flaschengeist/geruecht/routes.py

from geruecht import app, db, accesTokenController
from geruecht.model.user import User
from geruecht.model.creditList import CreditList
from geruecht.model.priceList import PriceList
from flask import request, jsonify

MONEY = "moneymaster"
GASTRO = "gastro"
USER = "user"
BAR = "bar"

def verifyAccessToken(token, group):
    """ Verify Accestoken

        Verify an Accestoken and Group so if the User has permission or not.
        Retrieves the accestoken if valid else retrieves None

        Args:
            token: Token to verify.
            group: Group like 'moneymaster', 'gastro', 'user' or 'bar'
        Returns:
            An the AccesToken for this given Token or None.        
    """
    accToken = accesTokenController.findAccesToken(token)
    print(accToken)
    if accToken is not None:
        if accesTokenController.isSameGroup(accToken, group):
            accToken.updateTimestamp()
            return accToken
    return None

@app.route("/getFinanzerMain", methods=['POST'])
def _getFinanzer():
    """ Function for /getFinanzerMain

        Retrieves all User for the groupe 'moneymaster'

        Returns:
            A JSON-File with Users or an Error.
            example:

    """
    data = request.get_json()
    token = data["token"]

    accToken = verifyAccessToken(token, MONEY)
    if accToken is not None:
        users = User.query.all()
        dic = {}
        for user in users:
            dic[user.userID] = user.toJSON()
        return jsonify(dic)
    return jsonify({"error": "permission denied"}), 401

@app.route("/valid", methods=['POST'])
def _valid():
    data = request.get_json()
    token = data["token"]
    accToken = verifyAccessToken(token, MONEY)
    if accToken is not None:
        return jsonify(accToken.user.toJSON())
    return jsonify({"error": "permission denied"}), 401

@app.route("/login", methods=['POST'])
def _login():
    """ Login User
    
        Nothing to say.
        Login in User and create an AccessToken for the User.

        Returns:
            A JSON-File with createt Token or Errors
    """
    data = request.get_json()
    print(data)
    username = data['username']
    password = data['password']
    user = User.query.filter_by(username=username).first()
    if user:
        if user.login(password):
            token = accesTokenController.createAccesToken(user)
            dic = user.toJSON()
            dic["token"] = token
            return jsonify(dic)
        else:
            return jsonify({"error": "wrong password"}), 401
    return jsonify({"error": "wrong username"}), 402       


@app.route("/getFinanzer")
def getFinanzer():
    users = User.query.all()
    dic = {}
    for user in users:
        dic[user.userID] = user.toJSON()
    print(dic)
    return jsonify(dic)