def processData(): response = checkJWT(request.headers["JWT"]) username = response["username"] #TODO check the jwt (DONE) if allowAccess(['Staff','Permission_Admin'],request) == True: Data = apiDB.MenuUser() apiLog.logInfo("{} accessed database".format(username)) #TODO record log return flask.jsonify(json.dumps(Data)),200
def grantPermission(): if allowAccess(['Permission_Admin'], request) == False: apiLog.logWarn("{} attmepted to grant permission") return flask.jsonify({"Success": False, "Error": "No Permission"}) result = checkJWT(request.headers["JWT"]) username = result["username"] content = request.data.decode("UTF-8") #TODO check the username and the corresponding role to the dictionary then grant permission apiLog.logInfo("Permission granted by {}".format(username)) return flask.jsonify(json.loads("{'Success':True}"))
def grantPermission(currentusername): #UPDATE: Added param for check both role and username response = checkJWT(request.headers["JWT"]) username = response["username"] #TODO check the username and the corresponding role to the dictionary then grant permission if allowAccess(['Permission_Admin'],request) == True: if currentusername != username: apiLog.logWarn("{} unauthorized access".format(username)) return flask.jsonify(json.dumps(response["Error"])),400 content = request.data.decode("UTF-8") return flask.jsonify(json.loads("{'Success':True}")) else: return flask.jsonify({"Success":False, "Error":"No Permission"})
def requestPermission(role,currentusername): response = checkJWT(request.headers["JWT"]) username = response["username"] #TODO check jwt if allowAccess(['Staff','Permission_Admin','Client'],request) == True: #DO ADMIN HAVE TO REQUEST PERMISSION? #TODO compare to the username #result = checkJWT(request.headers["JWT"]) #if result["Success"] == True and result["username"]==currentusername: if currentusername == username: return flask.jsonify(apiDB.requestPermission(username, role)) return flask.jsonify(json.loads("{'Success':False,'Error':Incorrect username}")) return 'JWT Incorrect'
def updatePassword(): if allowAccess(['Client', 'Staff', 'Permission_Admin'], request) != True: return 'JWT Error', 400 header = request.headers result = checkJWT(header["JWT"]) username = result["username"] data = request.data.decode("UTF-8") #TODO maybe decrypt JSONresult = json.loads(data) if apiDB.changePassword(username, JSONresult["newPassword"]) == True: return 'Success', 200 return "Error changing password", 400
def add_records(username): if allowAccess(['Staff'], request) != True: return 'JWT Error', 400 header = request.headers result = checkJWT(header["JWT"]) #TODO decryption writer = result["username"] content = request.data.decode("UTF-8") #TODO decrypt if apiDB.addData(username, content, writer) == True: return "Success", 200 return "Write data Error", 400
def processData(): response = checkJWT(request.headers["JWT"]) username = response["username"] #TODO check the jwt (DONE) if allowAccess(['Staff', 'Permission_Admin'], request) == True: Data = apiDB.MenuUser() apiLog.logInfo("{} accessed database".format(username)) #TODO record log return flask.jsonify(Data), 200 elif allowAccess(['Client'], request) == True: Data = {} Data[username] = username return flask.jsonify(Data), 200 else: apiLog.logError("{} raised {}".format(username, response["Error"])) return flask.jsonify(response), 400
def getData(patientusername): #TODO check jwt check role response = checkJWT(request.headers["JWT"]) if response["Success"] == False: apiLog.logError(response["Error"]) return flask.jsonify(response), 400 username = response["username"] role = apiDB.getrole(username) if role == "Client" and patientusername != username: apiLog.logWarn("{} unauthorized access".format(username)) return "unauthorized access", 400 User = apiDB.getUser(patientusername) if User == False: return "No Such user", 400 apiLog.logInfo("{} accessed {}'s data".format(username, patientusername)) return flask.jsonify(User), 200
def allowAccess(roles, request): header = request.headers response = '' if "JWT" in header: UserId = header["id"] #TODO might need to decrypt UserJWT = header["JWT"] JWTresult = checkJWT(UserJWT) if JWTresult["Success"]==True: username = JWTresult["username"] UserRole = apiDB.getrole(username) if UserRole in roles: return True else: return 'role inaccept' else: return 'JWT invalid' else: return 'JWT missing'
def updatePW(): response = checkJWT(request.headers["JWT"]) username = response["username"] try: LoginUser = json.loads(LoginUser) except: print("Error A") return flask.jsonify(json.dumps({"Success":False, "Error":"Error Content-type"})),400 password = "" try: password = LoginUser["password"] except: print("Error B") return flask.jsonify(json.dumps({"Success":False, "Error":"Error Content Unfound"})),400 if allowAccess(['Staff','Permission_Admin','Client'],request) == True: if patientusername != username: apiLog.logWarn("{} unauthorized access".format(username)) return flask.jsonify(json.dumps(response["Error"])),400 return flask.jsonify(apiDB.update(username, password))
def getData(patientusername): response = checkJWT(request.headers["JWT"]) username = response["username"] #TODO check jwt check role if allowAccess(['Staff','Permission_Admin','Client'],request) == True: if patientusername != username: apiLog.logWarn("{} unauthorized access".format(username)) return flask.jsonify(json.dumps(response["Error"])),400 #response = checkJWT(request.headers["JWT"]) #if response["Success"] == False: #apiLog.logError(response["Error"]) #return flask.jsonify(json.dumps(response)),400 #username = response["username"] #role = apiDB.getrole(username) #if role == "Client" and patientusername != username: #apiLog.logWarn("{} unauthorized access".format(username)) #return flask.jsonify(json.dumps(response["Error"])),400 User = apiDB.getUser(patientusername) print(User) apiLog.logInfo("{} accessed {}'s data".format(username, patientusername)) return flask.jsonify(json.dumps(User)),200 else: apiLog.logError(response["Error"]) return flask.jsonify(json.dumps(response)),400