permissions non fonctionnel

This commit is contained in:
leonard_montalbano 2022-03-04 17:16:08 +01:00
parent 90e292341e
commit 47123aeb1e
10 changed files with 82 additions and 23 deletions

View File

@ -7,13 +7,16 @@ from app import models
from app.api import bp
from app.api.auth import token_auth
from app.api.errors import error_response
from app.decorators import permission_required
from app.scodoc.sco_abs import add_absence, add_justif, annule_absence, annule_justif, list_abs_date
from app.scodoc.sco_groups import get_group_members
from app.scodoc.sco_permissions import Permission
@bp.route("/absences/etudid/<int:etudid>", methods=["GET"])
@bp.route("/absences/nip/<int:nip>", methods=["GET"])
@bp.route("/absences/ine/<int:ine>", methods=["GET"])
@permission_required(Permission.APIView)
def absences(etudid: int = None, nip: int = None, ine: int = None):
"""
Retourne la liste des absences d'un étudiant donné
@ -50,6 +53,7 @@ def absences(etudid: int = None, nip: int = None, ine: int = None):
@bp.route("/absences/etudid/<int:etudid>/abs_just_only", methods=["GET"])
@bp.route("/absences/nip/<int:nip>/abs_just_only", methods=["GET"])
@bp.route("/absences/ine/<int:ine>/abs_just_only", methods=["GET"])
@permission_required(Permission.APIView)
def absences_justify(etudid: int = None, nip: int = None, ine: int = None):
"""
Retourne la liste des absences justifiées d'un étudiant donné
@ -92,6 +96,7 @@ def absences_justify(etudid: int = None, nip: int = None, ine: int = None):
@bp.route("/absences/abs_signale?ine=<int:ine>&date=<string:date>&matin=<string:matin>&justif=<string:justif>"
"&description=<string:description>&moduleimpl_id=<int:moduleimpl_id>", methods=["POST"])
@token_auth.login_required
@permission_required(Permission.APIAbsChange)
def abs_signale(date: datetime, matin: bool, justif: bool, etudid: int = None, nip: int = None, ine: int = None,
description: str = None, moduleimpl_id: int = None):
"""
@ -214,6 +219,7 @@ def abs_signale(date: datetime, matin: bool, justif: bool, etudid: int = None, n
@bp.route("/absences/abs_annule?nip=<int:nip>&jour=<string:jour>&matin=<string:matin>", methods=["POST"])
@bp.route("/absences/abs_annule?ine=<int:ine>&jour=<string:jour>&matin=<string:matin>", methods=["POST"])
@token_auth.login_required
@permission_required(Permission.APIAbsChange)
def abs_annule(jour: datetime, matin: str, etudid: int = None, nip: int = None, ine: int = None):
"""
Retourne un html
@ -251,6 +257,7 @@ def abs_annule(jour: datetime, matin: str, etudid: int = None, nip: int = None,
@bp.route("/absences/abs_annule_justif?nip=<int:nip>&jour=<string:jour>&matin=<string:matin>", methods=["POST"])
@bp.route("/absences/abs_annule_justif?ine=<int:ine>&jour=<string:jour>&matin=<string:matin>", methods=["POST"])
@token_auth.login_required
@permission_required(Permission.APIAbsChange)
def abs_annule_justif(jour: datetime, matin: str, etudid: int = None, nip: int = None, ine: int = None):
"""
Retourne un html
@ -285,6 +292,7 @@ def abs_annule_justif(jour: datetime, matin: str, etudid: int = None, nip: int =
@bp.route("/absences/abs_group_etat/?group_id=<int:group_id>&date_debut=date_debut&date_fin=date_fin", methods=["GET"])
@permission_required(Permission.APIView)
def abs_groupe_etat(group_id: int, date_debut, date_fin, with_boursier=True, format="html"):
"""
Retoune la liste des absences d'un ou plusieurs groupes entre deux dates

View File

@ -5,7 +5,9 @@ from app import models
from app.api import bp
from app.api.auth import token_auth
from app.api.errors import error_response
from app.decorators import permission_required
from app.models import ApcReferentielCompetences
from app.scodoc.sco_permissions import Permission
from app.scodoc.sco_prepajury import feuille_preparation_jury
from app.scodoc.sco_pvjury import formsemestre_pvjury
from app.scodoc.sco_recapcomplet import formsemestre_recapcomplet
@ -14,7 +16,8 @@ from app.scodoc.sco_saisie_notes import notes_add
@bp.route("/departements", methods=["GET"])
#@token_auth.login_required # Commenté le temps des tests
@token_auth.login_required # Commenté le temps des tests
@permission_required(Permission.APIView)
def departements():
"""
Retourne la liste des ids de départements visibles
@ -33,7 +36,8 @@ def departements():
@bp.route("/departements/<string:dept>/etudiants/liste", methods=["GET"])
@bp.route("/departements/<string:dept>/etudiants/liste/<int:formsemestre_id>", methods=["GET"])
# @token_auth.login_required
def liste_etudiants(dept: str, formsemestre_id=None): # XXX TODO A REVOIR
@permission_required(Permission.APIView)
def liste_etudiants(dept: str, formsemestre_id=None):
"""
Retourne la liste des étudiants d'un département
@ -137,6 +141,7 @@ def liste_etudiants(dept: str, formsemestre_id=None): # XXX TODO A REVOIR
@bp.route("/departements/<string:dept>/semestres_courants", methods=["GET"])
# @token_auth.login_required # Commenté le temps des tests
# @permission_required(Permission.APIView)
def liste_semestres_courant(dept: str):
"""
Liste des semestres actifs d'un départements donné
@ -195,6 +200,7 @@ def liste_semestres_courant(dept: str):
@bp.route("/departements/<string:dept>/formations/<int:formation_id>/referentiel_competences", methods=["GET"])
@permission_required(Permission.APIView)
def referenciel_competences(dept: str, formation_id: int):
"""
Retourne le référentiel de compétences
@ -221,6 +227,7 @@ def referenciel_competences(dept: str, formation_id: int):
@bp.route("/departements/<string:dept>/formsemestre/<string:formsemestre_id>/programme", methods=["GET"])
@permission_required(Permission.APIView)
def semestre_index(dept: str, formsemestre_id: int):
"""
Retourne la liste des Ues, ressources et SAE d'un semestre

View File

@ -4,11 +4,14 @@ from flask import jsonify
from app import models
from app.api import bp
from app.api.errors import error_response
from app.decorators import permission_required
from app.scodoc.sco_bulletins_json import make_json_formsemestre_bulletinetud
from app.scodoc.sco_groups import get_etud_groups
from app.scodoc.sco_permissions import Permission
@bp.route("/etudiants", methods=["GET"])
@permission_required(Permission.APIView)
def etudiants():
"""
Retourne la liste de tous les étudiants
@ -49,6 +52,7 @@ def etudiants():
@bp.route("/etudiants/courant", methods=["GET"])
@permission_required(Permission.APIView)
def etudiants_courant():
"""
Retourne la liste des étudiants courant
@ -94,6 +98,7 @@ def etudiants_courant():
@bp.route("/etudiant/etudid/<int:etudid>", methods=["GET"])
@bp.route("/etudiant/nip/<int:nip>", methods=["GET"])
@bp.route("/etudiant/ine/<int:ine>", methods=["GET"])
@permission_required(Permission.APIView)
def etudiant(etudid: int = None, nip: int = None, ine: int = None):
"""
Retourne les informations de l'étudiant correspondant à l'id passé en paramètres.
@ -138,6 +143,7 @@ def etudiant(etudid: int = None, nip: int = None, ine: int = None):
@bp.route("/etudiant/etudid/<int:etudid>/formsemestres")
@bp.route("/etudiant/nip/<int:nip>/formsemestres")
@bp.route("/etudiant/ine/<int:ine>/formsemestres")
@permission_required(Permission.APIView)
def etudiant_formsemestres(etudid: int = None, nip: int = None, ine: int = None):
"""
Retourne la liste des semestres qu'un étudiant a suivis
@ -225,6 +231,7 @@ def etudiant_formsemestres(etudid: int = None, nip: int = None, ine: int = None)
@bp.route("/etudiant/etudid/<int:etudid>/formsemestre/<int:formsemestre_id>/bulletin", methods=["GET"])
@bp.route("/etudiant/nip/<int:nip>/formsemestre/<int:formsemestre_id>/bulletin", methods=["GET"])
@bp.route("/etudiant/ine/<int:ine>/formsemestre/<int:formsemestre_id>/bulletin", methods=["GET"])
@permission_required(Permission.APIView)
def etudiant_bulletin_semestre(formsemestre_id, etudid: int = None, nip: int = None, ine: int = None):
"""
Retourne le bulletin d'un étudiant en fonction de son id et d'un semestre donné
@ -252,15 +259,10 @@ def etudiant_bulletin_semestre(formsemestre_id, etudid: int = None, nip: int = N
# return error_response(501, message="Not implemented")
@bp.route(
"/etudiant/etudid/<int:etudid>/semestre/<int:formsemestre_id>/groups", methods=["GET"]
)
@bp.route(
"/etudiant/nip/<int:nip>/semestre/<int:formsemestre_id>/groups", methods=["GET"]
)
@bp.route(
"/etudiant/ine/<int:ine>/semestre/<int:formsemestre_id>/groups", methods=["GET"]
)
@bp.route("/etudiant/etudid/<int:etudid>/semestre/<int:formsemestre_id>/groups", methods=["GET"])
@bp.route("/etudiant/nip/<int:nip>/semestre/<int:formsemestre_id>/groups", methods=["GET"])
@bp.route("/etudiant/ine/<int:ine>/semestre/<int:formsemestre_id>/groups", methods=["GET"])
@permission_required(Permission.APIView)
def etudiant_groups(formsemestre_id: int, etudid: int = None, nip: int = None, ine: int = None):
"""
Retourne la liste des groupes auxquels appartient l'étudiant dans le semestre indiqué

View File

@ -5,10 +5,13 @@ from app import models
from app.api import bp
from app.api.auth import token_auth
from app.api.errors import error_response
from app.decorators import permission_required
from app.scodoc.sco_evaluation_db import do_evaluation_get_all_notes
from app.scodoc.sco_permissions import Permission
@bp.route("/evaluations/<int:moduleimpl_id>", methods=["GET"])
@permission_required(Permission.APIView)
def evaluations(moduleimpl_id: int):
"""
Retourne la liste des évaluations à partir de l'id d'un moduleimpl
@ -26,6 +29,7 @@ def evaluations(moduleimpl_id: int):
@bp.route("/evaluations/eval_notes/<int:evaluation_id>", methods=["GET"])
@permission_required(Permission.APIView)
def evaluation_notes(evaluation_id: int):
"""
Retourne la liste des notes à partir de l'id d'une évaluation donnée
@ -47,6 +51,7 @@ def evaluation_notes(evaluation_id: int):
@bp.route("/evaluations/eval_set_notes?eval_id=<int:eval_id>&nip=<int:nip>&note=<float:note>", methods=["POST"])
@bp.route("/evaluations/eval_set_notes?eval_id=<int:eval_id>&ine=<int:ine>&note=<float:note>", methods=["POST"])
@token_auth.login_required
@permission_required(Permission.APIEditAllNotes)
def evaluation_set_notes(eval_id: int, note: float, etudid: int = None, nip: int = None, ine: int = None):
"""
Set les notes d'une évaluation pour un étudiant donnée

View File

@ -4,11 +4,14 @@ from flask import jsonify
from app import models
from app.api import bp
from app.api.errors import error_response
from app.decorators import permission_required
from app.scodoc.sco_formations import formation_export
from app.scodoc.sco_moduleimpl import moduleimpl_list
from app.scodoc.sco_permissions import Permission
@bp.route("/formations", methods=["GET"])
@permission_required(Permission.APIView)
def formations():
"""
Retourne la liste des formations
@ -23,6 +26,7 @@ def formations():
@bp.route("/formations/<int:formation_id>", methods=["GET"])
@permission_required(Permission.APIView)
def formations_by_id(formation_id: int):
"""
Retourne une formation en fonction d'un id donné
@ -39,6 +43,7 @@ def formations_by_id(formation_id: int):
@bp.route("/formations/formation_export/<int:formation_id>", methods=["GET"])
@permission_required(Permission.APIView)
def formation_export_by_formation_id(formation_id: int, export_ids=False):
"""
Retourne la formation, avec UE, matières, modules
@ -55,6 +60,7 @@ def formation_export_by_formation_id(formation_id: int, export_ids=False):
@bp.route("/formations/apo/<string:etape_apo>", methods=["GET"])
@permission_required(Permission.APIView)
def formsemestre_apo(etape_apo: int):
"""
Retourne les informations sur les formsemestres
@ -75,6 +81,7 @@ def formsemestre_apo(etape_apo: int):
@bp.route("/formations/moduleimpl/<int:moduleimpl_id>", methods=["GET"])
@permission_required(Permission.APIView)
def moduleimpls(moduleimpl_id: int):
"""
Retourne la liste des moduleimpl
@ -90,8 +97,8 @@ def moduleimpls(moduleimpl_id: int):
return jsonify(data)
@bp.route(
"/formations/moduleimpl/<int:moduleimpl_id>/formsemestre/<int:formsemestre_id>", methods=["GET"])
@bp.route("/formations/moduleimpl/<int:moduleimpl_id>/formsemestre/<int:formsemestre_id>", methods=["GET"])
@permission_required(Permission.APIView)
def moduleimpls_sem(moduleimpl_id: int, formsemestre_id: int):
"""
Retourne la liste des moduleimpl d'un semestre

View File

@ -4,12 +4,15 @@ from flask import jsonify
from app import models
from app.api import bp
from app.api.errors import error_response
from app.decorators import permission_required
from app.scodoc.sco_bulletins import formsemestre_bulletinetud_dict
from app.scodoc.sco_permissions import Permission
from app.scodoc.sco_pvjury import formsemestre_pvjury
from app.scodoc.sco_recapcomplet import formsemestre_recapcomplet
@bp.route("/formations/formsemestre/<int:formsemestre_id>", methods=["GET"])
@permission_required(Permission.APIView)
def formsemestre(formsemestre_id: int):
"""
Retourne l'information sur le formsemestre correspondant au formsemestre_id
@ -38,6 +41,7 @@ def formsemestre(formsemestre_id: int):
"/formsemestre/<int:formsemestre_id>/departements/<string:dept>/etudiant/ine/<int:ine>/bulletin",
methods=["GET"],
)
@permission_required(Permission.APIView)
def etudiant_bulletin(formsemestre_id, dept, etudid, format="json", *args, size):
"""
Retourne le bulletin de note d'un étudiant
@ -63,6 +67,7 @@ def etudiant_bulletin(formsemestre_id, dept, etudid, format="json", *args, size)
@bp.route("/formsemestre/<int:formsemestre_id>/bulletins", methods=["GET"])
@permission_required(Permission.APIView)
def bulletins(formsemestre_id: int):
"""
Retourne les bulletins d'un formsemestre donné
@ -81,6 +86,7 @@ def bulletins(formsemestre_id: int):
@bp.route("/formsemestre/<int:formsemestre_id>/jury", methods=["GET"])
@permission_required(Permission.APIView)
def jury(formsemestre_id: int):
"""
Retourne le récapitulatif des décisions jury

View File

@ -36,6 +36,7 @@ from app.api import bp
from app.api import requested_format
from app.api.auth import token_auth
from app.api.errors import error_response
from app.decorators import permission_required
from app.models import Departement
from app.scodoc.sco_logos import list_logos, find_logo
from app.scodoc.sco_permissions import Permission
@ -43,6 +44,7 @@ from app.scodoc.sco_permissions import Permission
@bp.route("/logos", methods=["GET"])
@token_auth.login_required
@permission_required(Permission.APIView)
def api_get_glob_logos():
if not g.current_user.has_permission(Permission.ScoSuperAdmin, None):
return error_response(401, message="accès interdit")
@ -55,6 +57,7 @@ def api_get_glob_logos():
@bp.route("/logos/<string:logoname>", methods=["GET"])
@token_auth.login_required
@permission_required(Permission.APIView)
def api_get_glob_logo(logoname):
if not g.current_user.has_permission(Permission.ScoSuperAdmin, None):
return error_response(401, message="accès interdit")
@ -71,6 +74,7 @@ def api_get_glob_logo(logoname):
@bp.route("/departements/<string:departement>/logos", methods=["GET"])
@token_auth.login_required
@permission_required(Permission.APIView)
def api_get_local_logos(departement):
dept_id = Departement.from_acronym(departement).id
if not g.current_user.has_permission(Permission.ScoChangePreferences, departement):
@ -81,6 +85,7 @@ def api_get_local_logos(departement):
@bp.route("/departements/<string:departement>/logos/<string:logoname>", methods=["GET"])
@token_auth.login_required
@permission_required(Permission.APIView)
def api_get_local_logo(departement, logoname):
# format = requested_format("jpg", ['png', 'jpg']) XXX ?
dept_id = Departement.from_acronym(departement).id

View File

@ -5,10 +5,13 @@ from app import models
from app.api import bp
from app.api.auth import token_auth
from app.api.errors import error_response
from app.decorators import permission_required
from app.scodoc.sco_groups import get_group_members, setGroups
from app.scodoc.sco_permissions import Permission
@bp.route("/partitions/<int:formsemestre_id>", methods=["GET"])
@permission_required(Permission.APIView)
def partition(formsemestre_id: int):
"""
Retourne la liste de toutes les partitions d'un formsemestre
@ -31,6 +34,7 @@ def partition(formsemestre_id: int):
# )
@bp.route("/partitions/groups/<int:group_id>", methods=["GET"])
@bp.route("/partitions/groups/<int:group_id>/etat/<string:etat>", methods=["GET"])
@permission_required(Permission.APIView)
def etud_in_group(group_id: int, etat=None):
"""
Retourne la liste des étudiants dans un groupe
@ -61,6 +65,7 @@ def etud_in_group(group_id: int, etat=None):
"groups_to_create=<int:groups_to_create>&groups_to_delete=<int:groups_to_delete>", methods=["POST"],
)
@token_auth.login_required
@permission_required(Permission.APIEtudChangeGroups)
def set_groups(partition_id: int, groups_lists: int, groups_to_delete: int, groups_to_create: int):
"""
Set les groups

View File

@ -13,11 +13,19 @@ SCODOC_PASSWORD = "admin"
SCODOC_URL = "http://192.168.1.12:5000"
CHECK_CERTIFICATE = bool(int(os.environ.get("CHECK_CERTIFICATE", False)))
# r0 = requests.post(
# SCODOC_URL + "/ScoDoc/api/tokens", auth=(SCODOC_USER, SCODOC_PASSWORD)
# )
# token = r0.json()["token"]
# HEADERS = {"Authorization": f"Bearer {token}"}
HEADERS = None
def get_token():
"""
Permet de set le token dans le header
"""
global HEADERS
r0 = requests.post(
SCODOC_URL + "/ScoDoc/api/tokens", auth=(SCODOC_USER, SCODOC_PASSWORD)
)
token = r0.json()["token"]
HEADERS = {"Authorization": f"Bearer {token}"}
DEPT = None
FORMSEMESTRE = None
@ -29,10 +37,16 @@ def get_departement():
"""
Permet de tester departements() mais également de set un département dans DEPT pour la suite des tests
"""
get_token()
global HEADERS
print(HEADERS)
# departements
r = requests.get(
SCODOC_URL + "/ScoDoc/api/departements",
auth=(SCODOC_USER, SCODOC_PASSWORD)
headers=HEADERS, verify=CHECK_CERTIFICATE
)
if r.status_code == 200:

View File

@ -48,10 +48,10 @@ _SCO_PERMISSIONS = (
(1 << 25, "RelationsEntreprisesSend", "Envoyer des offres"),
(1 << 26, "RelationsEntreprisesValidate", "Valide les entreprises"),
# Api scodoc9
(1 << 27, "APIView", ""),
(1 << 28, "APIEtudChangeGroups", ""),
(1 << 29, "APIEditAllNotes", ""),
(1 << 30, "APIAbsChange", ""),
(1 << 27, "APIView", "Voir"),
(1 << 28, "APIEtudChangeGroups", "Modifier les groupes"),
(1 << 29, "APIEditAllNotes", "Modifier toutes les notes"),
(1 << 30, "APIAbsChange", "Saisir des absences"),
)