Merge pull request 'Ajout des annotations dans l'API' (#857) from lyanis/ScoDoc:api-annot into master

Reviewed-on: https://scodoc.org/git/ScoDoc/ScoDoc/pulls/857
2024-02-11 10:09:50 +01:00 · 2024-02-11 10:09:50 +01:00 · 052fb3c7b9
commit 052fb3c7b9
parent d7f3376103 dbd0124c2c
2 changed files with 25 additions and 4 deletions
--- a/app/api/etudiants.py
+++ b/app/api/etudiants.py
@ -105,7 +105,9 @@ def etudiants_courants(long=False):
        )
    if long:
        restrict = not current_user.has_permission(Permission.ViewEtudData)
-        data = [etud.to_dict_api(restrict=restrict) for etud in etuds]
+        data = [
+            etud.to_dict_api(restrict=restrict, with_annotations=True) for etud in etuds
+        ]
    else:
        data = [etud.to_dict_short() for etud in etuds]
    return data
@ -140,7 +142,7 @@ def etudiant(etudid: int = None, nip: str = None, ine: str = None):
            message="étudiant inconnu",
        )
    restrict = not current_user.has_permission(Permission.ViewEtudData)
-    return etud.to_dict_api(restrict=restrict)
+    return etud.to_dict_api(restrict=restrict, with_annotations=True)


@bp.route("/etudiant/etudid/<int:etudid>/photo")
@ -253,7 +255,9 @@ def etudiants(etudid: int = None, nip: str = None, ine: str = None):
            or_(Departement.acronym == acronym for acronym in allowed_depts)
        )
    restrict = not current_user.has_permission(Permission.ViewEtudData)
-    return [etud.to_dict_api(restrict=restrict) for etud in query]
+    return [
+        etud.to_dict_api(restrict=restrict, with_annotations=True) for etud in query
+    ]


@bp.route("/etudiants/name/<string:start>")
--- a/app/models/etudiants.py
+++ b/app/models/etudiants.py
@ -506,7 +506,7 @@ class Identite(models.ScoDocModel):
            d["id"] = self.id  # a été écrasé par l'id de adresse
        return d

-    def to_dict_api(self, restrict=False) -> dict:
+    def to_dict_api(self, restrict=False, with_annotations=False) -> dict:
        """Représentation dictionnaire pour export API, avec adresses et admission.
        Si restrict, supprime les infos "personnelles" (boursier)
        """
@ -518,6 +518,13 @@ class Identite(models.ScoDocModel):
        e["dept_acronym"] = self.departement.acronym
        e.pop("departement", None)
        e["sort_key"] = self.sort_key
+        if with_annotations:
+            e["annotations"] = [
+                annot.to_dict(restrict=restrict)
+                for annot in EtudAnnotation.query.filter_by(etudid=self.id).order_by(
+                    desc(EtudAnnotation.date)
+                )
+            ]
        if restrict:
            # Met à None les attributs protégés:
            for attr in self.protected_attrs:
@ -1076,6 +1083,16 @@ class EtudAnnotation(db.Model):
    author = db.Column(db.Text)  # le pseudo (user_name), was zope_authenticated_user
    comment = db.Column(db.Text)

+    protected_attrs = {"comment"}
+
+    def to_dict(self, restrict=False):
+        """Représentation dictionnaire. Si restrict, filtre les champs protégés (RGPD)."""
+        e = dict(self.__dict__)
+        e.pop("_sa_instance_state", None)
+        if restrict:
+            e = {k: v for (k, v) in e.items() if k not in self.protected_attrs}
+        return e
+

 from app.models.formsemestre import FormSemestre
 from app.models.modules import Module