from geruecht import app, db, accesTokenController from geruecht.model.user import User from geruecht.model.creditList import CreditList from geruecht.model.priceList import PriceList from datetime import datetime from flask import request, jsonify MONEY = "moneymaster" GASTRO = "gastro" USER = "user" BAR = "bar" def verifyAccessToken(token, group): """ Verify Accestoken Verify an Accestoken and Group so if the User has permission or not. Retrieves the accestoken if valid else retrieves None Args: token: Token to verify. group: Group like 'moneymaster', 'gastro', 'user' or 'bar' Returns: An the AccesToken for this given Token or None. """ accToken = accesTokenController.findAccesToken(token) print(accToken) if accToken is not None: if accesTokenController.isSameGroup(accToken, group): accToken.updateTimestamp() return accToken return None @app.route("/getFinanzerMain") def _getFinanzer(): """ Function for /getFinanzerMain Retrieves all User for the groupe 'moneymaster' Returns: A JSON-File with Users or an Error. example: """ token = request.headers.get("Token") accToken = verifyAccessToken(token, MONEY) if accToken is not None: users = User.query.all() dic = {} for user in users: dic[user.userID] = user.toJSON() return jsonify(dic) return jsonify({"error": "permission denied"}), 401 @app.route("/getFinanzerYears", methods=['POST']) def _getFinanzerYear(): print(request.headers) token = request.headers.get("Token") print(token) accToken = verifyAccessToken(token, MONEY) dic = {} if accToken is not None: data = request.get_json() userID = data['userId'] user = User.query.filter_by(userID=userID).first() dic[user.userID] = {} for geruecht in user.geruechte: dic[user.userID][geruecht.year] = geruecht.toJSON() return jsonify(dic) return jsonify({"error": "permission denied"}), 401 @app.route("/valid") def _valid(): token = request.headers.get("Token") accToken = verifyAccessToken(token, MONEY) if accToken is not None: return jsonify(accToken.user.toJSON()) accToken = verifyAccessToken(token, BAR) if accToken is not None: return jsonify(accToken.user.toJSON()) accToken = verifyAccessToken(token, GASTRO) if accToken is not None: return jsonify(accToken.user.toJSON()) accToken = verifyAccessToken(token, USER) if accToken is not None: return jsonify(accToken.user.toJSON()) return jsonify({"error": "permission denied"}), 401 @app.route("/login", methods=['POST']) def _login(): """ Login User Nothing to say. Login in User and create an AccessToken for the User. Returns: A JSON-File with createt Token or Errors """ data = request.get_json() print(data) username = data['username'] password = data['password'] user = User.query.filter_by(username=username).first() if user: if user.login(password): token = accesTokenController.createAccesToken(user) dic = user.toJSON() dic["token"] = token return jsonify(dic) else: return jsonify({"error": "wrong password"}), 401 return jsonify({"error": "wrong username"}), 402 @app.route("/bar") def _bar(): print(request.headers) token = request.headers.get("Token") print(token) accToken = verifyAccessToken(token, BAR) dic = {} if accToken is not None: users = User.query.all() for user in users: geruecht = None geruecht = user.getCurrentGeruecht() if geruecht is not None: month = geruecht.getMonth(datetime.now().month) amount = abs(month[0] - month[1]) if amount != 0: dic[user.userID] = {"username": user.username, "firstname": user.firstname, "lastname": user.lastname, "amount": abs(month[0] - month[1]) } return jsonify(dic) return jsonify({"error": "permission denied"}), 401 @app.route("/baradd", methods=['POST']) def _baradd(): token = request.headers.get("Token") print(token) accToken = verifyAccessToken(token, BAR) if accToken is not None: data = request.get_json() userID = data['userId'] amount = int(data['amount']) user = User.query.filter_by(userID=userID).first() geruecht = user.getCurrentGeruecht() month = geruecht.addAmount(amount) amount = abs(month[0] - month[1]) db.session.add(geruecht) db.session.commit() return jsonify({"userId": user.userID, "amount": amount}) return jsonify({"error", "permission denied"}), 401 @app.route("/getFinanzer") def getFinanzer(): users = User.query.all() dic = {} for user in users: dic[user.userID] = user.toJSON() print(dic) return jsonify(dic)