flaschengeist/geruecht/routes.py

172 lines
5.2 KiB
Python

from geruecht import app, db, accesTokenController
from geruecht.model.user import User
from geruecht.model.creditList import CreditList
from geruecht.model.priceList import PriceList
from datetime import datetime
from flask import request, jsonify
MONEY = "moneymaster"
GASTRO = "gastro"
USER = "user"
BAR = "bar"
def verifyAccessToken(token, group):
""" Verify Accestoken
Verify an Accestoken and Group so if the User has permission or not.
Retrieves the accestoken if valid else retrieves None
Args:
token: Token to verify.
group: Group like 'moneymaster', 'gastro', 'user' or 'bar'
Returns:
An the AccesToken for this given Token or None.
"""
accToken = accesTokenController.findAccesToken(token)
print(accToken)
if accToken is not None:
if accesTokenController.isSameGroup(accToken, group):
accToken.updateTimestamp()
return accToken
return None
@app.route("/getFinanzerMain")
def _getFinanzer():
""" Function for /getFinanzerMain
Retrieves all User for the groupe 'moneymaster'
Returns:
A JSON-File with Users or an Error.
example:
"""
token = request.headers.get("Token")
accToken = verifyAccessToken(token, MONEY)
if accToken is not None:
users = User.query.all()
dic = {}
for user in users:
dic[user.userID] = user.toJSON()
return jsonify(dic)
return jsonify({"error": "permission denied"}), 401
@app.route("/getFinanzerYears", methods=['POST'])
def _getFinanzerYear():
print(request.headers)
token = request.headers.get("Token")
print(token)
accToken = verifyAccessToken(token, MONEY)
dic = {}
if accToken is not None:
data = request.get_json()
userID = data['userId']
user = User.query.filter_by(userID=userID).first()
dic[user.userID] = {}
for geruecht in user.geruechte:
dic[user.userID][geruecht.year] = geruecht.toJSON()
return jsonify(dic)
return jsonify({"error": "permission denied"}), 401
@app.route("/valid")
def _valid():
token = request.headers.get("Token")
accToken = verifyAccessToken(token, MONEY)
if accToken is not None:
return jsonify(accToken.user.toJSON())
accToken = verifyAccessToken(token, BAR)
if accToken is not None:
return jsonify(accToken.user.toJSON())
accToken = verifyAccessToken(token, GASTRO)
if accToken is not None:
return jsonify(accToken.user.toJSON())
accToken = verifyAccessToken(token, USER)
if accToken is not None:
return jsonify(accToken.user.toJSON())
return jsonify({"error": "permission denied"}), 401
@app.route("/login", methods=['POST'])
def _login():
""" Login User
Nothing to say.
Login in User and create an AccessToken for the User.
Returns:
A JSON-File with createt Token or Errors
"""
data = request.get_json()
print(data)
username = data['username']
password = data['password']
user = User.query.filter_by(username=username).first()
if user:
if user.login(password):
token = accesTokenController.createAccesToken(user)
dic = user.toJSON()
dic["token"] = token
return jsonify(dic)
else:
return jsonify({"error": "wrong password"}), 401
return jsonify({"error": "wrong username"}), 402
@app.route("/bar")
def _bar():
print(request.headers)
token = request.headers.get("Token")
print(token)
accToken = verifyAccessToken(token, BAR)
dic = {}
if accToken is not None:
users = User.query.all()
for user in users:
geruecht = None
geruecht = user.getCurrentGeruecht()
if geruecht is not None:
month = geruecht.getMonth(datetime.now().month)
amount = abs(month[0] - month[1])
if amount != 0:
dic[user.userID] = {"username": user.username,
"firstname": user.firstname,
"lastname": user.lastname,
"amount": abs(month[0] - month[1])
}
return jsonify(dic)
return jsonify({"error": "permission denied"}), 401
@app.route("/baradd", methods=['POST'])
def _baradd():
token = request.headers.get("Token")
print(token)
accToken = verifyAccessToken(token, BAR)
if accToken is not None:
data = request.get_json()
userID = data['userId']
amount = int(data['amount'])
user = User.query.filter_by(userID=userID).first()
geruecht = user.getCurrentGeruecht()
month = geruecht.addAmount(amount)
amount = abs(month[0] - month[1])
db.session.add(geruecht)
db.session.commit()
return jsonify({"userId": user.userID, "amount": amount})
return jsonify({"error", "permission denied"}), 401
@app.route("/getFinanzer")
def getFinanzer():
users = User.query.all()
dic = {}
for user in users:
dic[user.userID] = user.toJSON()
print(dic)
return jsonify(dic)