Base of authentication.
This commit is contained in:
parent
bb01282877
commit
29c030fde1
0
__init__.py
Normal file
0
__init__.py
Normal file
@ -1,4 +1,7 @@
|
||||
import pkgutil
|
||||
from flask.ext.httpauth import HTTPBasicAuth
|
||||
|
||||
auth = HTTPBasicAuth()
|
||||
|
||||
__all__ = []
|
||||
|
||||
|
@ -14,6 +14,7 @@
|
||||
You should have received a copy of the GNU Affero General Public License
|
||||
along with Accountant. If not, see <http://www.gnu.org/licenses/>.
|
||||
"""
|
||||
from . import auth
|
||||
from .. import api
|
||||
from ..model import db, session_scope
|
||||
from ..model.accounts import Account
|
||||
@ -21,8 +22,10 @@ from ..model.entries import Entry
|
||||
from ..model.operations import Operation
|
||||
from flask import json, request
|
||||
from sqlalchemy import func, case, cast, extract, distinct
|
||||
from forms.accounts import AccountIdForm, AccountForm
|
||||
|
||||
@api.route("/accounts", methods=["GET"])
|
||||
@auth.login_required
|
||||
def get_accounts():
|
||||
"""
|
||||
Returns accounts with their solds.
|
||||
@ -47,6 +50,7 @@ def get_accounts():
|
||||
} for i in query.all()])
|
||||
|
||||
@api.route("/accounts/<account_id>/<year>/<month>/")
|
||||
@auth.login_required
|
||||
def get_account_status(account_id, year, month):
|
||||
with session_scope() as session:
|
||||
query = session.query(
|
||||
@ -76,6 +80,7 @@ def get_account_status(account_id, year, month):
|
||||
})
|
||||
|
||||
@api.route("/accounts/<account_id>/months")
|
||||
@auth.login_required
|
||||
def get_months(account_id):
|
||||
with session_scope() as session:
|
||||
query = session.query(
|
||||
@ -89,6 +94,7 @@ def get_months(account_id):
|
||||
} for i in query.all()])
|
||||
|
||||
@api.route("/accounts", methods=["PUT"])
|
||||
@auth.login_required
|
||||
def add_account():
|
||||
with session_scope() as session:
|
||||
account = Account(request.json['name'], request.json['authorized_overdraft'])
|
||||
@ -99,18 +105,25 @@ def add_account():
|
||||
|
||||
|
||||
@api.route("/accounts/<account_id>", methods=["PUT"])
|
||||
@auth.login_required
|
||||
def update_account(account_id):
|
||||
with session_scope() as session:
|
||||
account = session.query(Account).filter(Account.id == account_id).first()
|
||||
account_form = AccountForm()
|
||||
|
||||
account.name = request.json['name']
|
||||
account.authorized_overdraft = request.json['authorized_overdraft']
|
||||
if account_form.validate():
|
||||
with session_scope() as session:
|
||||
account = session.query(Account).filter(Account.id == account_id).first()
|
||||
|
||||
session.merge(account)
|
||||
account.name = request.json['name']
|
||||
account.authorized_overdraft = request.json['authorized_overdraft']
|
||||
|
||||
return json.dumps("Account #%s updated." % account_id)
|
||||
session.merge(account)
|
||||
|
||||
return json.dumps("Account #%s updated." % account_id)
|
||||
else:
|
||||
return json.dumps({'ok': False, 'error_type': 'validation', 'errors': account_form.errors})
|
||||
|
||||
@api.route("/accounts/<account_id>", methods=["DELETE"])
|
||||
@auth.login_required
|
||||
def delete_account(account_id):
|
||||
with session_scope() as session:
|
||||
account = session.query(Account).filter(Account.id == account_id).first()
|
||||
|
29
api/controller/users.py
Normal file
29
api/controller/users.py
Normal file
@ -0,0 +1,29 @@
|
||||
"""
|
||||
This file is part of Accountant.
|
||||
|
||||
Accountant is free software: you can redistribute it and/or modify
|
||||
it under the terms of the GNU Affero General Public License as published by
|
||||
the Free Software Foundation, either version 3 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
Accountant is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU Affero General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU Affero General Public License
|
||||
along with Accountant. If not, see <http://www.gnu.org/licenses/>.
|
||||
"""
|
||||
|
||||
from . import auth
|
||||
from .. import api
|
||||
from ..model import db, session_scope
|
||||
|
||||
@auth.verify_password
|
||||
def verify_password(username, password):
|
||||
|
||||
if username == 'titi' and password == 'toto':
|
||||
return True
|
||||
# Update principal identity
|
||||
|
||||
return False
|
4
app.py
4
app.py
@ -16,6 +16,7 @@
|
||||
"""
|
||||
|
||||
from api import api
|
||||
#from api.controller import login_manager
|
||||
from api.model import db
|
||||
from flask import Flask
|
||||
from flask.ext.sqlalchemy import SQLAlchemy
|
||||
@ -28,8 +29,11 @@ app = Flask(__name__, static_folder = None)
|
||||
|
||||
app.config['SQLALCHEMY_DATABASE_URI'] = config.db_uri
|
||||
app.config['SQLALCHEMY_RECORD_QUERIES'] = config.debug
|
||||
app.config['WTF_CSRF_ENABLED'] = False
|
||||
app.config['SECRET_KEY'] = 'my_secret_key'
|
||||
|
||||
db.init_app(app)
|
||||
#login_manager.init_app(app)
|
||||
|
||||
app.register_blueprint(frontend, url_prefix='')
|
||||
app.register_blueprint(api, url_prefix='/api')
|
||||
|
0
forms/__init__.py
Normal file
0
forms/__init__.py
Normal file
9
forms/accounts.py
Normal file
9
forms/accounts.py
Normal file
@ -0,0 +1,9 @@
|
||||
from flask_wtf import Form
|
||||
from wtforms import DecimalField, IntegerField, StringField
|
||||
|
||||
class AccountIdForm(Form):
|
||||
id = IntegerField()
|
||||
|
||||
class AccountForm(AccountIdForm):
|
||||
name = StringField()
|
||||
authorized_overdraft = DecimalField()
|
Loading…
Reference in New Issue
Block a user