Compare commits

...

51 Commits

Author SHA1 Message Date
Tim Gröger d17b0a7cab [balance] add sorting of transaction 2021-11-22 15:23:21 +01:00
Tim Gröger ff03325e2b [balance] add get and modify limits for all users 2021-11-22 15:20:24 +01:00
Ferdinand Thiessen 04d5b1e83a [events] Allow locking events 2021-11-21 17:58:28 +01:00
Ferdinand Thiessen 51a3a8dfc8 [events] Respect backup assignment 2021-11-21 17:52:24 +01:00
Tim Gröger d75574e078 [auth_ldap] fix create Users 2021-11-21 15:30:49 +01:00
Tim Gröger 0be31d0bfe [auth_ldap] sync ldap_users to Database 2021-11-21 15:11:37 +01:00
Tim Gröger 26d63b7c7d [users][auth_ldap][auth_plain] delete avatar 2021-11-20 22:58:05 +01:00
Tim Gröger f7f27311db [image] bigger filename size 2021-11-19 22:04:33 +01:00
Tim Gröger 00c9da4ff2 Merge remote-tracking branch 'origin/develop' into develop 2021-11-19 20:11:07 +01:00
Ferdinand Thiessen 795475fe15 [pricelist] Delete old images 2021-11-19 13:32:54 +01:00
Ferdinand Thiessen d00c603697 [events] Allow server side pageination 2021-11-18 23:06:03 +01:00
Ferdinand Thiessen 48933cdf5f [core] Minor fixes 2021-11-18 23:02:03 +01:00
Ferdinand Thiessen 7cb31bf60e gitignore 2021-11-18 12:57:18 +01:00
Ferdinand Thiessen 05dc158719 [cleanup] PEP8 cleanup 2021-11-18 12:56:02 +01:00
Tim Gröger 6535aeab2e Merge remote-tracking branch 'origin/develop' into develop 2021-11-16 21:32:25 +01:00
Ferdinand Thiessen 92183a4235 [logging] Enabled overriding logger config by user config 2021-11-16 21:18:06 +01:00
Ferdinand Thiessen c6c41adb02 [logging] Enabled overriding logger config by user config 2021-11-16 14:07:05 +01:00
Ferdinand Thiessen f1d973b446 [deps] Updated flask requirement 2021-11-16 14:06:31 +01:00
Ferdinand Thiessen 45ed9219a4 [logging] Some cleanup and improved configuring using user config 2021-11-16 13:43:47 +01:00
Tim Gröger 0ef9d18ace [auth_ldap][fix] fix loade correct picture 2021-11-16 11:18:00 +01:00
Tim Gröger ae1bf6c54b [auth_ldap][fix] hash ssha from ldap3 2021-11-15 22:38:49 +01:00
Tim Gröger f205291d6d [pricelist][fix] autodeletion of relationship. drinks can be modified 2021-11-15 20:47:14 +01:00
Ferdinand Thiessen 6a9db1b36a [pricelist] Fix minor issues 2021-11-15 17:05:18 +01:00
Ferdinand Thiessen e3d0014e62 [pricelist] Use Serial database type instead of int for IDs 2021-11-15 16:34:58 +01:00
Ferdinand Thiessen a43441e0c5 [pricelist] Use new image controller 2021-11-15 16:34:35 +01:00
Ferdinand Thiessen a6fe921920 [controller] Add controller for handling uploading images 2021-11-15 16:32:24 +01:00
ferfissimo 42e304cf5f Merge pull request 'feature/pricelist' (#15) from feature/pricelist into develop
Reviewed-on: #15
2021-11-15 09:55:09 +00:00
ferfissimo 55278c8413 Merge branch 'develop' into feature/pricelist 2021-11-15 09:54:52 +00:00
Tim Gröger 57a03a80cc [pricelist] add serverside sorting for pricelist, sorting by name for drinks 2021-11-15 09:19:50 +01:00
Tim Gröger dba60fdab8 [pricelist] serverside pagination and filtering for pricelist 2021-11-14 19:35:11 +01:00
Tim Gröger 1bb7bafa2a [pricelist][fix] better query to send drinks with public prices 2021-11-13 15:57:49 +01:00
Tim Gröger e4b937991b [pricelist] add serverside pagination and filter for receipts 2021-11-13 15:44:06 +01:00
Tim Gröger 526433afba [pricelist] serviceside filtering for ingredients 2021-11-13 15:03:21 +01:00
Ferdinand Thiessen 1b371763ee [events] Fix conflic return code 2021-11-13 14:49:28 +01:00
Tim Gröger 8fb74358e7 [pricelist] add serverside filtering for getDrinks 2021-11-13 13:23:04 +01:00
Tim Gröger 26a00ed6a6 [pricelist] add serverside pagination of drinks 2021-11-12 22:09:16 +01:00
Ferdinand Thiessen 974af80a9b [db] Fix warnings and fix readme 2021-11-12 11:34:42 +01:00
Tim Gröger ff13eefb45 Merge branch 'develop' into feature/pricelist 2021-11-11 19:49:43 +01:00
Tim Gröger 5ef603ee50 Merge pull request '[auth_ldap] Allow more configuration' (#14) from improve_ldap into develop
Reviewed-on: #14
2021-11-11 18:43:17 +00:00
Ferdinand Thiessen 80f06e483b [auth_ldap] modify_role has to be called before the update to change it on the backend 2021-11-11 15:23:11 +01:00
Ferdinand Thiessen f80ad5c420 [auth_ldap] Fix typo in __init__ 2021-11-11 15:23:11 +01:00
Ferdinand Thiessen 4e1799e297 [auth_ldap] Allow more configuration
* Allow configuring the password hash (SSHA, PBKDF2 or Argon2)
* Allow setting custom dn templates for users and groups to e.g. allow "ou=people" or "ou=user"
* Allow setting custom object class for entries
* Stop using deprecated openssl constants
2021-11-11 15:23:11 +01:00
Ferdinand Thiessen f7e07fdade [events] Hotfix: delete an event with registered jobs 2021-11-11 15:22:55 +01:00
Ferdinand Thiessen 3d833fb6af [plugin] Plugins should have an unique ID 2021-11-11 15:22:15 +01:00
Ferdinand Thiessen 2dabd1dd34 [events] Fix deleteing an event 2021-11-11 12:23:45 +01:00
Ferdinand Thiessen cadde543f2 [plugins] Improved handling of plugin loading errors 2021-08-30 14:39:54 +02:00
Tim Gröger 4e46ea1ca3 [balance] add get and modify limits for all users 2021-08-09 10:06:51 +00:00
Tim Gröger 0d1a39f217 [balance] add sorting of transaction 2021-08-09 10:06:51 +00:00
Ferdinand Thiessen 7129469835 [roles] MySQL is caseinsensitive for strings so workaround it for renaming roles 2021-07-29 17:18:01 +02:00
Tim Gröger e7b978ae3c better drink dependency
drink_ingredient has name and cost_per_volume
Flaschengeist/flaschengeist-pricelist#2
2021-06-30 10:45:41 +02:00
Tim Gröger ff1a0544f8 Merge branch 'develop' into feature/pricelist 2021-06-29 20:21:50 +02:00
32 changed files with 1003 additions and 391 deletions

2
.gitignore vendored
View File

@ -122,6 +122,8 @@ dmypy.json
.vscode/
*.log
data/
# config
flaschengeist/flaschengeist.toml

View File

@ -52,8 +52,11 @@ def __load_plugins(app):
app.register_blueprint(plugin.blueprint)
except:
logger.error(
f"Plugin {entry_point.name} was enabled, but could not be loaded due to an error.", exc_info=True
f"Plugin {entry_point.name} was enabled, but could not be loaded due to an error.",
exc_info=True,
)
del plugin
continue
if isinstance(plugin, AuthPlugin):
logger.debug(f"Found authentication plugin: {entry_point.name}")
if entry_point.name == config["FLASCHENGEIST"]["auth"]:
@ -65,6 +68,7 @@ def __load_plugins(app):
app.config["FG_PLUGINS"][entry_point.name] = plugin
if "FG_AUTH_BACKEND" not in app.config:
logger.error("No authentication plugin configured or authentication plugin not found")
raise RuntimeError("No authentication plugin configured or authentication plugin not found")
def install_all():

View File

@ -41,17 +41,21 @@ def read_configuration(test_config):
update_dict(config, test_config)
def configure_app(app, test_config=None):
def configure_logger():
global config
read_configuration(test_config)
# Always enable this builtin plugins!
update_dict(config, {"auth": {"enabled": True}, "roles": {"enabled": True}, "users": {"enabled": True}})
# Read default config
logger_config = toml.load(_module_path / "logging.toml")
if "LOGGING" in config:
# Override with user config
update_dict(logger_config, config.get("LOGGING"))
# Check for shortcuts
if "level" in config["LOGGING"]:
logger_config["loggers"]["flaschengeist"] = {"level": config["LOGGING"]["level"]}
logger_config["handlers"]["console"]["level"] = config["LOGGING"]["level"]
logger_config["handlers"]["file"]["level"] = config["LOGGING"]["level"]
if not config["LOGGING"].get("console", True):
logger_config["handlers"]["console"]["level"] = "CRITICAL"
if "file" in config["LOGGING"]:
logger_config["root"]["handlers"].append("file")
logger_config["handlers"]["file"]["filename"] = config["LOGGING"]["file"]
@ -59,6 +63,23 @@ def configure_app(app, test_config=None):
path.parent.mkdir(parents=True, exist_ok=True)
logging.config.dictConfig(logger_config)
def configure_app(app, test_config=None):
global config
read_configuration(test_config)
configure_logger()
# Always enable this builtin plugins!
update_dict(
config,
{
"auth": {"enabled": True},
"roles": {"enabled": True},
"users": {"enabled": True},
},
)
if "secret_key" not in config["FLASCHENGEIST"]:
logger.warning("No secret key was configured, please configure one for production systems!")
app.config["SECRET_KEY"] = "0a657b97ef546da90b2db91862ad4e29"

View File

@ -0,0 +1,65 @@
from datetime import date
from flask import send_file
from pathlib import Path
from PIL import Image as PImage
from werkzeug.exceptions import NotFound, UnprocessableEntity
from werkzeug.datastructures import FileStorage
from werkzeug.utils import secure_filename
from flaschengeist.models.image import Image
from flaschengeist.database import db
from flaschengeist.config import config
def check_mimetype(mime: str):
return mime in config["FILES"].get("allowed_mimetypes", [])
def send_image(id: int = None, image: Image = None):
if image is None:
image = Image.query.get(id)
if not image:
raise NotFound
return send_file(image.path_, mimetype=image.mimetype_, download_name=image.filename_)
def send_thumbnail(id: int = None, image: Image = None):
if image is None:
image = Image.query.get(id)
if not image:
raise NotFound
if not image.thumbnail_:
with PImage.open(image.open()) as im:
im.thumbnail(tuple(config["FILES"].get("thumbnail_size")))
s = image.path_.split(".")
s.insert(len(s) - 1, "thumbnail")
im.save(".".join(s))
image.thumbnail_ = ".".join(s)
db.session.commit()
return send_file(image.thumbnail_, mimetype=image.mimetype_, download_name=image.filename_)
def upload_image(file: FileStorage):
if not check_mimetype(file.mimetype):
raise UnprocessableEntity
path = Path(config["FILES"].get("data_path")) / str(date.today().year)
path.mkdir(mode=int("0700", 8), parents=True, exist_ok=True)
if file.filename.count(".") < 1:
name = secure_filename(file.filename + "." + file.mimetype.split("/")[-1])
else:
name = secure_filename(file.filename)
img = Image(mimetype_=file.mimetype, filename_=name)
db.session.add(img)
db.session.flush()
try:
img.path_ = str((path / f"{img.id}.{img.filename_.split('.')[-1]}").resolve())
file.save(img.path_)
except:
db.session.delete(img)
raise
finally:
db.session.commit()
return img

View File

@ -2,7 +2,7 @@ from sqlalchemy.exc import IntegrityError
from werkzeug.exceptions import BadRequest, NotFound
from flaschengeist.models.user import Role, Permission
from flaschengeist.database import db
from flaschengeist.database import db, case_sensitive
from flaschengeist import logger
from flaschengeist.utils.hook import Hook
@ -36,8 +36,8 @@ def update_role(role, new_name):
except IntegrityError:
logger.debug("IntegrityError: Role might still be in use", exc_info=True)
raise BadRequest("Role still in use")
elif role.name != new_name:
if db.session.query(db.exists().where(Role.name == new_name)).scalar():
else:
if role.name == new_name or db.session.query(db.exists().where(Role.name == case_sensitive(new_name))).scalar():
raise BadRequest("Name already used")
role.name = new_name
db.session.commit()

View File

@ -207,6 +207,11 @@ def save_avatar(user, avatar):
db.session.commit()
def delete_avatar(user):
current_app.config["FG_AUTH_BACKEND"].delete_avatar(user)
db.session.commit()
def persist(user=None):
if user:
db.session.add(user)

View File

@ -1,3 +1,11 @@
from flask_sqlalchemy import SQLAlchemy
db = SQLAlchemy()
def case_sensitive(s):
if db.session.bind.dialect.name == "mysql":
from sqlalchemy import func
return func.binary(s)
return s

View File

@ -7,39 +7,52 @@ auth = "auth_plain"
# Enable if you run flaschengeist behind a proxy, e.g. nginx + gunicorn
#proxy = false
# Set root path, prefixes all routes
#root = /api
root = "/api"
# Set secret key
secret_key = "V3ryS3cr3t"
# Domain used by frontend
#domain = "flaschengeist.local"
[LOGGING]
# Uncomment to enable logging to a file
#file = "/tmp/flaschengeist-debug.log"
# You can override all settings from the logging.toml here
# E.g. override the formatters etc
#
# Logging level, possible: DEBUG INFO WARNING ERROR
level = "WARNING"
level = "DEBUG"
# Uncomment to enable logging to a file
# file = "/tmp/flaschengeist-debug.log"
# Uncomment to disable console logging
# console = False
[DATABASE]
# engine = "mysql" (default)
# user = "user"
# host = "127.0.0.1"
# password = "password"
# database = "database"
[FILES]
# Path for file / image uploads
data_path = "./data"
# Thumbnail size
thumbnail_size = [192, 192]
# Accepted mimetypes
allowed_mimetypes = [
"image/avif",
"image/jpeg",
"image/png",
"image/webp"
]
[auth_plain]
enabled = true
#[auth_ldap]
# enabled = true
# host =
# port =
# bind_dn =
# base_dn =
# secret =
# use_ssl =
# admin_dn =
# admin_dn =
# default_gid =
[auth_ldap]
# Full documentation https://flaschengeist.dev/Flaschengeist/flaschengeist/wiki/plugins_auth_ldap
enabled = false
# host = "localhost"
# port = 389
# base_dn = "dc=example,dc=com"
# root_dn = "cn=Manager,dc=example,dc=com"
# root_secret = "SuperS3cret"
# Uncomment to use secured LDAP (ldaps)
# use_ssl = true
[MESSAGES]
welcome_subject = "Welcome to Flaschengeist {name}"

View File

@ -1,9 +1,12 @@
# This is the default flaschengeist logger configuration
# If you want to customize it, use the flaschengeist.toml
version = 1
disable_existing_loggers = false
[formatters]
[formatters.simple]
format = "%(asctime)s - %(name)s - %(message)s"
format = "%(asctime)s - %(levelname)s - %(message)s"
[formatters.extended]
format = "%(asctime)s — %(filename)s - %(funcName)s - %(lineno)d - %(threadName)s - %(name)s — %(levelname)s — %(message)s"

View File

@ -44,6 +44,7 @@ class ModelSerializeMixin:
class Serial(TypeDecorator):
"""Same as MariaDB Serial used for IDs"""
cache_ok = True
impl = BigInteger().with_variant(mysql.BIGINT(unsigned=True), "mysql").with_variant(sqlite.INTEGER, "sqlite")
@ -60,6 +61,7 @@ class UtcDateTime(TypeDecorator):
aware value, even with SQLite or MySQL.
"""
cache_ok = True
impl = DateTime(timezone=True)
@staticmethod

View File

@ -0,0 +1,31 @@
from __future__ import annotations # TODO: Remove if python requirement is >= 3.10
from sqlalchemy import event
from pathlib import Path
from . import ModelSerializeMixin, Serial
from ..database import db
class Image(db.Model, ModelSerializeMixin):
__tablename__ = "image"
id: int = db.Column("id", Serial, primary_key=True)
filename_: str = db.Column(db.String(127), nullable=False)
mimetype_: str = db.Column(db.String(30), nullable=False)
thumbnail_: str = db.Column(db.String(127))
path_: str = db.Column(db.String(127))
def open(self):
return open(self.path_, "rb")
@event.listens_for(Image, "before_delete")
def clear_file(mapper, connection, target: Image):
if target.path_:
p = Path(target.path_)
if p.exists():
p.unlink()
if target.thumbnail_:
p = Path(target.thumbnail_)
if p.exists():
p.unlink()

View File

@ -56,7 +56,7 @@ class User(db.Model, ModelSerializeMixin):
display_name: str = db.Column(db.String(30))
firstname: str = db.Column(db.String(50), nullable=False)
lastname: str = db.Column(db.String(50), nullable=False)
mail: str = db.Column(db.String(60), nullable=False)
mail: str = db.Column(db.String(60))
birthday: Optional[date] = db.Column(db.Date)
roles: list[str] = []
permissions: Optional[list[str]] = None
@ -67,7 +67,9 @@ class User(db.Model, ModelSerializeMixin):
sessions_ = db.relationship("Session", back_populates="user_")
_attributes = db.relationship(
"_UserAttribute", collection_class=attribute_mapped_collection("name"), cascade="all, delete"
"_UserAttribute",
collection_class=attribute_mapped_collection("name"),
cascade="all, delete",
)
@property
@ -92,6 +94,10 @@ class User(db.Model, ModelSerializeMixin):
return self._attributes[name].value
return default
def delete_attribute(self, name):
if name in self._attributes:
self._attributes.pop(name)
def get_permissions(self):
return ["user"] + [permission.name for role in self.roles_ for permission in role.permissions]

View File

@ -33,6 +33,7 @@ class Plugin:
blueprint = None # You have to override
permissions = [] # You have to override
id = "dev.flaschengeist.plugin" # You have to override
name = "plugin" # You have to override
models = None # You have to override
@ -94,7 +95,7 @@ class Plugin:
db.session.commit()
def notify(self, user, text: str, data=None):
n = Notification(text=text, data=data, plugin=self.name, user_=user)
n = Notification(text=text, data=data, plugin=self.id, user_=user)
db.session.add(n)
db.session.commit()
@ -190,3 +191,14 @@ class AuthPlugin(Plugin):
MethodNotAllowed: If not supported by Backend
"""
raise MethodNotAllowed
def delete_avatar(self, user):
"""Delete the avatar for given user (if supported by auth backend)
Args:
user: Uset to delete the avatar for
Raises:
MethodNotAllowed: If not supported by Backend
"""
raise MethodNotAllowed

View File

@ -1,56 +1,61 @@
"""LDAP Authentication Provider Plugin"""
import io
import os
import ssl
from typing import Optional
from flask_ldapconn import LDAPConn
from flask import current_app as app
from ldap3.utils.hashed import hashed
from ldap3.core.exceptions import LDAPPasswordIsMandatoryError, LDAPBindError
from ldap3 import SUBTREE, MODIFY_REPLACE, MODIFY_ADD, MODIFY_DELETE, HASHED_SALTED_MD5
from ldap3 import SUBTREE, MODIFY_REPLACE, MODIFY_ADD, MODIFY_DELETE
from werkzeug.exceptions import BadRequest, InternalServerError, NotFound
from flaschengeist import logger
from flaschengeist.plugins import AuthPlugin, after_role_updated
from flaschengeist.plugins import AuthPlugin, before_role_updated
from flaschengeist.models.user import User, Role, _Avatar
import flaschengeist.controller.userController as userController
class AuthLDAP(AuthPlugin):
def __init__(self, cfg):
def __init__(self, config):
super().__init__()
config = {"port": 389, "use_ssl": False}
config.update(cfg)
app.config.update(
LDAP_SERVER=config["host"],
LDAP_PORT=config["port"],
LDAP_BINDDN=config["bind_dn"],
LDAP_SERVER=config.get("host", "localhost"),
LDAP_PORT=config.get("port", 389),
LDAP_BINDDN=config.get("bind_dn", None),
LDAP_SECRET=config.get("secret", None),
LDAP_USE_SSL=config.get("use_ssl", False),
# That's not TLS, its dirty StartTLS on unencrypted LDAP
LDAP_USE_TLS=False,
LDAP_USE_SSL=config["use_ssl"],
LDAP_TLS_VERSION=ssl.PROTOCOL_TLSv1_2,
LDAP_REQUIRE_CERT=ssl.CERT_NONE,
LDAP_TLS_VERSION=ssl.PROTOCOL_TLS,
FORCE_ATTRIBUTE_VALUE_AS_LIST=True,
)
if "secret" in config:
app.config["LDAP_SECRET"] = config["secret"]
if "ca_cert" in config:
app.config["LDAP_CA_CERTS_FILE"] = config["ca_cert"]
else:
# Default is CERT_REQUIRED
app.config["LDAP_REQUIRE_CERT"] = ssl.CERT_OPTIONAL
self.ldap = LDAPConn(app)
self.dn = config["base_dn"]
self.default_gid = config["default_gid"]
self.base_dn = config["base_dn"]
self.search_dn = config.get("search_dn", "ou=people,{base_dn}").format(base_dn=self.base_dn)
self.group_dn = config.get("group_dn", "ou=group,{base_dn}").format(base_dn=self.base_dn)
self.password_hash = config.get("password_hash", "SSHA").upper()
self.object_classes = config.get("object_classes", ["inetOrgPerson"])
self.user_attributes: dict = config.get("user_attributes", {})
self.dn_template = config.get("dn_template")
# TODO: might not be set if modify is called
if "admin_dn" in config:
self.admin_dn = config["admin_dn"]
self.admin_secret = config["admin_secret"]
else:
self.admin_dn = None
self.root_dn = config.get("root_dn", None)
self.root_secret = config.get("root_secret", None)
@after_role_updated
@before_role_updated
def _role_updated(role, new_name):
logger.debug(f"LDAP: before_role_updated called with ({role}, {new_name})")
self.__modify_role(role, new_name)
def login(self, user, password):
if not user:
return False
return self.ldap.authenticate(user.userid, password, "uid", self.dn)
return self.ldap.authenticate(user.userid, password, "uid", self.base_dn)
def find_user(self, userid, mail=None):
attr = self.__find(userid, mail)
@ -64,43 +69,53 @@ class AuthLDAP(AuthPlugin):
self.__update(user, attr)
def create_user(self, user, password):
if self.admin_dn is None:
logger.error("admin_dn missing in ldap config!")
if self.root_dn is None:
logger.error("root_dn missing in ldap config!")
raise InternalServerError
try:
ldap_conn = self.ldap.connect(self.admin_dn, self.admin_secret)
self.ldap.connection.search(
"ou=user,{}".format(self.dn),
"(uidNumber=*)",
SUBTREE,
attributes=["uidNumber"],
ldap_conn = self.ldap.connect(self.root_dn, self.root_secret)
attributes = self.user_attributes.copy()
if "uidNumber" in attributes:
self.ldap.connection.search(
self.search_dn,
"(uidNumber=*)",
SUBTREE,
attributes=["uidNumber"],
)
resp = sorted(
self.ldap.response(),
key=lambda i: i["attributes"]["uidNumber"],
reverse=True,
)
attributes["uidNumber"] = resp[0]["attributes"]["uidNumber"] + 1 if resp else attributes["uidNumber"]
dn = self.dn_template.format(
user=user,
base_dn=self.base_dn,
)
uid_number = (
sorted(self.ldap.response(), key=lambda i: i["attributes"]["uidNumber"], reverse=True,)[0][
"attributes"
]["uidNumber"]
+ 1
if "default_gid" in attributes:
default_gid = attributes.pop("default_gid")
attributes["gidNumber"] = default_gid
if "homeDirectory" in attributes:
attributes["homeDirectory"] = attributes.get("homeDirectory").format(
firstname=user.firstname,
lastname=user.lastname,
userid=user.userid,
mail=user.mail,
display_name=user.display_name,
)
attributes.update(
{
"sn": user.lastname,
"givenName": user.firstname,
"uid": user.userid,
"userPassword": self.__hash(password),
"mail": user.mail,
}
)
dn = f"cn={user.firstname} {user.lastname},ou=user,{self.dn}"
object_class = [
"inetOrgPerson",
"posixAccount",
"person",
"organizationalPerson",
]
attributes = {
"sn": user.firstname,
"givenName": user.lastname,
"gidNumber": self.default_gid,
"homeDirectory": f"/home/{user.userid}",
"loginShell": "/bin/bash",
"uid": user.userid,
"userPassword": hashed(HASHED_SALTED_MD5, password),
"uidNumber": uid_number,
}
ldap_conn.add(dn, object_class, attributes)
ldap_conn.add(dn, self.object_classes, attributes)
self._set_roles(user)
self.update_user(user)
except (LDAPPasswordIsMandatoryError, LDAPBindError):
raise BadRequest
@ -110,10 +125,10 @@ class AuthLDAP(AuthPlugin):
if password:
ldap_conn = self.ldap.connect(dn, password)
else:
if self.admin_dn is None:
logger.error("admin_dn missing in ldap config!")
if self.root_dn is None:
logger.error("root_dn missing in ldap config!")
raise InternalServerError
ldap_conn = self.ldap.connect(self.admin_dn, self.admin_secret)
ldap_conn = self.ldap.connect(self.root_dn, self.root_secret)
modifier = {}
for name, ldap_name in [
("firstname", "givenName"),
@ -124,9 +139,7 @@ class AuthLDAP(AuthPlugin):
if hasattr(user, name):
modifier[ldap_name] = [(MODIFY_REPLACE, [getattr(user, name)])]
if new_password:
# TODO: Use secure hash!
salted_password = hashed(HASHED_SALTED_MD5, new_password)
modifier["userPassword"] = [(MODIFY_REPLACE, [salted_password])]
modifier["userPassword"] = [(MODIFY_REPLACE, [self.__hash(new_password)])]
ldap_conn.modify(dn, modifier)
self._set_roles(user)
except (LDAPPasswordIsMandatoryError, LDAPBindError):
@ -134,7 +147,7 @@ class AuthLDAP(AuthPlugin):
def get_avatar(self, user):
self.ldap.connection.search(
"ou=user,{}".format(self.dn),
self.search_dn,
"(uid={})".format(user.userid),
SUBTREE,
attributes=["jpegPhoto"],
@ -144,14 +157,14 @@ class AuthLDAP(AuthPlugin):
if "jpegPhoto" in r and len(r["jpegPhoto"]) > 0:
avatar = _Avatar()
avatar.mimetype = "image/jpeg"
avatar.binary.extend(r["jpegPhoto"][0])
avatar.binary = bytearray(r["jpegPhoto"][0])
return avatar
else:
raise NotFound
def set_avatar(self, user, avatar: _Avatar):
if self.admin_dn is None:
logger.error("admin_dn missing in ldap config!")
if self.root_dn is None:
logger.error("root_dn missing in ldap config!")
raise InternalServerError
if avatar.mimetype != "image/jpeg":
@ -172,16 +185,23 @@ class AuthLDAP(AuthPlugin):
raise BadRequest("Unsupported image format")
dn = user.get_attribute("DN")
ldap_conn = self.ldap.connect(self.admin_dn, self.admin_secret)
ldap_conn = self.ldap.connect(self.root_dn, self.root_secret)
ldap_conn.modify(dn, {"jpegPhoto": [(MODIFY_REPLACE, [avatar.binary])]})
def delete_avatar(self, user):
if self.root_dn is None:
logger.error("root_dn missing in ldap config!")
dn = user.get_attribute("DN")
ldap_conn = self.ldap.connect(self.root_dn, self.root_secret)
ldap_conn.modify(dn, {"jpegPhoto": [(MODIFY_REPLACE, [])]})
def __find(self, userid, mail=None):
"""Find attributes of an user by uid or mail in LDAP"""
con = self.ldap.connection
if not con:
con = self.ldap.connect(self.admin_dn, self.admin_secret)
con = self.ldap.connect(self.root_dn, self.root_secret)
con.search(
f"ou=user,{self.dn}",
self.search_dn,
f"(| (uid={userid})(mail={mail}))" if mail else f"(uid={userid})",
SUBTREE,
attributes=["uid", "givenName", "sn", "mail"],
@ -205,12 +225,12 @@ class AuthLDAP(AuthPlugin):
role: Role,
new_name: Optional[str],
):
if self.admin_dn is None:
logger.error("admin_dn missing in ldap config!")
if self.root_dn is None:
logger.error("root_dn missing in ldap config!")
raise InternalServerError
try:
ldap_conn = self.ldap.connect(self.admin_dn, self.admin_secret)
ldap_conn.search(f"ou=group,{self.dn}", f"(cn={role.name})", SUBTREE, attributes=["cn"])
ldap_conn = self.ldap.connect(self.root_dn, self.root_secret)
ldap_conn.search(self.group_dn, f"(cn={role.name})", SUBTREE, attributes=["cn"])
if len(ldap_conn.response) > 0:
dn = ldap_conn.response[0]["dn"]
if new_name:
@ -218,13 +238,33 @@ class AuthLDAP(AuthPlugin):
else:
ldap_conn.delete(dn)
except (LDAPPasswordIsMandatoryError, LDAPBindError):
except LDAPPasswordIsMandatoryError:
raise BadRequest
except LDAPBindError:
logger.debug(f"Could not bind to LDAP server", exc_info=True)
raise InternalServerError
def __hash(self, password):
if self.password_hash == "ARGON2":
from argon2 import PasswordHasher
return f"{{ARGON2}}{PasswordHasher().hash(password)}"
else:
from hashlib import pbkdf2_hmac, sha1
import base64
salt = os.urandom(16)
if self.password_hash == "PBKDF2":
rounds = 200000
password_hash = base64.b64encode(pbkdf2_hmac("sha512", password.encode("utf-8"), salt, rounds)).decode()
return f"{{PBKDF2-SHA512}}{rounds}${base64.b64encode(salt).decode()}${password_hash}"
else:
return f"{{SSHA}}{base64.b64encode(sha1(password.encode() + salt).digest() + salt).decode()}"
def _get_groups(self, uid):
groups = []
self.ldap.connection.search(
"ou=group,{}".format(self.dn),
self.group_dn,
"(memberUID={})".format(uid),
SUBTREE,
attributes=["cn"],
@ -236,7 +276,7 @@ class AuthLDAP(AuthPlugin):
def _get_all_roles(self):
self.ldap.connection.search(
f"ou=group,{self.dn}",
self.group_dn,
"(cn=*)",
SUBTREE,
attributes=["cn", "gidNumber", "memberUid"],
@ -245,8 +285,7 @@ class AuthLDAP(AuthPlugin):
def _set_roles(self, user: User):
try:
ldap_conn = self.ldap.connect(self.admin_dn, self.admin_secret)
ldap_conn = self.ldap.connect(self.root_dn, self.root_secret)
ldap_roles = self._get_all_roles()
gid_numbers = sorted(ldap_roles, key=lambda i: i["attributes"]["gidNumber"], reverse=True)
@ -255,7 +294,7 @@ class AuthLDAP(AuthPlugin):
for user_role in user.roles:
if user_role not in [role["attributes"]["cn"][0] for role in ldap_roles]:
ldap_conn.add(
f"cn={user_role},ou=group,{self.dn}",
f"cn={user_role},{self.group_dn}",
["posixGroup"],
attributes={"gidNumber": gid_number},
)

View File

@ -19,7 +19,13 @@ class AuthPlain(AuthPlugin):
if User.query.first() is None:
logger.info("Installing admin user")
role = Role(name="Superuser", permissions=Permission.query.all())
admin = User(userid="admin", firstname="Admin", lastname="Admin", mail="", roles_=[role])
admin = User(
userid="admin",
firstname="Admin",
lastname="Admin",
mail="",
roles_=[role],
)
self.modify_user(admin, None, "admin")
db.session.add(admin)
db.session.commit()
@ -58,6 +64,9 @@ class AuthPlain(AuthPlugin):
def set_avatar(self, user, avatar):
user.set_attribute("avatar", avatar)
def delete_avatar(self, user):
user.delete_attribute("avatar")
@staticmethod
def _hash_password(password):
salt = hashlib.sha256(os.urandom(60)).hexdigest().encode("ascii")

View File

@ -113,7 +113,16 @@ def get_transaction(transaction_id) -> Transaction:
return transaction
def get_transactions(user, start=None, end=None, limit=None, offset=None, show_reversal=False, show_cancelled=True):
def get_transactions(
user,
start=None,
end=None,
limit=None,
offset=None,
show_reversal=False,
show_cancelled=True,
descending=False,
):
count = None
query = Transaction.query.filter((Transaction.sender_ == user) | (Transaction.receiver_ == user))
if start:
@ -125,7 +134,10 @@ def get_transactions(user, start=None, end=None, limit=None, offset=None, show_r
query = query.filter(Transaction.original_ == None)
if not show_cancelled:
query = query.filter(Transaction.reversal_id.is_(None))
query = query.order_by(Transaction.time)
if descending:
query = query.order_by(Transaction.time.desc())
else:
query = query.order_by(Transaction.time)
if limit is not None:
count = query.count()
query = query.limit(limit)

View File

@ -99,6 +99,32 @@ def set_limit(userid, current_session: Session):
return HTTP.no_content()
@BalancePlugin.blueprint.route("/users/balance/limit", methods=["GET", "PUT"])
@login_required(permission=permissions.SET_LIMIT)
def limits(current_session: Session):
"""Get, Modify limit of all users
Args:
current_ession: Session sent with Authorization Header
Returns:
JSON encoded array of userid with limit or HTTP-error
"""
users = userController.get_users()
if request.method == "GET":
return jsonify([{"userid": user.userid, "limit": user.get_attribute("balance_limit")} for user in users])
data = request.get_json()
try:
limit = data["limit"]
except (TypeError, KeyError):
raise BadRequest
for user in users:
balance_controller.set_limit(user, limit)
return HTTP.no_content()
@BalancePlugin.blueprint.route("/users/<userid>/balance", methods=["GET"])
@login_required(permission=permissions.SHOW)
def get_balance(userid, current_session: Session):
@ -170,6 +196,7 @@ def get_transactions(userid, current_session: Session):
show_cancelled = request.args.get("showCancelled", True)
limit = request.args.get("limit")
offset = request.args.get("offset")
descending = request.args.get("descending", False)
try:
if limit is not None:
limit = int(limit)
@ -179,11 +206,20 @@ def get_transactions(userid, current_session: Session):
show_reversals = str2bool(show_reversals)
if not isinstance(show_cancelled, bool):
show_cancelled = str2bool(show_cancelled)
if not isinstance(descending, bool):
descending = str2bool(descending)
except ValueError:
raise BadRequest
transactions, count = balance_controller.get_transactions(
user, start, end, limit, offset, show_reversal=show_reversals, show_cancelled=show_cancelled
user,
start,
end,
limit,
offset,
show_reversal=show_reversals,
show_cancelled=show_cancelled,
descending=descending,
)
return {"transactions": transactions, "count": count}

View File

@ -11,6 +11,7 @@ from . import permissions, models
class EventPlugin(Plugin):
name = "events"
id = "dev.flaschengeist.events"
plugin = LocalProxy(lambda: current_app.config["FG_PLUGINS"][EventPlugin.name])
permissions = permissions.permissions
blueprint = Blueprint(name, __name__)

View File

@ -1,7 +1,7 @@
from datetime import datetime, timedelta, timezone
from typing import Optional
from werkzeug.exceptions import BadRequest, NotFound
from werkzeug.exceptions import BadRequest, Conflict, NotFound
from sqlalchemy.exc import IntegrityError
from flaschengeist import logger
@ -41,7 +41,7 @@ def create_event_type(name):
db.session.commit()
return event
except IntegrityError:
raise BadRequest("Name already exists")
raise Conflict("Name already exists")
def rename_event_type(identifier, new_name):
@ -50,7 +50,7 @@ def rename_event_type(identifier, new_name):
try:
db.session.commit()
except IntegrityError:
raise BadRequest("Name already exists")
raise Conflict("Name already exists")
def delete_event_type(name):
@ -116,7 +116,7 @@ def get_event(event_id, with_backup=False) -> Event:
if event is None:
raise NotFound
if not with_backup:
return clear_backup(event)
clear_backup(event)
return event
@ -124,7 +124,14 @@ def get_templates():
return Event.query.filter(Event.is_template == True).all()
def get_events(start: Optional[datetime] = None, end=None, with_backup=False):
def get_events(
start: Optional[datetime] = None,
end: Optional[datetime] = None,
limit: Optional[int] = None,
offset: Optional[int] = None,
descending: Optional[bool] = False,
with_backup=False,
):
"""Query events which start from begin until end
Args:
start (datetime): Earliest start
@ -138,6 +145,14 @@ def get_events(start: Optional[datetime] = None, end=None, with_backup=False):
query = query.filter(start <= Event.start)
if end is not None:
query = query.filter(Event.start < end)
if descending:
query = query.order_by(Event.start.desc())
else:
query = query.order_by(Event.start)
if limit is not None:
query = query.limit(limit)
if offset is not None and offset > 0:
query = query.offset(offset)
events = query.all()
if not with_backup:
for event in events:
@ -153,7 +168,9 @@ def delete_event(event_id):
Raises:
NotFound if not found
"""
event = get_event(event_id)
event = get_event(event_id, True)
for job in event.jobs:
delete_job(job)
db.session.delete(event)
db.session.commit()
@ -178,15 +195,24 @@ def create_event(event_type, start, end=None, jobs=[], is_template=None, name=No
raise BadRequest
def get_job(job_slot_id, event_id):
js = Job.query.filter(Job.id == job_slot_id).filter(Job.event_id_ == event_id).one_or_none()
if js is None:
def get_job(job_id, event_id=None) -> Job:
query = Job.query.filter(Job.id == job_id)
if event_id is not None:
query = query.filter(Job.event_id_ == event_id)
job = query.one_or_none()
if job is None:
raise NotFound
return js
return job
def add_job(event, job_type, required_services, start, end=None, comment=None):
job = Job(required_services=required_services, type=job_type, start=start, end=end, comment=comment)
job = Job(
required_services=required_services,
type=job_type,
start=start,
end=end,
comment=comment,
)
event.jobs.append(job)
update()
return job
@ -196,30 +222,48 @@ def update():
try:
db.session.commit()
except IntegrityError:
logger.debug("Error, looks like a Job with that type already exists on an event", exc_info=True)
logger.debug(
"Error, looks like a Job with that type already exists on an event",
exc_info=True,
)
raise BadRequest()
def delete_job(job: Job):
for service in job.services:
unassign_job(service=service, notify=True)
db.session.delete(job)
db.session.commit()
def assign_to_job(job: Job, user, value):
def assign_job(job: Job, user, value, is_backup=False):
assert value > 0
service = Service.query.get((job.id, user.id_))
if value < 0:
if not service:
raise BadRequest
db.session.delete(service)
if service:
service.value = value
else:
if service:
service.value = value
else:
service = Service(user_=user, value=value, job_=job)
db.session.add(service)
service = Service(user_=user, value=value, is_backup=is_backup, job_=job)
db.session.add(service)
db.session.commit()
def unassign_job(job: Job = None, user=None, service=None, notify=False):
if service is None:
assert job is not None and user is not None
service = Service.query.get((job.id, user.id_))
else:
user = service.user_
if not service:
raise BadRequest
event_id = service.job_.event_id_
db.session.delete(service)
db.session.commit()
if notify:
EventPlugin.plugin.notify(user, "Your assignmet was cancelled", {"event_id": event_id})
@scheduled
def assign_backups():
logger.debug("Notifications")
@ -230,7 +274,9 @@ def assign_backups():
for service in services:
if service.job_.start <= now or service.job_.is_full():
EventPlugin.plugin.notify(
service.user_, "Your backup assignment was cancelled.", {"event_id": service.job_.event_id_}
service.user_,
"Your backup assignment was cancelled.",
{"event_id": service.job_.event_id_},
)
logger.debug(f"Service is outdated or full, removing. {service.serialize()}")
db.session.delete(service)
@ -238,6 +284,8 @@ def assign_backups():
service.is_backup = False
logger.debug(f"Service not full, assigning backup. {service.serialize()}")
EventPlugin.plugin.notify(
service.user_, "Your backup assignment was accepted.", {"event_id": service.job_.event_id_}
service.user_,
"Your backup assignment was accepted.",
{"event_id": service.job_.event_id_},
)
db.session.commit()

View File

@ -39,7 +39,13 @@ class Service(db.Model, ModelSerializeMixin):
is_backup: bool = db.Column(db.Boolean, default=False)
value: float = db.Column(db.Numeric(precision=3, scale=2, asdecimal=False), nullable=False)
_job_id = db.Column("job_id", Serial, db.ForeignKey(f"{_table_prefix_}job.id"), nullable=False, primary_key=True)
_job_id = db.Column(
"job_id",
Serial,
db.ForeignKey(f"{_table_prefix_}job.id"),
nullable=False,
primary_key=True,
)
_user_id = db.Column("user_id", Serial, db.ForeignKey("user.id"), nullable=False, primary_key=True)
user_: User = db.relationship("User")
@ -59,6 +65,7 @@ class Job(db.Model, ModelSerializeMixin):
end: Optional[datetime] = db.Column(UtcDateTime)
type: Union[JobType, int] = db.relationship("JobType")
comment: Optional[str] = db.Column(db.String(256))
locked: bool = db.Column(db.Boolean())
services: list[Service] = db.relationship("Service", back_populates="job_")
required_services: float = db.Column(db.Numeric(precision=4, scale=2, asdecimal=False), nullable=False)
@ -83,11 +90,17 @@ class Event(db.Model, ModelSerializeMixin):
type: Union[EventType, int] = db.relationship("EventType")
is_template: bool = db.Column(db.Boolean, default=False)
jobs: list[Job] = db.relationship(
"Job", back_populates="event_", cascade="all,delete,delete-orphan", order_by="[Job.start, Job.end]"
"Job",
back_populates="event_",
cascade="all,delete,delete-orphan",
order_by="[Job.start, Job.end]",
)
# Protected for internal use
_type_id = db.Column(
"type_id", Serial, db.ForeignKey(f"{_table_prefix_}event_type.id", ondelete="CASCADE"), nullable=False
"type_id",
Serial,
db.ForeignKey(f"{_table_prefix_}event_type.id", ondelete="CASCADE"),
nullable=False,
)

View File

@ -22,4 +22,7 @@ ASSIGN_OTHER = "events_assign_other"
SEE_BACKUP = "events_see_backup"
"""Can see users assigned as backup"""
LOCK_JOBS = "events_lock_jobs"
"""Can lock jobs, no further services can be assigned or unassigned"""
permissions = [value for key, value in globals().items() if not key.startswith("_")]

View File

@ -1,9 +1,12 @@
from datetime import datetime, timedelta, timezone
from http.client import NO_CONTENT
from re import template
from flask import request, jsonify
from sqlalchemy import exc
from werkzeug.exceptions import BadRequest, NotFound, Forbidden
from flaschengeist.models.session import Session
from flaschengeist.plugins.events.models import Job
from flaschengeist.utils.decorators import login_required
from flaschengeist.utils.datetime import from_iso_format
from flaschengeist.controller import userController
@ -12,6 +15,21 @@ from . import event_controller, permissions, EventPlugin
from ...utils.HTTP import no_content
def dict_get(self, key, default=None, type=None):
"""Same as .get from MultiDict"""
try:
rv = self[key]
except KeyError:
return default
if type is not None:
try:
rv = type(rv)
except ValueError:
rv = default
return rv
@EventPlugin.blueprint.route("/events/templates", methods=["GET"])
@login_required()
def get_templates(current_session):
@ -169,7 +187,8 @@ def get_event(event_id, current_session):
JSON encoded event object
"""
event = event_controller.get_event(
event_id, with_backup=current_session.user_.has_permission(permissions.SEE_BACKUP)
event_id,
with_backup=current_session.user_.has_permission(permissions.SEE_BACKUP),
)
return jsonify(event)
@ -177,17 +196,21 @@ def get_event(event_id, current_session):
@EventPlugin.blueprint.route("/events", methods=["GET"])
@login_required()
def get_filtered_events(current_session):
begin = request.args.get("from")
if begin is not None:
begin = from_iso_format(begin)
end = request.args.get("to")
if end is not None:
end = from_iso_format(end)
begin = request.args.get("from", type=from_iso_format)
end = request.args.get("to", type=from_iso_format)
limit = request.args.get("limit", type=int)
offset = request.args.get("offset", type=int)
descending = "descending" in request.args
if begin is None and end is None:
begin = datetime.now()
return jsonify(
event_controller.get_events(
begin, end, with_backup=current_session.user_.has_permission(permissions.SEE_BACKUP)
start=begin,
end=end,
limit=limit,
offset=offset,
descending=descending,
with_backup=current_session.user_.has_permission(permissions.SEE_BACKUP),
)
)
@ -222,7 +245,9 @@ def get_events(current_session, year=datetime.now().year, month=datetime.now().m
end = datetime(year=year, month=month + 1, day=1, tzinfo=timezone.utc)
events = event_controller.get_events(
begin, end, with_backup=current_session.user_.has_permission(permissions.SEE_BACKUP)
begin,
end,
with_backup=current_session.user_.has_permission(permissions.SEE_BACKUP),
)
return jsonify(events)
except ValueError:
@ -232,9 +257,7 @@ def get_events(current_session, year=datetime.now().year, month=datetime.now().m
def _add_job(event, data):
try:
start = from_iso_format(data["start"])
end = None
if "end" in data:
end = from_iso_format(data["end"])
end = dict_get(data, "end", None, type=from_iso_format)
required_services = data["required_services"]
job_type = data["type"]
if isinstance(job_type, dict):
@ -243,7 +266,14 @@ def _add_job(event, data):
raise BadRequest("Missing or invalid POST parameter")
job_type = event_controller.get_job_type(job_type)
event_controller.add_job(event, job_type, required_services, start, end, comment=data.get("comment", None))
event_controller.add_job(
event,
job_type,
required_services,
start,
end,
comment=dict_get(data, "comment", None, str),
)
@EventPlugin.blueprint.route("/events", methods=["POST"])
@ -262,11 +292,9 @@ def create_event(current_session):
JSON encoded Event object or HTTP-error
"""
data = request.get_json()
end = data.get("end", None)
try:
start = from_iso_format(data["start"])
if end is not None:
end = from_iso_format(end)
end = dict_get(data, "end", None, type=from_iso_format)
data_type = data["type"]
if isinstance(data_type, dict):
data_type = data["type"]["id"]
@ -279,10 +307,10 @@ def create_event(current_session):
event = event_controller.create_event(
start=start,
end=end,
name=data.get("name", None),
is_template=data.get("is_template", None),
name=dict_get(data, "name", None),
is_template=dict_get(data, "is_template", None),
event_type=event_type,
description=data.get("description", None),
description=dict_get(data, "description", None),
)
if "jobs" in data:
for job in data["jobs"]:
@ -309,15 +337,14 @@ def modify_event(event_id, current_session):
"""
event = event_controller.get_event(event_id)
data = request.get_json()
if "start" in data:
event.start = from_iso_format(data["start"])
if "end" in data:
event.end = from_iso_format(data["end"])
if "description" in data:
event.description = data["description"]
event.start = dict_get(data, "start", event.start, type=from_iso_format)
event.end = dict_get(data, "end", event.end, type=from_iso_format)
event.name = dict_get(data, "name", event.name, type=str)
event.description = dict_get(data, "description", event.description, type=str)
if "type" in data:
event_type = event_controller.get_event_type(data["type"])
event.type = event_type
event_controller.update()
return jsonify(event)
@ -376,19 +403,19 @@ def delete_job(event_id, job_id, current_session):
Returns:
HTTP-no-content or HTTP error
"""
job_slot = event_controller.get_job(job_id, event_id)
event_controller.delete_job(job_slot)
job = event_controller.get_job(job_id, event_id)
event_controller.delete_job(job)
return no_content()
@EventPlugin.blueprint.route("/events/<int:event_id>/jobs/<int:job_id>", methods=["PUT"])
@login_required()
def update_job(event_id, job_id, current_session: Session):
"""Edit Job or assign user to the Job
"""Edit Job
Route: ``/events/<event_id>/jobs/<job_id>`` | Method: ``PUT``
POST-data: See TS interface for Job or ``{user: {userid: string, value: number}}``
POST-data: See TS interface for Job
Args:
event_id: Identifier of the event
@ -398,34 +425,89 @@ def update_job(event_id, job_id, current_session: Session):
Returns:
JSON encoded Job object or HTTP-error
"""
job = event_controller.get_job(job_id, event_id)
if not current_session.user_.has_permission(permissions.EDIT):
raise Forbidden
data = request.get_json()
if not data:
raise BadRequest
if ("user" not in data or len(data) > 1) and not current_session.user_.has_permission(permissions.EDIT):
raise Forbidden
if "user" in data:
try:
user = userController.get_user(data["user"]["userid"])
value = data["user"]["value"]
if (user == current_session.user_ and not user.has_permission(permissions.ASSIGN)) or (
user != current_session.user_ and not current_session.user_.has_permission(permissions.ASSIGN_OTHER)
):
raise Forbidden
event_controller.assign_to_job(job, user, value)
except (KeyError, ValueError):
raise BadRequest
if "required_services" in data:
job.required_services = data["required_services"]
if "type" in data:
job.type = event_controller.get_job_type(data["type"])
event_controller.update()
job = event_controller.get_job(job_id, event_id)
try:
if "type" in data:
job.type = event_controller.get_job_type(data["type"])
job.start = from_iso_format(data.get("start", job.start))
job.end = from_iso_format(data.get("end", job.end))
job.comment = str(data.get("comment", job.comment))
job.locked = bool(data.get("locked", job.locked))
job.required_services = float(data.get("required_services", job.required_services))
event_controller.update()
except NotFound:
raise BadRequest("Invalid JobType")
except ValueError:
raise BadRequest("Invalid POST data")
return jsonify(job)
@EventPlugin.blueprint.route("/events/jobs/<int:job_id>/assign", methods=["POST"])
@login_required()
def assign_job(job_id, current_session: Session):
"""Assign / unassign user to the Job
Route: ``/events/jobs/<job_id>/assign`` | Method: ``POST``
POST-data: a Service object, see TS interface for Service
Args:
job_id: Identifier of the Job
current_session: Session sent with Authorization Header
Returns:
HTTP-No-Content or HTTP-error
"""
data = request.get_json()
job = event_controller.get_job(job_id)
try:
user = userController.get_user(data["userid"])
value = data["value"]
if (user == current_session.user_ and not user.has_permission(permissions.ASSIGN)) or (
user != current_session.user_ and not current_session.user_.has_permission(permissions.ASSIGN_OTHER)
):
raise Forbidden
if value > 0:
event_controller.assign_job(job, user, value, data.get("is_backup", False))
else:
event_controller.unassign_job(job, user, notify=user != current_session.user_)
except (TypeError, KeyError, ValueError):
raise BadRequest
return no_content()
@EventPlugin.blueprint.route("/events/jobs/<int:job_id>/lock", methods=["POST"])
@login_required(permissions.LOCK_JOBS)
def lock_job(job_id, current_session: Session):
"""Lock / unlock the Job
Route: ``/events/jobs/<job_id>/lock`` | Method: ``POST``
POST-data: ``{locked: boolean}``
Args:
job_id: Identifier of the Job
current_session: Session sent with Authorization Header
Returns:
HTTP-No-Content or HTTP-error
"""
data = request.get_json()
job = event_controller.get_job(job_id)
try:
locked = bool(userController.get_user(data["locked"]))
job.locked = locked
event_controller.update()
except (TypeError, KeyError, ValueError):
raise BadRequest
return no_content()
# TODO: JobTransfer

View File

@ -2,12 +2,13 @@
from flask import Blueprint, jsonify, request, current_app
from werkzeug.local import LocalProxy
from werkzeug.exceptions import BadRequest, Forbidden, Unauthorized
from werkzeug.exceptions import BadRequest, Forbidden, NotFound, Unauthorized
from flaschengeist import logger
from flaschengeist.controller import userController
from flaschengeist.controller.imageController import send_image, send_thumbnail
from flaschengeist.plugins import Plugin
from flaschengeist.utils.decorators import login_required, extract_session
from flaschengeist.utils.decorators import login_required, extract_session, headers
from flaschengeist.utils.HTTP import no_content
from . import models
@ -214,10 +215,87 @@ def get_drinks(identifier=None):
if identifier:
result = pricelist_controller.get_drink(identifier, public=public)
return jsonify(result)
else:
result = pricelist_controller.get_drinks(public=public)
logger.debug(f"GET drink {result}")
return jsonify(result)
limit = request.args.get("limit")
offset = request.args.get("offset")
search_name = request.args.get("search_name")
search_key = request.args.get("search_key")
ingredient = request.args.get("ingredient", type=bool)
receipt = request.args.get("receipt", type=bool)
try:
if limit is not None:
limit = int(limit)
if offset is not None:
offset = int(offset)
if ingredient is not None:
ingredient = bool(ingredient)
if receipt is not None:
receipt = bool(receipt)
except ValueError:
raise BadRequest
drinks, count = pricelist_controller.get_drinks(
public=public,
limit=limit,
offset=offset,
search_name=search_name,
search_key=search_key,
ingredient=ingredient,
receipt=receipt,
)
mop = drinks.copy()
logger.debug(f"GET drink {drinks}, {count}")
# return jsonify({"drinks": drinks, "count": count})
return jsonify({"drinks": drinks, "count": count})
@PriceListPlugin.blueprint.route("/list", methods=["GET"])
def get_pricelist():
"""Get Priclist
Route: ``/pricelist/list`` | Method: ``GET``
Returns:
JSON encoded list of DrinkPrices or HTTP-KeyError
"""
public = True
try:
extract_session()
public = False
except Unauthorized:
public = True
limit = request.args.get("limit")
offset = request.args.get("offset")
search_name = request.args.get("search_name")
search_key = request.args.get("search_key")
ingredient = request.args.get("ingredient", type=bool)
receipt = request.args.get("receipt", type=bool)
descending = request.args.get("descending", type=bool)
sortBy = request.args.get("sortBy")
try:
if limit is not None:
limit = int(limit)
if offset is not None:
offset = int(offset)
if ingredient is not None:
ingredient = bool(ingredient)
if receipt is not None:
receipt = bool(receipt)
if descending is not None:
descending = bool(descending)
except ValueError:
raise BadRequest
pricelist, count = pricelist_controller.get_pricelist(
public=public,
limit=limit,
offset=offset,
search_name=search_name,
search_key=search_key,
descending=descending,
sortBy=sortBy,
)
logger.debug(f"GET pricelist {pricelist}, {count}")
return jsonify({"pricelist": pricelist, "count": count})
@PriceListPlugin.blueprint.route("/drinks/search/<string:name>", methods=["GET"])
@ -632,7 +710,7 @@ def get_priclist_setting(userid, current_session):
return no_content()
@PriceListPlugin.blueprint.route("/drinks/<int:identifier>/picture", methods=["POST", "GET", "DELETE"])
@PriceListPlugin.blueprint.route("/drinks/<int:identifier>/picture", methods=["POST", "DELETE"])
@login_required(permission=permissions.EDIT)
def set_picture(identifier, current_session):
"""Get, Create, Delete Drink Picture
@ -654,25 +732,25 @@ def set_picture(identifier, current_session):
file = request.files.get("file")
if file:
picture = models._Picture()
picture.mimetype = file.content_type
picture.binary = bytearray(file.stream.read())
return jsonify(pricelist_controller.save_drink_picture(identifier, picture))
return jsonify(pricelist_controller.save_drink_picture(identifier, file))
else:
raise BadRequest
@PriceListPlugin.blueprint.route("/picture/<identifier>", methods=["GET"])
@PriceListPlugin.blueprint.route("/drinks/<int:identifier>/picture", methods=["GET"])
#@headers({"Cache-Control": "private, must-revalidate"})
def _get_picture(identifier):
"""Get Picture
Args:
identifier: Identifier of Picture
identifier: Identifier of Drink
Returns:
Picture or HTTP-error
"""
if request.method == "GET":
size = request.args.get("size")
response = pricelist_controller.get_drink_picture(identifier, size)
return response.make_conditional(request)
drink = pricelist_controller.get_drink(identifier)
if drink.has_image:
if request.args.get("thumbnail"):
return send_thumbnail(image=drink.image_)
return send_image(image=drink.image_)
raise NotFound

View File

@ -1,20 +1,21 @@
from __future__ import annotations # TODO: Remove if python requirement is >= 3.10
from flaschengeist.database import db
from flaschengeist.models import ModelSerializeMixin
from flaschengeist.models import ModelSerializeMixin, Serial
from flaschengeist.models.image import Image
from typing import Optional
drink_tag_association = db.Table(
"drink_x_tag",
db.Column("drink_id", db.Integer, db.ForeignKey("drink.id")),
db.Column("tag_id", db.Integer, db.ForeignKey("drink_tag.id")),
db.Column("drink_id", Serial, db.ForeignKey("drink.id")),
db.Column("tag_id", Serial, db.ForeignKey("drink_tag.id")),
)
drink_type_association = db.Table(
"drink_x_type",
db.Column("drink_id", db.Integer, db.ForeignKey("drink.id")),
db.Column("type_id", db.Integer, db.ForeignKey("drink_type.id")),
db.Column("drink_id", Serial, db.ForeignKey("drink.id")),
db.Column("type_id", Serial, db.ForeignKey("drink_type.id")),
)
@ -24,7 +25,7 @@ class Tag(db.Model, ModelSerializeMixin):
"""
__tablename__ = "drink_tag"
id: int = db.Column("id", db.Integer, primary_key=True)
id: int = db.Column("id", Serial, primary_key=True)
name: str = db.Column(db.String(30), nullable=False, unique=True)
color: str = db.Column(db.String(7), nullable=False)
@ -35,7 +36,7 @@ class DrinkType(db.Model, ModelSerializeMixin):
"""
__tablename__ = "drink_type"
id: int = db.Column("id", db.Integer, primary_key=True)
id: int = db.Column("id", Serial, primary_key=True)
name: str = db.Column(db.String(30), nullable=False, unique=True)
@ -45,10 +46,11 @@ class DrinkPrice(db.Model, ModelSerializeMixin):
"""
__tablename__ = "drink_price"
id: int = db.Column("id", db.Integer, primary_key=True)
id: int = db.Column("id", Serial, primary_key=True)
price: float = db.Column(db.Numeric(precision=5, scale=2, asdecimal=False))
volume_id_ = db.Column("volume_id", db.Integer, db.ForeignKey("drink_price_volume.id"))
volume = db.relationship("DrinkPriceVolume", back_populates="prices")
volume_id_ = db.Column("volume_id", Serial, db.ForeignKey("drink_price_volume.id"))
volume: "DrinkPriceVolume" = None
_volume: "DrinkPriceVolume" = db.relationship("DrinkPriceVolume", back_populates="_prices", join_depth=1)
public: bool = db.Column(db.Boolean, default=True)
description: Optional[str] = db.Column(db.String(30))
@ -61,8 +63,8 @@ class ExtraIngredient(db.Model, ModelSerializeMixin):
ExtraIngredient
"""
__tablename__ = "extra_ingredient"
id: int = db.Column("id", db.Integer, primary_key=True)
__tablename__ = "drink_extra_ingredient"
id: int = db.Column("id", Serial, primary_key=True)
name: str = db.Column(db.String(30), unique=True, nullable=False)
price: float = db.Column(db.Numeric(precision=5, scale=2, asdecimal=False))
@ -73,19 +75,20 @@ class DrinkIngredient(db.Model, ModelSerializeMixin):
"""
__tablename__ = "drink_ingredient"
id: int = db.Column("id", db.Integer, primary_key=True)
id: int = db.Column("id", Serial, primary_key=True)
volume: float = db.Column(db.Numeric(precision=5, scale=2, asdecimal=False), nullable=False)
ingredient_id: int = db.Column(db.Integer, db.ForeignKey("drink.id"))
# drink_ingredient: Drink = db.relationship("Drink")
# price: float = 0
ingredient_id: int = db.Column(Serial, db.ForeignKey("drink.id"))
cost_per_volume: float
name: str
_drink_ingredient: Drink = db.relationship("Drink")
@property
def cost_per_volume(self):
return self._drink_ingredient.cost_per_volume if self._drink_ingredient else None
# @property
# def price(self):
# try:
# return self.drink_ingredient.cost_price_pro_volume * self.volume
# except AttributeError:
# pass
@property
def name(self):
return self._drink_ingredient.name if self._drink_ingredient else None
class Ingredient(db.Model, ModelSerializeMixin):
@ -93,14 +96,14 @@ class Ingredient(db.Model, ModelSerializeMixin):
Ingredient Associationtable
"""
__tablename__ = "ingredient_association"
id: int = db.Column("id", db.Integer, primary_key=True)
volume_id = db.Column(db.Integer, db.ForeignKey("drink_price_volume.id"))
drink_ingredient: Optional[DrinkIngredient] = db.relationship(DrinkIngredient)
__tablename__ = "drink_ingredient_association"
id: int = db.Column("id", Serial, primary_key=True)
volume_id = db.Column(Serial, db.ForeignKey("drink_price_volume.id"))
drink_ingredient: Optional[DrinkIngredient] = db.relationship(DrinkIngredient, cascade="all,delete")
extra_ingredient: Optional[ExtraIngredient] = db.relationship(ExtraIngredient)
_drink_ingredient_id = db.Column(db.Integer, db.ForeignKey("drink_ingredient.id"))
_extra_ingredient_id = db.Column(db.Integer, db.ForeignKey("extra_ingredient.id"))
_drink_ingredient_id = db.Column(Serial, db.ForeignKey("drink_ingredient.id"))
_extra_ingredient_id = db.Column(Serial, db.ForeignKey("drink_extra_ingredient.id"))
class MinPrices(ModelSerializeMixin):
@ -118,17 +121,25 @@ class DrinkPriceVolume(db.Model, ModelSerializeMixin):
"""
__tablename__ = "drink_price_volume"
id: int = db.Column("id", db.Integer, primary_key=True)
drink_id = db.Column(db.Integer, db.ForeignKey("drink.id"))
id: int = db.Column("id", Serial, primary_key=True)
drink_id = db.Column(Serial, db.ForeignKey("drink.id"))
drink: "Drink" = None
_drink: "Drink" = db.relationship("Drink", back_populates="_volumes")
volume: float = db.Column(db.Numeric(precision=5, scale=2, asdecimal=False))
min_prices: list[MinPrices] = []
# ingredients: list[Ingredient] = []
prices: list[DrinkPrice] = db.relationship(DrinkPrice, back_populates="volume", cascade="all,delete,delete-orphan")
ingredients: list[Ingredient] = db.relationship("Ingredient", foreign_keys=Ingredient.volume_id)
prices: list[DrinkPrice] = []
_prices: list[DrinkPrice] = db.relationship(
DrinkPrice, back_populates="_volume", cascade="all,delete,delete-orphan"
)
ingredients: list[Ingredient] = db.relationship(
"Ingredient",
foreign_keys=Ingredient.volume_id,
cascade="all,delete,delete-orphan",
)
def __repr__(self):
return f"DrinkPriceVolume({self.id},{self.drink_id},{self.prices})"
return f"DrinkPriceVolume({self.id},{self.drink_id},{self.volume},{self.prices})"
class Drink(db.Model, ModelSerializeMixin):
@ -137,29 +148,32 @@ class Drink(db.Model, ModelSerializeMixin):
"""
__tablename__ = "drink"
id: int = db.Column("id", db.Integer, primary_key=True)
id: int = db.Column("id", Serial, primary_key=True)
article_id: Optional[str] = db.Column(db.String(64))
package_size: Optional[int] = db.Column(db.Integer)
name: str = db.Column(db.String(60), nullable=False)
volume: Optional[float] = db.Column(db.Numeric(precision=5, scale=2, asdecimal=False))
cost_per_volume: Optional[float] = db.Column(db.Numeric(precision=5, scale=3, asdecimal=False))
cost_per_package: Optional[float] = db.Column(db.Numeric(precision=5, scale=3, asdecimal=False))
has_image: bool = False
uuid: str = db.Column(db.String(36))
receipt: Optional[list[str]] = db.Column(db.PickleType(protocol=4))
_type_id = db.Column("type_id", db.Integer, db.ForeignKey("drink_type.id"))
_type_id = db.Column("type_id", Serial, db.ForeignKey("drink_type.id"))
_image_id = db.Column("image_id", Serial, db.ForeignKey("image.id"))
image_: Image = db.relationship("Image", cascade="all, delete", foreign_keys=[_image_id])
tags: Optional[list[Tag]] = db.relationship("Tag", secondary=drink_tag_association, cascade="save-update, merge")
type: Optional[DrinkType] = db.relationship("DrinkType", foreign_keys=[_type_id])
volumes: list[DrinkPriceVolume] = db.relationship(DrinkPriceVolume)
volumes: list[DrinkPriceVolume] = []
_volumes: list[DrinkPriceVolume] = db.relationship(
DrinkPriceVolume, back_populates="_drink", cascade="all,delete,delete-orphan"
)
def __repr__(self):
return f"Drink({self.id},{self.name},{self.volumes})"
class _Picture:
"""Wrapper class for pictures binaries"""
mimetype = ""
binary = bytearray()
@property
def has_image(self):
return self.image_ is not None

View File

@ -1,16 +1,24 @@
from werkzeug.exceptions import BadRequest, NotFound
from sqlalchemy.exc import IntegrityError
from uuid import uuid4
from flaschengeist import logger
from flaschengeist.config import config
from flaschengeist.database import db
from flaschengeist.utils.picture import save_picture, get_picture, delete_picture
from flaschengeist.utils.decorators import extract_session
from .models import Drink, DrinkPrice, Ingredient, Tag, DrinkType, DrinkPriceVolume, DrinkIngredient, ExtraIngredient
from .models import (
Drink,
DrinkPrice,
Ingredient,
Tag,
DrinkType,
DrinkPriceVolume,
DrinkIngredient,
ExtraIngredient,
)
from .permissions import EDIT_VOLUME, EDIT_PRICE, EDIT_INGREDIENTS_DRINK
import flaschengeist.controller.imageController as image_controller
def update():
db.session.commit()
@ -131,13 +139,143 @@ def _create_public_drink(drink):
return None
def get_drinks(name=None, public=False):
def get_drinks(
name=None,
public=False,
limit=None,
offset=None,
search_name=None,
search_key=None,
ingredient=False,
receipt=None,
):
count = None
if name:
drinks = Drink.query.filter(Drink.name.contains(name)).all()
drinks = Drink.query.all()
query = Drink.query.filter(Drink.name.contains(name))
else:
query = Drink.query
if ingredient:
query = query.filter(Drink.cost_per_volume >= 0)
if receipt:
query = query.filter(Drink._volumes.any(DrinkPriceVolume.ingredients != None))
if public:
return [_create_public_drink(drink) for drink in drinks if _create_public_drink(drink)]
return drinks
query = query.filter(Drink._volumes.any(DrinkPriceVolume._prices.any(DrinkPrice.public)))
if search_name:
if search_key == "name":
query = query.filter(Drink.name.contains(search_name))
elif search_key == "article_id":
query = query.filter(Drink.article_id.contains(search_name))
elif search_key == "drink_type":
query = query.filter(Drink.type.has(DrinkType.name.contains(search_name)))
elif search_key == "tags":
query = query.filter(Drink.tags.any(Tag.name.contains(search_name)))
else:
query = query.filter(
(Drink.name.contains(search_name))
| (Drink.article_id.contains(search_name))
| (Drink.type.has(DrinkType.name.contains(search_name)))
| (Drink.tags.any(Tag.name.contains(search_name)))
)
query = query.order_by(Drink.name.asc())
if limit is not None:
count = query.count()
query = query.limit(limit)
if offset is not None:
query = query.offset(offset)
drinks = query.all()
for drink in drinks:
for volume in drink._volumes:
volume.prices = volume._prices
drink.volumes = drink._volumes
return drinks, count
def get_pricelist(
public=False,
limit=None,
offset=None,
search_name=None,
search_key=None,
sortBy=None,
descending=False,
):
count = None
query = DrinkPrice.query
if public:
query = query.filter(DrinkPrice.public)
if search_name:
if search_key == "name":
query = query.filter(DrinkPrice._volume.has(DrinkPriceVolume._drink.has(Drink.name.contains(search_name))))
if search_key == "type":
query = query.filter(
DrinkPrice._volume.has(
DrinkPriceVolume._drink.has(Drink.type.has(DrinkType.name.contains(search_name)))
)
)
if search_key == "tags":
query = query.filter(
DrinkPrice._volume.has(DrinkPriceVolume._drink.has(Drink.tags.any(Tag.name.conaitns(search_name))))
)
if search_key == "volume":
query = query.filter(DrinkPrice._volume.has(DrinkPriceVolume.volume == float(search_name)))
if search_key == "price":
query = query.filter(DrinkPrice.price == float(search_name))
if search_key == "description":
query = query.filter(DrinkPrice.description.contains(search_name))
else:
try:
search_name = float(search_name)
query = query.filter(
(DrinkPrice._volume.has(DrinkPriceVolume.volume == float(search_name)))
| (DrinkPrice.price == float(search_name))
)
except:
query = query.filter(
(DrinkPrice._volume.has(DrinkPriceVolume._drink.has(Drink.name.contains(search_name))))
| (
DrinkPrice._volume.has(
DrinkPriceVolume._drink.has(Drink.type.has(DrinkType.name.contains(search_name)))
)
)
| (
DrinkPrice._volume.has(
DrinkPriceVolume._drink.has(Drink.tags.any(Tag.name.contains(search_name)))
)
)
| (DrinkPrice.description.contains(search_name))
)
if sortBy == "type":
query = (
query.join(DrinkPrice._volume)
.join(DrinkPriceVolume._drink)
.join(Drink.type)
.order_by(DrinkType.name.desc() if descending else DrinkType.name.asc())
)
elif sortBy == "volume":
query = query.join(DrinkPrice._volume).order_by(
DrinkPriceVolume.volume.desc() if descending else DrinkPriceVolume.volume.asc()
)
elif sortBy == "price":
query = query.order_by(DrinkPrice.price.desc() if descending else DrinkPrice.price.asc())
else:
query = (
query.join(DrinkPrice._volume)
.join(DrinkPriceVolume._drink)
.order_by(Drink.name.desc() if descending else Drink.name.asc())
)
if limit is not None:
count = query.count()
query = query.limit(limit)
if offset is not None:
query = query.offset(offset)
prices = query.all()
for price in prices:
price._volume.drink = price._volume._drink
price.volume = price._volume
return prices, count
def get_drink(identifier, public=False):
@ -152,6 +290,9 @@ def get_drink(identifier, public=False):
raise NotFound
if public:
return _create_public_drink(drink)
for volume in drink._volumes:
volume.prices = volume._prices
drink.volumes = drink._volumes
return drink
@ -182,17 +323,21 @@ def update_drink(identifier, data):
else:
drink = get_drink(identifier)
for key, value in data.items():
if hasattr(drink, key):
if hasattr(drink, key) and key != "has_image":
setattr(drink, key, value if value != "" else None)
if drink_type:
drink.type = drink_type
if volumes is not None and session.user_.has_permission(EDIT_VOLUME):
drink.volumes = []
drink.volumes = set_volumes(volumes)
drink._volumes = []
drink._volumes = set_volumes(volumes)
if len(tags) > 0:
drink.tags = tags
db.session.commit()
for volume in drink._volumes:
volume.prices = volume._prices
drink.volumes = drink._volumes
return drink
except (NotFound, KeyError):
raise BadRequest
@ -233,16 +378,9 @@ def set_volume(data):
prices = values.pop("prices")
if "ingredients" in values:
ingredients = values.pop("ingredients")
vol_id = values.pop("id", None)
if vol_id < 0:
volume = DrinkPriceVolume(**values)
db.session.add(volume)
else:
volume = get_volume(vol_id)
if not volume:
raise NotFound
for key, value in values.items():
setattr(volume, key, value if value != "" else None)
values.pop("id", None)
volume = DrinkPriceVolume(**values)
db.session.add(volume)
if prices and session.user_.has_permission(EDIT_PRICE):
set_prices(prices, volume)
@ -257,7 +395,7 @@ def set_prices(prices, volume):
for _price in prices:
price = set_price(_price)
_prices.append(price)
volume.prices = _prices
volume._prices = _prices
def set_ingredients(ingredients, volume):
@ -292,16 +430,9 @@ def set_price(data):
allowed_keys.append("description")
logger.debug(f"allowed_key {allowed_keys}")
values = {key: value for key, value in data.items() if key in allowed_keys}
price_id = values.pop("id", -1)
if price_id < 0:
price = DrinkPrice(**values)
db.session.add(price)
else:
price = get_price(price_id)
if not price:
raise NotFound
for key, value in values.items():
setattr(price, key, value)
values.pop("id", -1)
price = DrinkPrice(**values)
db.session.add(price)
return price
@ -315,16 +446,13 @@ def delete_price(identifier):
def set_drink_ingredient(data):
allowed_keys = DrinkIngredient().serialize().keys()
values = {key: value for key, value in data.items() if key in allowed_keys}
ingredient_id = values.pop("id", -1)
if ingredient_id < 0:
drink_ingredient = DrinkIngredient(**values)
db.session.add(drink_ingredient)
else:
drink_ingredient = DrinkIngredient.query.get(ingredient_id)
if not drink_ingredient:
raise NotFound
for key, value in values.items():
setattr(drink_ingredient, key, value if value != "" else None)
if "cost_per_volume" in values:
values.pop("cost_per_volume")
if "name" in values:
values.pop("name")
values.pop("id", -1)
drink_ingredient = DrinkIngredient(**values)
db.session.add(drink_ingredient)
return drink_ingredient
@ -339,14 +467,9 @@ def set_ingredient(data):
drink_ingredient_value = data.pop("drink_ingredient")
if "extra_ingredient" in data:
extra_ingredient_value = data.pop("extra_ingredient")
ingredient_id = data.pop("id", -1)
if ingredient_id < 0:
ingredient = Ingredient(**data)
db.session.add(ingredient)
else:
ingredient = get_ingredient(ingredient_id)
if not ingredient:
raise NotFound
data.pop("id", -1)
ingredient = Ingredient(**data)
db.session.add(ingredient)
if drink_ingredient_value:
ingredient.drink_ingredient = set_drink_ingredient(drink_ingredient_value)
if extra_ingredient_value:
@ -402,34 +525,16 @@ def delete_extra_ingredient(identifier):
def save_drink_picture(identifier, file):
drink = get_drink(identifier)
old_uuid = None
if drink.uuid:
old_uuid = drink.uuid
drink.uuid = str(uuid4())
drink = delete_drink_picture(identifier)
drink.image_ = image_controller.upload_image(file)
db.session.commit()
path = config["pricelist"]["path"]
save_picture(file, f"{path}/{drink.uuid}")
if old_uuid:
delete_picture(f"{path}/{old_uuid}")
return drink
def get_drink_picture(identifier, size=None):
path = config["pricelist"]["path"]
drink = None
if isinstance(identifier, int):
drink = get_drink(identifier)
if isinstance(identifier, str):
drink = Drink.query.filter(Drink.uuid == identifier).one_or_none()
if drink:
return get_picture(f"{path}/{drink.uuid}", size)
raise FileNotFoundError
def delete_drink_picture(identifier):
drink = get_drink(identifier)
if drink.uuid:
delete_picture(f"{config['pricelist']['path']}/{drink.uuid}")
drink.uuid = None
db.session.commit()
if drink.image_:
db.session.delete(drink.image_)
drink.image_ = None
db.session.commit()
return drink

View File

@ -75,7 +75,7 @@ def list_users(current_session):
@UsersPlugin.blueprint.route("/users/<userid>", methods=["GET"])
@login_required()
@headers({"Cache-Control": "private, must-revalidate, max-age=3600"})
@headers({"Cache-Control": "private, must-revalidate, max-age=300"})
def get_user(userid, current_session):
"""Retrieve user by userid
@ -144,6 +144,16 @@ def set_avatar(userid, current_session):
raise BadRequest
@UsersPlugin.blueprint.route("/users/<userid>/avatar", methods=["DELETE"])
@login_required()
def delete_avatar(userid, current_session):
user = userController.get_user(userid)
if userid != current_session.user_.userid and not current_session.user_.has_permission(permissions.EDIT):
raise Forbidden
userController.delete_avatar(user)
return "", NO_CONTENT
@UsersPlugin.blueprint.route("/users/<userid>", methods=["DELETE"])
@login_required(permission=permissions.DELETE)
def delete_user(userid, current_session):

Binary file not shown.

Before

Width:  |  Height:  |  Size: 46 KiB

View File

@ -1,55 +0,0 @@
import os, sys, shutil, io
from PIL import Image
from flask import Response
from werkzeug.exceptions import BadRequest
from ..utils.HTTP import no_content
thumbnail_sizes = ((32, 32), (64, 64), (128, 128), (256, 256), (512, 512))
def save_picture(picture, path):
if not picture.mimetype.startswith("image/"):
raise BadRequest
os.makedirs(path, exist_ok=True)
file_type = picture.mimetype.replace("image/", "")
filename = f"{path}/drink"
with open(f"{filename}.{file_type}", "wb") as file:
file.write(picture.binary)
image = Image.open(f"{filename}.{file_type}")
if file_type != "png":
image.save(f"{filename}.png", "PNG")
os.remove(f"{filename}.{file_type}")
for thumbnail_size in thumbnail_sizes:
work_image = image.copy()
work_image.thumbnail(thumbnail_size)
work_image.save(f"{filename}-{thumbnail_size[0]}.png", "PNG")
def get_picture(path, size=None):
try:
if size:
if os.path.isfile(f"{path}/drink-{size}.png"):
with open(f"{path}/drink-{size}.png", "rb") as file:
image = file.read()
else:
_image = Image.open(f"{path}/drink.png")
_image.thumbnail((int(size), int(size)))
with io.BytesIO() as file:
_image.save(file, format="PNG")
image = file.getvalue()
else:
with open(f"{path}/drink.png", "rb") as file:
image = file.read()
response = Response(image, mimetype="image/png")
response.add_etag()
return response
except:
raise FileNotFoundError
def delete_picture(path):
try:
shutil.rmtree(path)
except FileNotFoundError:
pass

View File

@ -46,7 +46,7 @@ If not you need to create user and database manually do (or similar on Windows):
(
echo "CREATE DATABASE flaschengeist;"
echo "CREATE USER 'flaschengeist'@'localhost' IDENTIFIED BY 'flaschengeist';"
echo "GRANT ALL PRIVILEGES ON 'flaschengeist'.* TO 'flaschengeist'@'localhost';"
echo "GRANT ALL PRIVILEGES ON flaschengeist.* TO 'flaschengeist'@'localhost';"
echo "FLUSH PRIVILEGES;"
) | sudo mysql

View File

@ -167,6 +167,28 @@ def export(arguments):
gen.write()
def ldap_sync(arguments):
from flaschengeist.app import create_app
from flaschengeist.controller import userController
from flaschengeist.plugins.auth_ldap import AuthLDAP
from ldap3 import SUBTREE
app = create_app()
with app.app_context():
auth_ldap: AuthLDAP = app.config.get("FG_PLUGINS").get("auth_ldap")
if auth_ldap:
conn = auth_ldap.ldap.connection
if not conn:
conn = auth_ldap.ldap.connect(auth_ldap.root_dn, auth_ldap.root_secret)
conn.search(auth_ldap.search_dn, "(uid=*)", SUBTREE, attributes=["uid", "givenName", "sn", "mail"])
ldap_users_response = conn.response
for ldap_user in ldap_users_response:
uid = ldap_user["attributes"]["uid"][0]
userController.find_user(uid)
exit()
raise Exception("auth_ldap not found")
if __name__ == "__main__":
# create the top-level parser
parser = argparse.ArgumentParser()
@ -192,5 +214,8 @@ if __name__ == "__main__":
)
parser_export.add_argument("--plugins", help="Also export plugins (none means all)", nargs="*")
parser_ldap_sync = subparsers.add_parser("ldap_sync", help="synch ldap-users with database")
parser_ldap_sync.set_defaults(func=ldap_sync)
args = parser.parse_args()
args.func(args)

View File

@ -20,7 +20,16 @@ class DocsCommand(Command):
def run(self):
"""Run command."""
command = ["python", "-m", "pdoc", "--skip-errors", "--html", "--output-dir", self.output, "flaschengeist"]
command = [
"python",
"-m",
"pdoc",
"--skip-errors",
"--html",
"--output-dir",
self.output,
"flaschengeist",
]
self.announce(
"Running command: %s" % str(command),
)
@ -33,15 +42,20 @@ setup(
scripts=["run_flaschengeist"],
python_requires=">=3.7",
install_requires=[
"Flask >= 1.1",
"Flask >= 2.0",
"toml",
"sqlalchemy>=1.4",
"sqlalchemy>=1.4.26",
"flask_sqlalchemy>=2.5",
"flask_cors",
"Pillow>=8.4.0",
"werkzeug",
mysql_driver,
],
extras_require={"ldap": ["flask_ldapconn", "ldap3"], "pricelist": ["pillow"], "test": ["pytest", "coverage"]},
extras_require={
"ldap": ["flask_ldapconn", "ldap3"],
"argon": ["argon2-cffi"],
"test": ["pytest", "coverage"],
},
entry_points={
"flaschengeist.plugin": [
# Authentication providers
@ -54,7 +68,7 @@ setup(
"balance = flaschengeist.plugins.balance:BalancePlugin",
"events = flaschengeist.plugins.events:EventPlugin",
"mail = flaschengeist.plugins.message_mail:MailMessagePlugin",
"pricelist = flaschengeist.plugins.pricelist:PriceListPlugin [pricelist]",
"pricelist = flaschengeist.plugins.pricelist:PriceListPlugin",
],
},
cmdclass={

View File

@ -22,7 +22,13 @@ with open(os.path.join(os.path.dirname(__file__), "data.sql"), "r") as f:
@pytest.fixture
def app():
db_fd, db_path = tempfile.mkstemp()
app = create_app({"TESTING": True, "DATABASE": {"file_path": f"/{db_path}"}, "LOGGING": {"level": "DEBUG"}})
app = create_app(
{
"TESTING": True,
"DATABASE": {"file_path": f"/{db_path}"},
"LOGGING": {"level": "DEBUG"},
}
)
with app.app_context():
install_all()
engine = database.db.engine