
|
||||||
if accToken:
|
|
||||||
data = request.get_json()
|
data = request.get_json()
|
||||||
amount = int(data['amount'])
|
amount = int(data['amount'])
|
||||||
date = datetime.now()
|
date = datetime.now()
|
||||||
|
@ -31,4 +33,4 @@ def _addAmount():
|
||||||
retVal = accToken.user.toJSON()
|
retVal = accToken.user.toJSON()
|
||||||
retVal['creditList'] = {credit.year: credit.toJSON() for credit in accToken.user.geruechte}
|
retVal['creditList'] = {credit.year: credit.toJSON() for credit in accToken.user.geruechte}
|
||||||
return jsonify(retVal)
|
return jsonify(retVal)
|
||||||
return jsonify({"error": "permission denied"}), 401
|
return jsonify({"error": "something went wrong"}), 500
|
|
@ -0,0 +1,41 @@
|
||||||
|
from flask import Blueprint, request, jsonify
|
||||||
|
from datetime import datetime
|
||||||
|
import geruecht.controller.userController as uc
|
||||||
|
from geruecht.decorator import login_required
|
||||||
|
from geruecht.model import MONEY, GASTRO
|
||||||
|
|
||||||
|
vorstand = Blueprint("vorstand", __name__)
|
||||||
|
userController = uc.UserController()
|
||||||
|
|
||||||
|
|
||||||
|
@vorstand.route("/sm/addUser", methods=['POST', 'GET'])
|
||||||
|
@login_required(groups=[MONEY, GASTRO])
|
||||||
|
def _addUser(**kwargs):
|
||||||
|
|
||||||
|
if request.method == 'GET':
|
||||||
|
return "<h1>HEllo World</h1>"
|
||||||
|
|
||||||
|
data = request.get_json()
|
||||||
|
user = data['user']
|
||||||
|
date = datetime.utcfromtimestamp(int(data['date']))
|
||||||
|
retVal = userController.addWorker(user['username'], date)
|
||||||
|
print(retVal)
|
||||||
|
return jsonify(retVal)
|
||||||
|
|
||||||
|
@vorstand.route("/sm/getUser", methods=['POST'])
|
||||||
|
@login_required(groups=[MONEY, GASTRO])
|
||||||
|
def _getUser(**kwargs):
|
||||||
|
data = request.get_json()
|
||||||
|
date = datetime.utcfromtimestamp(int(data['date']))
|
||||||
|
retVal = userController.getWorker(date)
|
||||||
|
print(retVal)
|
||||||
|
return jsonify(retVal)
|
||||||
|
|
||||||
|
@vorstand.route("/sm/deleteUser", methods=['POST'])
|
||||||
|
@login_required(groups=[MONEY, GASTRO])
|
||||||
|
def _deletUser(**kwargs):
|
||||||
|
data = request.get_json()
|
||||||
|
user = data['user']
|
||||||
|
date = datetime.utcfromtimestamp(int(data['date']))
|
||||||
|
userController.deleteWorker(user['username'], date)
|
||||||
|
return jsonify({"ok": "ok"})
|
Loading…
Reference in New Issue