flaschengeist/geruecht/routes.py

78 lines
2.4 KiB
Python

from geruecht import app, db, accesTokenController, MONEY, BAR, USER, GASTRO
from geruecht.model.user import User
from geruecht.model.creditList import CreditList
from geruecht.model.priceList import PriceList
from datetime import datetime
from flask import request, jsonify
def verifyAccessToken(token, group):
""" Verify Accestoken
Verify an Accestoken and Group so if the User has permission or not.
Retrieves the accestoken if valid else retrieves None
Args:
token: Token to verify.
group: Group like 'moneymaster', 'gastro', 'user' or 'bar'
Returns:
An the AccesToken for this given Token or None.
"""
accToken = accesTokenController.findAccesToken(token)
print(accToken)
if accToken is not None:
if accesTokenController.isSameGroup(accToken, group):
accToken.updateTimestamp()
return accToken
return None
@app.route("/valid")
def _valid():
token = request.headers.get("Token")
accToken = verifyAccessToken(token, MONEY)
if accToken is not None:
return jsonify(accToken.user.toJSON())
accToken = verifyAccessToken(token, BAR)
if accToken is not None:
return jsonify(accToken.user.toJSON())
accToken = verifyAccessToken(token, GASTRO)
if accToken is not None:
return jsonify(accToken.user.toJSON())
accToken = verifyAccessToken(token, USER)
if accToken is not None:
return jsonify(accToken.user.toJSON())
return jsonify({"error": "permission denied"}), 401
@app.route("/login", methods=['POST'])
def _login():
""" Login User
Nothing to say.
Login in User and create an AccessToken for the User.
Returns:
A JSON-File with createt Token or Errors
"""
data = request.get_json()
print(data)
username = data['username']
password = data['password']
user = User.query.filter_by(username=username).first()
if user:
if user.login(password):
token = accesTokenController.createAccesToken(user)
dic = user.toJSON()
dic["token"] = token
return jsonify(dic)
else:
return jsonify({"error": "wrong password"}), 401
return jsonify({"error": "wrong username"}), 402
@app.route("/getFinanzer")
def getFinanzer():
users = User.query.all()
dic = {}
for user in users:
dic[user.userID] = user.toJSON()
print(dic)
return jsonify(dic)