Base of authentication.
This commit is contained in:
parent
e6b61f97e0
commit
f646831891
0
__init__.py
Normal file
0
__init__.py
Normal file
@ -1,4 +1,7 @@
|
|||||||
import pkgutil
|
import pkgutil
|
||||||
|
from flask.ext.httpauth import HTTPBasicAuth
|
||||||
|
|
||||||
|
auth = HTTPBasicAuth()
|
||||||
|
|
||||||
__all__ = []
|
__all__ = []
|
||||||
|
|
||||||
|
@ -14,6 +14,7 @@
|
|||||||
You should have received a copy of the GNU Affero General Public License
|
You should have received a copy of the GNU Affero General Public License
|
||||||
along with Accountant. If not, see <http://www.gnu.org/licenses/>.
|
along with Accountant. If not, see <http://www.gnu.org/licenses/>.
|
||||||
"""
|
"""
|
||||||
|
from . import auth
|
||||||
from .. import api
|
from .. import api
|
||||||
from ..model import db, session_scope
|
from ..model import db, session_scope
|
||||||
from ..model.accounts import Account
|
from ..model.accounts import Account
|
||||||
@ -21,8 +22,10 @@ from ..model.entries import Entry
|
|||||||
from ..model.operations import Operation
|
from ..model.operations import Operation
|
||||||
from flask import json, request
|
from flask import json, request
|
||||||
from sqlalchemy import func, case, cast, extract, distinct
|
from sqlalchemy import func, case, cast, extract, distinct
|
||||||
|
from forms.accounts import AccountIdForm, AccountForm
|
||||||
|
|
||||||
@api.route("/accounts", methods=["GET"])
|
@api.route("/accounts", methods=["GET"])
|
||||||
|
@auth.login_required
|
||||||
def get_accounts():
|
def get_accounts():
|
||||||
"""
|
"""
|
||||||
Returns accounts with their solds.
|
Returns accounts with their solds.
|
||||||
@ -47,6 +50,7 @@ def get_accounts():
|
|||||||
} for i in query.all()])
|
} for i in query.all()])
|
||||||
|
|
||||||
@api.route("/accounts/<account_id>/<year>/<month>/")
|
@api.route("/accounts/<account_id>/<year>/<month>/")
|
||||||
|
@auth.login_required
|
||||||
def get_account_status(account_id, year, month):
|
def get_account_status(account_id, year, month):
|
||||||
with session_scope() as session:
|
with session_scope() as session:
|
||||||
query = session.query(
|
query = session.query(
|
||||||
@ -76,6 +80,7 @@ def get_account_status(account_id, year, month):
|
|||||||
})
|
})
|
||||||
|
|
||||||
@api.route("/accounts/<account_id>/months")
|
@api.route("/accounts/<account_id>/months")
|
||||||
|
@auth.login_required
|
||||||
def get_months(account_id):
|
def get_months(account_id):
|
||||||
with session_scope() as session:
|
with session_scope() as session:
|
||||||
query = session.query(
|
query = session.query(
|
||||||
@ -89,6 +94,7 @@ def get_months(account_id):
|
|||||||
} for i in query.all()])
|
} for i in query.all()])
|
||||||
|
|
||||||
@api.route("/accounts", methods=["PUT"])
|
@api.route("/accounts", methods=["PUT"])
|
||||||
|
@auth.login_required
|
||||||
def add_account():
|
def add_account():
|
||||||
with session_scope() as session:
|
with session_scope() as session:
|
||||||
account = Account(request.json['name'], request.json['authorized_overdraft'])
|
account = Account(request.json['name'], request.json['authorized_overdraft'])
|
||||||
@ -99,18 +105,25 @@ def add_account():
|
|||||||
|
|
||||||
|
|
||||||
@api.route("/accounts/<account_id>", methods=["PUT"])
|
@api.route("/accounts/<account_id>", methods=["PUT"])
|
||||||
|
@auth.login_required
|
||||||
def update_account(account_id):
|
def update_account(account_id):
|
||||||
with session_scope() as session:
|
account_form = AccountForm()
|
||||||
account = session.query(Account).filter(Account.id == account_id).first()
|
|
||||||
|
|
||||||
account.name = request.json['name']
|
if account_form.validate():
|
||||||
account.authorized_overdraft = request.json['authorized_overdraft']
|
with session_scope() as session:
|
||||||
|
account = session.query(Account).filter(Account.id == account_id).first()
|
||||||
|
|
||||||
session.merge(account)
|
account.name = request.json['name']
|
||||||
|
account.authorized_overdraft = request.json['authorized_overdraft']
|
||||||
|
|
||||||
return json.dumps("Account #%s updated." % account_id)
|
session.merge(account)
|
||||||
|
|
||||||
|
return json.dumps("Account #%s updated." % account_id)
|
||||||
|
else:
|
||||||
|
return json.dumps({'ok': False, 'error_type': 'validation', 'errors': account_form.errors})
|
||||||
|
|
||||||
@api.route("/accounts/<account_id>", methods=["DELETE"])
|
@api.route("/accounts/<account_id>", methods=["DELETE"])
|
||||||
|
@auth.login_required
|
||||||
def delete_account(account_id):
|
def delete_account(account_id):
|
||||||
with session_scope() as session:
|
with session_scope() as session:
|
||||||
account = session.query(Account).filter(Account.id == account_id).first()
|
account = session.query(Account).filter(Account.id == account_id).first()
|
||||||
|
29
api/controller/users.py
Normal file
29
api/controller/users.py
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
"""
|
||||||
|
This file is part of Accountant.
|
||||||
|
|
||||||
|
Accountant is free software: you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU Affero General Public License as published by
|
||||||
|
the Free Software Foundation, either version 3 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
Accountant is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU Affero General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU Affero General Public License
|
||||||
|
along with Accountant. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
"""
|
||||||
|
|
||||||
|
from . import auth
|
||||||
|
from .. import api
|
||||||
|
from ..model import db, session_scope
|
||||||
|
|
||||||
|
@auth.verify_password
|
||||||
|
def verify_password(username, password):
|
||||||
|
|
||||||
|
if username == 'titi' and password == 'toto':
|
||||||
|
return True
|
||||||
|
# Update principal identity
|
||||||
|
|
||||||
|
return False
|
4
app.py
4
app.py
@ -16,6 +16,7 @@
|
|||||||
"""
|
"""
|
||||||
|
|
||||||
from api import api
|
from api import api
|
||||||
|
#from api.controller import login_manager
|
||||||
from api.model import db
|
from api.model import db
|
||||||
from flask import Flask
|
from flask import Flask
|
||||||
from flask.ext.sqlalchemy import SQLAlchemy
|
from flask.ext.sqlalchemy import SQLAlchemy
|
||||||
@ -28,8 +29,11 @@ app = Flask(__name__, static_folder = None)
|
|||||||
|
|
||||||
app.config['SQLALCHEMY_DATABASE_URI'] = config.db_uri
|
app.config['SQLALCHEMY_DATABASE_URI'] = config.db_uri
|
||||||
app.config['SQLALCHEMY_RECORD_QUERIES'] = config.debug
|
app.config['SQLALCHEMY_RECORD_QUERIES'] = config.debug
|
||||||
|
app.config['WTF_CSRF_ENABLED'] = False
|
||||||
|
app.config['SECRET_KEY'] = 'my_secret_key'
|
||||||
|
|
||||||
db.init_app(app)
|
db.init_app(app)
|
||||||
|
#login_manager.init_app(app)
|
||||||
|
|
||||||
app.register_blueprint(frontend, url_prefix='')
|
app.register_blueprint(frontend, url_prefix='')
|
||||||
app.register_blueprint(api, url_prefix='/api')
|
app.register_blueprint(api, url_prefix='/api')
|
||||||
|
0
forms/__init__.py
Normal file
0
forms/__init__.py
Normal file
9
forms/accounts.py
Normal file
9
forms/accounts.py
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
from flask_wtf import Form
|
||||||
|
from wtforms import DecimalField, IntegerField, StringField
|
||||||
|
|
||||||
|
class AccountIdForm(Form):
|
||||||
|
id = IntegerField()
|
||||||
|
|
||||||
|
class AccountForm(AccountIdForm):
|
||||||
|
name = StringField()
|
||||||
|
authorized_overdraft = DecimalField()
|
Loading…
Reference in New Issue
Block a user