def processData():
response = checkJWT(request.headers["JWT"])
username = response["username"]
#TODO check the jwt (DONE)
if allowAccess(['Staff','Permission_Admin'],request) == True:
Data = apiDB.MenuUser()
apiLog.logInfo("{} accessed database".format(username))
#TODO record log
return flask.jsonify(json.dumps(Data)),200
def grantPermission():
if allowAccess(['Permission_Admin'], request) == False:
apiLog.logWarn("{} attmepted to grant permission")
return flask.jsonify({"Success": False, "Error": "No Permission"})
result = checkJWT(request.headers["JWT"])
username = result["username"]
content = request.data.decode("UTF-8")
#TODO check the username and the corresponding role to the dictionary then grant permission
apiLog.logInfo("Permission granted by {}".format(username))
return flask.jsonify(json.loads("{'Success':True}"))
def grantPermission(currentusername): #UPDATE: Added param for check both role and username
response = checkJWT(request.headers["JWT"])
username = response["username"]
#TODO check the username and the corresponding role to the dictionary then grant permission
if allowAccess(['Permission_Admin'],request) == True:
if currentusername != username:
apiLog.logWarn("{} unauthorized access".format(username))
return flask.jsonify(json.dumps(response["Error"])),400
content = request.data.decode("UTF-8")
return flask.jsonify(json.loads("{'Success':True}"))
else:
return flask.jsonify({"Success":False, "Error":"No Permission"})
def requestPermission(role,currentusername):
response = checkJWT(request.headers["JWT"])
username = response["username"]
#TODO check jwt
if allowAccess(['Staff','Permission_Admin','Client'],request) == True: #DO ADMIN HAVE TO REQUEST PERMISSION?
#TODO compare to the username
#result = checkJWT(request.headers["JWT"])
#if result["Success"] == True and result["username"]==currentusername:
if currentusername == username:
return flask.jsonify(apiDB.requestPermission(username, role))
return flask.jsonify(json.loads("{'Success':False,'Error':Incorrect username}"))
return 'JWT Incorrect'
def updatePassword():
if allowAccess(['Client', 'Staff', 'Permission_Admin'], request) != True:
return 'JWT Error', 400
header = request.headers
result = checkJWT(header["JWT"])
username = result["username"]
data = request.data.decode("UTF-8")
#TODO maybe decrypt
JSONresult = json.loads(data)
if apiDB.changePassword(username, JSONresult["newPassword"]) == True:
return 'Success', 200
return "Error changing password", 400
def add_records(username):
if allowAccess(['Staff'], request) != True:
return 'JWT Error', 400
header = request.headers
result = checkJWT(header["JWT"]) #TODO decryption
writer = result["username"]
content = request.data.decode("UTF-8")
#TODO decrypt
if apiDB.addData(username, content, writer) == True:
return "Success", 200
return "Write data Error", 400
def processData():
response = checkJWT(request.headers["JWT"])
username = response["username"]
#TODO check the jwt (DONE)
if allowAccess(['Staff', 'Permission_Admin'], request) == True:
Data = apiDB.MenuUser()
apiLog.logInfo("{} accessed database".format(username))
#TODO record log
return flask.jsonify(Data), 200
elif allowAccess(['Client'], request) == True:
Data = {}
Data[username] = username
return flask.jsonify(Data), 200
else:
apiLog.logError("{} raised {}".format(username, response["Error"]))
return flask.jsonify(response), 400
def getData(patientusername):
#TODO check jwt check role
response = checkJWT(request.headers["JWT"])
if response["Success"] == False:
apiLog.logError(response["Error"])
return flask.jsonify(response), 400
username = response["username"]
role = apiDB.getrole(username)
if role == "Client" and patientusername != username:
apiLog.logWarn("{} unauthorized access".format(username))
return "unauthorized access", 400
User = apiDB.getUser(patientusername)
if User == False:
return "No Such user", 400
apiLog.logInfo("{} accessed {}'s data".format(username, patientusername))
return flask.jsonify(User), 200
def allowAccess(roles, request):
header = request.headers
response = ''
if "JWT" in header:
UserId = header["id"]
#TODO might need to decrypt
UserJWT = header["JWT"]
JWTresult = checkJWT(UserJWT)
if JWTresult["Success"]==True:
username = JWTresult["username"]
UserRole = apiDB.getrole(username)
if UserRole in roles:
return True
else:
return 'role inaccept'
else:
return 'JWT invalid'
else:
return 'JWT missing'
def updatePW():
response = checkJWT(request.headers["JWT"])
username = response["username"]
try:
LoginUser = json.loads(LoginUser)
except:
print("Error A")
return flask.jsonify(json.dumps({"Success":False, "Error":"Error Content-type"})),400
password = ""
try:
password = LoginUser["password"]
except:
print("Error B")
return flask.jsonify(json.dumps({"Success":False, "Error":"Error Content Unfound"})),400
if allowAccess(['Staff','Permission_Admin','Client'],request) == True:
if patientusername != username:
apiLog.logWarn("{} unauthorized access".format(username))
return flask.jsonify(json.dumps(response["Error"])),400
return flask.jsonify(apiDB.update(username, password))
def getData(patientusername):
response = checkJWT(request.headers["JWT"])
username = response["username"]
#TODO check jwt check role
if allowAccess(['Staff','Permission_Admin','Client'],request) == True:
if patientusername != username:
apiLog.logWarn("{} unauthorized access".format(username))
return flask.jsonify(json.dumps(response["Error"])),400
#response = checkJWT(request.headers["JWT"])
#if response["Success"] == False:
#apiLog.logError(response["Error"])
#return flask.jsonify(json.dumps(response)),400
#username = response["username"]
#role = apiDB.getrole(username)
#if role == "Client" and patientusername != username:
#apiLog.logWarn("{} unauthorized access".format(username))
#return flask.jsonify(json.dumps(response["Error"])),400
User = apiDB.getUser(patientusername)
print(User)
apiLog.logInfo("{} accessed {}'s data".format(username, patientusername))
return flask.jsonify(json.dumps(User)),200
else:
apiLog.logError(response["Error"])
return flask.jsonify(json.dumps(response)),400
