From 695024cce23756ce3d7ab4d8f41a845f5d755e9c Mon Sep 17 00:00:00 2001 From: Lyanis Souidi Date: Tue, 25 Feb 2025 23:27:20 +0100 Subject: [PATCH] API: user_info via cas_id --- app/api/tools.py | 34 ++++++++++++++++++++++++++++++++-- app/api/users.py | 42 ++++++++++++++++++++++++++++++++++++------ 2 files changed, 68 insertions(+), 8 deletions(-) diff --git a/app/api/tools.py b/app/api/tools.py index a8deedc2d..77d042abe 100644 --- a/app/api/tools.py +++ b/app/api/tools.py @@ -9,15 +9,15 @@ from flask_login import current_user from sqlalchemy import desc, or_ -from app import models from app.models import Departement, Identite, Admission +from app.auth.models import User from app.scodoc.sco_exceptions import ScoValueError from app.scodoc.sco_permissions import Permission def get_etud( etudid: int | None = None, nip: str | None = None, ine: str | None = None -) -> models.Identite | None: +) -> Identite | None: """ L'instance d'étudiant la plus récente en fonction de l'etudid, ou du code nip ou code ine. @@ -53,3 +53,33 @@ def get_etud( if etud is None: etud = query.first() return etud + + +def get_user(uid: int | None = None, casid: str | None = None) -> User | None: + """ + L'instance d'utilisateur en fonction de l'uid ou de l'id cas. + + uid : None ou un int uid + casid : None ou un str casid + + Return None si utilisateur inexistant. + """ + allowed_depts = current_user.get_depts_with_permission(Permission.UsersView) + + if uid is not None: + try: + uid = int(uid) + except ValueError as exc: + raise ScoValueError("uid invalide") from exc + query: User = User.query.filter_by(id=uid) + elif casid is not None: + query = User.query.filter_by(cas_id=casid) + else: + raise ScoValueError("parametre manquant") + + if None not in allowed_depts: + # restreint aux départements autorisés: + query = query.join(Departement).filter( + or_(Departement.acronym == acronym for acronym in allowed_depts) + ) + return query.first() diff --git a/app/api/users.py b/app/api/users.py index 9437cebe4..b8735c93a 100644 --- a/app/api/users.py +++ b/app/api/users.py @@ -17,7 +17,7 @@ from flask_json import as_json from flask_login import current_user, login_required from app import db, log -from app.api import api_bp as bp, api_web_bp, API_CLIENT_ERROR +from app.api import api_bp as bp, api_web_bp, API_CLIENT_ERROR, tools from app.api import api_permission_required as permission_required from app.auth.models import User, Role, UserRole from app.auth.models import is_valid_password @@ -34,13 +34,10 @@ from app.scodoc.sco_utils import json_error @scodoc @permission_required(Permission.UsersView) @as_json -def user_info(uid: int): +def user_info_deprecated(uid: int): """ Info sur un compte utilisateur ScoDoc. - - SAMPLES - ------- - /user/2 + Déprécié, utiliser /user/uid/ à la place. """ user: User = db.session.get(User, uid) if user is None: @@ -53,6 +50,39 @@ def user_info(uid: int): return user.to_dict() +@bp.route("/user/uid/") +@bp.route("/user/casid/") +@api_web_bp.route("/user/uid/") +@api_web_bp.route("/user/casid/") +@login_required +@scodoc +@permission_required(Permission.UsersView) +@as_json +def user_info(uid: int = None, casid: str = None): + """ + Retourne les informations de l'utilisateur correspondant, ou 404 si non trouvé. + + PARAMS + ------ + uid : l'id de l'utilisateur + casid : l'identifiant CAS de l'utilisateur + + `uid` et `casid` sont uniques dans la base (tous départements). + + SAMPLES + ------- + /user/uid/2 + """ + user = tools.get_user(uid, casid) + + if user is None: + return json_error( + 404, + message="utilisateur inconnu", + ) + return user.to_dict() + + @bp.route("/users/query") @api_web_bp.route("/users/query") @login_required