Accès compatibles aux anciennes fonctions API ScoDoc 7

This commit is contained in:
Emmanuel Viennet 2021-09-09 16:11:05 +02:00
parent be224b9576
commit 9fd33cf658
7 changed files with 110 additions and 15 deletions

View File

@ -28,6 +28,16 @@
"""API ScoDoc 9
"""
# PAS ENCORE IMPLEMENTEE, juste un essai
# Pour P. Bouron, il faudrait en priorité l'équivalent de
# Scolarite/Notes/do_moduleimpl_withmodule_list
# Scolarite/Notes/evaluation_create
# Scolarite/Notes/evaluation_delete
# Scolarite/Notes/formation_list
# Scolarite/Notes/formsemestre_list
# Scolarite/Notes/formsemestre_partition_list
# Scolarite/Notes/groups_view
# Scolarite/Notes/moduleimpl_status
# Scolarite/setGroups
from flask import jsonify, request, url_for, abort
from app import db

View File

@ -16,8 +16,10 @@ from flask import request
from flask_login import current_user
from flask_login import login_required
from flask import current_app
import flask_login
import app
from app.auth.models import User
class ZUser(object):
@ -141,6 +143,48 @@ def permission_required(permission):
return decorator
def permission_required_compat_scodoc7(permission):
"""Décorateur pour les fonctions utilisée comme API dans ScoDoc 7
Comme @permission_required mais autorise de passer directement
les informations d'auth en paramètres:
__ac_name, __ac_password
"""
def decorator(f):
@wraps(f)
def decorated_function(*args, **kwargs):
# current_app.logger.warning("PERMISSION; kwargs=%s" % str(kwargs))
# cherche les paramètre d'auth:
auth_ok = False
if request.method == "GET":
user_name = request.args.get("__ac_name")
user_password = request.args.get("__ac_password")
elif request.method == "POST":
user_name = request.form.get("__ac_name")
user_password = request.form.get("__ac_password")
else:
abort(405) # method not allowed
if user_name and user_password:
u = User.query.filter_by(user_name=user_name).first()
if u and u.check_password(user_password):
auth_ok = True
flask_login.login_user(u)
# reprend le chemin classique:
scodoc_dept = getattr(g, "scodoc_dept", None)
if not current_user.has_permission(permission, scodoc_dept):
abort(403)
if auth_ok:
return f(*args, **kwargs)
else:
return login_required(f)(*args, **kwargs)
return decorated_function
return decorator
def admin_required(f):
from app.auth.models import Permission

View File

@ -68,6 +68,7 @@ from app.decorators import (
permission_required,
admin_required,
login_required,
permission_required_compat_scodoc7,
)
from app.views import absences_bp as bp
@ -1236,7 +1237,7 @@ def listeBilletsEtud(etudid=False, REQUEST=None, format="html"):
@bp.route("/XMLgetBilletsEtud")
@scodoc
@permission_required(Permission.ScoView)
@permission_required_compat_scodoc7(Permission.ScoView)
@scodoc7func
def XMLgetBilletsEtud(etudid=False, REQUEST=None):
"""Liste billets pour un etudiant"""
@ -1250,7 +1251,7 @@ def XMLgetBilletsEtud(etudid=False, REQUEST=None):
@bp.route("/listeBillets")
@scodoc
@permission_required(Permission.ScoView)
@permission_required_compat_scodoc7(Permission.ScoView)
@scodoc7func
def listeBillets(REQUEST=None):
"""Page liste des billets non traités et formulaire recherche d'un billet"""
@ -1459,9 +1460,19 @@ def ProcessBilletAbsenceForm(billet_id, REQUEST=None):
return "\n".join(H) + html_sco_header.sco_footer()
# @bp.route("/essai_api7")
# @scodoc
# @permission_required_compat_scodoc7(Permission.ScoView)
# @scodoc7func
# def essai_api7(x="xxx"):
# "un essai"
# log("arfffffffffffffffffff")
# return "OK OK x=" + str(x)
@bp.route("/XMLgetAbsEtud")
@scodoc
@permission_required(Permission.ScoView)
@permission_required_compat_scodoc7(Permission.ScoView)
@scodoc7func
def XMLgetAbsEtud(beg_date="", end_date="", REQUEST=None):
"""returns list of absences in date interval"""

View File

@ -50,6 +50,7 @@ from app.decorators import (
scodoc,
scodoc7func,
permission_required,
permission_required_compat_scodoc7,
admin_required,
login_required,
)
@ -252,11 +253,34 @@ sco_publish(
Permission.ScoChangeFormation,
methods=["GET", "POST"],
)
sco_publish(
"/formsemestre_bulletinetud",
sco_bulletins.formsemestre_bulletinetud,
Permission.ScoView,
)
@bp.route("formsemestre_bulletinetud")
@scodoc
@permission_required_compat_scodoc7(Permission.ScoView)
@scodoc7func
def formsemestre_bulletinetud(
etudid=None,
formsemestre_id=None,
format="html",
version="long",
xml_with_decisions=False,
force_publishing=False,
prefer_mail_perso=False,
REQUEST=None,
):
return sco_bulletins.formsemestre_bulletinetud(
etudid=etudid,
formsemestre_id=formsemestre_id,
format=format,
version=version,
xml_with_decisions=xml_with_decisions,
force_publishing=force_publishing,
prefer_mail_perso=prefer_mail_perso,
REQUEST=REQUEST,
)
sco_publish(
"/formsemestre_evaluations_cal",
sco_evaluations.formsemestre_evaluations_cal,
@ -601,7 +625,7 @@ def formsemestre_list(
@bp.route("/XMLgetFormsemestres")
@scodoc
@permission_required(Permission.ScoView)
@permission_required_compat_scodoc7(Permission.ScoView)
@scodoc7func
def XMLgetFormsemestres(etape_apo=None, formsemestre_id=None, REQUEST=None):
"""List all formsemestres matching etape, XML format

View File

@ -30,6 +30,7 @@ Module main: page d'accueil, avec liste des départements
Emmanuel Viennet, 2021
"""
from app.auth.models import User
import os
import flask
@ -53,7 +54,11 @@ import sco_version
from app.scodoc import sco_logos
from app.scodoc import sco_find_etud
from app.scodoc import sco_utils as scu
from app.decorators import admin_required
from app.decorators import (
admin_required,
scodoc7func,
permission_required_compat_scodoc7,
)
from app.scodoc.sco_permissions import Permission
from app.views import scodoc_bp as bp
@ -82,12 +87,12 @@ def table_etud_in_accessible_depts():
return sco_find_etud.table_etud_in_accessible_depts(expnom=request.form["expnom"])
# Fonction d'API accessible sans aucun authentification
@bp.route("/ScoDoc/get_etud_dept")
@login_required
def get_etud_dept():
"""Returns the dept acronym (eg "GEII") of an etud (identified by etudid,
code_nip ou code_ine in the request).
API: ramène la chaine brute, sans JSON ou XML.
Ancienne API: ramène la chaine brute, texte sans JSON ou XML.
"""
if "etudid" in request.args:
# zero ou une réponse:

View File

@ -52,6 +52,7 @@ from app.decorators import (
scodoc,
scodoc7func,
permission_required,
permission_required_compat_scodoc7,
admin_required,
login_required,
)
@ -402,7 +403,7 @@ def search_etud_by_name():
@bp.route("/etud_info")
@bp.route("/XMLgetEtudInfos")
@scodoc
@permission_required(Permission.ScoView)
@permission_required_compat_scodoc7(Permission.ScoView)
@scodoc7func
def etud_info(etudid=None, format="xml", REQUEST=None):
"Donne les informations sur un etudiant"

View File

@ -36,7 +36,7 @@ class ScoError(Exception):
def GET(s, path, errmsg=None):
"""Get and returns as JSON"""
r = s.get(BASEURL + "/" + path)
r = s.get(BASEURL + "/" + path, verify=CHECK_CERTIFICATE)
if r.status_code != 200:
raise ScoError(errmsg or "erreur !")
return r.json() # decode la reponse JSON
@ -44,7 +44,7 @@ def GET(s, path, errmsg=None):
def POST(s, path, data, errmsg=None):
"""Post"""
r = s.post(BASEURL + "/" + path, data=data)
r = s.post(BASEURL + "/" + path, data=data, verify=CHECK_CERTIFICATE)
if r.status_code != 200:
raise ScoError(errmsg or "erreur !")
return r.text