todo a focus

This commit is contained in:
leonard_montalbano 2022-04-14 14:56:36 +02:00
parent 208aeb35a0
commit 92e9f4bc5f
14 changed files with 92 additions and 57 deletions

View File

@ -8,6 +8,7 @@ from app.api import bp
from app.api.auth import token_auth from app.api.auth import token_auth
from app.api.errors import error_response from app.api.errors import error_response
from app.decorators import permission_required from app.decorators import permission_required
from app.api.auth import token_auth, token_permission_required
from app.scodoc.sco_abs import add_absence, add_justif, annule_absence, annule_justif, list_abs_date from app.scodoc.sco_abs import add_absence, add_justif, annule_absence, annule_justif, list_abs_date
from app.scodoc.sco_groups import get_group_members from app.scodoc.sco_groups import get_group_members
from app.scodoc.sco_permissions import Permission from app.scodoc.sco_permissions import Permission
@ -16,7 +17,8 @@ from app.scodoc.sco_permissions import Permission
@bp.route("/absences/etudid/<int:etudid>", methods=["GET"]) @bp.route("/absences/etudid/<int:etudid>", methods=["GET"])
@bp.route("/absences/nip/<int:nip>", methods=["GET"]) @bp.route("/absences/nip/<int:nip>", methods=["GET"])
@bp.route("/absences/ine/<int:ine>", methods=["GET"]) @bp.route("/absences/ine/<int:ine>", methods=["GET"])
@permission_required(Permission.APIView) @token_auth.login_required
@token_permission_required(Permission.APIView)
def absences(etudid: int = None, nip: int = None, ine: int = None): def absences(etudid: int = None, nip: int = None, ine: int = None):
""" """
Retourne la liste des absences d'un étudiant donné Retourne la liste des absences d'un étudiant donné
@ -53,7 +55,8 @@ def absences(etudid: int = None, nip: int = None, ine: int = None):
@bp.route("/absences/etudid/<int:etudid>/abs_just_only", methods=["GET"]) @bp.route("/absences/etudid/<int:etudid>/abs_just_only", methods=["GET"])
@bp.route("/absences/nip/<int:nip>/abs_just_only", methods=["GET"]) @bp.route("/absences/nip/<int:nip>/abs_just_only", methods=["GET"])
@bp.route("/absences/ine/<int:ine>/abs_just_only", methods=["GET"]) @bp.route("/absences/ine/<int:ine>/abs_just_only", methods=["GET"])
@permission_required(Permission.APIView) @token_auth.login_required
@token_permission_required(Permission.APIView)
def absences_justify(etudid: int = None, nip: int = None, ine: int = None): def absences_justify(etudid: int = None, nip: int = None, ine: int = None):
""" """
Retourne la liste des absences justifiées d'un étudiant donné Retourne la liste des absences justifiées d'un étudiant donné
@ -96,7 +99,7 @@ def absences_justify(etudid: int = None, nip: int = None, ine: int = None):
@bp.route("/absences/abs_signale?ine=<int:ine>&date=<string:date>&matin=<string:matin>&justif=<string:justif>" @bp.route("/absences/abs_signale?ine=<int:ine>&date=<string:date>&matin=<string:matin>&justif=<string:justif>"
"&description=<string:description>&moduleimpl_id=<int:moduleimpl_id>", methods=["POST"]) "&description=<string:description>&moduleimpl_id=<int:moduleimpl_id>", methods=["POST"])
@token_auth.login_required @token_auth.login_required
@permission_required(Permission.APIAbsChange) @token_permission_required(Permission.APIAbsChange)
def abs_signale(date: datetime, matin: bool, justif: bool, etudid: int = None, nip: int = None, ine: int = None, def abs_signale(date: datetime, matin: bool, justif: bool, etudid: int = None, nip: int = None, ine: int = None,
description: str = None, moduleimpl_id: int = None): description: str = None, moduleimpl_id: int = None):
""" """
@ -219,7 +222,7 @@ def abs_signale(date: datetime, matin: bool, justif: bool, etudid: int = None, n
@bp.route("/absences/abs_annule?nip=<int:nip>&jour=<string:jour>&matin=<string:matin>", methods=["POST"]) @bp.route("/absences/abs_annule?nip=<int:nip>&jour=<string:jour>&matin=<string:matin>", methods=["POST"])
@bp.route("/absences/abs_annule?ine=<int:ine>&jour=<string:jour>&matin=<string:matin>", methods=["POST"]) @bp.route("/absences/abs_annule?ine=<int:ine>&jour=<string:jour>&matin=<string:matin>", methods=["POST"])
@token_auth.login_required @token_auth.login_required
@permission_required(Permission.APIAbsChange) @token_permission_required(Permission.APIAbsChange)
def abs_annule(jour: datetime, matin: str, etudid: int = None, nip: int = None, ine: int = None): def abs_annule(jour: datetime, matin: str, etudid: int = None, nip: int = None, ine: int = None):
""" """
Retourne un html Retourne un html
@ -257,7 +260,7 @@ def abs_annule(jour: datetime, matin: str, etudid: int = None, nip: int = None,
@bp.route("/absences/abs_annule_justif?nip=<int:nip>&jour=<string:jour>&matin=<string:matin>", methods=["POST"]) @bp.route("/absences/abs_annule_justif?nip=<int:nip>&jour=<string:jour>&matin=<string:matin>", methods=["POST"])
@bp.route("/absences/abs_annule_justif?ine=<int:ine>&jour=<string:jour>&matin=<string:matin>", methods=["POST"]) @bp.route("/absences/abs_annule_justif?ine=<int:ine>&jour=<string:jour>&matin=<string:matin>", methods=["POST"])
@token_auth.login_required @token_auth.login_required
@permission_required(Permission.APIAbsChange) @token_permission_required(Permission.APIAbsChange)
def abs_annule_justif(jour: datetime, matin: str, etudid: int = None, nip: int = None, ine: int = None): def abs_annule_justif(jour: datetime, matin: str, etudid: int = None, nip: int = None, ine: int = None):
""" """
Retourne un html Retourne un html
@ -292,7 +295,8 @@ def abs_annule_justif(jour: datetime, matin: str, etudid: int = None, nip: int =
@bp.route("/absences/abs_group_etat/?group_id=<int:group_id>&date_debut=date_debut&date_fin=date_fin", methods=["GET"]) @bp.route("/absences/abs_group_etat/?group_id=<int:group_id>&date_debut=date_debut&date_fin=date_fin", methods=["GET"])
@permission_required(Permission.APIView) @token_auth.login_required
@token_permission_required(Permission.APIView)
def abs_groupe_etat(group_id: int, date_debut, date_fin, with_boursier=True, format="html"): def abs_groupe_etat(group_id: int, date_debut, date_fin, with_boursier=True, format="html"):
""" """
Retoune la liste des absences d'un ou plusieurs groupes entre deux dates Retoune la liste des absences d'un ou plusieurs groupes entre deux dates

View File

@ -32,7 +32,7 @@ def departements():
"/departements/<string:dept>/etudiants/liste/<int:formsemestre_id>", methods=["GET"] "/departements/<string:dept>/etudiants/liste/<int:formsemestre_id>", methods=["GET"]
) )
@token_auth.login_required @token_auth.login_required
# @permission_required(Permission.APIView) @token_permission_required(Permission.APIView)
def liste_etudiants(dept: str, formsemestre_id=None): def liste_etudiants(dept: str, formsemestre_id=None):
""" """
Retourne la liste des étudiants d'un département Retourne la liste des étudiants d'un département
@ -91,8 +91,8 @@ def liste_etudiants(dept: str, formsemestre_id=None):
@bp.route("/departements/<string:dept>/semestres_courants", methods=["GET"]) @bp.route("/departements/<string:dept>/semestres_courants", methods=["GET"])
# @token_auth.login_required # Commenté le temps des tests @token_auth.login_required
# @permission_required(Permission.APIView) @token_permission_required(Permission.APIView)
def liste_semestres_courant(dept: str): def liste_semestres_courant(dept: str):
""" """
Liste des semestres actifs d'un départements donné Liste des semestres actifs d'un départements donné
@ -154,7 +154,8 @@ def liste_semestres_courant(dept: str):
"/departements/<string:dept>/formations/<int:formation_id>/referentiel_competences", "/departements/<string:dept>/formations/<int:formation_id>/referentiel_competences",
methods=["GET"], methods=["GET"],
) )
# @permission_required(Permission.APIView) @token_auth.login_required
@token_permission_required(Permission.APIView)
def referenciel_competences(dept: str, formation_id: int): def referenciel_competences(dept: str, formation_id: int):
""" """
Retourne le référentiel de compétences Retourne le référentiel de compétences
@ -188,7 +189,8 @@ def referenciel_competences(dept: str, formation_id: int):
"/departements/<string:dept>/formsemestre/<string:formsemestre_id>/programme", "/departements/<string:dept>/formsemestre/<string:formsemestre_id>/programme",
methods=["GET"], methods=["GET"],
) )
# @permission_required(Permission.APIView) @token_auth.login_required
@token_permission_required(Permission.APIView)
def semestre_index(dept: str, formsemestre_id: int): def semestre_index(dept: str, formsemestre_id: int):
""" """
Retourne la liste des Ues, ressources et SAE d'un semestre Retourne la liste des Ues, ressources et SAE d'un semestre

View File

@ -4,14 +4,15 @@ from flask import jsonify
from app import models from app import models
from app.api import bp from app.api import bp
from app.api.errors import error_response from app.api.errors import error_response
from app.decorators import permission_required from app.api.auth import token_auth, token_permission_required
from app.scodoc.sco_bulletins_json import make_json_formsemestre_bulletinetud from app.scodoc.sco_bulletins_json import make_json_formsemestre_bulletinetud
from app.scodoc.sco_groups import get_etud_groups from app.scodoc.sco_groups import get_etud_groups
from app.scodoc.sco_permissions import Permission from app.scodoc.sco_permissions import Permission
@bp.route("/etudiants", methods=["GET"]) @bp.route("/etudiants", methods=["GET"])
#@permission_required(Permission.APIView) @token_auth.login_required
@token_permission_required(Permission.APIView)
def etudiants(): def etudiants():
""" """
Retourne la liste de tous les étudiants Retourne la liste de tous les étudiants
@ -52,7 +53,8 @@ def etudiants():
@bp.route("/etudiants/courant", methods=["GET"]) @bp.route("/etudiants/courant", methods=["GET"])
#@permission_required(Permission.APIView) @token_auth.login_required
@token_permission_required(Permission.APIView)
def etudiants_courant(): def etudiants_courant():
""" """
Retourne la liste des étudiants courant Retourne la liste des étudiants courant
@ -98,7 +100,8 @@ def etudiants_courant():
@bp.route("/etudiant/etudid/<int:etudid>", methods=["GET"]) @bp.route("/etudiant/etudid/<int:etudid>", methods=["GET"])
@bp.route("/etudiant/nip/<int:nip>", methods=["GET"]) @bp.route("/etudiant/nip/<int:nip>", methods=["GET"])
@bp.route("/etudiant/ine/<int:ine>", methods=["GET"]) @bp.route("/etudiant/ine/<int:ine>", methods=["GET"])
#@permission_required(Permission.APIView) @token_auth.login_required
@token_permission_required(Permission.APIView)
def etudiant(etudid: int = None, nip: int = None, ine: int = None): def etudiant(etudid: int = None, nip: int = None, ine: int = None):
""" """
Retourne les informations de l'étudiant correspondant à l'id passé en paramètres. Retourne les informations de l'étudiant correspondant à l'id passé en paramètres.
@ -143,7 +146,8 @@ def etudiant(etudid: int = None, nip: int = None, ine: int = None):
@bp.route("/etudiant/etudid/<int:etudid>/formsemestres") @bp.route("/etudiant/etudid/<int:etudid>/formsemestres")
@bp.route("/etudiant/nip/<int:nip>/formsemestres") @bp.route("/etudiant/nip/<int:nip>/formsemestres")
@bp.route("/etudiant/ine/<int:ine>/formsemestres") @bp.route("/etudiant/ine/<int:ine>/formsemestres")
#@permission_required(Permission.APIView) @token_auth.login_required
@token_permission_required(Permission.APIView)
def etudiant_formsemestres(etudid: int = None, nip: int = None, ine: int = None): def etudiant_formsemestres(etudid: int = None, nip: int = None, ine: int = None):
""" """
Retourne la liste des semestres qu'un étudiant a suivis Retourne la liste des semestres qu'un étudiant a suivis
@ -231,7 +235,8 @@ def etudiant_formsemestres(etudid: int = None, nip: int = None, ine: int = None)
@bp.route("/etudiant/etudid/<int:etudid>/formsemestre/<int:formsemestre_id>/bulletin", methods=["GET"]) @bp.route("/etudiant/etudid/<int:etudid>/formsemestre/<int:formsemestre_id>/bulletin", methods=["GET"])
@bp.route("/etudiant/nip/<int:nip>/formsemestre/<int:formsemestre_id>/bulletin", methods=["GET"]) @bp.route("/etudiant/nip/<int:nip>/formsemestre/<int:formsemestre_id>/bulletin", methods=["GET"])
@bp.route("/etudiant/ine/<int:ine>/formsemestre/<int:formsemestre_id>/bulletin", methods=["GET"]) @bp.route("/etudiant/ine/<int:ine>/formsemestre/<int:formsemestre_id>/bulletin", methods=["GET"])
#@permission_required(Permission.APIView) @token_auth.login_required
@token_permission_required(Permission.APIView)
def etudiant_bulletin_semestre(formsemestre_id, etudid: int = None, nip: int = None, ine: int = None): def etudiant_bulletin_semestre(formsemestre_id, etudid: int = None, nip: int = None, ine: int = None):
""" """
Retourne le bulletin d'un étudiant en fonction de son id et d'un semestre donné Retourne le bulletin d'un étudiant en fonction de son id et d'un semestre donné
@ -262,7 +267,8 @@ def etudiant_bulletin_semestre(formsemestre_id, etudid: int = None, nip: int = N
@bp.route("/etudiant/etudid/<int:etudid>/semestre/<int:formsemestre_id>/groups", methods=["GET"]) @bp.route("/etudiant/etudid/<int:etudid>/semestre/<int:formsemestre_id>/groups", methods=["GET"])
@bp.route("/etudiant/nip/<int:nip>/semestre/<int:formsemestre_id>/groups", methods=["GET"]) @bp.route("/etudiant/nip/<int:nip>/semestre/<int:formsemestre_id>/groups", methods=["GET"])
@bp.route("/etudiant/ine/<int:ine>/semestre/<int:formsemestre_id>/groups", methods=["GET"]) @bp.route("/etudiant/ine/<int:ine>/semestre/<int:formsemestre_id>/groups", methods=["GET"])
#@permission_required(Permission.APIView) @token_auth.login_required
@token_permission_required(Permission.APIView)
def etudiant_groups(formsemestre_id: int, etudid: int = None, nip: int = None, ine: int = None): def etudiant_groups(formsemestre_id: int, etudid: int = None, nip: int = None, ine: int = None):
""" """
Retourne la liste des groupes auxquels appartient l'étudiant dans le semestre indiqué Retourne la liste des groupes auxquels appartient l'étudiant dans le semestre indiqué

View File

@ -3,15 +3,15 @@ from flask import jsonify
from app import models from app import models
from app.api import bp from app.api import bp
from app.api.auth import token_auth from app.api.auth import token_auth, token_permission_required
from app.api.errors import error_response from app.api.errors import error_response
from app.decorators import permission_required
from app.scodoc.sco_evaluation_db import do_evaluation_get_all_notes from app.scodoc.sco_evaluation_db import do_evaluation_get_all_notes
from app.scodoc.sco_permissions import Permission from app.scodoc.sco_permissions import Permission
@bp.route("/evaluations/<int:moduleimpl_id>", methods=["GET"]) @bp.route("/evaluations/<int:moduleimpl_id>", methods=["GET"])
@permission_required(Permission.APIView) @token_auth.login_required
@token_permission_required(Permission.APIView)
def evaluations(moduleimpl_id: int): def evaluations(moduleimpl_id: int):
""" """
Retourne la liste des évaluations à partir de l'id d'un moduleimpl Retourne la liste des évaluations à partir de l'id d'un moduleimpl
@ -29,7 +29,8 @@ def evaluations(moduleimpl_id: int):
@bp.route("/evaluations/eval_notes/<int:evaluation_id>", methods=["GET"]) @bp.route("/evaluations/eval_notes/<int:evaluation_id>", methods=["GET"])
@permission_required(Permission.APIView) @token_auth.login_required
@token_permission_required(Permission.APIView)
def evaluation_notes(evaluation_id: int): def evaluation_notes(evaluation_id: int):
""" """
Retourne la liste des notes à partir de l'id d'une évaluation donnée Retourne la liste des notes à partir de l'id d'une évaluation donnée
@ -51,7 +52,7 @@ def evaluation_notes(evaluation_id: int):
@bp.route("/evaluations/eval_set_notes?eval_id=<int:eval_id>&nip=<int:nip>&note=<float:note>", methods=["POST"]) @bp.route("/evaluations/eval_set_notes?eval_id=<int:eval_id>&nip=<int:nip>&note=<float:note>", methods=["POST"])
@bp.route("/evaluations/eval_set_notes?eval_id=<int:eval_id>&ine=<int:ine>&note=<float:note>", methods=["POST"]) @bp.route("/evaluations/eval_set_notes?eval_id=<int:eval_id>&ine=<int:ine>&note=<float:note>", methods=["POST"])
@token_auth.login_required @token_auth.login_required
@permission_required(Permission.APIEditAllNotes) @token_permission_required(Permission.APIEditAllNotes)
def evaluation_set_notes(eval_id: int, note: float, etudid: int = None, nip: int = None, ine: int = None): def evaluation_set_notes(eval_id: int, note: float, etudid: int = None, nip: int = None, ine: int = None):
""" """
Set les notes d'une évaluation pour un étudiant donnée Set les notes d'une évaluation pour un étudiant donnée

View File

@ -4,6 +4,7 @@ from flask import jsonify
from app import models from app import models
from app.api import bp from app.api import bp
from app.api.errors import error_response from app.api.errors import error_response
from app.api.auth import token_auth, token_permission_required
from app.decorators import permission_required from app.decorators import permission_required
from app.scodoc.sco_formations import formation_export from app.scodoc.sco_formations import formation_export
from app.scodoc.sco_moduleimpl import moduleimpl_list from app.scodoc.sco_moduleimpl import moduleimpl_list
@ -11,7 +12,8 @@ from app.scodoc.sco_permissions import Permission
@bp.route("/formations", methods=["GET"]) @bp.route("/formations", methods=["GET"])
@permission_required(Permission.APIView) @token_auth.login_required
@token_permission_required(Permission.APIView)
def formations(): def formations():
""" """
Retourne la liste des formations Retourne la liste des formations
@ -26,7 +28,8 @@ def formations():
@bp.route("/formations/<int:formation_id>", methods=["GET"]) @bp.route("/formations/<int:formation_id>", methods=["GET"])
@permission_required(Permission.APIView) @token_auth.login_required
@token_permission_required(Permission.APIView)
def formations_by_id(formation_id: int): def formations_by_id(formation_id: int):
""" """
Retourne une formation en fonction d'un id donné Retourne une formation en fonction d'un id donné
@ -43,7 +46,8 @@ def formations_by_id(formation_id: int):
@bp.route("/formations/formation_export/<int:formation_id>", methods=["GET"]) @bp.route("/formations/formation_export/<int:formation_id>", methods=["GET"])
@permission_required(Permission.APIView) @token_auth.login_required
@token_permission_required(Permission.APIView)
def formation_export_by_formation_id(formation_id: int, export_ids=False): def formation_export_by_formation_id(formation_id: int, export_ids=False):
""" """
Retourne la formation, avec UE, matières, modules Retourne la formation, avec UE, matières, modules
@ -60,7 +64,8 @@ def formation_export_by_formation_id(formation_id: int, export_ids=False):
@bp.route("/formations/apo/<string:etape_apo>", methods=["GET"]) @bp.route("/formations/apo/<string:etape_apo>", methods=["GET"])
@permission_required(Permission.APIView) @token_auth.login_required
@token_permission_required(Permission.APIView)
def formsemestre_apo(etape_apo: int): def formsemestre_apo(etape_apo: int):
""" """
Retourne les informations sur les formsemestres Retourne les informations sur les formsemestres
@ -81,7 +86,8 @@ def formsemestre_apo(etape_apo: int):
@bp.route("/formations/moduleimpl/<int:moduleimpl_id>", methods=["GET"]) @bp.route("/formations/moduleimpl/<int:moduleimpl_id>", methods=["GET"])
@permission_required(Permission.APIView) @token_auth.login_required
@token_permission_required(Permission.APIView)
def moduleimpls(moduleimpl_id: int): def moduleimpls(moduleimpl_id: int):
""" """
Retourne la liste des moduleimpl Retourne la liste des moduleimpl
@ -98,7 +104,8 @@ def moduleimpls(moduleimpl_id: int):
@bp.route("/formations/moduleimpl/<int:moduleimpl_id>/formsemestre/<int:formsemestre_id>", methods=["GET"]) @bp.route("/formations/moduleimpl/<int:moduleimpl_id>/formsemestre/<int:formsemestre_id>", methods=["GET"])
@permission_required(Permission.APIView) @token_auth.login_required
@token_permission_required(Permission.APIView)
def moduleimpls_sem(moduleimpl_id: int, formsemestre_id: int): def moduleimpls_sem(moduleimpl_id: int, formsemestre_id: int):
""" """
Retourne la liste des moduleimpl d'un semestre Retourne la liste des moduleimpl d'un semestre

View File

@ -5,6 +5,7 @@ from app import models
from app.api import bp from app.api import bp
from app.api.errors import error_response from app.api.errors import error_response
from app.decorators import permission_required from app.decorators import permission_required
from app.api.auth import token_auth, token_permission_required
from app.scodoc.sco_bulletins import formsemestre_bulletinetud_dict from app.scodoc.sco_bulletins import formsemestre_bulletinetud_dict
from app.scodoc.sco_permissions import Permission from app.scodoc.sco_permissions import Permission
from app.scodoc.sco_pvjury import formsemestre_pvjury from app.scodoc.sco_pvjury import formsemestre_pvjury
@ -12,7 +13,8 @@ from app.scodoc.sco_recapcomplet import formsemestre_recapcomplet
@bp.route("/formations/formsemestre/<int:formsemestre_id>", methods=["GET"]) @bp.route("/formations/formsemestre/<int:formsemestre_id>", methods=["GET"])
@permission_required(Permission.APIView) @token_auth.login_required
@token_permission_required(Permission.APIView)
def formsemestre(formsemestre_id: int): def formsemestre(formsemestre_id: int):
""" """
Retourne l'information sur le formsemestre correspondant au formsemestre_id Retourne l'information sur le formsemestre correspondant au formsemestre_id
@ -41,7 +43,8 @@ def formsemestre(formsemestre_id: int):
"/formsemestre/<int:formsemestre_id>/departements/<string:dept>/etudiant/ine/<int:ine>/bulletin", "/formsemestre/<int:formsemestre_id>/departements/<string:dept>/etudiant/ine/<int:ine>/bulletin",
methods=["GET"], methods=["GET"],
) )
@permission_required(Permission.APIView) @token_auth.login_required
@token_permission_required(Permission.APIView)
def etudiant_bulletin(formsemestre_id, dept, etudid, format="json", *args, size): def etudiant_bulletin(formsemestre_id, dept, etudid, format="json", *args, size):
""" """
Retourne le bulletin de note d'un étudiant Retourne le bulletin de note d'un étudiant
@ -67,7 +70,8 @@ def etudiant_bulletin(formsemestre_id, dept, etudid, format="json", *args, size)
@bp.route("/formsemestre/<int:formsemestre_id>/bulletins", methods=["GET"]) @bp.route("/formsemestre/<int:formsemestre_id>/bulletins", methods=["GET"])
@permission_required(Permission.APIView) @token_auth.login_required
@token_permission_required(Permission.APIView)
def bulletins(formsemestre_id: int): def bulletins(formsemestre_id: int):
""" """
Retourne les bulletins d'un formsemestre donné Retourne les bulletins d'un formsemestre donné
@ -86,7 +90,8 @@ def bulletins(formsemestre_id: int):
@bp.route("/formsemestre/<int:formsemestre_id>/jury", methods=["GET"]) @bp.route("/formsemestre/<int:formsemestre_id>/jury", methods=["GET"])
@permission_required(Permission.APIView) @token_auth.login_required
@token_permission_required(Permission.APIView)
def jury(formsemestre_id: int): def jury(formsemestre_id: int):
""" """
Retourne le récapitulatif des décisions jury Retourne le récapitulatif des décisions jury

View File

@ -4,6 +4,7 @@ from flask import jsonify
from app import models from app import models
from app.api import bp from app.api import bp
from app.api.errors import error_response from app.api.errors import error_response
from app.api.auth import token_auth, token_permission_required
from app.scodoc.sco_prepajury import feuille_preparation_jury from app.scodoc.sco_prepajury import feuille_preparation_jury
from app.scodoc.sco_pvjury import formsemestre_pvjury from app.scodoc.sco_pvjury import formsemestre_pvjury

View File

@ -39,12 +39,13 @@ from app.api.errors import error_response
from app.decorators import permission_required from app.decorators import permission_required
from app.models import Departement from app.models import Departement
from app.scodoc.sco_logos import list_logos, find_logo from app.scodoc.sco_logos import list_logos, find_logo
from app.api.auth import token_auth, token_permission_required
from app.scodoc.sco_permissions import Permission from app.scodoc.sco_permissions import Permission
@bp.route("/logos", methods=["GET"]) @bp.route("/logos", methods=["GET"])
@token_auth.login_required @token_auth.login_required
@permission_required(Permission.APIView) @token_permission_required(Permission.APIView)
def api_get_glob_logos(): def api_get_glob_logos():
if not g.current_user.has_permission(Permission.ScoSuperAdmin, None): if not g.current_user.has_permission(Permission.ScoSuperAdmin, None):
return error_response(401, message="accès interdit") return error_response(401, message="accès interdit")
@ -57,7 +58,7 @@ def api_get_glob_logos():
@bp.route("/logos/<string:logoname>", methods=["GET"]) @bp.route("/logos/<string:logoname>", methods=["GET"])
@token_auth.login_required @token_auth.login_required
@permission_required(Permission.APIView) @token_permission_required(Permission.APIView)
def api_get_glob_logo(logoname): def api_get_glob_logo(logoname):
if not g.current_user.has_permission(Permission.ScoSuperAdmin, None): if not g.current_user.has_permission(Permission.ScoSuperAdmin, None):
return error_response(401, message="accès interdit") return error_response(401, message="accès interdit")
@ -74,7 +75,7 @@ def api_get_glob_logo(logoname):
@bp.route("/departements/<string:departement>/logos", methods=["GET"]) @bp.route("/departements/<string:departement>/logos", methods=["GET"])
@token_auth.login_required @token_auth.login_required
@permission_required(Permission.APIView) @token_permission_required(Permission.APIView)
def api_get_local_logos(departement): def api_get_local_logos(departement):
dept_id = Departement.from_acronym(departement).id dept_id = Departement.from_acronym(departement).id
if not g.current_user.has_permission(Permission.ScoChangePreferences, departement): if not g.current_user.has_permission(Permission.ScoChangePreferences, departement):
@ -85,7 +86,7 @@ def api_get_local_logos(departement):
@bp.route("/departements/<string:departement>/logos/<string:logoname>", methods=["GET"]) @bp.route("/departements/<string:departement>/logos/<string:logoname>", methods=["GET"])
@token_auth.login_required @token_auth.login_required
@permission_required(Permission.APIView) @token_permission_required(Permission.APIView)
def api_get_local_logo(departement, logoname): def api_get_local_logo(departement, logoname):
# format = requested_format("jpg", ['png', 'jpg']) XXX ? # format = requested_format("jpg", ['png', 'jpg']) XXX ?
dept_id = Departement.from_acronym(departement).id dept_id = Departement.from_acronym(departement).id

View File

@ -6,12 +6,14 @@ from app.api import bp
from app.api.auth import token_auth from app.api.auth import token_auth
from app.api.errors import error_response from app.api.errors import error_response
from app.decorators import permission_required from app.decorators import permission_required
from app.api.auth import token_auth, token_permission_required
from app.scodoc.sco_groups import get_group_members, setGroups from app.scodoc.sco_groups import get_group_members, setGroups
from app.scodoc.sco_permissions import Permission from app.scodoc.sco_permissions import Permission
@bp.route("/partitions/<int:formsemestre_id>", methods=["GET"]) @bp.route("/partitions/<int:formsemestre_id>", methods=["GET"])
@permission_required(Permission.APIView) @token_auth.login_required
@token_permission_required(Permission.APIView)
def partition(formsemestre_id: int): def partition(formsemestre_id: int):
""" """
Retourne la liste de toutes les partitions d'un formsemestre Retourne la liste de toutes les partitions d'un formsemestre
@ -34,7 +36,8 @@ def partition(formsemestre_id: int):
# ) # )
@bp.route("/partitions/groups/<int:group_id>", methods=["GET"]) @bp.route("/partitions/groups/<int:group_id>", methods=["GET"])
@bp.route("/partitions/groups/<int:group_id>/etat/<string:etat>", methods=["GET"]) @bp.route("/partitions/groups/<int:group_id>/etat/<string:etat>", methods=["GET"])
@permission_required(Permission.APIView) @token_auth.login_required
@token_permission_required(Permission.APIView)
def etud_in_group(group_id: int, etat=None): def etud_in_group(group_id: int, etat=None):
""" """
Retourne la liste des étudiants dans un groupe Retourne la liste des étudiants dans un groupe
@ -65,7 +68,7 @@ def etud_in_group(group_id: int, etat=None):
"groups_to_create=<int:groups_to_create>&groups_to_delete=<int:groups_to_delete>", methods=["POST"], "groups_to_create=<int:groups_to_create>&groups_to_delete=<int:groups_to_delete>", methods=["POST"],
) )
@token_auth.login_required @token_auth.login_required
@permission_required(Permission.APIEtudChangeGroups) @token_permission_required(Permission.APIEtudChangeGroups)
def set_groups(partition_id: int, groups_lists: int, groups_to_delete: int, groups_to_create: int): def set_groups(partition_id: int, groups_lists: int, groups_to_delete: int, groups_to_create: int):
""" """
Set les groups Set les groups

View File

@ -17,9 +17,9 @@ import os
import requests import requests
SCODOC_USER = "api_tester" SCODOC_USER = "test"
SCODOC_PASSWORD = "api_tester" SCODOC_PASSWORD = "test"
SCODOC_URL = "http://deb11.viennet.net:5000" SCODOC_URL = "http://192.168.1.12:5000"
CHECK_CERTIFICATE = bool(int(os.environ.get("CHECK_CERTIFICATE", False))) CHECK_CERTIFICATE = bool(int(os.environ.get("CHECK_CERTIFICATE", False)))

View File

@ -23,7 +23,7 @@ from tests.api.setup_test_api import SCODOC_URL, CHECK_CERTIFICATE, HEADERS
# departements # departements
def test_departements(): def test_departements(): #XXX TODO pour Seb
r = requests.get( r = requests.get(
SCODOC_URL + "/ScoDoc/api/departements", SCODOC_URL + "/ScoDoc/api/departements",
headers=HEADERS, headers=HEADERS,
@ -34,7 +34,7 @@ def test_departements():
# liste_etudiants # liste_etudiants
def test_liste_etudiants(): def test_liste_etudiants(): #XXX TODO pour Seb
r = requests.get( r = requests.get(
SCODOC_URL + "/ScoDoc/api/departements/TAPI/etudiants/liste", SCODOC_URL + "/ScoDoc/api/departements/TAPI/etudiants/liste",
headers=HEADERS, headers=HEADERS,
@ -53,7 +53,7 @@ def test_liste_etudiants():
# liste_semestres_courant # liste_semestres_courant
def test_semestres_courant(): def test_semestres_courant(): #XXX TODO pour Seb
r = requests.get( r = requests.get(
SCODOC_URL + "/ScoDoc/api/departements/TAPI/semestres_courants", SCODOC_URL + "/ScoDoc/api/departements/TAPI/semestres_courants",
headers=HEADERS, headers=HEADERS,
@ -75,9 +75,9 @@ def test_referenciel_competences():
# # semestre_index # # semestre_index
# def test_semestre_index(): def test_semestre_index(): #XXX TODO pour Seb
# r = requests.get( r = requests.get(
# SCODOC_URL + "/ScoDoc/api/departements/TAPI/formsemestre/1/programme", SCODOC_URL + "/ScoDoc/api/departements/TAPI/formsemestre/1/programme",
# headers=HEADERS, verify=CHECK_CERTIFICATE headers=HEADERS, verify=CHECK_CERTIFICATE
# ) )
# assert r.status_code == 200 assert r.status_code == 200

View File

@ -59,7 +59,7 @@ def test_etudiants():
# etudiants_courant # etudiants_courant
def test_etudiants_courant(): def test_etudiants_courant(): #XXX TODO pour Seb
r = requests.get( r = requests.get(
SCODOC_URL + "/ScoDoc/api/etudiants/courant", SCODOC_URL + "/ScoDoc/api/etudiants/courant",
headers=HEADERS, headers=HEADERS,
@ -70,7 +70,7 @@ def test_etudiants_courant():
# etudiant # etudiant
def test_etudiant(): def test_etudiant(): #XXX TODO pour Seb
r = requests.get( r = requests.get(
SCODOC_URL + "/ScoDoc/api/etudiant/etudid/1", SCODOC_URL + "/ScoDoc/api/etudiant/etudid/1",
headers=HEADERS, headers=HEADERS,
@ -92,7 +92,7 @@ def test_etudiant():
# etudiant_formsemestres # etudiant_formsemestres
def test_etudiant_formsemestres(): def test_etudiant_formsemestres(): #XXX TODO pour Seb
r = requests.get( r = requests.get(
SCODOC_URL + "/ScoDoc/api/etudiant/etudid/1/formsemestres", SCODOC_URL + "/ScoDoc/api/etudiant/etudid/1/formsemestres",
headers=HEADERS, headers=HEADERS,

View File

@ -32,7 +32,7 @@ def test_formsemestre():
# etudiant_bulletin # etudiant_bulletin
def test_etudiant_bulletin(): def test_etudiant_bulletin(): #XXX TODO pour Seb
r = requests.get( r = requests.get(
SCODOC_URL SCODOC_URL
+ "/ScoDoc/api/formsemestre/<int:formsemestre_id>/departements/<string:dept>/etudiant/etudid/<int:etudid>/bulletin", + "/ScoDoc/api/formsemestre/<int:formsemestre_id>/departements/<string:dept>/etudiant/etudid/<int:etudid>/bulletin",

View File

@ -14,6 +14,10 @@
flask sco-db-init --erase flask sco-db-init --erase
flask init-test-database flask init-test-database
flask user-role -a Admin -d TAPI test flask user-role -a Admin -d TAPI test
flask user-password test
flask create-role APIUserViewer
flask edit-role APIUserViewer -a APIView
flask user-role test -a APIUserViewer
3) relancer ScoDoc: 3) relancer ScoDoc:
flask run --host 0.0.0.0 flask run --host 0.0.0.0
@ -104,7 +108,7 @@ def create_formsemestre(formation, user, semestre_idx=1):
semestre_id=semestre_idx, semestre_id=semestre_idx,
titre="Semestre test", titre="Semestre test",
date_debut=datetime.datetime(2021, 9, 1), date_debut=datetime.datetime(2021, 9, 1),
date_fin=datetime.datetime(2022, 1, 31), date_fin=datetime.datetime(2022, 8, 31),
modalite="FI", modalite="FI",
formation=formation, formation=formation,
) )
@ -137,6 +141,7 @@ def inscrit_etudiants(etuds, formsemestre):
def init_test_database(): def init_test_database():
dept = init_departement("TAPI") dept = init_departement("TAPI")
user = create_user(dept) user = create_user(dept)
etuds = create_etuds(dept) etuds = create_etuds(dept)