Merge pull request 'feature/migrations, closes #19' (#20 ) from feature/migrations into develop

Reviewed-on: #20
feat(users) fix cli if user get role, that provider is updatet too
2023-03-02 05:37:09 +00:00 · 2023-02-18 15:48:53 +01:00 · 2023-02-18 15:11:42 +01:00 · 2023-02-17 20:40:27 +01:00 · 2023-02-17 17:52:20 +01:00 · 2023-02-17 16:40:54 +01:00
80 changed files with 2926 additions and 2157 deletions
--- a/.gitignore
+++ b/.gitignore
@ -67,7 +67,8 @@ instance/
 # Sphinx documentation
 docs/_build/
-docs/
+# pdoc
 docs/html
 # PyBuilder
 target/
--- a/.woodpecker/lint.yml
+++ b/.woodpecker/lint.yml
@ -0,0 +1,6 @@
 pipeline:
  lint:
    image: python:slim
    commands:
      - pip install black
      - black --check --line-length 120 --target-version=py39 .
--- a/.woodpecker/test.yml
+++ b/.woodpecker/test.yml
@ -0,0 +1,19 @@
 pipeline:
  install:
    image: python:${PYTHON}-slim
    commands:
      - python -m venv --clear venv
      - export PATH=venv/bin:$PATH
      - python -m pip install --upgrade pip
      - pip install -v ".[tests]"
  test:
    image: python:${PYTHON}-slim
    commands:
      - export PATH=venv/bin:$PATH
      - python -m pytest
 matrix:
  PYTHON:
    - 3.10
    - 3.9
--- a/README.md
+++ b/README.md
@ -0,0 +1,116 @@
 # Flaschengeist
 ![status-badge](https://ci.os-sc.org/api/badges/Flaschengeist/flaschengeist/status.svg)
 This is the backend of the Flaschengeist.
 ## Installation
 ### Requirements
 - `mysql` or `mariadb`
    - maybe `libmariadb` development files[1]
 - python 3.9+
 - pip 21.0+
 *[1] By default Flaschengeist uses mysql as database backend, if you are on Windows Flaschengeist uses `PyMySQL`, but on
 Linux / Mac the faster `mysqlclient` is used, if it is not already installed installing from pypi requires the
 development files for `libmariadb` to be present on your system.*
 ### Install python files
 It is recommended to upgrade pip to the latest version before installing:
    python -m pip install --upgrade pip
 Default installation with *mariadb*/*mysql* support:
    pip3 install --user ".[mysql]"
 or with ldap support
    pip3 install --user ".[ldap]"
 or if you want to also run the tests:
    pip3 install --user ".[ldap,tests]"
 You will also need a MySQL driver, by default one of this is installed:
 - `mysqlclient` (non Windows)
 - `PyMySQL` (on Windows)
 #### Hint on MySQL driver on Windows:
 If you want to use `mysqlclient` instead of `PyMySQL` (performance?) you have to follow [this guide](https://www.radishlogic.com/coding/python-3/installing-mysqldb-for-python-3-in-windows/)
 ### Install database
 The user needs to have full permissions to the database.
 If not you need to create user and database manually do (or similar on Windows):
    (
        echo "CREATE DATABASE flaschengeist;"
        echo "CREATE USER 'flaschengeist'@'localhost' IDENTIFIED BY 'flaschengeist';"
        echo "GRANT ALL PRIVILEGES ON flaschengeist.* TO 'flaschengeist'@'localhost';"
        echo "FLUSH PRIVILEGES;"
    ) | sudo mysql
 Then you can install the database tables, this will update all tables from core + all enabled plugins.
 And also install all enabled plugins:
    $ flaschengeist install
 *Hint:* To only install the database tables, or upgrade the database after plugins or core are updated later
 you can use this command:
    $ flaschengeist db upgrade heads
 ## Plugins
 To only upgrade one plugin (for example the `events` plugin):
    $ flaschengeist db upgrade events@head
 ## Configuration
 Configuration is done within the a `flaschengeist.toml`file, you can copy the one located inside the module path
 (where flaschegeist is installed) or create an empty one and place it inside either:
 1. `~/.config/`
 2. A custom path and set environment variable `FLASCHENGEIST_CONF`
 Uncomment and change at least all the database parameters!
 #### CRON
 Some functionality used by some plugins rely on regular updates,
 but as flaschengeists works as an WSGI app it can not controll when it gets called.
 So you have to configure one of the following options to call flaschengeists CRON tasks:
 1. Passive Web-CRON: Every time an users calls flaschengeist a task is scheduled (**NOT RECOMMENDED**)
  - Pros: No external configuration needed
  - Cons: Slower user experience, no guaranteed execution time of tasks
 2. Active Web-CRON: You configure a webworker to call `<flaschengeist>/cron`
  - Pros: Guaranteed execution interval, no impact on user experience (at least if you do not limit wsgi worker threads)
  - Cons: Uses one of the webserver threads while executing
 ### Run
 Flaschengeist provides a CLI, based on the flask CLI, respectivly called `flaschengeist`.
 ⚠️ When using the CLI for running Flaschengeist, please note that logging will happen as configured,
 with the difference of the main logger will be forced to output to `stderr` and the logging level
 of the CLI will override the logging level you have configured for the main logger.
    $ flaschengeist run
 or with debug messages:
    $ flaschengeist run --debug
 This will run the backend on http://localhost:5000
 ## Tests
    $ pip install '.[test]'
    $ pytest
 Run with coverage report:
    $ coverage run -m pytest
    $ coverage report
 Or with html output (open `htmlcov/index.html` in a browser):
    $ coverage html
 ## Development
 Please refer to our [development wiki](https://flaschengeist.dev/Flaschengeist/flaschengeist/wiki/Development).
--- a/docs/plugin_development.md
+++ b/docs/plugin_development.md
@ -0,0 +1,57 @@
 # Plugin Development
 ## File Structure
    - your_plugin/
        - __init__.py
        - ...
        - migrations/ (optional)
            - ...
    - setup.cfg
 The basic layout of a plugin is quite simple, you will only need the `setup.cfg` or `setup.py` and
 the package containing your plugin code, at lease a `__init__.py` file with your `Plugin` class.
 If you use custom database tables you need to provide a `migrations` directory within your package,
 see next section.
 ## Database Tables / Migrations
 To allow upgrades of installed plugins, the database is versioned and handled
 through [Alembic](https://alembic.sqlalchemy.org/en/latest/index.html) migrations.
 Each plugin, which uses custom database tables, is represented as an other base.
 So you could simply follow the Alembic tutorial on [how to work with multiple bases](https://alembic.sqlalchemy.org/en/latest/branches.html#creating-a-labeled-base-revision).
 A quick overview on how to work with migrations for your plugin:
    $ flaschengeist db revision -m "Create my super plugin" \
      --head=base --branch-label=myplugin_name --version-path=your/plugin/migrations
 This would add a new base named `myplugin_name`, which should be the same as the pypi name of you plugin.
 If your tables depend on an other plugin or a specific base version you could of cause add
    --depends-on=VERSION
 or
    --depends-on=other_plugin
 ### Plugin Removal and Database Tables
 As generic downgrades are most often hard to write, your plugin is not required to provide such functionallity.
 For Flaschengeist only instable versions provide meaningful downgrade migrations down to the latest stable version.
 So this means if you do not provide downgrades you must at lease provide a series of migrations toward removal of
 the database tables in case the users wants to delete the plugin.
    (base) ----> 1.0 <----> 1.1 <----> 1.2
                  |         
                  --> removal
 After the removal step the database is stamped to to "remove" your
 ## Useful Hooks
 There are some predefined hooks, which might get handy for you.
 For more information, please refer to
 - `flaschengeist.utils.hook.HookBefore` and
 - `flaschengeist.utils.hook.HookAfter`
--- a/flaschengeist/init.py
+++ b/flaschengeist/init.py
@ -1,14 +1,9 @@
-""" Server-package
+"""Flaschengeist"""
    Initialize app, CORS, database and add it to the application.
 """
 import logging
-import pkg_resources
+from importlib.metadata import version
 from pathlib import Path
 from werkzeug.local import LocalProxy
-__version__ = pkg_resources.get_distribution("flaschengeist").version
+__version__ = version("flaschengeist")
-_module_path = Path(__file__).parent
+__pdoc__ = {}
-logger: logging.Logger = LocalProxy(lambda: logging.getLogger(__name__))
+logger = logging.getLogger(__name__)
 __pdoc__["logger"] = "Flaschengeist's logger instance (`werkzeug.local.LocalProxy`)"
--- a/flaschengeist/alembic/init.py
+++ b/flaschengeist/alembic/init.py
@ -0,0 +1,5 @@
 from pathlib import Path
 alembic_migrations_path = str(Path(__file__).resolve().parent / "migrations")
 alembic_script_path = str(Path(__file__).resolve().parent)
--- a/flaschengeist/alembic/alembic.ini
+++ b/flaschengeist/alembic/alembic.ini
@ -0,0 +1,53 @@
 # A generic, single database configuration.
 # No used by flaschengeist
 [alembic]
 # template used to generate migration files
 # file_template = %%(rev)s_%%(slug)s
 # set to 'true' to run the environment during
 # the 'revision' command, regardless of autogenerate
 # revision_environment = false
 version_path_separator = os
 version_locations = %(here)s/migrations
 # Logging configuration
 [loggers]
 keys = root,sqlalchemy,alembic,flask_migrate
 [handlers]
 keys = console
 [formatters]
 keys = generic
 [logger_root]
 level = WARN
 handlers = console
 qualname =
 [logger_sqlalchemy]
 level = WARN
 handlers =
 qualname = sqlalchemy.engine
 [logger_alembic]
 level = INFO
 handlers =
 qualname = alembic
 [logger_flask_migrate]
 level = INFO
 handlers =
 qualname = flask_migrate
 [handler_console]
 class = StreamHandler
 args = (sys.stderr,)
 level = NOTSET
 formatter = generic
 [formatter_generic]
 format = %(levelname)-5.5s [%(name)s] %(message)s
 datefmt = %H:%M:%S
--- a/flaschengeist/alembic/env.py
+++ b/flaschengeist/alembic/env.py
@ -0,0 +1,74 @@
 import logging
 from logging.config import fileConfig
 from pathlib import Path
 from flask import current_app
 from alembic import context
 # this is the Alembic Config object, which provides
 # access to the values within the .ini file in use.
 config = context.config
 # Interpret the config file for Python logging.
 # This line sets up loggers basically.
 fileConfig(Path(config.get_main_option("script_location")) / config.config_file_name.split("/")[-1])
 logger = logging.getLogger("alembic.env")
 config.set_main_option("sqlalchemy.url", str(current_app.extensions["migrate"].db.get_engine().url).replace("%", "%%"))
 target_metadata = current_app.extensions["migrate"].db.metadata
 def run_migrations_offline():
    """Run migrations in 'offline' mode.
    This configures the context with just a URL
    and not an Engine, though an Engine is acceptable
    here as well.  By skipping the Engine creation
    we don't even need a DBAPI to be available.
    Calls to context.execute() here emit the given string to the
    script output.
    """
    url = config.get_main_option("sqlalchemy.url")
    context.configure(url=url, target_metadata=target_metadata, literal_binds=True)
    with context.begin_transaction():
        context.run_migrations()
 def run_migrations_online():
    """Run migrations in 'online' mode.
    In this scenario we need to create an Engine
    and associate a connection with the context.
    """
    # this callback is used to prevent an auto-migration from being generated
    # when there are no changes to the schema
    # reference: http://alembic.zzzcomputing.com/en/latest/cookbook.html
    def process_revision_directives(context, revision, directives):
        if getattr(config.cmd_opts, "autogenerate", False):
            script = directives[0]
            if script.upgrade_ops.is_empty():
                directives[:] = []
                logger.info("No changes in schema detected.")
    connectable = current_app.extensions["migrate"].db.get_engine()
    with connectable.connect() as connection:
        context.configure(
            connection=connection,
            target_metadata=target_metadata,
            process_revision_directives=process_revision_directives,
            **current_app.extensions["migrate"].configure_args,
        )
        with context.begin_transaction():
            context.run_migrations()
 if context.is_offline_mode():
    run_migrations_offline()
 else:
    run_migrations_online()
--- a/flaschengeist/alembic/migrations/20482a003db8_initial_core_db.py
+++ b/flaschengeist/alembic/migrations/20482a003db8_initial_core_db.py
@ -0,0 +1,154 @@
 """Initial core db
 Revision ID: 20482a003db8
 Revises: 
 Create Date: 2022-08-25 15:13:34.900996
 """
 from alembic import op
 import sqlalchemy as sa
 import flaschengeist
 # revision identifiers, used by Alembic.
 revision = "20482a003db8"
 down_revision = None
 branch_labels = ("flaschengeist",)
 depends_on = None
 def upgrade():
    # ### commands auto generated by Alembic - please adjust! ###
    op.create_table(
        "image",
        sa.Column("id", flaschengeist.database.types.Serial(), nullable=False),
        sa.Column("filename", sa.String(length=255), nullable=False),
        sa.Column("mimetype", sa.String(length=127), nullable=False),
        sa.Column("thumbnail", sa.String(length=255), nullable=True),
        sa.Column("path", sa.String(length=255), nullable=True),
        sa.PrimaryKeyConstraint("id", name=op.f("pk_image")),
    )
    op.create_table(
        "plugin",
        sa.Column("id", flaschengeist.database.types.Serial(), nullable=False),
        sa.Column("name", sa.String(length=127), nullable=False),
        sa.Column("version", sa.String(length=30), nullable=False),
        sa.Column("enabled", sa.Boolean(), nullable=True),
        sa.PrimaryKeyConstraint("id", name=op.f("pk_plugin")),
    )
    op.create_table(
        "role",
        sa.Column("id", flaschengeist.database.types.Serial(), nullable=False),
        sa.Column("name", sa.String(length=30), nullable=True),
        sa.PrimaryKeyConstraint("id", name=op.f("pk_role")),
        sa.UniqueConstraint("name", name=op.f("uq_role_name")),
    )
    op.create_table(
        "permission",
        sa.Column("name", sa.String(length=30), nullable=True),
        sa.Column("id", flaschengeist.database.types.Serial(), nullable=False),
        sa.Column("plugin", flaschengeist.database.types.Serial(), nullable=True),
        sa.ForeignKeyConstraint(["plugin"], ["plugin.id"], name=op.f("fk_permission_plugin_plugin")),
        sa.PrimaryKeyConstraint("id", name=op.f("pk_permission")),
        sa.UniqueConstraint("name", name=op.f("uq_permission_name")),
    )
    op.create_table(
        "plugin_setting",
        sa.Column("id", flaschengeist.database.types.Serial(), nullable=False),
        sa.Column("plugin", flaschengeist.database.types.Serial(), nullable=True),
        sa.Column("name", sa.String(length=127), nullable=False),
        sa.Column("value", sa.PickleType(), nullable=True),
        sa.ForeignKeyConstraint(["plugin"], ["plugin.id"], name=op.f("fk_plugin_setting_plugin_plugin")),
        sa.PrimaryKeyConstraint("id", name=op.f("pk_plugin_setting")),
    )
    op.create_table(
        "user",
        sa.Column("userid", sa.String(length=30), nullable=False),
        sa.Column("display_name", sa.String(length=30), nullable=True),
        sa.Column("firstname", sa.String(length=50), nullable=False),
        sa.Column("lastname", sa.String(length=50), nullable=False),
        sa.Column("deleted", sa.Boolean(), nullable=True),
        sa.Column("birthday", sa.Date(), nullable=True),
        sa.Column("mail", sa.String(length=60), nullable=True),
        sa.Column("id", flaschengeist.database.types.Serial(), nullable=False),
        sa.Column("avatar", flaschengeist.database.types.Serial(), nullable=True),
        sa.ForeignKeyConstraint(["avatar"], ["image.id"], name=op.f("fk_user_avatar_image")),
        sa.PrimaryKeyConstraint("id", name=op.f("pk_user")),
        sa.UniqueConstraint("userid", name=op.f("uq_user_userid")),
    )
    op.create_table(
        "notification",
        sa.Column("id", flaschengeist.database.types.Serial(), nullable=False),
        sa.Column("text", sa.Text(), nullable=True),
        sa.Column("data", sa.PickleType(), nullable=True),
        sa.Column("time", flaschengeist.database.types.UtcDateTime(), nullable=False),
        sa.Column("user", flaschengeist.database.types.Serial(), nullable=False),
        sa.Column("plugin", flaschengeist.database.types.Serial(), nullable=False),
        sa.ForeignKeyConstraint(["plugin"], ["plugin.id"], name=op.f("fk_notification_plugin_plugin")),
        sa.ForeignKeyConstraint(["user"], ["user.id"], name=op.f("fk_notification_user_user")),
        sa.PrimaryKeyConstraint("id", name=op.f("pk_notification")),
    )
    op.create_table(
        "password_reset",
        sa.Column("user", flaschengeist.database.types.Serial(), nullable=False),
        sa.Column("token", sa.String(length=32), nullable=True),
        sa.Column("expires", flaschengeist.database.types.UtcDateTime(), nullable=True),
        sa.ForeignKeyConstraint(["user"], ["user.id"], name=op.f("fk_password_reset_user_user")),
        sa.PrimaryKeyConstraint("user", name=op.f("pk_password_reset")),
    )
    op.create_table(
        "role_x_permission",
        sa.Column("role_id", flaschengeist.database.types.Serial(), nullable=True),
        sa.Column("permission_id", flaschengeist.database.types.Serial(), nullable=True),
        sa.ForeignKeyConstraint(
            ["permission_id"], ["permission.id"], name=op.f("fk_role_x_permission_permission_id_permission")
        ),
        sa.ForeignKeyConstraint(["role_id"], ["role.id"], name=op.f("fk_role_x_permission_role_id_role")),
    )
    op.create_table(
        "session",
        sa.Column("expires", flaschengeist.database.types.UtcDateTime(), nullable=True),
        sa.Column("token", sa.String(length=32), nullable=True),
        sa.Column("lifetime", sa.Integer(), nullable=True),
        sa.Column("browser", sa.String(length=127), nullable=True),
        sa.Column("platform", sa.String(length=64), nullable=True),
        sa.Column("id", flaschengeist.database.types.Serial(), nullable=False),
        sa.Column("user_id", flaschengeist.database.types.Serial(), nullable=True),
        sa.ForeignKeyConstraint(["user_id"], ["user.id"], name=op.f("fk_session_user_id_user")),
        sa.PrimaryKeyConstraint("id", name=op.f("pk_session")),
        sa.UniqueConstraint("token", name=op.f("uq_session_token")),
    )
    op.create_table(
        "user_attribute",
        sa.Column("id", flaschengeist.database.types.Serial(), nullable=False),
        sa.Column("user", flaschengeist.database.types.Serial(), nullable=False),
        sa.Column("name", sa.String(length=30), nullable=True),
        sa.Column("value", sa.PickleType(), nullable=True),
        sa.ForeignKeyConstraint(["user"], ["user.id"], name=op.f("fk_user_attribute_user_user")),
        sa.PrimaryKeyConstraint("id", name=op.f("pk_user_attribute")),
    )
    op.create_table(
        "user_x_role",
        sa.Column("user_id", flaschengeist.database.types.Serial(), nullable=True),
        sa.Column("role_id", flaschengeist.database.types.Serial(), nullable=True),
        sa.ForeignKeyConstraint(["role_id"], ["role.id"], name=op.f("fk_user_x_role_role_id_role")),
        sa.ForeignKeyConstraint(["user_id"], ["user.id"], name=op.f("fk_user_x_role_user_id_user")),
    )
    # ### end Alembic commands ###
 def downgrade():
    # ### commands auto generated by Alembic - please adjust! ###
    op.drop_table("user_x_role")
    op.drop_table("user_attribute")
    op.drop_table("session")
    op.drop_table("role_x_permission")
    op.drop_table("password_reset")
    op.drop_table("notification")
    op.drop_table("user")
    op.drop_table("plugin_setting")
    op.drop_table("permission")
    op.drop_table("role")
    op.drop_table("plugin")
    op.drop_table("image")
    # ### end Alembic commands ###
--- a/flaschengeist/alembic/migrations/init.py
+++ b/flaschengeist/alembic/migrations/init.py
--- a/flaschengeist/alembic/script.py.mako
+++ b/flaschengeist/alembic/script.py.mako
@ -0,0 +1,25 @@
 """${message}
 Revision ID: ${up_revision}
 Revises: ${down_revision | comma,n}
 Create Date: ${create_date}
 """
 from alembic import op
 import sqlalchemy as sa
 import flaschengeist
 ${imports if imports else ""}
 # revision identifiers, used by Alembic.
 revision = ${repr(up_revision)}
 down_revision = ${repr(down_revision)}
 branch_labels = ${repr(branch_labels)}
 depends_on = ${repr(depends_on)}
 def upgrade():
    ${upgrades if upgrades else "pass"}
 def downgrade():
    ${downgrades if downgrades else "pass"}
--- a/flaschengeist/app.py
+++ b/flaschengeist/app.py
@ -1,17 +1,16 @@
 import enum
-import pkg_resources
+from flask import Flask
 from flask import Flask, current_app
 from flask_cors import CORS
 from datetime import datetime, date
 from flask.json import JSONEncoder, jsonify
 from sqlalchemy.exc import OperationalError
 from werkzeug.exceptions import HTTPException
-from . import logger
+from flaschengeist import logger
-from .plugins import AuthPlugin
+from flaschengeist.controller import pluginController
-from flaschengeist.config import config, configure_app
+from flaschengeist.utils.hook import Hook
-from flaschengeist.controller import roleController
+from flaschengeist.config import configure_app
 class CustomJSONEncoder(JSONEncoder):
@ -35,78 +34,48 @@ class CustomJSONEncoder(JSONEncoder):
        return JSONEncoder.default(self, o)
-def __load_plugins(app):
+@Hook("plugins.loaded")
-    logger.info("Search for plugins")
+def load_plugins(app: Flask):
    app.config["FG_PLUGINS"] = {}
    for entry_point in pkg_resources.iter_entry_points("flaschengeist.plugin"):
        logger.debug("Found plugin: >{}<".format(entry_point.name))
        plugin = None
        if entry_point.name in config and config[entry_point.name].get("enabled", False):
            try:
                logger.info(f"Load plugin {entry_point.name}")
                plugin = entry_point.load()
                if not hasattr(plugin, "name"):
                    setattr(plugin, "name", entry_point.name)
                plugin = plugin(config[entry_point.name])
                if hasattr(plugin, "blueprint") and plugin.blueprint is not None:
                    app.register_blueprint(plugin.blueprint)
            except:
                logger.error(
                    f"Plugin {entry_point.name} was enabled, but could not be loaded due to an error.",
                    exc_info=True,
                )
                del plugin
                continue
        if isinstance(plugin, AuthPlugin):
            logger.debug(f"Found authentication plugin: {entry_point.name}")
            if entry_point.name == config["FLASCHENGEIST"]["auth"]:
                app.config["FG_AUTH_BACKEND"] = plugin
            else:
                del plugin
                continue
        if plugin:
            app.config["FG_PLUGINS"][entry_point.name] = plugin
    if "FG_AUTH_BACKEND" not in app.config:
        logger.error("No authentication plugin configured or authentication plugin not found")
        raise RuntimeError("No authentication plugin configured or authentication plugin not found")
-
+    for plugin in pluginController.get_enabled_plugins():
-def install_all():
+        logger.debug(f"Searching for enabled plugin {plugin.name}")
-    from flaschengeist.database import db
+        try:
-
+            # Load class
-    db.create_all()
+            cls = plugin.entry_point.load()
-    db.session.commit()
+            plugin = cls.query.get(plugin.id) if plugin.id is not None else plugin
-    installed = []
+            # Custom loading tasks
-    for name, plugin in current_app.config["FG_PLUGINS"].items():
+            plugin.load()
-        if not plugin:
+            # Register blueprint
-            logger.debug(f"Skip disabled plugin: {name}")
+            if hasattr(plugin, "blueprint") and plugin.blueprint is not None:
                app.register_blueprint(plugin.blueprint)
        except:
            logger.error(
                f"Plugin {plugin.name} was enabled, but could not be loaded due to an error.",
                exc_info=True,
            )
            continue
-        logger.info(f"Install plugin {name}")
+        logger.info(f"Loaded plugin: {plugin.name}")
-        plugin.install()
+        app.config["FG_PLUGINS"][plugin.name] = plugin
        installed.append(plugin)
        if plugin.permissions:
            roleController.create_permissions(plugin.permissions)
    for plugin in installed:
        plugin.post_install()
-
+def create_app(test_config=None, cli=False):
-def create_app(test_config=None):
+    app = Flask("flaschengeist")
    app = Flask(__name__)
    app.json_encoder = CustomJSONEncoder
    CORS(app)
    with app.app_context():
-        from flaschengeist.database import db
+        from flaschengeist.database import db, migrate
        configure_app(app, test_config)
        db.init_app(app)
-        __load_plugins(app)
+        migrate.init_app(app, db, compare_type=True)
        load_plugins(app)
    @app.route("/", methods=["GET"])
    def __get_state():
        from . import __version__ as version
-        return jsonify({"plugins": app.config["FG_PLUGINS"], "version": version})
+        return jsonify({"plugins": pluginController.get_loaded_plugins(), "version": version})
    @app.errorhandler(Exception)
    def handle_exception(e):
--- a/flaschengeist/cli/InterfaceGenerator.py
+++ b/flaschengeist/cli/InterfaceGenerator.py
@ -0,0 +1,125 @@
 import io
 import sys
 import inspect
 import logging
 class InterfaceGenerator:
    known = []
    classes = {}
    mapper = {
        "str": "string",
        "int": "number",
        "float": "number",
        "date": "Date",
        "datetime": "Date",
        "NoneType": "null",
        "bool": "boolean",
    }
    def __init__(self, namespace, filename, logger=logging.getLogger()):
        self.basename = ""
        self.namespace = namespace
        self.filename = filename
        self.this_type = None
        self.logger = logger
    def pytype(self, cls):
        a = self._pytype(cls)
        return a
    def _pytype(self, cls):
        import typing
        origin = typing.get_origin(cls)
        arguments = typing.get_args(cls)
        if origin is typing.ForwardRef:  # isinstance(cls, typing.ForwardRef):
            return "", "this" if cls.__forward_arg__ == self.this_type else cls.__forward_arg__
        if origin is typing.Union:
            if len(arguments) == 2 and arguments[1] is type(None):
                return "?", self.pytype(arguments[0])[1]
            else:
                return "", "|".join([self.pytype(pt)[1] for pt in arguments])
        if origin is list:
            return "", "Array<{}>".format("|".join([self.pytype(a_type)[1] for a_type in arguments]))
        if cls is typing.Any:
            return "", "any"
        name = cls.__name__ if hasattr(cls, "__name__") else cls if isinstance(cls, str) else None
        if name is not None:
            if name in self.mapper:
                return "", self.mapper[name]
            else:
                return "", name
        self.logger.warning(f"This python version might not detect all types (try >= 3.9). Could not identify >{cls}<")
        return "?", "any"
    def walker(self, module):
        if sys.version_info < (3, 9):
            raise RuntimeError("Python >= 3.9 is required to export API")
        import typing
        if (
            inspect.ismodule(module[1])
            and module[1].__name__.startswith(self.basename)
            and module[1].__name__ not in self.known
        ):
            self.known.append(module[1].__name__)
            for cls in inspect.getmembers(module[1], lambda x: inspect.isclass(x) or inspect.ismodule(x)):
                self.walker(cls)
        elif (
            inspect.isclass(module[1])
            and module[1].__module__.startswith(self.basename)
            and module[0] not in self.classes
            and not module[0].startswith("_")
            and hasattr(module[1], "__annotations__")
        ):
            self.this_type = module[0]
            d = {}
            for param, ptype in typing.get_type_hints(module[1], globalns=None, localns=None).items():
                if not param.startswith("_") and not param.endswith("_"):
                    d[param] = self.pytype(ptype)
            if len(d) == 1:
                key, value = d.popitem()
                self.classes[module[0]] = value[1]
            else:
                self.classes[module[0]] = d
    def run(self, models):
        self.basename = models.__name__
        self.walker(("models", models))
    def _write_types(self):
        TYPE = "type {name} = {alias};\n"
        INTERFACE = "interface {name} {{\n{properties}}}\n"
        PROPERTY = "\t{name}{modifier}: {type};\n"
        buffer = io.StringIO()
        for cls, props in self.classes.items():
            if isinstance(props, str):
                buffer.write(TYPE.format(name=cls, alias=props))
            else:
                buffer.write(
                    INTERFACE.format(
                        name=cls,
                        properties="".join(
                            [PROPERTY.format(name=name, modifier=props[name][0], type=props[name][1]) for name in props]
                        ),
                    )
                )
        return buffer
    def write(self):
        with (open(self.filename, "w") if self.filename else sys.stdout) as file:
            if self.namespace:
                file.write(f"declare namespace {self.namespace} {{\n")
                for line in self._write_types().getvalue().split("\n"):
                    file.write(f"\t{line}\n")
                file.write("}\n")
            else:
                file.write(self._write_types().getvalue())
--- a/flaschengeist/cli/init.py
+++ b/flaschengeist/cli/init.py
@ -0,0 +1,101 @@
 from os import environ
 import sys
 import click
 import logging
 from flask.cli import FlaskGroup, with_appcontext
 from flaschengeist import logger
 from flaschengeist.app import create_app
 LOGGING_MIN = 5  # TRACE (custom)
 LOGGING_MAX = logging.ERROR
 def get_version(ctx, param, value):
    if not value or ctx.resilient_parsing:
        return
    import platform
    from werkzeug import __version__ as werkzeug_version
    from flask import __version__ as flask_version
    from flaschengeist import __version__
    click.echo(
        f"Python {platform.python_version()}\n"
        f"Flask {flask_version}\n"
        f"Werkzeug {werkzeug_version}\n"
        f"Flaschengeist {__version__}",
        color=ctx.color,
    )
    ctx.exit()
 def configure_logger(level):
    """Reconfigure main logger"""
    global logger
    # Handle TRACE -> meaning enable debug even for werkzeug
    if level == 5:
        level = 10
        logging.getLogger("werkzeug").setLevel(level)
    logger.setLevel(level)
    environ["FG_LOGGING"] = logging.getLevelName(level)
    for h in logger.handlers:
        if isinstance(h, logging.StreamHandler) and h.name == "wsgi":
            h.setLevel(level)
            h.setStream(sys.stderr)
@with_appcontext
 def verbosity(ctx, param, value):
    """Callback: Toggle verbosity between ERROR <-> TRACE"""
    if not value or ctx.resilient_parsing:
        return
    configure_logger(LOGGING_MAX - max(LOGGING_MIN, min(value * 10, LOGGING_MAX - LOGGING_MIN)))
@click.group(
    cls=FlaskGroup,
    add_version_option=False,
    add_default_commands=False,
    create_app=create_app,
 )
@click.option(
    "--version",
    help="Show the flask version",
    expose_value=False,
    callback=get_version,
    is_flag=True,
    is_eager=True,
 )
@click.option(
    "--verbose",
    "-v",
    help="Increase logging level",
    callback=verbosity,
    count=True,
    expose_value=False,
 )
 def cli():
    """Management script for the Flaschengeist application."""
    pass
 def main(*args, **kwargs):
    from .plugin_cmd import plugin
    from .export_cmd import export
    from .docs_cmd import docs
    from .run_cmd import run
    from .install_cmd import install
    # Override logging level
    environ.setdefault("FG_LOGGING", logging.getLevelName(LOGGING_MAX))
    cli.add_command(export)
    cli.add_command(docs)
    cli.add_command(install)
    cli.add_command(plugin)
    cli.add_command(run)
    cli(*args, **kwargs)
--- a/flaschengeist/cli/docs_cmd.py
+++ b/flaschengeist/cli/docs_cmd.py
@ -0,0 +1,38 @@
 import click
 import pathlib
 import subprocess
@click.command()
@click.option(
    "--output",
    "-o",
    help="Documentation output path",
    default="./docs/html",
    type=click.Path(file_okay=False, path_type=pathlib.Path),
 )
@click.pass_context
 def docs(ctx: click.Context, output: pathlib.Path):
    """Generate and export API documentation using pdoc"""
    import pkg_resources
    try:
        pkg_resources.get_distribution("pdoc>=8.0.1")
    except pkg_resources.DistributionNotFound:
        click.echo(
            f"Error: pdoc was not found, maybe you need to install it. Try:\n" "\n" '$ pip install "pdoc>=8.0.1"\n'
        )
        ctx.exit(1)
    output.mkdir(parents=True, exist_ok=True)
    command = [
        "python",
        "-m",
        "pdoc",
        "--docformat",
        "google",
        "--output-directory",
        str(output),
        "flaschengeist",
    ]
    click.echo(f"Running command: {command}")
    subprocess.check_call(command)
--- a/flaschengeist/cli/export_cmd.py
+++ b/flaschengeist/cli/export_cmd.py
@ -0,0 +1,29 @@
 import click
 from importlib.metadata import entry_points
@click.command()
@click.option("--output", "-o", help="Output file, default is stdout", type=click.Path())
@click.option("--namespace", "-n", help="TS namespace for the interfaces", type=str, show_default=True)
@click.option("--plugin", "-p", help="Also export types for a plugin (even if disabled)", multiple=True, type=str)
@click.option("--no-core", help="Skip models / types from flaschengeist core", is_flag=True)
 def export(namespace, output, no_core, plugin):
    from flaschengeist import logger, models
    from .InterfaceGenerator import InterfaceGenerator
    gen = InterfaceGenerator(namespace, output, logger)
    if not no_core:
        gen.run(models)
    if plugin:
        for entry_point in entry_points(group="flaschengeist.plugins"):
            if len(plugin) == 0 or entry_point.name in plugin:
                try:
                    plugin = entry_point.load()
                    gen.run(plugin.models)
                except:
                    logger.error(
                        f"Plugin {entry_point.name} could not be loaded due to an error.",
                        exc_info=True,
                    )
                    continue
    gen.write()
--- a/flaschengeist/cli/install_cmd.py
+++ b/flaschengeist/cli/install_cmd.py
@ -0,0 +1,23 @@
 import click
 from click.decorators import pass_context
 from flask.cli import with_appcontext
 from flask_migrate import upgrade
 from flaschengeist.controller import pluginController
 from flaschengeist.utils.hook import Hook
@click.command()
@with_appcontext
@pass_context
@Hook("plugins.installed")
 def install(ctx: click.Context):
    plugins = pluginController.get_enabled_plugins()
    # Install database
    upgrade(revision="flaschengeist@head")
    # Install plugins
    for plugin in plugins:
        plugin = pluginController.install_plugin(plugin.name)
        pluginController.enable_plugin(plugin.id)
--- a/flaschengeist/cli/plugin_cmd.py
+++ b/flaschengeist/cli/plugin_cmd.py
@ -0,0 +1,145 @@
 import traceback
 import click
 from click.decorators import pass_context
 from flask import current_app
 from flask.cli import with_appcontext
 from importlib.metadata import EntryPoint, entry_points
 from flaschengeist import logger
 from flaschengeist.controller import pluginController
 from werkzeug.exceptions import NotFound
@click.group()
 def plugin():
    pass
@plugin.command()
@click.argument("plugin", nargs=-1, required=True, type=str)
@with_appcontext
@pass_context
 def enable(ctx, plugin):
    """Enable one or more plugins"""
    for name in plugin:
        click.echo(f"Enabling {name}{'.'*(20-len(name))}", nl=False)
        try:
            pluginController.enable_plugin(name)
            click.secho(" ok", fg="green")
        except NotFound:
            click.secho(" not installed / not found", fg="red")
@plugin.command()
@click.argument("plugin", nargs=-1, required=True, type=str)
@with_appcontext
@pass_context
 def disable(ctx, plugin):
    """Disable one or more plugins"""
    for name in plugin:
        click.echo(f"Disabling {name}{'.'*(20-len(name))}", nl=False)
        try:
            pluginController.disable_plugin(name)
            click.secho(" ok", fg="green")
        except NotFound:
            click.secho(" not installed / not found", fg="red")
@plugin.command()
@click.argument("plugin", nargs=-1, type=str)
@click.option("--all", help="Install all enabled plugins", is_flag=True)
@with_appcontext
@pass_context
 def install(ctx: click.Context, plugin, all):
    """Install one or more plugins"""
    all_plugins = entry_points(group="flaschengeist.plugins")
    if all:
        plugins = [ep.name for ep in all_plugins]
    elif len(plugin) > 0:
        plugins = plugin
        for name in plugin:
            if not all_plugins.select(name=name):
                ctx.fail(f"Invalid plugin name, could not find >{name}<")
    else:
        ctx.fail("At least one plugin must be specified, or use `--all` flag.")
    for name in plugins:
        click.echo(f"Installing {name}{'.'*(20-len(name))}", nl=False)
        try:
            pluginController.install_plugin(name)
        except Exception as e:
            click.secho(" failed", fg="red")
            if logger.getEffectiveLevel() > 10:
                ctx.fail(f"[{e.__class__.__name__}] {e}")
            else:
                ctx.fail(traceback.format_exc())
        else:
            click.secho(" ok", fg="green")
@plugin.command()
@click.argument("plugin", nargs=-1, required=True, type=str)
@with_appcontext
@pass_context
 def uninstall(ctx: click.Context, plugin):
    """Uninstall one or more plugins"""
    plugins = {plg.name: plg for plg in pluginController.get_installed_plugins() if plg.name in plugin}
    try:
        for name in plugin:
            pluginController.disable_plugin(plugins[name])
            if (
                click.prompt(
                    "You are going to uninstall:\n\n"
                    f"\t{', '.join([plugin_name for plugin_name in plugins.keys()])}\n\n"
                    "Are you sure?",
                    default="n",
                    show_choices=True,
                    type=click.Choice(["y", "N"], False),
                ).lower()
                != "y"
            ):
                ctx.exit()
            click.echo(f"Uninstalling {name}{'.'*(20-len(name))}", nl=False)
            pluginController.uninstall_plugin(plugins[name])
            click.secho(" ok", fg="green")
    except KeyError:
        ctx.fail(f"Invalid plugin ID, could not find >{name}<")
@plugin.command()
@click.option("--enabled", "-e", help="List only enabled plugins", is_flag=True)
@click.option("--no-header", "-n", help="Do not show header", is_flag=True)
@with_appcontext
 def ls(enabled, no_header):
    def plugin_version(p):
        if isinstance(p, EntryPoint):
            return p.dist.version
        return p.version
    plugins = entry_points(group="flaschengeist.plugins")
    installed_plugins = {plg.name: plg for plg in pluginController.get_installed_plugins()}
    loaded_plugins = current_app.config["FG_PLUGINS"].keys()
    if not no_header:
        print(f"{' '*13}{'name': <20}|   version   | {' ' * 8} state")
        print("-" * 63)
    for plugin in plugins:
        is_installed = plugin.name in installed_plugins.keys()
        is_enabled = is_installed and installed_plugins[plugin.name].enabled
        if enabled and is_enabled:
            continue
        print(f"{plugin.name: <33}|{plugin_version(plugin): >12} |  ", end="")
        if is_enabled:
            if plugin.name in loaded_plugins:
                print(click.style("      enabled", fg="green"))
            else:
                print(click.style("(failed to load)", fg="red"))
        elif is_installed:
            print(click.style("     disabled", fg="yellow"))
        else:
            print("not installed")
    for name, plugin in installed_plugins.items():
        if plugin.enabled and name not in loaded_plugins:
            print(f"{name: <33}|{'': >12} |" f"{click.style(' failed to load', fg='red')}")
--- a/flaschengeist/cli/run_cmd.py
+++ b/flaschengeist/cli/run_cmd.py
@ -0,0 +1,38 @@
 import click
 from os import environ
 from flask import current_app
 from flask.cli import with_appcontext, run_command
 class PrefixMiddleware(object):
    def __init__(self, app, prefix=""):
        self.app = app
        self.prefix = prefix
    def __call__(self, environ, start_response):
        if environ["PATH_INFO"].startswith(self.prefix):
            environ["PATH_INFO"] = environ["PATH_INFO"][len(self.prefix) :]
            environ["SCRIPT_NAME"] = self.prefix
            return self.app(environ, start_response)
        else:
            start_response("404", [("Content-Type", "text/plain")])
            return ["This url does not belong to the app.".encode()]
@click.command()
@click.option("--host", help="set hostname to listen on", default="127.0.0.1", show_default=True)
@click.option("--port", help="set port to listen on", type=int, default=5000, show_default=True)
@click.option("--debug", help="run in debug mode", is_flag=True)
@with_appcontext
@click.pass_context
 def run(ctx, host, port, debug):
    """Run Flaschengeist using a development server."""
    from flaschengeist.config import config
    current_app.wsgi_app = PrefixMiddleware(current_app.wsgi_app, prefix=config["FLASCHENGEIST"].get("root", ""))
    if debug:
        environ["FLASK_DEBUG"] = "1"
        environ["FLASK_ENV"] = "development"
    ctx.invoke(run_command, reload=True, host=host, port=port, debugger=debug)
--- a/flaschengeist/config.py
+++ b/flaschengeist/config.py
@ -1,12 +1,12 @@
 import os
 import toml
 import logging.config
 import collections.abc
 from pathlib import Path
 from logging.config import dictConfig
 from werkzeug.middleware.proxy_fix import ProxyFix
 from flaschengeist import _module_path, logger
 from flaschengeist import logger
 # Default config:
 config = {"DATABASE": {"engine": "mysql", "port": 3306}}
@ -23,7 +23,7 @@ def update_dict(d, u):
 def read_configuration(test_config):
    global config
-    paths = [_module_path]
+    paths = [Path(__file__).parent]
    if not test_config:
        paths.append(Path.home() / ".config")
@ -33,7 +33,7 @@ def read_configuration(test_config):
    for loc in paths:
        try:
            with (loc / "flaschengeist.toml").open() as source:
-                print("Reading config file from >{}<".format(loc))
+                logger.warning(f"Reading config file from >{loc}<")  # default root logger, goes to stderr
                update_dict(config, toml.load(source))
        except IOError:
            pass
@ -42,26 +42,33 @@ def read_configuration(test_config):
 def configure_logger():
-    global config
+    """Configure the logger
    # Read default config
    logger_config = toml.load(_module_path / "logging.toml")
    force_console: Force a console handler
    """
    def set_level(level):
        # TRACE means even with werkzeug's request traces
        if isinstance(level, str) and level.lower() == "trace":
            level = "DEBUG"
            logger_config["loggers"]["werkzeug"] = {"level": level}
        logger_config["loggers"]["flaschengeist"] = {"level": level}
        logger_config["handlers"]["wsgi"]["level"] = level
    # Read default config
    logger_config = toml.load(Path(__file__).parent / "logging.toml")
    if "LOGGING" in config:
        # Override with user config
        update_dict(logger_config, config.get("LOGGING"))
        # Check for shortcuts
        if "level" in config["LOGGING"]:
-            logger_config["loggers"]["flaschengeist"] = {"level": config["LOGGING"]["level"]}
+            set_level(config["LOGGING"]["level"])
-            logger_config["handlers"]["console"]["level"] = config["LOGGING"]["level"]
+
-            logger_config["handlers"]["file"]["level"] = config["LOGGING"]["level"]
+    # Override logging, used e.g. by CLI
-        if not config["LOGGING"].get("console", True):
+    if "FG_LOGGING" in os.environ:
-            logger_config["handlers"]["console"]["level"] = "CRITICAL"
+        set_level(os.environ.get("FG_LOGGING", "CRITICAL"))
-        if "file" in config["LOGGING"]:
+
-            logger_config["root"]["handlers"].append("file")
+    dictConfig(logger_config)
            logger_config["handlers"]["file"]["filename"] = config["LOGGING"]["file"]
            path = Path(config["LOGGING"]["file"])
            path.parent.mkdir(parents=True, exist_ok=True)
    logging.config.dictConfig(logger_config)
 def configure_app(app, test_config=None):
@ -70,21 +77,11 @@ def configure_app(app, test_config=None):
    configure_logger()
    # Always enable this builtin plugins!
    update_dict(
        config,
        {
            "auth": {"enabled": True},
            "roles": {"enabled": True},
            "users": {"enabled": True},
        },
    )
    if "secret_key" not in config["FLASCHENGEIST"]:
-        logger.warning("No secret key was configured, please configure one for production systems!")
+        logger.critical("No secret key was configured, please configure one for production systems!")
-        app.config["SECRET_KEY"] = "0a657b97ef546da90b2db91862ad4e29"
+        raise RuntimeError("No secret key was configured")
-    else:
+
-        app.config["SECRET_KEY"] = config["FLASCHENGEIST"]["secret_key"]
+    app.config["SECRET_KEY"] = config["FLASCHENGEIST"]["secret_key"]
    if test_config is not None:
        config["DATABASE"]["engine"] = "sqlite"
--- a/flaschengeist/controller/init.py
+++ b/flaschengeist/controller/init.py
@ -0,0 +1 @@
 """Basic controllers for interaction with the Flaschengeist core"""
--- a/flaschengeist/controller/imageController.py
+++ b/flaschengeist/controller/imageController.py
@ -1,15 +1,14 @@
 from datetime import date
 from flask import send_file
 from pathlib import Path
 from flask import send_file
 from PIL import Image as PImage
 from werkzeug.exceptions import NotFound, UnprocessableEntity
 from werkzeug.datastructures import FileStorage
 from werkzeug.utils import secure_filename
 from werkzeug.datastructures import FileStorage
 from werkzeug.exceptions import NotFound, UnprocessableEntity
-from flaschengeist.models.image import Image
+from ..models import Image
-from flaschengeist.database import db
+from ..database import db
-from flaschengeist.config import config
+from ..config import config
 def check_mimetype(mime: str):
--- a/flaschengeist/controller/messageController.py
+++ b/flaschengeist/controller/messageController.py
@ -1,5 +1,5 @@
-from flaschengeist.utils.hook import Hook
+from ..utils.hook import Hook
-from flaschengeist.models.user import User, Role
+from ..models import User, Role
 class Message:
--- a/flaschengeist/controller/pluginController.py
+++ b/flaschengeist/controller/pluginController.py
@ -0,0 +1,154 @@
 """Controller for Plugin logic
 Used by plugins for setting and notification functionality.
 """
 from typing import Union
 from flask import current_app
 from werkzeug.exceptions import NotFound, BadRequest
 from sqlalchemy.exc import OperationalError, ProgrammingError
 from flask_migrate import upgrade as database_upgrade
 from importlib.metadata import entry_points
 from flaschengeist import version as flaschengeist_version
 from .. import logger
 from ..database import db
 from ..utils.hook import Hook
 from ..plugins import Plugin, AuthPlugin
 from ..models import Notification
 __required_plugins = ["users", "roles", "scheduler", "auth"]
 def get_authentication_provider():
    return [current_app.config["FG_PLUGINS"][plugin.name] for plugin in get_loaded_plugins().values() if isinstance(plugin, AuthPlugin)]
 def get_loaded_plugins(plugin_name: str = None):
    """Get loaded plugin(s)"""
    plugins = current_app.config["FG_PLUGINS"]
    if plugin_name is not None:
        plugins = [plugins[plugin_name]]
    return {name: db.session.merge(plugins[name], load=False) for name in plugins}
 def get_installed_plugins() -> list[Plugin]:
    """Get all installed plugins"""
    return Plugin.query.all()
 def get_enabled_plugins() -> list[Plugin]:
    """Get all installed and enabled plugins"""
    try:
        enabled_plugins = Plugin.query.filter(Plugin.enabled == True).all()
    except (OperationalError, ProgrammingError) as e:
        logger.error("Could not connect to database or database not initialized! No plugins enabled!")
        logger.debug("Can not query enabled plugins", exc_info=True)
        # Fake load required plugins so the database can at least be installed
        enabled_plugins = [
            entry_points(group="flaschengeist.plugins", name=name)[0].load()(
                name=name, enabled=True, installed_version=flaschengeist_version
            )
            for name in __required_plugins
        ]
    return enabled_plugins
 def notify(plugin_id: str, user, text: str, data=None):
    """Create a new notification for an user
    Args:
        plugin_id: ID of the plugin
        user: `flaschengeist.models.user.User` to notify
        text: Visibile notification text
        data: Optional data passed to the notificaton
    Returns:
        ID of the created `flaschengeist.models.notification.Notification`
    Hint: use the data for frontend actions.
    """
    if not user.deleted:
        n = Notification(text=text, data=data, plugin=plugin_id, user_=user)
        db.session.add(n)
        db.session.commit()
        return n.id
@Hook("plugins.installed")
 def install_plugin(plugin_name: str):
    logger.debug(f"Installing plugin {plugin_name}")
    entry_point = entry_points(group="flaschengeist.plugins", name=plugin_name)
    if not entry_point:
        raise NotFound
    cls = entry_point[0].load()
    plugin: Plugin = cls.query.filter(Plugin.name == plugin_name).one_or_none()
    if plugin is None:
        plugin = cls(name=plugin_name, installed_version=entry_point[0].dist.version)
        db.session.add(plugin)
    db.session.commit()
    # Custom installation steps
    plugin.install()
    # Check migrations
    directory = entry_point[0].dist.locate_file("")
    for loc in entry_point[0].module.split(".") + ["migrations"]:
        directory /= loc
    if directory.exists():
        database_upgrade(revision=f"{plugin_name}@head")
    return plugin
@Hook("plugin.uninstalled")
 def uninstall_plugin(plugin_id: Union[str, int, Plugin]):
    plugin = disable_plugin(plugin_id)
    logger.debug(f"Uninstall plugin {plugin.name}")
    plugin.uninstall()
    db.session.delete(plugin)
    db.session.commit()
@Hook("plugins.enabled")
 def enable_plugin(plugin_id: Union[str, int]) -> Plugin:
    logger.debug(f"Enabling plugin {plugin_id}")
    plugin = Plugin.query
    if isinstance(plugin_id, str):
        plugin = plugin.filter(Plugin.name == plugin_id).one_or_none()
    elif isinstance(plugin_id, int):
        plugin = plugin.get(plugin_id)
    else:
        raise TypeError
    if plugin is None:
        raise NotFound
    plugin.enabled = True
    db.session.commit()
    plugin = plugin.entry_point.load().query.get(plugin.id)
    current_app.config["FG_PLUGINS"][plugin.name] = plugin
    return plugin
@Hook("plugins.disabled")
 def disable_plugin(plugin_id: Union[str, int, Plugin]):
    logger.debug(f"Disabling plugin {plugin_id}")
    plugin: Plugin = Plugin.query
    if isinstance(plugin_id, str):
        plugin = plugin.filter(Plugin.name == plugin_id).one_or_none()
    elif isinstance(plugin_id, int):
        plugin = plugin.get(plugin_id)
    elif isinstance(plugin_id, Plugin):
        plugin = plugin_id
    else:
        raise TypeError
    if plugin is None:
        raise NotFound
    if plugin.name in __required_plugins:
        raise BadRequest
    plugin.enabled = False
    db.session.commit()
    if plugin.name in current_app.config["FG_PLUGINS"].keys():
        del current_app.config["FG_PLUGINS"][plugin.name]
    return plugin
--- a/flaschengeist/controller/roleController.py
+++ b/flaschengeist/controller/roleController.py
@ -1,23 +1,32 @@
 from typing import Union
 from sqlalchemy.exc import IntegrityError
-from werkzeug.exceptions import BadRequest, NotFound
+from werkzeug.exceptions import BadRequest, Conflict, NotFound
-from flaschengeist.models.user import Role, Permission
+from .. import logger
-from flaschengeist.database import db, case_sensitive
+from ..models import Role, Permission
-from flaschengeist import logger
+from ..database import db, case_sensitive
-from flaschengeist.utils.hook import Hook
+from ..utils.hook import Hook
 def get_all():
    return Role.query.all()
-def get(role_name):
+def get(role_name: Union[int, str]) -> Role:
    """Get role by ID or name
    Args:
        role_name: Name or ID of the role
    Returns:
        Matching role
    Raises:
        NotFound
    """
    if type(role_name) is int:
        role = Role.query.get(role_name)
    else:
        role = Role.query.filter(Role.name == role_name).one_or_none()
    if not role:
-        raise NotFound
+        raise NotFound("no such role")
    return role
@ -27,15 +36,8 @@ def get_permissions():
@Hook
 def update_role(role, new_name):
-    if new_name is None:
+    if new_name is None or not isinstance(new_name, str):
-        try:
+        raise BadRequest("Invalid new name")
            logger.debug(f"Hallo, dies ist die {role.serialize()}")
            db.session.delete(role)
            logger.debug(f"Hallo, dies ist die {role.serialize()}")
            db.session.commit()
        except IntegrityError:
            logger.debug("IntegrityError: Role might still be in use", exc_info=True)
            raise BadRequest("Role still in use")
    else:
        if role.name == new_name or db.session.query(db.exists().where(Role.name == case_sensitive(new_name))).scalar():
            raise BadRequest("Name already used")
@ -44,11 +46,10 @@ def update_role(role, new_name):
 def set_permissions(role, permissions):
-    for name in permissions:
+    perms = Permission.query.filter(Permission.name.in_(permissions)).all()
-        p = Permission.query.filter(Permission.name.in_(permissions)).all()
+    if len(perms) < len(permissions):
-        if not p or len(p) < len(permissions):
+        raise BadRequest("Invalid permission name")
-            raise BadRequest("Invalid permission name >{}<".format(name))
+    role.permissions = list(perms)
        role.permissions = list(p)
    db.session.commit()
@ -63,14 +64,22 @@ def create_permissions(permissions):
 def create_role(name: str, permissions=[]):
    logger.debug(f"Create new role with name: {name}")
-    role = Role(name=name)
+    try:
-    db.session.add(role)
+        role = Role(name=name)
-    set_permissions(role, permissions)
+        db.session.add(role)
-    db.session.commit()
+        set_permissions(role, permissions)
-    logger.debug(f"Created role: {role.serialize()}")
+        db.session.commit()
        logger.debug(f"Created role: {role.serialize()}")
    except IntegrityError:
        raise BadRequest("role already exists")
    return role
 def delete(role):
    role.permissions.clear()
-    update_role(role, None)
+    try:
        db.session.delete(role)
        db.session.commit()
    except IntegrityError:
        logger.debug("IntegrityError: Role might still be in use", exc_info=True)
        raise Conflict("Role still in use")
--- a/flaschengeist/controller/sessionController.py
+++ b/flaschengeist/controller/sessionController.py
@ -1,14 +1,46 @@
 import secrets
-from flaschengeist.models.session import Session
+
 from flaschengeist.database import db
 from flaschengeist import logger
 from werkzeug.exceptions import Forbidden, Unauthorized
 from datetime import datetime, timezone
 from werkzeug.exceptions import Forbidden, Unauthorized
 from .. import logger
 from ..models import Session
 from ..database import db
 lifetime = 1800
-def validate_token(token, user_agent, permission):
+def __get_user_agent_platform(ua: str):
    if "Win" in ua:
        return "windows"
    if "Mac" in ua:
        return "macintosh"
    if "Linux" in ua:
        return "linux"
    if "Android" in ua:
        return "android"
    if "like Mac" in ua:
        return "ios"
    return "unknown"
 def __get_user_agent_browser(ua: str):
    ua_str = ua.lower()
    if "firefox" in ua_str or "fxios" in ua_str:
        return "firefox"
    if "safari" in ua_str:
        return "safari"
    if "opr/" in ua_str:
        return "opera"
    if "edg" in ua_str:
        return "edge"
    if "chrom" in ua_str or "crios" in ua_str:
        return "chrome"
    return "unknown"
 def validate_token(token, request_headers, permission):
    """Verify session
    Verify a Session and Roles so if the User has permission or not.
@ -16,7 +48,7 @@ def validate_token(token, user_agent, permission):
    Args:
        token: Token to verify.
-        user_agent: User agent of browser to check
+        request_headers: Headers to validate user agent of browser
        permission: Permission needed to access restricted routes
    Returns:
        A Session for this given Token
@ -28,8 +60,16 @@ def validate_token(token, user_agent, permission):
    session = Session.query.filter_by(token=token).one_or_none()
    if session:
        logger.debug("token found, check if expired or invalid user agent differs")
        platform = request_headers.get("Sec-CH-UA-Platform", None) or __get_user_agent_platform(
            request_headers.get("User-Agent", "")
        )
        browser = request_headers.get("Sec-CH-UA", None) or __get_user_agent_browser(
            request_headers.get("User-Agent", "")
        )
        if session.expires >= datetime.now(timezone.utc) and (
-            session.browser == user_agent.browser and session.platform == user_agent.platform
+            session.browser == browser and session.platform == platform
        ):
            if not permission or session.user_.has_permission(permission):
                session.refresh()
@ -44,12 +84,12 @@ def validate_token(token, user_agent, permission):
    raise Unauthorized
-def create(user, user_agent=None) -> Session:
+def create(user, request_headers=None) -> Session:
    """Create a Session
    Args:
        user: For which User is to create a Session
-        user_agent: User agent to identify session
+        request_headers: Headers to validate user agent of browser
    Returns:
            Session: A created Token for User
@ -60,8 +100,10 @@ def create(user, user_agent=None) -> Session:
        token=token_str,
        user_=user,
        lifetime=lifetime,
-        browser=user_agent.browser,
+        platform=request_headers.get("Sec-CH-UA-Platform", None)
-        platform=user_agent.platform,
+        or __get_user_agent_platform(request_headers.get("User-Agent", "")),
        browser=request_headers.get("Sec-CH-UA", None)
        or __get_user_agent_browser(request_headers.get("User-Agent", "")),
    )
    session.refresh()
    db.session.add(session)
--- a/flaschengeist/controller/userController.py
+++ b/flaschengeist/controller/userController.py
@ -1,16 +1,27 @@
 import re
 import secrets
-from flask import current_app
+
 from io import BytesIO
 from sqlalchemy import exc
 from sqlalchemy_utils import merge_references
 from datetime import datetime, timedelta, timezone
 from flask.helpers import send_file
 from werkzeug.exceptions import NotFound, BadRequest, Forbidden
-from flaschengeist import logger
+from .. import logger
-from flaschengeist.config import config
+from ..config import config
-from flaschengeist.database import db
+from ..database import db
-from flaschengeist.models.notification import Notification
+from ..models import Notification, User, Role
-from flaschengeist.utils.hook import Hook
+from ..models.user import _PasswordReset
-from flaschengeist.utils.datetime import from_iso_format
+from ..utils.hook import Hook
-from flaschengeist.models.user import User, Role, _PasswordReset
+from ..utils.datetime import from_iso_format
-from flaschengeist.controller import messageController, sessionController
+from ..controller import imageController, messageController, pluginController, sessionController
 from ..plugins import AuthPlugin
 def __active_users():
    """Return query for not deleted users"""
    return User.query.filter(User.deleted == False)
 def _generate_password_reset(user):
@ -30,17 +41,33 @@ def _generate_password_reset(user):
    return reset
 def get_provider(userid: str):
    return [p for p in pluginController.get_authentication_provider() if p.user_exists(userid)][0]
@Hook
 def update_user(user: User, backend: AuthPlugin):
    """Update user data from backend
    This is seperate function to provide a hook"""
    backend.update_user(user)
    if not user.display_name:
        user.display_name = "{} {}.".format(user.firstname, user.lastname[0])
    db.session.commit()
 def login_user(username, password):
    logger.info("login user {{ {} }}".format(username))
-
+    for provider in pluginController.get_authentication_provider():
-    user = find_user(username)
+        uid = provider.login(username, password)
-    if not user:
+        if isinstance(uid, str):
-        logger.debug("User not found in Database.")
+            user = get_user(uid)
-        user = User(userid=username)
+            if not user:
-        db.session.add(user)
+                logger.debug("User not found in Database.")
-    if current_app.config["FG_AUTH_BACKEND"].login(user, password):
+                user = User(userid=uid)
-        update_user(user)
+                db.session.add(user)
-        return user
+            update_user(user, provider)
            return user
    return None
@ -73,26 +100,30 @@ def reset_password(token: str, password: str):
    db.session.commit()
-@Hook
+def set_roles(user: User, roles: list[str], create=False):
-def update_user(user):
+    """Set roles of user
-    current_app.config["FG_AUTH_BACKEND"].update_user(user)
+
-    if not user.display_name:
+    Args:
-        user.display_name = "{} {}.".format(user.firstname, user.lastname[0])
+        user: User to set roles of
-    db.session.commit()
+        roles: List of role names
        create: If set to true, create not existing roles
    Raises:
        BadRequest if invalid arguments given or not all roles found while *create* is set to false
    """
    from .roleController import create_role
    if not isinstance(roles, list) and any([not isinstance(r, str) for r in roles]):
        raise BadRequest("Invalid role name")
    fetched = Role.query.filter(Role.name.in_(roles)).all()
    if len(fetched) < len(roles):
        if not create:
            raise BadRequest("Invalid role name, role not found")
        # Create all new roles
        fetched += [create_role(role_name) for role_name in roles if not any([role_name == r.name for r in fetched])]
    user.roles_ = fetched
-def set_roles(user: User, roles: [str], create=False):
+def modify_user(user: User, password: str, new_password: str = None):
    user.roles_.clear()
    for role_name in roles:
        role = Role.query.filter(Role.name == role_name).one_or_none()
        if not role:
            if not create:
                raise BadRequest("Role not found >{}<".format(role_name))
            role = Role(name=role_name)
        user.roles_.append(role)
 def modify_user(user, password, new_password=None):
    """Modify given user on the backend
    Args:
@ -104,7 +135,8 @@ def modify_user(user, password, new_password=None):
        NotImplemented: If backend is not capable of this operation
        BadRequest: Password is wrong or other logic issues
    """
-    current_app.config["FG_AUTH_BACKEND"].modify_user(user, password, new_password)
+    provider = get_provider(user.userid)
    provider.modify_user(user, password, new_password)
    if new_password:
        logger.debug(f"Password changed for user {user.userid}")
@ -118,97 +150,133 @@ def modify_user(user, password, new_password=None):
        messageController.send_message(messageController.Message(user, text, subject))
-def get_users():
+def get_users(deleted=False):
-    return User.query.all()
+    query = __active_users() if not deleted else User.query
    return query.all()
 def get_user_by_role(role: Role):
    return User.query.join(User.roles_).filter_by(role_id=role.id).all()
-def get_user(uid):
+def get_user(uid, deleted=False) -> User:
    """Get an user by userid from database
    Args:
        uid: Userid to search for
        deleted: Set to true to also search deleted users
    Returns:
        User fround
    Raises:
        NotFound if not found"""
-    user = User.query.filter(User.userid == uid).one_or_none()
+    user = (__active_users() if not deleted else User.query).filter(User.userid == uid).one_or_none()
    if not user:
        raise NotFound
    return user
-def find_user(uid_mail):
+@Hook
-    """Finding an user by userid or mail in database or auth-backend
+def delete_user(user: User):
    Args:
        uid_mail: userid and or mail to search for
    Returns:
        User if found or None
    """
    mail = uid_mail.split("@")
    mail = len(mail) == 2 and len(mail[0]) > 0 and len(mail[1]) > 0
    query = User.userid == uid_mail
    if mail:
        query |= User.mail == uid_mail
    user = User.query.filter(query).one_or_none()
    if user:
        update_user(user)
    else:
        user = current_app.config["FG_AUTH_BACKEND"].find_user(uid_mail, uid_mail if mail else None)
        if user:
            db.session.add(user)
            db.session.commit()
    return user
 def delete(user):
    """Delete given user"""
-    current_app.config["FG_AUTH_BACKEND"].delete_user(user)
+    # First let the backend delete the user, as this might fail
-    db.session.delete(user)
+    provider = get_provider(user.userid)
    provider.delete_user(user)
    # Clear all easy relationships
    user.avatar_ = None
    user._attributes.clear()
    user.roles_.clear()
    user.sessions_.clear()
    user.reset_requests_.clear()
    # Now move all other references to the DELETED_USER
    try:
        deleted_user = get_user("__deleted_user__", True)
    except NotFound:
        deleted_user = User(
            userid="__deleted_user__", firstname="USER", lastname="DELETED", display_name="DELETED USER", deleted=True
        )
        db.session.add(user)
        db.session.flush()
    merge_references(user, deleted_user)
    db.session.commit()
    # Now try to delete the user for real
    try:
        db.session.delete(user)
        db.session.commit()
    except exc.IntegrityError:
        logger.error("Delete of user failed, there might be ForeignKey contraits from disabled plugins", exec_info=True)
        # Remove at least all personal data
        user.userid = f"__deleted_user__{user.id_}"
        user.display_name = "DELETED USER"
        user.firstname = ""
        user.lastname = ""
        user.deleted = True
        user.birthday = None
        user.mail = None
        db.session.commit()
-def register(data):
+def register(data, passwd=None):
    """Register a new user
    Args:
        data: dictionary containing valid user properties
        passwd: optional a password, default: 16byte random
    """
    allowed_keys = User().serialize().keys()
    values = {key: value for key, value in data.items() if key in allowed_keys}
    roles = values.pop("roles", [])
-    if "birthday" in values:
+    if "birthday" in data:
-        values["birthday"] = from_iso_format(values["birthday"]).date()
+        values["birthday"] = from_iso_format(data["birthday"]).date()
    if "mail" in data and not re.match(r"[^@]+@[^@]+\.[^@]+", data["mail"]):
        raise BadRequest("Invalid mail given")
    user = User(**values)
    set_roles(user, roles)
-    password = secrets.token_urlsafe(16)
+    password = passwd if passwd else secrets.token_urlsafe(16)
-    current_app.config["FG_AUTH_BACKEND"].create_user(user, password)
+    try:
-    db.session.add(user)
+        provider = [p for p in pluginController.get_authentication_provider() if p.can_register()][0]
-    db.session.commit()
+        provider.create_user(user, password)
        db.session.add(user)
        db.session.commit()
    except IndexError as e:
        logger.error("No authentication backend, allowing registering new users, found.")
        raise e
    except exc.IntegrityError:
        raise BadRequest("userid already in use")
-    reset = _generate_password_reset(user)
+    if user.mail:
        reset = _generate_password_reset(user)
-    subject = str(config["MESSAGES"]["welcome_subject"]).format(name=user.display_name, username=user.userid)
+        subject = str(config["MESSAGES"]["welcome_subject"]).format(name=user.display_name, username=user.userid)
-    text = str(config["MESSAGES"]["welcome_text"]).format(
+        text = str(config["MESSAGES"]["welcome_text"]).format(
-        name=user.display_name,
+            name=user.display_name,
-        username=user.userid,
+            username=user.userid,
-        password_link=f'https://{config["FLASCHENGEIST"]["domain"]}/reset?token={reset.token}',
+            password_link=f'https://{config["FLASCHENGEIST"]["domain"]}/reset?token={reset.token}',
-    )
+        )
-    messageController.send_message(messageController.Message(user, text, subject))
+        messageController.send_message(messageController.Message(user, text, subject))
    provider.update_user(user)
    return user
 def load_avatar(user: User):
-    return current_app.config["FG_AUTH_BACKEND"].get_avatar(user)
+    if user.avatar_ is not None:
        return imageController.send_image(image=user.avatar_)
    else:
        provider = get_provider(user.userid)
        avatar = provider.get_avatar(user)
        if len(avatar.binary) > 0:
            return send_file(BytesIO(avatar.binary), avatar.mimetype)
    raise NotFound
-def save_avatar(user, avatar):
+def save_avatar(user, file):
-    current_app.config["FG_AUTH_BACKEND"].set_avatar(user, avatar)
+    get_provider(user.userid).set_avatar(user, file)
    db.session.commit()
 def delete_avatar(user):
-    current_app.config["FG_AUTH_BACKEND"].delete_avatar(user)
+    get_provider(user.userid).delete_avatar(user)
    db.session.commit()
--- a/flaschengeist/database.py
+++ b/flaschengeist/database.py
@ -1,11 +0,0 @@
 from flask_sqlalchemy import SQLAlchemy
 db = SQLAlchemy()
 def case_sensitive(s):
    if db.session.bind.dialect.name == "mysql":
        from sqlalchemy import func
        return func.binary(s)
    return s
--- a/flaschengeist/database/init.py
+++ b/flaschengeist/database/init.py
@ -0,0 +1,74 @@
 import os
 from flask_migrate import Migrate, Config
 from flask_sqlalchemy import SQLAlchemy
 from importlib.metadata import EntryPoint, entry_points, distribution
 from sqlalchemy import MetaData
 from flaschengeist.alembic import alembic_script_path
 from flaschengeist import logger
 from flaschengeist.controller import pluginController
 # https://alembic.sqlalchemy.org/en/latest/naming.html
 metadata = MetaData(
    naming_convention={
        "pk": "pk_%(table_name)s",
        "ix": "ix_%(table_name)s_%(column_0_name)s",
        "uq": "uq_%(table_name)s_%(column_0_name)s",
        "ck": "ck_%(table_name)s_%(constraint_name)s",
        "fk": "fk_%(table_name)s_%(column_0_name)s_%(referred_table_name)s",
    }
 )
 db = SQLAlchemy(metadata=metadata)
 migrate = Migrate()
@migrate.configure
 def configure_alembic(config: Config):
    """Alembic configuration hook
    Inject all migrations paths into the ``version_locations`` config option.
    This includes even disabled plugins, as simply disabling a plugin without
    uninstall can break the alembic version management.
    """
    # Set main script location
    config.set_main_option("script_location", alembic_script_path)
    # Set Flaschengeist's migrations
    migrations = [config.get_main_option("script_location") + "/migrations"]
    # Gather all migration paths
    for entry_point in entry_points(group="flaschengeist.plugins"):
        try:
            directory = entry_point.dist.locate_file("")
            for loc in entry_point.module.split(".") + ["migrations"]:
                directory /= loc
            if directory.exists():
                logger.debug(f"Adding migration version path {directory}")
                migrations.append(str(directory.resolve()))
        except:
            logger.warning(f"Could not load migrations of plugin {entry_point.name} for database migration.")
            logger.debug("Plugin loading failed", exc_info=True)
    # write back seperator (we changed it if neither seperator nor locations were specified)
    config.set_main_option("version_path_separator", os.pathsep)
    config.set_main_option("version_locations", os.pathsep.join(set(migrations)))
    return config
 def case_sensitive(s):
    """
        Compare string as case sensitive on the database
    Args:
        s: string to compare
    Example:
        User.query.filter(User.name == case_sensitive(some_string))
    """
    if db.session.bind.dialect.name == "mysql":
        from sqlalchemy import func
        return func.binary(s)
    return s
--- a/flaschengeist/database/types.py
+++ b/flaschengeist/database/types.py
@ -0,0 +1,94 @@
 from importlib import import_module
 import datetime
 from sqlalchemy import BigInteger, util
 from sqlalchemy.dialects import mysql, sqlite
 from sqlalchemy.types import DateTime, TypeDecorator
 class ModelSerializeMixin:
    """Mixin class used for models to serialize them automatically
    Ignores private and protected members as well as members marked as not to publish (name ends with _)
    """
    def __is_optional(self, param):
        import typing
        module = import_module("flaschengeist.models").__dict__
        hint = typing.get_type_hints(self.__class__, globalns=module)[param]
        if (
            typing.get_origin(hint) is typing.Union
            and len(typing.get_args(hint)) == 2
            and typing.get_args(hint)[1] is type(None)
        ):
            return getattr(self, param) is None
    def serialize(self):
        """Serialize class to dict
        Returns:
            Dict of all not private or protected annotated member variables.
        """
        d = {
            param: getattr(self, param)
            for param in self.__class__.__annotations__
            if not param.startswith("_") and not param.endswith("_") and not self.__is_optional(param)
        }
        if len(d) == 1:
            key, value = d.popitem()
            return value
        return d
    def __str__(self) -> str:
        return self.serialize().__str__()
 class Serial(TypeDecorator):
    """Same as MariaDB Serial used for IDs"""
    cache_ok = True
    impl = BigInteger().with_variant(mysql.BIGINT(unsigned=True), "mysql").with_variant(sqlite.INTEGER(), "sqlite")
    # https://alembic.sqlalchemy.org/en/latest/autogenerate.html?highlight=custom%20column#affecting-the-rendering-of-types-themselves
    def __repr__(self) -> str:
        return util.generic_repr(self)
 class UtcDateTime(TypeDecorator):
    """Almost equivalent to `sqlalchemy.types.DateTime` with
    ``timezone=True`` option, but it differs from that by:
    - Never silently take naive :class:`datetime.datetime`, instead it
      always raise :exc:`ValueError` unless time zone aware value.
    - :class:`datetime.datetime` value's :attr:`datetime.datetime.tzinfo`
      is always converted to UTC.
    - Unlike SQLAlchemy's built-in :class:`sqlalchemy.types.DateTime`,
      it never return naive :class:`datetime.datetime`, but time zone
      aware value, even with SQLite or MySQL.
    """
    cache_ok = True
    impl = DateTime(timezone=True)
    @staticmethod
    def current_utc():
        return datetime.datetime.now(tz=datetime.timezone.utc)
    def process_bind_param(self, value, dialect):
        if value is not None:
            if not isinstance(value, datetime.datetime):
                raise TypeError("expected datetime.datetime, not " + repr(value))
            elif value.tzinfo is None:
                raise ValueError("naive datetime is disallowed")
            return value.astimezone(datetime.timezone.utc)
    def process_result_value(self, value, dialect):
        if value is not None:
            if value.tzinfo is not None:
                value = value.astimezone(datetime.timezone.utc)
            value = value.replace(tzinfo=datetime.timezone.utc)
        return value
    # https://alembic.sqlalchemy.org/en/latest/autogenerate.html?highlight=custom%20column#affecting-the-rendering-of-types-themselves
    def __repr__(self) -> str:
        return util.generic_repr(self)
--- a/flaschengeist/flaschengeist.toml
+++ b/flaschengeist/flaschengeist.toml
@ -11,21 +11,29 @@ root = "/api"
 # Set secret key
 secret_key = "V3ryS3cr3t"
 # Domain used by frontend
 #domain = "flaschengeist.local"
 [LOGGING]
 # You can override all settings from the logging.toml here
 # E.g. override the formatters etc
 #
 # Logging level, possible: DEBUG INFO WARNING ERROR
 level = "DEBUG"
 # Uncomment to enable logging to a file
 # file = "/tmp/flaschengeist-debug.log"
 # Uncomment to disable console logging
 # console = False
 [DATABASE]
 # engine = "mysql" (default)
 host = "localhost"
 user = "flaschengeist"
 password = "flaschengeist"
 database = "flaschengeist"
 [LOGGING]
 # You can override all settings from the logging.toml here
 # Default: Logging to WSGI stream (commonly stderr)
 # Logging level, possible: TRACE DEBUG INFO WARNING ERROR CRITICAL
 # On TRACE level additionally every request will get logged
 level = "DEBUG"
 # If you want the logger to log to a file, you could use:
 #[LOGGING.handlers.file]
 #    class = "logging.handlers.WatchedFileHandler"
 #    level = "WARNING"
 #    formatter = "extended"
 #    encoding = "utf8"
 #    filename = "flaschengeist.log"
 [FILES]
 # Path for file / image uploads
@ -40,12 +48,13 @@ allowed_mimetypes = [
    "image/webp"
 ]
-[auth_plain]
+[scheduler]
-enabled = true
+# Possible values are: "passive_web" (default), "active_web" and "system"
 # See documentation
 # cron = "passive_web"
 [auth_ldap]
 # Full documentation https://flaschengeist.dev/Flaschengeist/flaschengeist/wiki/plugins_auth_ldap
 enabled = false
 # host = "localhost"
 # port = 389
 # base_dn = "dc=example,dc=com"
@ -114,3 +123,5 @@ If this was not you, please contact the support.
 # enabled = true
 # Enable a default limit, will be set if no other limit is set
 # limit = -10.00
 # Uncomment to allow active services to debit other users (requires events plugin)
 # allow_service_debit = true
--- a/flaschengeist/logging.toml
+++ b/flaschengeist/logging.toml
@ -6,22 +6,16 @@ disable_existing_loggers = false
 [formatters]
  [formatters.simple]
-    format = "%(asctime)s - %(levelname)s - %(message)s"
+    format = "[%(asctime)s] %(levelname)s - %(message)s"
  [formatters.extended]
-    format = "%(asctime)s — %(filename)s - %(funcName)s - %(lineno)d - %(threadName)s - %(name)s — %(levelname)s — %(message)s"
+    format = "[%(asctime)s] %(levelname)s %(filename)s - %(funcName)s - %(lineno)d - %(threadName)s - %(name)s — %(message)s"
 [handlers]
-  [handlers.console]
+  [handlers.wsgi]
    stream = "ext://flask.logging.wsgi_errors_stream"
    class = "logging.StreamHandler"
    level = "DEBUG"
    formatter = "simple"
-    stream = "ext://sys.stdout"
+    level = "DEBUG"
  [handlers.file]
    class = "logging.handlers.WatchedFileHandler"
    level = "WARNING"
    formatter = "extended"
    encoding = "utf8"
    filename = "flaschengeist.log"
 [loggers]
  [loggers.werkzeug]
@ -29,4 +23,4 @@ disable_existing_loggers = false
 [root]
  level = "WARNING"
-  handlers = ["console"]
+  handlers = ["wsgi"]
--- a/flaschengeist/models/init.py
+++ b/flaschengeist/models/init.py
@ -1,84 +1,5 @@
-import sys
+from .session import *
-import datetime
+from .user import *
-
+from .plugin import *
-from sqlalchemy import BigInteger
+from .notification import *
-from sqlalchemy.dialects import mysql, sqlite
+from .image import *
 from sqlalchemy.types import DateTime, TypeDecorator
 class ModelSerializeMixin:
    """Mixin class used for models to serialize them automatically
    Ignores private and protected members as well as members marked as not to publish (name ends with _)
    """
    def __is_optional(self, param):
        if sys.version_info < (3, 8):
            return False
        import typing
        hint = typing.get_type_hints(self.__class__)[param]
        if (
            typing.get_origin(hint) is typing.Union
            and len(typing.get_args(hint)) == 2
            and typing.get_args(hint)[1] is type(None)
        ):
            return getattr(self, param) is None
    def serialize(self):
        """Serialize class to dict
        Returns:
            Dict of all not private or protected annotated member variables.
        """
        d = {
            param: getattr(self, param)
            for param in self.__class__.__annotations__
            if not param.startswith("_") and not param.endswith("_") and not self.__is_optional(param)
        }
        if len(d) == 1:
            key, value = d.popitem()
            return value
        return d
 class Serial(TypeDecorator):
    """Same as MariaDB Serial used for IDs"""
    cache_ok = True
    impl = BigInteger().with_variant(mysql.BIGINT(unsigned=True), "mysql").with_variant(sqlite.INTEGER, "sqlite")
 class UtcDateTime(TypeDecorator):
    """Almost equivalent to `sqlalchemy.types.DateTime` with
    ``timezone=True`` option, but it differs from that by:
    - Never silently take naive :class:`datetime.datetime`, instead it
      always raise :exc:`ValueError` unless time zone aware value.
    - :class:`datetime.datetime` value's :attr:`datetime.datetime.tzinfo`
      is always converted to UTC.
    - Unlike SQLAlchemy's built-in :class:`sqlalchemy.types.DateTime`,
      it never return naive :class:`datetime.datetime`, but time zone
      aware value, even with SQLite or MySQL.
    """
    cache_ok = True
    impl = DateTime(timezone=True)
    @staticmethod
    def current_utc():
        return datetime.datetime.now(tz=datetime.timezone.utc)
    def process_bind_param(self, value, dialect):
        if value is not None:
            if not isinstance(value, datetime.datetime):
                raise TypeError("expected datetime.datetime, not " + repr(value))
            elif value.tzinfo is None:
                raise ValueError("naive datetime is disallowed")
            return value.astimezone(datetime.timezone.utc)
    def process_result_value(self, value, dialect):
        if value is not None:
            if value.tzinfo is not None:
                value = value.astimezone(datetime.timezone.utc)
            value = value.replace(tzinfo=datetime.timezone.utc)
        return value
--- a/flaschengeist/models/image.py
+++ b/flaschengeist/models/image.py
@ -1,19 +1,19 @@
-from __future__ import annotations  # TODO: Remove if python requirement is >= 3.10
+from __future__ import annotations  # TODO: Remove if python requirement is >= 3.12 (? PEP 563 is defered)
 from sqlalchemy import event
 from pathlib import Path
 from . import ModelSerializeMixin, Serial
 from ..database import db
 from ..database.types import ModelSerializeMixin, Serial
 class Image(db.Model, ModelSerializeMixin):
    __tablename__ = "image"
-    id: int = db.Column("id", Serial, primary_key=True)
+    id: int = db.Column(Serial, primary_key=True)
-    filename_: str = db.Column(db.String(127), nullable=False)
+    filename_: str = db.Column("filename", db.String(255), nullable=False)
-    mimetype_: str = db.Column(db.String(30), nullable=False)
+    mimetype_: str = db.Column("mimetype", db.String(127), nullable=False)
-    thumbnail_: str = db.Column(db.String(127))
+    thumbnail_: str = db.Column("thumbnail", db.String(255))
-    path_: str = db.Column(db.String(127))
+    path_: str = db.Column("path", db.String(255))
    def open(self):
        return open(self.path_, "rb")
--- a/flaschengeist/models/notification.py
+++ b/flaschengeist/models/notification.py
@ -1,19 +1,26 @@
-from __future__ import annotations  # TODO: Remove if python requirement is >= 3.10
+from __future__ import annotations  # TODO: Remove if python requirement is >= 3.12 (? PEP 563 is defered)
 from datetime import datetime
 from typing import Any
 from . import Serial, UtcDateTime, ModelSerializeMixin
 from ..database import db
-from .user import User
+from ..database.types import Serial, UtcDateTime, ModelSerializeMixin
 class Notification(db.Model, ModelSerializeMixin):
    __tablename__ = "notification"
    id: int = db.Column("id", Serial, primary_key=True)
    plugin: str = db.Column(db.String(30), nullable=False)
    text: str = db.Column(db.Text)
    data: Any = db.Column(db.PickleType(protocol=4))
    time: datetime = db.Column(UtcDateTime, nullable=False, default=UtcDateTime.current_utc)
-    user_id_: int = db.Column("user_id", Serial, db.ForeignKey("user.id"), nullable=False)
+    user_id_: int = db.Column("user", Serial, db.ForeignKey("user.id"), nullable=False)
    plugin_id_: int = db.Column("plugin", Serial, db.ForeignKey("plugin.id"), nullable=False)
    user_: User = db.relationship("User")
    plugin_: Plugin = db.relationship(
        "Plugin", backref=db.backref("notifications_", cascade="all, delete, delete-orphan")
    )
    @property
    def plugin(self):
        return self.plugin_.name
--- a/flaschengeist/models/plugin.py
+++ b/flaschengeist/models/plugin.py
@ -0,0 +1,72 @@
 from __future__ import annotations  # TODO: Remove if python requirement is >= 3.12 (? PEP 563 is defered)
 from typing import Any
 from sqlalchemy.orm.collections import attribute_mapped_collection
 from ..database import db
 from ..database.types import Serial
 class PluginSetting(db.Model):
    __tablename__ = "plugin_setting"
    id = db.Column("id", Serial, primary_key=True)
    plugin_id: int = db.Column("plugin", Serial, db.ForeignKey("plugin.id"))
    name: str = db.Column(db.String(127), nullable=False)
    value: Any = db.Column(db.PickleType(protocol=4))
 class BasePlugin(db.Model):
    __tablename__ = "plugin"
    id: int = db.Column("id", Serial, primary_key=True)
    name: str = db.Column(db.String(127), nullable=False)
    """Name of the plugin, loaded from distribution"""
    installed_version: str = db.Column("version", db.String(30), nullable=False)
    """The latest installed version"""
    enabled: bool = db.Column(db.Boolean, default=False)
    """Enabled state of the plugin"""
    permissions: list = db.relationship(
        "Permission", cascade="all, delete, delete-orphan", back_populates="plugin_", lazy="select"
    )
    """Optional list of custom permissions used by the plugin
    A good style is to name the permissions with a prefix related to the plugin name,
    to prevent clashes with other plugins. E. g. instead of *delete* use *plugin_delete*.
    """
    __settings: dict[str, "PluginSetting"] = db.relationship(
        "PluginSetting",
        collection_class=attribute_mapped_collection("name"),
        cascade="all, delete, delete-orphan",
        lazy="select",
    )
    def get_setting(self, name: str, **kwargs):
        """Get plugin setting
        Args:
            name: string identifying the setting
            default: Default value
        Returns:
            Value stored in database (native python)
        Raises:
            `KeyError` if no such setting exists in the database
        """
        try:
            return self.__settings[name].value
        except KeyError as e:
            if "default" in kwargs:
                return kwargs["default"]
            raise e
    def set_setting(self, name: str, value):
        """Save setting in database
        Args:
            name: String identifying the setting
            value: Value to be stored
        """
        if value is None and name in self.__settings.keys():
            del self.__settings[name]
        else:
            setting = self.__settings.setdefault(name, PluginSetting(plugin_id=self.id, name=name, value=None))
            setting.value = value
--- a/flaschengeist/models/session.py
+++ b/flaschengeist/models/session.py
@ -1,12 +1,11 @@
-from __future__ import annotations  # TODO: Remove if python requirement is >= 3.10
+from __future__ import annotations  # TODO: Remove if python requirement is >= 3.12 (? PEP 563 is defered)
 from datetime import datetime, timedelta, timezone
 from . import ModelSerializeMixin, UtcDateTime, Serial
 from .user import User
 from flaschengeist.database import db
 from secrets import compare_digest
-from flaschengeist import logger
+
 from .. import logger
 from ..database import db
 from ..database.types import ModelSerializeMixin, UtcDateTime, Serial
 class Session(db.Model, ModelSerializeMixin):
@ -22,8 +21,8 @@ class Session(db.Model, ModelSerializeMixin):
    expires: datetime = db.Column(UtcDateTime)
    token: str = db.Column(db.String(32), unique=True)
    lifetime: int = db.Column(db.Integer)
-    browser: str = db.Column(db.String(30))
+    browser: str = db.Column(db.String(127))
-    platform: str = db.Column(db.String(30))
+    platform: str = db.Column(db.String(64))
    userid: str = ""
    _id = db.Column("id", Serial, primary_key=True)
--- a/flaschengeist/models/setting.py
+++ b/flaschengeist/models/setting.py
@ -1,13 +0,0 @@
 from __future__ import annotations  # TODO: Remove if python requirement is >= 3.10
 from typing import Any
 from . import Serial
 from ..database import db
 class _PluginSetting(db.Model):
    __tablename__ = "plugin_setting"
    id = db.Column("id", Serial, primary_key=True)
    plugin: str = db.Column(db.String(30))
    name: str = db.Column(db.String(30), nullable=False)
    value: Any = db.Column(db.PickleType(protocol=4))
--- a/flaschengeist/models/user.py
+++ b/flaschengeist/models/user.py
@ -1,13 +1,11 @@
-from __future__ import annotations  # TODO: Remove if python requirement is >= 3.10
+from __future__ import annotations  # TODO: Remove if python requirement is >= 3.12 (? PEP 563 is defered)
 from flask import url_for
 from typing import Optional
 from datetime import date, datetime
 from sqlalchemy.orm.collections import attribute_mapped_collection
 from ..database import db
-from . import ModelSerializeMixin, UtcDateTime, Serial
+from ..database.types import ModelSerializeMixin, UtcDateTime, Serial
 association_table = db.Table(
    "user_x_role",
@ -26,7 +24,9 @@ class Permission(db.Model, ModelSerializeMixin):
    __tablename__ = "permission"
    name: str = db.Column(db.String(30), unique=True)
-    _id = db.Column("id", Serial, primary_key=True)
+    id_ = db.Column("id", Serial, primary_key=True)
    plugin_id_: int = db.Column("plugin", Serial, db.ForeignKey("plugin.id"))
    plugin_ = db.relationship("Plugin", lazy="select", back_populates="permissions", enable_typechecks=False)
 class Role(db.Model, ModelSerializeMixin):
@ -52,30 +52,31 @@ class User(db.Model, ModelSerializeMixin):
    """
    __tablename__ = "user"
-    userid: str = db.Column(db.String(30), nullable=False)
+    userid: str = db.Column(db.String(30), unique=True, nullable=False)
    display_name: str = db.Column(db.String(30))
    firstname: str = db.Column(db.String(50), nullable=False)
    lastname: str = db.Column(db.String(50), nullable=False)
-    mail: str = db.Column(db.String(60))
+    deleted: bool = db.Column(db.Boolean(), default=False)
    birthday: Optional[date] = db.Column(db.Date)
    mail: str = db.Column(db.String(60))
    roles: list[str] = []
    permissions: Optional[list[str]] = None
    avatar_url: Optional[str] = ""
    # Protected stuff for backend use only
    id_ = db.Column("id", Serial, primary_key=True)
    roles_: list[Role] = db.relationship("Role", secondary=association_table, cascade="save-update, merge")
-    sessions_ = db.relationship("Session", back_populates="user_")
+    sessions_: list[Session] = db.relationship("Session", back_populates="user_", cascade="all, delete, delete-orphan")
    avatar_: Optional[Image] = db.relationship("Image", cascade="all, delete, delete-orphan", single_parent=True)
    reset_requests_: list["_PasswordReset"] = db.relationship("_PasswordReset", cascade="all, delete, delete-orphan")
    # Private stuff for internal use
    _avatar_id = db.Column("avatar", Serial, db.ForeignKey("image.id"))
    _attributes = db.relationship(
        "_UserAttribute",
        collection_class=attribute_mapped_collection("name"),
-        cascade="all, delete",
+        cascade="all, delete, delete-orphan",
    )
    @property
    def avatar_url(self):
        return url_for("users.get_avatar", userid=self.userid) if self.userid else None
    @property
    def roles(self):
        return [role.name for role in self.roles_]
@ -118,7 +119,7 @@ class _PasswordReset(db.Model):
    __tablename__ = "password_reset"
    _user_id: User = db.Column("user", Serial, db.ForeignKey("user.id"), primary_key=True)
-    user: User = db.relationship("User", foreign_keys=[_user_id])
+    user: User = db.relationship("User", back_populates="reset_requests_", foreign_keys=[_user_id])
    token: str = db.Column(db.String(32))
    expires: datetime = db.Column(UtcDateTime)
--- a/flaschengeist/plugins/init.py
+++ b/flaschengeist/plugins/init.py
@ -1,103 +1,148 @@
-import sqlalchemy
+"""Flaschengeist Plugins
 import pkg_resources
 from werkzeug.exceptions import MethodNotAllowed, NotFound
-from flaschengeist.database import db
+.. include:: docs/plugin_development.md
-from flaschengeist.models.notification import Notification
+
-from flaschengeist.models.user import _Avatar
+"""
-from flaschengeist.models.setting import _PluginSetting
+
 from typing import Union
 from importlib.metadata import entry_points
 from werkzeug.exceptions import NotFound
 from werkzeug.datastructures import FileStorage
 from flaschengeist.models.plugin import BasePlugin
 from flaschengeist.models.user import _Avatar, Permission
 from flaschengeist.utils.hook import HookBefore, HookAfter
 __all__ = [
    "plugins_installed",
    "plugins_loaded",
    "before_delete_user",
    "before_role_updated",
    "before_update_user",
    "after_role_updated",
    "Plugin",
    "AuthPlugin",
 ]
 # Documentation hacks, see https://github.com/mitmproxy/pdoc/issues/320
 plugins_installed = HookAfter("plugins.installed")
 plugins_installed.__doc__ = """Hook decorator for when all plugins are installed
 Possible use case would be to populate the database with some presets.
 """
 plugins_loaded = HookAfter("plugins.loaded")
 plugins_loaded.__doc__ = """Hook decorator for when all plugins are loaded
 Possible use case would be to check if a specific other plugin is loaded and change own behavior
 Passed args:
    - *app:* Current flask app instance (args)
 """
 before_role_updated = HookBefore("update_role")
-"""Hook decorator for when roles are modified
+before_role_updated.__doc__ = """Hook decorator for when roles are modified
-Args:
+    
-    role: Role object to modify
+Passed args:
-    new_name: New name if the name was changed (None if delete)
+    - *role:* `flaschengeist.models.user.Role` to modify
    - *new_name:* New name if the name was changed (*None* if delete)
 """
 after_role_updated = HookAfter("update_role")
-"""Hook decorator for when roles are modified
+after_role_updated.__doc__ = """Hook decorator for when roles are modified
-Args:
+
-    role: Role object containing the modified role
+Passed args:
-    new_name: New name if the name was changed (None if deleted)
+    - *role:* modified `flaschengeist.models.user.Role`
    - *new_name:* New name if the name was changed (*None* if deleted)
 """
 before_update_user = HookBefore("update_user")
-"""Hook decorator, when ever an user update is done, this is called before.
+before_update_user.__doc__ = """Hook decorator, when ever an user update is done, this is called before.
-Args:
+
-    user: User object
+Passed args:
    - *user:* `flaschengeist.models.user.User` object
 """
 before_delete_user = HookBefore("delete_user")
 before_delete_user.__doc__ = """Hook decorator,this is called before an user gets deleted.
 Passed args:
    - *user:* `flaschengeist.models.user.User` object
 """
-class Plugin:
+class Plugin(BasePlugin):
    """Base class for all Plugins
    If your class uses custom models add a static property called ``models``"""
-    blueprint = None  # You have to override
+    All plugins must derived from this class.
    permissions = []  # You have to override
    id = "dev.flaschengeist.plugin"  # You have to override
    name = "plugin"  # You have to override
    models = None  # You have to override
-    def __init__(self, config=None):
+    Optional:
-        """Constructor called by create_app
+        - *blueprint*: `flask.Blueprint` providing your routes
-        Args:
+        - *permissions*: List of your custom permissions
-            config: Dict configuration containing the plugin section
+        - *models*: Your models, used for API export
-        """
+    """
-        self.version = pkg_resources.get_distribution(self.__module__.split(".")[0]).version
+
    blueprint = None
    """Optional `flask.blueprint` if the plugin uses custom routes"""
    models = None
    """Optional module containing the SQLAlchemy models used by the plugin"""
    @property
    def version(self) -> str:
        """Version of the plugin, loaded from Distribution"""
        return self.dist.version
    @property
    def dist(self):
        """Distribution of this plugin"""
        return self.entry_point.dist
    @property
    def entry_point(self):
        ep = entry_points(group="flaschengeist.plugins", name=self.name)
        return ep[0]
    def load(self):
        """__init__ like function that is called when the plugin is initially loaded"""
        pass
    def install(self):
        """Installation routine
-        Is always called with Flask application context
+
        Also called when updating the plugin, compare `version` and `installed_version`.
        Is always called with Flask application context,
        it is called after the plugin permissions are installed.
        """
        pass
-    def post_install(self):
+    def uninstall(self):
-        """Fill database or do other stuff
+        """Uninstall routine
-        Called after all plugins are installed
+
        If the plugin has custom database tables, make sure to remove them.
        This can be either done by downgrading the plugin *head* to the *base*.
        Or use custom migrations for the uninstall and *stamp* some version.
        Is always called with Flask application context.
        """
        pass
    def get_setting(self, name: str, **kwargs):
        """Get plugin setting from database
        Args:
            name: string identifying the setting
            default: Default value
        Returns:
            Value stored in database (native python)
        """
        try:
            setting = (
                _PluginSetting.query.filter(_PluginSetting.plugin == self.name)
                .filter(_PluginSetting.name == name)
                .one()
            )
            return setting.value
        except sqlalchemy.orm.exc.NoResultFound:
            if "default" in kwargs:
                return kwargs["default"]
            else:
                raise KeyError
    def set_setting(self, name: str, value):
        """Save setting in database
        Args:
            name: String identifying the setting
            value: Value to be stored
        """
        setting = (
            _PluginSetting.query.filter(_PluginSetting.plugin == self.name)
            .filter(_PluginSetting.name == name)
            .one_or_none()
        )
        if setting is not None:
            setting.value = value
        else:
            db.session.add(_PluginSetting(plugin=self.name, name=name, value=value))
        db.session.commit()
    def notify(self, user, text: str, data=None):
-        n = Notification(text=text, data=data, plugin=self.id, user_=user)
+        """Create a new notification for an user
-        db.session.add(n)
+
-        db.session.commit()
+        Args:
            user: `flaschengeist.models.user.User` to notify
            text: Visibile notification text
            data: Optional data passed to the notificaton
        Returns:
            ID of the created `flaschengeist.models.notification.Notification`
        Hint: use the data for frontend actions.
        """
        from ..controller import pluginController
        return pluginController.notify(self.name, user, text, data)
    def serialize(self):
        """Serialize a plugin into a dict
@ -107,35 +152,53 @@ class Plugin:
        """
        return {"version": self.version, "permissions": self.permissions}
    def install_permissions(self, permissions: list[str]):
        """Helper for installing a list of strings as permissions
        Args:
            permissions: List of permissions to install
        """
        cur_perm = set(x.name for x in self.permissions)
        all_perm = set(permissions)
        new_perms = all_perm - cur_perm
        self.permissions = list(filter(lambda x: x.name in permissions, self.permissions)) + [
            Permission(name=x, plugin_=self) for x in new_perms
        ]
 class AuthPlugin(Plugin):
-    def login(self, user, pw):
+    """Base class for all authentification plugins
    See also `Plugin`
    """
    def login(self, login_name, password) -> Union[bool, str]:
        """Login routine, MUST BE IMPLEMENTED!
        Args:
-            user: User class containing at least the uid
+            login_name: The name the user entered
-            pw: given password
+            password: The password the user used to log in
        Returns:
-            Must return False if not found or invalid credentials, True if success
+            Must return False if not found or invalid credentials, otherwise the UID is returned
        """
        raise NotImplemented
-    def update_user(self, user):
+    def update_user(self, user: "User"):
        """If backend is using external data, then update this user instance with external data
        Args:
            user: User object
        """
        pass
-    def find_user(self, userid, mail=None):
+    def user_exists(self, userid) -> bool:
-        """Find an user by userid or mail
+        """Check if user exists on this backend
        Args:
            userid: Userid to search
            mail: If set, mail to search
        Returns:
-            None or User
+            True or False
        """
-        return None
+        raise NotImplemented
    def modify_user(self, user, password, new_password=None):
        """If backend is using (writeable) external data, then update the external database with the user provided.
@ -146,11 +209,14 @@ class AuthPlugin(Plugin):
            password: Password (some backends need the current password for changes) if None force edit (admin)
            new_password: If set a password change is requested
        Raises:
            NotImplemented: If backend does not support this feature (or no password change)
            BadRequest: Logic error, e.g. password is wrong.
            Error: Other errors if backend went mad (are not handled and will result in a 500 error)
        """
-        raise NotImplemented
+        pass
    def can_register(self):
        """Check if this backend allows to register new users"""
        return False
    def create_user(self, user, password):
        """If backend is using (writeable) external data, then create a new user on the external database.
@ -160,7 +226,7 @@ class AuthPlugin(Plugin):
            password: string
        """
-        raise MethodNotAllowed
+        raise NotImplementedError
    def delete_user(self, user):
        """If backend is using (writeable) external data, then delete the user from external database.
@ -169,11 +235,15 @@ class AuthPlugin(Plugin):
            user: User object
        """
-        raise MethodNotAllowed
+        raise NotImplementedError
    def get_avatar(self, user) -> _Avatar:
        """Retrieve avatar for given user (if supported by auth backend)
        Default behavior is to use native Image objects,
        so by default this function is never called, as the userController checks
        native Image objects first.
        Args:
            user: User to retrieve the avatar for
        Raises:
@ -181,24 +251,33 @@ class AuthPlugin(Plugin):
        """
        raise NotFound
-    def set_avatar(self, user, avatar: _Avatar):
+    def set_avatar(self, user, file: FileStorage):
        """Set the avatar for given user (if supported by auth backend)
        Default behavior is to use native Image objects stored on the Flaschengeist server
        Args:
            user: User to set the avatar for
-            avatar: Avatar to set
+            file: `werkzeug.datastructures.FileStorage` uploaded by the user
        Raises:
            MethodNotAllowed: If not supported by Backend
            Any valid HTTP exception
        """
-        raise MethodNotAllowed
+        # By default save the image to the avatar,
        # deleting would happen by unsetting it
        from ..controller import imageController
        user.avatar_ = imageController.upload_image(file)
    def delete_avatar(self, user):
        """Delete the avatar for given user (if supported by auth backend)
        Default behavior is to use the imageController and native Image objects.
        Args:
            user: Uset to delete the avatar for
        Raises:
            MethodNotAllowed: If not supported by Backend
        """
-        raise MethodNotAllowed
+        user.avatar_ = None
--- a/flaschengeist/plugins/auth/init.py
+++ b/flaschengeist/plugins/auth/init.py
@ -13,8 +13,7 @@ from flaschengeist.controller import sessionController, userController
 class AuthRoutePlugin(Plugin):
-    name = "auth"
+    blueprint = Blueprint("auth", __name__)
    blueprint = Blueprint(name, __name__)
@AuthRoutePlugin.blueprint.route("/auth", methods=["POST"])
@ -37,13 +36,13 @@ def login():
    except (KeyError, ValueError, TypeError):
        raise BadRequest("Missing parameter(s)")
-    logger.debug("search user {{ {} }} in database".format(userid))
+    logger.debug(f"search user {userid} in database")
    user = userController.login_user(userid, password)
    if not user:
        raise Unauthorized
-    session = sessionController.create(user, user_agent=request.user_agent)
+    session = sessionController.create(user, request_headers=request.headers)
-    logger.debug("token is {{ {} }}".format(session.token))
+    logger.debug(f"token is {session.token}")
-    logger.info("User {{ {} }} success login.".format(userid))
+    logger.info(f"User {userid} logged in.")
    # Lets cleanup the DB
    sessionController.clear_expired()
--- a/flaschengeist/plugins/auth_ldap/init.py
+++ b/flaschengeist/plugins/auth_ldap/init.py
@ -1,78 +1,80 @@
 """LDAP Authentication Provider Plugin"""
 import io
 import os
 import ssl
-from typing import Optional
+from PIL import Image
 from io import BytesIO
 from flask_ldapconn import LDAPConn
 from flask import current_app as app
 from ldap3.core.exceptions import LDAPPasswordIsMandatoryError, LDAPBindError
 from ldap3 import SUBTREE, MODIFY_REPLACE, MODIFY_ADD, MODIFY_DELETE
 from ldap3.core.exceptions import LDAPPasswordIsMandatoryError, LDAPBindError
 from werkzeug.exceptions import BadRequest, InternalServerError, NotFound
 from werkzeug.datastructures import FileStorage
 from flaschengeist import logger
 from flaschengeist.config import config
 from flaschengeist.controller import userController
 from flaschengeist.models import User, Role
 from flaschengeist.models.user import _Avatar
 from flaschengeist.plugins import AuthPlugin, before_role_updated
 from flaschengeist.models.user import User, Role, _Avatar
 import flaschengeist.controller.userController as userController
 class AuthLDAP(AuthPlugin):
-    def __init__(self, config):
+    def load(self):
-        super().__init__()
+        self.config = config.get("auth_ldap", None)
        if self.config is None:
            logger.error("auth_ldap was not configured in flaschengeist.toml", exc_info=True)
            raise InternalServerError
        app.config.update(
-            LDAP_SERVER=config.get("host", "localhost"),
+            LDAP_SERVER=self.config.get("host", "localhost"),
-            LDAP_PORT=config.get("port", 389),
+            LDAP_PORT=self.config.get("port", 389),
-            LDAP_BINDDN=config.get("bind_dn", None),
+            LDAP_BINDDN=self.config.get("bind_dn", None),
-            LDAP_SECRET=config.get("secret", None),
+            LDAP_SECRET=self.config.get("secret", None),
-            LDAP_USE_SSL=config.get("use_ssl", False),
+            LDAP_USE_SSL=self.config.get("use_ssl", False),
            # That's not TLS, its dirty StartTLS on unencrypted LDAP
            LDAP_USE_TLS=False,
            LDAP_TLS_VERSION=ssl.PROTOCOL_TLS,
            FORCE_ATTRIBUTE_VALUE_AS_LIST=True,
        )
        if "ca_cert" in config:
-            app.config["LDAP_CA_CERTS_FILE"] = config["ca_cert"]
+            app.config["LDAP_CA_CERTS_FILE"] = self.config["ca_cert"]
        else:
            # Default is CERT_REQUIRED
            app.config["LDAP_REQUIRE_CERT"] = ssl.CERT_OPTIONAL
        self.ldap = LDAPConn(app)
-        self.base_dn = config["base_dn"]
+        self.base_dn = self.config["base_dn"]
-        self.search_dn = config.get("search_dn", "ou=people,{base_dn}").format(base_dn=self.base_dn)
+        self.search_dn = self.config.get("search_dn", "ou=people,{base_dn}").format(base_dn=self.base_dn)
-        self.group_dn = config.get("group_dn", "ou=group,{base_dn}").format(base_dn=self.base_dn)
+        self.group_dn = self.config.get("group_dn", "ou=group,{base_dn}").format(base_dn=self.base_dn)
-        self.password_hash = config.get("password_hash", "SSHA").upper()
+        self.password_hash = self.config.get("password_hash", "SSHA").upper()
-        self.object_classes = config.get("object_classes", ["inetOrgPerson"])
+        self.object_classes = self.config.get("object_classes", ["inetOrgPerson"])
-        self.user_attributes: dict = config.get("user_attributes", {})
+        self.user_attributes: dict = self.config.get("user_attributes", {})
-        self.dn_template = config.get("dn_template")
+        self.dn_template = self.config.get("dn_template")
        # TODO: might not be set if modify is called
-        self.root_dn = config.get("root_dn", None)
+        self.root_dn = self.config.get("root_dn", None)
-        self.root_secret = config.get("root_secret", None)
+        self.root_secret = self.config.get("root_secret", None)
        @before_role_updated
        def _role_updated(role, new_name):
            logger.debug(f"LDAP: before_role_updated called with ({role}, {new_name})")
            self.__modify_role(role, new_name)
-    def login(self, user, password):
+    def login(self, login_name, password):
-        if not user:
+        if not login_name:
            return False
-        return self.ldap.authenticate(user.userid, password, "uid", self.base_dn)
+        return login_name if self.ldap.authenticate(login_name, password, "uid", self.base_dn) else False
-    def find_user(self, userid, mail=None):
+    def user_exists(self, userid) -> bool:
-        attr = self.__find(userid, mail)
+        attr = self.__find(userid, None)
-        if attr is not None:
+        return attr is not None
            user = User(userid=attr["uid"][0])
            self.__update(user, attr)
            return user
    def update_user(self, user):
        attr = self.__find(user.userid)
        self.__update(user, attr)
-    def create_user(self, user, password):
+    def can_register(self):
-        if self.root_dn is None:
+        return self.root_dn is not None
            logger.error("root_dn missing in ldap config!")
            raise InternalServerError
    def create_user(self, user, password):
        try:
            ldap_conn = self.ldap.connect(self.root_dn, self.root_secret)
            attributes = self.user_attributes.copy()
@ -113,6 +115,8 @@ class AuthLDAP(AuthPlugin):
                    "mail": user.mail,
                }
            )
            if user.display_name:
                attributes.update({"displayName": user.display_name})
            ldap_conn.add(dn, self.object_classes, attributes)
            self._set_roles(user)
            self.update_user(user)
@ -162,31 +166,23 @@ class AuthLDAP(AuthPlugin):
        else:
            raise NotFound
-    def set_avatar(self, user, avatar: _Avatar):
+    def set_avatar(self, user: User, file: FileStorage):
        if self.root_dn is None:
            logger.error("root_dn missing in ldap config!")
            raise InternalServerError
-        if avatar.mimetype != "image/jpeg":
+        image_bytes = BytesIO()
-            # Try converting using Pillow (if installed)
+        try:
-            try:
+            # Make sure converted to RGB, e.g. png support RGBA but jpeg does not
-                from PIL import Image
+            image = Image.open(file).convert("RGB")
-
+            image.save(image_bytes, format="JPEG")
-                image = Image.open(io.BytesIO(avatar.binary))
+        except IOError:
-                image_bytes = io.BytesIO()
+            logger.debug(f"Could not convert avatar from '{file.mimetype}' to JPEG")
-                image.save(image_bytes, format="JPEG")
+            raise BadRequest("Unsupported image format")
                avatar.binary = image_bytes.getvalue()
                avatar.mimetype = "image/jpeg"
            except ImportError:
                logger.debug("Pillow not installed for image conversion")
                raise BadRequest("Unsupported image format")
            except IOError:
                logger.debug(f"Could not convert avatar from '{avatar.mimetype}' to JPEG")
                raise BadRequest("Unsupported image format")
        dn = user.get_attribute("DN")
        ldap_conn = self.ldap.connect(self.root_dn, self.root_secret)
-        ldap_conn.modify(dn, {"jpegPhoto": [(MODIFY_REPLACE, [avatar.binary])]})
+        ldap_conn.modify(dn, {"jpegPhoto": [(MODIFY_REPLACE, [image_bytes.getvalue()])]})
    def delete_avatar(self, user):
        if self.root_dn is None:
@ -223,7 +219,7 @@ class AuthLDAP(AuthPlugin):
    def __modify_role(
        self,
        role: Role,
-        new_name: Optional[str],
+        new_name,
    ):
        if self.root_dn is None:
            logger.error("root_dn missing in ldap config!")
@ -310,3 +306,5 @@ class AuthLDAP(AuthPlugin):
        except (LDAPPasswordIsMandatoryError, LDAPBindError):
            raise BadRequest
        except IndexError as e:
            logger.error("Roles in LDAP", exc_info=True)
--- a/flaschengeist/plugins/auth_ldap/cli.py
+++ b/flaschengeist/plugins/auth_ldap/cli.py
@ -0,0 +1,35 @@
 import click
 from flask import current_app
 from flask.cli import with_appcontext
 from werkzeug.exceptions import NotFound
@click.command(no_args_is_help=True)
@click.option("--sync", is_flag=True, default=False, help="Synchronize users from LDAP -> database")
@with_appcontext
@click.pass_context
 def ldap(ctx, sync):
    """Tools for the LDAP authentification"""
    if sync:
        from flaschengeist.controller import userController
        from flaschengeist.plugins.auth_ldap import AuthLDAP
        from ldap3 import SUBTREE
        from flaschengeist.models import User
        from flaschengeist.database import db
        auth_ldap: AuthLDAP = current_app.config.get("FG_PLUGINS").get("auth_ldap")
        if auth_ldap is None or not isinstance(auth_ldap, AuthLDAP):
            ctx.fail("auth_ldap plugin not found or not enabled!")
        conn = auth_ldap.ldap.connection
        if not conn:
            conn = auth_ldap.ldap.connect(auth_ldap.root_dn, auth_ldap.root_secret)
        conn.search(auth_ldap.search_dn, "(uid=*)", SUBTREE, attributes=["uid", "givenName", "sn", "mail"])
        ldap_users_response = conn.response
        for ldap_user in ldap_users_response:
            uid = ldap_user["attributes"]["uid"][0]
            try:
                user = userController.get_user(uid)
            except NotFound:
                user = User(userid=uid)
                db.session.add(user)
            userController.update_user(user, auth_ldap)
--- a/flaschengeist/plugins/auth_plain/init.py
+++ b/flaschengeist/plugins/auth_plain/init.py
@ -6,39 +6,26 @@ Flaschengeist database (as User attribute)
 import os
 import hashlib
 import binascii
-from werkzeug.exceptions import BadRequest, NotFound
+from werkzeug.exceptions import BadRequest
 from flaschengeist.plugins import AuthPlugin
-from flaschengeist.models.user import User, Role, Permission
+from flaschengeist.models import User, Role, Permission
 from flaschengeist.database import db
 from flaschengeist import logger
 class AuthPlain(AuthPlugin):
-    def post_install(self):
+    def can_register(self):
-        if User.query.first() is None:
+        return True
            logger.info("Installing admin user")
            role = Role(name="Superuser", permissions=Permission.query.all())
            admin = User(
                userid="admin",
                firstname="Admin",
                lastname="Admin",
                mail="",
                roles_=[role],
            )
            self.modify_user(admin, None, "admin")
            db.session.add(admin)
            db.session.commit()
            logger.warning(
                "New administrator user was added, please change the password or remove it before going into"
                "production mode. Initial credentials:\n"
                "name: admin\n"
                "password: admin"
            )
-    def login(self, user: User, password: str):
+    def login(self, login_name, password):
-        if user.has_attribute("password"):
+        users: list[User] = (
-            return AuthPlain._verify_password(user.get_attribute("password"), password)
+            User.query.filter((User.userid == login_name) | (User.mail == login_name))
            .filter(User._attributes.any(name="password"))
            .all()
        )
        for user in users:
            if AuthPlain._verify_password(user.get_attribute("password"), password):
                return user.userid
        return False
    def modify_user(self, user, password, new_password=None):
@ -47,6 +34,12 @@ class AuthPlain(AuthPlugin):
        if new_password:
            user.set_attribute("password", AuthPlain._hash_password(new_password))
    def user_exists(self, userid) -> bool:
        return (
            db.session.query(User.id_).filter(User.userid == userid, User._attributes.any(name="password")).first()
            is not None
        )
    def create_user(self, user, password):
        if not user.userid:
            raise BadRequest("userid is missing for new user")
@ -56,17 +49,6 @@ class AuthPlain(AuthPlugin):
    def delete_user(self, user):
        pass
    def get_avatar(self, user):
        if not user.has_attribute("avatar"):
            raise NotFound
        return user.get_attribute("avatar")
    def set_avatar(self, user, avatar):
        user.set_attribute("avatar", avatar)
    def delete_avatar(self, user):
        user.delete_attribute("avatar")
    @staticmethod
    def _hash_password(password):
        salt = hashlib.sha256(os.urandom(60)).hexdigest().encode("ascii")
@ -75,7 +57,7 @@ class AuthPlain(AuthPlugin):
        return (salt + pass_hash).decode("ascii")
    @staticmethod
-    def _verify_password(stored_password, provided_password):
+    def _verify_password(stored_password: str, provided_password: str):
        salt = stored_password[:64]
        stored_password = stored_password[64:]
        pass_hash = hashlib.pbkdf2_hmac("sha3-512", provided_password.encode("utf-8"), salt.encode("ascii"), 100000)
--- a/flaschengeist/plugins/balance/init.py
+++ b/flaschengeist/plugins/balance/init.py
@ -3,28 +3,77 @@
 Extends users plugin with balance functions
 """
-from werkzeug.local import LocalProxy
+from flask import current_app
-from flask import Blueprint, current_app
+from werkzeug.exceptions import NotFound
 from flaschengeist import logger
-from flaschengeist.plugins import Plugin, before_update_user
+from flaschengeist.config import config
 from flaschengeist.plugins import Plugin, plugins_loaded, before_update_user
 from flaschengeist.plugins.scheduler import add_scheduled
 from . import permissions, models
 def service_debit():
    from flaschengeist.database import db
    from flaschengeist.models import UtcDateTime
    from flaschengeist.models.user import User
    from flaschengeist.controller import roleController
    from flaschengeist_events.models import Service, Job
    role = BalancePlugin.plugin.get_setting("service_role", default=None)
    if role is None:
        try:
            role = roleController.get("__has_service")
        except NotFound:
            role = roleController.create_role("__has_service", [permissions.DEBIT])
        BalancePlugin.plugin.set_setting("service_role", role.id)
    else:
        role = roleController.get(role)
    active_services = (
        User.query.join(Service, User.id_ == Service._user_id)
        .join(Job, Service.job_)
        .filter(Job.start <= UtcDateTime.current_utc(), Job.end.is_(None) | (Job.end >= UtcDateTime.current_utc()))
        .distinct(User.id_)
        .all()
    )
    previous_services = BalancePlugin.plugin.get_setting("service_debit", default=[])
    logger.debug(f"Found {len(active_services)} users doing their service.")
    if len(previous_services) > 0:
        previous_services = User.query.filter(User.userid.in_(previous_services)).all()
    # Remove not active users
    for user in [u for u in previous_services if u not in active_services]:
        user.roles_ = [r for r in user.roles_ if r.id != role.id]
    # Add active
    for user in [u for u in active_services if u not in previous_services]:
        if role not in user.roles_:
            user.roles_.append(role)
    db.session.commit()
    BalancePlugin.plugin.set_setting("service_debit", [u.userid for u in active_services])
 class BalancePlugin(Plugin):
    name = "balance"
    blueprint = Blueprint(name, __name__)
    permissions = permissions.permissions
    plugin = LocalProxy(lambda: current_app.config["FG_PLUGINS"][BalancePlugin.name])
    models = models
-    def __init__(self, config):
+    def install(self):
-        super(BalancePlugin, self).__init__(config)
+        self.install_permissions(permissions.permissions)
-        from . import routes, balance_controller
+
    def load(self):
        from .routes import blueprint
        self.blueprint = blueprint
        @plugins_loaded
        def post_loaded(*args, **kwargs):
            if config.get("allow_service_debit", False) and "events" in current_app.config["FG_PLUGINS"]:
                add_scheduled(f"{id}.service_debit", service_debit, minutes=1)
        @before_update_user
        def set_default_limit(user):
            from . import balance_controller
            try:
                limit = self.get_setting("limit")
                logger.debug("Setting default limit of {} to user {}".format(limit, user.userid))
--- a/flaschengeist/plugins/balance/balance_controller.py
+++ b/flaschengeist/plugins/balance/balance_controller.py
@ -2,13 +2,14 @@
 #        Haben -> Zugang aufs Konto
 # English: Debit -> from account
 #         Credit -> to account
-
+from enum import IntEnum
-from sqlalchemy import func
+from sqlalchemy import func, case, and_
 from sqlalchemy.ext.hybrid import hybrid_property
 from datetime import datetime
 from werkzeug.exceptions import BadRequest, NotFound, Conflict
 from flaschengeist.database import db
-from flaschengeist.models.user import User
+from flaschengeist.models.user import User, _UserAttribute
 from .models import Transaction
 from . import permissions, BalancePlugin
@ -16,6 +17,11 @@ from . import permissions, BalancePlugin
 __attribute_limit = "balance_limit"
 class NotifyType(IntEnum):
    SEND_TO = 0x01
    SEND_FROM = 0x02
 def set_limit(user: User, limit: float, override=True):
    if override or not user.has_attribute(__attribute_limit):
        user.set_attribute(__attribute_limit, limit)
@ -38,27 +44,114 @@ def get_balance(user, start: datetime = None, end: datetime = None):
    return credit, debit, credit - debit
-def get_balances(start: datetime = None, end: datetime = None):
+def get_balances(start: datetime = None, end: datetime = None, limit=None, offset=None, descending=None, sortBy=None):
-    debit = db.session.query(Transaction.sender_id, func.sum(Transaction.amount)).filter(Transaction.sender_ != None)
+    class _User(User):
-    credit = db.session.query(Transaction.receiver_id, func.sum(Transaction.amount)).filter(
+        _debit = db.relationship(Transaction, back_populates="sender_", foreign_keys=[Transaction._sender_id])
-        Transaction.receiver_ != None
+        _credit = db.relationship(Transaction, back_populates="receiver_", foreign_keys=[Transaction._receiver_id])
    )
    if start:
        debit = debit.filter(start <= Transaction.time)
        credit = credit.filter(start <= Transaction.time)
    if end:
        debit = debit.filter(Transaction.time <= end)
        credit = credit.filter(Transaction.time <= end)
-    debit = debit.group_by(Transaction._sender_id).all()
+        @hybrid_property
-    credit = credit.group_by(Transaction._receiver_id).all()
+        def debit(self):
            return sum([cred.amount for cred in self._debit])
        @debit.expression
        def debit(cls):
            a = (
                db.select(func.sum(Transaction.amount))
                .where(cls.id_ == Transaction._sender_id, Transaction.amount)
                .scalar_subquery()
            )
            return case([(a, a)], else_=0)
        @hybrid_property
        def credit(self):
            return sum([cred.amount for cred in self._credit])
        @credit.expression
        def credit(cls):
            b = (
                db.select(func.sum(Transaction.amount))
                .where(cls.id_ == Transaction._receiver_id, Transaction.amount)
                .scalar_subquery()
            )
            return case([(b, b)], else_=0)
        @hybrid_property
        def limit(self):
            return self.get_attribute("balance_limit", None)
        @limit.expression
        def limit(cls):
            return (
                db.select(_UserAttribute.value)
                .where(and_(cls.id_ == _UserAttribute.user, _UserAttribute.name == "balance_limit"))
                .scalar_subquery()
            )
        def get_debit(self, start: datetime = None, end: datetime = None):
            if start and end:
                return sum([deb.amount for deb in self._debit if start <= deb.time and deb.time <= end])
            if start:
                return sum([deb.amount for deb in self._dedit if start <= deb.time])
            if end:
                return sum([deb.amount for deb in self._dedit if deb.time <= end])
            return self.debit
        def get_credit(self, start: datetime = None, end: datetime = None):
            if start and end:
                return sum([cred.amount for cred in self._credit if start <= cred.time and cred.time <= end])
            if start:
                return sum([cred.amount for cred in self._credit if start <= cred.time])
            if end:
                return sum([cred.amount for cred in self._credit if cred.time <= end])
            return self.credit
    query = _User.query
    if start:
        q1 = query.join(_User._credit).filter(start <= Transaction.time)
        q2 = query.join(_User._debit).filter(start <= Transaction.time)
        query = q1.union(q2)
    if end:
        q1 = query.join(_User._credit).filter(Transaction.time <= end)
        q2 = query.join(_User._debit).filter(Transaction.time <= end)
        query = q1.union(q2)
    if sortBy == "balance":
        if descending:
            query = query.order_by((_User.credit - _User.debit).desc(), _User.lastname.asc(), _User.firstname.asc())
        else:
            query = query.order_by((_User.credit - _User.debit).asc(), _User.lastname.asc(), _User.firstname.asc())
    elif sortBy == "limit":
        if descending:
            query = query.order_by(_User.limit.desc(), User.lastname.asc(), User.firstname.asc())
        else:
            query = query.order_by(_User.limit.asc(), User.lastname.asc(), User.firstname.asc())
    elif sortBy == "firstname":
        if descending:
            query = query.order_by(User.firstname.desc(), User.lastname.desc())
        else:
            query = query.order_by(User.firstname.asc(), User.lastname.asc())
    elif sortBy == "lastname":
        if descending:
            query = query.order_by(User.lastname.desc(), User.firstname.desc())
        else:
            query = query.order_by(User.lastname.asc(), User.firstname.asc())
    count = None
    if limit:
        count = query.count()
        query = query.limit(limit)
    if offset:
        query = query.offset(offset)
    users = query
    all = {}
-    for uid, cred in credit:
+
-        all[uid] = [cred, 0]
+    for user in users:
-    for uid, deb in debit:
+
-        all.setdefault(uid, [0, 0])
+        all[user.userid] = [user.get_credit(start, end), 0]
-        all[uid][1] = deb
+        all[user.userid][1] = user.get_debit(start, end)
-    return all
+
    return all, count
 def send(sender: User, receiver, amount: float, author: User):
@ -87,9 +180,20 @@ def send(sender: User, receiver, amount: float, author: User):
    db.session.add(transaction)
    db.session.commit()
    if sender is not None and sender.id_ != author.id_:
-        BalancePlugin.plugin.notify(sender, "Neue Transaktion")
+        BalancePlugin.plugin.notify(
            sender,
            "Neue Transaktion",
            {
                "type": NotifyType.SEND_FROM,
                "receiver_id": receiver.userid,
                "author_id": author.userid,
                "amount": amount,
            },
        )
    if receiver is not None and receiver.id_ != author.id_:
-        BalancePlugin.plugin.notify(receiver, "Neue Transaktion")
+        BalancePlugin.plugin.notify(
            receiver, "Neue Transaktion", {"type": NotifyType.SEND_TO, "sender_id": sender.userid, "amount": amount}
        )
    return transaction
--- a/flaschengeist/plugins/balance/migrations/98f2733bbe45_balance_initial.py
+++ b/flaschengeist/plugins/balance/migrations/98f2733bbe45_balance_initial.py
@ -0,0 +1,47 @@
 """balance: initial
 Revision ID: 98f2733bbe45
 Revises: 
 Create Date: 2022-02-23 14:41:03.089145
 """
 from alembic import op
 import sqlalchemy as sa
 import flaschengeist
 # revision identifiers, used by Alembic.
 revision = "98f2733bbe45"
 down_revision = None
 branch_labels = ("balance",)
 depends_on = "flaschengeist"
 def upgrade():
    # ### commands auto generated by Alembic - please adjust! ###
    op.create_table(
        "balance_transaction",
        sa.Column("receiver_id", flaschengeist.models.Serial(), nullable=True),
        sa.Column("sender_id", flaschengeist.models.Serial(), nullable=True),
        sa.Column("author_id", flaschengeist.models.Serial(), nullable=False),
        sa.Column("id", flaschengeist.models.Serial(), nullable=False),
        sa.Column("time", flaschengeist.models.UtcDateTime(), nullable=False),
        sa.Column("amount", sa.Numeric(precision=5, scale=2, asdecimal=False), nullable=False),
        sa.Column("reversal_id", flaschengeist.models.Serial(), nullable=True),
        sa.ForeignKeyConstraint(["author_id"], ["user.id"], name=op.f("fk_balance_transaction_author_id_user")),
        sa.ForeignKeyConstraint(["receiver_id"], ["user.id"], name=op.f("fk_balance_transaction_receiver_id_user")),
        sa.ForeignKeyConstraint(
            ["reversal_id"],
            ["balance_transaction.id"],
            name=op.f("fk_balance_transaction_reversal_id_balance_transaction"),
        ),
        sa.ForeignKeyConstraint(["sender_id"], ["user.id"], name=op.f("fk_balance_transaction_sender_id_user")),
        sa.PrimaryKeyConstraint("id", name=op.f("pk_balance_transaction")),
    )
    # ### end Alembic commands ###
 def downgrade():
    # ### commands auto generated by Alembic - please adjust! ###
    op.drop_table("balance_transaction")
    # ### end Alembic commands ###
--- a/flaschengeist/plugins/balance/models.py
+++ b/flaschengeist/plugins/balance/models.py
@ -1,5 +1,3 @@
 from __future__ import annotations  # TODO: Remove if python requirement is >= 3.10
 from datetime import datetime
 from typing import Optional
 from sqlalchemy.ext.hybrid import hybrid_property
@ -40,7 +38,7 @@ class Transaction(db.Model, ModelSerializeMixin):
    @sender_id.expression
    def sender_id(cls):
-        return db.select([User.userid]).where(cls._sender_id == User.id_).as_scalar()
+        return db.select([User.userid]).where(cls._sender_id == User.id_).scalar_subquery()
    @hybrid_property
    def receiver_id(self):
@ -48,7 +46,7 @@ class Transaction(db.Model, ModelSerializeMixin):
    @receiver_id.expression
    def receiver_id(cls):
-        return db.select([User.userid]).where(cls._receiver_id == User.id_).as_scalar()
+        return db.select([User.userid]).where(cls._receiver_id == User.id_).scalar_subquery()
    @property
    def author_id(self):
--- a/flaschengeist/plugins/balance/routes.py
+++ b/flaschengeist/plugins/balance/routes.py
@ -1,6 +1,6 @@
 from datetime import datetime, timezone
 from werkzeug.exceptions import Forbidden, BadRequest
-from flask import request, jsonify
+from flask import Blueprint, request, jsonify
 from flaschengeist.utils import HTTP
 from flaschengeist.models.session import Session
@ -18,7 +18,10 @@ def str2bool(string: str):
    raise ValueError
-@BalancePlugin.blueprint.route("/users/<userid>/balance/shortcuts", methods=["GET", "PUT"])
+blueprint = Blueprint("balance", __package__)
@blueprint.route("/users/<userid>/balance/shortcuts", methods=["GET", "PUT"])
@login_required()
 def get_shortcuts(userid, current_session: Session):
    """Get balance shortcuts of an user
@ -50,7 +53,7 @@ def get_shortcuts(userid, current_session: Session):
        return HTTP.no_content()
-@BalancePlugin.blueprint.route("/users/<userid>/balance/limit", methods=["GET"])
+@blueprint.route("/users/<userid>/balance/limit", methods=["GET"])
@login_required()
 def get_limit(userid, current_session: Session):
    """Get limit of an user
@ -73,7 +76,7 @@ def get_limit(userid, current_session: Session):
    return {"limit": balance_controller.get_limit(user)}
-@BalancePlugin.blueprint.route("/users/<userid>/balance/limit", methods=["PUT"])
+@blueprint.route("/users/<userid>/balance/limit", methods=["PUT"])
@login_required(permissions.SET_LIMIT)
 def set_limit(userid, current_session: Session):
    """Set the limit of an user
@ -99,7 +102,7 @@ def set_limit(userid, current_session: Session):
    return HTTP.no_content()
-@BalancePlugin.blueprint.route("/users/balance/limit", methods=["GET", "PUT"])
+@blueprint.route("/users/balance/limit", methods=["GET", "PUT"])
@login_required(permission=permissions.SET_LIMIT)
 def limits(current_session: Session):
    """Get, Modify limit of all users
@ -110,7 +113,6 @@ def limits(current_session: Session):
    Returns:
        JSON encoded array of userid with limit or HTTP-error
    """
    users = userController.get_users()
    if request.method == "GET":
        return jsonify([{"userid": user.userid, "limit": user.get_attribute("balance_limit")} for user in users])
@ -125,14 +127,14 @@ def limits(current_session: Session):
    return HTTP.no_content()
-@BalancePlugin.blueprint.route("/users/<userid>/balance", methods=["GET"])
+@blueprint.route("/users/<userid>/balance", methods=["GET"])
@login_required(permission=permissions.SHOW)
 def get_balance(userid, current_session: Session):
    """Get balance of user, optionally filtered
    Route: ``/users/<userid>/balance`` | Method: ``GET``
-    GET-parameters: ```{from?: string, to?: string}```
+    GET-parameters: ``{from?: string, to?: string}``
    Args:
        userid: Userid of user to get balance from
@ -163,7 +165,7 @@ def get_balance(userid, current_session: Session):
    return {"credit": balance[0], "debit": balance[1], "balance": balance[2]}
-@BalancePlugin.blueprint.route("/users/<userid>/balance/transactions", methods=["GET"])
+@blueprint.route("/users/<userid>/balance/transactions", methods=["GET"])
@login_required(permission=permissions.SHOW)
 def get_transactions(userid, current_session: Session):
    """Get transactions of user, optionally filtered
@ -171,7 +173,7 @@ def get_transactions(userid, current_session: Session):
    Route: ``/users/<userid>/balance/transactions`` | Method: ``GET``
-    GET-parameters: ```{from?: string, to?: string, limit?: int, offset?: int}```
+    GET-parameters: ``{from?: string, to?: string, limit?: int, offset?: int}``
    Args:
        userid: Userid of user to get transactions from
@ -224,7 +226,7 @@ def get_transactions(userid, current_session: Session):
    return {"transactions": transactions, "count": count}
-@BalancePlugin.blueprint.route("/users/<userid>/balance", methods=["PUT"])
+@blueprint.route("/users/<userid>/balance", methods=["PUT"])
@login_required()
 def change_balance(userid, current_session: Session):
    """Change balance of an user
@ -273,7 +275,7 @@ def change_balance(userid, current_session: Session):
    raise Forbidden
-@BalancePlugin.blueprint.route("/balance/<int:transaction_id>", methods=["DELETE"])
+@blueprint.route("/balance/<int:transaction_id>", methods=["DELETE"])
@login_required()
 def reverse_transaction(transaction_id, current_session: Session):
    """Reverse a transaction
@ -298,7 +300,7 @@ def reverse_transaction(transaction_id, current_session: Session):
    raise Forbidden
-@BalancePlugin.blueprint.route("/balance", methods=["GET"])
+@blueprint.route("/balance", methods=["GET"])
@login_required(permission=permissions.SHOW_OTHER)
 def get_balances(current_session: Session):
    """Get all balances
@ -311,5 +313,14 @@ def get_balances(current_session: Session):
    Returns:
        JSON Array containing credit, debit and userid for each user or HTTP error
    """
-    balances = balance_controller.get_balances()
+    limit = request.args.get("limit", type=int)
-    return jsonify([{"userid": u, "credit": v[0], "debit": v[1]} for u, v in balances.items()])
+    offset = request.args.get("offset", type=int)
    descending = request.args.get("descending", False, type=bool)
    sortBy = request.args.get("sortBy", type=str)
    balances, count = balance_controller.get_balances(limit=limit, offset=offset, descending=descending, sortBy=sortBy)
    return jsonify(
        {
            "balances": [{"userid": u, "credit": v[0], "debit": v[1]} for u, v in balances.items()],
            "count": count,
        }
    )
--- a/flaschengeist/plugins/events/init.py
+++ b/flaschengeist/plugins/events/init.py
@ -1,22 +0,0 @@
 """Events plugin
 Provides duty schedule / duty roster functions
 """
 from flask import Blueprint, current_app
 from werkzeug.local import LocalProxy
 from flaschengeist.plugins import Plugin
 from . import permissions, models
 class EventPlugin(Plugin):
    name = "events"
    id = "dev.flaschengeist.events"
    plugin = LocalProxy(lambda: current_app.config["FG_PLUGINS"][EventPlugin.name])
    permissions = permissions.permissions
    blueprint = Blueprint(name, __name__)
    models = models
    def __init__(self, cfg):
        super(EventPlugin, self).__init__(cfg)
        from . import routes
--- a/flaschengeist/plugins/events/event_controller.py
+++ b/flaschengeist/plugins/events/event_controller.py
@ -1,291 +0,0 @@
 from datetime import datetime, timedelta, timezone
 from typing import Optional
 from werkzeug.exceptions import BadRequest, Conflict, NotFound
 from sqlalchemy.exc import IntegrityError
 from flaschengeist import logger
 from flaschengeist.database import db
 from flaschengeist.plugins.events import EventPlugin
 from flaschengeist.plugins.events.models import EventType, Event, Job, JobType, Service
 from flaschengeist.utils.scheduler import scheduled
 def update():
    db.session.commit()
 def get_event_types():
    return EventType.query.all()
 def get_event_type(identifier):
    """Get EventType by ID (int) or name (string)"""
    if isinstance(identifier, int):
        et = EventType.query.get(identifier)
    elif isinstance(identifier, str):
        et = EventType.query.filter(EventType.name == identifier).one_or_none()
    else:
        logger.debug("Invalid identifier type for EventType")
        raise BadRequest
    if not et:
        raise NotFound
    return et
 def create_event_type(name):
    try:
        event = EventType(name=name)
        db.session.add(event)
        db.session.commit()
        return event
    except IntegrityError:
        raise Conflict("Name already exists")
 def rename_event_type(identifier, new_name):
    event_type = get_event_type(identifier)
    event_type.name = new_name
    try:
        db.session.commit()
    except IntegrityError:
        raise Conflict("Name already exists")
 def delete_event_type(name):
    event_type = get_event_type(name)
    db.session.delete(event_type)
    try:
        db.session.commit()
    except IntegrityError:
        raise BadRequest("Type still in use")
 def get_job_types():
    return JobType.query.all()
 def get_job_type(type_id):
    job_type = JobType.query.get(type_id)
    print(job_type)
    if not job_type:
        raise NotFound
    return job_type
 def create_job_type(name):
    try:
        job_type = JobType(name=name)
        db.session.add(job_type)
        db.session.commit()
        return job_type
    except IntegrityError:
        raise BadRequest("Name already exists")
 def rename_job_type(name, new_name):
    job_type = get_job_type(name)
    job_type.name = new_name
    try:
        db.session.commit()
    except IntegrityError:
        raise BadRequest("Name already exists")
 def delete_job_type(name):
    job_type = get_job_type(name)
    db.session.delete(job_type)
    try:
        db.session.commit()
    except IntegrityError:
        raise BadRequest("Type still in use")
 def clear_backup(event: Event):
    for job in event.jobs:
        services = []
        for service in job.services:
            if not service.is_backup:
                services.append(service)
        job.services = services
 def get_event(event_id, with_backup=False) -> Event:
    event = Event.query.get(event_id)
    if event is None:
        raise NotFound
    if not with_backup:
        clear_backup(event)
    return event
 def get_templates():
    return Event.query.filter(Event.is_template == True).all()
 def get_events(
    start: Optional[datetime] = None,
    end: Optional[datetime] = None,
    limit: Optional[int] = None,
    offset: Optional[int] = None,
    descending: Optional[bool] = False,
    with_backup=False,
 ):
    """Query events which start from begin until end
    Args:
        start (datetime): Earliest start
        end (datetime): Latest start
        with_backup (bool): Export also backup services
    Returns: collection of Event objects
    """
    query = Event.query.filter(Event.is_template.__eq__(False))
    if start is not None:
        query = query.filter(start <= Event.start)
    if end is not None:
        query = query.filter(Event.start < end)
    if descending:
        query = query.order_by(Event.start.desc())
    else:
        query = query.order_by(Event.start)
    if limit is not None:
        query = query.limit(limit)
    if offset is not None and offset > 0:
        query = query.offset(offset)
    events = query.all()
    if not with_backup:
        for event in events:
            clear_backup(event)
    return events
 def delete_event(event_id):
    """Delete event with given ID
    Args:
        event_id: id of Event to delete
    Raises:
        NotFound if not found
    """
    event = get_event(event_id, True)
    for job in event.jobs:
        delete_job(job)
    db.session.delete(event)
    db.session.commit()
 def create_event(event_type, start, end=None, jobs=[], is_template=None, name=None, description=None):
    try:
        logger.debug(event_type)
        event = Event(
            start=start,
            end=end,
            name=name,
            description=description,
            type=event_type,
            is_template=is_template,
            jobs=jobs,
        )
        db.session.add(event)
        db.session.commit()
        return event
    except IntegrityError:
        logger.debug("Database error when creating new event", exc_info=True)
        raise BadRequest
 def get_job(job_id, event_id=None) -> Job:
    query = Job.query.filter(Job.id == job_id)
    if event_id is not None:
        query = query.filter(Job.event_id_ == event_id)
    job = query.one_or_none()
    if job is None:
        raise NotFound
    return job
 def add_job(event, job_type, required_services, start, end=None, comment=None):
    job = Job(
        required_services=required_services,
        type=job_type,
        start=start,
        end=end,
        comment=comment,
    )
    event.jobs.append(job)
    update()
    return job
 def update():
    try:
        db.session.commit()
    except IntegrityError:
        logger.debug(
            "Error, looks like a Job with that type already exists on an event",
            exc_info=True,
        )
        raise BadRequest()
 def delete_job(job: Job):
    for service in job.services:
        unassign_job(service=service, notify=True)
    db.session.delete(job)
    db.session.commit()
 def assign_job(job: Job, user, value, is_backup=False):
    assert value > 0
    service = Service.query.get((job.id, user.id_))
    if service:
        service.value = value
    else:
        service = Service(user_=user, value=value, is_backup=is_backup, job_=job)
        db.session.add(service)
    db.session.commit()
 def unassign_job(job: Job = None, user=None, service=None, notify=False):
    if service is None:
        assert job is not None and user is not None
        service = Service.query.get((job.id, user.id_))
    else:
        user = service.user_
    if not service:
        raise BadRequest
    event_id = service.job_.event_id_
    db.session.delete(service)
    db.session.commit()
    if notify:
        EventPlugin.plugin.notify(user, "Your assignmet was cancelled", {"event_id": event_id})
@scheduled
 def assign_backups():
    logger.debug("Notifications")
    now = datetime.now(tz=timezone.utc)
    #       now +    backup_time      +  next cron tick
    start = now + timedelta(hours=16) + timedelta(minutes=30)
    services = Service.query.filter(Service.is_backup == True).join(Job).filter(Job.start <= start).all()
    for service in services:
        if service.job_.start <= now or service.job_.is_full():
            EventPlugin.plugin.notify(
                service.user_,
                "Your backup assignment was cancelled.",
                {"event_id": service.job_.event_id_},
            )
            logger.debug(f"Service is outdated or full, removing. {service.serialize()}")
            db.session.delete(service)
        else:
            service.is_backup = False
            logger.debug(f"Service not full, assigning backup. {service.serialize()}")
            EventPlugin.plugin.notify(
                service.user_,
                "Your backup assignment was accepted.",
                {"event_id": service.job_.event_id_},
            )
    db.session.commit()
--- a/flaschengeist/plugins/events/models.py
+++ b/flaschengeist/plugins/events/models.py
@ -1,128 +0,0 @@
 from __future__ import annotations  # TODO: Remove if python requirement is >= 3.10
 from datetime import datetime
 from typing import Optional, Union
 from sqlalchemy import UniqueConstraint
 from flaschengeist.models import ModelSerializeMixin, UtcDateTime, Serial
 from flaschengeist.models.user import User
 from flaschengeist.database import db
 #########
 # Types #
 #########
 _table_prefix_ = "events_"
 class EventType(db.Model, ModelSerializeMixin):
    __tablename__ = _table_prefix_ + "event_type"
    id: int = db.Column(Serial, primary_key=True)
    name: str = db.Column(db.String(30), nullable=False, unique=True)
 class JobType(db.Model, ModelSerializeMixin):
    __tablename__ = _table_prefix_ + "job_type"
    id: int = db.Column(Serial, primary_key=True)
    name: str = db.Column(db.String(30), nullable=False, unique=True)
 ########
 # Jobs #
 ########
 class Service(db.Model, ModelSerializeMixin):
    __tablename__ = _table_prefix_ + "service"
    userid: str = ""
    is_backup: bool = db.Column(db.Boolean, default=False)
    value: float = db.Column(db.Numeric(precision=3, scale=2, asdecimal=False), nullable=False)
    _job_id = db.Column(
        "job_id",
        Serial,
        db.ForeignKey(f"{_table_prefix_}job.id"),
        nullable=False,
        primary_key=True,
    )
    _user_id = db.Column("user_id", Serial, db.ForeignKey("user.id"), nullable=False, primary_key=True)
    user_: User = db.relationship("User")
    job_: Job = db.relationship("Job")
    @property
    def userid(self):
        return self.user_.userid
 class Job(db.Model, ModelSerializeMixin):
    __tablename__ = _table_prefix_ + "job"
    _type_id = db.Column("type_id", Serial, db.ForeignKey(f"{_table_prefix_}job_type.id"), nullable=False)
    id: int = db.Column(Serial, primary_key=True)
    start: datetime = db.Column(UtcDateTime, nullable=False)
    end: Optional[datetime] = db.Column(UtcDateTime)
    type: Union[JobType, int] = db.relationship("JobType")
    comment: Optional[str] = db.Column(db.String(256))
    locked: bool = db.Column(db.Boolean())
    services: list[Service] = db.relationship("Service", back_populates="job_")
    required_services: float = db.Column(db.Numeric(precision=4, scale=2, asdecimal=False), nullable=False)
    event_ = db.relationship("Event", back_populates="jobs")
    event_id_ = db.Column("event_id", Serial, db.ForeignKey(f"{_table_prefix_}event.id"), nullable=False)
    __table_args__ = (UniqueConstraint("type_id", "start", "event_id", name="_type_start_uc"),)
 ##########
 # Events #
 ##########
 class Event(db.Model, ModelSerializeMixin):
    """Model for an Event"""
    __tablename__ = _table_prefix_ + "event"
    id: int = db.Column(Serial, primary_key=True)
    start: datetime = db.Column(UtcDateTime, nullable=False)
    end: Optional[datetime] = db.Column(UtcDateTime)
    name: Optional[str] = db.Column(db.String(255))
    description: Optional[str] = db.Column(db.String(512))
    type: Union[EventType, int] = db.relationship("EventType")
    is_template: bool = db.Column(db.Boolean, default=False)
    jobs: list[Job] = db.relationship(
        "Job",
        back_populates="event_",
        cascade="all,delete,delete-orphan",
        order_by="[Job.start, Job.end]",
    )
    # Protected for internal use
    _type_id = db.Column(
        "type_id",
        Serial,
        db.ForeignKey(f"{_table_prefix_}event_type.id", ondelete="CASCADE"),
        nullable=False,
    )
 class Invite(db.Model, ModelSerializeMixin):
    __tablename__ = _table_prefix_ + "invite"
    id: int = db.Column(Serial, primary_key=True)
    job_id: int = db.Column(Serial, db.ForeignKey(_table_prefix_ + "job.id"), nullable=False)
    # Dummy properties for API export
    invitee_id: str = None
    sender_id: str = None
    # Not exported properties for backend use
    invitee_: User = db.relationship("User", foreign_keys="Invite._invitee_id")
    sender_: User = db.relationship("User", foreign_keys="Invite._sender_id")
    # Protected properties needed for internal use
    _invitee_id = db.Column("invitee_id", Serial, db.ForeignKey("user.id"), nullable=False)
    _sender_id = db.Column("sender_id", Serial, db.ForeignKey("user.id"), nullable=False)
    @property
    def invitee_id(self):
        return self.invitee_.userid
    @property
    def sender_id(self):
        return self.sender_.userid
--- a/flaschengeist/plugins/events/permissions.py
+++ b/flaschengeist/plugins/events/permissions.py
@ -1,28 +0,0 @@
 CREATE = "events_create"
 """Can create events"""
 EDIT = "events_edit"
 """Can edit events"""
 DELETE = "events_delete"
 """Can delete events"""
 EVENT_TYPE = "events_event_type"
 """Can create and edit EventTypes"""
 JOB_TYPE = "events_job_type"
 """Can create and edit JobTypes"""
 ASSIGN = "events_assign"
 """Can self assign to jobs"""
 ASSIGN_OTHER = "events_assign_other"
 """Can assign other users to jobs"""
 SEE_BACKUP = "events_see_backup"
 """Can see users assigned as backup"""
 LOCK_JOBS = "events_lock_jobs"
 """Can lock jobs, no further services can be assigned or unassigned"""
 permissions = [value for key, value in globals().items() if not key.startswith("_")]
--- a/flaschengeist/plugins/events/routes.py
+++ b/flaschengeist/plugins/events/routes.py
@ -1,513 +0,0 @@
 from datetime import datetime, timedelta, timezone
 from http.client import NO_CONTENT
 from re import template
 from flask import request, jsonify
 from sqlalchemy import exc
 from werkzeug.exceptions import BadRequest, NotFound, Forbidden
 from flaschengeist.models.session import Session
 from flaschengeist.plugins.events.models import Job
 from flaschengeist.utils.decorators import login_required
 from flaschengeist.utils.datetime import from_iso_format
 from flaschengeist.controller import userController
 from . import event_controller, permissions, EventPlugin
 from ...utils.HTTP import no_content
 def dict_get(self, key, default=None, type=None):
    """Same as .get from MultiDict"""
    try:
        rv = self[key]
    except KeyError:
        return default
    if type is not None:
        try:
            rv = type(rv)
        except ValueError:
            rv = default
    return rv
@EventPlugin.blueprint.route("/events/templates", methods=["GET"])
@login_required()
 def get_templates(current_session):
    return jsonify(event_controller.get_templates())
@EventPlugin.blueprint.route("/events/event-types", methods=["GET"])
@EventPlugin.blueprint.route("/events/event-types/<int:identifier>", methods=["GET"])
@login_required()
 def get_event_types(current_session, identifier=None):
    """Get EventType(s)
    Route: ``/events/event-types`` | Method: ``GET``
    Route: ``/events/event-types/<identifier>`` | Method: ``GET``
    Args:
        current_session: Session sent with Authorization Header
        identifier: If querying a specific EventType
    Returns:
        JSON encoded (list of) EventType(s) or HTTP-error
    """
    if identifier:
        result = event_controller.get_event_type(identifier)
    else:
        result = event_controller.get_event_types()
    return jsonify(result)
@EventPlugin.blueprint.route("/events/event-types", methods=["POST"])
@login_required(permission=permissions.EVENT_TYPE)
 def new_event_type(current_session):
    """Create a new EventType
    Route: ``/events/event-types`` | Method: ``POST``
    POST-data: ``{name: string}``
    Args:
        current_session: Session sent with Authorization Header
    Returns:
        HTTP-Created or HTTP-error
    """
    data = request.get_json()
    if "name" not in data:
        raise BadRequest
    event_type = event_controller.create_event_type(data["name"])
    return jsonify(event_type)
@EventPlugin.blueprint.route("/events/event-types/<int:identifier>", methods=["PUT", "DELETE"])
@login_required(permission=permissions.EVENT_TYPE)
 def modify_event_type(identifier, current_session):
    """Rename or delete an event type
    Route: ``/events/event-types/<id>`` | Method: ``PUT`` or ``DELETE``
    POST-data: (if renaming) ``{name: string}``
    Args:
        identifier: Identifier of the EventType
        current_session: Session sent with Authorization Header
    Returns:
        HTTP-NoContent or HTTP-error
    """
    if request.method == "DELETE":
        event_controller.delete_event_type(identifier)
    else:
        data = request.get_json()
        if "name" not in data:
            raise BadRequest("Parameter missing in data")
        event_controller.rename_event_type(identifier, data["name"])
    return "", NO_CONTENT
@EventPlugin.blueprint.route("/events/job-types", methods=["GET"])
@login_required()
 def get_job_types(current_session):
    """Get all JobTypes
    Route: ``/events/job-types`` | Method: ``GET``
    Args:
        current_session: Session sent with Authorization Header
    Returns:
        JSON encoded list of JobType HTTP-error
    """
    types = event_controller.get_job_types()
    return jsonify(types)
@EventPlugin.blueprint.route("/events/job-types", methods=["POST"])
@login_required(permission=permissions.JOB_TYPE)
 def new_job_type(current_session):
    """Create a new JobType
    Route: ``/events/job-types`` | Method: ``POST``
    POST-data: ``{name: string}``
    Args:
        current_session: Session sent with Authorization Header
    Returns:
        JSON encoded JobType or HTTP-error
    """
    data = request.get_json()
    if "name" not in data:
        raise BadRequest
    jt = event_controller.create_job_type(data["name"])
    return jsonify(jt)
@EventPlugin.blueprint.route("/events/job-types/<int:type_id>", methods=["PUT", "DELETE"])
@login_required(permission=permissions.JOB_TYPE)
 def modify_job_type(type_id, current_session):
    """Rename or delete a JobType
    Route: ``/events/job-types/<name>`` | Method: ``PUT`` or ``DELETE``
    POST-data: (if renaming) ``{name: string}``
    Args:
        type_id: Identifier of the JobType
        current_session: Session sent with Authorization Header
    Returns:
        HTTP-NoContent or HTTP-error
    """
    if request.method == "DELETE":
        event_controller.delete_job_type(type_id)
    else:
        data = request.get_json()
        if "name" not in data:
            raise BadRequest("Parameter missing in data")
        event_controller.rename_job_type(type_id, data["name"])
    return "", NO_CONTENT
@EventPlugin.blueprint.route("/events/<int:event_id>", methods=["GET"])
@login_required()
 def get_event(event_id, current_session):
    """Get event by id
    Route: ``/events/<event_id>`` | Method: ``GET``
    Args:
        event_id: ID identifying the event
        current_session: Session sent with Authorization Header
    Returns:
        JSON encoded event object
    """
    event = event_controller.get_event(
        event_id,
        with_backup=current_session.user_.has_permission(permissions.SEE_BACKUP),
    )
    return jsonify(event)
@EventPlugin.blueprint.route("/events", methods=["GET"])
@login_required()
 def get_filtered_events(current_session):
    begin = request.args.get("from", type=from_iso_format)
    end = request.args.get("to", type=from_iso_format)
    limit = request.args.get("limit", type=int)
    offset = request.args.get("offset", type=int)
    descending = "descending" in request.args
    if begin is None and end is None:
        begin = datetime.now()
    return jsonify(
        event_controller.get_events(
            start=begin,
            end=end,
            limit=limit,
            offset=offset,
            descending=descending,
            with_backup=current_session.user_.has_permission(permissions.SEE_BACKUP),
        )
    )
@EventPlugin.blueprint.route("/events/<int:year>/<int:month>", methods=["GET"])
@EventPlugin.blueprint.route("/events/<int:year>/<int:month>/<int:day>", methods=["GET"])
@login_required()
 def get_events(current_session, year=datetime.now().year, month=datetime.now().month, day=None):
    """Get Event objects for specified date (or month or year),
     if nothing set then events for current month are returned
    Route: ``/events[/<year>/<month>[/<int:day>]]`` | Method: ``GET``
    Args:
        year (int, optional): year to query, defaults to current year
        month (int, optional): month to query (if set), defaults to current month
        day (int, optional): day to query events for (if set)
        current_session: Session sent with Authorization Header
    Returns:
        JSON encoded list containing events found or HTTP-error
    """
    try:
        begin = datetime(year=year, month=month, day=1, tzinfo=timezone.utc)
        if day:
            begin += timedelta(days=day - 1)
            end = begin + timedelta(days=1)
        else:
            if month == 12:
                end = datetime(year=year + 1, month=1, day=1, tzinfo=timezone.utc)
            else:
                end = datetime(year=year, month=month + 1, day=1, tzinfo=timezone.utc)
        events = event_controller.get_events(
            begin,
            end,
            with_backup=current_session.user_.has_permission(permissions.SEE_BACKUP),
        )
        return jsonify(events)
    except ValueError:
        raise BadRequest("Invalid date given")
 def _add_job(event, data):
    try:
        start = from_iso_format(data["start"])
        end = dict_get(data, "end", None, type=from_iso_format)
        required_services = data["required_services"]
        job_type = data["type"]
        if isinstance(job_type, dict):
            job_type = data["type"]["id"]
    except (KeyError, ValueError):
        raise BadRequest("Missing or invalid POST parameter")
    job_type = event_controller.get_job_type(job_type)
    event_controller.add_job(
        event,
        job_type,
        required_services,
        start,
        end,
        comment=dict_get(data, "comment", None, str),
    )
@EventPlugin.blueprint.route("/events", methods=["POST"])
@login_required(permission=permissions.CREATE)
 def create_event(current_session):
    """Create an new event
    Route: ``/events`` | Method: ``POST``
    POST-data: See interfaces for Event, can already contain jobs
    Args:
        current_session: Session sent with Authorization Header
    Returns:
        JSON encoded Event object or HTTP-error
    """
    data = request.get_json()
    try:
        start = from_iso_format(data["start"])
        end = dict_get(data, "end", None, type=from_iso_format)
        data_type = data["type"]
        if isinstance(data_type, dict):
            data_type = data["type"]["id"]
        event_type = event_controller.get_event_type(data_type)
    except KeyError:
        raise BadRequest("Missing POST parameter")
    except (NotFound, ValueError):
        raise BadRequest("Invalid parameter")
    event = event_controller.create_event(
        start=start,
        end=end,
        name=dict_get(data, "name", None),
        is_template=dict_get(data, "is_template", None),
        event_type=event_type,
        description=dict_get(data, "description", None),
    )
    if "jobs" in data:
        for job in data["jobs"]:
            _add_job(event, job)
    return jsonify(event)
@EventPlugin.blueprint.route("/events/<int:event_id>", methods=["PUT"])
@login_required(permission=permissions.EDIT)
 def modify_event(event_id, current_session):
    """Modify an event
    Route: ``/events/<event_id>`` | Method: ``PUT``
    POST-data: See interfaces for Event, can already contain slots
    Args:
        event_id: Identifier of the event
        current_session: Session sent with Authorization Header
    Returns:
        JSON encoded Event object or HTTP-error
    """
    event = event_controller.get_event(event_id)
    data = request.get_json()
    event.start = dict_get(data, "start", event.start, type=from_iso_format)
    event.end = dict_get(data, "end", event.end, type=from_iso_format)
    event.name = dict_get(data, "name", event.name, type=str)
    event.description = dict_get(data, "description", event.description, type=str)    
    if "type" in data:
        event_type = event_controller.get_event_type(data["type"])
        event.type = event_type
    event_controller.update()
    return jsonify(event)
@EventPlugin.blueprint.route("/events/<int:event_id>", methods=["DELETE"])
@login_required(permission=permissions.DELETE)
 def delete_event(event_id, current_session):
    """Delete an event
    Route: ``/events/<event_id>`` | Method: ``DELETE``
    Args:
        event_id: Identifier of the event
        current_session: Session sent with Authorization Header
    Returns:
        HTTP-NoContent or HTTP-error
    """
    event_controller.delete_event(event_id)
    return "", NO_CONTENT
@EventPlugin.blueprint.route("/events/<int:event_id>/jobs", methods=["POST"])
@login_required(permission=permissions.EDIT)
 def add_job(event_id, current_session):
    """Add an new Job to an Event / EventSlot
    Route: ``/events/<event_id>/jobs`` | Method: ``POST``
    POST-data: See Job
    Args:
        event_id: Identifier of the event
        current_session: Session sent with Authorization Header
    Returns:
        JSON encoded Event object or HTTP-error
    """
    event = event_controller.get_event(event_id)
    _add_job(event, request.get_json())
    return jsonify(event)
@EventPlugin.blueprint.route("/events/<int:event_id>/jobs/<int:job_id>", methods=["DELETE"])
@login_required(permission=permissions.DELETE)
 def delete_job(event_id, job_id, current_session):
    """Delete a Job
    Route: ``/events/<event_id>/jobs/<job_id>`` | Method: ``DELETE``
    Args:
        event_id: Identifier of the event
        job_id: Identifier of the Job
        current_session: Session sent with Authorization Header
    Returns:
        HTTP-no-content or HTTP error
    """
    job = event_controller.get_job(job_id, event_id)
    event_controller.delete_job(job)
    return no_content()
@EventPlugin.blueprint.route("/events/<int:event_id>/jobs/<int:job_id>", methods=["PUT"])
@login_required()
 def update_job(event_id, job_id, current_session: Session):
    """Edit Job
    Route: ``/events/<event_id>/jobs/<job_id>`` | Method: ``PUT``
    POST-data: See TS interface for Job
    Args:
        event_id: Identifier of the event
        job_id: Identifier of the Job
        current_session: Session sent with Authorization Header
    Returns:
        JSON encoded Job object or HTTP-error
    """
    if not current_session.user_.has_permission(permissions.EDIT):
        raise Forbidden
    data = request.get_json()
    if not data:
        raise BadRequest
    job = event_controller.get_job(job_id, event_id)
    try:
        if "type" in data:
            job.type = event_controller.get_job_type(data["type"])
        job.start = from_iso_format(data.get("start", job.start))
        job.end = from_iso_format(data.get("end", job.end))
        job.comment = str(data.get("comment", job.comment))
        job.locked = bool(data.get("locked", job.locked))
        job.required_services = float(data.get("required_services", job.required_services))
        event_controller.update()
    except NotFound:
        raise BadRequest("Invalid JobType")
    except ValueError:
        raise BadRequest("Invalid POST data")
    return jsonify(job)
@EventPlugin.blueprint.route("/events/jobs/<int:job_id>/assign", methods=["POST"])
@login_required()
 def assign_job(job_id, current_session: Session):
    """Assign / unassign user to the Job
    Route: ``/events/jobs/<job_id>/assign`` | Method: ``POST``
    POST-data: a Service object, see TS interface for Service
    Args:
        job_id: Identifier of the Job
        current_session: Session sent with Authorization Header
    Returns:
        HTTP-No-Content or HTTP-error
    """
    data = request.get_json()
    job = event_controller.get_job(job_id)
    try:
        user = userController.get_user(data["userid"])
        value = data["value"]
        if (user == current_session.user_ and not user.has_permission(permissions.ASSIGN)) or (
            user != current_session.user_ and not current_session.user_.has_permission(permissions.ASSIGN_OTHER)
        ):
            raise Forbidden
        if value > 0:
            event_controller.assign_job(job, user, value, data.get("is_backup", False))
        else:
            event_controller.unassign_job(job, user, notify=user != current_session.user_)
    except (TypeError, KeyError, ValueError):
        raise BadRequest
    return no_content()
@EventPlugin.blueprint.route("/events/jobs/<int:job_id>/lock", methods=["POST"])
@login_required(permissions.LOCK_JOBS)
 def lock_job(job_id, current_session: Session):
    """Lock / unlock the Job
    Route: ``/events/jobs/<job_id>/lock`` | Method: ``POST``
    POST-data: ``{locked: boolean}``
    Args:
        job_id: Identifier of the Job
        current_session: Session sent with Authorization Header
    Returns:
        HTTP-No-Content or HTTP-error
    """
    data = request.get_json()
    job = event_controller.get_job(job_id)
    try:
        locked = bool(userController.get_user(data["locked"]))
        job.locked = locked
        event_controller.update()
    except (TypeError, KeyError, ValueError):
        raise BadRequest
    return no_content()
 # TODO: JobTransfer
--- a/flaschengeist/plugins/message_mail.py
+++ b/flaschengeist/plugins/message_mail.py
@ -3,17 +3,16 @@ from email.mime.text import MIMEText
 from email.mime.multipart import MIMEMultipart
 from flaschengeist import logger
-from flaschengeist.models.user import User
+from flaschengeist.models import User
 from flaschengeist.plugins import Plugin
 from flaschengeist.utils.hook import HookAfter
 from flaschengeist.controller import userController
 from flaschengeist.controller.messageController import Message
 from . import Plugin
 class MailMessagePlugin(Plugin):
-    def __init__(self, config):
+    def __init__(self, entry_point, config):
-        super().__init__()
+        super().__init__(entry_point, config)
        self.server = config["SERVER"]
        self.port = config["PORT"]
        self.user = config["USER"]
--- a/flaschengeist/plugins/pricelist/init.py
+++ b/flaschengeist/plugins/pricelist/init.py
@ -1,14 +1,12 @@
 """Pricelist plugin"""
-
+from flask import Blueprint, jsonify, request
 from flask import Blueprint, jsonify, request, current_app
 from werkzeug.local import LocalProxy
 from werkzeug.exceptions import BadRequest, Forbidden, NotFound, Unauthorized
 from flaschengeist import logger
 from flaschengeist.controller import userController
 from flaschengeist.controller.imageController import send_image, send_thumbnail
 from flaschengeist.plugins import Plugin
-from flaschengeist.utils.decorators import login_required, extract_session, headers
+from flaschengeist.utils.decorators import login_required, extract_session
 from flaschengeist.utils.HTTP import no_content
 from . import models
@ -16,16 +14,15 @@ from . import pricelist_controller, permissions
 class PriceListPlugin(Plugin):
    name = "pricelist"
    permissions = permissions.permissions
    blueprint = Blueprint(name, __name__, url_prefix="/pricelist")
    plugin = LocalProxy(lambda: current_app.config["FG_PLUGINS"][PriceListPlugin.name])
    models = models
    blueprint = Blueprint("pricelist", __name__, url_prefix="/pricelist")
-    def __init__(self, cfg):
+    def install(self):
-        super().__init__(cfg)
+        self.install_permissions(permissions.permissions)
    def load(self):
        config = {"discount": 0}
-        config.update(cfg)
+        config.update(config)
@PriceListPlugin.blueprint.route("/drink-types", methods=["GET"])
@ -738,7 +735,7 @@ def set_picture(identifier, current_session):
@PriceListPlugin.blueprint.route("/drinks/<int:identifier>/picture", methods=["GET"])
-#@headers({"Cache-Control": "private, must-revalidate"})
+# @headers({"Cache-Control": "private, must-revalidate"})
 def _get_picture(identifier):
    """Get Picture
--- a/flaschengeist/plugins/pricelist/migrations/58ab9b6a8839_pricelist_initial.py
+++ b/flaschengeist/plugins/pricelist/migrations/58ab9b6a8839_pricelist_initial.py
@ -0,0 +1,141 @@
 """pricelist: initial
 Revision ID: 58ab9b6a8839
 Revises: 
 Create Date: 2022-02-23 14:45:30.563647
 """
 from alembic import op
 import sqlalchemy as sa
 import flaschengeist
 # revision identifiers, used by Alembic.
 revision = "58ab9b6a8839"
 down_revision = None
 branch_labels = ("pricelist",)
 depends_on = "flaschengeist"
 def upgrade():
    # ### commands auto generated by Alembic - please adjust! ###
    op.create_table(
        "drink_extra_ingredient",
        sa.Column("id", flaschengeist.models.Serial(), nullable=False),
        sa.Column("name", sa.String(length=30), nullable=False),
        sa.Column("price", sa.Numeric(precision=5, scale=2, asdecimal=False), nullable=True),
        sa.PrimaryKeyConstraint("id", name=op.f("pk_drink_extra_ingredient")),
        sa.UniqueConstraint("name", name=op.f("uq_drink_extra_ingredient_name")),
    )
    op.create_table(
        "drink_tag",
        sa.Column("id", flaschengeist.models.Serial(), nullable=False),
        sa.Column("name", sa.String(length=30), nullable=False),
        sa.Column("color", sa.String(length=7), nullable=False),
        sa.PrimaryKeyConstraint("id", name=op.f("pk_drink_tag")),
        sa.UniqueConstraint("name", name=op.f("uq_drink_tag_name")),
    )
    op.create_table(
        "drink_type",
        sa.Column("id", flaschengeist.models.Serial(), nullable=False),
        sa.Column("name", sa.String(length=30), nullable=False),
        sa.PrimaryKeyConstraint("id", name=op.f("pk_drink_type")),
        sa.UniqueConstraint("name", name=op.f("uq_drink_type_name")),
    )
    op.create_table(
        "drink",
        sa.Column("id", flaschengeist.models.Serial(), nullable=False),
        sa.Column("article_id", sa.String(length=64), nullable=True),
        sa.Column("package_size", sa.Integer(), nullable=True),
        sa.Column("name", sa.String(length=60), nullable=False),
        sa.Column("volume", sa.Numeric(precision=5, scale=2, asdecimal=False), nullable=True),
        sa.Column("cost_per_volume", sa.Numeric(precision=5, scale=3, asdecimal=False), nullable=True),
        sa.Column("cost_per_package", sa.Numeric(precision=5, scale=3, asdecimal=False), nullable=True),
        sa.Column("receipt", sa.PickleType(), nullable=True),
        sa.Column("type_id", flaschengeist.models.Serial(), nullable=True),
        sa.Column("image_id", flaschengeist.models.Serial(), nullable=True),
        sa.ForeignKeyConstraint(["image_id"], ["image.id"], name=op.f("fk_drink_image_id_image")),
        sa.ForeignKeyConstraint(["type_id"], ["drink_type.id"], name=op.f("fk_drink_type_id_drink_type")),
        sa.PrimaryKeyConstraint("id", name=op.f("pk_drink")),
    )
    op.create_table(
        "drink_ingredient",
        sa.Column("id", flaschengeist.models.Serial(), nullable=False),
        sa.Column("volume", sa.Numeric(precision=5, scale=2, asdecimal=False), nullable=False),
        sa.Column("ingredient_id", flaschengeist.models.Serial(), nullable=True),
        sa.ForeignKeyConstraint(["ingredient_id"], ["drink.id"], name=op.f("fk_drink_ingredient_ingredient_id_drink")),
        sa.PrimaryKeyConstraint("id", name=op.f("pk_drink_ingredient")),
    )
    op.create_table(
        "drink_price_volume",
        sa.Column("id", flaschengeist.models.Serial(), nullable=False),
        sa.Column("drink_id", flaschengeist.models.Serial(), nullable=True),
        sa.Column("volume", sa.Numeric(precision=5, scale=2, asdecimal=False), nullable=True),
        sa.ForeignKeyConstraint(["drink_id"], ["drink.id"], name=op.f("fk_drink_price_volume_drink_id_drink")),
        sa.PrimaryKeyConstraint("id", name=op.f("pk_drink_price_volume")),
    )
    op.create_table(
        "drink_x_tag",
        sa.Column("drink_id", flaschengeist.models.Serial(), nullable=True),
        sa.Column("tag_id", flaschengeist.models.Serial(), nullable=True),
        sa.ForeignKeyConstraint(["drink_id"], ["drink.id"], name=op.f("fk_drink_x_tag_drink_id_drink")),
        sa.ForeignKeyConstraint(["tag_id"], ["drink_tag.id"], name=op.f("fk_drink_x_tag_tag_id_drink_tag")),
    )
    op.create_table(
        "drink_x_type",
        sa.Column("drink_id", flaschengeist.models.Serial(), nullable=True),
        sa.Column("type_id", flaschengeist.models.Serial(), nullable=True),
        sa.ForeignKeyConstraint(["drink_id"], ["drink.id"], name=op.f("fk_drink_x_type_drink_id_drink")),
        sa.ForeignKeyConstraint(["type_id"], ["drink_type.id"], name=op.f("fk_drink_x_type_type_id_drink_type")),
    )
    op.create_table(
        "drink_ingredient_association",
        sa.Column("id", flaschengeist.models.Serial(), nullable=False),
        sa.Column("volume_id", flaschengeist.models.Serial(), nullable=True),
        sa.Column("_drink_ingredient_id", flaschengeist.models.Serial(), nullable=True),
        sa.Column("_extra_ingredient_id", flaschengeist.models.Serial(), nullable=True),
        sa.ForeignKeyConstraint(
            ["_drink_ingredient_id"],
            ["drink_ingredient.id"],
            name=op.f("fk_drink_ingredient_association__drink_ingredient_id_drink_ingredient"),
        ),
        sa.ForeignKeyConstraint(
            ["_extra_ingredient_id"],
            ["drink_extra_ingredient.id"],
            name=op.f("fk_drink_ingredient_association__extra_ingredient_id_drink_extra_ingredient"),
        ),
        sa.ForeignKeyConstraint(
            ["volume_id"],
            ["drink_price_volume.id"],
            name=op.f("fk_drink_ingredient_association_volume_id_drink_price_volume"),
        ),
        sa.PrimaryKeyConstraint("id", name=op.f("pk_drink_ingredient_association")),
    )
    op.create_table(
        "drink_price",
        sa.Column("id", flaschengeist.models.Serial(), nullable=False),
        sa.Column("price", sa.Numeric(precision=5, scale=2, asdecimal=False), nullable=True),
        sa.Column("volume_id", flaschengeist.models.Serial(), nullable=True),
        sa.Column("public", sa.Boolean(), nullable=True),
        sa.Column("description", sa.String(length=30), nullable=True),
        sa.ForeignKeyConstraint(
            ["volume_id"], ["drink_price_volume.id"], name=op.f("fk_drink_price_volume_id_drink_price_volume")
        ),
        sa.PrimaryKeyConstraint("id", name=op.f("pk_drink_price")),
    )
    # ### end Alembic commands ###
 def downgrade():
    # ### commands auto generated by Alembic - please adjust! ###
    op.drop_table("drink_price")
    op.drop_table("drink_ingredient_association")
    op.drop_table("drink_x_type")
    op.drop_table("drink_x_tag")
    op.drop_table("drink_price_volume")
    op.drop_table("drink_ingredient")
    op.drop_table("drink")
    op.drop_table("drink_type")
    op.drop_table("drink_tag")
    op.drop_table("drink_extra_ingredient")
    # ### end Alembic commands ###
--- a/flaschengeist/plugins/pricelist/models.py
+++ b/flaschengeist/plugins/pricelist/models.py
@ -1,11 +1,12 @@
-from __future__ import annotations  # TODO: Remove if python requirement is >= 3.10
+from __future__ import annotations  # TODO: Remove if python requirement is >= 3.12 (? PEP 563 is defered)
 from flaschengeist.database import db
 from flaschengeist.models import ModelSerializeMixin, Serial
 from flaschengeist.models.image import Image
 from typing import Optional
 from flaschengeist.database import db
 from flaschengeist.database.types import ModelSerializeMixin, Serial
 from flaschengeist.models import Image
 drink_tag_association = db.Table(
    "drink_x_tag",
    db.Column("drink_id", Serial, db.ForeignKey("drink.id")),
--- a/flaschengeist/plugins/roles/init.py
+++ b/flaschengeist/plugins/roles/init.py
@ -5,21 +5,20 @@ Provides routes used to configure roles and permissions of users / roles.
 from werkzeug.exceptions import BadRequest
 from flask import Blueprint, request, jsonify
 from http.client import NO_CONTENT
 from flaschengeist.plugins import Plugin
 from flaschengeist.utils.decorators import login_required
 from flaschengeist.controller import roleController
-from flaschengeist.utils.HTTP import created
+from flaschengeist.utils.HTTP import created, no_content
 from flaschengeist.utils.decorators import login_required
-_permission_edit = "roles_edit"
+from . import permissions
 _permission_delete = "roles_delete"
 class RolesPlugin(Plugin):
-    name = "roles"
+    blueprint = Blueprint("roles", __name__)
-    blueprint = Blueprint(name, __name__)
+
-    permissions = [_permission_edit, _permission_delete]
+    def install(self):
        self.install_permissions(permissions.permissions)
@RolesPlugin.blueprint.route("/roles", methods=["GET"])
@ -40,7 +39,7 @@ def list_roles(current_session):
@RolesPlugin.blueprint.route("/roles", methods=["POST"])
-@login_required(permission=_permission_edit)
+@login_required(permission=permissions.EDIT)
 def create_role(current_session):
    """Create new role
@ -98,7 +97,7 @@ def get_role(role_name, current_session):
@RolesPlugin.blueprint.route("/roles/<int:role_id>", methods=["PUT"])
-@login_required(permission=_permission_edit)
+@login_required(permission=permissions.EDIT)
 def edit_role(role_id, current_session):
    """Edit role, rename and / or set permissions
@ -118,13 +117,13 @@ def edit_role(role_id, current_session):
    data = request.get_json()
    if "permissions" in data:
        roleController.set_permissions(role, data["permissions"])
-    if "name" in data:
+    if "name" in data and data["name"] != role.name:
        roleController.update_role(role, data["name"])
-    return "", NO_CONTENT
+    return no_content()
@RolesPlugin.blueprint.route("/roles/<int:role_id>", methods=["DELETE"])
-@login_required(permission=_permission_delete)
+@login_required(permission=permissions.DELETE)
 def delete_role(role_id, current_session):
    """Delete role
@ -135,8 +134,8 @@ def delete_role(role_id, current_session):
        current_session: Session sent with Authorization Header
    Returns:
-        HTTP-204 or HTTP error
+        HTTP-204 or HTTP error (HTTP-409 Conflict if role still in use)
    """
    role = roleController.get(role_id)
    roleController.delete(role)
-    return "", NO_CONTENT
+    return no_content()
--- a/flaschengeist/plugins/roles/permissions.py
+++ b/flaschengeist/plugins/roles/permissions.py
@ -0,0 +1,7 @@
 EDIT = "roles_edit"
 """Can edit roles, assign permissions to roles and change names"""
 DELETE = "roles_delete"
 """Can delete roles"""
 permissions = [value for key, value in globals().items() if not key.startswith("_")]
--- a/flaschengeist/plugins/scheduler.py
+++ b/flaschengeist/plugins/scheduler.py
@ -0,0 +1,85 @@
 from flask import Blueprint
 from datetime import datetime, timedelta
 from flaschengeist import logger
 from flaschengeist.config import config
 from flaschengeist.plugins import Plugin
 from flaschengeist.utils.HTTP import no_content
 class __Task:
    def __init__(self, function, **kwags):
        self.function = function
        self.interval = timedelta(**kwags)
 _scheduled_tasks: dict[__Task] = dict()
 def add_scheduled(id: str, function, replace=False, **kwargs):
    if id not in _scheduled_tasks or replace:
        _scheduled_tasks[id] = __Task(function, **kwargs)
        logger.info(f"Registered task: {id}")
    else:
        logger.debug(f"Skipping already registered task: {id}")
 def scheduled(id: str, replace=False, **kwargs):
    """
    kwargs: days, hours, minutes
    """
    def real_decorator(function):
        add_scheduled(id, function, replace, **kwargs)
        return function
    if not isinstance(id, str):
        raise TypeError
    return real_decorator
 class SchedulerPlugin(Plugin):
    blueprint = Blueprint("scheduler", __name__)
    def load(self):
        def __view_func():
            self.run_tasks()
            return no_content()
        def __passiv_func(v):
            try:
                self.run_tasks()
            except:
                logger.error("Error while executing scheduled tasks!", exc_info=True)
        cron = config.get("scheduler", {}).get("cron", "passive_web").lower()
        if cron == "passive_web":
            self.blueprint.teardown_app_request(__passiv_func)
        elif cron == "active_web":
            self.blueprint.add_url_rule("/cron", view_func=__view_func)
    def run_tasks(self):
        from ..database import db
        self = db.session.merge(self)
        changed = False
        now = datetime.now()
        status = self.get_setting("status", default=dict())
        for id, task in _scheduled_tasks.items():
            last_run = status.setdefault(id, now)
            if last_run + task.interval <= now:
                logger.debug(
                    f"Run task {id}, was scheduled for {last_run + task.interval}, next iteration: {now + task.interval}"
                )
                task.function()
                changed = True
            else:
                logger.debug(f"Skip task {id}, is scheduled for {last_run + task.interval}")
        if changed:
            # Remove not registered tasks
            for id in status.keys():
                if id not in _scheduled_tasks.keys():
                    del status[id]
        self.set_setting("status", status)
--- a/flaschengeist/plugins/users/init.py
+++ b/flaschengeist/plugins/users/init.py
@ -2,15 +2,15 @@
 Provides routes used to manage users
 """
-from http.client import NO_CONTENT, CREATED
+from http.client import CREATED
-from flask import Blueprint, request, jsonify, make_response, Response
+from flask import Blueprint, request, jsonify, make_response
-from werkzeug.exceptions import BadRequest, Forbidden, MethodNotAllowed, NotFound
+from werkzeug.exceptions import BadRequest, Forbidden, MethodNotAllowed
 from . import permissions
 from flaschengeist import logger
 from flaschengeist.config import config
 from flaschengeist.plugins import Plugin
-from flaschengeist.models.user import User, _Avatar
+from flaschengeist.models import User
 from flaschengeist.utils.decorators import login_required, extract_session, headers
 from flaschengeist.controller import userController
 from flaschengeist.utils.HTTP import created, no_content
@ -18,9 +18,10 @@ from flaschengeist.utils.datetime import from_iso_format
 class UsersPlugin(Plugin):
-    name = "users"
+    blueprint = Blueprint("users", __name__)
-    blueprint = Blueprint(name, __name__)
+
-    permissions = permissions.permissions
+    def install(self):
        self.install_permissions(permissions.permissions)
@UsersPlugin.blueprint.route("/users", methods=["POST"])
@ -89,7 +90,9 @@ def get_user(userid, current_session):
        JSON encoded `flaschengeist.models.user.User` or if userid is current user also containing permissions or HTTP error
    """
    logger.debug("Get information of user {{ {} }}".format(userid))
-    user: User = userController.get_user(userid)
+    user: User = userController.get_user(
        userid, True
    )  # This is the only API point that should return data for deleted users
    serial = user.serialize()
    if userid == current_session.user_.userid:
        serial["permissions"] = user.get_permissions()
@ -118,12 +121,7 @@ def frontend(userid, current_session):
@headers({"Cache-Control": "public, max-age=604800"})
 def get_avatar(userid):
    user = userController.get_user(userid)
-    avatar = userController.load_avatar(user)
+    return userController.load_avatar(user)
    if len(avatar.binary) > 0:
        response = Response(avatar.binary, mimetype=avatar.mimetype)
        response.add_etag()
        return response.make_conditional(request)
    raise NotFound
@UsersPlugin.blueprint.route("/users/<userid>/avatar", methods=["POST"])
@ -135,10 +133,7 @@ def set_avatar(userid, current_session):
    file = request.files.get("file")
    if file:
-        avatar = _Avatar()
+        userController.save_avatar(user, file)
        avatar.mimetype = file.content_type
        avatar.binary = bytearray(file.stream.read())
        userController.save_avatar(user, avatar)
        return created()
    else:
        raise BadRequest
@ -151,7 +146,7 @@ def delete_avatar(userid, current_session):
    if userid != current_session.user_.userid and not current_session.user_.has_permission(permissions.EDIT):
        raise Forbidden
    userController.delete_avatar(user)
-    return "", NO_CONTENT
+    return no_content()
@UsersPlugin.blueprint.route("/users/<userid>", methods=["DELETE"])
@ -170,8 +165,8 @@ def delete_user(userid, current_session):
    """
    logger.debug("Delete user {{ {} }}".format(userid))
    user = userController.get_user(userid)
-    userController.delete(user)
+    userController.delete_user(user)
-    return "", NO_CONTENT
+    return no_content()
@UsersPlugin.blueprint.route("/users/<userid>", methods=["PUT"])
@ -224,7 +219,7 @@ def edit_user(userid, current_session):
    userController.modify_user(user, password, new_password)
    userController.update_user(user)
-    return "", NO_CONTENT
+    return no_content()
@UsersPlugin.blueprint.route("/notifications", methods=["GET"])
@ -238,7 +233,7 @@ def notifications(current_session):
@UsersPlugin.blueprint.route("/notifications/<nid>", methods=["DELETE"])
@login_required()
-def remove_notifications(nid, current_session):
+def remove_notification(nid, current_session):
    userController.delete_notification(nid, current_session.user_)
    return no_content()
--- a/flaschengeist/plugins/users/cli.py
+++ b/flaschengeist/plugins/users/cli.py
@ -0,0 +1,83 @@
 import click
 import sqlalchemy.exc
 from flask.cli import with_appcontext
 from werkzeug.exceptions import NotFound
 from flaschengeist.database import db
 from flaschengeist.controller import roleController, userController
 USER_KEY = f"{__name__}.user"
 def user(ctx, param, value):
    if not value or ctx.resilient_parsing:
        return
    click.echo("Adding new user")
    ctx.meta[USER_KEY] = {}
    try:
        ctx.meta[USER_KEY]["userid"] = click.prompt("userid", type=str)
        ctx.meta[USER_KEY]["firstname"] = click.prompt("firstname", type=str)
        ctx.meta[USER_KEY]["lastname"] = click.prompt("lastname", type=str)
        ctx.meta[USER_KEY]["display_name"] = click.prompt("displayed name", type=str, default="")
        ctx.meta[USER_KEY]["mail"] = click.prompt("mail", type=str, default="")
        ctx.meta[USER_KEY]["password"] = click.prompt("password", type=str, confirmation_prompt=True, hide_input=True)
        ctx.meta[USER_KEY] = {k: v for k, v in ctx.meta[USER_KEY].items() if v != ""}
    except click.Abort:
        click.echo("\n!!! User was not added, aborted.")
        del ctx.meta[USER_KEY]
@click.command()
@click.option("--create", help="Add new role", is_flag=True)
@click.option("--delete", help="Delete role", is_flag=True)
@click.option("--set-admin", is_flag=True, help="Make a role an admin role, adding all permissions", type=str)
@click.argument("role", nargs=-1, required=True, type=str)
 def role(create, delete, set_admin, role):
    """Manage roles"""
    ctx = click.get_current_context()
    if (create and delete) or (set_admin and delete):
        ctx.fail("Do not mix --delete with --create or --set-admin")
    for role_name in role:
        if create:
            r = roleController.create_role(role_name)
        else:
            r = roleController.get(role_name)
        if delete:
            roleController.delete(r)
        if set_admin:
            r.permissions = roleController.get_permissions()
            db.session.commit()
@click.command()
@click.option("--add-role", help="Add a role to an user", type=str)
@click.option("--create", help="Create new user interactivly", callback=user, is_flag=True, expose_value=False)
@click.option("--delete", help="Delete a user", is_flag=True)
@click.argument("user", nargs=-1, type=str)
@with_appcontext
 def user(add_role, delete, user):
    """Manage users"""
    from flaschengeist.database import db
    ctx = click.get_current_context()
    try:
        if USER_KEY in ctx.meta:
            userController.register(ctx.meta[USER_KEY], ctx.meta[USER_KEY]["password"])
        else:
            for uid in user:
                user = userController.get_user(uid)
                if delete:
                    userController.delete_user(user)
                elif add_role:
                    role = roleController.get(add_role)
                    user.roles_.append(role)
                    userController.modify_user(user, None)
                    db.session.commit()
    except NotFound:
        ctx.fail(f"User not found {uid}")
--- a/flaschengeist/utils/HTTP.py
+++ b/flaschengeist/utils/HTTP.py
@ -2,6 +2,24 @@ from http.client import NO_CONTENT, CREATED
 from flask import make_response, jsonify
 from flaschengeist.utils.datetime import from_iso_format
 def get_filter_args():
    """
    Get filter parameter from request
    returns: FROM, TO, LIMIT, OFFSET, DESCENDING
    """
    from flask import request
    return (
        request.args.get("from", type=from_iso_format),
        request.args.get("to", type=from_iso_format),
        request.args.get("limit", type=int),
        request.args.get("offset", type=int),
        "descending" in request.args,
    )
 def no_content():
    return make_response(jsonify(""), NO_CONTENT)
--- a/flaschengeist/utils/init.py
+++ b/flaschengeist/utils/init.py
@ -0,0 +1 @@
 """Common utilities"""
--- a/flaschengeist/utils/datetime.py
+++ b/flaschengeist/utils/datetime.py
@ -1,10 +1,4 @@
 import datetime
 import sys
 if sys.version_info < (3, 7):
    from backports.datetime_fromisoformat import MonkeyPatch
    MonkeyPatch.patch_fromisoformat()
 def from_iso_format(date_str):
--- a/flaschengeist/utils/decorators.py
+++ b/flaschengeist/utils/decorators.py
@ -14,7 +14,7 @@ def extract_session(permission=None):
        logger.debug("Missing Authorization header or ill-formed")
        raise Unauthorized
-    session = sessionController.validate_token(token, request.user_agent, permission)
+    session = sessionController.validate_token(token, request.headers, permission)
    return session
--- a/flaschengeist/utils/hook.py
+++ b/flaschengeist/utils/hook.py
@ -1,43 +1,81 @@
-_hook_dict = ({}, {})
+from functools import wraps
-class Hook(object):
+_hooks_before = {}
-    """Decorator for Hooks
+_hooks_after = {}
-    Use to decorate system hooks where plugins should be able to hook in
+
 def Hook(function=None, id=None):
    """Hook decorator
    Use to decorate functions as hooks, so plugins can hook up their custom functions.
    """
    # `id` passed as `arg` not `kwarg`
    if isinstance(function, str):
        return Hook(id=function)
    def decorator(function):
        @wraps(function)
        def wrapped(*args, **kwargs):
            _id = id if id is not None else function.__qualname__
            # Hooks before
            for f in _hooks_before.get(_id, []):
                f(*args, **kwargs)
            # Main function
            result = function(*args, **kwargs)
            # Hooks after
            for f in _hooks_after.get(_id, []):
                f(*args, hook_result=result, **kwargs)
            return result
        return wrapped
    # Called @Hook or we are in the second step
    if callable(function):
        return decorator(function)
    else:
        return decorator
 def HookBefore(id: str):
    """Decorator for functions to be called before a Hook-Function is called
    The hooked up function must accept the same arguments as the function hooked onto,
    as the functions are called with the same arguments.
    Hint: This enables you to modify the arguments!
    """
    if not id or not isinstance(id, str):
        raise TypeError("HookBefore requires the ID of the function to hook up")
    def wrapped(function):
        _hooks_before.setdefault(id, []).append(function)
        return function
    return wrapped
 def HookAfter(id: str):
    """Decorator for functions to be called after a Hook-Function is called
    As with the HookBefore, the hooked up function must accept the same
    arguments as the function hooked onto, but also receives a
    `hook_result` kwarg containing the result of the function.
    Example:
        ```py
        @HookAfter("some.id")
        def my_func(hook_result):
            # This function is executed after the function registered with "some.id"
            print(hook_result)  # This is the result of the function
        ```
    """
-    def __init__(self, function):
+    if not id or not isinstance(id, str):
-        self.function = function
+        raise TypeError("HookAfter requires the ID of the function to hook up")
-    def __call__(self, *args, **kwargs):
+    def wrapped(function):
-        # Hooks before
+        _hooks_after.setdefault(id, []).append(function)
        for function in _hook_dict[0].get(self.function.__name__, []):
            function(*args, **kwargs)
        # Main function
        ret = self.function(*args, **kwargs)
        # Hooks after
        for function in _hook_dict[1].get(self.function.__name__, []):
            function(*args, **kwargs)
        return ret
 class HookBefore(object):
    """Decorator for functions to be called before a Hook-Function is called"""
    def __init__(self, name):
        self.name = name
    def __call__(self, function):
        _hook_dict[0].setdefault(self.name, []).append(function)
        return function
-
+    return wrapped
 class HookAfter(object):
    """Decorator for functions to be called after a Hook-Function is called"""
    def __init__(self, name):
        self.name = name
    def __call__(self, function):
        _hook_dict[1].setdefault(self.name, []).append(function)
        return function
--- a/flaschengeist/utils/scheduler.py
+++ b/flaschengeist/utils/scheduler.py
@ -1,17 +0,0 @@
 from flask import current_app
 from flaschengeist.utils.HTTP import no_content
 _scheduled = set()
 def scheduled(func):
    _scheduled.add(func)
    return func
@current_app.route("/cron")
 def __run_scheduled():
    for function in _scheduled:
        function()
    return no_content()
--- a/pyproject.toml
+++ b/pyproject.toml
@ -0,0 +1,3 @@
 [build-system]
 requires = ["setuptools", "wheel"]
 build-backend = "setuptools.build_meta"
--- a/readme.md
+++ b/readme.md
@ -1,77 +0,0 @@
 # Flaschengeist
 This is the backend of the Flaschengeist.
 ## Installation
 ### Requirements
 - `mysql` or `mariadb`
    - maybe `libmariadb` development files[1]
 - python 3.7+
 [1] By default Flaschengeist uses mysql as database backend, if you are on Windows Flaschengeist uses `PyMySQL`, but on
 Linux / Mac the faster `mysqlclient` is used, if it is not already installed installing from pypi requires the
 development files for `libmariadb` to be present on your system.
 ### Install python files
    pip3 install --user .
 or with ldap support
    pip3 install --user ".[ldap]"
 or if you want to also run the tests:
    pip3 install --user ".[ldap,test]"
 You will also need a MySQL driver, recommended drivers are
 - `mysqlclient`
 - `PyMySQL`
 `setup.py` will try to install a matching driver.
 #### Windows
 Same as above, but if you want to use `mysqlclient` instead of `PyMySQL` (performance?) you have to follow this guide:
 https://www.radishlogic.com/coding/python-3/installing-mysqldb-for-python-3-in-windows/
 ### Configuration
 Configuration is done within the a `flaschengeist.toml`file, you can copy the one located inside the module path
 (where flaschegeist is installed) or create an empty one and place it inside either:
 1. `~/.config/`
 2. A custom path and set environment variable `FLASCHENGEIST_CONF`
 Uncomment and change at least all the database parameters!
 ### Database installation
 The user needs to have full permissions to the database.
 If not you need to create user and database manually do (or similar on Windows):
    (
        echo "CREATE DATABASE flaschengeist;"
        echo "CREATE USER 'flaschengeist'@'localhost' IDENTIFIED BY 'flaschengeist';"
        echo "GRANT ALL PRIVILEGES ON flaschengeist.* TO 'flaschengeist'@'localhost';"
        echo "FLUSH PRIVILEGES;"
    ) | sudo mysql
 Then you can install the database tables and initial entries:
    run_flaschengeist install
 ### Run
    run_flaschengeist run
 or with debug messages:
    run_flaschengeist run --debug
 This will run the backend on http://localhost:5000
 ## Tests
    $ pip install '.[test]'
    $ pytest
 Run with coverage report:
    $ coverage run -m pytest
    $ coverage report
 Or with html output (open `htmlcov/index.html` in a browser):
    $ coverage html
 ## Development
 Please refer to our [development wiki](https://flaschengeist.dev/Flaschengeist/flaschengeist/wiki/Development).
--- a/221
+++ b/221
@ -1,221 +0,0 @@
 #!/usr/bin/python3
 from __future__ import annotations  # TODO: Remove if python requirement is >= 3.10
 import inspect
 import argparse
 import sys
 import pkg_resources
 from flaschengeist.config import config
 class PrefixMiddleware(object):
    def __init__(self, app, prefix=""):
        self.app = app
        self.prefix = prefix
    def __call__(self, environ, start_response):
        if environ["PATH_INFO"].startswith(self.prefix):
            environ["PATH_INFO"] = environ["PATH_INFO"][len(self.prefix) :]
            environ["SCRIPT_NAME"] = self.prefix
            return self.app(environ, start_response)
        else:
            start_response("404", [("Content-Type", "text/plain")])
            return ["This url does not belong to the app.".encode()]
 class InterfaceGenerator:
    known = []
    classes = {}
    mapper = {
        "str": "string",
        "int": "number",
        "float": "number",
        "date": "Date",
        "datetime": "Date",
        "NoneType": "null",
        "bool": "boolean",
    }
    def __init__(self, namespace, filename):
        self.basename = ""
        self.namespace = namespace
        self.filename = filename
        self.this_type = None
    def pytype(self, cls):
        a = self._pytype(cls)
        print(f"{cls} -> {a}")
        return a
    def _pytype(self, cls):
        import typing
        origin = typing.get_origin(cls)
        arguments = typing.get_args(cls)
        if origin is typing.ForwardRef:  # isinstance(cls, typing.ForwardRef):
            return "", "this" if cls.__forward_arg__ == self.this_type else cls.__forward_arg__
        if origin is typing.Union:
            print(f"A1:  {arguments[1]}")
            if len(arguments) == 2 and arguments[1] is type(None):
                return "?", self.pytype(arguments[0])[1]
            else:
                return "", "|".join([self.pytype(pt)[1] for pt in arguments])
        if origin is list:
            return "", "Array<{}>".format("|".join([self.pytype(a_type)[1] for a_type in arguments]))
        name = cls.__name__ if hasattr(cls, "__name__") else cls if isinstance(cls, str) else None
        if name is not None:
            if name in self.mapper:
                return "", self.mapper[name]
            else:
                return "", name
        print(
            "WARNING: This python version might not detect all types (try >= 3.9). Could not identify >{}<".format(cls)
        )
        return "?", "any"
    def walker(self, module):
        if sys.version_info < (3, 9):
            raise RuntimeError("Python >= 3.9 is required to export API")
        import typing
        if (
            inspect.ismodule(module[1])
            and module[1].__name__.startswith(self.basename)
            and module[1].__name__ not in self.known
        ):
            self.known.append(module[1].__name__)
            for cls in inspect.getmembers(module[1], lambda x: inspect.isclass(x) or inspect.ismodule(x)):
                self.walker(cls)
        elif (
            inspect.isclass(module[1])
            and module[1].__module__.startswith(self.basename)
            and module[0] not in self.classes
            and not module[0].startswith("_")
            and hasattr(module[1], "__annotations__")
        ):
            self.this_type = module[0]
            print("\n\n" + module[0] + "\n")
            d = {}
            for param, ptype in typing.get_type_hints(module[1], globalns=None, localns=None).items():
                if not param.startswith("_") and not param.endswith("_"):
                    print(f"{param} ::: {ptype}")
                    d[param] = self.pytype(ptype)
            if len(d) == 1:
                key, value = d.popitem()
                self.classes[module[0]] = value[1]
            else:
                self.classes[module[0]] = d
    def run(self, models):
        self.basename = models.__name__
        self.walker(("models", models))
    def write(self):
        with open(self.filename, "w") as file:
            file.write("declare namespace {} {{\n".format(self.namespace))
            for cls, params in self.classes.items():
                if isinstance(params, str):
                    file.write("\ttype {} = {};\n".format(cls, params))
                else:
                    file.write("\tinterface {} {{\n".format(cls))
                    for name in params:
                        file.write("\t\t{}{}: {};\n".format(name, *params[name]))
                    file.write("\t}\n")
            file.write("}\n")
 def install(arguments):
    from flaschengeist.app import create_app, install_all
    app = create_app()
    with app.app_context():
        install_all()
 def run(arguments):
    from flaschengeist.app import create_app
    app = create_app()
    with app.app_context():
        app.wsgi_app = PrefixMiddleware(app.wsgi_app, prefix=config["FLASCHENGEIST"].get("root", ""))
        if arguments.debug:
            app.run(arguments.host, arguments.port, debug=True)
        else:
            app.run(arguments.host, arguments.port, debug=False)
 def export(arguments):
    import flaschengeist.models as models
    from flaschengeist.app import create_app
    app = create_app()
    with app.app_context():
        gen = InterfaceGenerator(arguments.namespace, arguments.file)
        if not arguments.no_core:
            gen.run(models)
        if arguments.plugins is not None:
            for entry_point in pkg_resources.iter_entry_points("flaschengeist.plugin"):
                if len(arguments.plugins) == 0 or entry_point.name in arguments.plugins:
                    plg = entry_point.load()
                    if hasattr(plg, "models") and plg.models is not None:
                        gen.run(plg.models)
        gen.write()
 def ldap_sync(arguments):
    from flaschengeist.app import create_app
    from flaschengeist.controller import userController
    from flaschengeist.plugins.auth_ldap import AuthLDAP
    from ldap3 import SUBTREE
    app = create_app()
    with app.app_context():
        auth_ldap: AuthLDAP = app.config.get("FG_PLUGINS").get("auth_ldap")
        if auth_ldap:
            conn = auth_ldap.ldap.connection
            if not conn:
                conn = auth_ldap.ldap.connect(auth_ldap.root_dn, auth_ldap.root_secret)
            conn.search(auth_ldap.search_dn, "(uid=*)", SUBTREE, attributes=["uid", "givenName", "sn", "mail"])
            ldap_users_response = conn.response
            for ldap_user in ldap_users_response:
                uid = ldap_user["attributes"]["uid"][0]
                userController.find_user(uid)
            exit()
        raise Exception("auth_ldap not found")
 if __name__ == "__main__":
    # create the top-level parser
    parser = argparse.ArgumentParser()
    subparsers = parser.add_subparsers(help="sub-command help", dest="sub_command")
    subparsers.required = True
    parser_run = subparsers.add_parser("run", help="run flaschengeist")
    parser_run.set_defaults(func=run)
    parser_run.add_argument("--host", help="set hostname to listen on", default="127.0.0.1")
    parser_run.add_argument("--port", help="set port to listen on", type=int, default=5000)
    parser_run.add_argument("--debug", help="run in debug mode", action="store_true")
    parser_install = subparsers.add_parser(
        "install", help="run database setup for flaschengeist and all installed plugins"
    )
    parser_install.set_defaults(func=install)
    parser_export = subparsers.add_parser("export", help="export models to typescript interfaces")
    parser_export.set_defaults(func=export)
    parser_export.add_argument("--file", help="Filename where to save", default="flaschengeist.d.ts")
    parser_export.add_argument("--namespace", help="Namespace of declarations", default="FG")
    parser_export.add_argument(
        "--no-core",
        help="Do not export core declarations (only useful in conjunction with --plugins)",
        action="store_true",
    )
    parser_export.add_argument("--plugins", help="Also export plugins (none means all)", nargs="*")
    parser_ldap_sync = subparsers.add_parser("ldap_sync", help="synch ldap-users with database")
    parser_ldap_sync.set_defaults(func=ldap_sync)
    args = parser.parse_args()
    args.func(args)
--- a/setup.cfg
+++ b/setup.cfg
@ -17,6 +17,54 @@ classifiers =
    License :: OSI Approved :: MIT License
    Operating System :: OS Independent
 [options]
 include_package_data = True
 python_requires = >=3.10
 packages = find:
 install_requires =
    Flask>=2.2.2
    Pillow>=9.2
    flask_cors
    flask_migrate>=3.1.0
    flask_sqlalchemy>=2.5.1
    sqlalchemy_utils>=0.38.3
    # Importlib requirement can be dropped when python requirement is >= 3.10
    importlib_metadata>=4.3
    sqlalchemy>=1.4.40, <2.0
    toml
    werkzeug>=2.2.2
 [options.extras_require]
 argon = argon2-cffi
 ldap = flask_ldapconn; ldap3
 tests = pytest; pytest-depends; coverage
 mysql =
    PyMySQL;platform_system=='Windows'
    mysqlclient;platform_system!='Windows'
 [options.package_data]
 * = *.toml, script.py.mako
 [options.entry_points]
 console_scripts =
    flaschengeist = flaschengeist.cli:main
 flask.commands =
    ldap = flaschengeist.plugins.auth_ldap.cli:ldap
    user = flaschengeist.plugins.users.cli:user
    role = flaschengeist.plugins.users.cli:role
 flaschengeist.plugins =
    # Authentication providers
    auth_plain = flaschengeist.plugins.auth_plain:AuthPlain
    auth_ldap = flaschengeist.plugins.auth_ldap:AuthLDAP [ldap]
    # Route providers (and misc)
    auth = flaschengeist.plugins.auth:AuthRoutePlugin
    users = flaschengeist.plugins.users:UsersPlugin
    roles = flaschengeist.plugins.roles:RolesPlugin
    balance = flaschengeist.plugins.balance:BalancePlugin
    mail = flaschengeist.plugins.message_mail:MailMessagePlugin
    pricelist = flaschengeist.plugins.pricelist:PriceListPlugin
    scheduler = flaschengeist.plugins.scheduler:SchedulerPlugin
 [bdist_wheel]
 universal = True
--- a/setup.py
+++ b/setup.py
@ -1,77 +0,0 @@
 from setuptools import setup, find_packages, Command
 import subprocess
 import os
 mysql_driver = "PyMySQL" if os.name == "nt" else "mysqlclient"
 class DocsCommand(Command):
    description = "Generate and export API documentation using pdoc3"
    user_options = [
        # The format is (long option, short option, description).
        ("output=", "o", "Documentation output path"),
    ]
    def initialize_options(self):
        self.output = "./docs"
    def finalize_options(self):
        pass
    def run(self):
        """Run command."""
        command = [
            "python",
            "-m",
            "pdoc",
            "--skip-errors",
            "--html",
            "--output-dir",
            self.output,
            "flaschengeist",
        ]
        self.announce(
            "Running command: %s" % str(command),
        )
        subprocess.check_call(command)
 setup(
    packages=find_packages(),
    package_data={"": ["*.toml"]},
    scripts=["run_flaschengeist"],
    python_requires=">=3.7",
    install_requires=[
        "Flask >= 2.0",
        "toml",
        "sqlalchemy>=1.4.26",
        "flask_sqlalchemy>=2.5",
        "flask_cors",
        "Pillow>=8.4.0",
        "werkzeug",
        mysql_driver,
    ],
    extras_require={
        "ldap": ["flask_ldapconn", "ldap3"],
        "argon": ["argon2-cffi"],
        "test": ["pytest", "coverage"],
    },
    entry_points={
        "flaschengeist.plugin": [
            # Authentication providers
            "auth_plain = flaschengeist.plugins.auth_plain:AuthPlain",
            "auth_ldap = flaschengeist.plugins.auth_ldap:AuthLDAP [ldap]",
            # Route providers (and misc)
            "auth = flaschengeist.plugins.auth:AuthRoutePlugin",
            "users = flaschengeist.plugins.users:UsersPlugin",
            "roles = flaschengeist.plugins.roles:RolesPlugin",
            "balance = flaschengeist.plugins.balance:BalancePlugin",
            "events = flaschengeist.plugins.events:EventPlugin",
            "mail = flaschengeist.plugins.message_mail:MailMessagePlugin",
            "pricelist = flaschengeist.plugins.pricelist:PriceListPlugin",
        ],
    },
    cmdclass={
        "docs": DocsCommand,
    },
 )
--- a/tests/conftest.py
+++ b/tests/conftest.py
@ -3,8 +3,7 @@ import tempfile
 import pytest
 from flaschengeist import database
-from flaschengeist.app import create_app, install_all
+from flaschengeist.app import create_app
 # read in SQL for populating test data
 with open(os.path.join(os.path.dirname(__file__), "data.sql"), "r") as f:
@ -25,12 +24,14 @@ def app():
    app = create_app(
        {
            "TESTING": True,
-            "DATABASE": {"file_path": f"/{db_path}"},
+            "DATABASE": {"engine": "sqlite", "database": f"/{db_path}"},
            "LOGGING": {"level": "DEBUG"},
        }
    )
    with app.app_context():
-        install_all()
+        database.db.create_all()
        database.db.session.commit()
        engine = database.db.engine
        with engine.connect() as connection:
            for statement in _data_sql:
--- a/tests/data.sql
+++ b/tests/data.sql
@ -1,4 +1,8 @@
-INSERT INTO user ('userid', 'firstname', 'lastname', 'mail', 'id') VALUES ('user', 'Max', 'Mustermann', 'abc@def.gh', 1);
+INSERT INTO "user" ('userid', 'firstname', 'lastname', 'mail', 'deleted', 'id') VALUES ('user', 'Max', 'Mustermann', 'abc@def.gh', 0, 1);
 INSERT INTO "user" ('userid', 'firstname', 'lastname', 'mail', 'deleted', 'id') VALUES ('deleted_user', 'John', 'Doe', 'doe@example.com', 1, 2);
 -- Password = 1234
 INSERT INTO user_attribute VALUES(1,1,'password',X'800495c4000000000000008cc0373731346161336536623932613830366664353038656631323932623134393936393561386463353536623037363761323037623238346264623833313265323333373066376233663462643332666332653766303537333564366335393133366463366234356539633865613835643661643435343931376636626663343163653333643635646530386634396231323061316236386162613164373663663333306564306463303737303733336136353363393538396536343266393865942e');
-INSERT INTO session ('expires', 'token', 'lifetime', 'id', 'user_id') VALUES ('2999-01-01 00:00:00', 'f4ecbe14be3527ca998143a49200e294', 600, 1, 1);
+INSERT INTO session ('expires', 'token', 'lifetime', 'id', 'user_id') VALUES ('2999-01-01 00:00:00', 'f4ecbe14be3527ca998143a49200e294', 600, 1, 1);
 -- ROLES
 INSERT INTO role ('name', 'id') VALUES ('role_1', 1);
 INSERT INTO permission ('name', 'id') VALUES ('permission_1', 1);
--- a/tests/test_auth.py
+++ b/tests/test_auth.py
@ -15,9 +15,9 @@ def test_login(client):
    # Login successful
    assert result.status_code == 201
    # User set correctly
-    assert json["user"]["userid"] == USERID
+    assert json["userid"] == USERID
    # Token works
-    assert client.get("/auth", headers={"Authorization": f"Bearer {json['session']['token']}"}).status_code == 200
+    assert client.get("/auth", headers={"Authorization": f"Bearer {json['token']}"}).status_code == 200
 def test_login_decorator(client):
--- a/tests/test_events.py
+++ b/tests/test_events.py
@ -1,17 +0,0 @@
 import pytest
 from werkzeug.exceptions import BadRequest
 import flaschengeist.plugins.events.event_controller as event_controller
 from flaschengeist.plugins.events.models import EventType
 VALID_TOKEN = "f4ecbe14be3527ca998143a49200e294"
 EVENT_TYPE_NAME = "Test Type"
 def test_create_event_type(app):
    with app.app_context():
        type = event_controller.create_event_type(EVENT_TYPE_NAME)
        assert isinstance(type, EventType)
        with pytest.raises(BadRequest):
            event_controller.create_event_type(EVENT_TYPE_NAME)
--- a/tests/test_users.py
+++ b/tests/test_users.py
@ -0,0 +1,52 @@
 import pytest
 from werkzeug.exceptions import BadRequest, NotFound
 from flaschengeist.controller import roleController, userController
 from flaschengeist.models.user import User
 VALID_TOKEN = "f4ecbe14be3527ca998143a49200e294"
 def test_get_user(app):
    with app.app_context():
        user = userController.get_user("user")
        assert user is not None and isinstance(user, User)
        assert user.userid == "user"
        user = userController.get_user("deleted_user", deleted=True)
        assert user is not None and isinstance(user, User)
        assert user.userid == "deleted_user"
        with pytest.raises(NotFound):
            user = userController.get_user("__does_not_exist__")
        with pytest.raises(NotFound):
            user = userController.get_user("__does_not_exist__", deleted=True)
        with pytest.raises(NotFound):
            user = userController.get_user("deleted_user")
 def test_set_roles(app):
    with app.app_context():
        user = userController.get_user("user")
        userController.set_roles(user, [])
        assert user.roles_ == []
        userController.set_roles(user, ["role_1"])
        assert len(user.roles_) == 1 and user.roles_[0].id == 1
        # Test unknown role + no create flag -> raise no changes
        with pytest.raises(BadRequest):
            userController.set_roles(user, ["__custom__"])
        assert len(user.roles_) == 1
        userController.set_roles(user, ["__custom__"], create=True)
        assert len(user.roles_) == 1 and user.roles_[0].name == "__custom__"
        assert roleController.get("__custom__").id == user.roles_[0].id
        userController.set_roles(user, ["__custom__"], create=True)
        assert len(user.roles_) == 1
        userController.set_roles(user, ["__custom__", "role_1"])
        assert len(user.roles_) == 2
        userController.set_roles(user, [])
        assert len(user.roles_) == 0
Author	SHA1	Message	Date
Tim Gröger	cfbb557539	Merge pull request 'feature/migrations, closes #19' (#20 ) from feature/migrations into develop Reviewed-on: #20	2023-03-02 05:37:09 +00:00
Tim Gröger	ba93345a09	feat(users) fix cli if user get role, that provider is updatet too	2023-02-18 15:48:53 +01:00
Tim Gröger	d475f3f8e2	feat(ldap) fix login on ldap	2023-02-18 15:11:42 +01:00
Tim Gröger	a50ba403fc	feat(ldap) fix sync from ldap	2023-02-17 20:40:27 +01:00
Tim Gröger	e0acb80f5d	feat(plugin) fix get right instance auf auth_provider	2023-02-17 17:52:20 +01:00
Tim Gröger	c5436f22fa	feat(ldap) fix get right config	2023-02-17 16:40:54 +01:00
Tim Gröger	7796f45097	feat(db) fix get plugins if no database exists	2023-02-17 15:30:05 +01:00
Tim Gröger	8a656c3c89	Merge branch 'develop' into feature/migrations	2023-02-17 13:15:32 +01:00
Tim Gröger	8a5380d888	update sqlalchmy version. not higher than 2.0	2023-02-17 12:46:27 +01:00
Ferdinand Thiessen	9f729bda6c	[plugins] Fix `auth_ldap`, `balance`, and `pricelist` compatibility Signed-off-by: Ferdinand Thiessen <rpm@fthiessen.de>	2022-08-26 17:05:03 +02:00
Ferdinand Thiessen	9e8117e554	[plugins] Fix scheduler accessing database while unbound from session Signed-off-by: Ferdinand Thiessen <rpm@fthiessen.de>	2022-08-25 18:45:01 +02:00
Ferdinand Thiessen	88a4dc24f2	[db] Fix automatic migration upgrade for plugins and core Signed-off-by: Ferdinand Thiessen <rpm@fthiessen.de>	2022-08-25 18:44:21 +02:00
Ferdinand Thiessen	0698327ef5	[core][deps] Use sqlalchemy_utils instead of copy-paste code for merging references This fixes issues when using SQLite Signed-off-by: Ferdinand Thiessen <rpm@fthiessen.de>	2022-08-25 17:07:12 +02:00
Ferdinand Thiessen	aa8f8f6e64	[core][plugin] Allow blueprints to be set on instance level This ensures blueprints are read from the plugin instance instead of the class, allowing custom routes to be added within the `load()` function. Signed-off-by: Ferdinand Thiessen <rpm@fthiessen.de>	2022-08-25 17:05:04 +02:00
Ferdinand Thiessen	6ad8cd1728	[cli] Users and roles can be now managed using the cli Signed-off-by: Ferdinand Thiessen <rpm@fthiessen.de>	2022-08-25 17:04:22 +02:00
Ferdinand Thiessen	e2254b71b0	[core][plugin] Unify plugin model and real plugins Plugins are now extensions of the database model, allowing plugins to access all their properties. Signed-off-by: Ferdinand Thiessen <rpm@fthiessen.de>	2022-08-25 15:39:05 +02:00
Ferdinand Thiessen	973b4527df	[core] UA parsing: Add backwards compatibility for platform names Signed-off-by: Ferdinand Thiessen <rpm@fthiessen.de>	2022-08-25 14:55:49 +02:00
Ferdinand Thiessen	4248825af0	Revert future imports for annotations, PEP563 is still defered Signed-off-by: Ferdinand Thiessen <rpm@fthiessen.de>	2022-08-25 12:06:59 +02:00
Ferdinand Thiessen	e22e38b304	Implement custom UA parsing, allowing to update Flask and Werkzeug Signed-off-by: Ferdinand Thiessen <rpm@fthiessen.de>	2022-08-22 17:18:03 +02:00
Ferdinand Thiessen	ee38e46c12	[core] Cleanup + Fix loading migrations of (dis)abled plugins Signed-off-by: Ferdinand Thiessen <rpm@fthiessen.de>	2022-08-18 22:59:19 +02:00
Ferdinand Thiessen	d3530cc15f	The enabled state of plugins is now loaded from database rather than config file Signed-off-by: Ferdinand Thiessen <rpm@fthiessen.de>	2022-08-18 21:22:47 +02:00
Ferdinand Thiessen	e41be21c47	Restructure models and database import paths Signed-off-by: Ferdinand Thiessen <rpm@fthiessen.de>	2022-08-18 19:53:58 +02:00
Ferdinand Thiessen	7f8aa80b0e	Update dependencies and increase python version to 3.10 Drop future imports, not needed with python 3.10 Signed-off-by: Ferdinand Thiessen <rpm@fthiessen.de>	2022-08-18 19:45:54 +02:00
Ferdinand Thiessen	dc2b949225	[cli] Fix exporting of plugin interfaces Signed-off-by: Ferdinand Thiessen <rpm@fthiessen.de>	2022-07-31 19:28:11 +02:00
Ferdinand Thiessen	fa503fe142	[cli] Added install command to install the database and all plugins Signed-off-by: Ferdinand Thiessen <rpm@fthiessen.de>	2022-07-31 19:07:40 +02:00
Ferdinand Thiessen	f1d6b6a2f2	[plugins][cli] Fix initial migration file + Make sure plugin permissions are installed Signed-off-by: Ferdinand Thiessen <rpm@fthiessen.de>	2022-07-31 19:07:32 +02:00
Ferdinand Thiessen	573bea2da0	feat(cli): Added CLI command for handling plugins ci/woodpecker/push/lint Pipeline was successful Details ci/woodpecker/push/test Pipeline was successful Details ci/woodpecker/pr/lint Pipeline was successful Details ci/woodpecker/pr/test Pipeline was successful Details * Install / Uninstall plugins * List plugins	2022-03-08 17:22:55 +01:00
Ferdinand Thiessen	4fbd20f78e	feat(docs): Add documentation on how to install tables Also various documentation fixed and improvments	2022-03-08 17:22:55 +01:00
Ferdinand Thiessen	6a35137a27	feat(db): Add database migration support, implements #19 Migrations allow us to keep track of database changes and upgrading databases if needed. * Add initial migrations for core Flaschengeist * Add migrations to balance * Add migrations to pricelist * Skip plugins with not satisfied dependencies.	2022-03-08 17:22:55 +01:00
Ferdinand Thiessen	bf02c0e21f	fix(db): Add __repr__ to custom column types, same as done by SQLAlchemy	2022-03-08 17:22:55 +01:00
Tim Gröger	e09d563e93	Merge pull request 'feat(plugins): Load metadata from entry points / distribution' (#24 ) from proposal/metadata2 into develop ci/woodpecker/push/lint Pipeline was successful Details ci/woodpecker/push/test Pipeline was successful Details Reviewed-on: #24	2022-03-08 08:13:52 +00:00
Ferdinand Thiessen	2d4c8ebfd9	fix(plugins): Fix functions using id instead of name property ci/woodpecker/push/lint Pipeline was successful Details ci/woodpecker/push/test Pipeline was successful Details ci/woodpecker/pr/lint Pipeline was successful Details ci/woodpecker/pr/test Pipeline was successful Details	2022-03-07 14:36:31 +01:00
Ferdinand Thiessen	6f35e17fba	feat(plugins): Load metadata from entry points / distribution ci/woodpecker/push/lint Pipeline was successful Details ci/woodpecker/push/test Pipeline was successful Details ci/woodpecker/pr/lint Pipeline was successful Details ci/woodpecker/pr/test Pipeline was successful Details	2022-02-23 15:20:31 +01:00
Ferdinand Thiessen	2f4472e708	feat(docs): Added more documentation on plugins ci/woodpecker/push/lint Pipeline was successful Details ci/woodpecker/push/test Pipeline was successful Details	2022-02-23 15:19:45 +01:00
Ferdinand Thiessen	e510c54bd8	chore(clean): Fix codestyle of config.py ci/woodpecker/push/lint Pipeline was successful Details ci/woodpecker/push/test Pipeline was successful Details	2022-02-22 11:11:23 +01:00
Ferdinand Thiessen	c5db932065	chore(clean): Drop `_module_path` from flaschengeist	2022-02-21 22:24:33 +01:00
Ferdinand Thiessen	1484d678ce	feat(security): Enforce secret key for flask application.	2022-02-21 21:03:15 +01:00
Ferdinand Thiessen	e82d830410	fix(app): Fix import_name for flask application	2022-02-21 21:02:45 +01:00
Ferdinand Thiessen	760ee9fe36	fix(cli): Fix logging when setting verbosity on the cli	2022-02-21 21:02:15 +01:00
Ferdinand Thiessen	90999bbefb	chore(core): Seperated logic from the plugin code, reduces imports	2022-02-13 14:31:55 +01:00
Ferdinand Thiessen	fb50ed05be	deps: Require at lease python 3.9, fixes #22 continuous-integration/woodpecker the build was successful Details	2021-12-26 15:44:04 +01:00
Ferdinand Thiessen	54a789b772	fix(docs): PIP 21.0+ is required, some minor improvements	2021-12-26 15:42:31 +01:00
Ferdinand Thiessen	a6cbc002f6	fix(cli): InterfaceGenerator now works even without a namespace defined continuous-integration/woodpecker the build failed Details	2021-12-23 02:48:28 +01:00
Ferdinand Thiessen	34ee95c66a	feat(cli): Split CLI commands into seperate files	2021-12-23 02:48:02 +01:00
Ferdinand Thiessen	9bcba9c7f9	fix(users): Fix import error inside `set_roles` continuous-integration/woodpecker the build failed Details	2021-12-22 00:37:52 +01:00
Ferdinand Thiessen	016ed7739a	fix(db): Fix Serial column type for SQLite continuous-integration/woodpecker the build failed Details	2021-12-22 00:36:41 +01:00
Ferdinand Thiessen	702b894f75	feat(tests): Added first unit test for the user controller continuous-integration/woodpecker the build failed Details	2021-12-22 00:34:32 +01:00
Ferdinand Thiessen	519eac8f25	feat(ci): Added pipeline for tests continuous-integration/woodpecker the build failed Details Add all supported, meaning by flaschengeist, python versions. Use slim image of python instead of alpine, because Pillow does not provide any wheels for musllibc	2021-12-22 00:29:33 +01:00
Ferdinand Thiessen	aaec6b43ae	tests: Fix tests for current backend	2021-12-21 22:56:03 +01:00
Ferdinand Thiessen	9b42d2b5b7	fix(docs): Rename README continuous-integration/woodpecker the build failed Details	2021-12-20 00:56:16 +01:00
Ferdinand Thiessen	22fbb526bb	fix(balance): Replace deprecated sqlalchemy functions continuous-integration/woodpecker the build failed Details	2021-12-19 19:01:48 +01:00
Ferdinand Thiessen	d9be9430db	docs(misc): Some more documentation fixes	2021-12-19 19:01:27 +01:00
Ferdinand Thiessen	4df7f1cc01	docs(plugins): Some more documentation on the plugin class	2021-12-19 18:58:57 +01:00
Ferdinand Thiessen	b8ac6eb462	fix(users): Readd `create` flag on set_roles continuous-integration/woodpecker the build failed Details	2021-12-19 13:06:36 +01:00
Ferdinand Thiessen	25ba4d21aa	feat(balance): Add option to allow active services to debit other users continuous-integration/woodpecker the build was successful Details	2021-12-18 04:23:53 +01:00
Ferdinand Thiessen	e1f919bd20	feat(scheduler): Add function to add scheduled tasks programmatically	2021-12-18 04:19:57 +01:00
Ferdinand Thiessen	691345cf40	fix(roles): Minor fix in set_permissions	2021-12-18 04:19:07 +01:00
Ferdinand Thiessen	1db3391826	fix(roles): Minor documentation + typings	2021-12-18 03:04:37 +01:00
Ferdinand Thiessen	2df5a61ff3	fix(cli): Fix logging level not set on run	2021-12-18 03:03:41 +01:00
Ferdinand Thiessen	b8f086b4dd	fix(app): Add AuthPlugin to FG_PLUGINS	2021-12-18 02:15:53 +01:00
Ferdinand Thiessen	ab093c04bd	fix(cli): Defaul logging level should be WARNING continuous-integration/woodpecker the build was successful Details	2021-12-18 02:12:19 +01:00
Ferdinand Thiessen	ee839ce6a3	fix(auth_plain): Fix post_install hook	2021-12-18 02:12:00 +01:00
Ferdinand Thiessen	f507cd483d	fix(docs): Fix script name in documentation	2021-12-18 02:00:46 +01:00
Ferdinand Thiessen	bd371dfcf2	fix(users): Register: validate `mail`, handle duplicated `userid`, only send password mail if `mail` was set continuous-integration/woodpecker the build was successful Details	2021-12-18 01:56:52 +01:00
Ferdinand Thiessen	9f6aa38925	fix(users): Reduce amount of SELECT queries in set_roles	2021-12-18 01:55:24 +01:00
Ferdinand Thiessen	ec7bf39666	fix(roles): Map IntegrityError to BadRequest as this is an client error, no server error.	2021-12-18 01:51:38 +01:00
Ferdinand Thiessen	0a3da51b92	fix(logging): console logger should default to stderr	2021-12-18 01:50:03 +01:00
Ferdinand Thiessen	ceba819ca7	fix(db): User.userid should be unique	2021-12-18 01:49:17 +01:00
Ferdinand Thiessen	a3ccd6cea1	feat(db): Use named database constraints	2021-12-18 01:48:12 +01:00
Ferdinand Thiessen	53ed2d9d1a	chore(package): Only use setup.cfg, drop setup.py	2021-12-18 01:46:35 +01:00
Ferdinand Thiessen	ece6893675	feat(cli): Ported CLI to use native click / flask cli	2021-12-18 01:44:06 +01:00
Ferdinand Thiessen	38ebaf0e79	feat(hooks): Some more work on the hooks functions	2021-12-17 14:27:27 +01:00
Ferdinand Thiessen	cfac55efe0	fix(app): Add some more debugging	2021-12-17 12:21:53 +01:00
Ferdinand Thiessen	1b80e39648	feat(ci): Added woodpecker CI continuous-integration/woodpecker the build was successful Details	2021-12-14 15:36:08 +01:00
Tim Gröger	dc9f70983b	fix sync ldap	2021-12-07 20:48:33 +01:00
Tim Gröger	d8db0aae3a	fix sync with ldap	2021-12-07 18:35:05 +01:00
Ferdinand Thiessen	348adefb7c	feat(scheduler): Scheduler is now a plugin Scheduler allows to schedule tasks, like cron does, but requires special configuration.	2021-12-06 23:48:05 +01:00
Ferdinand Thiessen	dca52b764c	fix(plugins): Setting a plugin setting to None removes that setting	2021-12-06 23:44:41 +01:00
Ferdinand Thiessen	f6c229d2ef	feat(core): Selected authentification plugin is always enabled	2021-12-06 23:44:07 +01:00
Ferdinand Thiessen	653c1c584c	fix(cli): Set env variable for debug	2021-12-06 15:32:11 +01:00
Ferdinand Thiessen	d8192679e5	chore(cleanup): Drop stuff for unsupported python versions	2021-12-06 15:30:39 +01:00
Ferdinand Thiessen	239faac7dd	fix(plugin): Only active users can and should be notified	2021-12-05 22:56:34 +01:00
Ferdinand Thiessen	5819a0637f	fix(models): Notification.plugin should be bigger to support FQN as value	2021-12-05 22:56:05 +01:00
Ferdinand Thiessen	5b3f63cd0a	fix(roles): Return conflict if role should be deleted but is still in use	2021-12-05 20:50:57 +01:00
Ferdinand Thiessen	bac75ca582	fix(users): Fix query for active users	2021-12-03 13:13:48 +01:00
Ferdinand Thiessen	47400f02e9	feat(users): Add deleted attribute to users. This allows us to filter out deleted users which could not be deleted and had to be soft-deleted. Meaning: users which still had foreign keys on the database, from e.g. disabled plugins.	2021-12-03 12:52:45 +01:00
Tim Gröger	f9d9494a36	[fix] add empty install function for userController, fix wrong indention	2021-12-03 09:49:34 +01:00
Ferdinand Thiessen	d0674e8876	fix(users): Fix deleting users Remove all internal references, e.g. sessions, attributes, password reset requests. Add hook for plugins. If not deletable remove at least all personal data	2021-12-02 21:27:59 +01:00
Ferdinand Thiessen	50fa39be4f	feat(users): Add some more relationships to model	2021-12-02 18:28:32 +01:00
Ferdinand Thiessen	593b8546a2	fix(roles): Ignore name if it did not change	2021-12-01 15:31:48 +01:00
Ferdinand Thiessen	e4a10028b7	fix(users): Update hook needs to check existence of display_name as well	2021-12-01 15:19:29 +01:00
Ferdinand Thiessen	45d15b4f88	docs(config): Add some database default values	2021-12-01 15:18:36 +01:00
Ferdinand Thiessen	0ce52de8cd	feat(plugins) Plugins use native Image objects as default avatar, but can still implement their own stuff.	2021-11-29 18:15:21 +01:00
Ferdinand Thiessen	06caec86e7	fix(users) Display name should be created when user is created	2021-11-29 11:33:23 +01:00
Ferdinand Thiessen	b94319c38f	chore(plugins) Split of events plugin	2021-11-28 22:29:12 +01:00
Ferdinand Thiessen	60ba8d4799	fix(core) Fix entry point name	2021-11-28 22:27:20 +01:00
Ferdinand Thiessen	50632eb333	feat(cli) Allow assigning all permissions to one group from cli	2021-11-28 22:23:34 +01:00
Ferdinand Thiessen	2b93404dc0	[core] Add CORS headers	2021-11-28 14:23:08 +01:00
Ferdinand Thiessen	a479d0c0ee	[models] Add __str__ function for all serialized models (for debug)	2021-11-27 03:05:05 +01:00
Tim Gröger	d2ef02c2af	[balance] add correct notification	2021-11-27 00:36:28 +01:00
Tim Gröger	079fbafb97	Merge pull request 'feature/events' (#18 ) from feature/events into develop Reviewed-on: #18	2021-11-25 17:00:40 +00:00
Ferdinand Thiessen	e626239d84	[cleanup] Minor pep8 cleanup	2021-11-25 15:50:12 +01:00
Ferdinand Thiessen	aa64c769ef	[events] Implemented API endpoint for jobs of the current user	2021-11-25 15:50:12 +01:00
Ferdinand Thiessen	1c091311de	[events] Use new pagination responses, drop unused api endpoint	2021-11-25 15:50:12 +01:00
Ferdinand Thiessen	1609d8ae29	[utils] Add util to get pagination filter args from request	2021-11-25 15:50:12 +01:00
ferfissimo	41f625aabc	Merge pull request 'feature/pricelist add server pagination for balance' (#17 ) from feature/pricelist into develop Reviewed-on: #17	2021-11-25 11:22:50 +00:00
Tim Gröger	c3468eea03	[balance] revert user ssp for pull-request	2021-11-25 12:20:43 +01:00
Tim Gröger	2634181d5e	[balance] add serverside pagination	2021-11-25 12:20:43 +01:00
Tim Gröger	25b174b1c2	[auth_ldap] fix add displayName when create	2021-11-25 12:20:26 +01:00
Ferdinand Thiessen	b4086108e4	[events] Can invite, accept and reject invitations	2021-11-24 21:49:14 +01:00
Tim Gröger	eb04d305ab	[auth_ldap] fix add displayName when create	2021-11-22 15:38:33 +01:00
Ferdinand Thiessen	471258c886	[events] Default jobs to unlocked state	2021-11-22 15:33:18 +01:00
Ferdinand Thiessen	7cac708309	[clean] PEP8 cleanup	2021-11-22 15:31:53 +01:00
ferfissimo	9b935541b0	Merge pull request 'feature/balance add server side pagination for get balances' (#16 ) from feature/balance into develop Reviewed-on: #16	2021-11-22 14:30:41 +00:00
		`@ -0,0 +1 @@`
							`"""Basic controllers for interaction with the Flaschengeist core"""`