forked from ScoDoc/ScoDoc
API: modification pour accès via cookie web
This commit is contained in:
parent
cfd4448ca5
commit
aa1ec6fd8e
@ -10,20 +10,18 @@ from flask import jsonify
|
||||
|
||||
from app.api import bp
|
||||
from app.api.errors import error_response
|
||||
from app.api.auth import token_auth, token_permission_required
|
||||
from app.api.auth import permission_required_api
|
||||
from app.models import Identite
|
||||
|
||||
from app.scodoc import notesdb as ndb
|
||||
from app.scodoc import sco_abs
|
||||
|
||||
# from app.scodoc.sco_abs import annule_absence, annule_justif, add_abslist
|
||||
from app.scodoc.sco_groups import get_group_members
|
||||
from app.scodoc.sco_permissions import Permission
|
||||
|
||||
|
||||
@bp.route("/absences/etudid/<int:etudid>", methods=["GET"])
|
||||
@token_auth.login_required
|
||||
@token_permission_required(Permission.APIView)
|
||||
@permission_required_api(Permission.ScoView, Permission.APIView)
|
||||
def absences(etudid: int = None):
|
||||
"""
|
||||
Retourne la liste des absences d'un étudiant donné
|
||||
@ -67,8 +65,7 @@ def absences(etudid: int = None):
|
||||
|
||||
|
||||
@bp.route("/absences/etudid/<int:etudid>/just", methods=["GET"])
|
||||
@token_auth.login_required
|
||||
@token_permission_required(Permission.APIView)
|
||||
@permission_required_api(Permission.ScoView, Permission.APIView)
|
||||
def absences_just(etudid: int = None):
|
||||
"""
|
||||
Retourne la liste des absences justifiées d'un étudiant donné
|
||||
@ -123,8 +120,7 @@ def absences_just(etudid: int = None):
|
||||
"/absences/abs_group_etat/group_id/<int:group_id>/date_debut/<string:date_debut>/date_fin/<string:date_fin>",
|
||||
methods=["GET"],
|
||||
)
|
||||
@token_auth.login_required
|
||||
@token_permission_required(Permission.APIView)
|
||||
@permission_required_api(Permission.ScoView, Permission.APIView)
|
||||
def abs_groupe_etat(group_id: int, date_debut=None, date_fin=None):
|
||||
"""
|
||||
Liste des absences d'un groupe (possibilité de choisir entre deux dates)
|
||||
@ -170,11 +166,11 @@ def abs_groupe_etat(group_id: int, date_debut=None, date_fin=None):
|
||||
data = []
|
||||
# Filtre entre les deux dates renseignées
|
||||
for member in members:
|
||||
abs = {
|
||||
absence = {
|
||||
"etudid": member["etudid"],
|
||||
"list_abs": sco_abs.list_abs_date(member["etudid"], date_debut, date_fin),
|
||||
}
|
||||
data.append(abs)
|
||||
data.append(absence)
|
||||
|
||||
return jsonify(data)
|
||||
|
||||
|
||||
@ -26,10 +26,9 @@
|
||||
|
||||
from functools import wraps
|
||||
|
||||
|
||||
from flask import abort
|
||||
from flask import g
|
||||
from flask_httpauth import HTTPBasicAuth, HTTPTokenAuth
|
||||
from flask_login import current_user
|
||||
|
||||
from app import log
|
||||
from app.auth.models import User
|
||||
@ -57,7 +56,10 @@ def basic_auth_error(status):
|
||||
|
||||
@token_auth.verify_token
|
||||
def verify_token(token) -> User:
|
||||
"Retrouve l'utilisateur à partir du jeton"
|
||||
"""Retrouve l'utilisateur à partir du jeton.
|
||||
Si la requête n'a pas de jeton, token == "".
|
||||
"""
|
||||
|
||||
user = User.check_token(token) if token else None
|
||||
g.current_user = user
|
||||
return user
|
||||
@ -65,7 +67,7 @@ def verify_token(token) -> User:
|
||||
|
||||
@token_auth.error_handler
|
||||
def token_auth_error(status):
|
||||
"rréponse en cas d'erreur d'auth."
|
||||
"Réponse en cas d'erreur d'auth."
|
||||
return error_response(status)
|
||||
|
||||
|
||||
@ -75,7 +77,7 @@ def get_user_roles(user):
|
||||
|
||||
|
||||
def token_permission_required(permission):
|
||||
"Décorateur pour les fontions de l'API ScoDoc"
|
||||
"Décorateur pour les fonctions de l'API ScoDoc"
|
||||
|
||||
def decorator(f):
|
||||
@wraps(f)
|
||||
@ -84,13 +86,39 @@ def token_permission_required(permission):
|
||||
current_user = basic_auth.current_user()
|
||||
if not current_user or not current_user.has_permission(permission, None):
|
||||
if current_user:
|
||||
log(f"API permission denied (user {current_user})")
|
||||
message = f"API permission denied (user {current_user})"
|
||||
else:
|
||||
log("API permission denied (no user supplied)")
|
||||
abort(403)
|
||||
message = f"API permission denied (no user supplied)"
|
||||
log(message)
|
||||
# raise werkzeug.exceptions.Forbidden(description=message)
|
||||
return error_response(403, message=None)
|
||||
return f(*args, **kwargs)
|
||||
|
||||
# return decorated_function(token_auth.login_required())
|
||||
return decorated_function
|
||||
|
||||
return decorator
|
||||
|
||||
|
||||
def permission_required_api(permission_web, permission_api):
|
||||
"""Décorateur pour les fonctions de l'API accessibles en mode jeton
|
||||
ou en mode web.
|
||||
Si cookie d'authentification web, utilise pour se logger et calculer les
|
||||
permissions.
|
||||
Sinon, tente le jeton jwt.
|
||||
"""
|
||||
|
||||
def decorator(f):
|
||||
@wraps(f)
|
||||
def decorated_function(*args, **kwargs):
|
||||
scodoc_dept = getattr(g, "scodoc_dept", None)
|
||||
if not current_user.has_permission(permission_web, scodoc_dept):
|
||||
# try API
|
||||
return token_auth.login_required(
|
||||
token_permission_required(permission_api)(f)
|
||||
)(*args, **kwargs)
|
||||
return f(*args, **kwargs)
|
||||
|
||||
return decorated_function
|
||||
|
||||
return decorator
|
||||
|
||||
@ -5,7 +5,7 @@ from flask import jsonify
|
||||
import app
|
||||
from app import models
|
||||
from app.api import bp
|
||||
from app.api.auth import token_auth, token_permission_required
|
||||
from app.api.auth import permission_required_api
|
||||
from app.models import Departement, FormSemestre
|
||||
from app.scodoc.sco_permissions import Permission
|
||||
|
||||
@ -22,24 +22,21 @@ def get_departement(dept_ident: str) -> Departement:
|
||||
|
||||
|
||||
@bp.route("/departements", methods=["GET"])
|
||||
@token_auth.login_required
|
||||
@token_permission_required(Permission.APIView)
|
||||
@permission_required_api(Permission.ScoView, Permission.APIView)
|
||||
def departements():
|
||||
"""Liste les départements"""
|
||||
return jsonify([dept.to_dict() for dept in Departement.query])
|
||||
|
||||
|
||||
@bp.route("/departements_ids", methods=["GET"])
|
||||
@token_auth.login_required
|
||||
@token_permission_required(Permission.APIView)
|
||||
@permission_required_api(Permission.ScoView, Permission.APIView)
|
||||
def departements_ids():
|
||||
"""Liste des ids de départements"""
|
||||
return jsonify([dept.id for dept in Departement.query])
|
||||
|
||||
|
||||
@bp.route("/departement/<string:acronym>", methods=["GET"])
|
||||
@token_auth.login_required
|
||||
@token_permission_required(Permission.APIView)
|
||||
@permission_required_api(Permission.ScoView, Permission.APIView)
|
||||
def departement(acronym: str):
|
||||
"""
|
||||
Info sur un département. Accès par acronyme.
|
||||
@ -58,8 +55,7 @@ def departement(acronym: str):
|
||||
|
||||
|
||||
@bp.route("/departement/id/<int:dept_id>", methods=["GET"])
|
||||
@token_auth.login_required
|
||||
@token_permission_required(Permission.APIView)
|
||||
@permission_required_api(Permission.ScoView, Permission.APIView)
|
||||
def departement_by_id(dept_id: int):
|
||||
"""
|
||||
Info sur un département. Accès par id.
|
||||
@ -69,8 +65,7 @@ def departement_by_id(dept_id: int):
|
||||
|
||||
|
||||
@bp.route("/departement/<string:acronym>/etudiants", methods=["GET"])
|
||||
@token_auth.login_required
|
||||
@token_permission_required(Permission.APIView)
|
||||
@permission_required_api(Permission.ScoView, Permission.APIView)
|
||||
def dept_etudiants(acronym: str):
|
||||
"""
|
||||
Retourne la liste des étudiants d'un département
|
||||
@ -98,8 +93,7 @@ def dept_etudiants(acronym: str):
|
||||
|
||||
|
||||
@bp.route("/departement/id/<int:dept_id>/etudiants", methods=["GET"])
|
||||
@token_auth.login_required
|
||||
@token_permission_required(Permission.APIView)
|
||||
@permission_required_api(Permission.ScoView, Permission.APIView)
|
||||
def dept_etudiants_by_id(dept_id: int):
|
||||
"""
|
||||
Retourne la liste des étudiants d'un département d'id donné.
|
||||
@ -109,8 +103,7 @@ def dept_etudiants_by_id(dept_id: int):
|
||||
|
||||
|
||||
@bp.route("/departement/<string:acronym>/formsemestres_ids", methods=["GET"])
|
||||
@token_auth.login_required
|
||||
@token_permission_required(Permission.APIView)
|
||||
@permission_required_api(Permission.ScoView, Permission.APIView)
|
||||
def dept_formsemestres_ids(acronym: str):
|
||||
"""liste des ids formsemestre du département"""
|
||||
dept = Departement.query.filter_by(acronym=acronym).first_or_404()
|
||||
@ -118,8 +111,7 @@ def dept_formsemestres_ids(acronym: str):
|
||||
|
||||
|
||||
@bp.route("/departement/id/<int:dept_id>/formsemestres_ids", methods=["GET"])
|
||||
@token_auth.login_required
|
||||
@token_permission_required(Permission.APIView)
|
||||
@permission_required_api(Permission.ScoView, Permission.APIView)
|
||||
def dept_formsemestres_ids_by_id(dept_id: int):
|
||||
"""liste des ids formsemestre du département"""
|
||||
dept = Departement.query.get_or_404(dept_id)
|
||||
@ -127,8 +119,7 @@ def dept_formsemestres_ids_by_id(dept_id: int):
|
||||
|
||||
|
||||
@bp.route("/departement/<string:acronym>/formsemestres_courants", methods=["GET"])
|
||||
@token_auth.login_required
|
||||
@token_permission_required(Permission.APIView)
|
||||
@permission_required_api(Permission.ScoView, Permission.APIView)
|
||||
def dept_formsemestres_courants(acronym: str):
|
||||
"""
|
||||
Liste des semestres actifs d'un département d'acronyme donné
|
||||
@ -182,8 +173,7 @@ def dept_formsemestres_courants(acronym: str):
|
||||
|
||||
|
||||
@bp.route("/departement/id/<int:dept_id>/formsemestres_courants", methods=["GET"])
|
||||
@token_auth.login_required
|
||||
@token_permission_required(Permission.APIView)
|
||||
@permission_required_api(Permission.ScoView, Permission.APIView)
|
||||
def dept_formsemestres_courants_by_id(dept_id: int):
|
||||
"""
|
||||
Liste des semestres actifs d'un département d'id donné
|
||||
|
||||
@ -27,6 +27,7 @@ from werkzeug.http import HTTP_STATUS_CODES
|
||||
|
||||
|
||||
def error_response(status_code, message=None):
|
||||
"""Réponse sur erreur"""
|
||||
payload = {"error": HTTP_STATUS_CODES.get(status_code, "Unknown error")}
|
||||
if message:
|
||||
payload["message"] = message
|
||||
@ -36,4 +37,5 @@ def error_response(status_code, message=None):
|
||||
|
||||
|
||||
def bad_request(message):
|
||||
"400 Bad Request response"
|
||||
return error_response(400, message)
|
||||
|
||||
@ -8,25 +8,23 @@
|
||||
API : accès aux étudiants
|
||||
"""
|
||||
|
||||
from flask import jsonify, make_response
|
||||
from flask import jsonify
|
||||
|
||||
import app
|
||||
from app.api import bp
|
||||
from app.api.errors import error_response
|
||||
from app.api.auth import token_auth, token_permission_required
|
||||
from app.api.auth import permission_required_api
|
||||
from app.api import tools
|
||||
from app.models import Departement, FormSemestreInscription, FormSemestre, Identite
|
||||
from app.scodoc import sco_bulletins
|
||||
from app.scodoc import sco_groups
|
||||
from app.scodoc.sco_bulletins import do_formsemestre_bulletinetud
|
||||
from app.scodoc.sco_permissions import Permission
|
||||
from app.scodoc import sco_utils as scu
|
||||
|
||||
|
||||
@bp.route("/etudiants/courants", defaults={"long": False})
|
||||
@bp.route("/etudiants/courants/long", defaults={"long": True})
|
||||
@token_auth.login_required
|
||||
@token_permission_required(Permission.APIView)
|
||||
@permission_required_api(Permission.ScoView, Permission.APIView)
|
||||
def etudiants_courants(long=False):
|
||||
"""
|
||||
Liste des étudiants inscrits dans un formsemestre actuellement en cours.
|
||||
@ -66,8 +64,7 @@ def etudiants_courants(long=False):
|
||||
@bp.route("/etudiant/etudid/<int:etudid>", methods=["GET"])
|
||||
@bp.route("/etudiant/nip/<string:nip>", methods=["GET"])
|
||||
@bp.route("/etudiant/ine/<string:ine>", methods=["GET"])
|
||||
@token_auth.login_required
|
||||
@token_permission_required(Permission.APIView)
|
||||
@permission_required_api(Permission.ScoView, Permission.APIView)
|
||||
def etudiant(etudid: int = None, nip: str = None, ine: str = None):
|
||||
"""
|
||||
Retourne les informations de l'étudiant correspondant, ou 404 si non trouvé.
|
||||
@ -121,8 +118,7 @@ def etudiant(etudid: int = None, nip: str = None, ine: str = None):
|
||||
@bp.route("/etudiants/etudid/<int:etudid>", methods=["GET"])
|
||||
@bp.route("/etudiants/nip/<string:nip>", methods=["GET"])
|
||||
@bp.route("/etudiants/ine/<string:ine>", methods=["GET"])
|
||||
@token_auth.login_required
|
||||
@token_permission_required(Permission.APIView)
|
||||
@permission_required_api(Permission.ScoView, Permission.APIView)
|
||||
def etudiants(etudid: int = None, nip: str = None, ine: str = None):
|
||||
"""
|
||||
Info sur le ou les étudiants correspondant. Comme /etudiant mais renvoie
|
||||
@ -149,8 +145,7 @@ def etudiants(etudid: int = None, nip: str = None, ine: str = None):
|
||||
@bp.route("/etudiant/etudid/<int:etudid>/formsemestres")
|
||||
@bp.route("/etudiant/nip/<string:nip>/formsemestres")
|
||||
@bp.route("/etudiant/ine/<string:ine>/formsemestres")
|
||||
@token_auth.login_required
|
||||
@token_permission_required(Permission.APIView)
|
||||
@permission_required_api(Permission.ScoView, Permission.APIView)
|
||||
def etudiant_formsemestres(etudid: int = None, nip: int = None, ine: int = None):
|
||||
"""
|
||||
Liste des semestres qu'un étudiant a suivi, triés par ordre chronologique.
|
||||
@ -282,8 +277,7 @@ def etudiant_formsemestres(etudid: int = None, nip: int = None, ine: int = None)
|
||||
methods=["GET"],
|
||||
defaults={"version": "short", "pdf": True},
|
||||
)
|
||||
@token_auth.login_required
|
||||
@token_permission_required(Permission.APIView)
|
||||
@permission_required_api(Permission.ScoView, Permission.APIView)
|
||||
def etudiant_bulletin_semestre( # XXX TODO Ajouter la possibilité de retourner en version pdf
|
||||
formsemestre_id,
|
||||
etudid: int = None,
|
||||
@ -349,8 +343,7 @@ def etudiant_bulletin_semestre( # XXX TODO Ajouter la possibilité de retourner
|
||||
"/etudiant/ine/<string:ine>/formsemestre/<int:formsemestre_id>/groups",
|
||||
methods=["GET"],
|
||||
)
|
||||
@token_auth.login_required
|
||||
@token_permission_required(Permission.APIView)
|
||||
@permission_required_api(Permission.ScoView, Permission.APIView)
|
||||
def etudiant_groups(
|
||||
formsemestre_id: int, etudid: int = None, nip: int = None, ine: int = None
|
||||
):
|
||||
|
||||
@ -14,7 +14,7 @@ import app
|
||||
|
||||
from app import models
|
||||
from app.api import bp
|
||||
from app.api.auth import token_auth, token_permission_required
|
||||
from app.api.auth import permission_required_api
|
||||
from app.api.errors import error_response
|
||||
from app.models import Evaluation
|
||||
from app.scodoc.sco_evaluation_db import do_evaluation_get_all_notes
|
||||
@ -22,8 +22,7 @@ from app.scodoc.sco_permissions import Permission
|
||||
|
||||
|
||||
@bp.route("/evaluations/<int:moduleimpl_id>", methods=["GET"])
|
||||
@token_auth.login_required
|
||||
@token_permission_required(Permission.APIView)
|
||||
@permission_required_api(Permission.ScoView, Permission.APIView)
|
||||
def evaluations(moduleimpl_id: int):
|
||||
"""
|
||||
Retourne la liste des évaluations d'un moduleimpl
|
||||
@ -65,8 +64,7 @@ def evaluations(moduleimpl_id: int):
|
||||
|
||||
|
||||
@bp.route("/evaluation/eval_notes/<int:evaluation_id>", methods=["GET"])
|
||||
@token_auth.login_required
|
||||
@token_permission_required(Permission.APIView)
|
||||
@permission_required_api(Permission.ScoView, Permission.APIView)
|
||||
def evaluation_notes(evaluation_id: int):
|
||||
"""
|
||||
Retourne la liste des notes à partir de l'id d'une évaluation donnée
|
||||
|
||||
@ -14,15 +14,14 @@ import app
|
||||
from app import models
|
||||
from app.api import bp
|
||||
from app.api.errors import error_response
|
||||
from app.api.auth import token_auth, token_permission_required
|
||||
from app.api.auth import permission_required_api
|
||||
from app.models.formations import Formation
|
||||
from app.scodoc import sco_formations
|
||||
from app.scodoc.sco_permissions import Permission
|
||||
|
||||
|
||||
@bp.route("/formations", methods=["GET"])
|
||||
@token_auth.login_required
|
||||
@token_permission_required(Permission.APIView)
|
||||
@permission_required_api(Permission.ScoView, Permission.APIView)
|
||||
def formations():
|
||||
"""
|
||||
Retourne la liste de toutes les formations (tous départements)
|
||||
@ -33,8 +32,7 @@ def formations():
|
||||
|
||||
|
||||
@bp.route("/formations_ids", methods=["GET"])
|
||||
@token_auth.login_required
|
||||
@token_permission_required(Permission.APIView)
|
||||
@permission_required_api(Permission.ScoView, Permission.APIView)
|
||||
def formations_ids():
|
||||
"""
|
||||
Retourne la liste de toutes les id de formations (tous départements)
|
||||
@ -46,8 +44,7 @@ def formations_ids():
|
||||
|
||||
|
||||
@bp.route("/formation/<int:formation_id>", methods=["GET"])
|
||||
@token_auth.login_required
|
||||
@token_permission_required(Permission.APIView)
|
||||
@permission_required_api(Permission.ScoView, Permission.APIView)
|
||||
def formation_by_id(formation_id: int):
|
||||
"""
|
||||
La formation d'id donné
|
||||
@ -83,8 +80,7 @@ def formation_by_id(formation_id: int):
|
||||
methods=["GET"],
|
||||
defaults={"export_ids": True},
|
||||
)
|
||||
@token_auth.login_required
|
||||
@token_permission_required(Permission.APIView)
|
||||
@permission_required_api(Permission.ScoView, Permission.APIView)
|
||||
def formation_export_by_formation_id(formation_id: int, export_ids=False):
|
||||
"""
|
||||
Retourne la formation, avec UE, matières, modules
|
||||
@ -192,8 +188,7 @@ def formation_export_by_formation_id(formation_id: int, export_ids=False):
|
||||
|
||||
|
||||
@bp.route("/formation/moduleimpl/<int:moduleimpl_id>", methods=["GET"])
|
||||
@token_auth.login_required
|
||||
@token_permission_required(Permission.APIView)
|
||||
@permission_required_api(Permission.ScoView, Permission.APIView)
|
||||
def moduleimpl(moduleimpl_id: int):
|
||||
"""
|
||||
Retourne un module moduleimpl en fonction de son id
|
||||
@ -237,8 +232,7 @@ def moduleimpl(moduleimpl_id: int):
|
||||
"/formation/<int:formation_id>/referentiel_competences",
|
||||
methods=["GET"],
|
||||
)
|
||||
@token_auth.login_required
|
||||
@token_permission_required(Permission.APIView)
|
||||
@permission_required_api(Permission.ScoView, Permission.APIView)
|
||||
def referentiel_competences(formation_id: int):
|
||||
"""
|
||||
Retourne le référentiel de compétences
|
||||
|
||||
@ -12,7 +12,7 @@ from flask import abort, jsonify, request
|
||||
import app
|
||||
from app import models
|
||||
from app.api import bp
|
||||
from app.api.auth import token_auth, token_permission_required
|
||||
from app.api.auth import permission_required_api
|
||||
from app.comp import res_sem
|
||||
from app.comp.moy_mod import ModuleImplResults
|
||||
from app.comp.res_compat import NotesTableCompat
|
||||
@ -25,8 +25,7 @@ import app.scodoc.sco_utils as scu
|
||||
|
||||
|
||||
@bp.route("/formsemestre/<int:formsemestre_id>", methods=["GET"])
|
||||
@token_auth.login_required
|
||||
@token_permission_required(Permission.APIView)
|
||||
@permission_required_api(Permission.ScoView, Permission.APIView)
|
||||
def formsemestre_infos(formsemestre_id: int):
|
||||
"""
|
||||
Information sur le formsemestre indiqué.
|
||||
@ -69,8 +68,7 @@ def formsemestre_infos(formsemestre_id: int):
|
||||
|
||||
|
||||
@bp.route("/formsemestres/query", methods=["GET"])
|
||||
@token_auth.login_required
|
||||
@token_permission_required(Permission.APIView)
|
||||
@permission_required_api(Permission.ScoView, Permission.APIView)
|
||||
def formsemestres_query():
|
||||
"""
|
||||
Retourne les formsemestres filtrés par
|
||||
@ -115,8 +113,7 @@ def formsemestres_query():
|
||||
|
||||
|
||||
@bp.route("/formsemestre/<int:formsemestre_id>/bulletins", methods=["GET"])
|
||||
@token_auth.login_required
|
||||
@token_permission_required(Permission.APIView)
|
||||
@permission_required_api(Permission.ScoView, Permission.APIView)
|
||||
def bulletins(formsemestre_id: int):
|
||||
"""
|
||||
Retourne les bulletins d'un formsemestre donné
|
||||
@ -140,8 +137,7 @@ def bulletins(formsemestre_id: int):
|
||||
"/formsemestre/<int:formsemestre_id>/programme",
|
||||
methods=["GET"],
|
||||
)
|
||||
@token_auth.login_required
|
||||
@token_permission_required(Permission.APIView)
|
||||
@permission_required_api(Permission.ScoView, Permission.APIView)
|
||||
def formsemestre_programme(formsemestre_id: int):
|
||||
"""
|
||||
Retourne la liste des Ues, ressources et SAE d'un semestre
|
||||
@ -242,8 +238,7 @@ def formsemestre_programme(formsemestre_id: int):
|
||||
methods=["GET"],
|
||||
defaults={"etat": scu.DEF},
|
||||
)
|
||||
@token_auth.login_required
|
||||
@token_permission_required(Permission.APIView)
|
||||
@permission_required_api(Permission.ScoView, Permission.APIView)
|
||||
def formsemestre_etudiants(formsemestre_id: int, etat: str):
|
||||
"""
|
||||
Retourne la liste des étudiants d'un formsemestre
|
||||
@ -265,8 +260,7 @@ def formsemestre_etudiants(formsemestre_id: int, etat: str):
|
||||
|
||||
|
||||
@bp.route("/formsemestre/<int:formsemestre_id>/etat_evals", methods=["GET"])
|
||||
@token_auth.login_required
|
||||
@token_permission_required(Permission.APIView)
|
||||
@permission_required_api(Permission.ScoView, Permission.APIView)
|
||||
def etat_evals(formsemestre_id: int):
|
||||
"""
|
||||
Informations sur l'état des évaluations d'un formsemestre.
|
||||
@ -372,8 +366,7 @@ def etat_evals(formsemestre_id: int):
|
||||
|
||||
|
||||
@bp.route("/formsemestre/<int:formsemestre_id>/resultats", methods=["GET"])
|
||||
@token_auth.login_required
|
||||
@token_permission_required(Permission.APIView)
|
||||
@permission_required_api(Permission.ScoView, Permission.APIView)
|
||||
def formsemestre_resultat(formsemestre_id: int):
|
||||
"""Tableau récapitulatif des résultats
|
||||
Pour chaque étudiant, son état, ses groupes, ses moyennes d'UE et de modules.
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
# from app import models
|
||||
# from app.api import bp
|
||||
# from app.api.errors import error_response
|
||||
# from app.api.auth import token_auth, token_permission_required
|
||||
# from app.api.auth import permission_required_api
|
||||
# from app.scodoc.sco_prepajury import feuille_preparation_jury
|
||||
# from app.scodoc.sco_pvjury import formsemestre_pvjury
|
||||
|
||||
|
||||
@ -38,13 +38,12 @@ from app.api.auth import token_auth
|
||||
from app.api.errors import error_response
|
||||
from app.models import Departement
|
||||
from app.scodoc.sco_logos import list_logos, find_logo
|
||||
from app.api.auth import token_auth, token_permission_required
|
||||
from app.api.auth import permission_required_api
|
||||
from app.scodoc.sco_permissions import Permission
|
||||
|
||||
|
||||
@bp.route("/logos", methods=["GET"])
|
||||
@token_auth.login_required
|
||||
@token_permission_required(Permission.APIView)
|
||||
@permission_required_api(Permission.ScoView, Permission.APIView)
|
||||
def api_get_glob_logos():
|
||||
if not g.current_user.has_permission(Permission.ScoSuperAdmin, None):
|
||||
return error_response(401, message="accès interdit")
|
||||
@ -56,8 +55,7 @@ def api_get_glob_logos():
|
||||
|
||||
|
||||
@bp.route("/logos/<string:logoname>", methods=["GET"])
|
||||
@token_auth.login_required
|
||||
@token_permission_required(Permission.APIView)
|
||||
@permission_required_api(Permission.ScoView, Permission.APIView)
|
||||
def api_get_glob_logo(logoname):
|
||||
if not g.current_user.has_permission(Permission.ScoSuperAdmin, None):
|
||||
return error_response(401, message="accès interdit")
|
||||
@ -73,8 +71,7 @@ def api_get_glob_logo(logoname):
|
||||
|
||||
|
||||
@bp.route("/departements/<string:departement>/logos", methods=["GET"])
|
||||
@token_auth.login_required
|
||||
@token_permission_required(Permission.APIView)
|
||||
@permission_required_api(Permission.ScoView, Permission.APIView)
|
||||
def api_get_local_logos(departement):
|
||||
dept_id = Departement.from_acronym(departement).id
|
||||
if not g.current_user.has_permission(Permission.ScoChangePreferences, departement):
|
||||
@ -84,8 +81,7 @@ def api_get_local_logos(departement):
|
||||
|
||||
|
||||
@bp.route("/departements/<string:departement>/logos/<string:logoname>", methods=["GET"])
|
||||
@token_auth.login_required
|
||||
@token_permission_required(Permission.APIView)
|
||||
@permission_required_api(Permission.ScoView, Permission.APIView)
|
||||
def api_get_local_logo(departement, logoname):
|
||||
# format = requested_format("jpg", ['png', 'jpg']) XXX ?
|
||||
dept_id = Departement.from_acronym(departement).id
|
||||
|
||||
@ -12,7 +12,7 @@ from flask import abort, jsonify, request
|
||||
import app
|
||||
from app import db, log
|
||||
from app.api import bp
|
||||
from app.api.auth import token_auth, token_permission_required
|
||||
from app.api.auth import permission_required_api
|
||||
from app.models import FormSemestre, FormSemestreInscription, Identite
|
||||
from app.models import GroupDescr, Partition
|
||||
from app.models.groups import group_membership
|
||||
@ -22,8 +22,7 @@ from app.scodoc import sco_utils as scu
|
||||
|
||||
|
||||
@bp.route("/partition/<int:partition_id>", methods=["GET"])
|
||||
@token_auth.login_required
|
||||
@token_permission_required(Permission.APIView)
|
||||
@permission_required_api(Permission.ScoView, Permission.APIView)
|
||||
def partition_info(partition_id: int):
|
||||
"""
|
||||
Exemple de résultat :
|
||||
@ -48,8 +47,7 @@ def partition_info(partition_id: int):
|
||||
|
||||
|
||||
@bp.route("/formsemestre/<int:formsemestre_id>/partitions", methods=["GET"])
|
||||
@token_auth.login_required
|
||||
@token_permission_required(Permission.APIView)
|
||||
@permission_required_api(Permission.ScoView, Permission.APIView)
|
||||
def formsemestre_partitions(formsemestre_id: int):
|
||||
"""
|
||||
Retourne la liste de toutes les partitions d'un formsemestre
|
||||
@ -64,8 +62,7 @@ def formsemestre_partitions(formsemestre_id: int):
|
||||
|
||||
|
||||
@bp.route("/group/<int:group_id>/etudiants", methods=["GET"])
|
||||
@token_auth.login_required
|
||||
@token_permission_required(Permission.APIView)
|
||||
@permission_required_api(Permission.ScoView, Permission.APIView)
|
||||
def etud_in_group(group_id: int):
|
||||
"""
|
||||
Retourne la liste des étudiants dans un groupe
|
||||
@ -91,8 +88,7 @@ def etud_in_group(group_id: int):
|
||||
|
||||
|
||||
@bp.route("/group/<int:group_id>/etudiants/query", methods=["GET"])
|
||||
@token_auth.login_required
|
||||
@token_permission_required(Permission.APIView)
|
||||
@permission_required_api(Permission.ScoView, Permission.APIView)
|
||||
def etud_in_group_query(group_id: int):
|
||||
"""Etudiants du groupe, filtrés par état"""
|
||||
etat = request.args.get("etat")
|
||||
@ -110,8 +106,7 @@ def etud_in_group_query(group_id: int):
|
||||
|
||||
|
||||
@bp.route("/group/<int:group_id>/set_etudiant/<int:etudid>", methods=["POST"])
|
||||
@token_auth.login_required
|
||||
@token_permission_required(Permission.APIEditGroups)
|
||||
@permission_required_api(Permission.ScoEtudChangeGroups, Permission.APIEditGroups)
|
||||
def set_etud_group(etudid: int, group_id: int):
|
||||
"""Affecte l'étudiant au groupe indiqué"""
|
||||
etud = Identite.query.get_or_404(etudid)
|
||||
@ -136,8 +131,7 @@ def set_etud_group(etudid: int, group_id: int):
|
||||
|
||||
|
||||
@bp.route("/partition/<int:partition_id>/group/create", methods=["POST"])
|
||||
@token_auth.login_required
|
||||
@token_permission_required(Permission.APIEditGroups)
|
||||
@permission_required_api(Permission.ScoEtudChangeGroups, Permission.APIEditGroups)
|
||||
def group_create(partition_id: int):
|
||||
"""Création d'un groupe dans une partition
|
||||
|
||||
@ -167,8 +161,7 @@ def group_create(partition_id: int):
|
||||
|
||||
|
||||
@bp.route("/group/<int:group_id>/delete", methods=["POST"])
|
||||
@token_auth.login_required
|
||||
@token_permission_required(Permission.APIEditGroups)
|
||||
@permission_required_api(Permission.ScoEtudChangeGroups, Permission.APIEditGroups)
|
||||
def group_delete(group_id: int):
|
||||
"""Suppression d'un groupe"""
|
||||
group = GroupDescr.query.get_or_404(group_id)
|
||||
@ -184,8 +177,7 @@ def group_delete(group_id: int):
|
||||
|
||||
|
||||
@bp.route("/group/<int:group_id>/edit", methods=["POST"])
|
||||
@token_auth.login_required
|
||||
@token_permission_required(Permission.APIEditGroups)
|
||||
@permission_required_api(Permission.ScoEtudChangeGroups, Permission.APIEditGroups)
|
||||
def group_edit(group_id: int):
|
||||
"""Edit a group"""
|
||||
group: GroupDescr = GroupDescr.query.get_or_404(group_id)
|
||||
@ -206,8 +198,7 @@ def group_edit(group_id: int):
|
||||
|
||||
|
||||
@bp.route("/formsemestre/<int:formsemestre_id>/partition/create", methods=["POST"])
|
||||
@token_auth.login_required
|
||||
@token_permission_required(Permission.APIEditGroups)
|
||||
@permission_required_api(Permission.ScoEtudChangeGroups, Permission.APIEditGroups)
|
||||
def partition_create(formsemestre_id: int):
|
||||
"""Création d'une partition dans un semestre
|
||||
|
||||
@ -253,8 +244,7 @@ def partition_create(formsemestre_id: int):
|
||||
|
||||
|
||||
@bp.route("/partition/<int:partition_id>/edit", methods=["POST"])
|
||||
@token_auth.login_required
|
||||
@token_permission_required(Permission.APIEditGroups)
|
||||
@permission_required_api(Permission.ScoEtudChangeGroups, Permission.APIEditGroups)
|
||||
def partition_edit(partition_id: int):
|
||||
"""Modification d'une partition dans un semestre
|
||||
|
||||
@ -306,8 +296,7 @@ def partition_edit(partition_id: int):
|
||||
|
||||
|
||||
@bp.route("/partition/<int:partition_id>/delete", methods=["POST"])
|
||||
@token_auth.login_required
|
||||
@token_permission_required(Permission.APIEditGroups)
|
||||
@permission_required_api(Permission.ScoEtudChangeGroups, Permission.APIEditGroups)
|
||||
def partition_delete(partition_id: int):
|
||||
"""Suppression d'une partition (et de tous ses groupes).
|
||||
|
||||
|
||||
@ -36,8 +36,13 @@ load_dotenv(os.path.join(BASEDIR, ".env"))
|
||||
CHK_CERT = bool(int(os.environ.get("CHECK_CERTIFICATE", False)))
|
||||
SCODOC_URL = os.environ.get("SCODOC_URL") or "http://localhost:5000"
|
||||
API_URL = SCODOC_URL + "/ScoDoc/api"
|
||||
# Admin:
|
||||
SCODOC_USER = os.environ["SCODOC_USER"]
|
||||
SCODOC_PASSWORD = os.environ["SCODOC_PASSWORD"]
|
||||
# Lecteur
|
||||
SCODOC_USER_API_LECTEUR = os.environ["SCODOC_USER_API_LECTEUR"]
|
||||
SCODOC_PASSWORD_API_LECTEUR = os.environ["SCODOC_PASSWORD_API_LECTEUR"]
|
||||
|
||||
print(f"SCODOC_URL={SCODOC_URL}")
|
||||
print(f"API URL={API_URL}")
|
||||
|
||||
@ -84,13 +89,16 @@ def POST_JSON(path: str, data: dict = {}, headers={}, errmsg=None):
|
||||
return r.json() # decode la reponse JSON
|
||||
|
||||
|
||||
# --- Obtention du jeton (token)
|
||||
r = requests.post(API_URL + "/tokens", auth=(SCODOC_USER, SCODOC_PASSWORD))
|
||||
assert r.status_code == 200
|
||||
token = r.json()["token"]
|
||||
HEADERS = {"Authorization": f"Bearer {token}"}
|
||||
# HEADERS_JSON = HEADERS.copy()
|
||||
# HEADERS_JSON["Content-Type"] = "application/json"
|
||||
def GET_TOKEN(user, password):
|
||||
"Obtention du jeton (token)"
|
||||
r = requests.post(API_URL + "/tokens", auth=(user, password))
|
||||
assert r.status_code == 200
|
||||
token = r.json()["token"]
|
||||
return {"Authorization": f"Bearer {token}"}
|
||||
|
||||
|
||||
HEADERS = GET_TOKEN(SCODOC_USER, SCODOC_PASSWORD)
|
||||
HEADERS_USER = GET_TOKEN(SCODOC_USER_API_LECTEUR, SCODOC_PASSWORD_API_LECTEUR)
|
||||
|
||||
r = requests.get(API_URL + "/departements", headers=HEADERS, verify=CHK_CERT)
|
||||
if r.status_code != 200:
|
||||
|
||||
Loading…
Reference in New Issue
Block a user