172 lines
5.2 KiB
Python
172 lines
5.2 KiB
Python
from geruecht import app, db, accesTokenController
|
|
from geruecht.model.user import User
|
|
from geruecht.model.creditList import CreditList
|
|
from geruecht.model.priceList import PriceList
|
|
from datetime import datetime
|
|
from flask import request, jsonify
|
|
|
|
MONEY = "moneymaster"
|
|
GASTRO = "gastro"
|
|
USER = "user"
|
|
BAR = "bar"
|
|
|
|
def verifyAccessToken(token, group):
|
|
""" Verify Accestoken
|
|
|
|
Verify an Accestoken and Group so if the User has permission or not.
|
|
Retrieves the accestoken if valid else retrieves None
|
|
|
|
Args:
|
|
token: Token to verify.
|
|
group: Group like 'moneymaster', 'gastro', 'user' or 'bar'
|
|
Returns:
|
|
An the AccesToken for this given Token or None.
|
|
"""
|
|
accToken = accesTokenController.findAccesToken(token)
|
|
print(accToken)
|
|
if accToken is not None:
|
|
if accesTokenController.isSameGroup(accToken, group):
|
|
accToken.updateTimestamp()
|
|
return accToken
|
|
return None
|
|
|
|
@app.route("/getFinanzerMain")
|
|
def _getFinanzer():
|
|
""" Function for /getFinanzerMain
|
|
|
|
Retrieves all User for the groupe 'moneymaster'
|
|
|
|
Returns:
|
|
A JSON-File with Users or an Error.
|
|
example:
|
|
|
|
"""
|
|
token = request.headers.get("Token")
|
|
|
|
accToken = verifyAccessToken(token, MONEY)
|
|
if accToken is not None:
|
|
users = User.query.all()
|
|
dic = {}
|
|
for user in users:
|
|
dic[user.userID] = user.toJSON()
|
|
return jsonify(dic)
|
|
return jsonify({"error": "permission denied"}), 401
|
|
|
|
@app.route("/getFinanzerYears", methods=['POST'])
|
|
def _getFinanzerYear():
|
|
print(request.headers)
|
|
token = request.headers.get("Token")
|
|
print(token)
|
|
accToken = verifyAccessToken(token, MONEY)
|
|
|
|
dic = {}
|
|
if accToken is not None:
|
|
data = request.get_json()
|
|
userID = data['userId']
|
|
|
|
user = User.query.filter_by(userID=userID).first()
|
|
dic[user.userID] = {}
|
|
for geruecht in user.geruechte:
|
|
dic[user.userID][geruecht.year] = geruecht.toJSON()
|
|
return jsonify(dic)
|
|
return jsonify({"error": "permission denied"}), 401
|
|
|
|
@app.route("/valid")
|
|
def _valid():
|
|
token = request.headers.get("Token")
|
|
accToken = verifyAccessToken(token, MONEY)
|
|
if accToken is not None:
|
|
return jsonify(accToken.user.toJSON())
|
|
accToken = verifyAccessToken(token, BAR)
|
|
if accToken is not None:
|
|
return jsonify(accToken.user.toJSON())
|
|
accToken = verifyAccessToken(token, GASTRO)
|
|
if accToken is not None:
|
|
return jsonify(accToken.user.toJSON())
|
|
accToken = verifyAccessToken(token, USER)
|
|
if accToken is not None:
|
|
return jsonify(accToken.user.toJSON())
|
|
return jsonify({"error": "permission denied"}), 401
|
|
|
|
@app.route("/login", methods=['POST'])
|
|
def _login():
|
|
""" Login User
|
|
|
|
Nothing to say.
|
|
Login in User and create an AccessToken for the User.
|
|
|
|
Returns:
|
|
A JSON-File with createt Token or Errors
|
|
"""
|
|
data = request.get_json()
|
|
print(data)
|
|
username = data['username']
|
|
password = data['password']
|
|
user = User.query.filter_by(username=username).first()
|
|
if user:
|
|
if user.login(password):
|
|
token = accesTokenController.createAccesToken(user)
|
|
dic = user.toJSON()
|
|
dic["token"] = token
|
|
return jsonify(dic)
|
|
else:
|
|
return jsonify({"error": "wrong password"}), 401
|
|
return jsonify({"error": "wrong username"}), 402
|
|
|
|
@app.route("/bar")
|
|
def _bar():
|
|
print(request.headers)
|
|
token = request.headers.get("Token")
|
|
print(token)
|
|
accToken = verifyAccessToken(token, BAR)
|
|
|
|
dic = {}
|
|
if accToken is not None:
|
|
users = User.query.all()
|
|
for user in users:
|
|
geruecht = None
|
|
geruecht = user.getCurrentGeruecht()
|
|
if geruecht is not None:
|
|
month = geruecht.getMonth(datetime.now().month)
|
|
amount = abs(month[0] - month[1])
|
|
if amount != 0:
|
|
dic[user.userID] = {"username": user.username,
|
|
"firstname": user.firstname,
|
|
"lastname": user.lastname,
|
|
"amount": abs(month[0] - month[1])
|
|
}
|
|
return jsonify(dic)
|
|
return jsonify({"error": "permission denied"}), 401
|
|
|
|
@app.route("/baradd", methods=['POST'])
|
|
def _baradd():
|
|
token = request.headers.get("Token")
|
|
print(token)
|
|
accToken = verifyAccessToken(token, BAR)
|
|
|
|
if accToken is not None:
|
|
data = request.get_json()
|
|
userID = data['userId']
|
|
amount = int(data['amount'])
|
|
|
|
user = User.query.filter_by(userID=userID).first()
|
|
geruecht = user.getCurrentGeruecht()
|
|
month = geruecht.addAmount(amount)
|
|
amount = abs(month[0] - month[1])
|
|
|
|
db.session.add(geruecht)
|
|
db.session.commit()
|
|
|
|
return jsonify({"userId": user.userID, "amount": amount})
|
|
return jsonify({"error", "permission denied"}), 401
|
|
|
|
|
|
@app.route("/getFinanzer")
|
|
def getFinanzer():
|
|
users = User.query.all()
|
|
dic = {}
|
|
for user in users:
|
|
dic[user.userID] = user.toJSON()
|
|
print(dic)
|
|
return jsonify(dic)
|