1
0
forked from ScoDoc/ScoDoc

permissions non fonctionnel

This commit is contained in:
leonard_montalbano 2022-03-04 17:16:08 +01:00
parent 90e292341e
commit 47123aeb1e
10 changed files with 82 additions and 23 deletions

View File

@ -7,13 +7,16 @@ from app import models
from app.api import bp from app.api import bp
from app.api.auth import token_auth from app.api.auth import token_auth
from app.api.errors import error_response from app.api.errors import error_response
from app.decorators import permission_required
from app.scodoc.sco_abs import add_absence, add_justif, annule_absence, annule_justif, list_abs_date from app.scodoc.sco_abs import add_absence, add_justif, annule_absence, annule_justif, list_abs_date
from app.scodoc.sco_groups import get_group_members from app.scodoc.sco_groups import get_group_members
from app.scodoc.sco_permissions import Permission
@bp.route("/absences/etudid/<int:etudid>", methods=["GET"]) @bp.route("/absences/etudid/<int:etudid>", methods=["GET"])
@bp.route("/absences/nip/<int:nip>", methods=["GET"]) @bp.route("/absences/nip/<int:nip>", methods=["GET"])
@bp.route("/absences/ine/<int:ine>", methods=["GET"]) @bp.route("/absences/ine/<int:ine>", methods=["GET"])
@permission_required(Permission.APIView)
def absences(etudid: int = None, nip: int = None, ine: int = None): def absences(etudid: int = None, nip: int = None, ine: int = None):
""" """
Retourne la liste des absences d'un étudiant donné Retourne la liste des absences d'un étudiant donné
@ -50,6 +53,7 @@ def absences(etudid: int = None, nip: int = None, ine: int = None):
@bp.route("/absences/etudid/<int:etudid>/abs_just_only", methods=["GET"]) @bp.route("/absences/etudid/<int:etudid>/abs_just_only", methods=["GET"])
@bp.route("/absences/nip/<int:nip>/abs_just_only", methods=["GET"]) @bp.route("/absences/nip/<int:nip>/abs_just_only", methods=["GET"])
@bp.route("/absences/ine/<int:ine>/abs_just_only", methods=["GET"]) @bp.route("/absences/ine/<int:ine>/abs_just_only", methods=["GET"])
@permission_required(Permission.APIView)
def absences_justify(etudid: int = None, nip: int = None, ine: int = None): def absences_justify(etudid: int = None, nip: int = None, ine: int = None):
""" """
Retourne la liste des absences justifiées d'un étudiant donné Retourne la liste des absences justifiées d'un étudiant donné
@ -92,6 +96,7 @@ def absences_justify(etudid: int = None, nip: int = None, ine: int = None):
@bp.route("/absences/abs_signale?ine=<int:ine>&date=<string:date>&matin=<string:matin>&justif=<string:justif>" @bp.route("/absences/abs_signale?ine=<int:ine>&date=<string:date>&matin=<string:matin>&justif=<string:justif>"
"&description=<string:description>&moduleimpl_id=<int:moduleimpl_id>", methods=["POST"]) "&description=<string:description>&moduleimpl_id=<int:moduleimpl_id>", methods=["POST"])
@token_auth.login_required @token_auth.login_required
@permission_required(Permission.APIAbsChange)
def abs_signale(date: datetime, matin: bool, justif: bool, etudid: int = None, nip: int = None, ine: int = None, def abs_signale(date: datetime, matin: bool, justif: bool, etudid: int = None, nip: int = None, ine: int = None,
description: str = None, moduleimpl_id: int = None): description: str = None, moduleimpl_id: int = None):
""" """
@ -214,6 +219,7 @@ def abs_signale(date: datetime, matin: bool, justif: bool, etudid: int = None, n
@bp.route("/absences/abs_annule?nip=<int:nip>&jour=<string:jour>&matin=<string:matin>", methods=["POST"]) @bp.route("/absences/abs_annule?nip=<int:nip>&jour=<string:jour>&matin=<string:matin>", methods=["POST"])
@bp.route("/absences/abs_annule?ine=<int:ine>&jour=<string:jour>&matin=<string:matin>", methods=["POST"]) @bp.route("/absences/abs_annule?ine=<int:ine>&jour=<string:jour>&matin=<string:matin>", methods=["POST"])
@token_auth.login_required @token_auth.login_required
@permission_required(Permission.APIAbsChange)
def abs_annule(jour: datetime, matin: str, etudid: int = None, nip: int = None, ine: int = None): def abs_annule(jour: datetime, matin: str, etudid: int = None, nip: int = None, ine: int = None):
""" """
Retourne un html Retourne un html
@ -251,6 +257,7 @@ def abs_annule(jour: datetime, matin: str, etudid: int = None, nip: int = None,
@bp.route("/absences/abs_annule_justif?nip=<int:nip>&jour=<string:jour>&matin=<string:matin>", methods=["POST"]) @bp.route("/absences/abs_annule_justif?nip=<int:nip>&jour=<string:jour>&matin=<string:matin>", methods=["POST"])
@bp.route("/absences/abs_annule_justif?ine=<int:ine>&jour=<string:jour>&matin=<string:matin>", methods=["POST"]) @bp.route("/absences/abs_annule_justif?ine=<int:ine>&jour=<string:jour>&matin=<string:matin>", methods=["POST"])
@token_auth.login_required @token_auth.login_required
@permission_required(Permission.APIAbsChange)
def abs_annule_justif(jour: datetime, matin: str, etudid: int = None, nip: int = None, ine: int = None): def abs_annule_justif(jour: datetime, matin: str, etudid: int = None, nip: int = None, ine: int = None):
""" """
Retourne un html Retourne un html
@ -285,6 +292,7 @@ def abs_annule_justif(jour: datetime, matin: str, etudid: int = None, nip: int =
@bp.route("/absences/abs_group_etat/?group_id=<int:group_id>&date_debut=date_debut&date_fin=date_fin", methods=["GET"]) @bp.route("/absences/abs_group_etat/?group_id=<int:group_id>&date_debut=date_debut&date_fin=date_fin", methods=["GET"])
@permission_required(Permission.APIView)
def abs_groupe_etat(group_id: int, date_debut, date_fin, with_boursier=True, format="html"): def abs_groupe_etat(group_id: int, date_debut, date_fin, with_boursier=True, format="html"):
""" """
Retoune la liste des absences d'un ou plusieurs groupes entre deux dates Retoune la liste des absences d'un ou plusieurs groupes entre deux dates

View File

@ -5,7 +5,9 @@ from app import models
from app.api import bp from app.api import bp
from app.api.auth import token_auth from app.api.auth import token_auth
from app.api.errors import error_response from app.api.errors import error_response
from app.decorators import permission_required
from app.models import ApcReferentielCompetences from app.models import ApcReferentielCompetences
from app.scodoc.sco_permissions import Permission
from app.scodoc.sco_prepajury import feuille_preparation_jury from app.scodoc.sco_prepajury import feuille_preparation_jury
from app.scodoc.sco_pvjury import formsemestre_pvjury from app.scodoc.sco_pvjury import formsemestre_pvjury
from app.scodoc.sco_recapcomplet import formsemestre_recapcomplet from app.scodoc.sco_recapcomplet import formsemestre_recapcomplet
@ -14,7 +16,8 @@ from app.scodoc.sco_saisie_notes import notes_add
@bp.route("/departements", methods=["GET"]) @bp.route("/departements", methods=["GET"])
#@token_auth.login_required # Commenté le temps des tests @token_auth.login_required # Commenté le temps des tests
@permission_required(Permission.APIView)
def departements(): def departements():
""" """
Retourne la liste des ids de départements visibles Retourne la liste des ids de départements visibles
@ -33,7 +36,8 @@ def departements():
@bp.route("/departements/<string:dept>/etudiants/liste", methods=["GET"]) @bp.route("/departements/<string:dept>/etudiants/liste", methods=["GET"])
@bp.route("/departements/<string:dept>/etudiants/liste/<int:formsemestre_id>", methods=["GET"]) @bp.route("/departements/<string:dept>/etudiants/liste/<int:formsemestre_id>", methods=["GET"])
# @token_auth.login_required # @token_auth.login_required
def liste_etudiants(dept: str, formsemestre_id=None): # XXX TODO A REVOIR @permission_required(Permission.APIView)
def liste_etudiants(dept: str, formsemestre_id=None):
""" """
Retourne la liste des étudiants d'un département Retourne la liste des étudiants d'un département
@ -137,6 +141,7 @@ def liste_etudiants(dept: str, formsemestre_id=None): # XXX TODO A REVOIR
@bp.route("/departements/<string:dept>/semestres_courants", methods=["GET"]) @bp.route("/departements/<string:dept>/semestres_courants", methods=["GET"])
# @token_auth.login_required # Commenté le temps des tests # @token_auth.login_required # Commenté le temps des tests
# @permission_required(Permission.APIView)
def liste_semestres_courant(dept: str): def liste_semestres_courant(dept: str):
""" """
Liste des semestres actifs d'un départements donné Liste des semestres actifs d'un départements donné
@ -195,6 +200,7 @@ def liste_semestres_courant(dept: str):
@bp.route("/departements/<string:dept>/formations/<int:formation_id>/referentiel_competences", methods=["GET"]) @bp.route("/departements/<string:dept>/formations/<int:formation_id>/referentiel_competences", methods=["GET"])
@permission_required(Permission.APIView)
def referenciel_competences(dept: str, formation_id: int): def referenciel_competences(dept: str, formation_id: int):
""" """
Retourne le référentiel de compétences Retourne le référentiel de compétences
@ -221,6 +227,7 @@ def referenciel_competences(dept: str, formation_id: int):
@bp.route("/departements/<string:dept>/formsemestre/<string:formsemestre_id>/programme", methods=["GET"]) @bp.route("/departements/<string:dept>/formsemestre/<string:formsemestre_id>/programme", methods=["GET"])
@permission_required(Permission.APIView)
def semestre_index(dept: str, formsemestre_id: int): def semestre_index(dept: str, formsemestre_id: int):
""" """
Retourne la liste des Ues, ressources et SAE d'un semestre Retourne la liste des Ues, ressources et SAE d'un semestre

View File

@ -4,11 +4,14 @@ from flask import jsonify
from app import models from app import models
from app.api import bp from app.api import bp
from app.api.errors import error_response from app.api.errors import error_response
from app.decorators import permission_required
from app.scodoc.sco_bulletins_json import make_json_formsemestre_bulletinetud from app.scodoc.sco_bulletins_json import make_json_formsemestre_bulletinetud
from app.scodoc.sco_groups import get_etud_groups from app.scodoc.sco_groups import get_etud_groups
from app.scodoc.sco_permissions import Permission
@bp.route("/etudiants", methods=["GET"]) @bp.route("/etudiants", methods=["GET"])
@permission_required(Permission.APIView)
def etudiants(): def etudiants():
""" """
Retourne la liste de tous les étudiants Retourne la liste de tous les étudiants
@ -49,6 +52,7 @@ def etudiants():
@bp.route("/etudiants/courant", methods=["GET"]) @bp.route("/etudiants/courant", methods=["GET"])
@permission_required(Permission.APIView)
def etudiants_courant(): def etudiants_courant():
""" """
Retourne la liste des étudiants courant Retourne la liste des étudiants courant
@ -94,6 +98,7 @@ def etudiants_courant():
@bp.route("/etudiant/etudid/<int:etudid>", methods=["GET"]) @bp.route("/etudiant/etudid/<int:etudid>", methods=["GET"])
@bp.route("/etudiant/nip/<int:nip>", methods=["GET"]) @bp.route("/etudiant/nip/<int:nip>", methods=["GET"])
@bp.route("/etudiant/ine/<int:ine>", methods=["GET"]) @bp.route("/etudiant/ine/<int:ine>", methods=["GET"])
@permission_required(Permission.APIView)
def etudiant(etudid: int = None, nip: int = None, ine: int = None): def etudiant(etudid: int = None, nip: int = None, ine: int = None):
""" """
Retourne les informations de l'étudiant correspondant à l'id passé en paramètres. Retourne les informations de l'étudiant correspondant à l'id passé en paramètres.
@ -138,6 +143,7 @@ def etudiant(etudid: int = None, nip: int = None, ine: int = None):
@bp.route("/etudiant/etudid/<int:etudid>/formsemestres") @bp.route("/etudiant/etudid/<int:etudid>/formsemestres")
@bp.route("/etudiant/nip/<int:nip>/formsemestres") @bp.route("/etudiant/nip/<int:nip>/formsemestres")
@bp.route("/etudiant/ine/<int:ine>/formsemestres") @bp.route("/etudiant/ine/<int:ine>/formsemestres")
@permission_required(Permission.APIView)
def etudiant_formsemestres(etudid: int = None, nip: int = None, ine: int = None): def etudiant_formsemestres(etudid: int = None, nip: int = None, ine: int = None):
""" """
Retourne la liste des semestres qu'un étudiant a suivis Retourne la liste des semestres qu'un étudiant a suivis
@ -225,6 +231,7 @@ def etudiant_formsemestres(etudid: int = None, nip: int = None, ine: int = None)
@bp.route("/etudiant/etudid/<int:etudid>/formsemestre/<int:formsemestre_id>/bulletin", methods=["GET"]) @bp.route("/etudiant/etudid/<int:etudid>/formsemestre/<int:formsemestre_id>/bulletin", methods=["GET"])
@bp.route("/etudiant/nip/<int:nip>/formsemestre/<int:formsemestre_id>/bulletin", methods=["GET"]) @bp.route("/etudiant/nip/<int:nip>/formsemestre/<int:formsemestre_id>/bulletin", methods=["GET"])
@bp.route("/etudiant/ine/<int:ine>/formsemestre/<int:formsemestre_id>/bulletin", methods=["GET"]) @bp.route("/etudiant/ine/<int:ine>/formsemestre/<int:formsemestre_id>/bulletin", methods=["GET"])
@permission_required(Permission.APIView)
def etudiant_bulletin_semestre(formsemestre_id, etudid: int = None, nip: int = None, ine: int = None): def etudiant_bulletin_semestre(formsemestre_id, etudid: int = None, nip: int = None, ine: int = None):
""" """
Retourne le bulletin d'un étudiant en fonction de son id et d'un semestre donné Retourne le bulletin d'un étudiant en fonction de son id et d'un semestre donné
@ -252,15 +259,10 @@ def etudiant_bulletin_semestre(formsemestre_id, etudid: int = None, nip: int = N
# return error_response(501, message="Not implemented") # return error_response(501, message="Not implemented")
@bp.route( @bp.route("/etudiant/etudid/<int:etudid>/semestre/<int:formsemestre_id>/groups", methods=["GET"])
"/etudiant/etudid/<int:etudid>/semestre/<int:formsemestre_id>/groups", methods=["GET"] @bp.route("/etudiant/nip/<int:nip>/semestre/<int:formsemestre_id>/groups", methods=["GET"])
) @bp.route("/etudiant/ine/<int:ine>/semestre/<int:formsemestre_id>/groups", methods=["GET"])
@bp.route( @permission_required(Permission.APIView)
"/etudiant/nip/<int:nip>/semestre/<int:formsemestre_id>/groups", methods=["GET"]
)
@bp.route(
"/etudiant/ine/<int:ine>/semestre/<int:formsemestre_id>/groups", methods=["GET"]
)
def etudiant_groups(formsemestre_id: int, etudid: int = None, nip: int = None, ine: int = None): def etudiant_groups(formsemestre_id: int, etudid: int = None, nip: int = None, ine: int = None):
""" """
Retourne la liste des groupes auxquels appartient l'étudiant dans le semestre indiqué Retourne la liste des groupes auxquels appartient l'étudiant dans le semestre indiqué

View File

@ -5,10 +5,13 @@ from app import models
from app.api import bp from app.api import bp
from app.api.auth import token_auth from app.api.auth import token_auth
from app.api.errors import error_response from app.api.errors import error_response
from app.decorators import permission_required
from app.scodoc.sco_evaluation_db import do_evaluation_get_all_notes from app.scodoc.sco_evaluation_db import do_evaluation_get_all_notes
from app.scodoc.sco_permissions import Permission
@bp.route("/evaluations/<int:moduleimpl_id>", methods=["GET"]) @bp.route("/evaluations/<int:moduleimpl_id>", methods=["GET"])
@permission_required(Permission.APIView)
def evaluations(moduleimpl_id: int): def evaluations(moduleimpl_id: int):
""" """
Retourne la liste des évaluations à partir de l'id d'un moduleimpl Retourne la liste des évaluations à partir de l'id d'un moduleimpl
@ -26,6 +29,7 @@ def evaluations(moduleimpl_id: int):
@bp.route("/evaluations/eval_notes/<int:evaluation_id>", methods=["GET"]) @bp.route("/evaluations/eval_notes/<int:evaluation_id>", methods=["GET"])
@permission_required(Permission.APIView)
def evaluation_notes(evaluation_id: int): def evaluation_notes(evaluation_id: int):
""" """
Retourne la liste des notes à partir de l'id d'une évaluation donnée Retourne la liste des notes à partir de l'id d'une évaluation donnée
@ -47,6 +51,7 @@ def evaluation_notes(evaluation_id: int):
@bp.route("/evaluations/eval_set_notes?eval_id=<int:eval_id>&nip=<int:nip>&note=<float:note>", methods=["POST"]) @bp.route("/evaluations/eval_set_notes?eval_id=<int:eval_id>&nip=<int:nip>&note=<float:note>", methods=["POST"])
@bp.route("/evaluations/eval_set_notes?eval_id=<int:eval_id>&ine=<int:ine>&note=<float:note>", methods=["POST"]) @bp.route("/evaluations/eval_set_notes?eval_id=<int:eval_id>&ine=<int:ine>&note=<float:note>", methods=["POST"])
@token_auth.login_required @token_auth.login_required
@permission_required(Permission.APIEditAllNotes)
def evaluation_set_notes(eval_id: int, note: float, etudid: int = None, nip: int = None, ine: int = None): def evaluation_set_notes(eval_id: int, note: float, etudid: int = None, nip: int = None, ine: int = None):
""" """
Set les notes d'une évaluation pour un étudiant donnée Set les notes d'une évaluation pour un étudiant donnée

View File

@ -4,11 +4,14 @@ from flask import jsonify
from app import models from app import models
from app.api import bp from app.api import bp
from app.api.errors import error_response from app.api.errors import error_response
from app.decorators import permission_required
from app.scodoc.sco_formations import formation_export from app.scodoc.sco_formations import formation_export
from app.scodoc.sco_moduleimpl import moduleimpl_list from app.scodoc.sco_moduleimpl import moduleimpl_list
from app.scodoc.sco_permissions import Permission
@bp.route("/formations", methods=["GET"]) @bp.route("/formations", methods=["GET"])
@permission_required(Permission.APIView)
def formations(): def formations():
""" """
Retourne la liste des formations Retourne la liste des formations
@ -23,6 +26,7 @@ def formations():
@bp.route("/formations/<int:formation_id>", methods=["GET"]) @bp.route("/formations/<int:formation_id>", methods=["GET"])
@permission_required(Permission.APIView)
def formations_by_id(formation_id: int): def formations_by_id(formation_id: int):
""" """
Retourne une formation en fonction d'un id donné Retourne une formation en fonction d'un id donné
@ -39,6 +43,7 @@ def formations_by_id(formation_id: int):
@bp.route("/formations/formation_export/<int:formation_id>", methods=["GET"]) @bp.route("/formations/formation_export/<int:formation_id>", methods=["GET"])
@permission_required(Permission.APIView)
def formation_export_by_formation_id(formation_id: int, export_ids=False): def formation_export_by_formation_id(formation_id: int, export_ids=False):
""" """
Retourne la formation, avec UE, matières, modules Retourne la formation, avec UE, matières, modules
@ -55,6 +60,7 @@ def formation_export_by_formation_id(formation_id: int, export_ids=False):
@bp.route("/formations/apo/<string:etape_apo>", methods=["GET"]) @bp.route("/formations/apo/<string:etape_apo>", methods=["GET"])
@permission_required(Permission.APIView)
def formsemestre_apo(etape_apo: int): def formsemestre_apo(etape_apo: int):
""" """
Retourne les informations sur les formsemestres Retourne les informations sur les formsemestres
@ -75,6 +81,7 @@ def formsemestre_apo(etape_apo: int):
@bp.route("/formations/moduleimpl/<int:moduleimpl_id>", methods=["GET"]) @bp.route("/formations/moduleimpl/<int:moduleimpl_id>", methods=["GET"])
@permission_required(Permission.APIView)
def moduleimpls(moduleimpl_id: int): def moduleimpls(moduleimpl_id: int):
""" """
Retourne la liste des moduleimpl Retourne la liste des moduleimpl
@ -90,8 +97,8 @@ def moduleimpls(moduleimpl_id: int):
return jsonify(data) return jsonify(data)
@bp.route( @bp.route("/formations/moduleimpl/<int:moduleimpl_id>/formsemestre/<int:formsemestre_id>", methods=["GET"])
"/formations/moduleimpl/<int:moduleimpl_id>/formsemestre/<int:formsemestre_id>", methods=["GET"]) @permission_required(Permission.APIView)
def moduleimpls_sem(moduleimpl_id: int, formsemestre_id: int): def moduleimpls_sem(moduleimpl_id: int, formsemestre_id: int):
""" """
Retourne la liste des moduleimpl d'un semestre Retourne la liste des moduleimpl d'un semestre

View File

@ -4,12 +4,15 @@ from flask import jsonify
from app import models from app import models
from app.api import bp from app.api import bp
from app.api.errors import error_response from app.api.errors import error_response
from app.decorators import permission_required
from app.scodoc.sco_bulletins import formsemestre_bulletinetud_dict from app.scodoc.sco_bulletins import formsemestre_bulletinetud_dict
from app.scodoc.sco_permissions import Permission
from app.scodoc.sco_pvjury import formsemestre_pvjury from app.scodoc.sco_pvjury import formsemestre_pvjury
from app.scodoc.sco_recapcomplet import formsemestre_recapcomplet from app.scodoc.sco_recapcomplet import formsemestre_recapcomplet
@bp.route("/formations/formsemestre/<int:formsemestre_id>", methods=["GET"]) @bp.route("/formations/formsemestre/<int:formsemestre_id>", methods=["GET"])
@permission_required(Permission.APIView)
def formsemestre(formsemestre_id: int): def formsemestre(formsemestre_id: int):
""" """
Retourne l'information sur le formsemestre correspondant au formsemestre_id Retourne l'information sur le formsemestre correspondant au formsemestre_id
@ -38,6 +41,7 @@ def formsemestre(formsemestre_id: int):
"/formsemestre/<int:formsemestre_id>/departements/<string:dept>/etudiant/ine/<int:ine>/bulletin", "/formsemestre/<int:formsemestre_id>/departements/<string:dept>/etudiant/ine/<int:ine>/bulletin",
methods=["GET"], methods=["GET"],
) )
@permission_required(Permission.APIView)
def etudiant_bulletin(formsemestre_id, dept, etudid, format="json", *args, size): def etudiant_bulletin(formsemestre_id, dept, etudid, format="json", *args, size):
""" """
Retourne le bulletin de note d'un étudiant Retourne le bulletin de note d'un étudiant
@ -63,6 +67,7 @@ def etudiant_bulletin(formsemestre_id, dept, etudid, format="json", *args, size)
@bp.route("/formsemestre/<int:formsemestre_id>/bulletins", methods=["GET"]) @bp.route("/formsemestre/<int:formsemestre_id>/bulletins", methods=["GET"])
@permission_required(Permission.APIView)
def bulletins(formsemestre_id: int): def bulletins(formsemestre_id: int):
""" """
Retourne les bulletins d'un formsemestre donné Retourne les bulletins d'un formsemestre donné
@ -81,6 +86,7 @@ def bulletins(formsemestre_id: int):
@bp.route("/formsemestre/<int:formsemestre_id>/jury", methods=["GET"]) @bp.route("/formsemestre/<int:formsemestre_id>/jury", methods=["GET"])
@permission_required(Permission.APIView)
def jury(formsemestre_id: int): def jury(formsemestre_id: int):
""" """
Retourne le récapitulatif des décisions jury Retourne le récapitulatif des décisions jury

View File

@ -36,6 +36,7 @@ from app.api import bp
from app.api import requested_format from app.api import requested_format
from app.api.auth import token_auth from app.api.auth import token_auth
from app.api.errors import error_response from app.api.errors import error_response
from app.decorators import permission_required
from app.models import Departement from app.models import Departement
from app.scodoc.sco_logos import list_logos, find_logo from app.scodoc.sco_logos import list_logos, find_logo
from app.scodoc.sco_permissions import Permission from app.scodoc.sco_permissions import Permission
@ -43,6 +44,7 @@ from app.scodoc.sco_permissions import Permission
@bp.route("/logos", methods=["GET"]) @bp.route("/logos", methods=["GET"])
@token_auth.login_required @token_auth.login_required
@permission_required(Permission.APIView)
def api_get_glob_logos(): def api_get_glob_logos():
if not g.current_user.has_permission(Permission.ScoSuperAdmin, None): if not g.current_user.has_permission(Permission.ScoSuperAdmin, None):
return error_response(401, message="accès interdit") return error_response(401, message="accès interdit")
@ -55,6 +57,7 @@ def api_get_glob_logos():
@bp.route("/logos/<string:logoname>", methods=["GET"]) @bp.route("/logos/<string:logoname>", methods=["GET"])
@token_auth.login_required @token_auth.login_required
@permission_required(Permission.APIView)
def api_get_glob_logo(logoname): def api_get_glob_logo(logoname):
if not g.current_user.has_permission(Permission.ScoSuperAdmin, None): if not g.current_user.has_permission(Permission.ScoSuperAdmin, None):
return error_response(401, message="accès interdit") return error_response(401, message="accès interdit")
@ -71,6 +74,7 @@ def api_get_glob_logo(logoname):
@bp.route("/departements/<string:departement>/logos", methods=["GET"]) @bp.route("/departements/<string:departement>/logos", methods=["GET"])
@token_auth.login_required @token_auth.login_required
@permission_required(Permission.APIView)
def api_get_local_logos(departement): def api_get_local_logos(departement):
dept_id = Departement.from_acronym(departement).id dept_id = Departement.from_acronym(departement).id
if not g.current_user.has_permission(Permission.ScoChangePreferences, departement): if not g.current_user.has_permission(Permission.ScoChangePreferences, departement):
@ -81,6 +85,7 @@ def api_get_local_logos(departement):
@bp.route("/departements/<string:departement>/logos/<string:logoname>", methods=["GET"]) @bp.route("/departements/<string:departement>/logos/<string:logoname>", methods=["GET"])
@token_auth.login_required @token_auth.login_required
@permission_required(Permission.APIView)
def api_get_local_logo(departement, logoname): def api_get_local_logo(departement, logoname):
# format = requested_format("jpg", ['png', 'jpg']) XXX ? # format = requested_format("jpg", ['png', 'jpg']) XXX ?
dept_id = Departement.from_acronym(departement).id dept_id = Departement.from_acronym(departement).id

View File

@ -5,10 +5,13 @@ from app import models
from app.api import bp from app.api import bp
from app.api.auth import token_auth from app.api.auth import token_auth
from app.api.errors import error_response from app.api.errors import error_response
from app.decorators import permission_required
from app.scodoc.sco_groups import get_group_members, setGroups from app.scodoc.sco_groups import get_group_members, setGroups
from app.scodoc.sco_permissions import Permission
@bp.route("/partitions/<int:formsemestre_id>", methods=["GET"]) @bp.route("/partitions/<int:formsemestre_id>", methods=["GET"])
@permission_required(Permission.APIView)
def partition(formsemestre_id: int): def partition(formsemestre_id: int):
""" """
Retourne la liste de toutes les partitions d'un formsemestre Retourne la liste de toutes les partitions d'un formsemestre
@ -31,6 +34,7 @@ def partition(formsemestre_id: int):
# ) # )
@bp.route("/partitions/groups/<int:group_id>", methods=["GET"]) @bp.route("/partitions/groups/<int:group_id>", methods=["GET"])
@bp.route("/partitions/groups/<int:group_id>/etat/<string:etat>", methods=["GET"]) @bp.route("/partitions/groups/<int:group_id>/etat/<string:etat>", methods=["GET"])
@permission_required(Permission.APIView)
def etud_in_group(group_id: int, etat=None): def etud_in_group(group_id: int, etat=None):
""" """
Retourne la liste des étudiants dans un groupe Retourne la liste des étudiants dans un groupe
@ -61,6 +65,7 @@ def etud_in_group(group_id: int, etat=None):
"groups_to_create=<int:groups_to_create>&groups_to_delete=<int:groups_to_delete>", methods=["POST"], "groups_to_create=<int:groups_to_create>&groups_to_delete=<int:groups_to_delete>", methods=["POST"],
) )
@token_auth.login_required @token_auth.login_required
@permission_required(Permission.APIEtudChangeGroups)
def set_groups(partition_id: int, groups_lists: int, groups_to_delete: int, groups_to_create: int): def set_groups(partition_id: int, groups_lists: int, groups_to_delete: int, groups_to_create: int):
""" """
Set les groups Set les groups

View File

@ -13,11 +13,19 @@ SCODOC_PASSWORD = "admin"
SCODOC_URL = "http://192.168.1.12:5000" SCODOC_URL = "http://192.168.1.12:5000"
CHECK_CERTIFICATE = bool(int(os.environ.get("CHECK_CERTIFICATE", False))) CHECK_CERTIFICATE = bool(int(os.environ.get("CHECK_CERTIFICATE", False)))
# r0 = requests.post( HEADERS = None
# SCODOC_URL + "/ScoDoc/api/tokens", auth=(SCODOC_USER, SCODOC_PASSWORD)
# ) def get_token():
# token = r0.json()["token"] """
# HEADERS = {"Authorization": f"Bearer {token}"} Permet de set le token dans le header
"""
global HEADERS
r0 = requests.post(
SCODOC_URL + "/ScoDoc/api/tokens", auth=(SCODOC_USER, SCODOC_PASSWORD)
)
token = r0.json()["token"]
HEADERS = {"Authorization": f"Bearer {token}"}
DEPT = None DEPT = None
FORMSEMESTRE = None FORMSEMESTRE = None
@ -29,10 +37,16 @@ def get_departement():
""" """
Permet de tester departements() mais également de set un département dans DEPT pour la suite des tests Permet de tester departements() mais également de set un département dans DEPT pour la suite des tests
""" """
get_token()
global HEADERS
print(HEADERS)
# departements # departements
r = requests.get( r = requests.get(
SCODOC_URL + "/ScoDoc/api/departements", SCODOC_URL + "/ScoDoc/api/departements",
auth=(SCODOC_USER, SCODOC_PASSWORD) headers=HEADERS, verify=CHECK_CERTIFICATE
) )
if r.status_code == 200: if r.status_code == 200:

View File

@ -48,10 +48,10 @@ _SCO_PERMISSIONS = (
(1 << 25, "RelationsEntreprisesSend", "Envoyer des offres"), (1 << 25, "RelationsEntreprisesSend", "Envoyer des offres"),
(1 << 26, "RelationsEntreprisesValidate", "Valide les entreprises"), (1 << 26, "RelationsEntreprisesValidate", "Valide les entreprises"),
# Api scodoc9 # Api scodoc9
(1 << 27, "APIView", ""), (1 << 27, "APIView", "Voir"),
(1 << 28, "APIEtudChangeGroups", ""), (1 << 28, "APIEtudChangeGroups", "Modifier les groupes"),
(1 << 29, "APIEditAllNotes", ""), (1 << 29, "APIEditAllNotes", "Modifier toutes les notes"),
(1 << 30, "APIAbsChange", ""), (1 << 30, "APIAbsChange", "Saisir des absences"),
) )