1
0
forked from ScoDoc/ScoDoc

Modification authentification ScoDoc7 API POST

This commit is contained in:
Emmanuel Viennet 2021-10-26 00:13:42 +02:00
parent c29199eff4
commit 0da60384a1
4 changed files with 13 additions and 10 deletions

View File

@ -52,7 +52,10 @@ def scodoc(func):
def scodoc_function(*args, **kwargs): def scodoc_function(*args, **kwargs):
# interdit les POST si pas loggué # interdit les POST si pas loggué
if request.method == "POST" and not current_user.is_authenticated: if request.method == "POST" and not current_user.is_authenticated:
current_app.logger.info("POST by non authenticated user") current_app.logger.info(
"POST by non authenticated user (request.form=%s)",
str(request.form)[:2048],
)
return redirect( return redirect(
url_for( url_for(
"auth.login", "auth.login",

View File

@ -1047,8 +1047,8 @@ def EtatAbsencesDate(group_ids=[], date=None): # list of groups to display
# ----- Gestion des "billets d'absence": signalement par les etudiants eux mêmes (à travers le portail) # ----- Gestion des "billets d'absence": signalement par les etudiants eux mêmes (à travers le portail)
@bp.route("/AddBilletAbsence", methods=["GET", "POST"]) # API ScoDoc 7 compat @bp.route("/AddBilletAbsence", methods=["GET", "POST"]) # API ScoDoc 7 compat
@scodoc
@permission_required_compat_scodoc7(Permission.ScoAbsAddBillet) @permission_required_compat_scodoc7(Permission.ScoAbsAddBillet)
@scodoc
@scodoc7func @scodoc7func
def AddBilletAbsence( def AddBilletAbsence(
begin, begin,
@ -1105,7 +1105,7 @@ def AddBilletAbsence(
return billet_id return billet_id
@bp.route("/AddBilletAbsenceForm") @bp.route("/AddBilletAbsenceForm", methods=["GET", "POST"])
@scodoc @scodoc
@permission_required(Permission.ScoAbsAddBillet) @permission_required(Permission.ScoAbsAddBillet)
@scodoc7func @scodoc7func
@ -1238,8 +1238,8 @@ def listeBilletsEtud(etudid=False, format="html"):
@bp.route( @bp.route(
"/XMLgetBilletsEtud", methods=["GET", "POST"] "/XMLgetBilletsEtud", methods=["GET", "POST"]
) # pour compat anciens clients PHP ) # pour compat anciens clients PHP
@scodoc
@permission_required_compat_scodoc7(Permission.ScoView) @permission_required_compat_scodoc7(Permission.ScoView)
@scodoc
@scodoc7func @scodoc7func
def XMLgetBilletsEtud(etudid=False): def XMLgetBilletsEtud(etudid=False):
"""Liste billets pour un etudiant""" """Liste billets pour un etudiant"""
@ -1464,8 +1464,8 @@ def ProcessBilletAbsenceForm(billet_id):
# @bp.route("/essai_api7") # @bp.route("/essai_api7")
# @scodoc
# @permission_required_compat_scodoc7(Permission.ScoView) # @permission_required_compat_scodoc7(Permission.ScoView)
# @scodoc
# @scodoc7func # @scodoc7func
# def essai_api7(x="xxx"): # def essai_api7(x="xxx"):
# "un essai" # "un essai"
@ -1474,8 +1474,8 @@ def ProcessBilletAbsenceForm(billet_id):
@bp.route("/XMLgetAbsEtud", methods=["GET", "POST"]) # pour compat anciens clients PHP @bp.route("/XMLgetAbsEtud", methods=["GET", "POST"]) # pour compat anciens clients PHP
@scodoc
@permission_required_compat_scodoc7(Permission.ScoView) @permission_required_compat_scodoc7(Permission.ScoView)
@scodoc
@scodoc7func @scodoc7func
def XMLgetAbsEtud(beg_date="", end_date=""): def XMLgetAbsEtud(beg_date="", end_date=""):
"""returns list of absences in date interval""" """returns list of absences in date interval"""

View File

@ -266,8 +266,8 @@ sco_publish(
@bp.route( @bp.route(
"formsemestre_bulletinetud", methods=["GET", "POST"] "formsemestre_bulletinetud", methods=["GET", "POST"]
) # POST pour compat anciens clients PHP (deprecated) ) # POST pour compat anciens clients PHP (deprecated)
@scodoc
@permission_required_compat_scodoc7(Permission.ScoView) @permission_required_compat_scodoc7(Permission.ScoView)
@scodoc
@scodoc7func @scodoc7func
def formsemestre_bulletinetud( def formsemestre_bulletinetud(
etudid=None, etudid=None,
@ -642,8 +642,8 @@ sco_publish("/ue_move", sco_edit_formation.ue_move, Permission.ScoChangeFormatio
@bp.route( @bp.route(
"/formsemestre_list", methods=["GET", "POST"] "/formsemestre_list", methods=["GET", "POST"]
) # pour compat anciens clients PHP ) # pour compat anciens clients PHP
@scodoc
@permission_required_compat_scodoc7(Permission.ScoView) @permission_required_compat_scodoc7(Permission.ScoView)
@scodoc
@scodoc7func @scodoc7func
def formsemestre_list( def formsemestre_list(
format="json", format="json",
@ -669,8 +669,8 @@ def formsemestre_list(
@bp.route( @bp.route(
"/XMLgetFormsemestres", methods=["GET", "POST"] "/XMLgetFormsemestres", methods=["GET", "POST"]
) # pour compat anciens clients PHP ) # pour compat anciens clients PHP
@scodoc
@permission_required_compat_scodoc7(Permission.ScoView) @permission_required_compat_scodoc7(Permission.ScoView)
@scodoc
@scodoc7func @scodoc7func
def XMLgetFormsemestres(etape_apo=None, formsemestre_id=None): def XMLgetFormsemestres(etape_apo=None, formsemestre_id=None):
"""List all formsemestres matching etape, XML format """List all formsemestres matching etape, XML format

View File

@ -358,8 +358,8 @@ def search_etud_by_name():
@bp.route( @bp.route(
"/Notes/XMLgetEtudInfos", methods=["GET", "POST"] "/Notes/XMLgetEtudInfos", methods=["GET", "POST"]
) # pour compat anciens clients PHP ) # pour compat anciens clients PHP
@scodoc
@permission_required_compat_scodoc7(Permission.ScoView) @permission_required_compat_scodoc7(Permission.ScoView)
@scodoc
@scodoc7func @scodoc7func
def etud_info(etudid=None, format="xml"): def etud_info(etudid=None, format="xml"):
"Donne les informations sur un etudiant" "Donne les informations sur un etudiant"