flaschengeist/geruecht/routes.py

60 lines
1.7 KiB
Python

from geruecht import app, db, accesTokenController
from geruecht.model.user import User
from geruecht.model.creditList import CreditList
from geruecht.model.priceList import PriceList
from flask import request, jsonify
MONEY = "moneymaster"
GASTRO = "gastro"
USER = "user"
def verifyAccessToken(token, group):
accToken = accesTokenController.findAccesToken(token)
print(accToken)
if accToken is not None:
if accesTokenController.isSameGroup(accToken, group):
accToken.updateTimestamp()
return accToken
return None
@app.route("/getFinanzerMain", methods=['POST'])
def _getFinanzer():
data = request.get_json()
token = data["token"]
accToken = verifyAccessToken(token, MONEY)
if accToken is not None:
users = User.query.all()
dic = {}
for user in users:
dic["userID"] = user.toJSON()
return jsonify(dic)
return jsonify({"error": "permission denied"}), 401
@app.route("/login", methods=['POST'])
def _login():
data = request.get_json()
print(data)
username = data['username']
password = data['password']
user = User.query.filter_by(username=username).first()
if user:
if user.login(password):
token = accesTokenController.createAccesToken(user)
dic = user.toJSON()
dic["token"] = token
return jsonify({user.userID: dic})
else:
return jsonify({"error": "wrong password"}), 401
return jsonify({"error": "wrong username"}), 402
@app.route("/getFinanzer")
def getFinanzer():
users = User.query.all()
dic = {}
for user in users:
dic["userID"] = user.toJSON()
print(dic)
return jsonify(dic)