1
0
forked from ScoDoc/ScoDoc

Modification authentification ScoDoc7 API POST

This commit is contained in:
Emmanuel Viennet 2021-10-26 00:13:42 +02:00
parent c29199eff4
commit 0da60384a1
4 changed files with 13 additions and 10 deletions

View File

@ -52,7 +52,10 @@ def scodoc(func):
def scodoc_function(*args, **kwargs):
# interdit les POST si pas loggué
if request.method == "POST" and not current_user.is_authenticated:
current_app.logger.info("POST by non authenticated user")
current_app.logger.info(
"POST by non authenticated user (request.form=%s)",
str(request.form)[:2048],
)
return redirect(
url_for(
"auth.login",

View File

@ -1047,8 +1047,8 @@ def EtatAbsencesDate(group_ids=[], date=None): # list of groups to display
# ----- Gestion des "billets d'absence": signalement par les etudiants eux mêmes (à travers le portail)
@bp.route("/AddBilletAbsence", methods=["GET", "POST"]) # API ScoDoc 7 compat
@scodoc
@permission_required_compat_scodoc7(Permission.ScoAbsAddBillet)
@scodoc
@scodoc7func
def AddBilletAbsence(
begin,
@ -1105,7 +1105,7 @@ def AddBilletAbsence(
return billet_id
@bp.route("/AddBilletAbsenceForm")
@bp.route("/AddBilletAbsenceForm", methods=["GET", "POST"])
@scodoc
@permission_required(Permission.ScoAbsAddBillet)
@scodoc7func
@ -1238,8 +1238,8 @@ def listeBilletsEtud(etudid=False, format="html"):
@bp.route(
"/XMLgetBilletsEtud", methods=["GET", "POST"]
) # pour compat anciens clients PHP
@scodoc
@permission_required_compat_scodoc7(Permission.ScoView)
@scodoc
@scodoc7func
def XMLgetBilletsEtud(etudid=False):
"""Liste billets pour un etudiant"""
@ -1464,8 +1464,8 @@ def ProcessBilletAbsenceForm(billet_id):
# @bp.route("/essai_api7")
# @scodoc
# @permission_required_compat_scodoc7(Permission.ScoView)
# @scodoc
# @scodoc7func
# def essai_api7(x="xxx"):
# "un essai"
@ -1474,8 +1474,8 @@ def ProcessBilletAbsenceForm(billet_id):
@bp.route("/XMLgetAbsEtud", methods=["GET", "POST"]) # pour compat anciens clients PHP
@scodoc
@permission_required_compat_scodoc7(Permission.ScoView)
@scodoc
@scodoc7func
def XMLgetAbsEtud(beg_date="", end_date=""):
"""returns list of absences in date interval"""

View File

@ -266,8 +266,8 @@ sco_publish(
@bp.route(
"formsemestre_bulletinetud", methods=["GET", "POST"]
) # POST pour compat anciens clients PHP (deprecated)
@scodoc
@permission_required_compat_scodoc7(Permission.ScoView)
@scodoc
@scodoc7func
def formsemestre_bulletinetud(
etudid=None,
@ -642,8 +642,8 @@ sco_publish("/ue_move", sco_edit_formation.ue_move, Permission.ScoChangeFormatio
@bp.route(
"/formsemestre_list", methods=["GET", "POST"]
) # pour compat anciens clients PHP
@scodoc
@permission_required_compat_scodoc7(Permission.ScoView)
@scodoc
@scodoc7func
def formsemestre_list(
format="json",
@ -669,8 +669,8 @@ def formsemestre_list(
@bp.route(
"/XMLgetFormsemestres", methods=["GET", "POST"]
) # pour compat anciens clients PHP
@scodoc
@permission_required_compat_scodoc7(Permission.ScoView)
@scodoc
@scodoc7func
def XMLgetFormsemestres(etape_apo=None, formsemestre_id=None):
"""List all formsemestres matching etape, XML format

View File

@ -358,8 +358,8 @@ def search_etud_by_name():
@bp.route(
"/Notes/XMLgetEtudInfos", methods=["GET", "POST"]
) # pour compat anciens clients PHP
@scodoc
@permission_required_compat_scodoc7(Permission.ScoView)
@scodoc
@scodoc7func
def etud_info(etudid=None, format="xml"):
"Donne les informations sur un etudiant"