hv/hv-service
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

a&a

Browse Source
This commit is contained in:
Wolfgang Hottgenroth
2021-01-27 14:13:49 +01:00
parent e0f57e9de6
commit d91cd9a3da
5 changed files with 51 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
Mieter.py
View File

@ -1,6 +1,8 @@
from dbpool import getConnection, getMany, getOne from dbpool import getConnection, getMany, getOne
from auth import check_scope
def get_mieters(): def get_mieters(token_info):
check_scope(token_info, [ "mieter/read", "wohnung/read", "objekt/read" ])
return getMany(""" return getMany("""
SELECT m.id as id, SELECT m.id as id,
o.id as objekt, o.id as objekt,
@ -21,7 +23,8 @@ SELECT m.id as id,
w.id = m.wohnung w.id = m.wohnung
""", [], "Mieter") """, [], "Mieter")
def get_mieter(id=None): def get_mieter(id, token_info):
check_scope(token_info, [ "mieter/read", "wohnung/read", "objekt/read" ])
return getOne(""" return getOne("""
SELECT m.id as id, SELECT m.id as id,
o.id as objekt, o.id as objekt,

7
Objekte.py
View File

@ -1,8 +1,11 @@
from dbpool import getConnection, getMany, getOne from dbpool import getConnection, getMany, getOne
from auth import check_scope
def get_objekte(): def get_objekte(token_info):
check_scope(token_info, "objekt/read")
return getMany("SELECT id, shortname, flaeche FROM objekt", [], "Objekt") return getMany("SELECT id, shortname, flaeche FROM objekt", [], "Objekt")
def get_objekt(id=None): def get_objekt(id, token_info):
check_scope(token_info, "objekt/read")
return getOne("SELECT id, shortname, flaeche FROM objekt WHERE id = ?", return getOne("SELECT id, shortname, flaeche FROM objekt WHERE id = ?",
(id,), "Objekt") (id,), "Objekt")

11
Wohnungen.py
View File

@ -1,6 +1,9 @@
from dbpool import getConnection, getOne, getMany from dbpool import getConnection, getOne, getMany
from auth import check_scope
def get_wohnungen():
def get_wohnungen(token_info):
check_scope(token_info, "wohnung/read")
return getMany(""" return getMany("""
SELECT w.id as id, SELECT w.id as id,
w.objekt as objekt, w.objekt as objekt,
@ -11,7 +14,8 @@ SELECT w.id as id,
WHERE o.id = w.objekt WHERE o.id = w.objekt
""", [], "Wohnung") """, [], "Wohnung")
def get_wohnung(id=None): def get_wohnung(id, token_info):
check_scope(token_info, [ "wohnung/read", "objekt/read" ])
return getOne(""" return getOne("""
SELECT w.id as id, SELECT w.id as id,
w.objekt as objekt, w.objekt as objekt,
@ -23,7 +27,8 @@ SELECT w.id as id,
w.id = ? w.id = ?
""", (id, ), "Wohnung") """, (id, ), "Wohnung")
def get_wohnungen_by_objekt(id): def get_wohnungen_by_objekt(id, token_info):
check_scope(token_info, [ "wohnung/read", "objekt/read" ])
return getMany(""" return getMany("""
SELECT w.id as id, SELECT w.id as id,
w.objekt as objekt, w.objekt as objekt,

19
ZahlungenForderungen.py
View File

@ -2,8 +2,10 @@ from dbpool import getConnection, getOne, getMany, putOne
import datetime import datetime
import decimal import decimal
import dateparser import dateparser
from auth import check_scope
def get_zahlungen_by_mieter(mieter_id): def get_zahlungen_by_mieter(mieter_id, token_info):
check_scope(token_info, "zahlung/read")
return getMany(""" return getMany("""
SELECT id, SELECT id,
mieter, mieter,
@ -28,7 +30,8 @@ SELECT id,
""", [ id ], "Zahlung") """, [ id ], "Zahlung")
def get_forderungen_by_mieter(mieter_id): def get_forderungen_by_mieter(mieter_id, token_info):
check_scope(token_info, "forderung/read")
return getMany(""" return getMany("""
SELECT id, SELECT id,
mieter, mieter,
@ -40,7 +43,8 @@ SELECT id,
WHERE mieter = ? WHERE mieter = ?
""", [ mieter_id ], "Forderung") """, [ mieter_id ], "Forderung")
def get_forderung(id): def get_forderung(id, token_info):
check_scope(token_info, "forderung/read")
return getOne(""" return getOne("""
SELECT id, SELECT id,
mieter, mieter,
@ -52,7 +56,8 @@ SELECT id,
WHERE id = ? WHERE id = ?
""", [ id ], "Forderung") """, [ id ], "Forderung")
def get_zahlungforderung_by_mieter_and_year(mieter_id, year): def get_zahlungforderung_by_mieter_and_year(mieter_id, year, token_info):
check_scope(token_info, [ "forderung/read", "zahlung/read", "mieter/read" ])
if year == 0: if year == 0:
year = datetime.datetime.now().year year = datetime.datetime.now().year
start_date = "{}-01-01".format(year) start_date = "{}-01-01".format(year)
@ -72,7 +77,8 @@ WHERE mieter = ? AND
datum_soll BETWEEN ? AND ? datum_soll BETWEEN ? AND ?
""", [mieter_id, start_date, end_date], "ZahlungForderung") """, [mieter_id, start_date, end_date], "ZahlungForderung")
def get_saldo_by_mieter_and_year(mieter_id, year): def get_saldo_by_mieter_and_year(mieter_id, year, token_info):
check_scope(token_info, [ "forderung/read", "zahlung/read", "mieter/read" ])
if year == 0: if year == 0:
year = datetime.datetime.now().year year = datetime.datetime.now().year
start_date = "{}-01-01".format(year) start_date = "{}-01-01".format(year)
@ -106,7 +112,8 @@ WHERE mieter = ? AND
"zahlungen": float(sumZ) "zahlungen": float(sumZ)
} }
def put_zahlung(zahlung): def put_zahlung(zahlung, token_info):
check_scope(token_info, "zahlung/write")
print("Input of put_zahlung: {} {}".format(type(zahlung), zahlung)) print("Input of put_zahlung: {} {}".format(type(zahlung), zahlung))
datum_soll = dateparser.parse(zahlung["datum_soll"], languages=["de"]) datum_soll = dateparser.parse(zahlung["datum_soll"], languages=["de"])
datum_ist = dateparser.parse(zahlung["datum_ist"], languages=["de"]) datum_ist = dateparser.parse(zahlung["datum_ist"], languages=["de"])

24
auth.py
View File

@ -1,7 +1,6 @@
import time import time
import connexion import connexion
import six from werkzeug.exceptions import Unauthorized, Forbidden
from werkzeug.exceptions import Unauthorized
from jose import JWTError, jwt from jose import JWTError, jwt
import os import os
@ -11,10 +10,26 @@ JWT_SECRET = os.environ['JWT_SECRET']
def decode_token(token): def decode_token(token):
try: try:
return jwt.decode(token, JWT_SECRET) print("DEBUG decode_token: try to decode")
token_info = jwt.decode(token, JWT_SECRET)
print("DEBUG decode_token: token_info: {}".format(token_info))
return token_info
except JWTError as e: except JWTError as e:
six.raise_from(Unauthorized, e) print("ERROR decode_token: error when decoding token: {}".format(e))
raise Unauthorized()
def check_token(token, key, value):
if (key in token) and ((token[key] == value) or (isinstance(token[key], list) and (value in token[key]))):
return True
print("WARN: check_token: {} -> {} required but not granted".format(key, value))
raise Forbidden()
def check_scope(token, value):
if isinstance(value, list):
for v in value:
check_token(token, "x-scope", v)
else:
check_token(token, "x-scope", value)
def get_secret(user, token_info) -> str: def get_secret(user, token_info) -> str:
return ''' return '''
@ -23,6 +38,7 @@ def get_secret(user, token_info) -> str:
'''.format(user=user, token_info=token_info) '''.format(user=user, token_info=token_info)
def _current_timestamp() -> int: def _current_timestamp() -> int:
return int(time.time()) return int(time.time())