[balance] add sorting of transaction

[balance] add get and modify limits for all users
[events] Allow locking events
2021-11-22 15:23:21 +01:00 · 2021-11-22 15:20:24 +01:00 · 2021-11-21 17:58:28 +01:00 · 2021-11-21 17:52:24 +01:00 · 2021-11-21 15:30:49 +01:00 · 2021-11-21 15:11:37 +01:00
32 changed files with 1003 additions and 391 deletions
--- a/.gitignore
+++ b/.gitignore
@ -122,6 +122,8 @@ dmypy.json
 .vscode/
 *.log
 data/
 # config
 flaschengeist/flaschengeist.toml
--- a/flaschengeist/app.py
+++ b/flaschengeist/app.py
@ -52,8 +52,11 @@ def __load_plugins(app):
                    app.register_blueprint(plugin.blueprint)
            except:
                logger.error(
-                    f"Plugin {entry_point.name} was enabled, but could not be loaded due to an error.", exc_info=True
+                    f"Plugin {entry_point.name} was enabled, but could not be loaded due to an error.",
                    exc_info=True,
                )
                del plugin
                continue
        if isinstance(plugin, AuthPlugin):
            logger.debug(f"Found authentication plugin: {entry_point.name}")
            if entry_point.name == config["FLASCHENGEIST"]["auth"]:
@ -65,6 +68,7 @@ def __load_plugins(app):
            app.config["FG_PLUGINS"][entry_point.name] = plugin
    if "FG_AUTH_BACKEND" not in app.config:
        logger.error("No authentication plugin configured or authentication plugin not found")
        raise RuntimeError("No authentication plugin configured or authentication plugin not found")
 def install_all():
--- a/flaschengeist/config.py
+++ b/flaschengeist/config.py
@ -41,17 +41,21 @@ def read_configuration(test_config):
        update_dict(config, test_config)
-def configure_app(app, test_config=None):
+def configure_logger():
    global config
-    read_configuration(test_config)
+    # Read default config
    # Always enable this builtin plugins!
    update_dict(config, {"auth": {"enabled": True}, "roles": {"enabled": True}, "users": {"enabled": True}})
    logger_config = toml.load(_module_path / "logging.toml")
    if "LOGGING" in config:
        # Override with user config
        update_dict(logger_config, config.get("LOGGING"))
        # Check for shortcuts
        if "level" in config["LOGGING"]:
            logger_config["loggers"]["flaschengeist"] = {"level": config["LOGGING"]["level"]}
            logger_config["handlers"]["console"]["level"] = config["LOGGING"]["level"]
            logger_config["handlers"]["file"]["level"] = config["LOGGING"]["level"]
        if not config["LOGGING"].get("console", True):
            logger_config["handlers"]["console"]["level"] = "CRITICAL"
        if "file" in config["LOGGING"]:
            logger_config["root"]["handlers"].append("file")
            logger_config["handlers"]["file"]["filename"] = config["LOGGING"]["file"]
@ -59,6 +63,23 @@ def configure_app(app, test_config=None):
            path.parent.mkdir(parents=True, exist_ok=True)
    logging.config.dictConfig(logger_config)
 def configure_app(app, test_config=None):
    global config
    read_configuration(test_config)
    configure_logger()
    # Always enable this builtin plugins!
    update_dict(
        config,
        {
            "auth": {"enabled": True},
            "roles": {"enabled": True},
            "users": {"enabled": True},
        },
    )
    if "secret_key" not in config["FLASCHENGEIST"]:
        logger.warning("No secret key was configured, please configure one for production systems!")
        app.config["SECRET_KEY"] = "0a657b97ef546da90b2db91862ad4e29"
--- a/flaschengeist/controller/imageController.py
+++ b/flaschengeist/controller/imageController.py
@ -0,0 +1,65 @@
 from datetime import date
 from flask import send_file
 from pathlib import Path
 from PIL import Image as PImage
 from werkzeug.exceptions import NotFound, UnprocessableEntity
 from werkzeug.datastructures import FileStorage
 from werkzeug.utils import secure_filename
 from flaschengeist.models.image import Image
 from flaschengeist.database import db
 from flaschengeist.config import config
 def check_mimetype(mime: str):
    return mime in config["FILES"].get("allowed_mimetypes", [])
 def send_image(id: int = None, image: Image = None):
    if image is None:
        image = Image.query.get(id)
    if not image:
        raise NotFound
    return send_file(image.path_, mimetype=image.mimetype_, download_name=image.filename_)
 def send_thumbnail(id: int = None, image: Image = None):
    if image is None:
        image = Image.query.get(id)
    if not image:
        raise NotFound
    if not image.thumbnail_:
        with PImage.open(image.open()) as im:
            im.thumbnail(tuple(config["FILES"].get("thumbnail_size")))
            s = image.path_.split(".")
            s.insert(len(s) - 1, "thumbnail")
            im.save(".".join(s))
            image.thumbnail_ = ".".join(s)
            db.session.commit()
    return send_file(image.thumbnail_, mimetype=image.mimetype_, download_name=image.filename_)
 def upload_image(file: FileStorage):
    if not check_mimetype(file.mimetype):
        raise UnprocessableEntity
    path = Path(config["FILES"].get("data_path")) / str(date.today().year)
    path.mkdir(mode=int("0700", 8), parents=True, exist_ok=True)
    if file.filename.count(".") < 1:
        name = secure_filename(file.filename + "." + file.mimetype.split("/")[-1])
    else:
        name = secure_filename(file.filename)
    img = Image(mimetype_=file.mimetype, filename_=name)
    db.session.add(img)
    db.session.flush()
    try:
        img.path_ = str((path / f"{img.id}.{img.filename_.split('.')[-1]}").resolve())
        file.save(img.path_)
    except:
        db.session.delete(img)
        raise
    finally:
        db.session.commit()
    return img
--- a/flaschengeist/controller/roleController.py
+++ b/flaschengeist/controller/roleController.py
@ -2,7 +2,7 @@ from sqlalchemy.exc import IntegrityError
 from werkzeug.exceptions import BadRequest, NotFound
 from flaschengeist.models.user import Role, Permission
-from flaschengeist.database import db
+from flaschengeist.database import db, case_sensitive
 from flaschengeist import logger
 from flaschengeist.utils.hook import Hook
@ -36,8 +36,8 @@ def update_role(role, new_name):
        except IntegrityError:
            logger.debug("IntegrityError: Role might still be in use", exc_info=True)
            raise BadRequest("Role still in use")
-    elif role.name != new_name:
+    else:
-        if db.session.query(db.exists().where(Role.name == new_name)).scalar():
+        if role.name == new_name or db.session.query(db.exists().where(Role.name == case_sensitive(new_name))).scalar():
            raise BadRequest("Name already used")
        role.name = new_name
        db.session.commit()
--- a/flaschengeist/controller/userController.py
+++ b/flaschengeist/controller/userController.py
@ -207,6 +207,11 @@ def save_avatar(user, avatar):
    db.session.commit()
 def delete_avatar(user):
    current_app.config["FG_AUTH_BACKEND"].delete_avatar(user)
    db.session.commit()
 def persist(user=None):
    if user:
        db.session.add(user)
--- a/flaschengeist/database.py
+++ b/flaschengeist/database.py
@ -1,3 +1,11 @@
 from flask_sqlalchemy import SQLAlchemy
 db = SQLAlchemy()
 def case_sensitive(s):
    if db.session.bind.dialect.name == "mysql":
        from sqlalchemy import func
        return func.binary(s)
    return s
--- a/flaschengeist/flaschengeist.toml
+++ b/flaschengeist/flaschengeist.toml
@ -7,39 +7,52 @@ auth = "auth_plain"
 # Enable if you run flaschengeist behind a proxy, e.g. nginx + gunicorn
 #proxy = false
 # Set root path, prefixes all routes
-#root = /api
+root = "/api"
 # Set secret key
 secret_key = "V3ryS3cr3t"
 # Domain used by frontend
 #domain = "flaschengeist.local"
 [LOGGING]
-# Uncomment to enable logging to a file
+# You can override all settings from the logging.toml here
-#file = "/tmp/flaschengeist-debug.log"
+# E.g. override the formatters etc
 #
 # Logging level, possible: DEBUG INFO WARNING ERROR
-level = "WARNING"
+level = "DEBUG"
 # Uncomment to enable logging to a file
 # file = "/tmp/flaschengeist-debug.log"
 # Uncomment to disable console logging
 # console = False
 [DATABASE]
 # engine = "mysql" (default)
-# user = "user"
+
-# host = "127.0.0.1"
+[FILES]
-# password = "password"
+# Path for file / image uploads
-# database = "database"
+data_path = "./data"
 # Thumbnail size
 thumbnail_size = [192, 192]
 # Accepted mimetypes
 allowed_mimetypes = [
    "image/avif",
    "image/jpeg",
    "image/png",
    "image/webp"
 ]
 [auth_plain]
 enabled = true
-#[auth_ldap]
+[auth_ldap]
-# enabled = true
+# Full documentation https://flaschengeist.dev/Flaschengeist/flaschengeist/wiki/plugins_auth_ldap
-# host =
+enabled = false
-# port =
+# host = "localhost"
-# bind_dn =
+# port = 389
-# base_dn =
+# base_dn = "dc=example,dc=com"
-# secret =
+# root_dn = "cn=Manager,dc=example,dc=com"
-# use_ssl =
+# root_secret = "SuperS3cret"
-# admin_dn =
+# Uncomment to use secured LDAP (ldaps)
-# admin_dn =
+# use_ssl = true
 # default_gid =
 [MESSAGES]
 welcome_subject = "Welcome to Flaschengeist {name}"
--- a/flaschengeist/logging.toml
+++ b/flaschengeist/logging.toml
@ -1,9 +1,12 @@
 # This is the default flaschengeist logger configuration
 # If you want to customize it, use the flaschengeist.toml
 version = 1
 disable_existing_loggers = false
 [formatters]
  [formatters.simple]
-    format = "%(asctime)s - %(name)s - %(message)s"
+    format = "%(asctime)s - %(levelname)s - %(message)s"
  [formatters.extended]
    format = "%(asctime)s — %(filename)s - %(funcName)s - %(lineno)d - %(threadName)s - %(name)s — %(levelname)s — %(message)s"
--- a/flaschengeist/models/init.py
+++ b/flaschengeist/models/init.py
@ -44,6 +44,7 @@ class ModelSerializeMixin:
 class Serial(TypeDecorator):
    """Same as MariaDB Serial used for IDs"""
    cache_ok = True
    impl = BigInteger().with_variant(mysql.BIGINT(unsigned=True), "mysql").with_variant(sqlite.INTEGER, "sqlite")
@ -60,6 +61,7 @@ class UtcDateTime(TypeDecorator):
      aware value, even with SQLite or MySQL.
    """
    cache_ok = True
    impl = DateTime(timezone=True)
    @staticmethod
--- a/flaschengeist/models/image.py
+++ b/flaschengeist/models/image.py
@ -0,0 +1,31 @@
 from __future__ import annotations  # TODO: Remove if python requirement is >= 3.10
 from sqlalchemy import event
 from pathlib import Path
 from . import ModelSerializeMixin, Serial
 from ..database import db
 class Image(db.Model, ModelSerializeMixin):
    __tablename__ = "image"
    id: int = db.Column("id", Serial, primary_key=True)
    filename_: str = db.Column(db.String(127), nullable=False)
    mimetype_: str = db.Column(db.String(30), nullable=False)
    thumbnail_: str = db.Column(db.String(127))
    path_: str = db.Column(db.String(127))
    def open(self):
        return open(self.path_, "rb")
@event.listens_for(Image, "before_delete")
 def clear_file(mapper, connection, target: Image):
    if target.path_:
        p = Path(target.path_)
        if p.exists():
            p.unlink()
    if target.thumbnail_:
        p = Path(target.thumbnail_)
        if p.exists():
            p.unlink()
--- a/flaschengeist/models/user.py
+++ b/flaschengeist/models/user.py
@ -56,7 +56,7 @@ class User(db.Model, ModelSerializeMixin):
    display_name: str = db.Column(db.String(30))
    firstname: str = db.Column(db.String(50), nullable=False)
    lastname: str = db.Column(db.String(50), nullable=False)
-    mail: str = db.Column(db.String(60), nullable=False)
+    mail: str = db.Column(db.String(60))
    birthday: Optional[date] = db.Column(db.Date)
    roles: list[str] = []
    permissions: Optional[list[str]] = None
@ -67,7 +67,9 @@ class User(db.Model, ModelSerializeMixin):
    sessions_ = db.relationship("Session", back_populates="user_")
    _attributes = db.relationship(
-        "_UserAttribute", collection_class=attribute_mapped_collection("name"), cascade="all, delete"
+        "_UserAttribute",
        collection_class=attribute_mapped_collection("name"),
        cascade="all, delete",
    )
    @property
@ -92,6 +94,10 @@ class User(db.Model, ModelSerializeMixin):
            return self._attributes[name].value
        return default
    def delete_attribute(self, name):
        if name in self._attributes:
            self._attributes.pop(name)
    def get_permissions(self):
        return ["user"] + [permission.name for role in self.roles_ for permission in role.permissions]
--- a/flaschengeist/plugins/init.py
+++ b/flaschengeist/plugins/init.py
@ -33,6 +33,7 @@ class Plugin:
    blueprint = None  # You have to override
    permissions = []  # You have to override
    id = "dev.flaschengeist.plugin"  # You have to override
    name = "plugin"  # You have to override
    models = None  # You have to override
@ -94,7 +95,7 @@ class Plugin:
        db.session.commit()
    def notify(self, user, text: str, data=None):
-        n = Notification(text=text, data=data, plugin=self.name, user_=user)
+        n = Notification(text=text, data=data, plugin=self.id, user_=user)
        db.session.add(n)
        db.session.commit()
@ -190,3 +191,14 @@ class AuthPlugin(Plugin):
            MethodNotAllowed: If not supported by Backend
        """
        raise MethodNotAllowed
    def delete_avatar(self, user):
        """Delete the avatar for given user (if supported by auth backend)
        Args:
            user: Uset to delete the avatar for
        Raises:
            MethodNotAllowed: If not supported by Backend
        """
        raise MethodNotAllowed
--- a/flaschengeist/plugins/auth_ldap/init.py
+++ b/flaschengeist/plugins/auth_ldap/init.py
@ -1,56 +1,61 @@
 """LDAP Authentication Provider Plugin"""
 import io
 import os
 import ssl
 from typing import Optional
 from flask_ldapconn import LDAPConn
 from flask import current_app as app
 from ldap3.utils.hashed import hashed
 from ldap3.core.exceptions import LDAPPasswordIsMandatoryError, LDAPBindError
-from ldap3 import SUBTREE, MODIFY_REPLACE, MODIFY_ADD, MODIFY_DELETE, HASHED_SALTED_MD5
+from ldap3 import SUBTREE, MODIFY_REPLACE, MODIFY_ADD, MODIFY_DELETE
 from werkzeug.exceptions import BadRequest, InternalServerError, NotFound
 from flaschengeist import logger
-from flaschengeist.plugins import AuthPlugin, after_role_updated
+from flaschengeist.plugins import AuthPlugin, before_role_updated
 from flaschengeist.models.user import User, Role, _Avatar
 import flaschengeist.controller.userController as userController
 class AuthLDAP(AuthPlugin):
-    def __init__(self, cfg):
+    def __init__(self, config):
        super().__init__()
        config = {"port": 389, "use_ssl": False}
        config.update(cfg)
        app.config.update(
-            LDAP_SERVER=config["host"],
+            LDAP_SERVER=config.get("host", "localhost"),
-            LDAP_PORT=config["port"],
+            LDAP_PORT=config.get("port", 389),
-            LDAP_BINDDN=config["bind_dn"],
+            LDAP_BINDDN=config.get("bind_dn", None),
            LDAP_SECRET=config.get("secret", None),
            LDAP_USE_SSL=config.get("use_ssl", False),
            # That's not TLS, its dirty StartTLS on unencrypted LDAP
            LDAP_USE_TLS=False,
-            LDAP_USE_SSL=config["use_ssl"],
+            LDAP_TLS_VERSION=ssl.PROTOCOL_TLS,
            LDAP_TLS_VERSION=ssl.PROTOCOL_TLSv1_2,
            LDAP_REQUIRE_CERT=ssl.CERT_NONE,
            FORCE_ATTRIBUTE_VALUE_AS_LIST=True,
        )
-        if "secret" in config:
+        if "ca_cert" in config:
-            app.config["LDAP_SECRET"] = config["secret"]
+            app.config["LDAP_CA_CERTS_FILE"] = config["ca_cert"]
        else:
            # Default is CERT_REQUIRED
            app.config["LDAP_REQUIRE_CERT"] = ssl.CERT_OPTIONAL
        self.ldap = LDAPConn(app)
-        self.dn = config["base_dn"]
+        self.base_dn = config["base_dn"]
-        self.default_gid = config["default_gid"]
+        self.search_dn = config.get("search_dn", "ou=people,{base_dn}").format(base_dn=self.base_dn)
        self.group_dn = config.get("group_dn", "ou=group,{base_dn}").format(base_dn=self.base_dn)
        self.password_hash = config.get("password_hash", "SSHA").upper()
        self.object_classes = config.get("object_classes", ["inetOrgPerson"])
        self.user_attributes: dict = config.get("user_attributes", {})
        self.dn_template = config.get("dn_template")
        # TODO: might not be set if modify is called
-        if "admin_dn" in config:
+        self.root_dn = config.get("root_dn", None)
-            self.admin_dn = config["admin_dn"]
+        self.root_secret = config.get("root_secret", None)
            self.admin_secret = config["admin_secret"]
        else:
            self.admin_dn = None
-        @after_role_updated
+        @before_role_updated
        def _role_updated(role, new_name):
            logger.debug(f"LDAP: before_role_updated called with ({role}, {new_name})")
            self.__modify_role(role, new_name)
    def login(self, user, password):
        if not user:
            return False
-        return self.ldap.authenticate(user.userid, password, "uid", self.dn)
+        return self.ldap.authenticate(user.userid, password, "uid", self.base_dn)
    def find_user(self, userid, mail=None):
        attr = self.__find(userid, mail)
@ -64,43 +69,53 @@ class AuthLDAP(AuthPlugin):
        self.__update(user, attr)
    def create_user(self, user, password):
-        if self.admin_dn is None:
+        if self.root_dn is None:
-            logger.error("admin_dn missing in ldap config!")
+            logger.error("root_dn missing in ldap config!")
            raise InternalServerError
        try:
-            ldap_conn = self.ldap.connect(self.admin_dn, self.admin_secret)
+            ldap_conn = self.ldap.connect(self.root_dn, self.root_secret)
            attributes = self.user_attributes.copy()
            if "uidNumber" in attributes:
                self.ldap.connection.search(
-                "ou=user,{}".format(self.dn),
+                    self.search_dn,
                    "(uidNumber=*)",
                    SUBTREE,
                    attributes=["uidNumber"],
                )
-            uid_number = (
+                resp = sorted(
-                sorted(self.ldap.response(), key=lambda i: i["attributes"]["uidNumber"], reverse=True,)[0][
+                    self.ldap.response(),
-                    "attributes"
+                    key=lambda i: i["attributes"]["uidNumber"],
-                ]["uidNumber"]
+                    reverse=True,
                + 1
                )
-            dn = f"cn={user.firstname} {user.lastname},ou=user,{self.dn}"
+                attributes["uidNumber"] = resp[0]["attributes"]["uidNumber"] + 1 if resp else attributes["uidNumber"]
-            object_class = [
+            dn = self.dn_template.format(
-                "inetOrgPerson",
+                user=user,
-                "posixAccount",
+                base_dn=self.base_dn,
-                "person",
+            )
-                "organizationalPerson",
+            if "default_gid" in attributes:
-            ]
+                default_gid = attributes.pop("default_gid")
-            attributes = {
+                attributes["gidNumber"] = default_gid
-                "sn": user.firstname,
+            if "homeDirectory" in attributes:
-                "givenName": user.lastname,
+                attributes["homeDirectory"] = attributes.get("homeDirectory").format(
-                "gidNumber": self.default_gid,
+                    firstname=user.firstname,
-                "homeDirectory": f"/home/{user.userid}",
+                    lastname=user.lastname,
-                "loginShell": "/bin/bash",
+                    userid=user.userid,
                    mail=user.mail,
                    display_name=user.display_name,
                )
            attributes.update(
                {
                    "sn": user.lastname,
                    "givenName": user.firstname,
                    "uid": user.userid,
-                "userPassword": hashed(HASHED_SALTED_MD5, password),
+                    "userPassword": self.__hash(password),
-                "uidNumber": uid_number,
+                    "mail": user.mail,
                }
-            ldap_conn.add(dn, object_class, attributes)
+            )
            ldap_conn.add(dn, self.object_classes, attributes)
            self._set_roles(user)
            self.update_user(user)
        except (LDAPPasswordIsMandatoryError, LDAPBindError):
            raise BadRequest
@ -110,10 +125,10 @@ class AuthLDAP(AuthPlugin):
            if password:
                ldap_conn = self.ldap.connect(dn, password)
            else:
-                if self.admin_dn is None:
+                if self.root_dn is None:
-                    logger.error("admin_dn missing in ldap config!")
+                    logger.error("root_dn missing in ldap config!")
                    raise InternalServerError
-                ldap_conn = self.ldap.connect(self.admin_dn, self.admin_secret)
+                ldap_conn = self.ldap.connect(self.root_dn, self.root_secret)
            modifier = {}
            for name, ldap_name in [
                ("firstname", "givenName"),
@ -124,9 +139,7 @@ class AuthLDAP(AuthPlugin):
                if hasattr(user, name):
                    modifier[ldap_name] = [(MODIFY_REPLACE, [getattr(user, name)])]
            if new_password:
-                # TODO: Use secure hash!
+                modifier["userPassword"] = [(MODIFY_REPLACE, [self.__hash(new_password)])]
                salted_password = hashed(HASHED_SALTED_MD5, new_password)
                modifier["userPassword"] = [(MODIFY_REPLACE, [salted_password])]
            ldap_conn.modify(dn, modifier)
            self._set_roles(user)
        except (LDAPPasswordIsMandatoryError, LDAPBindError):
@ -134,7 +147,7 @@ class AuthLDAP(AuthPlugin):
    def get_avatar(self, user):
        self.ldap.connection.search(
-            "ou=user,{}".format(self.dn),
+            self.search_dn,
            "(uid={})".format(user.userid),
            SUBTREE,
            attributes=["jpegPhoto"],
@ -144,14 +157,14 @@ class AuthLDAP(AuthPlugin):
        if "jpegPhoto" in r and len(r["jpegPhoto"]) > 0:
            avatar = _Avatar()
            avatar.mimetype = "image/jpeg"
-            avatar.binary.extend(r["jpegPhoto"][0])
+            avatar.binary = bytearray(r["jpegPhoto"][0])
            return avatar
        else:
            raise NotFound
    def set_avatar(self, user, avatar: _Avatar):
-        if self.admin_dn is None:
+        if self.root_dn is None:
-            logger.error("admin_dn missing in ldap config!")
+            logger.error("root_dn missing in ldap config!")
            raise InternalServerError
        if avatar.mimetype != "image/jpeg":
@ -172,16 +185,23 @@ class AuthLDAP(AuthPlugin):
                raise BadRequest("Unsupported image format")
        dn = user.get_attribute("DN")
-        ldap_conn = self.ldap.connect(self.admin_dn, self.admin_secret)
+        ldap_conn = self.ldap.connect(self.root_dn, self.root_secret)
        ldap_conn.modify(dn, {"jpegPhoto": [(MODIFY_REPLACE, [avatar.binary])]})
    def delete_avatar(self, user):
        if self.root_dn is None:
            logger.error("root_dn missing in ldap config!")
        dn = user.get_attribute("DN")
        ldap_conn = self.ldap.connect(self.root_dn, self.root_secret)
        ldap_conn.modify(dn, {"jpegPhoto": [(MODIFY_REPLACE, [])]})
    def __find(self, userid, mail=None):
        """Find attributes of an user by uid or mail in LDAP"""
        con = self.ldap.connection
        if not con:
-            con = self.ldap.connect(self.admin_dn, self.admin_secret)
+            con = self.ldap.connect(self.root_dn, self.root_secret)
        con.search(
-            f"ou=user,{self.dn}",
+            self.search_dn,
            f"(| (uid={userid})(mail={mail}))" if mail else f"(uid={userid})",
            SUBTREE,
            attributes=["uid", "givenName", "sn", "mail"],
@ -205,12 +225,12 @@ class AuthLDAP(AuthPlugin):
        role: Role,
        new_name: Optional[str],
    ):
-        if self.admin_dn is None:
+        if self.root_dn is None:
-            logger.error("admin_dn missing in ldap config!")
+            logger.error("root_dn missing in ldap config!")
            raise InternalServerError
        try:
-            ldap_conn = self.ldap.connect(self.admin_dn, self.admin_secret)
+            ldap_conn = self.ldap.connect(self.root_dn, self.root_secret)
-            ldap_conn.search(f"ou=group,{self.dn}", f"(cn={role.name})", SUBTREE, attributes=["cn"])
+            ldap_conn.search(self.group_dn, f"(cn={role.name})", SUBTREE, attributes=["cn"])
            if len(ldap_conn.response) > 0:
                dn = ldap_conn.response[0]["dn"]
                if new_name:
@ -218,13 +238,33 @@ class AuthLDAP(AuthPlugin):
                else:
                    ldap_conn.delete(dn)
-        except (LDAPPasswordIsMandatoryError, LDAPBindError):
+        except LDAPPasswordIsMandatoryError:
            raise BadRequest
        except LDAPBindError:
            logger.debug(f"Could not bind to LDAP server", exc_info=True)
            raise InternalServerError
    def __hash(self, password):
        if self.password_hash == "ARGON2":
            from argon2 import PasswordHasher
            return f"{{ARGON2}}{PasswordHasher().hash(password)}"
        else:
            from hashlib import pbkdf2_hmac, sha1
            import base64
            salt = os.urandom(16)
            if self.password_hash == "PBKDF2":
                rounds = 200000
                password_hash = base64.b64encode(pbkdf2_hmac("sha512", password.encode("utf-8"), salt, rounds)).decode()
                return f"{{PBKDF2-SHA512}}{rounds}${base64.b64encode(salt).decode()}${password_hash}"
            else:
                return f"{{SSHA}}{base64.b64encode(sha1(password.encode() + salt).digest() + salt).decode()}"
    def _get_groups(self, uid):
        groups = []
        self.ldap.connection.search(
-            "ou=group,{}".format(self.dn),
+            self.group_dn,
            "(memberUID={})".format(uid),
            SUBTREE,
            attributes=["cn"],
@ -236,7 +276,7 @@ class AuthLDAP(AuthPlugin):
    def _get_all_roles(self):
        self.ldap.connection.search(
-            f"ou=group,{self.dn}",
+            self.group_dn,
            "(cn=*)",
            SUBTREE,
            attributes=["cn", "gidNumber", "memberUid"],
@ -245,8 +285,7 @@ class AuthLDAP(AuthPlugin):
    def _set_roles(self, user: User):
        try:
-            ldap_conn = self.ldap.connect(self.admin_dn, self.admin_secret)
+            ldap_conn = self.ldap.connect(self.root_dn, self.root_secret)
            ldap_roles = self._get_all_roles()
            gid_numbers = sorted(ldap_roles, key=lambda i: i["attributes"]["gidNumber"], reverse=True)
@ -255,7 +294,7 @@ class AuthLDAP(AuthPlugin):
            for user_role in user.roles:
                if user_role not in [role["attributes"]["cn"][0] for role in ldap_roles]:
                    ldap_conn.add(
-                        f"cn={user_role},ou=group,{self.dn}",
+                        f"cn={user_role},{self.group_dn}",
                        ["posixGroup"],
                        attributes={"gidNumber": gid_number},
                    )
--- a/flaschengeist/plugins/auth_plain/init.py
+++ b/flaschengeist/plugins/auth_plain/init.py
@ -19,7 +19,13 @@ class AuthPlain(AuthPlugin):
        if User.query.first() is None:
            logger.info("Installing admin user")
            role = Role(name="Superuser", permissions=Permission.query.all())
-            admin = User(userid="admin", firstname="Admin", lastname="Admin", mail="", roles_=[role])
+            admin = User(
                userid="admin",
                firstname="Admin",
                lastname="Admin",
                mail="",
                roles_=[role],
            )
            self.modify_user(admin, None, "admin")
            db.session.add(admin)
            db.session.commit()
@ -58,6 +64,9 @@ class AuthPlain(AuthPlugin):
    def set_avatar(self, user, avatar):
        user.set_attribute("avatar", avatar)
    def delete_avatar(self, user):
        user.delete_attribute("avatar")
    @staticmethod
    def _hash_password(password):
        salt = hashlib.sha256(os.urandom(60)).hexdigest().encode("ascii")
--- a/flaschengeist/plugins/balance/balance_controller.py
+++ b/flaschengeist/plugins/balance/balance_controller.py
@ -113,7 +113,16 @@ def get_transaction(transaction_id) -> Transaction:
    return transaction
-def get_transactions(user, start=None, end=None, limit=None, offset=None, show_reversal=False, show_cancelled=True):
+def get_transactions(
    user,
    start=None,
    end=None,
    limit=None,
    offset=None,
    show_reversal=False,
    show_cancelled=True,
    descending=False,
 ):
    count = None
    query = Transaction.query.filter((Transaction.sender_ == user) | (Transaction.receiver_ == user))
    if start:
@ -125,6 +134,9 @@ def get_transactions(user, start=None, end=None, limit=None, offset=None, show_r
        query = query.filter(Transaction.original_ == None)
    if not show_cancelled:
        query = query.filter(Transaction.reversal_id.is_(None))
    if descending:
        query = query.order_by(Transaction.time.desc())
    else:
        query = query.order_by(Transaction.time)
    if limit is not None:
        count = query.count()
--- a/flaschengeist/plugins/balance/routes.py
+++ b/flaschengeist/plugins/balance/routes.py
@ -99,6 +99,32 @@ def set_limit(userid, current_session: Session):
    return HTTP.no_content()
@BalancePlugin.blueprint.route("/users/balance/limit", methods=["GET", "PUT"])
@login_required(permission=permissions.SET_LIMIT)
 def limits(current_session: Session):
    """Get, Modify limit of all users
    Args:
        current_ession: Session sent with Authorization Header
    Returns:
        JSON encoded array of userid with limit or HTTP-error
    """
    users = userController.get_users()
    if request.method == "GET":
        return jsonify([{"userid": user.userid, "limit": user.get_attribute("balance_limit")} for user in users])
    data = request.get_json()
    try:
        limit = data["limit"]
    except (TypeError, KeyError):
        raise BadRequest
    for user in users:
        balance_controller.set_limit(user, limit)
    return HTTP.no_content()
@BalancePlugin.blueprint.route("/users/<userid>/balance", methods=["GET"])
@login_required(permission=permissions.SHOW)
 def get_balance(userid, current_session: Session):
@ -170,6 +196,7 @@ def get_transactions(userid, current_session: Session):
    show_cancelled = request.args.get("showCancelled", True)
    limit = request.args.get("limit")
    offset = request.args.get("offset")
    descending = request.args.get("descending", False)
    try:
        if limit is not None:
            limit = int(limit)
@ -179,11 +206,20 @@ def get_transactions(userid, current_session: Session):
            show_reversals = str2bool(show_reversals)
        if not isinstance(show_cancelled, bool):
            show_cancelled = str2bool(show_cancelled)
        if not isinstance(descending, bool):
            descending = str2bool(descending)
    except ValueError:
        raise BadRequest
    transactions, count = balance_controller.get_transactions(
-        user, start, end, limit, offset, show_reversal=show_reversals, show_cancelled=show_cancelled
+        user,
        start,
        end,
        limit,
        offset,
        show_reversal=show_reversals,
        show_cancelled=show_cancelled,
        descending=descending,
    )
    return {"transactions": transactions, "count": count}
--- a/flaschengeist/plugins/events/init.py
+++ b/flaschengeist/plugins/events/init.py
@ -11,6 +11,7 @@ from . import permissions, models
 class EventPlugin(Plugin):
    name = "events"
    id = "dev.flaschengeist.events"
    plugin = LocalProxy(lambda: current_app.config["FG_PLUGINS"][EventPlugin.name])
    permissions = permissions.permissions
    blueprint = Blueprint(name, __name__)
--- a/flaschengeist/plugins/events/event_controller.py
+++ b/flaschengeist/plugins/events/event_controller.py
@ -1,7 +1,7 @@
 from datetime import datetime, timedelta, timezone
 from typing import Optional
-from werkzeug.exceptions import BadRequest, NotFound
+from werkzeug.exceptions import BadRequest, Conflict, NotFound
 from sqlalchemy.exc import IntegrityError
 from flaschengeist import logger
@ -41,7 +41,7 @@ def create_event_type(name):
        db.session.commit()
        return event
    except IntegrityError:
-        raise BadRequest("Name already exists")
+        raise Conflict("Name already exists")
 def rename_event_type(identifier, new_name):
@ -50,7 +50,7 @@ def rename_event_type(identifier, new_name):
    try:
        db.session.commit()
    except IntegrityError:
-        raise BadRequest("Name already exists")
+        raise Conflict("Name already exists")
 def delete_event_type(name):
@ -116,7 +116,7 @@ def get_event(event_id, with_backup=False) -> Event:
    if event is None:
        raise NotFound
    if not with_backup:
-        return clear_backup(event)
+        clear_backup(event)
    return event
@ -124,7 +124,14 @@ def get_templates():
    return Event.query.filter(Event.is_template == True).all()
-def get_events(start: Optional[datetime] = None, end=None, with_backup=False):
+def get_events(
    start: Optional[datetime] = None,
    end: Optional[datetime] = None,
    limit: Optional[int] = None,
    offset: Optional[int] = None,
    descending: Optional[bool] = False,
    with_backup=False,
 ):
    """Query events which start from begin until end
    Args:
        start (datetime): Earliest start
@ -138,6 +145,14 @@ def get_events(start: Optional[datetime] = None, end=None, with_backup=False):
        query = query.filter(start <= Event.start)
    if end is not None:
        query = query.filter(Event.start < end)
    if descending:
        query = query.order_by(Event.start.desc())
    else:
        query = query.order_by(Event.start)
    if limit is not None:
        query = query.limit(limit)
    if offset is not None and offset > 0:
        query = query.offset(offset)
    events = query.all()
    if not with_backup:
        for event in events:
@ -153,7 +168,9 @@ def delete_event(event_id):
    Raises:
        NotFound if not found
    """
-    event = get_event(event_id)
+    event = get_event(event_id, True)
    for job in event.jobs:
        delete_job(job)
    db.session.delete(event)
    db.session.commit()
@ -178,15 +195,24 @@ def create_event(event_type, start, end=None, jobs=[], is_template=None, name=No
        raise BadRequest
-def get_job(job_slot_id, event_id):
+def get_job(job_id, event_id=None) -> Job:
-    js = Job.query.filter(Job.id == job_slot_id).filter(Job.event_id_ == event_id).one_or_none()
+    query = Job.query.filter(Job.id == job_id)
-    if js is None:
+    if event_id is not None:
        query = query.filter(Job.event_id_ == event_id)
    job = query.one_or_none()
    if job is None:
        raise NotFound
-    return js
+    return job
 def add_job(event, job_type, required_services, start, end=None, comment=None):
-    job = Job(required_services=required_services, type=job_type, start=start, end=end, comment=comment)
+    job = Job(
        required_services=required_services,
        type=job_type,
        start=start,
        end=end,
        comment=comment,
    )
    event.jobs.append(job)
    update()
    return job
@ -196,30 +222,48 @@ def update():
    try:
        db.session.commit()
    except IntegrityError:
-        logger.debug("Error, looks like a Job with that type already exists on an event", exc_info=True)
+        logger.debug(
            "Error, looks like a Job with that type already exists on an event",
            exc_info=True,
        )
        raise BadRequest()
 def delete_job(job: Job):
    for service in job.services:
        unassign_job(service=service, notify=True)
    db.session.delete(job)
    db.session.commit()
-def assign_to_job(job: Job, user, value):
+def assign_job(job: Job, user, value, is_backup=False):
    assert value > 0
    service = Service.query.get((job.id, user.id_))
    if value < 0:
        if not service:
            raise BadRequest
        db.session.delete(service)
    else:
    if service:
        service.value = value
    else:
-            service = Service(user_=user, value=value, job_=job)
+        service = Service(user_=user, value=value, is_backup=is_backup, job_=job)
        db.session.add(service)
    db.session.commit()
 def unassign_job(job: Job = None, user=None, service=None, notify=False):
    if service is None:
        assert job is not None and user is not None
        service = Service.query.get((job.id, user.id_))
    else:
        user = service.user_
    if not service:
        raise BadRequest
    event_id = service.job_.event_id_
    db.session.delete(service)
    db.session.commit()
    if notify:
        EventPlugin.plugin.notify(user, "Your assignmet was cancelled", {"event_id": event_id})
@scheduled
 def assign_backups():
    logger.debug("Notifications")
@ -230,7 +274,9 @@ def assign_backups():
    for service in services:
        if service.job_.start <= now or service.job_.is_full():
            EventPlugin.plugin.notify(
-                service.user_, "Your backup assignment was cancelled.", {"event_id": service.job_.event_id_}
+                service.user_,
                "Your backup assignment was cancelled.",
                {"event_id": service.job_.event_id_},
            )
            logger.debug(f"Service is outdated or full, removing. {service.serialize()}")
            db.session.delete(service)
@ -238,6 +284,8 @@ def assign_backups():
            service.is_backup = False
            logger.debug(f"Service not full, assigning backup. {service.serialize()}")
            EventPlugin.plugin.notify(
-                service.user_, "Your backup assignment was accepted.", {"event_id": service.job_.event_id_}
+                service.user_,
                "Your backup assignment was accepted.",
                {"event_id": service.job_.event_id_},
            )
    db.session.commit()
--- a/flaschengeist/plugins/events/models.py
+++ b/flaschengeist/plugins/events/models.py
@ -39,7 +39,13 @@ class Service(db.Model, ModelSerializeMixin):
    is_backup: bool = db.Column(db.Boolean, default=False)
    value: float = db.Column(db.Numeric(precision=3, scale=2, asdecimal=False), nullable=False)
-    _job_id = db.Column("job_id", Serial, db.ForeignKey(f"{_table_prefix_}job.id"), nullable=False, primary_key=True)
+    _job_id = db.Column(
        "job_id",
        Serial,
        db.ForeignKey(f"{_table_prefix_}job.id"),
        nullable=False,
        primary_key=True,
    )
    _user_id = db.Column("user_id", Serial, db.ForeignKey("user.id"), nullable=False, primary_key=True)
    user_: User = db.relationship("User")
@ -59,6 +65,7 @@ class Job(db.Model, ModelSerializeMixin):
    end: Optional[datetime] = db.Column(UtcDateTime)
    type: Union[JobType, int] = db.relationship("JobType")
    comment: Optional[str] = db.Column(db.String(256))
    locked: bool = db.Column(db.Boolean())
    services: list[Service] = db.relationship("Service", back_populates="job_")
    required_services: float = db.Column(db.Numeric(precision=4, scale=2, asdecimal=False), nullable=False)
@ -83,11 +90,17 @@ class Event(db.Model, ModelSerializeMixin):
    type: Union[EventType, int] = db.relationship("EventType")
    is_template: bool = db.Column(db.Boolean, default=False)
    jobs: list[Job] = db.relationship(
-        "Job", back_populates="event_", cascade="all,delete,delete-orphan", order_by="[Job.start, Job.end]"
+        "Job",
        back_populates="event_",
        cascade="all,delete,delete-orphan",
        order_by="[Job.start, Job.end]",
    )
    # Protected for internal use
    _type_id = db.Column(
-        "type_id", Serial, db.ForeignKey(f"{_table_prefix_}event_type.id", ondelete="CASCADE"), nullable=False
+        "type_id",
        Serial,
        db.ForeignKey(f"{_table_prefix_}event_type.id", ondelete="CASCADE"),
        nullable=False,
    )
--- a/flaschengeist/plugins/events/permissions.py
+++ b/flaschengeist/plugins/events/permissions.py
@ -22,4 +22,7 @@ ASSIGN_OTHER = "events_assign_other"
 SEE_BACKUP = "events_see_backup"
 """Can see users assigned as backup"""
 LOCK_JOBS = "events_lock_jobs"
 """Can lock jobs, no further services can be assigned or unassigned"""
 permissions = [value for key, value in globals().items() if not key.startswith("_")]
--- a/flaschengeist/plugins/events/routes.py
+++ b/flaschengeist/plugins/events/routes.py
@ -1,9 +1,12 @@
 from datetime import datetime, timedelta, timezone
 from http.client import NO_CONTENT
 from re import template
 from flask import request, jsonify
 from sqlalchemy import exc
 from werkzeug.exceptions import BadRequest, NotFound, Forbidden
 from flaschengeist.models.session import Session
 from flaschengeist.plugins.events.models import Job
 from flaschengeist.utils.decorators import login_required
 from flaschengeist.utils.datetime import from_iso_format
 from flaschengeist.controller import userController
@ -12,6 +15,21 @@ from . import event_controller, permissions, EventPlugin
 from ...utils.HTTP import no_content
 def dict_get(self, key, default=None, type=None):
    """Same as .get from MultiDict"""
    try:
        rv = self[key]
    except KeyError:
        return default
    if type is not None:
        try:
            rv = type(rv)
        except ValueError:
            rv = default
    return rv
@EventPlugin.blueprint.route("/events/templates", methods=["GET"])
@login_required()
 def get_templates(current_session):
@ -169,7 +187,8 @@ def get_event(event_id, current_session):
        JSON encoded event object
    """
    event = event_controller.get_event(
-        event_id, with_backup=current_session.user_.has_permission(permissions.SEE_BACKUP)
+        event_id,
        with_backup=current_session.user_.has_permission(permissions.SEE_BACKUP),
    )
    return jsonify(event)
@ -177,17 +196,21 @@ def get_event(event_id, current_session):
@EventPlugin.blueprint.route("/events", methods=["GET"])
@login_required()
 def get_filtered_events(current_session):
-    begin = request.args.get("from")
+    begin = request.args.get("from", type=from_iso_format)
-    if begin is not None:
+    end = request.args.get("to", type=from_iso_format)
-        begin = from_iso_format(begin)
+    limit = request.args.get("limit", type=int)
-    end = request.args.get("to")
+    offset = request.args.get("offset", type=int)
-    if end is not None:
+    descending = "descending" in request.args
        end = from_iso_format(end)
    if begin is None and end is None:
        begin = datetime.now()
    return jsonify(
        event_controller.get_events(
-            begin, end, with_backup=current_session.user_.has_permission(permissions.SEE_BACKUP)
+            start=begin,
            end=end,
            limit=limit,
            offset=offset,
            descending=descending,
            with_backup=current_session.user_.has_permission(permissions.SEE_BACKUP),
        )
    )
@ -222,7 +245,9 @@ def get_events(current_session, year=datetime.now().year, month=datetime.now().m
                end = datetime(year=year, month=month + 1, day=1, tzinfo=timezone.utc)
        events = event_controller.get_events(
-            begin, end, with_backup=current_session.user_.has_permission(permissions.SEE_BACKUP)
+            begin,
            end,
            with_backup=current_session.user_.has_permission(permissions.SEE_BACKUP),
        )
        return jsonify(events)
    except ValueError:
@ -232,9 +257,7 @@ def get_events(current_session, year=datetime.now().year, month=datetime.now().m
 def _add_job(event, data):
    try:
        start = from_iso_format(data["start"])
-        end = None
+        end = dict_get(data, "end", None, type=from_iso_format)
        if "end" in data:
            end = from_iso_format(data["end"])
        required_services = data["required_services"]
        job_type = data["type"]
        if isinstance(job_type, dict):
@ -243,7 +266,14 @@ def _add_job(event, data):
        raise BadRequest("Missing or invalid POST parameter")
    job_type = event_controller.get_job_type(job_type)
-    event_controller.add_job(event, job_type, required_services, start, end, comment=data.get("comment", None))
+    event_controller.add_job(
        event,
        job_type,
        required_services,
        start,
        end,
        comment=dict_get(data, "comment", None, str),
    )
@EventPlugin.blueprint.route("/events", methods=["POST"])
@ -262,11 +292,9 @@ def create_event(current_session):
        JSON encoded Event object or HTTP-error
    """
    data = request.get_json()
    end = data.get("end", None)
    try:
        start = from_iso_format(data["start"])
-        if end is not None:
+        end = dict_get(data, "end", None, type=from_iso_format)
            end = from_iso_format(end)
        data_type = data["type"]
        if isinstance(data_type, dict):
            data_type = data["type"]["id"]
@ -279,10 +307,10 @@ def create_event(current_session):
    event = event_controller.create_event(
        start=start,
        end=end,
-        name=data.get("name", None),
+        name=dict_get(data, "name", None),
-        is_template=data.get("is_template", None),
+        is_template=dict_get(data, "is_template", None),
        event_type=event_type,
-        description=data.get("description", None),
+        description=dict_get(data, "description", None),
    )
    if "jobs" in data:
        for job in data["jobs"]:
@ -309,15 +337,14 @@ def modify_event(event_id, current_session):
    """
    event = event_controller.get_event(event_id)
    data = request.get_json()
-    if "start" in data:
+    event.start = dict_get(data, "start", event.start, type=from_iso_format)
-        event.start = from_iso_format(data["start"])
+    event.end = dict_get(data, "end", event.end, type=from_iso_format)
-    if "end" in data:
+    event.name = dict_get(data, "name", event.name, type=str)
-        event.end = from_iso_format(data["end"])
+    event.description = dict_get(data, "description", event.description, type=str)    
    if "description" in data:
        event.description = data["description"]
    if "type" in data:
        event_type = event_controller.get_event_type(data["type"])
        event.type = event_type
    event_controller.update()
    return jsonify(event)
@ -376,19 +403,19 @@ def delete_job(event_id, job_id, current_session):
    Returns:
        HTTP-no-content or HTTP error
    """
-    job_slot = event_controller.get_job(job_id, event_id)
+    job = event_controller.get_job(job_id, event_id)
-    event_controller.delete_job(job_slot)
+    event_controller.delete_job(job)
    return no_content()
@EventPlugin.blueprint.route("/events/<int:event_id>/jobs/<int:job_id>", methods=["PUT"])
@login_required()
 def update_job(event_id, job_id, current_session: Session):
-    """Edit Job or assign user to the Job
+    """Edit Job
    Route: ``/events/<event_id>/jobs/<job_id>`` | Method: ``PUT``
-    POST-data: See TS interface for Job or ``{user: {userid: string, value: number}}``
+    POST-data: See TS interface for Job
    Args:
        event_id: Identifier of the event
@ -398,34 +425,89 @@ def update_job(event_id, job_id, current_session: Session):
    Returns:
        JSON encoded Job object or HTTP-error
    """
-    job = event_controller.get_job(job_id, event_id)
+    if not current_session.user_.has_permission(permissions.EDIT):
        raise Forbidden
    data = request.get_json()
    if not data:
        raise BadRequest
-    if ("user" not in data or len(data) > 1) and not current_session.user_.has_permission(permissions.EDIT):
+    job = event_controller.get_job(job_id, event_id)
        raise Forbidden
    if "user" in data:
    try:
            user = userController.get_user(data["user"]["userid"])
            value = data["user"]["value"]
            if (user == current_session.user_ and not user.has_permission(permissions.ASSIGN)) or (
                user != current_session.user_ and not current_session.user_.has_permission(permissions.ASSIGN_OTHER)
            ):
                raise Forbidden
            event_controller.assign_to_job(job, user, value)
        except (KeyError, ValueError):
            raise BadRequest
    if "required_services" in data:
        job.required_services = data["required_services"]
        if "type" in data:
            job.type = event_controller.get_job_type(data["type"])
        job.start = from_iso_format(data.get("start", job.start))
        job.end = from_iso_format(data.get("end", job.end))
        job.comment = str(data.get("comment", job.comment))
        job.locked = bool(data.get("locked", job.locked))
        job.required_services = float(data.get("required_services", job.required_services))
        event_controller.update()
    except NotFound:
        raise BadRequest("Invalid JobType")
    except ValueError:
        raise BadRequest("Invalid POST data")
    return jsonify(job)
@EventPlugin.blueprint.route("/events/jobs/<int:job_id>/assign", methods=["POST"])
@login_required()
 def assign_job(job_id, current_session: Session):
    """Assign / unassign user to the Job
    Route: ``/events/jobs/<job_id>/assign`` | Method: ``POST``
    POST-data: a Service object, see TS interface for Service
    Args:
        job_id: Identifier of the Job
        current_session: Session sent with Authorization Header
    Returns:
        HTTP-No-Content or HTTP-error
    """
    data = request.get_json()
    job = event_controller.get_job(job_id)
    try:
        user = userController.get_user(data["userid"])
        value = data["value"]
        if (user == current_session.user_ and not user.has_permission(permissions.ASSIGN)) or (
            user != current_session.user_ and not current_session.user_.has_permission(permissions.ASSIGN_OTHER)
        ):
            raise Forbidden
        if value > 0:
            event_controller.assign_job(job, user, value, data.get("is_backup", False))
        else:
            event_controller.unassign_job(job, user, notify=user != current_session.user_)
    except (TypeError, KeyError, ValueError):
        raise BadRequest
    return no_content()
@EventPlugin.blueprint.route("/events/jobs/<int:job_id>/lock", methods=["POST"])
@login_required(permissions.LOCK_JOBS)
 def lock_job(job_id, current_session: Session):
    """Lock / unlock the Job
    Route: ``/events/jobs/<job_id>/lock`` | Method: ``POST``
    POST-data: ``{locked: boolean}``
    Args:
        job_id: Identifier of the Job
        current_session: Session sent with Authorization Header
    Returns:
        HTTP-No-Content or HTTP-error
    """
    data = request.get_json()
    job = event_controller.get_job(job_id)
    try:
        locked = bool(userController.get_user(data["locked"]))
        job.locked = locked
        event_controller.update()
    except (TypeError, KeyError, ValueError):
        raise BadRequest
    return no_content()
 # TODO: JobTransfer
--- a/flaschengeist/plugins/pricelist/init.py
+++ b/flaschengeist/plugins/pricelist/init.py
@ -2,12 +2,13 @@
 from flask import Blueprint, jsonify, request, current_app
 from werkzeug.local import LocalProxy
-from werkzeug.exceptions import BadRequest, Forbidden, Unauthorized
+from werkzeug.exceptions import BadRequest, Forbidden, NotFound, Unauthorized
 from flaschengeist import logger
 from flaschengeist.controller import userController
 from flaschengeist.controller.imageController import send_image, send_thumbnail
 from flaschengeist.plugins import Plugin
-from flaschengeist.utils.decorators import login_required, extract_session
+from flaschengeist.utils.decorators import login_required, extract_session, headers
 from flaschengeist.utils.HTTP import no_content
 from . import models
@ -214,10 +215,87 @@ def get_drinks(identifier=None):
    if identifier:
        result = pricelist_controller.get_drink(identifier, public=public)
    else:
        result = pricelist_controller.get_drinks(public=public)
    logger.debug(f"GET drink {result}")
        return jsonify(result)
    else:
        limit = request.args.get("limit")
        offset = request.args.get("offset")
        search_name = request.args.get("search_name")
        search_key = request.args.get("search_key")
        ingredient = request.args.get("ingredient", type=bool)
        receipt = request.args.get("receipt", type=bool)
        try:
            if limit is not None:
                limit = int(limit)
            if offset is not None:
                offset = int(offset)
            if ingredient is not None:
                ingredient = bool(ingredient)
            if receipt is not None:
                receipt = bool(receipt)
        except ValueError:
            raise BadRequest
        drinks, count = pricelist_controller.get_drinks(
            public=public,
            limit=limit,
            offset=offset,
            search_name=search_name,
            search_key=search_key,
            ingredient=ingredient,
            receipt=receipt,
        )
    mop = drinks.copy()
    logger.debug(f"GET drink {drinks}, {count}")
    # return jsonify({"drinks": drinks, "count": count})
    return jsonify({"drinks": drinks, "count": count})
@PriceListPlugin.blueprint.route("/list", methods=["GET"])
 def get_pricelist():
    """Get Priclist
    Route: ``/pricelist/list`` | Method: ``GET``
    Returns:
        JSON encoded list of DrinkPrices or HTTP-KeyError
    """
    public = True
    try:
        extract_session()
        public = False
    except Unauthorized:
        public = True
    limit = request.args.get("limit")
    offset = request.args.get("offset")
    search_name = request.args.get("search_name")
    search_key = request.args.get("search_key")
    ingredient = request.args.get("ingredient", type=bool)
    receipt = request.args.get("receipt", type=bool)
    descending = request.args.get("descending", type=bool)
    sortBy = request.args.get("sortBy")
    try:
        if limit is not None:
            limit = int(limit)
        if offset is not None:
            offset = int(offset)
        if ingredient is not None:
            ingredient = bool(ingredient)
        if receipt is not None:
            receipt = bool(receipt)
        if descending is not None:
            descending = bool(descending)
    except ValueError:
        raise BadRequest
    pricelist, count = pricelist_controller.get_pricelist(
        public=public,
        limit=limit,
        offset=offset,
        search_name=search_name,
        search_key=search_key,
        descending=descending,
        sortBy=sortBy,
    )
    logger.debug(f"GET pricelist {pricelist}, {count}")
    return jsonify({"pricelist": pricelist, "count": count})
@PriceListPlugin.blueprint.route("/drinks/search/<string:name>", methods=["GET"])
@ -632,7 +710,7 @@ def get_priclist_setting(userid, current_session):
        return no_content()
-@PriceListPlugin.blueprint.route("/drinks/<int:identifier>/picture", methods=["POST", "GET", "DELETE"])
+@PriceListPlugin.blueprint.route("/drinks/<int:identifier>/picture", methods=["POST", "DELETE"])
@login_required(permission=permissions.EDIT)
 def set_picture(identifier, current_session):
    """Get, Create, Delete Drink Picture
@ -654,25 +732,25 @@ def set_picture(identifier, current_session):
    file = request.files.get("file")
    if file:
-        picture = models._Picture()
+        return jsonify(pricelist_controller.save_drink_picture(identifier, file))
        picture.mimetype = file.content_type
        picture.binary = bytearray(file.stream.read())
        return jsonify(pricelist_controller.save_drink_picture(identifier, picture))
    else:
        raise BadRequest
-@PriceListPlugin.blueprint.route("/picture/<identifier>", methods=["GET"])
+@PriceListPlugin.blueprint.route("/drinks/<int:identifier>/picture", methods=["GET"])
 #@headers({"Cache-Control": "private, must-revalidate"})
 def _get_picture(identifier):
    """Get Picture
    Args:
-        identifier: Identifier of Picture
+        identifier: Identifier of Drink
    Returns:
        Picture or HTTP-error
    """
-    if request.method == "GET":
+    drink = pricelist_controller.get_drink(identifier)
-        size = request.args.get("size")
+    if drink.has_image:
-        response = pricelist_controller.get_drink_picture(identifier, size)
+        if request.args.get("thumbnail"):
-        return response.make_conditional(request)
+            return send_thumbnail(image=drink.image_)
        return send_image(image=drink.image_)
    raise NotFound
--- a/flaschengeist/plugins/pricelist/models.py
+++ b/flaschengeist/plugins/pricelist/models.py
@ -1,20 +1,21 @@
 from __future__ import annotations  # TODO: Remove if python requirement is >= 3.10
 from flaschengeist.database import db
-from flaschengeist.models import ModelSerializeMixin
+from flaschengeist.models import ModelSerializeMixin, Serial
 from flaschengeist.models.image import Image
 from typing import Optional
 drink_tag_association = db.Table(
    "drink_x_tag",
-    db.Column("drink_id", db.Integer, db.ForeignKey("drink.id")),
+    db.Column("drink_id", Serial, db.ForeignKey("drink.id")),
-    db.Column("tag_id", db.Integer, db.ForeignKey("drink_tag.id")),
+    db.Column("tag_id", Serial, db.ForeignKey("drink_tag.id")),
 )
 drink_type_association = db.Table(
    "drink_x_type",
-    db.Column("drink_id", db.Integer, db.ForeignKey("drink.id")),
+    db.Column("drink_id", Serial, db.ForeignKey("drink.id")),
-    db.Column("type_id", db.Integer, db.ForeignKey("drink_type.id")),
+    db.Column("type_id", Serial, db.ForeignKey("drink_type.id")),
 )
@ -24,7 +25,7 @@ class Tag(db.Model, ModelSerializeMixin):
    """
    __tablename__ = "drink_tag"
-    id: int = db.Column("id", db.Integer, primary_key=True)
+    id: int = db.Column("id", Serial, primary_key=True)
    name: str = db.Column(db.String(30), nullable=False, unique=True)
    color: str = db.Column(db.String(7), nullable=False)
@ -35,7 +36,7 @@ class DrinkType(db.Model, ModelSerializeMixin):
    """
    __tablename__ = "drink_type"
-    id: int = db.Column("id", db.Integer, primary_key=True)
+    id: int = db.Column("id", Serial, primary_key=True)
    name: str = db.Column(db.String(30), nullable=False, unique=True)
@ -45,10 +46,11 @@ class DrinkPrice(db.Model, ModelSerializeMixin):
    """
    __tablename__ = "drink_price"
-    id: int = db.Column("id", db.Integer, primary_key=True)
+    id: int = db.Column("id", Serial, primary_key=True)
    price: float = db.Column(db.Numeric(precision=5, scale=2, asdecimal=False))
-    volume_id_ = db.Column("volume_id", db.Integer, db.ForeignKey("drink_price_volume.id"))
+    volume_id_ = db.Column("volume_id", Serial, db.ForeignKey("drink_price_volume.id"))
-    volume = db.relationship("DrinkPriceVolume", back_populates="prices")
+    volume: "DrinkPriceVolume" = None
    _volume: "DrinkPriceVolume" = db.relationship("DrinkPriceVolume", back_populates="_prices", join_depth=1)
    public: bool = db.Column(db.Boolean, default=True)
    description: Optional[str] = db.Column(db.String(30))
@ -61,8 +63,8 @@ class ExtraIngredient(db.Model, ModelSerializeMixin):
    ExtraIngredient
    """
-    __tablename__ = "extra_ingredient"
+    __tablename__ = "drink_extra_ingredient"
-    id: int = db.Column("id", db.Integer, primary_key=True)
+    id: int = db.Column("id", Serial, primary_key=True)
    name: str = db.Column(db.String(30), unique=True, nullable=False)
    price: float = db.Column(db.Numeric(precision=5, scale=2, asdecimal=False))
@ -73,19 +75,20 @@ class DrinkIngredient(db.Model, ModelSerializeMixin):
    """
    __tablename__ = "drink_ingredient"
-    id: int = db.Column("id", db.Integer, primary_key=True)
+    id: int = db.Column("id", Serial, primary_key=True)
    volume: float = db.Column(db.Numeric(precision=5, scale=2, asdecimal=False), nullable=False)
-    ingredient_id: int = db.Column(db.Integer, db.ForeignKey("drink.id"))
+    ingredient_id: int = db.Column(Serial, db.ForeignKey("drink.id"))
-    #    drink_ingredient: Drink = db.relationship("Drink")
+    cost_per_volume: float
-    # price: float = 0
+    name: str
    _drink_ingredient: Drink = db.relationship("Drink")
    @property
    def cost_per_volume(self):
        return self._drink_ingredient.cost_per_volume if self._drink_ingredient else None
-#    @property
+    @property
-#    def price(self):
+    def name(self):
-#        try:
+        return self._drink_ingredient.name if self._drink_ingredient else None
 #            return self.drink_ingredient.cost_price_pro_volume * self.volume
 #        except AttributeError:
 #            pass
 class Ingredient(db.Model, ModelSerializeMixin):
@ -93,14 +96,14 @@ class Ingredient(db.Model, ModelSerializeMixin):
    Ingredient Associationtable
    """
-    __tablename__ = "ingredient_association"
+    __tablename__ = "drink_ingredient_association"
-    id: int = db.Column("id", db.Integer, primary_key=True)
+    id: int = db.Column("id", Serial, primary_key=True)
-    volume_id = db.Column(db.Integer, db.ForeignKey("drink_price_volume.id"))
+    volume_id = db.Column(Serial, db.ForeignKey("drink_price_volume.id"))
-    drink_ingredient: Optional[DrinkIngredient] = db.relationship(DrinkIngredient)
+    drink_ingredient: Optional[DrinkIngredient] = db.relationship(DrinkIngredient, cascade="all,delete")
    extra_ingredient: Optional[ExtraIngredient] = db.relationship(ExtraIngredient)
-    _drink_ingredient_id = db.Column(db.Integer, db.ForeignKey("drink_ingredient.id"))
+    _drink_ingredient_id = db.Column(Serial, db.ForeignKey("drink_ingredient.id"))
-    _extra_ingredient_id = db.Column(db.Integer, db.ForeignKey("extra_ingredient.id"))
+    _extra_ingredient_id = db.Column(Serial, db.ForeignKey("drink_extra_ingredient.id"))
 class MinPrices(ModelSerializeMixin):
@ -118,17 +121,25 @@ class DrinkPriceVolume(db.Model, ModelSerializeMixin):
    """
    __tablename__ = "drink_price_volume"
-    id: int = db.Column("id", db.Integer, primary_key=True)
+    id: int = db.Column("id", Serial, primary_key=True)
-    drink_id = db.Column(db.Integer, db.ForeignKey("drink.id"))
+    drink_id = db.Column(Serial, db.ForeignKey("drink.id"))
    drink: "Drink" = None
    _drink: "Drink" = db.relationship("Drink", back_populates="_volumes")
    volume: float = db.Column(db.Numeric(precision=5, scale=2, asdecimal=False))
    min_prices: list[MinPrices] = []
    # ingredients: list[Ingredient] = []
-
+    prices: list[DrinkPrice] = []
-    prices: list[DrinkPrice] = db.relationship(DrinkPrice, back_populates="volume", cascade="all,delete,delete-orphan")
+    _prices: list[DrinkPrice] = db.relationship(
-    ingredients: list[Ingredient] = db.relationship("Ingredient", foreign_keys=Ingredient.volume_id)
+        DrinkPrice, back_populates="_volume", cascade="all,delete,delete-orphan"
    )
    ingredients: list[Ingredient] = db.relationship(
        "Ingredient",
        foreign_keys=Ingredient.volume_id,
        cascade="all,delete,delete-orphan",
    )
    def __repr__(self):
-        return f"DrinkPriceVolume({self.id},{self.drink_id},{self.prices})"
+        return f"DrinkPriceVolume({self.id},{self.drink_id},{self.volume},{self.prices})"
 class Drink(db.Model, ModelSerializeMixin):
@ -137,29 +148,32 @@ class Drink(db.Model, ModelSerializeMixin):
    """
    __tablename__ = "drink"
-    id: int = db.Column("id", db.Integer, primary_key=True)
+    id: int = db.Column("id", Serial, primary_key=True)
    article_id: Optional[str] = db.Column(db.String(64))
    package_size: Optional[int] = db.Column(db.Integer)
    name: str = db.Column(db.String(60), nullable=False)
    volume: Optional[float] = db.Column(db.Numeric(precision=5, scale=2, asdecimal=False))
    cost_per_volume: Optional[float] = db.Column(db.Numeric(precision=5, scale=3, asdecimal=False))
    cost_per_package: Optional[float] = db.Column(db.Numeric(precision=5, scale=3, asdecimal=False))
    has_image: bool = False
    uuid: str = db.Column(db.String(36))
    receipt: Optional[list[str]] = db.Column(db.PickleType(protocol=4))
-    _type_id = db.Column("type_id", db.Integer, db.ForeignKey("drink_type.id"))
+    _type_id = db.Column("type_id", Serial, db.ForeignKey("drink_type.id"))
    _image_id = db.Column("image_id", Serial, db.ForeignKey("image.id"))
    image_: Image = db.relationship("Image", cascade="all, delete", foreign_keys=[_image_id])
    tags: Optional[list[Tag]] = db.relationship("Tag", secondary=drink_tag_association, cascade="save-update, merge")
    type: Optional[DrinkType] = db.relationship("DrinkType", foreign_keys=[_type_id])
-    volumes: list[DrinkPriceVolume] = db.relationship(DrinkPriceVolume)
+    volumes: list[DrinkPriceVolume] = []
    _volumes: list[DrinkPriceVolume] = db.relationship(
        DrinkPriceVolume, back_populates="_drink", cascade="all,delete,delete-orphan"
    )
    def __repr__(self):
        return f"Drink({self.id},{self.name},{self.volumes})"
-
+    @property
-class _Picture:
+    def has_image(self):
-    """Wrapper class for pictures binaries"""
+        return self.image_ is not None
    mimetype = ""
    binary = bytearray()
--- a/flaschengeist/plugins/pricelist/pricelist_controller.py
+++ b/flaschengeist/plugins/pricelist/pricelist_controller.py
@ -1,16 +1,24 @@
 from werkzeug.exceptions import BadRequest, NotFound
 from sqlalchemy.exc import IntegrityError
 from uuid import uuid4
 from flaschengeist import logger
 from flaschengeist.config import config
 from flaschengeist.database import db
 from flaschengeist.utils.picture import save_picture, get_picture, delete_picture
 from flaschengeist.utils.decorators import extract_session
-from .models import Drink, DrinkPrice, Ingredient, Tag, DrinkType, DrinkPriceVolume, DrinkIngredient, ExtraIngredient
+from .models import (
    Drink,
    DrinkPrice,
    Ingredient,
    Tag,
    DrinkType,
    DrinkPriceVolume,
    DrinkIngredient,
    ExtraIngredient,
 )
 from .permissions import EDIT_VOLUME, EDIT_PRICE, EDIT_INGREDIENTS_DRINK
 import flaschengeist.controller.imageController as image_controller
 def update():
    db.session.commit()
@ -131,13 +139,143 @@ def _create_public_drink(drink):
    return None
-def get_drinks(name=None, public=False):
+def get_drinks(
    name=None,
    public=False,
    limit=None,
    offset=None,
    search_name=None,
    search_key=None,
    ingredient=False,
    receipt=None,
 ):
    count = None
    if name:
-        drinks = Drink.query.filter(Drink.name.contains(name)).all()
+        query = Drink.query.filter(Drink.name.contains(name))
-    drinks = Drink.query.all()
+    else:
        query = Drink.query
    if ingredient:
        query = query.filter(Drink.cost_per_volume >= 0)
    if receipt:
        query = query.filter(Drink._volumes.any(DrinkPriceVolume.ingredients != None))
    if public:
-        return [_create_public_drink(drink) for drink in drinks if _create_public_drink(drink)]
+        query = query.filter(Drink._volumes.any(DrinkPriceVolume._prices.any(DrinkPrice.public)))
-    return drinks
+    if search_name:
        if search_key == "name":
            query = query.filter(Drink.name.contains(search_name))
        elif search_key == "article_id":
            query = query.filter(Drink.article_id.contains(search_name))
        elif search_key == "drink_type":
            query = query.filter(Drink.type.has(DrinkType.name.contains(search_name)))
        elif search_key == "tags":
            query = query.filter(Drink.tags.any(Tag.name.contains(search_name)))
        else:
            query = query.filter(
                (Drink.name.contains(search_name))
                | (Drink.article_id.contains(search_name))
                | (Drink.type.has(DrinkType.name.contains(search_name)))
                | (Drink.tags.any(Tag.name.contains(search_name)))
            )
    query = query.order_by(Drink.name.asc())
    if limit is not None:
        count = query.count()
        query = query.limit(limit)
    if offset is not None:
        query = query.offset(offset)
    drinks = query.all()
    for drink in drinks:
        for volume in drink._volumes:
            volume.prices = volume._prices
        drink.volumes = drink._volumes
    return drinks, count
 def get_pricelist(
    public=False,
    limit=None,
    offset=None,
    search_name=None,
    search_key=None,
    sortBy=None,
    descending=False,
 ):
    count = None
    query = DrinkPrice.query
    if public:
        query = query.filter(DrinkPrice.public)
    if search_name:
        if search_key == "name":
            query = query.filter(DrinkPrice._volume.has(DrinkPriceVolume._drink.has(Drink.name.contains(search_name))))
        if search_key == "type":
            query = query.filter(
                DrinkPrice._volume.has(
                    DrinkPriceVolume._drink.has(Drink.type.has(DrinkType.name.contains(search_name)))
                )
            )
        if search_key == "tags":
            query = query.filter(
                DrinkPrice._volume.has(DrinkPriceVolume._drink.has(Drink.tags.any(Tag.name.conaitns(search_name))))
            )
        if search_key == "volume":
            query = query.filter(DrinkPrice._volume.has(DrinkPriceVolume.volume == float(search_name)))
        if search_key == "price":
            query = query.filter(DrinkPrice.price == float(search_name))
        if search_key == "description":
            query = query.filter(DrinkPrice.description.contains(search_name))
        else:
            try:
                search_name = float(search_name)
                query = query.filter(
                    (DrinkPrice._volume.has(DrinkPriceVolume.volume == float(search_name)))
                    | (DrinkPrice.price == float(search_name))
                )
            except:
                query = query.filter(
                    (DrinkPrice._volume.has(DrinkPriceVolume._drink.has(Drink.name.contains(search_name))))
                    | (
                        DrinkPrice._volume.has(
                            DrinkPriceVolume._drink.has(Drink.type.has(DrinkType.name.contains(search_name)))
                        )
                    )
                    | (
                        DrinkPrice._volume.has(
                            DrinkPriceVolume._drink.has(Drink.tags.any(Tag.name.contains(search_name)))
                        )
                    )
                    | (DrinkPrice.description.contains(search_name))
                )
    if sortBy == "type":
        query = (
            query.join(DrinkPrice._volume)
            .join(DrinkPriceVolume._drink)
            .join(Drink.type)
            .order_by(DrinkType.name.desc() if descending else DrinkType.name.asc())
        )
    elif sortBy == "volume":
        query = query.join(DrinkPrice._volume).order_by(
            DrinkPriceVolume.volume.desc() if descending else DrinkPriceVolume.volume.asc()
        )
    elif sortBy == "price":
        query = query.order_by(DrinkPrice.price.desc() if descending else DrinkPrice.price.asc())
    else:
        query = (
            query.join(DrinkPrice._volume)
            .join(DrinkPriceVolume._drink)
            .order_by(Drink.name.desc() if descending else Drink.name.asc())
        )
    if limit is not None:
        count = query.count()
        query = query.limit(limit)
    if offset is not None:
        query = query.offset(offset)
    prices = query.all()
    for price in prices:
        price._volume.drink = price._volume._drink
        price.volume = price._volume
    return prices, count
 def get_drink(identifier, public=False):
@ -152,6 +290,9 @@ def get_drink(identifier, public=False):
        raise NotFound
    if public:
        return _create_public_drink(drink)
    for volume in drink._volumes:
        volume.prices = volume._prices
    drink.volumes = drink._volumes
    return drink
@ -182,17 +323,21 @@ def update_drink(identifier, data):
        else:
            drink = get_drink(identifier)
        for key, value in data.items():
-            if hasattr(drink, key):
+            if hasattr(drink, key) and key != "has_image":
                setattr(drink, key, value if value != "" else None)
        if drink_type:
            drink.type = drink_type
        if volumes is not None and session.user_.has_permission(EDIT_VOLUME):
-            drink.volumes = []
+            drink._volumes = []
-            drink.volumes = set_volumes(volumes)
+            drink._volumes = set_volumes(volumes)
        if len(tags) > 0:
            drink.tags = tags
        db.session.commit()
        for volume in drink._volumes:
            volume.prices = volume._prices
        drink.volumes = drink._volumes
        return drink
    except (NotFound, KeyError):
        raise BadRequest
@ -233,16 +378,9 @@ def set_volume(data):
        prices = values.pop("prices")
    if "ingredients" in values:
        ingredients = values.pop("ingredients")
-    vol_id = values.pop("id", None)
+    values.pop("id", None)
    if vol_id < 0:
    volume = DrinkPriceVolume(**values)
    db.session.add(volume)
    else:
        volume = get_volume(vol_id)
        if not volume:
            raise NotFound
        for key, value in values.items():
            setattr(volume, key, value if value != "" else None)
    if prices and session.user_.has_permission(EDIT_PRICE):
        set_prices(prices, volume)
@ -257,7 +395,7 @@ def set_prices(prices, volume):
        for _price in prices:
            price = set_price(_price)
            _prices.append(price)
-        volume.prices = _prices
+        volume._prices = _prices
 def set_ingredients(ingredients, volume):
@ -292,16 +430,9 @@ def set_price(data):
    allowed_keys.append("description")
    logger.debug(f"allowed_key {allowed_keys}")
    values = {key: value for key, value in data.items() if key in allowed_keys}
-    price_id = values.pop("id", -1)
+    values.pop("id", -1)
    if price_id < 0:
    price = DrinkPrice(**values)
    db.session.add(price)
    else:
        price = get_price(price_id)
        if not price:
            raise NotFound
        for key, value in values.items():
            setattr(price, key, value)
    return price
@ -315,16 +446,13 @@ def delete_price(identifier):
 def set_drink_ingredient(data):
    allowed_keys = DrinkIngredient().serialize().keys()
    values = {key: value for key, value in data.items() if key in allowed_keys}
-    ingredient_id = values.pop("id", -1)
+    if "cost_per_volume" in values:
-    if ingredient_id < 0:
+        values.pop("cost_per_volume")
    if "name" in values:
        values.pop("name")
    values.pop("id", -1)
    drink_ingredient = DrinkIngredient(**values)
    db.session.add(drink_ingredient)
    else:
        drink_ingredient = DrinkIngredient.query.get(ingredient_id)
        if not drink_ingredient:
            raise NotFound
        for key, value in values.items():
            setattr(drink_ingredient, key, value if value != "" else None)
    return drink_ingredient
@ -339,14 +467,9 @@ def set_ingredient(data):
        drink_ingredient_value = data.pop("drink_ingredient")
    if "extra_ingredient" in data:
        extra_ingredient_value = data.pop("extra_ingredient")
-    ingredient_id = data.pop("id", -1)
+    data.pop("id", -1)
    if ingredient_id < 0:
    ingredient = Ingredient(**data)
    db.session.add(ingredient)
    else:
        ingredient = get_ingredient(ingredient_id)
        if not ingredient:
            raise NotFound
    if drink_ingredient_value:
        ingredient.drink_ingredient = set_drink_ingredient(drink_ingredient_value)
    if extra_ingredient_value:
@ -402,34 +525,16 @@ def delete_extra_ingredient(identifier):
 def save_drink_picture(identifier, file):
-    drink = get_drink(identifier)
+    drink = delete_drink_picture(identifier)
-    old_uuid = None
+    drink.image_ = image_controller.upload_image(file)
    if drink.uuid:
        old_uuid = drink.uuid
    drink.uuid = str(uuid4())
    db.session.commit()
    path = config["pricelist"]["path"]
    save_picture(file, f"{path}/{drink.uuid}")
    if old_uuid:
        delete_picture(f"{path}/{old_uuid}")
    return drink
 def get_drink_picture(identifier, size=None):
    path = config["pricelist"]["path"]
    drink = None
    if isinstance(identifier, int):
        drink = get_drink(identifier)
    if isinstance(identifier, str):
        drink = Drink.query.filter(Drink.uuid == identifier).one_or_none()
    if drink:
        return get_picture(f"{path}/{drink.uuid}", size)
    raise FileNotFoundError
 def delete_drink_picture(identifier):
    drink = get_drink(identifier)
-    if drink.uuid:
+    if drink.image_:
-        delete_picture(f"{config['pricelist']['path']}/{drink.uuid}")
+        db.session.delete(drink.image_)
-        drink.uuid = None
+        drink.image_ = None
    db.session.commit()
    return drink
--- a/flaschengeist/plugins/users/init.py
+++ b/flaschengeist/plugins/users/init.py
@ -75,7 +75,7 @@ def list_users(current_session):
@UsersPlugin.blueprint.route("/users/<userid>", methods=["GET"])
@login_required()
-@headers({"Cache-Control": "private, must-revalidate, max-age=3600"})
+@headers({"Cache-Control": "private, must-revalidate, max-age=300"})
 def get_user(userid, current_session):
    """Retrieve user by userid
@ -144,6 +144,16 @@ def set_avatar(userid, current_session):
        raise BadRequest
@UsersPlugin.blueprint.route("/users/<userid>/avatar", methods=["DELETE"])
@login_required()
 def delete_avatar(userid, current_session):
    user = userController.get_user(userid)
    if userid != current_session.user_.userid and not current_session.user_.has_permission(permissions.EDIT):
        raise Forbidden
    userController.delete_avatar(user)
    return "", NO_CONTENT
@UsersPlugin.blueprint.route("/users/<userid>", methods=["DELETE"])
@login_required(permission=permissions.DELETE)
 def delete_user(userid, current_session):
--- a/flaschengeist/utils/no-image.png
+++ b/flaschengeist/utils/no-image.png
--- a/flaschengeist/utils/picture.py
+++ b/flaschengeist/utils/picture.py
@ -1,55 +0,0 @@
 import os, sys, shutil, io
 from PIL import Image
 from flask import Response
 from werkzeug.exceptions import BadRequest
 from ..utils.HTTP import no_content
 thumbnail_sizes = ((32, 32), (64, 64), (128, 128), (256, 256), (512, 512))
 def save_picture(picture, path):
    if not picture.mimetype.startswith("image/"):
        raise BadRequest
    os.makedirs(path, exist_ok=True)
    file_type = picture.mimetype.replace("image/", "")
    filename = f"{path}/drink"
    with open(f"{filename}.{file_type}", "wb") as file:
        file.write(picture.binary)
    image = Image.open(f"{filename}.{file_type}")
    if file_type != "png":
        image.save(f"{filename}.png", "PNG")
        os.remove(f"{filename}.{file_type}")
    for thumbnail_size in thumbnail_sizes:
        work_image = image.copy()
        work_image.thumbnail(thumbnail_size)
        work_image.save(f"{filename}-{thumbnail_size[0]}.png", "PNG")
 def get_picture(path, size=None):
    try:
        if size:
            if os.path.isfile(f"{path}/drink-{size}.png"):
                with open(f"{path}/drink-{size}.png", "rb") as file:
                    image = file.read()
            else:
                _image = Image.open(f"{path}/drink.png")
                _image.thumbnail((int(size), int(size)))
                with io.BytesIO() as file:
                    _image.save(file, format="PNG")
                    image = file.getvalue()
        else:
            with open(f"{path}/drink.png", "rb") as file:
                image = file.read()
        response = Response(image, mimetype="image/png")
        response.add_etag()
        return response
    except:
        raise FileNotFoundError
 def delete_picture(path):
    try:
        shutil.rmtree(path)
    except FileNotFoundError:
        pass
--- a/readme.md
+++ b/readme.md
@ -46,7 +46,7 @@ If not you need to create user and database manually do (or similar on Windows):
    (
        echo "CREATE DATABASE flaschengeist;"
        echo "CREATE USER 'flaschengeist'@'localhost' IDENTIFIED BY 'flaschengeist';"
-        echo "GRANT ALL PRIVILEGES ON 'flaschengeist'.* TO 'flaschengeist'@'localhost';"
+        echo "GRANT ALL PRIVILEGES ON flaschengeist.* TO 'flaschengeist'@'localhost';"
        echo "FLUSH PRIVILEGES;"
    ) | sudo mysql
--- a/25
+++ b/25
@ -167,6 +167,28 @@ def export(arguments):
        gen.write()
 def ldap_sync(arguments):
    from flaschengeist.app import create_app
    from flaschengeist.controller import userController
    from flaschengeist.plugins.auth_ldap import AuthLDAP
    from ldap3 import SUBTREE
    app = create_app()
    with app.app_context():
        auth_ldap: AuthLDAP = app.config.get("FG_PLUGINS").get("auth_ldap")
        if auth_ldap:
            conn = auth_ldap.ldap.connection
            if not conn:
                conn = auth_ldap.ldap.connect(auth_ldap.root_dn, auth_ldap.root_secret)
            conn.search(auth_ldap.search_dn, "(uid=*)", SUBTREE, attributes=["uid", "givenName", "sn", "mail"])
            ldap_users_response = conn.response
            for ldap_user in ldap_users_response:
                uid = ldap_user["attributes"]["uid"][0]
                userController.find_user(uid)
            exit()
        raise Exception("auth_ldap not found")
 if __name__ == "__main__":
    # create the top-level parser
    parser = argparse.ArgumentParser()
@ -192,5 +214,8 @@ if __name__ == "__main__":
    )
    parser_export.add_argument("--plugins", help="Also export plugins (none means all)", nargs="*")
    parser_ldap_sync = subparsers.add_parser("ldap_sync", help="synch ldap-users with database")
    parser_ldap_sync.set_defaults(func=ldap_sync)
    args = parser.parse_args()
    args.func(args)
--- a/setup.py
+++ b/setup.py
@ -20,7 +20,16 @@ class DocsCommand(Command):
    def run(self):
        """Run command."""
-        command = ["python", "-m", "pdoc", "--skip-errors", "--html", "--output-dir", self.output, "flaschengeist"]
+        command = [
            "python",
            "-m",
            "pdoc",
            "--skip-errors",
            "--html",
            "--output-dir",
            self.output,
            "flaschengeist",
        ]
        self.announce(
            "Running command: %s" % str(command),
        )
@ -33,15 +42,20 @@ setup(
    scripts=["run_flaschengeist"],
    python_requires=">=3.7",
    install_requires=[
-        "Flask >= 1.1",
+        "Flask >= 2.0",
        "toml",
-        "sqlalchemy>=1.4",
+        "sqlalchemy>=1.4.26",
        "flask_sqlalchemy>=2.5",
        "flask_cors",
        "Pillow>=8.4.0",
        "werkzeug",
        mysql_driver,
    ],
-    extras_require={"ldap": ["flask_ldapconn", "ldap3"], "pricelist": ["pillow"], "test": ["pytest", "coverage"]},
+    extras_require={
        "ldap": ["flask_ldapconn", "ldap3"],
        "argon": ["argon2-cffi"],
        "test": ["pytest", "coverage"],
    },
    entry_points={
        "flaschengeist.plugin": [
            # Authentication providers
@ -54,7 +68,7 @@ setup(
            "balance = flaschengeist.plugins.balance:BalancePlugin",
            "events = flaschengeist.plugins.events:EventPlugin",
            "mail = flaschengeist.plugins.message_mail:MailMessagePlugin",
-            "pricelist = flaschengeist.plugins.pricelist:PriceListPlugin [pricelist]",
+            "pricelist = flaschengeist.plugins.pricelist:PriceListPlugin",
        ],
    },
    cmdclass={
--- a/tests/conftest.py
+++ b/tests/conftest.py
@ -22,7 +22,13 @@ with open(os.path.join(os.path.dirname(__file__), "data.sql"), "r") as f:
@pytest.fixture
 def app():
    db_fd, db_path = tempfile.mkstemp()
-    app = create_app({"TESTING": True, "DATABASE": {"file_path": f"/{db_path}"}, "LOGGING": {"level": "DEBUG"}})
+    app = create_app(
        {
            "TESTING": True,
            "DATABASE": {"file_path": f"/{db_path}"},
            "LOGGING": {"level": "DEBUG"},
        }
    )
    with app.app_context():
        install_all()
        engine = database.db.engine
Author	SHA1	Message	Date
Tim Gröger	d17b0a7cab	[balance] add sorting of transaction	2021-11-22 15:23:21 +01:00
Tim Gröger	ff03325e2b	[balance] add get and modify limits for all users	2021-11-22 15:20:24 +01:00
Ferdinand Thiessen	04d5b1e83a	[events] Allow locking events	2021-11-21 17:58:28 +01:00
Ferdinand Thiessen	51a3a8dfc8	[events] Respect backup assignment	2021-11-21 17:52:24 +01:00
Tim Gröger	d75574e078	[auth_ldap] fix create Users	2021-11-21 15:30:49 +01:00
Tim Gröger	0be31d0bfe	[auth_ldap] sync ldap_users to Database	2021-11-21 15:11:37 +01:00
Tim Gröger	26d63b7c7d	[users][auth_ldap][auth_plain] delete avatar	2021-11-20 22:58:05 +01:00
Tim Gröger	f7f27311db	[image] bigger filename size	2021-11-19 22:04:33 +01:00
Tim Gröger	00c9da4ff2	Merge remote-tracking branch 'origin/develop' into develop	2021-11-19 20:11:07 +01:00
Ferdinand Thiessen	795475fe15	[pricelist] Delete old images	2021-11-19 13:32:54 +01:00
Ferdinand Thiessen	d00c603697	[events] Allow server side pageination	2021-11-18 23:06:03 +01:00
Ferdinand Thiessen	48933cdf5f	[core] Minor fixes	2021-11-18 23:02:03 +01:00
Ferdinand Thiessen	7cb31bf60e	gitignore	2021-11-18 12:57:18 +01:00
Ferdinand Thiessen	05dc158719	[cleanup] PEP8 cleanup	2021-11-18 12:56:02 +01:00
Tim Gröger	6535aeab2e	Merge remote-tracking branch 'origin/develop' into develop	2021-11-16 21:32:25 +01:00
Ferdinand Thiessen	92183a4235	[logging] Enabled overriding logger config by user config	2021-11-16 21:18:06 +01:00
Ferdinand Thiessen	c6c41adb02	[logging] Enabled overriding logger config by user config	2021-11-16 14:07:05 +01:00
Ferdinand Thiessen	f1d973b446	[deps] Updated flask requirement	2021-11-16 14:06:31 +01:00
Ferdinand Thiessen	45ed9219a4	[logging] Some cleanup and improved configuring using user config	2021-11-16 13:43:47 +01:00
Tim Gröger	0ef9d18ace	[auth_ldap][fix] fix loade correct picture	2021-11-16 11:18:00 +01:00
Tim Gröger	ae1bf6c54b	[auth_ldap][fix] hash ssha from ldap3	2021-11-15 22:38:49 +01:00
Tim Gröger	f205291d6d	[pricelist][fix] autodeletion of relationship. drinks can be modified	2021-11-15 20:47:14 +01:00
Ferdinand Thiessen	6a9db1b36a	[pricelist] Fix minor issues	2021-11-15 17:05:18 +01:00
Ferdinand Thiessen	e3d0014e62	[pricelist] Use Serial database type instead of int for IDs	2021-11-15 16:34:58 +01:00
Ferdinand Thiessen	a43441e0c5	[pricelist] Use new image controller	2021-11-15 16:34:35 +01:00
Ferdinand Thiessen	a6fe921920	[controller] Add controller for handling uploading images	2021-11-15 16:32:24 +01:00
ferfissimo	42e304cf5f	Merge pull request 'feature/pricelist' (#15 ) from feature/pricelist into develop Reviewed-on: #15	2021-11-15 09:55:09 +00:00
ferfissimo	55278c8413	Merge branch 'develop' into feature/pricelist	2021-11-15 09:54:52 +00:00
Tim Gröger	57a03a80cc	[pricelist] add serverside sorting for pricelist, sorting by name for drinks	2021-11-15 09:19:50 +01:00
Tim Gröger	dba60fdab8	[pricelist] serverside pagination and filtering for pricelist	2021-11-14 19:35:11 +01:00
Tim Gröger	1bb7bafa2a	[pricelist][fix] better query to send drinks with public prices	2021-11-13 15:57:49 +01:00
Tim Gröger	e4b937991b	[pricelist] add serverside pagination and filter for receipts	2021-11-13 15:44:06 +01:00
Tim Gröger	526433afba	[pricelist] serviceside filtering for ingredients	2021-11-13 15:03:21 +01:00
Ferdinand Thiessen	1b371763ee	[events] Fix conflic return code	2021-11-13 14:49:28 +01:00
Tim Gröger	8fb74358e7	[pricelist] add serverside filtering for getDrinks	2021-11-13 13:23:04 +01:00
Tim Gröger	26a00ed6a6	[pricelist] add serverside pagination of drinks	2021-11-12 22:09:16 +01:00
Ferdinand Thiessen	974af80a9b	[db] Fix warnings and fix readme	2021-11-12 11:34:42 +01:00
Tim Gröger	ff13eefb45	Merge branch 'develop' into feature/pricelist	2021-11-11 19:49:43 +01:00
Tim Gröger	5ef603ee50	Merge pull request '[auth_ldap] Allow more configuration' (#14 ) from improve_ldap into develop Reviewed-on: #14	2021-11-11 18:43:17 +00:00
Ferdinand Thiessen	80f06e483b	[auth_ldap] modify_role has to be called before the update to change it on the backend	2021-11-11 15:23:11 +01:00
Ferdinand Thiessen	f80ad5c420	[auth_ldap] Fix typo in __init__	2021-11-11 15:23:11 +01:00
Ferdinand Thiessen	4e1799e297	[auth_ldap] Allow more configuration * Allow configuring the password hash (SSHA, PBKDF2 or Argon2) * Allow setting custom dn templates for users and groups to e.g. allow "ou=people" or "ou=user" * Allow setting custom object class for entries * Stop using deprecated openssl constants	2021-11-11 15:23:11 +01:00
Ferdinand Thiessen	f7e07fdade	[events] Hotfix: delete an event with registered jobs	2021-11-11 15:22:55 +01:00
Ferdinand Thiessen	3d833fb6af	[plugin] Plugins should have an unique ID	2021-11-11 15:22:15 +01:00
Ferdinand Thiessen	2dabd1dd34	[events] Fix deleteing an event	2021-11-11 12:23:45 +01:00
Ferdinand Thiessen	cadde543f2	[plugins] Improved handling of plugin loading errors	2021-08-30 14:39:54 +02:00
Tim Gröger	4e46ea1ca3	[balance] add get and modify limits for all users	2021-08-09 10:06:51 +00:00
Tim Gröger	0d1a39f217	[balance] add sorting of transaction	2021-08-09 10:06:51 +00:00
Ferdinand Thiessen	7129469835	[roles] MySQL is caseinsensitive for strings so workaround it for renaming roles	2021-07-29 17:18:01 +02:00
Tim Gröger	e7b978ae3c	better drink dependency drink_ingredient has name and cost_per_volume Flaschengeist/flaschengeist-pricelist#2	2021-06-30 10:45:41 +02:00
Tim Gröger	ff1a0544f8	Merge branch 'develop' into feature/pricelist	2021-06-29 20:21:50 +02:00