From dadd8a69d102dd995718c85dc3895bfeab1094e8 Mon Sep 17 00:00:00 2001
From: SimolZimol <70102430+SimolZimol@users.noreply.github.com>
Date: Thu, 24 Oct 2024 14:26:32 +0200
Subject: [PATCH] 	modified:   app.py 	modified:   requirements.txt

---
 app.py           | 25 +++++++++++++++++++++----
 requirements.txt |  3 ++-
 2 files changed, 23 insertions(+), 5 deletions(-)

diff --git a/app.py b/app.py
index bd07645..5f9d76a 100644
--- a/app.py
+++ b/app.py
@@ -9,11 +9,14 @@ import subprocess
 import psutil
 import mysql.connector
 from datetime import datetime
+from flask_session import Session
 
 app = Flask(__name__)
 app.secret_key = os.getenv("FLASK_SECRET_KEY")
 
 LOG_FILE_PATH = os.path.join("logs", f"{datetime.now().strftime('%Y-%m-%d')}.log")
+app.config["SESSION_TYPE"] = "filesystem"  # Oder 'redis' für Redis-basierte Speicherung
+Session(app)
 
 # Verwende Umgebungsvariablen für die Datenbankverbindung
 DB_HOST = os.getenv("DB_HOST")
@@ -138,7 +141,6 @@ def login():
 
 @app.route("/callback")
 def callback():
-    """Verarbeitet den OAuth2-Rückruf von Discord."""
     try:
         discord = make_discord_session(state=session.get("oauth_state"))
         token = discord.fetch_token(
@@ -161,15 +163,30 @@ def callback():
             return redirect(url_for("landing_page"))
 
         guilds = guilds_response.json()
-        session['discord_guilds'] = guilds  # Speichere die Gilden in der Session
+        session['discord_guilds'] = guilds
 
-        # Leite den Benutzer zur neuen User-Landing-Page weiter
-        return redirect(url_for("user_landing_page"))
+        # Prüfe die Admin-Berechtigungen in der bot_data Tabelle
+        connection = get_db_connection()
+        cursor = connection.cursor(dictionary=True)
+
+        cursor.execute("SELECT global_permission FROM bot_data WHERE user_id = %s", (user_info["id"],))
+        bot_admin_data = cursor.fetchone()
+
+        cursor.close()
+        connection.close()
+
+        if bot_admin_data and bot_admin_data['global_permission'] >= 8:
+            # Admin-Rechte vorhanden
+            return redirect(url_for("user_landing_page"))
+        else:
+            flash("Sie haben keine Admin-Rechte für diesen Bot.", "danger")
+            return redirect(url_for("landing_page"))
     
     except Exception as e:
         print(f"Error in OAuth2 callback: {e}")
         flash("Ein Fehler ist beim Authentifizierungsprozess aufgetreten.", "danger")
         return redirect(url_for("landing_page"))
+
     
 @app.route("/user_server_data/<int:guild_id>")
 def user_server_data(guild_id):
diff --git a/requirements.txt b/requirements.txt
index 1bd96d8..649da83 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -13,4 +13,5 @@ pdfplumber
 python-dotenv
 flask
 psutil
-requests_oauthlib
\ No newline at end of file
+requests_oauthlib
+Flask-Session
\ No newline at end of file