test commit

[fix][scheduler] status of scheduler task now saved again
update to version 2.2.0
2024-10-22 07:22:11 +02:00 · 2024-10-15 13:37:23 +02:00 · 2024-10-15 08:30:03 +02:00 · 2024-10-15 08:26:16 +02:00 · 2024-10-15 07:27:29 +02:00 · 2024-10-14 06:24:19 +02:00
17 changed files with 316 additions and 1673 deletions
--- a/flaschengeist/alembic/migrations/49118ea16b56_add_name_and_description_to_api_key.py
+++ b/flaschengeist/alembic/migrations/49118ea16b56_add_name_and_description_to_api_key.py
@ -0,0 +1,37 @@
 """add name and description to api_key
 Revision ID: 49118ea16b56
 Revises: f9aa4cafa982
 Create Date: 2024-10-14 08:15:16.348090
 """
 import sqlalchemy as sa
 from alembic import op
 import flaschengeist
 # revision identifiers, used by Alembic.
 revision = "49118ea16b56"
 down_revision = "f9aa4cafa982"
 branch_labels = None
 depends_on = None
 def upgrade():
    # ### commands auto generated by Alembic - please adjust! ###
    with op.batch_alter_table("api_key", schema=None) as batch_op:
        batch_op.add_column(sa.Column("name", sa.String(length=32), nullable=True))
        batch_op.add_column(sa.Column("description", sa.String(length=255), nullable=True))
    # ### end Alembic commands ###
 def downgrade():
    # ### commands auto generated by Alembic - please adjust! ###
    with op.batch_alter_table("api_key", schema=None) as batch_op:
        batch_op.drop_column("description")
        batch_op.drop_column("name")
    # ### end Alembic commands ###
--- a/flaschengeist/alembic/migrations/f9aa4cafa982_add_apikeys.py
+++ b/flaschengeist/alembic/migrations/f9aa4cafa982_add_apikeys.py
@ -0,0 +1,41 @@
 """Add APIKeys
 Revision ID: f9aa4cafa982
 Revises: 20482a003db8
 Create Date: 2024-10-11 13:04:21.877288
 """
 import sqlalchemy as sa
 from alembic import op
 import flaschengeist
 # revision identifiers, used by Alembic.
 revision = "f9aa4cafa982"
 down_revision = "20482a003db8"
 branch_labels = ()
 depends_on = None
 def upgrade():
    # ### commands auto generated by Alembic - please adjust! ###
    op.create_table(
        "api_key",
        sa.Column("expires", flaschengeist.database.types.UtcDateTime(), nullable=True),
        sa.Column("token", sa.String(length=32), nullable=True),
        sa.Column("lifetime", sa.Integer(), nullable=True),
        sa.Column("id", flaschengeist.database.types.Serial(), nullable=False),
        sa.Column("user_id", flaschengeist.database.types.Serial(), nullable=True),
        sa.ForeignKeyConstraint(["user_id"], ["user.id"], name=op.f("fk_api_key_user_id_user")),
        sa.PrimaryKeyConstraint("id", name=op.f("pk_api_key")),
        sa.UniqueConstraint("token", name=op.f("uq_api_key_token")),
    )
    # ### end Alembic commands ###
 def downgrade():
    # ### commands auto generated by Alembic - please adjust! ###
    op.drop_table("api_key")
    # ### end Alembic commands ###
--- a/flaschengeist/controller/apiKeyController.py
+++ b/flaschengeist/controller/apiKeyController.py
@ -0,0 +1,79 @@
 import secrets
 from werkzeug.exceptions import Unauthorized
 from .. import logger
 from ..database import db
 from ..models import ApiKey
 def validate_api_key(api_key, permission):
    """Verify api key
    Verify a ApiKey so if the User has permission or not.
    Retrieves the access token if valid else retrieves False
    Args:
        api_key: ApiKey to verify
        permission: Permission needed to access restricted routes
    Returns:
        A ApiKey for this given Token
    Raises:
        Unauthorized: If api key is invalid
        Forbidden: If permission is insufficient
    """
    logger.debug("check api_key {{ {} }} is valid".format(api_key))
    api_key = ApiKey.query.filter_by(_token=api_key).one_or_none()
    if api_key:
        logger.debug("api_key found")
        if not permission or api_key.user_.has_permission(permission):
            return api_key
        else:
            raise Forbidden
    logger.debug("no valid api key with api_key: {{ {} }} and permission: {{ {} }}".format(api_key, permission))
    raise Unauthorized
 def create(user, name, description=None) -> ApiKey:
    """Create a ApiKey
    Args:
        user: For which User is to create a ApiKey
    Returns:
        A ApiKey for this given User
    """
    logger.debug("create api key token")
    token_str = secrets.token_hex(16)
    logger.debug("create api_key for user {{ {} }}".format(user))
    api_key = ApiKey(_user_id=user.id_, name=name, description=description, _token=token_str)
    db.session.add(api_key)
    db.session.commit()
    api_key.token = api_key._token
    return api_key
 def get_users_api_keys(user) -> list[ApiKey]:
    """Get all ApiKeys for a User
    Args:
        user: For which User is to get all ApiKeys
    Returns:
        List of ApiKeys for this given User
    """
    return ApiKey.query.filter(ApiKey._user_id == user.id_).all()
 def delete_api_key(api_key):
    """Delete a ApiKey
    Args:
        api_key: ApiKey to delete
    """
    logger.debug(f"delete api_key {{ {api_key} }} {{ {type(api_key)} }}")
    if isinstance(api_key, int):
        api_key = ApiKey.query.get(api_key)
    logger.debug("delete api_key {{ {} }}".format(api_key.token))
    db.session.delete(api_key)
    db.session.commit()
--- a/flaschengeist/controller/sessionController.py
+++ b/flaschengeist/controller/sessionController.py
@ -1,13 +1,12 @@
 import secrets
 from datetime import datetime, timezone
-from werkzeug.exceptions import Forbidden, Unauthorized
+
 from ua_parser import user_agent_parser
 from werkzeug.exceptions import Forbidden, Unauthorized
 from .. import logger
 from ..models import Session
 from ..database import db
-
+from ..models import Session
 lifetime = 1800
@ -72,7 +71,7 @@ def create(user, request_headers=None) -> Session:
    logger.debug(f"platform: {user_agent['os']['family']}, browser: {user_agent['user_agent']['family']}")
    session = Session(
        token=token_str,
-        user_=user,
+        _user_id=user.id_,
        lifetime=lifetime,
        platform=user_agent["os"]["family"],
        browser=user_agent["user_agent"]["family"],
--- a/flaschengeist/models/init.py
+++ b/flaschengeist/models/init.py
@ -1,5 +1,6 @@
 from .api_key import *
 from .image import *
 from .notification import *
 from .plugin import *
 from .session import *
 from .user import *
 from .plugin import *
 from .notification import *
 from .image import *
--- a/flaschengeist/models/api_key.py
+++ b/flaschengeist/models/api_key.py
@ -0,0 +1,52 @@
 from __future__ import \
    annotations  # TODO: Remove if python requirement is >= 3.12 (? PEP 563 is defered)
 from datetime import datetime, timedelta, timezone
 from secrets import compare_digest
 from typing import Union
 from .. import logger
 from ..database import db
 from ..database.types import ModelSerializeMixin, Serial, UtcDateTime
 class ApiKey(db.Model, ModelSerializeMixin):
    """Model for a Session
    Args:
        expires: Is a Datetime from current Time.
        user:   Is an User.
        token:  String to verify access later.
    """
    __allow_unmapped__ = True
    __tablename__ = "api_key"
    expires: datetime = db.Column(UtcDateTime, nullable=True)
    _token: str = db.Column("token", db.String(32), unique=True)
    name: str = db.Column(db.String(32))
    description: str = db.Column(db.String(255), nullable=True)
    lifetime: int = db.Column(db.Integer, nullable=True)
    userid: str = ""
    id: int = db.Column("id", Serial, primary_key=True)
    _user_id = db.Column("user_id", Serial, db.ForeignKey("user.id"))
    user_: User = db.relationship("User", back_populates="api_keys_")
    token: Union[str, None] = None
    @property
    def userid(self):
        return self.user_.userid
    def refresh(self):
        """Update the Timestamp
        Update the Timestamp to the current Time.
        """
        logger.debug("update timestamp from session with token {{ {} }}".format(self._token))
        self.expires = datetime.now(timezone.utc) + timedelta(seconds=self.lifetime)
    def __eq__(self, token):
        if isinstance(token, str):
            return compare_digest(self._token, token)
        else:
            return super(Session, self).__eq__(token)
--- a/flaschengeist/models/plugin.py
+++ b/flaschengeist/models/plugin.py
@ -1,6 +1,7 @@
 from __future__ import annotations  # TODO: Remove if python requirement is >= 3.12 (? PEP 563 is defered)
-from typing import Any, List, Dict
+from typing import Any, Dict, List
 from sqlalchemy.orm.collections import attribute_mapped_collection
 from ..database import db
@ -68,7 +69,10 @@ class BasePlugin(db.Model):
            value: Value to be stored
        """
        if value is None and name in self.__settings.keys():
-            del self.__settings[name]
+            pl = self.__settings[name]
            db.session.delete(pl)
        else:
            setting = self.__settings.setdefault(name, PluginSetting(plugin_id=self.id, name=name, value=None))
            setting.value = value
            db.session.add(setting)
            db.session.commit()
--- a/flaschengeist/models/user.py
+++ b/flaschengeist/models/user.py
@ -1,13 +1,13 @@
-from __future__ import (
+from __future__ import \
-    annotations,
+    annotations  # TODO: Remove if python requirement is >= 3.12 (? PEP 563 is defered)
 )  # TODO: Remove if python requirement is >= 3.12 (? PEP 563 is defered)
 from typing import Optional, Union, List
 from datetime import date, datetime
 from typing import List, Optional, Union
 from sqlalchemy.orm.collections import attribute_mapped_collection
 from ..database import db
-from ..database.types import ModelSerializeMixin, UtcDateTime, Serial
+from ..database.types import ModelSerializeMixin, Serial, UtcDateTime
 association_table = db.Table(
    "user_x_role",
@ -71,6 +71,7 @@ class User(db.Model, ModelSerializeMixin):
    id_ = db.Column("id", Serial, primary_key=True)
    roles_: List[Role] = db.relationship("Role", secondary=association_table, cascade="save-update, merge")
    sessions_: List[Session] = db.relationship("Session", back_populates="user_", cascade="all, delete, delete-orphan")
    api_keys_: List[ApiKey] = db.relationship("ApiKey", back_populates="user_", cascade="all, delete, delete-orphan")
    avatar_: Optional[Image] = db.relationship("Image", cascade="all, delete, delete-orphan", single_parent=True)
    reset_requests_: List["_PasswordReset"] = db.relationship("_PasswordReset", cascade="all, delete, delete-orphan")
--- a/flaschengeist/plugins/pricelist/init.py
+++ b/flaschengeist/plugins/pricelist/init.py
@ -1,753 +0,0 @@
 """Pricelist plugin"""
 from flask import Blueprint, jsonify, request
 from werkzeug.exceptions import BadRequest, Forbidden, NotFound, Unauthorized
 from flaschengeist import logger
 from flaschengeist.controller import userController
 from flaschengeist.controller.imageController import send_image, send_thumbnail
 from flaschengeist.plugins import Plugin
 from flaschengeist.utils.decorators import login_required, extract_session
 from flaschengeist.utils.HTTP import no_content
 from . import models
 from . import pricelist_controller, permissions
 class PriceListPlugin(Plugin):
    models = models
    blueprint = Blueprint("pricelist", __name__, url_prefix="/pricelist")
    def install(self):
        self.install_permissions(permissions.permissions)
    def load(self):
        config = {"discount": 0}
        config.update(config)
@PriceListPlugin.blueprint.route("/drink-types", methods=["GET"])
@PriceListPlugin.blueprint.route("/drink-types/<int:identifier>", methods=["GET"])
 def get_drink_types(identifier=None):
    """Get DrinkType(s)
    Route: ``/pricelist/drink-types`` | Method: ``GET``
    Route: ``/pricelist/drink-types/<identifier>`` | Method: ``GET``
    Args:
        identifier: If querying a spicific DrinkType
    Returns:
        JSON encoded (list of) DrinkType(s) or HTTP-error
    """
    if identifier is None:
        result = pricelist_controller.get_drink_types()
    else:
        result = pricelist_controller.get_drink_type(identifier)
    return jsonify(result)
@PriceListPlugin.blueprint.route("/drink-types", methods=["POST"])
@login_required(permission=permissions.CREATE_TYPE)
 def new_drink_type(current_session):
    """Create new DrinkType
    Route ``/pricelist/drink-types`` | Method: ``POST``
    POST-data: ``{name: string}``
    Args:
        current_session: Session sent with Authorization Header
    Returns:
        JSON encoded DrinkType or HTTP-error
    """
    data = request.get_json()
    if "name" not in data:
        raise BadRequest
    drink_type = pricelist_controller.create_drink_type(data["name"])
    return jsonify(drink_type)
@PriceListPlugin.blueprint.route("/drink-types/<int:identifier>", methods=["PUT"])
@login_required(permission=permissions.EDIT_TYPE)
 def update_drink_type(identifier, current_session):
    """Modify DrinkType
    Route ``/pricelist/drink-types/<identifier>`` | METHOD ``PUT``
    POST-data: ``{name: string}``
    Args:
        identifier: Identifier of DrinkType
        current_session: Session sent with Authorization Header
    Returns:
        JSON encoded DrinkType or HTTP-error
    """
    data = request.get_json()
    if "name" not in data:
        raise BadRequest
    drink_type = pricelist_controller.rename_drink_type(identifier, data["name"])
    return jsonify(drink_type)
@PriceListPlugin.blueprint.route("/drink-types/<int:identifier>", methods=["DELETE"])
@login_required(permission=permissions.DELETE_TYPE)
 def delete_drink_type(identifier, current_session):
    """Delete DrinkType
    Route: ``/pricelist/drink-types/<identifier>`` | Method: ``DELETE``
    Args:
        identifier: Identifier of DrinkType
        current_session: Session sent with Authorization Header
    Returns:
        HTTP-NoContent or HTTP-error
    """
    pricelist_controller.delete_drink_type(identifier)
    return no_content()
@PriceListPlugin.blueprint.route("/tags", methods=["GET"])
@PriceListPlugin.blueprint.route("/tags/<int:identifier>", methods=["GET"])
 def get_tags(identifier=None):
    """Get Tag(s)
    Route: ``/pricelist/tags`` | Method: ``GET``
    Route: ``/pricelist/tags/<identifier>`` | Method: ``GET``
    Args:
        identifier: Identifier of Tag
    Returns:
        JSON encoded (list of) Tag(s) or HTTP-error
    """
    if identifier:
        result = pricelist_controller.get_tag(identifier)
    else:
        result = pricelist_controller.get_tags()
    return jsonify(result)
@PriceListPlugin.blueprint.route("/tags", methods=["POST"])
@login_required(permission=permissions.CREATE_TAG)
 def new_tag(current_session):
    """Create Tag
    Route: ``/pricelist/tags`` | Method: ``POST``
    POST-data: ``{name: string, color: string}``
    Args:
        current_session: Session sent with Authorization Header
    Returns:
        JSON encoded Tag or HTTP-error
    """
    data = request.get_json()
    drink_type = pricelist_controller.create_tag(data)
    return jsonify(drink_type)
@PriceListPlugin.blueprint.route("/tags/<int:identifier>", methods=["PUT"])
@login_required(permission=permissions.EDIT_TAG)
 def update_tag(identifier, current_session):
    """Modify Tag
    Route: ``/pricelist/tags/<identifier>`` | Methods: ``PUT``
    POST-data: ``{name: string, color: string}``
    Args:
        identifier: Identifier of Tag
        current_session: Session sent with Authorization Header
    Returns:
        JSON encoded Tag or HTTP-error
    """
    data = request.get_json()
    tag = pricelist_controller.update_tag(identifier, data)
    return jsonify(tag)
@PriceListPlugin.blueprint.route("/tags/<int:identifier>", methods=["DELETE"])
@login_required(permission=permissions.DELETE_TAG)
 def delete_tag(identifier, current_session):
    """Delete Tag
    Route: ``/pricelist/tags/<identifier>`` | Methods: ``DELETE``
    Args:
        identifier: Identifier of Tag
        current_session: Session sent with Authorization Header
    Returns:
        HTTP-NoContent or HTTP-error
    """
    pricelist_controller.delete_tag(identifier)
    return no_content()
@PriceListPlugin.blueprint.route("/drinks", methods=["GET"])
@PriceListPlugin.blueprint.route("/drinks/<int:identifier>", methods=["GET"])
 def get_drinks(identifier=None):
    """Get Drink(s)
    Route: ``/pricelist/drinks`` | Method: ``GET``
    Route: ``/pricelist/drinks/<identifier>`` | Method: ``GET``
    Args:
        identifier: Identifier of Drink
    Returns:
        JSON encoded (list of) Drink(s) or HTTP-error
    """
    public = True
    try:
        extract_session()
        public = False
    except Unauthorized:
        public = True
    if identifier:
        result = pricelist_controller.get_drink(identifier, public=public)
        return jsonify(result)
    else:
        limit = request.args.get("limit")
        offset = request.args.get("offset")
        search_name = request.args.get("search_name")
        search_key = request.args.get("search_key")
        ingredient = request.args.get("ingredient", type=bool)
        receipt = request.args.get("receipt", type=bool)
        try:
            if limit is not None:
                limit = int(limit)
            if offset is not None:
                offset = int(offset)
            if ingredient is not None:
                ingredient = bool(ingredient)
            if receipt is not None:
                receipt = bool(receipt)
        except ValueError:
            raise BadRequest
        drinks, count = pricelist_controller.get_drinks(
            public=public,
            limit=limit,
            offset=offset,
            search_name=search_name,
            search_key=search_key,
            ingredient=ingredient,
            receipt=receipt,
        )
    mop = drinks.copy()
    logger.debug(f"GET drink {drinks}, {count}")
    # return jsonify({"drinks": drinks, "count": count})
    return jsonify({"drinks": drinks, "count": count})
@PriceListPlugin.blueprint.route("/list", methods=["GET"])
 def get_pricelist():
    """Get Priclist
    Route: ``/pricelist/list`` | Method: ``GET``
    Returns:
        JSON encoded list of DrinkPrices or HTTP-KeyError
    """
    public = True
    try:
        extract_session()
        public = False
    except Unauthorized:
        public = True
    limit = request.args.get("limit")
    offset = request.args.get("offset")
    search_name = request.args.get("search_name")
    search_key = request.args.get("search_key")
    ingredient = request.args.get("ingredient", type=bool)
    receipt = request.args.get("receipt", type=bool)
    descending = request.args.get("descending", type=bool)
    sortBy = request.args.get("sortBy")
    try:
        if limit is not None:
            limit = int(limit)
        if offset is not None:
            offset = int(offset)
        if ingredient is not None:
            ingredient = bool(ingredient)
        if receipt is not None:
            receipt = bool(receipt)
        if descending is not None:
            descending = bool(descending)
    except ValueError:
        raise BadRequest
    pricelist, count = pricelist_controller.get_pricelist(
        public=public,
        limit=limit,
        offset=offset,
        search_name=search_name,
        search_key=search_key,
        descending=descending,
        sortBy=sortBy,
    )
    logger.debug(f"GET pricelist {pricelist}, {count}")
    return jsonify({"pricelist": pricelist, "count": count})
@PriceListPlugin.blueprint.route("/drinks/search/<string:name>", methods=["GET"])
 def search_drinks(name):
    """Search Drink
    Route: ``/pricelist/drinks/search/<name>`` | Method: ``GET``
    Args:
        name: Name to search
    Returns:
        JSON encoded list of Drinks or HTTP-error
    """
    public = True
    try:
        extract_session()
        public = False
    except Unauthorized:
        public = True
    return jsonify(pricelist_controller.get_drinks(name, public=public))
@PriceListPlugin.blueprint.route("/drinks", methods=["POST"])
@login_required(permission=permissions.CREATE)
 def create_drink(current_session):
    """Create Drink
        Route: ``/pricelist/drinks`` | Method: ``POST``
        POST-data :
    ``{
        article_id?: string
        cost_per_package?: float,
        cost_per_volume?: float,
        name: string,
        package_size?: number,
        receipt?: list[string],
        tags?: list[Tag],
        type: DrinkType,
        uuid?: string,
        volume?: float,
        volumes?: list[
            {
                ingredients?: list[{
                    id: int
                    drink_ingredient?: {
                        ingredient_id: int,
                        volume: float
                    },
                    extra_ingredient?: {
                        id: number,
                    }
                }],
                prices?: list[
                    {
                        price: float
                        public: boolean
                    }
                ],
                volume: float
            }
        ]
    }``
        Args:
            current_session: Session sent with Authorization Header
        Returns:
            JSON encoded Drink or HTTP-error
    """
    data = request.get_json()
    return jsonify(pricelist_controller.set_drink(data))
@PriceListPlugin.blueprint.route("/drinks/<int:identifier>", methods=["PUT"])
@login_required(permission=permissions.EDIT)
 def update_drink(identifier, current_session):
    """Modify Drink
        Route: ``/pricelist/drinks/<identifier>`` | Method: ``PUT``
        POST-data :
    ``{
        article_id?: string
        cost_per_package?: float,
        cost_per_volume?: float,
        name: string,
        package_size?: number,
        receipt?: list[string],
        tags?: list[Tag],
        type: DrinkType,
        uuid?: string,
        volume?: float,
        volumes?: list[
            {
                ingredients?: list[{
                    id: int
                    drink_ingredient?: {
                        ingredient_id: int,
                        volume: float
                    },
                    extra_ingredient?: {
                        id: number,
                    }
                }],
                prices?: list[
                    {
                        price: float
                        public: boolean
                    }
                ],
                volume: float
            }
        ]
    }``
        Args:
            identifier: Identifier of Drink
            current_session: Session sent with Authorization Header
        Returns:
            JSON encoded Drink or HTTP-error
    """
    data = request.get_json()
    logger.debug(f"update drink {data}")
    return jsonify(pricelist_controller.update_drink(identifier, data))
@PriceListPlugin.blueprint.route("/drinks/<int:identifier>", methods=["DELETE"])
@login_required(permission=permissions.DELETE)
 def delete_drink(identifier, current_session):
    """Delete Drink
    Route: ``/pricelist/drinks/<identifier>`` | Method: ``DELETE``
    Args:
        identifier: Identifier of Drink
        current_session: Session sent with Authorization Header
    Returns:
        HTTP-NoContent or HTTP-error
    """
    pricelist_controller.delete_drink(identifier)
    return no_content()
@PriceListPlugin.blueprint.route("/prices/<int:identifier>", methods=["DELETE"])
@login_required(permission=permissions.DELETE_PRICE)
 def delete_price(identifier, current_session):
    """Delete Price
    Route: ``/pricelist/prices/<identifier>`` | Methods: ``DELETE``
    Args:
        identifier: Identiefer of Price
        current_session: Session sent with Authorization Header
    Returns:
        HTTP-NoContent or HTTP-error
    """
    pricelist_controller.delete_price(identifier)
    return no_content()
@PriceListPlugin.blueprint.route("/volumes/<int:identifier>", methods=["DELETE"])
@login_required(permission=permissions.DELETE_VOLUME)
 def delete_volume(identifier, current_session):
    """Delete DrinkPriceVolume
    Route: ``/pricelist/volumes/<identifier>`` | Method: ``DELETE``
    Args:
        identifier: Identifier of DrinkPriceVolume
        current_session: Session sent with Authorization Header
    Returns:
        HTTP-NoContent or HTTP-error
    """
    pricelist_controller.delete_volume(identifier)
    return no_content()
@PriceListPlugin.blueprint.route("/ingredients/extraIngredients", methods=["GET"])
@login_required()
 def get_extra_ingredients(current_session):
    """Get ExtraIngredients
    Route: ``/pricelist/ingredients/extraIngredients`` | Method: ``GET``
    Args:
        current_session: Session sent with Authorization Header
    Returns:
        JSON encoded list of ExtraIngredients or HTTP-error
    """
    return jsonify(pricelist_controller.get_extra_ingredients())
@PriceListPlugin.blueprint.route("/ingredients/<int:identifier>", methods=["DELETE"])
@login_required(permission=permissions.DELETE_INGREDIENTS_DRINK)
 def delete_ingredient(identifier, current_session):
    """Delete Ingredient
    Route: ``/pricelist/ingredients/<identifier>`` | Method: ``DELETE``
    Args:
        identifier: Identifier of Ingredient
        current_session: Session sent with Authorization Header
    Returns:
        HTTP-NoContent or HTTP-error
    """
    pricelist_controller.delete_ingredient(identifier)
    return no_content()
@PriceListPlugin.blueprint.route("/ingredients/extraIngredients", methods=["POST"])
@login_required(permission=permissions.EDIT_INGREDIENTS)
 def set_extra_ingredient(current_session):
    """Create ExtraIngredient
    Route: ``/pricelist/ingredients/extraIngredients`` | Method: ``POST``
    POST-data: ``{ name: string, price: float }``
    Args:
        current_session: Session sent with Authorization Header
    Returns:
        JSON encoded ExtraIngredient or HTTP-error
    """
    data = request.get_json()
    return jsonify(pricelist_controller.set_extra_ingredient(data))
@PriceListPlugin.blueprint.route("/ingredients/extraIngredients/<int:identifier>", methods=["PUT"])
@login_required(permission=permissions.EDIT_INGREDIENTS)
 def update_extra_ingredient(identifier, current_session):
    """Modify ExtraIngredient
    Route: ``/pricelist/ingredients/extraIngredients`` | Method: ``PUT``
    POST-data: ``{ name: string, price: float }``
    Args:
        identifier: Identifier of ExtraIngredient
        current_session: Session sent with Authorization Header
    Returns:
        JSON encoded ExtraIngredient or HTTP-error
    """
    data = request.get_json()
    return jsonify(pricelist_controller.update_extra_ingredient(identifier, data))
@PriceListPlugin.blueprint.route("/ingredients/extraIngredients/<int:identifier>", methods=["DELETE"])
@login_required(permission=permissions.DELETE_INGREDIENTS)
 def delete_extra_ingredient(identifier, current_session):
    """Delete ExtraIngredient
    Route: ``/pricelist/ingredients/extraIngredients`` | Method: ``DELETE``
    Args:
        identifier: Identifier of ExtraIngredient
        current_session: Session sent with Authorization Header
    Returns:
        HTTP-NoContent or HTTP-error
    """
    pricelist_controller.delete_extra_ingredient(identifier)
    return no_content()
@PriceListPlugin.blueprint.route("/settings/min_prices", methods=["GET"])
@login_required()
 def get_pricelist_settings_min_prices(current_session):
    """Get MinPrices
    Route: ``/pricelist/settings/min_prices`` | Method: ``GET``
    Args:
        current_session: Session sent with Authorization Header
    Returns:
        JSON encoded list of MinPrices
    """
    # TODO: Handle if no prices are set!
    try:
        min_prices = PriceListPlugin.plugin.get_setting("min_prices")
    except KeyError:
        min_prices = []
    return jsonify(min_prices)
@PriceListPlugin.blueprint.route("/settings/min_prices", methods=["POST"])
@login_required(permission=permissions.EDIT_MIN_PRICES)
 def post_pricelist_settings_min_prices(current_session):
    """Create MinPrices
    Route: ``/pricelist/settings/min_prices`` | Method: ``POST``
    POST-data: ``list[int]``
    Args:
        current_session: Session sent with Authorization Header
    Returns:
        HTTP-NoContent or HTTP-error
    """
    data = request.get_json()
    if not isinstance(data, list) or not all(isinstance(n, int) for n in data):
        raise BadRequest
    data.sort()
    PriceListPlugin.plugin.set_setting("min_prices", data)
    return no_content()
@PriceListPlugin.blueprint.route("/users/<userid>/pricecalc_columns", methods=["GET", "PUT"])
@login_required()
 def get_columns(userid, current_session):
    """Get pricecalc_columns of an user
    Route: ``/users/<userid>/pricelist/pricecac_columns`` | Method: ``GET`` or ``PUT``
    POST-data: On ``PUT`` json encoded array of floats
    Args:
        userid: Userid identifying the user
        current_session: Session sent with Authorization Header
    Returns:
        GET: JSON object containing the shortcuts as float array or HTTP error
        PUT: HTTP-created or HTTP error
    """
    if userid != current_session.user_.userid:
        raise Forbidden
    user = userController.get_user(userid)
    if request.method == "GET":
        return jsonify(user.get_attribute("pricecalc_columns", []))
    else:
        data = request.get_json()
        if not isinstance(data, list) or not all(isinstance(n, str) for n in data):
            raise BadRequest
        data.sort(reverse=True)
        user.set_attribute("pricecalc_columns", data)
        userController.persist()
        return no_content()
@PriceListPlugin.blueprint.route("/users/<userid>/pricecalc_columns_order", methods=["GET", "PUT"])
@login_required()
 def get_columns_order(userid, current_session):
    """Get pricecalc_columns_order of an user
    Route: ``/users/<userid>/pricelist/pricecac_columns_order`` | Method: ``GET`` or ``PUT``
    POST-data: On ``PUT`` json encoded array of floats
    Args:
        userid: Userid identifying the user
        current_session: Session sent with Authorization Header
    Returns:
        GET: JSON object containing the shortcuts as object array or HTTP error
        PUT: HTTP-created or HTTP error
    """
    if userid != current_session.user_.userid:
        raise Forbidden
    user = userController.get_user(userid)
    if request.method == "GET":
        return jsonify(user.get_attribute("pricecalc_columns_order", []))
    else:
        data = request.get_json()
        if not isinstance(data, list) or not all(isinstance(n, str) for mop in data for n in mop.values()):
            raise BadRequest
        user.set_attribute("pricecalc_columns_order", data)
        userController.persist()
        return no_content()
@PriceListPlugin.blueprint.route("/users/<userid>/pricelist", methods=["GET", "PUT"])
@login_required()
 def get_priclist_setting(userid, current_session):
    """Get pricelistsetting of an user
    Route: ``/pricelist/user/<userid>/pricelist`` | Method: ``GET`` or ``PUT``
    POST-data: on ``PUT`` ``{value: boolean}``
    Args:
        userid: Userid identifying the user
        current_session: Session sent wth Authorization Header
    Returns:
        GET: JSON object containing the value as boolean or HTTP-error
        PUT: HTTP-NoContent or HTTP-error
    """
    if userid != current_session.user_.userid:
        raise Forbidden
    user = userController.get_user(userid)
    if request.method == "GET":
        return jsonify(user.get_attribute("pricelist_view", {"value": False}))
    else:
        data = request.get_json()
        if not isinstance(data, dict) or not "value" in data or not isinstance(data["value"], bool):
            raise BadRequest
        user.set_attribute("pricelist_view", data)
        userController.persist()
        return no_content()
@PriceListPlugin.blueprint.route("/drinks/<int:identifier>/picture", methods=["POST", "DELETE"])
@login_required(permission=permissions.EDIT)
 def set_picture(identifier, current_session):
    """Get, Create, Delete Drink Picture
    Route: ``/pricelist/<identifier>/picture`` | Method: ``GET,POST,DELETE``
    POST-data: (if remaining) ``Form-Data: mime: 'image/*'``
    Args:
        identifier: Identifier of Drink
        current_session: Session sent with Authorization
    Returns:
        Picture or HTTP-error
    """
    if request.method == "DELETE":
        pricelist_controller.delete_drink_picture(identifier)
        return no_content()
    file = request.files.get("file")
    if file:
        return jsonify(pricelist_controller.save_drink_picture(identifier, file))
    else:
        raise BadRequest
@PriceListPlugin.blueprint.route("/drinks/<int:identifier>/picture", methods=["GET"])
 # @headers({"Cache-Control": "private, must-revalidate"})
 def _get_picture(identifier):
    """Get Picture
    Args:
        identifier: Identifier of Drink
    Returns:
        Picture or HTTP-error
    """
    drink = pricelist_controller.get_drink(identifier)
    if drink.has_image:
        if request.args.get("thumbnail"):
            return send_thumbnail(image=drink.image_)
        return send_image(image=drink.image_)
    raise NotFound
--- a/flaschengeist/plugins/pricelist/migrations/58ab9b6a8839_pricelist_initial.py
+++ b/flaschengeist/plugins/pricelist/migrations/58ab9b6a8839_pricelist_initial.py
@ -1,141 +0,0 @@
 """pricelist: initial
 Revision ID: 58ab9b6a8839
 Revises: 
 Create Date: 2022-02-23 14:45:30.563647
 """
 from alembic import op
 import sqlalchemy as sa
 import flaschengeist
 # revision identifiers, used by Alembic.
 revision = "58ab9b6a8839"
 down_revision = None
 branch_labels = ("pricelist",)
 depends_on = "flaschengeist"
 def upgrade():
    # ### commands auto generated by Alembic - please adjust! ###
    op.create_table(
        "drink_extra_ingredient",
        sa.Column("id", flaschengeist.models.Serial(), nullable=False),
        sa.Column("name", sa.String(length=30), nullable=False),
        sa.Column("price", sa.Numeric(precision=5, scale=2, asdecimal=False), nullable=True),
        sa.PrimaryKeyConstraint("id", name=op.f("pk_drink_extra_ingredient")),
        sa.UniqueConstraint("name", name=op.f("uq_drink_extra_ingredient_name")),
    )
    op.create_table(
        "drink_tag",
        sa.Column("id", flaschengeist.models.Serial(), nullable=False),
        sa.Column("name", sa.String(length=30), nullable=False),
        sa.Column("color", sa.String(length=7), nullable=False),
        sa.PrimaryKeyConstraint("id", name=op.f("pk_drink_tag")),
        sa.UniqueConstraint("name", name=op.f("uq_drink_tag_name")),
    )
    op.create_table(
        "drink_type",
        sa.Column("id", flaschengeist.models.Serial(), nullable=False),
        sa.Column("name", sa.String(length=30), nullable=False),
        sa.PrimaryKeyConstraint("id", name=op.f("pk_drink_type")),
        sa.UniqueConstraint("name", name=op.f("uq_drink_type_name")),
    )
    op.create_table(
        "drink",
        sa.Column("id", flaschengeist.models.Serial(), nullable=False),
        sa.Column("article_id", sa.String(length=64), nullable=True),
        sa.Column("package_size", sa.Integer(), nullable=True),
        sa.Column("name", sa.String(length=60), nullable=False),
        sa.Column("volume", sa.Numeric(precision=5, scale=2, asdecimal=False), nullable=True),
        sa.Column("cost_per_volume", sa.Numeric(precision=5, scale=3, asdecimal=False), nullable=True),
        sa.Column("cost_per_package", sa.Numeric(precision=5, scale=3, asdecimal=False), nullable=True),
        sa.Column("receipt", sa.PickleType(), nullable=True),
        sa.Column("type_id", flaschengeist.models.Serial(), nullable=True),
        sa.Column("image_id", flaschengeist.models.Serial(), nullable=True),
        sa.ForeignKeyConstraint(["image_id"], ["image.id"], name=op.f("fk_drink_image_id_image")),
        sa.ForeignKeyConstraint(["type_id"], ["drink_type.id"], name=op.f("fk_drink_type_id_drink_type")),
        sa.PrimaryKeyConstraint("id", name=op.f("pk_drink")),
    )
    op.create_table(
        "drink_ingredient",
        sa.Column("id", flaschengeist.models.Serial(), nullable=False),
        sa.Column("volume", sa.Numeric(precision=5, scale=2, asdecimal=False), nullable=False),
        sa.Column("ingredient_id", flaschengeist.models.Serial(), nullable=True),
        sa.ForeignKeyConstraint(["ingredient_id"], ["drink.id"], name=op.f("fk_drink_ingredient_ingredient_id_drink")),
        sa.PrimaryKeyConstraint("id", name=op.f("pk_drink_ingredient")),
    )
    op.create_table(
        "drink_price_volume",
        sa.Column("id", flaschengeist.models.Serial(), nullable=False),
        sa.Column("drink_id", flaschengeist.models.Serial(), nullable=True),
        sa.Column("volume", sa.Numeric(precision=5, scale=2, asdecimal=False), nullable=True),
        sa.ForeignKeyConstraint(["drink_id"], ["drink.id"], name=op.f("fk_drink_price_volume_drink_id_drink")),
        sa.PrimaryKeyConstraint("id", name=op.f("pk_drink_price_volume")),
    )
    op.create_table(
        "drink_x_tag",
        sa.Column("drink_id", flaschengeist.models.Serial(), nullable=True),
        sa.Column("tag_id", flaschengeist.models.Serial(), nullable=True),
        sa.ForeignKeyConstraint(["drink_id"], ["drink.id"], name=op.f("fk_drink_x_tag_drink_id_drink")),
        sa.ForeignKeyConstraint(["tag_id"], ["drink_tag.id"], name=op.f("fk_drink_x_tag_tag_id_drink_tag")),
    )
    op.create_table(
        "drink_x_type",
        sa.Column("drink_id", flaschengeist.models.Serial(), nullable=True),
        sa.Column("type_id", flaschengeist.models.Serial(), nullable=True),
        sa.ForeignKeyConstraint(["drink_id"], ["drink.id"], name=op.f("fk_drink_x_type_drink_id_drink")),
        sa.ForeignKeyConstraint(["type_id"], ["drink_type.id"], name=op.f("fk_drink_x_type_type_id_drink_type")),
    )
    op.create_table(
        "drink_ingredient_association",
        sa.Column("id", flaschengeist.models.Serial(), nullable=False),
        sa.Column("volume_id", flaschengeist.models.Serial(), nullable=True),
        sa.Column("_drink_ingredient_id", flaschengeist.models.Serial(), nullable=True),
        sa.Column("_extra_ingredient_id", flaschengeist.models.Serial(), nullable=True),
        sa.ForeignKeyConstraint(
            ["_drink_ingredient_id"],
            ["drink_ingredient.id"],
            name=op.f("fk_drink_ingredient_association__drink_ingredient_id_drink_ingredient"),
        ),
        sa.ForeignKeyConstraint(
            ["_extra_ingredient_id"],
            ["drink_extra_ingredient.id"],
            name=op.f("fk_drink_ingredient_association__extra_ingredient_id_drink_extra_ingredient"),
        ),
        sa.ForeignKeyConstraint(
            ["volume_id"],
            ["drink_price_volume.id"],
            name=op.f("fk_drink_ingredient_association_volume_id_drink_price_volume"),
        ),
        sa.PrimaryKeyConstraint("id", name=op.f("pk_drink_ingredient_association")),
    )
    op.create_table(
        "drink_price",
        sa.Column("id", flaschengeist.models.Serial(), nullable=False),
        sa.Column("price", sa.Numeric(precision=5, scale=2, asdecimal=False), nullable=True),
        sa.Column("volume_id", flaschengeist.models.Serial(), nullable=True),
        sa.Column("public", sa.Boolean(), nullable=True),
        sa.Column("description", sa.String(length=30), nullable=True),
        sa.ForeignKeyConstraint(
            ["volume_id"], ["drink_price_volume.id"], name=op.f("fk_drink_price_volume_id_drink_price_volume")
        ),
        sa.PrimaryKeyConstraint("id", name=op.f("pk_drink_price")),
    )
    # ### end Alembic commands ###
 def downgrade():
    # ### commands auto generated by Alembic - please adjust! ###
    op.drop_table("drink_price")
    op.drop_table("drink_ingredient_association")
    op.drop_table("drink_x_type")
    op.drop_table("drink_x_tag")
    op.drop_table("drink_price_volume")
    op.drop_table("drink_ingredient")
    op.drop_table("drink")
    op.drop_table("drink_type")
    op.drop_table("drink_tag")
    op.drop_table("drink_extra_ingredient")
    # ### end Alembic commands ###
--- a/flaschengeist/plugins/pricelist/models.py
+++ b/flaschengeist/plugins/pricelist/models.py
@ -1,180 +0,0 @@
 from __future__ import annotations  # TODO: Remove if python requirement is >= 3.12 (? PEP 563 is defered)
 from typing import Optional
 from flaschengeist.database import db
 from flaschengeist.database.types import ModelSerializeMixin, Serial
 from flaschengeist.models import Image
 drink_tag_association = db.Table(
    "drink_x_tag",
    db.Column("drink_id", Serial, db.ForeignKey("drink.id")),
    db.Column("tag_id", Serial, db.ForeignKey("drink_tag.id")),
 )
 drink_type_association = db.Table(
    "drink_x_type",
    db.Column("drink_id", Serial, db.ForeignKey("drink.id")),
    db.Column("type_id", Serial, db.ForeignKey("drink_type.id")),
 )
 class Tag(db.Model, ModelSerializeMixin):
    """
    Tag
    """
    __tablename__ = "drink_tag"
    id: int = db.Column("id", Serial, primary_key=True)
    name: str = db.Column(db.String(30), nullable=False, unique=True)
    color: str = db.Column(db.String(7), nullable=False)
 class DrinkType(db.Model, ModelSerializeMixin):
    """
    DrinkType
    """
    __tablename__ = "drink_type"
    id: int = db.Column("id", Serial, primary_key=True)
    name: str = db.Column(db.String(30), nullable=False, unique=True)
 class DrinkPrice(db.Model, ModelSerializeMixin):
    """
    PriceFromVolume
    """
    __tablename__ = "drink_price"
    id: int = db.Column("id", Serial, primary_key=True)
    price: float = db.Column(db.Numeric(precision=5, scale=2, asdecimal=False))
    volume_id_ = db.Column("volume_id", Serial, db.ForeignKey("drink_price_volume.id"))
    volume: "DrinkPriceVolume" = None
    _volume: "DrinkPriceVolume" = db.relationship("DrinkPriceVolume", back_populates="_prices", join_depth=1)
    public: bool = db.Column(db.Boolean, default=True)
    description: Optional[str] = db.Column(db.String(30))
    def __repr__(self):
        return f"DrinkPric({self.id},{self.price},{self.public},{self.description})"
 class ExtraIngredient(db.Model, ModelSerializeMixin):
    """
    ExtraIngredient
    """
    __tablename__ = "drink_extra_ingredient"
    id: int = db.Column("id", Serial, primary_key=True)
    name: str = db.Column(db.String(30), unique=True, nullable=False)
    price: float = db.Column(db.Numeric(precision=5, scale=2, asdecimal=False))
 class DrinkIngredient(db.Model, ModelSerializeMixin):
    """
    Drink Ingredient
    """
    __tablename__ = "drink_ingredient"
    id: int = db.Column("id", Serial, primary_key=True)
    volume: float = db.Column(db.Numeric(precision=5, scale=2, asdecimal=False), nullable=False)
    ingredient_id: int = db.Column(Serial, db.ForeignKey("drink.id"))
    cost_per_volume: float
    name: str
    _drink_ingredient: Drink = db.relationship("Drink")
    @property
    def cost_per_volume(self):
        return self._drink_ingredient.cost_per_volume if self._drink_ingredient else None
    @property
    def name(self):
        return self._drink_ingredient.name if self._drink_ingredient else None
 class Ingredient(db.Model, ModelSerializeMixin):
    """
    Ingredient Associationtable
    """
    __tablename__ = "drink_ingredient_association"
    id: int = db.Column("id", Serial, primary_key=True)
    volume_id = db.Column(Serial, db.ForeignKey("drink_price_volume.id"))
    drink_ingredient: Optional[DrinkIngredient] = db.relationship(DrinkIngredient, cascade="all,delete")
    extra_ingredient: Optional[ExtraIngredient] = db.relationship(ExtraIngredient)
    _drink_ingredient_id = db.Column(Serial, db.ForeignKey("drink_ingredient.id"))
    _extra_ingredient_id = db.Column(Serial, db.ForeignKey("drink_extra_ingredient.id"))
 class MinPrices(ModelSerializeMixin):
    """
    MinPrices
    """
    percentage: float
    price: float
 class DrinkPriceVolume(db.Model, ModelSerializeMixin):
    """
    Drink Volumes and Prices
    """
    __tablename__ = "drink_price_volume"
    id: int = db.Column("id", Serial, primary_key=True)
    drink_id = db.Column(Serial, db.ForeignKey("drink.id"))
    drink: "Drink" = None
    _drink: "Drink" = db.relationship("Drink", back_populates="_volumes")
    volume: float = db.Column(db.Numeric(precision=5, scale=2, asdecimal=False))
    min_prices: list[MinPrices] = []
    # ingredients: list[Ingredient] = []
    prices: list[DrinkPrice] = []
    _prices: list[DrinkPrice] = db.relationship(
        DrinkPrice, back_populates="_volume", cascade="all,delete,delete-orphan"
    )
    ingredients: list[Ingredient] = db.relationship(
        "Ingredient",
        foreign_keys=Ingredient.volume_id,
        cascade="all,delete,delete-orphan",
    )
    def __repr__(self):
        return f"DrinkPriceVolume({self.id},{self.drink_id},{self.volume},{self.prices})"
 class Drink(db.Model, ModelSerializeMixin):
    """
    DrinkPrice
    """
    __tablename__ = "drink"
    id: int = db.Column("id", Serial, primary_key=True)
    article_id: Optional[str] = db.Column(db.String(64))
    package_size: Optional[int] = db.Column(db.Integer)
    name: str = db.Column(db.String(60), nullable=False)
    volume: Optional[float] = db.Column(db.Numeric(precision=5, scale=2, asdecimal=False))
    cost_per_volume: Optional[float] = db.Column(db.Numeric(precision=5, scale=3, asdecimal=False))
    cost_per_package: Optional[float] = db.Column(db.Numeric(precision=5, scale=3, asdecimal=False))
    has_image: bool = False
    receipt: Optional[list[str]] = db.Column(db.PickleType(protocol=4))
    _type_id = db.Column("type_id", Serial, db.ForeignKey("drink_type.id"))
    _image_id = db.Column("image_id", Serial, db.ForeignKey("image.id"))
    image_: Image = db.relationship("Image", cascade="all, delete", foreign_keys=[_image_id])
    tags: Optional[list[Tag]] = db.relationship("Tag", secondary=drink_tag_association, cascade="save-update, merge")
    type: Optional[DrinkType] = db.relationship("DrinkType", foreign_keys=[_type_id])
    volumes: list[DrinkPriceVolume] = []
    _volumes: list[DrinkPriceVolume] = db.relationship(
        DrinkPriceVolume, back_populates="_drink", cascade="all,delete,delete-orphan"
    )
    def __repr__(self):
        return f"Drink({self.id},{self.name},{self.volumes})"
    @property
    def has_image(self):
        return self.image_ is not None
--- a/flaschengeist/plugins/pricelist/permissions.py
+++ b/flaschengeist/plugins/pricelist/permissions.py
@ -1,37 +0,0 @@
 CREATE = "drink_create"
 """Can create drinks"""
 EDIT = "drink_edit"
 """Can edit drinks"""
 DELETE = "drink_delete"
 """Can delete drinks"""
 CREATE_TAG = "drink_tag_create"
 """Can create and edit Tags"""
 EDIT_PRICE = "edit_price"
 DELETE_PRICE = "delete_price"
 EDIT_VOLUME = "edit_volume"
 DELETE_VOLUME = "delete_volume"
 EDIT_INGREDIENTS_DRINK = "edit_ingredients_drink"
 DELETE_INGREDIENTS_DRINK = "delete_ingredients_drink"
 EDIT_INGREDIENTS = "edit_ingredients"
 DELETE_INGREDIENTS = "delete_ingredients"
 EDIT_TAG = "drink_tag_edit"
 DELETE_TAG = "drink_tag_delete"
 CREATE_TYPE = "drink_type_create"
 EDIT_TYPE = "drink_type_edit"
 DELETE_TYPE = "drink_type_delete"
 EDIT_MIN_PRICES = "edit_min_prices"
 permissions = [value for key, value in globals().items() if not key.startswith("_")]
--- a/flaschengeist/plugins/pricelist/pricelist_controller.py
+++ b/flaschengeist/plugins/pricelist/pricelist_controller.py
@ -1,540 +0,0 @@
 from werkzeug.exceptions import BadRequest, NotFound
 from sqlalchemy.exc import IntegrityError
 from flaschengeist import logger
 from flaschengeist.database import db
 from flaschengeist.utils.decorators import extract_session
 from .models import (
    Drink,
    DrinkPrice,
    Ingredient,
    Tag,
    DrinkType,
    DrinkPriceVolume,
    DrinkIngredient,
    ExtraIngredient,
 )
 from .permissions import EDIT_VOLUME, EDIT_PRICE, EDIT_INGREDIENTS_DRINK
 import flaschengeist.controller.imageController as image_controller
 def update():
    db.session.commit()
 def get_tags():
    return Tag.query.all()
 def get_tag(identifier):
    if isinstance(identifier, int):
        ret = Tag.query.get(identifier)
    elif isinstance(identifier, str):
        ret = Tag.query.filter(Tag.name == identifier).one_or_none()
    else:
        logger.debug("Invalid identifier type for Tag")
        raise BadRequest
    if ret is None:
        raise NotFound
    return ret
 def create_tag(data):
    try:
        if "id" in data:
            data.pop("id")
        allowed_keys = Tag().serialize().keys()
        values = {key: value for key, value in data.items() if key in allowed_keys}
        tag = Tag(**values)
        db.session.add(tag)
        update()
        return tag
    except IntegrityError:
        raise BadRequest("Name already exists")
 def update_tag(identifier, data):
    tag = get_tag(identifier)
    allowed_keys = Tag().serialize().keys()
    values = {key: value for key, value in data.items() if key in allowed_keys}
    for key, value in values.items():
        setattr(tag, key, value)
    try:
        update()
    except IntegrityError:
        raise BadRequest("Name already exists")
 def delete_tag(identifier):
    tag = get_tag(identifier)
    db.session.delete(tag)
    try:
        update()
    except IntegrityError:
        raise BadRequest("Tag still in use")
 def get_drink_types():
    return DrinkType.query.all()
 def get_drink_type(identifier):
    if isinstance(identifier, int):
        ret = DrinkType.query.get(identifier)
    elif isinstance(identifier, str):
        ret = DrinkType.query.filter(Tag.name == identifier).one_or_none()
    else:
        logger.debug("Invalid identifier type for DrinkType")
        raise BadRequest
    if ret is None:
        raise NotFound
    return ret
 def create_drink_type(name):
    try:
        drink_type = DrinkType(name=name)
        db.session.add(drink_type)
        update()
        return drink_type
    except IntegrityError:
        raise BadRequest("Name already exists")
 def rename_drink_type(identifier, new_name):
    drink_type = get_drink_type(identifier)
    drink_type.name = new_name
    try:
        update()
    except IntegrityError:
        raise BadRequest("Name already exists")
    return drink_type
 def delete_drink_type(identifier):
    drink_type = get_drink_type(identifier)
    db.session.delete(drink_type)
    try:
        update()
    except IntegrityError:
        raise BadRequest("DrinkType still in use")
 def _create_public_drink(drink):
    _volumes = []
    for volume in drink.volumes:
        _prices = []
        for price in volume.prices:
            price: DrinkPrice
            if price.public:
                _prices.append(price)
        volume.prices = _prices
        if len(volume.prices) > 0:
            _volumes.append(volume)
    drink.volumes = _volumes
    if len(drink.volumes) > 0:
        return drink
    return None
 def get_drinks(
    name=None,
    public=False,
    limit=None,
    offset=None,
    search_name=None,
    search_key=None,
    ingredient=False,
    receipt=None,
 ):
    count = None
    if name:
        query = Drink.query.filter(Drink.name.contains(name))
    else:
        query = Drink.query
    if ingredient:
        query = query.filter(Drink.cost_per_volume >= 0)
    if receipt:
        query = query.filter(Drink._volumes.any(DrinkPriceVolume.ingredients != None))
    if public:
        query = query.filter(Drink._volumes.any(DrinkPriceVolume._prices.any(DrinkPrice.public)))
    if search_name:
        if search_key == "name":
            query = query.filter(Drink.name.contains(search_name))
        elif search_key == "article_id":
            query = query.filter(Drink.article_id.contains(search_name))
        elif search_key == "drink_type":
            query = query.filter(Drink.type.has(DrinkType.name.contains(search_name)))
        elif search_key == "tags":
            query = query.filter(Drink.tags.any(Tag.name.contains(search_name)))
        else:
            query = query.filter(
                (Drink.name.contains(search_name))
                | (Drink.article_id.contains(search_name))
                | (Drink.type.has(DrinkType.name.contains(search_name)))
                | (Drink.tags.any(Tag.name.contains(search_name)))
            )
    query = query.order_by(Drink.name.asc())
    if limit is not None:
        count = query.count()
        query = query.limit(limit)
    if offset is not None:
        query = query.offset(offset)
    drinks = query.all()
    for drink in drinks:
        for volume in drink._volumes:
            volume.prices = volume._prices
        drink.volumes = drink._volumes
    return drinks, count
 def get_pricelist(
    public=False,
    limit=None,
    offset=None,
    search_name=None,
    search_key=None,
    sortBy=None,
    descending=False,
 ):
    count = None
    query = DrinkPrice.query
    if public:
        query = query.filter(DrinkPrice.public)
    if search_name:
        if search_key == "name":
            query = query.filter(DrinkPrice._volume.has(DrinkPriceVolume._drink.has(Drink.name.contains(search_name))))
        if search_key == "type":
            query = query.filter(
                DrinkPrice._volume.has(
                    DrinkPriceVolume._drink.has(Drink.type.has(DrinkType.name.contains(search_name)))
                )
            )
        if search_key == "tags":
            query = query.filter(
                DrinkPrice._volume.has(DrinkPriceVolume._drink.has(Drink.tags.any(Tag.name.conaitns(search_name))))
            )
        if search_key == "volume":
            query = query.filter(DrinkPrice._volume.has(DrinkPriceVolume.volume == float(search_name)))
        if search_key == "price":
            query = query.filter(DrinkPrice.price == float(search_name))
        if search_key == "description":
            query = query.filter(DrinkPrice.description.contains(search_name))
        else:
            try:
                search_name = float(search_name)
                query = query.filter(
                    (DrinkPrice._volume.has(DrinkPriceVolume.volume == float(search_name)))
                    | (DrinkPrice.price == float(search_name))
                )
            except:
                query = query.filter(
                    (DrinkPrice._volume.has(DrinkPriceVolume._drink.has(Drink.name.contains(search_name))))
                    | (
                        DrinkPrice._volume.has(
                            DrinkPriceVolume._drink.has(Drink.type.has(DrinkType.name.contains(search_name)))
                        )
                    )
                    | (
                        DrinkPrice._volume.has(
                            DrinkPriceVolume._drink.has(Drink.tags.any(Tag.name.contains(search_name)))
                        )
                    )
                    | (DrinkPrice.description.contains(search_name))
                )
    if sortBy == "type":
        query = (
            query.join(DrinkPrice._volume)
            .join(DrinkPriceVolume._drink)
            .join(Drink.type)
            .order_by(DrinkType.name.desc() if descending else DrinkType.name.asc())
        )
    elif sortBy == "volume":
        query = query.join(DrinkPrice._volume).order_by(
            DrinkPriceVolume.volume.desc() if descending else DrinkPriceVolume.volume.asc()
        )
    elif sortBy == "price":
        query = query.order_by(DrinkPrice.price.desc() if descending else DrinkPrice.price.asc())
    else:
        query = (
            query.join(DrinkPrice._volume)
            .join(DrinkPriceVolume._drink)
            .order_by(Drink.name.desc() if descending else Drink.name.asc())
        )
    if limit is not None:
        count = query.count()
        query = query.limit(limit)
    if offset is not None:
        query = query.offset(offset)
    prices = query.all()
    for price in prices:
        price._volume.drink = price._volume._drink
        price.volume = price._volume
    return prices, count
 def get_drink(identifier, public=False):
    drink = None
    if isinstance(identifier, int):
        drink = Drink.query.get(identifier)
    elif isinstance(identifier, str):
        drink = Drink.query.filter(Tag.name == identifier).one_or_none()
    else:
        raise BadRequest("Invalid identifier type for Drink")
    if drink is None:
        raise NotFound
    if public:
        return _create_public_drink(drink)
    for volume in drink._volumes:
        volume.prices = volume._prices
    drink.volumes = drink._volumes
    return drink
 def set_drink(data):
    return update_drink(-1, data)
 def update_drink(identifier, data):
    try:
        session = extract_session()
        if "id" in data:
            data.pop("id")
        volumes = data.pop("volumes") if "volumes" in data else None
        tags = []
        if "tags" in data:
            _tags = data.pop("tags")
            if isinstance(_tags, list):
                for _tag in _tags:
                    if isinstance(_tag, dict) and "id" in _tag:
                        tags.append(get_tag(_tag["id"]))
        drink_type = data.pop("type")
        if isinstance(drink_type, dict) and "id" in drink_type:
            drink_type = drink_type["id"]
        drink_type = get_drink_type(drink_type)
        if identifier == -1:
            drink = Drink()
            db.session.add(drink)
        else:
            drink = get_drink(identifier)
        for key, value in data.items():
            if hasattr(drink, key) and key != "has_image":
                setattr(drink, key, value if value != "" else None)
        if drink_type:
            drink.type = drink_type
        if volumes is not None and session.user_.has_permission(EDIT_VOLUME):
            drink._volumes = []
            drink._volumes = set_volumes(volumes)
        if len(tags) > 0:
            drink.tags = tags
        db.session.commit()
        for volume in drink._volumes:
            volume.prices = volume._prices
        drink.volumes = drink._volumes
        return drink
    except (NotFound, KeyError):
        raise BadRequest
 def set_volumes(volumes):
    retVal = []
    if not isinstance(volumes, list):
        raise BadRequest
    for volume in volumes:
        retVal.append(set_volume(volume))
    return retVal
 def delete_drink(identifier):
    drink = get_drink(identifier)
    db.session.delete(drink)
    db.session.commit()
 def get_volume(identifier):
    return DrinkPriceVolume.query.get(identifier)
 def get_volumes(drink_id=None):
    if drink_id:
        return DrinkPriceVolume.query.filter(DrinkPriceVolume.drink_id == drink_id).all()
    return DrinkPriceVolume.query.all()
 def set_volume(data):
    session = extract_session()
    allowed_keys = DrinkPriceVolume().serialize().keys()
    values = {key: value for key, value in data.items() if key in allowed_keys}
    prices = None
    ingredients = None
    if "prices" in values:
        prices = values.pop("prices")
    if "ingredients" in values:
        ingredients = values.pop("ingredients")
    values.pop("id", None)
    volume = DrinkPriceVolume(**values)
    db.session.add(volume)
    if prices and session.user_.has_permission(EDIT_PRICE):
        set_prices(prices, volume)
    if ingredients and session.user_.has_permission(EDIT_INGREDIENTS_DRINK):
        set_ingredients(ingredients, volume)
    return volume
 def set_prices(prices, volume):
    if isinstance(prices, list):
        _prices = []
        for _price in prices:
            price = set_price(_price)
            _prices.append(price)
        volume._prices = _prices
 def set_ingredients(ingredients, volume):
    if isinstance(ingredients, list):
        _ingredietns = []
        for _ingredient in ingredients:
            ingredient = set_ingredient(_ingredient)
            _ingredietns.append(ingredient)
        volume.ingredients = _ingredietns
 def delete_volume(identifier):
    volume = get_volume(identifier)
    db.session.delete(volume)
    db.session.commit()
 def get_price(identifier):
    if isinstance(identifier, int):
        return DrinkPrice.query.get(identifier)
    raise NotFound
 def get_prices(volume_id=None):
    if volume_id:
        return DrinkPrice.query.filter(DrinkPrice.volume_id_ == volume_id).all()
    return DrinkPrice.query.all()
 def set_price(data):
    allowed_keys = list(DrinkPrice().serialize().keys())
    allowed_keys.append("description")
    logger.debug(f"allowed_key {allowed_keys}")
    values = {key: value for key, value in data.items() if key in allowed_keys}
    values.pop("id", -1)
    price = DrinkPrice(**values)
    db.session.add(price)
    return price
 def delete_price(identifier):
    price = get_price(identifier)
    db.session.delete(price)
    db.session.commit()
 def set_drink_ingredient(data):
    allowed_keys = DrinkIngredient().serialize().keys()
    values = {key: value for key, value in data.items() if key in allowed_keys}
    if "cost_per_volume" in values:
        values.pop("cost_per_volume")
    if "name" in values:
        values.pop("name")
    values.pop("id", -1)
    drink_ingredient = DrinkIngredient(**values)
    db.session.add(drink_ingredient)
    return drink_ingredient
 def get_ingredient(identifier):
    return Ingredient.query.get(identifier)
 def set_ingredient(data):
    drink_ingredient_value = None
    extra_ingredient_value = None
    if "drink_ingredient" in data:
        drink_ingredient_value = data.pop("drink_ingredient")
    if "extra_ingredient" in data:
        extra_ingredient_value = data.pop("extra_ingredient")
    data.pop("id", -1)
    ingredient = Ingredient(**data)
    db.session.add(ingredient)
    if drink_ingredient_value:
        ingredient.drink_ingredient = set_drink_ingredient(drink_ingredient_value)
    if extra_ingredient_value:
        if "id" in extra_ingredient_value:
            ingredient.extra_ingredient = get_extra_ingredient(extra_ingredient_value.get("id"))
    return ingredient
 def delete_ingredient(identifier):
    ingredient = get_ingredient(identifier)
    if ingredient.drink_ingredient:
        db.session.delete(ingredient.drink_ingredient)
    db.session.delete(ingredient)
    db.session.commit()
 def get_extra_ingredients():
    return ExtraIngredient.query.all()
 def get_extra_ingredient(identifier):
    return ExtraIngredient.query.get(identifier)
 def set_extra_ingredient(data):
    allowed_keys = ExtraIngredient().serialize().keys()
    if "id" in data:
        data.pop("id")
    values = {key: value for key, value in data.items() if key in allowed_keys}
    extra_ingredient = ExtraIngredient(**values)
    db.session.add(extra_ingredient)
    db.session.commit()
    return extra_ingredient
 def update_extra_ingredient(identifier, data):
    allowed_keys = ExtraIngredient().serialize().keys()
    if "id" in data:
        data.pop("id")
    values = {key: value for key, value in data.items() if key in allowed_keys}
    extra_ingredient = get_extra_ingredient(identifier)
    if extra_ingredient:
        for key, value in values.items():
            setattr(extra_ingredient, key, value)
    db.session.commit()
    return extra_ingredient
 def delete_extra_ingredient(identifier):
    extra_ingredient = get_extra_ingredient(identifier)
    db.session.delete(extra_ingredient)
    db.session.commit()
 def save_drink_picture(identifier, file):
    drink = delete_drink_picture(identifier)
    drink.image_ = image_controller.upload_image(file)
    db.session.commit()
    return drink
 def delete_drink_picture(identifier):
    drink = get_drink(identifier)
    if drink.image_:
        db.session.delete(drink.image_)
        drink.image_ = None
    db.session.commit()
    return drink
--- a/flaschengeist/plugins/scheduler.py
+++ b/flaschengeist/plugins/scheduler.py
@ -1,6 +1,7 @@
 from flask import Blueprint
 from datetime import datetime, timedelta
 from flask import Blueprint
 from flaschengeist import logger
 from flaschengeist.config import config
 from flaschengeist.plugins import Plugin
@ -66,15 +67,17 @@ class SchedulerPlugin(Plugin):
        changed = False
        now = datetime.now()
-        status = self.get_setting("status", default=dict())
+        status: dict = self.get_setting("status", default=dict())
        for id, task in _scheduled_tasks.items():
            last_run = status.setdefault(id, now)
            status[id] = last_run
            if last_run + task.interval <= now:
                logger.debug(
                    f"Run task {id}, was scheduled for {last_run + task.interval}, next iteration: {now + task.interval}"
                )
                task.function()
                status[id] = now
                changed = True
            else:
                logger.debug(f"Skip task {id}, is scheduled for {last_run + task.interval}")
--- a/flaschengeist/plugins/users/init.py
+++ b/flaschengeist/plugins/users/init.py
@ -11,7 +11,7 @@ from werkzeug.exceptions import BadRequest, Forbidden, MethodNotAllowed
 from flaschengeist import logger
 from flaschengeist.config import config
-from flaschengeist.controller import userController
+from flaschengeist.controller import apiKeyController, userController
 from flaschengeist.models import User
 from flaschengeist.plugins import Plugin
 from flaschengeist.utils.datetime import from_iso_format
@ -281,3 +281,64 @@ def settings(userid, setting, current_session):
        user.set_attribute(setting, data)
        userController.persist()
        return no_content()
@UsersPlugin.blueprint.route("/users/<userid>/api_keys", methods=["GET"])
@login_required()
 def get_users_api_keys(userid, current_session):
    """Get all API keys of a user
    Route: ``/users/<userid>/api_keys`` | Method: ``GET``
    Args:
        userid: UserID of user to retrieve
        current_session: Session sent with Authorization Header
    Returns:
        JSON encoded array of `flaschengeist.models.api_key.ApiKey` or HTTP error
    """
    if userid != current_session.user_.userid:
        raise Unauthorized
    return jsonify(apiKeyController.get_users_api_keys(current_session.user_))
@UsersPlugin.blueprint.route("/users/<userid>/api_keys", methods=["POST"])
@login_required()
 def create_api_key(userid, current_session):
    """Create a new API key for a user
    Route: ``/users/<userid>/api_keys`` | Method: ``POST``
    Args:
        userid: UserID of user to retrieve
        current_session: Session sent with Authorization Header
    Returns:
        JSON encoded `flaschengeist.models.api_key.ApiKey` or HTTP error
    """
    data = request.get_json()
    if not data or "name" not in data:
        raise BadRequest
    if userid != current_session.user_.userid:
        raise Unauthorized
    return jsonify(apiKeyController.create(current_session.user_, data["name"], data.get("description", None)))
@UsersPlugin.blueprint.route("/users/<userid>/api_keys/<int:keyid>", methods=["DELETE"])
@login_required()
 def delete_api_key(userid, keyid, current_session):
    """Delete an API key for a user
    Route: ``/users/<userid>/api_keys/<keyid>`` | Method: ``DELETE``
    Args:
        userid: UserID of user to retrieve
        keyid: KeyID of the API key to delete
        current_session: Session sent with Authorization Header
    Returns:
        HTTP-204 or HTTP error
    """
    if userid != current_session.user_.userid:
        raise Unauthorized
    apiKeyController.delete_api_key(keyid)
    return no_content()
--- a/flaschengeist/utils/decorators.py
+++ b/flaschengeist/utils/decorators.py
@ -1,8 +1,22 @@
 from functools import wraps
 from werkzeug.exceptions import Unauthorized
 from flaschengeist import logger
-from flaschengeist.controller import sessionController
+from flaschengeist.controller import apiKeyController, sessionController
 def extract_api_key(permission=None):
    from flask import request
    try:
        apiKey = request.headers.get("X-API-KEY")
    except AttributeError:
        logger.debug("Missing X-API-KEY header")
        raise Unauthorized
    apiKey = apiKeyController.validate_api_key(apiKey, permission)
    return apiKey
 def extract_session(permission=None):
@ -32,7 +46,10 @@ def login_required(permission=None):
    def wrap(func):
        @wraps(func)
        def wrapped_f(*args, **kwargs):
-            session = extract_session(permission)
+            try:
                session = extract_session(permission)
            except Unauthorized:
                session = extract_api_key(permission)
            kwargs["current_session"] = session
            logger.debug("token {{ {} }} is valid".format(session.token))
            return func(*args, **kwargs)
--- a/setup.cfg
+++ b/setup.cfg
@ -1,6 +1,6 @@
 [metadata]
 license = MIT
-version = 2.1.0
+version = 2.2.0
 name = flaschengeist
 author = Tim Gröger
 author_email = flaschengeist@wu5.de
@ -65,7 +65,6 @@ flaschengeist.plugins =
    roles = flaschengeist.plugins.roles:RolesPlugin
    balance = flaschengeist.plugins.balance:BalancePlugin
    mail = flaschengeist.plugins.message_mail:MailMessagePlugin
    pricelist = flaschengeist.plugins.pricelist:PriceListPlugin
    scheduler = flaschengeist.plugins.scheduler:SchedulerPlugin
 [bdist_wheel]
Author	SHA1	Message	Date
Tim Gröger	db7c2c818b	test commit	2024-10-22 07:22:11 +02:00
Tim Gröger	cdb7958c57	[fix][scheduler] status of scheduler task now saved again	2024-10-15 13:37:23 +02:00
Tim Gröger	607b29027b	update to version 2.2.0	2024-10-15 08:30:03 +02:00
Tim Gröger	df02808fb7	[feat][apiKey] show token only on create, fix decorator	2024-10-15 08:26:16 +02:00
Tim Gröger	7dd3321246	[feat][apikey] update model, add logic, add routes	2024-10-15 07:27:29 +02:00
Tim Gröger	2f7fdec492	[feat] add api_key table create model for api_key create migration for alembic	2024-10-14 06:24:19 +02:00
Tim Gröger	81080404fb	[fix] fix multiple sessions Session is created with user.id now instead of full user. Old sessions dont will destroy.	2024-10-10 13:29:05 +02:00
Tim Gröger	0570a9a32f	update to version 2.1.0	2024-10-08 15:05:08 +02:00
Tim Gröger	c06a12faaa	[feat] add user settings	2024-04-12 10:11:45 +02:00