|
|
|
|
@ -1,7 +1,7 @@
@@ -1,7 +1,7 @@
|
|
|
|
|
from cash.models import * |
|
|
|
|
from django.http import HttpResponse |
|
|
|
|
from django.contrib.auth import authenticate |
|
|
|
|
from django.views.decorators.csrf import csrf_exempt |
|
|
|
|
from django.views.decorators.csrf import csrf_exempt |
|
|
|
|
from django.contrib.sessions.backends.db import SessionStore |
|
|
|
|
import json |
|
|
|
|
import hashlib |
|
|
|
|
@ -92,6 +92,9 @@ def check_session(data):
@@ -92,6 +92,9 @@ def check_session(data):
|
|
|
|
|
if not s.exists(key): |
|
|
|
|
raise ApiError(ERR_INVALID_SESSION) |
|
|
|
|
|
|
|
|
|
if not s.has_key('userid'): |
|
|
|
|
raise ApiError(ERR_INVALID_SESSION) |
|
|
|
|
|
|
|
|
|
return s |
|
|
|
|
|
|
|
|
|
def start_session(credentials): |
|
|
|
|
@ -136,6 +139,10 @@ def cashapi(request):
@@ -136,6 +139,10 @@ def cashapi(request):
|
|
|
|
|
creds = {'card_number': data['card_number'], 'pin': data['pin']} |
|
|
|
|
retval['session_key'] = start_session(creds) |
|
|
|
|
|
|
|
|
|
elif action == 'close_session': |
|
|
|
|
s = check_session(data) |
|
|
|
|
s.delete |
|
|
|
|
|
|
|
|
|
elif action == 'get_user_info': |
|
|
|
|
s = check_session(data) |
|
|
|
|
|
|
|
|
|
@ -194,6 +201,42 @@ def cashapi(request):
@@ -194,6 +201,42 @@ def cashapi(request):
|
|
|
|
|
except ValueError: |
|
|
|
|
raise ApiError(ERR_PARAM) |
|
|
|
|
|
|
|
|
|
elif action == 'modify_credit': |
|
|
|
|
s = check_session(data) |
|
|
|
|
|
|
|
|
|
treasurer = User.objects.get(pk=s['userid']) |
|
|
|
|
|
|
|
|
|
if not treasurer.has_perm('cash.change_account'): |
|
|
|
|
raise ApiError(ERR_USER_NOT_AUTHORIZED) |
|
|
|
|
|
|
|
|
|
try: |
|
|
|
|
user = User.objects.get(pk=data['user_id']) |
|
|
|
|
except User.DoesNotExist: |
|
|
|
|
raise ApiError(ERR_USER_NOT_FOUND__) |
|
|
|
|
except KeyError: |
|
|
|
|
raise ApiError(ERR_PARAM) |
|
|
|
|
|
|
|
|
|
try: |
|
|
|
|
amount = int(data['amount']) |
|
|
|
|
except (KeyError, ValueError): |
|
|
|
|
raise ApiError(ERR_PARAM) |
|
|
|
|
|
|
|
|
|
# TODO: Auslagern |
|
|
|
|
PAYOUT_SUBJECT = ugettext_noop('Payout') |
|
|
|
|
DEPOSIT_SUBJECT = ugettext_noop('Deposit') |
|
|
|
|
DESCRIPTION = ugettext_noop('Authorized by %(first)s %(last)s') |
|
|
|
|
|
|
|
|
|
if amount > 0: |
|
|
|
|
subject = DEPOSIT_SUBJECT |
|
|
|
|
else: |
|
|
|
|
subject = PAYOUT_SUBJECT |
|
|
|
|
|
|
|
|
|
desc = DESCRIPTION % {'first': treasurer.first_name, |
|
|
|
|
'last': treasurer.last_name} |
|
|
|
|
|
|
|
|
|
user.account.change_credit(amount/100, subject, desc) |
|
|
|
|
|
|
|
|
|
retval['new_credit'] = int(user.account.credit*100) |
|
|
|
|
|
|
|
|
|
except ApiError as e: |
|
|
|
|
error = {'code': e.code, 'msg': err_msgs[e.code]} |
|
|
|
|
|
Niklas Brachmann
11 years ago