API: modification pour accès via cookie web

This commit is contained in:
Emmanuel Viennet 2022-07-22 16:39:21 +02:00
parent cfd4448ca5
commit aa1ec6fd8e
12 changed files with 114 additions and 127 deletions

View File

@ -10,20 +10,18 @@ from flask import jsonify
from app.api import bp
from app.api.errors import error_response
from app.api.auth import token_auth, token_permission_required
from app.api.auth import permission_required_api
from app.models import Identite
from app.scodoc import notesdb as ndb
from app.scodoc import sco_abs
# from app.scodoc.sco_abs import annule_absence, annule_justif, add_abslist
from app.scodoc.sco_groups import get_group_members
from app.scodoc.sco_permissions import Permission
@bp.route("/absences/etudid/<int:etudid>", methods=["GET"])
@token_auth.login_required
@token_permission_required(Permission.APIView)
@permission_required_api(Permission.ScoView, Permission.APIView)
def absences(etudid: int = None):
"""
Retourne la liste des absences d'un étudiant donné
@ -67,8 +65,7 @@ def absences(etudid: int = None):
@bp.route("/absences/etudid/<int:etudid>/just", methods=["GET"])
@token_auth.login_required
@token_permission_required(Permission.APIView)
@permission_required_api(Permission.ScoView, Permission.APIView)
def absences_just(etudid: int = None):
"""
Retourne la liste des absences justifiées d'un étudiant donné
@ -123,8 +120,7 @@ def absences_just(etudid: int = None):
"/absences/abs_group_etat/group_id/<int:group_id>/date_debut/<string:date_debut>/date_fin/<string:date_fin>",
methods=["GET"],
)
@token_auth.login_required
@token_permission_required(Permission.APIView)
@permission_required_api(Permission.ScoView, Permission.APIView)
def abs_groupe_etat(group_id: int, date_debut=None, date_fin=None):
"""
Liste des absences d'un groupe (possibilité de choisir entre deux dates)
@ -170,11 +166,11 @@ def abs_groupe_etat(group_id: int, date_debut=None, date_fin=None):
data = []
# Filtre entre les deux dates renseignées
for member in members:
abs = {
absence = {
"etudid": member["etudid"],
"list_abs": sco_abs.list_abs_date(member["etudid"], date_debut, date_fin),
}
data.append(abs)
data.append(absence)
return jsonify(data)

View File

@ -26,10 +26,9 @@
from functools import wraps
from flask import abort
from flask import g
from flask_httpauth import HTTPBasicAuth, HTTPTokenAuth
from flask_login import current_user
from app import log
from app.auth.models import User
@ -57,7 +56,10 @@ def basic_auth_error(status):
@token_auth.verify_token
def verify_token(token) -> User:
"Retrouve l'utilisateur à partir du jeton"
"""Retrouve l'utilisateur à partir du jeton.
Si la requête n'a pas de jeton, token == "".
"""
user = User.check_token(token) if token else None
g.current_user = user
return user
@ -65,7 +67,7 @@ def verify_token(token) -> User:
@token_auth.error_handler
def token_auth_error(status):
"rréponse en cas d'erreur d'auth."
"Réponse en cas d'erreur d'auth."
return error_response(status)
@ -75,7 +77,7 @@ def get_user_roles(user):
def token_permission_required(permission):
"Décorateur pour les fontions de l'API ScoDoc"
"Décorateur pour les fonctions de l'API ScoDoc"
def decorator(f):
@wraps(f)
@ -84,13 +86,39 @@ def token_permission_required(permission):
current_user = basic_auth.current_user()
if not current_user or not current_user.has_permission(permission, None):
if current_user:
log(f"API permission denied (user {current_user})")
message = f"API permission denied (user {current_user})"
else:
log("API permission denied (no user supplied)")
abort(403)
message = f"API permission denied (no user supplied)"
log(message)
# raise werkzeug.exceptions.Forbidden(description=message)
return error_response(403, message=None)
return f(*args, **kwargs)
# return decorated_function(token_auth.login_required())
return decorated_function
return decorator
def permission_required_api(permission_web, permission_api):
"""Décorateur pour les fonctions de l'API accessibles en mode jeton
ou en mode web.
Si cookie d'authentification web, utilise pour se logger et calculer les
permissions.
Sinon, tente le jeton jwt.
"""
def decorator(f):
@wraps(f)
def decorated_function(*args, **kwargs):
scodoc_dept = getattr(g, "scodoc_dept", None)
if not current_user.has_permission(permission_web, scodoc_dept):
# try API
return token_auth.login_required(
token_permission_required(permission_api)(f)
)(*args, **kwargs)
return f(*args, **kwargs)
return decorated_function
return decorator

View File

@ -5,7 +5,7 @@ from flask import jsonify
import app
from app import models
from app.api import bp
from app.api.auth import token_auth, token_permission_required
from app.api.auth import permission_required_api
from app.models import Departement, FormSemestre
from app.scodoc.sco_permissions import Permission
@ -22,24 +22,21 @@ def get_departement(dept_ident: str) -> Departement:
@bp.route("/departements", methods=["GET"])
@token_auth.login_required
@token_permission_required(Permission.APIView)
@permission_required_api(Permission.ScoView, Permission.APIView)
def departements():
"""Liste les départements"""
return jsonify([dept.to_dict() for dept in Departement.query])
@bp.route("/departements_ids", methods=["GET"])
@token_auth.login_required
@token_permission_required(Permission.APIView)
@permission_required_api(Permission.ScoView, Permission.APIView)
def departements_ids():
"""Liste des ids de départements"""
return jsonify([dept.id for dept in Departement.query])
@bp.route("/departement/<string:acronym>", methods=["GET"])
@token_auth.login_required
@token_permission_required(Permission.APIView)
@permission_required_api(Permission.ScoView, Permission.APIView)
def departement(acronym: str):
"""
Info sur un département. Accès par acronyme.
@ -58,8 +55,7 @@ def departement(acronym: str):
@bp.route("/departement/id/<int:dept_id>", methods=["GET"])
@token_auth.login_required
@token_permission_required(Permission.APIView)
@permission_required_api(Permission.ScoView, Permission.APIView)
def departement_by_id(dept_id: int):
"""
Info sur un département. Accès par id.
@ -69,8 +65,7 @@ def departement_by_id(dept_id: int):
@bp.route("/departement/<string:acronym>/etudiants", methods=["GET"])
@token_auth.login_required
@token_permission_required(Permission.APIView)
@permission_required_api(Permission.ScoView, Permission.APIView)
def dept_etudiants(acronym: str):
"""
Retourne la liste des étudiants d'un département
@ -98,8 +93,7 @@ def dept_etudiants(acronym: str):
@bp.route("/departement/id/<int:dept_id>/etudiants", methods=["GET"])
@token_auth.login_required
@token_permission_required(Permission.APIView)
@permission_required_api(Permission.ScoView, Permission.APIView)
def dept_etudiants_by_id(dept_id: int):
"""
Retourne la liste des étudiants d'un département d'id donné.
@ -109,8 +103,7 @@ def dept_etudiants_by_id(dept_id: int):
@bp.route("/departement/<string:acronym>/formsemestres_ids", methods=["GET"])
@token_auth.login_required
@token_permission_required(Permission.APIView)
@permission_required_api(Permission.ScoView, Permission.APIView)
def dept_formsemestres_ids(acronym: str):
"""liste des ids formsemestre du département"""
dept = Departement.query.filter_by(acronym=acronym).first_or_404()
@ -118,8 +111,7 @@ def dept_formsemestres_ids(acronym: str):
@bp.route("/departement/id/<int:dept_id>/formsemestres_ids", methods=["GET"])
@token_auth.login_required
@token_permission_required(Permission.APIView)
@permission_required_api(Permission.ScoView, Permission.APIView)
def dept_formsemestres_ids_by_id(dept_id: int):
"""liste des ids formsemestre du département"""
dept = Departement.query.get_or_404(dept_id)
@ -127,8 +119,7 @@ def dept_formsemestres_ids_by_id(dept_id: int):
@bp.route("/departement/<string:acronym>/formsemestres_courants", methods=["GET"])
@token_auth.login_required
@token_permission_required(Permission.APIView)
@permission_required_api(Permission.ScoView, Permission.APIView)
def dept_formsemestres_courants(acronym: str):
"""
Liste des semestres actifs d'un département d'acronyme donné
@ -182,8 +173,7 @@ def dept_formsemestres_courants(acronym: str):
@bp.route("/departement/id/<int:dept_id>/formsemestres_courants", methods=["GET"])
@token_auth.login_required
@token_permission_required(Permission.APIView)
@permission_required_api(Permission.ScoView, Permission.APIView)
def dept_formsemestres_courants_by_id(dept_id: int):
"""
Liste des semestres actifs d'un département d'id donné

View File

@ -27,6 +27,7 @@ from werkzeug.http import HTTP_STATUS_CODES
def error_response(status_code, message=None):
"""Réponse sur erreur"""
payload = {"error": HTTP_STATUS_CODES.get(status_code, "Unknown error")}
if message:
payload["message"] = message
@ -36,4 +37,5 @@ def error_response(status_code, message=None):
def bad_request(message):
"400 Bad Request response"
return error_response(400, message)

View File

@ -8,25 +8,23 @@
API : accès aux étudiants
"""
from flask import jsonify, make_response
from flask import jsonify
import app
from app.api import bp
from app.api.errors import error_response
from app.api.auth import token_auth, token_permission_required
from app.api.auth import permission_required_api
from app.api import tools
from app.models import Departement, FormSemestreInscription, FormSemestre, Identite
from app.scodoc import sco_bulletins
from app.scodoc import sco_groups
from app.scodoc.sco_bulletins import do_formsemestre_bulletinetud
from app.scodoc.sco_permissions import Permission
from app.scodoc import sco_utils as scu
@bp.route("/etudiants/courants", defaults={"long": False})
@bp.route("/etudiants/courants/long", defaults={"long": True})
@token_auth.login_required
@token_permission_required(Permission.APIView)
@permission_required_api(Permission.ScoView, Permission.APIView)
def etudiants_courants(long=False):
"""
Liste des étudiants inscrits dans un formsemestre actuellement en cours.
@ -66,8 +64,7 @@ def etudiants_courants(long=False):
@bp.route("/etudiant/etudid/<int:etudid>", methods=["GET"])
@bp.route("/etudiant/nip/<string:nip>", methods=["GET"])
@bp.route("/etudiant/ine/<string:ine>", methods=["GET"])
@token_auth.login_required
@token_permission_required(Permission.APIView)
@permission_required_api(Permission.ScoView, Permission.APIView)
def etudiant(etudid: int = None, nip: str = None, ine: str = None):
"""
Retourne les informations de l'étudiant correspondant, ou 404 si non trouvé.
@ -121,8 +118,7 @@ def etudiant(etudid: int = None, nip: str = None, ine: str = None):
@bp.route("/etudiants/etudid/<int:etudid>", methods=["GET"])
@bp.route("/etudiants/nip/<string:nip>", methods=["GET"])
@bp.route("/etudiants/ine/<string:ine>", methods=["GET"])
@token_auth.login_required
@token_permission_required(Permission.APIView)
@permission_required_api(Permission.ScoView, Permission.APIView)
def etudiants(etudid: int = None, nip: str = None, ine: str = None):
"""
Info sur le ou les étudiants correspondant. Comme /etudiant mais renvoie
@ -149,8 +145,7 @@ def etudiants(etudid: int = None, nip: str = None, ine: str = None):
@bp.route("/etudiant/etudid/<int:etudid>/formsemestres")
@bp.route("/etudiant/nip/<string:nip>/formsemestres")
@bp.route("/etudiant/ine/<string:ine>/formsemestres")
@token_auth.login_required
@token_permission_required(Permission.APIView)
@permission_required_api(Permission.ScoView, Permission.APIView)
def etudiant_formsemestres(etudid: int = None, nip: int = None, ine: int = None):
"""
Liste des semestres qu'un étudiant a suivi, triés par ordre chronologique.
@ -282,8 +277,7 @@ def etudiant_formsemestres(etudid: int = None, nip: int = None, ine: int = None)
methods=["GET"],
defaults={"version": "short", "pdf": True},
)
@token_auth.login_required
@token_permission_required(Permission.APIView)
@permission_required_api(Permission.ScoView, Permission.APIView)
def etudiant_bulletin_semestre( # XXX TODO Ajouter la possibilité de retourner en version pdf
formsemestre_id,
etudid: int = None,
@ -349,8 +343,7 @@ def etudiant_bulletin_semestre( # XXX TODO Ajouter la possibilité de retourner
"/etudiant/ine/<string:ine>/formsemestre/<int:formsemestre_id>/groups",
methods=["GET"],
)
@token_auth.login_required
@token_permission_required(Permission.APIView)
@permission_required_api(Permission.ScoView, Permission.APIView)
def etudiant_groups(
formsemestre_id: int, etudid: int = None, nip: int = None, ine: int = None
):

View File

@ -14,7 +14,7 @@ import app
from app import models
from app.api import bp
from app.api.auth import token_auth, token_permission_required
from app.api.auth import permission_required_api
from app.api.errors import error_response
from app.models import Evaluation
from app.scodoc.sco_evaluation_db import do_evaluation_get_all_notes
@ -22,8 +22,7 @@ from app.scodoc.sco_permissions import Permission
@bp.route("/evaluations/<int:moduleimpl_id>", methods=["GET"])
@token_auth.login_required
@token_permission_required(Permission.APIView)
@permission_required_api(Permission.ScoView, Permission.APIView)
def evaluations(moduleimpl_id: int):
"""
Retourne la liste des évaluations d'un moduleimpl
@ -65,8 +64,7 @@ def evaluations(moduleimpl_id: int):
@bp.route("/evaluation/eval_notes/<int:evaluation_id>", methods=["GET"])
@token_auth.login_required
@token_permission_required(Permission.APIView)
@permission_required_api(Permission.ScoView, Permission.APIView)
def evaluation_notes(evaluation_id: int):
"""
Retourne la liste des notes à partir de l'id d'une évaluation donnée

View File

@ -14,15 +14,14 @@ import app
from app import models
from app.api import bp
from app.api.errors import error_response
from app.api.auth import token_auth, token_permission_required
from app.api.auth import permission_required_api
from app.models.formations import Formation
from app.scodoc import sco_formations
from app.scodoc.sco_permissions import Permission
@bp.route("/formations", methods=["GET"])
@token_auth.login_required
@token_permission_required(Permission.APIView)
@permission_required_api(Permission.ScoView, Permission.APIView)
def formations():
"""
Retourne la liste de toutes les formations (tous départements)
@ -33,8 +32,7 @@ def formations():
@bp.route("/formations_ids", methods=["GET"])
@token_auth.login_required
@token_permission_required(Permission.APIView)
@permission_required_api(Permission.ScoView, Permission.APIView)
def formations_ids():
"""
Retourne la liste de toutes les id de formations (tous départements)
@ -46,8 +44,7 @@ def formations_ids():
@bp.route("/formation/<int:formation_id>", methods=["GET"])
@token_auth.login_required
@token_permission_required(Permission.APIView)
@permission_required_api(Permission.ScoView, Permission.APIView)
def formation_by_id(formation_id: int):
"""
La formation d'id donné
@ -83,8 +80,7 @@ def formation_by_id(formation_id: int):
methods=["GET"],
defaults={"export_ids": True},
)
@token_auth.login_required
@token_permission_required(Permission.APIView)
@permission_required_api(Permission.ScoView, Permission.APIView)
def formation_export_by_formation_id(formation_id: int, export_ids=False):
"""
Retourne la formation, avec UE, matières, modules
@ -192,8 +188,7 @@ def formation_export_by_formation_id(formation_id: int, export_ids=False):
@bp.route("/formation/moduleimpl/<int:moduleimpl_id>", methods=["GET"])
@token_auth.login_required
@token_permission_required(Permission.APIView)
@permission_required_api(Permission.ScoView, Permission.APIView)
def moduleimpl(moduleimpl_id: int):
"""
Retourne un module moduleimpl en fonction de son id
@ -237,8 +232,7 @@ def moduleimpl(moduleimpl_id: int):
"/formation/<int:formation_id>/referentiel_competences",
methods=["GET"],
)
@token_auth.login_required
@token_permission_required(Permission.APIView)
@permission_required_api(Permission.ScoView, Permission.APIView)
def referentiel_competences(formation_id: int):
"""
Retourne le référentiel de compétences

View File

@ -12,7 +12,7 @@ from flask import abort, jsonify, request
import app
from app import models
from app.api import bp
from app.api.auth import token_auth, token_permission_required
from app.api.auth import permission_required_api
from app.comp import res_sem
from app.comp.moy_mod import ModuleImplResults
from app.comp.res_compat import NotesTableCompat
@ -25,8 +25,7 @@ import app.scodoc.sco_utils as scu
@bp.route("/formsemestre/<int:formsemestre_id>", methods=["GET"])
@token_auth.login_required
@token_permission_required(Permission.APIView)
@permission_required_api(Permission.ScoView, Permission.APIView)
def formsemestre_infos(formsemestre_id: int):
"""
Information sur le formsemestre indiqué.
@ -69,8 +68,7 @@ def formsemestre_infos(formsemestre_id: int):
@bp.route("/formsemestres/query", methods=["GET"])
@token_auth.login_required
@token_permission_required(Permission.APIView)
@permission_required_api(Permission.ScoView, Permission.APIView)
def formsemestres_query():
"""
Retourne les formsemestres filtrés par
@ -115,8 +113,7 @@ def formsemestres_query():
@bp.route("/formsemestre/<int:formsemestre_id>/bulletins", methods=["GET"])
@token_auth.login_required
@token_permission_required(Permission.APIView)
@permission_required_api(Permission.ScoView, Permission.APIView)
def bulletins(formsemestre_id: int):
"""
Retourne les bulletins d'un formsemestre donné
@ -140,8 +137,7 @@ def bulletins(formsemestre_id: int):
"/formsemestre/<int:formsemestre_id>/programme",
methods=["GET"],
)
@token_auth.login_required
@token_permission_required(Permission.APIView)
@permission_required_api(Permission.ScoView, Permission.APIView)
def formsemestre_programme(formsemestre_id: int):
"""
Retourne la liste des Ues, ressources et SAE d'un semestre
@ -242,8 +238,7 @@ def formsemestre_programme(formsemestre_id: int):
methods=["GET"],
defaults={"etat": scu.DEF},
)
@token_auth.login_required
@token_permission_required(Permission.APIView)
@permission_required_api(Permission.ScoView, Permission.APIView)
def formsemestre_etudiants(formsemestre_id: int, etat: str):
"""
Retourne la liste des étudiants d'un formsemestre
@ -265,8 +260,7 @@ def formsemestre_etudiants(formsemestre_id: int, etat: str):
@bp.route("/formsemestre/<int:formsemestre_id>/etat_evals", methods=["GET"])
@token_auth.login_required
@token_permission_required(Permission.APIView)
@permission_required_api(Permission.ScoView, Permission.APIView)
def etat_evals(formsemestre_id: int):
"""
Informations sur l'état des évaluations d'un formsemestre.
@ -372,8 +366,7 @@ def etat_evals(formsemestre_id: int):
@bp.route("/formsemestre/<int:formsemestre_id>/resultats", methods=["GET"])
@token_auth.login_required
@token_permission_required(Permission.APIView)
@permission_required_api(Permission.ScoView, Permission.APIView)
def formsemestre_resultat(formsemestre_id: int):
"""Tableau récapitulatif des résultats
Pour chaque étudiant, son état, ses groupes, ses moyennes d'UE et de modules.

View File

@ -4,7 +4,7 @@
# from app import models
# from app.api import bp
# from app.api.errors import error_response
# from app.api.auth import token_auth, token_permission_required
# from app.api.auth import permission_required_api
# from app.scodoc.sco_prepajury import feuille_preparation_jury
# from app.scodoc.sco_pvjury import formsemestre_pvjury

View File

@ -38,13 +38,12 @@ from app.api.auth import token_auth
from app.api.errors import error_response
from app.models import Departement
from app.scodoc.sco_logos import list_logos, find_logo
from app.api.auth import token_auth, token_permission_required
from app.api.auth import permission_required_api
from app.scodoc.sco_permissions import Permission
@bp.route("/logos", methods=["GET"])
@token_auth.login_required
@token_permission_required(Permission.APIView)
@permission_required_api(Permission.ScoView, Permission.APIView)
def api_get_glob_logos():
if not g.current_user.has_permission(Permission.ScoSuperAdmin, None):
return error_response(401, message="accès interdit")
@ -56,8 +55,7 @@ def api_get_glob_logos():
@bp.route("/logos/<string:logoname>", methods=["GET"])
@token_auth.login_required
@token_permission_required(Permission.APIView)
@permission_required_api(Permission.ScoView, Permission.APIView)
def api_get_glob_logo(logoname):
if not g.current_user.has_permission(Permission.ScoSuperAdmin, None):
return error_response(401, message="accès interdit")
@ -73,8 +71,7 @@ def api_get_glob_logo(logoname):
@bp.route("/departements/<string:departement>/logos", methods=["GET"])
@token_auth.login_required
@token_permission_required(Permission.APIView)
@permission_required_api(Permission.ScoView, Permission.APIView)
def api_get_local_logos(departement):
dept_id = Departement.from_acronym(departement).id
if not g.current_user.has_permission(Permission.ScoChangePreferences, departement):
@ -84,8 +81,7 @@ def api_get_local_logos(departement):
@bp.route("/departements/<string:departement>/logos/<string:logoname>", methods=["GET"])
@token_auth.login_required
@token_permission_required(Permission.APIView)
@permission_required_api(Permission.ScoView, Permission.APIView)
def api_get_local_logo(departement, logoname):
# format = requested_format("jpg", ['png', 'jpg']) XXX ?
dept_id = Departement.from_acronym(departement).id

View File

@ -12,7 +12,7 @@ from flask import abort, jsonify, request
import app
from app import db, log
from app.api import bp
from app.api.auth import token_auth, token_permission_required
from app.api.auth import permission_required_api
from app.models import FormSemestre, FormSemestreInscription, Identite
from app.models import GroupDescr, Partition
from app.models.groups import group_membership
@ -22,8 +22,7 @@ from app.scodoc import sco_utils as scu
@bp.route("/partition/<int:partition_id>", methods=["GET"])
@token_auth.login_required
@token_permission_required(Permission.APIView)
@permission_required_api(Permission.ScoView, Permission.APIView)
def partition_info(partition_id: int):
"""
Exemple de résultat :
@ -48,8 +47,7 @@ def partition_info(partition_id: int):
@bp.route("/formsemestre/<int:formsemestre_id>/partitions", methods=["GET"])
@token_auth.login_required
@token_permission_required(Permission.APIView)
@permission_required_api(Permission.ScoView, Permission.APIView)
def formsemestre_partitions(formsemestre_id: int):
"""
Retourne la liste de toutes les partitions d'un formsemestre
@ -64,8 +62,7 @@ def formsemestre_partitions(formsemestre_id: int):
@bp.route("/group/<int:group_id>/etudiants", methods=["GET"])
@token_auth.login_required
@token_permission_required(Permission.APIView)
@permission_required_api(Permission.ScoView, Permission.APIView)
def etud_in_group(group_id: int):
"""
Retourne la liste des étudiants dans un groupe
@ -91,8 +88,7 @@ def etud_in_group(group_id: int):
@bp.route("/group/<int:group_id>/etudiants/query", methods=["GET"])
@token_auth.login_required
@token_permission_required(Permission.APIView)
@permission_required_api(Permission.ScoView, Permission.APIView)
def etud_in_group_query(group_id: int):
"""Etudiants du groupe, filtrés par état"""
etat = request.args.get("etat")
@ -110,8 +106,7 @@ def etud_in_group_query(group_id: int):
@bp.route("/group/<int:group_id>/set_etudiant/<int:etudid>", methods=["POST"])
@token_auth.login_required
@token_permission_required(Permission.APIEditGroups)
@permission_required_api(Permission.ScoEtudChangeGroups, Permission.APIEditGroups)
def set_etud_group(etudid: int, group_id: int):
"""Affecte l'étudiant au groupe indiqué"""
etud = Identite.query.get_or_404(etudid)
@ -136,8 +131,7 @@ def set_etud_group(etudid: int, group_id: int):
@bp.route("/partition/<int:partition_id>/group/create", methods=["POST"])
@token_auth.login_required
@token_permission_required(Permission.APIEditGroups)
@permission_required_api(Permission.ScoEtudChangeGroups, Permission.APIEditGroups)
def group_create(partition_id: int):
"""Création d'un groupe dans une partition
@ -167,8 +161,7 @@ def group_create(partition_id: int):
@bp.route("/group/<int:group_id>/delete", methods=["POST"])
@token_auth.login_required
@token_permission_required(Permission.APIEditGroups)
@permission_required_api(Permission.ScoEtudChangeGroups, Permission.APIEditGroups)
def group_delete(group_id: int):
"""Suppression d'un groupe"""
group = GroupDescr.query.get_or_404(group_id)
@ -184,8 +177,7 @@ def group_delete(group_id: int):
@bp.route("/group/<int:group_id>/edit", methods=["POST"])
@token_auth.login_required
@token_permission_required(Permission.APIEditGroups)
@permission_required_api(Permission.ScoEtudChangeGroups, Permission.APIEditGroups)
def group_edit(group_id: int):
"""Edit a group"""
group: GroupDescr = GroupDescr.query.get_or_404(group_id)
@ -206,8 +198,7 @@ def group_edit(group_id: int):
@bp.route("/formsemestre/<int:formsemestre_id>/partition/create", methods=["POST"])
@token_auth.login_required
@token_permission_required(Permission.APIEditGroups)
@permission_required_api(Permission.ScoEtudChangeGroups, Permission.APIEditGroups)
def partition_create(formsemestre_id: int):
"""Création d'une partition dans un semestre
@ -253,8 +244,7 @@ def partition_create(formsemestre_id: int):
@bp.route("/partition/<int:partition_id>/edit", methods=["POST"])
@token_auth.login_required
@token_permission_required(Permission.APIEditGroups)
@permission_required_api(Permission.ScoEtudChangeGroups, Permission.APIEditGroups)
def partition_edit(partition_id: int):
"""Modification d'une partition dans un semestre
@ -306,8 +296,7 @@ def partition_edit(partition_id: int):
@bp.route("/partition/<int:partition_id>/delete", methods=["POST"])
@token_auth.login_required
@token_permission_required(Permission.APIEditGroups)
@permission_required_api(Permission.ScoEtudChangeGroups, Permission.APIEditGroups)
def partition_delete(partition_id: int):
"""Suppression d'une partition (et de tous ses groupes).

View File

@ -36,8 +36,13 @@ load_dotenv(os.path.join(BASEDIR, ".env"))
CHK_CERT = bool(int(os.environ.get("CHECK_CERTIFICATE", False)))
SCODOC_URL = os.environ.get("SCODOC_URL") or "http://localhost:5000"
API_URL = SCODOC_URL + "/ScoDoc/api"
# Admin:
SCODOC_USER = os.environ["SCODOC_USER"]
SCODOC_PASSWORD = os.environ["SCODOC_PASSWORD"]
# Lecteur
SCODOC_USER_API_LECTEUR = os.environ["SCODOC_USER_API_LECTEUR"]
SCODOC_PASSWORD_API_LECTEUR = os.environ["SCODOC_PASSWORD_API_LECTEUR"]
print(f"SCODOC_URL={SCODOC_URL}")
print(f"API URL={API_URL}")
@ -84,13 +89,16 @@ def POST_JSON(path: str, data: dict = {}, headers={}, errmsg=None):
return r.json() # decode la reponse JSON
# --- Obtention du jeton (token)
r = requests.post(API_URL + "/tokens", auth=(SCODOC_USER, SCODOC_PASSWORD))
def GET_TOKEN(user, password):
"Obtention du jeton (token)"
r = requests.post(API_URL + "/tokens", auth=(user, password))
assert r.status_code == 200
token = r.json()["token"]
HEADERS = {"Authorization": f"Bearer {token}"}
# HEADERS_JSON = HEADERS.copy()
# HEADERS_JSON["Content-Type"] = "application/json"
return {"Authorization": f"Bearer {token}"}
HEADERS = GET_TOKEN(SCODOC_USER, SCODOC_PASSWORD)
HEADERS_USER = GET_TOKEN(SCODOC_USER_API_LECTEUR, SCODOC_PASSWORD_API_LECTEUR)
r = requests.get(API_URL + "/departements", headers=HEADERS, verify=CHK_CERT)
if r.status_code != 200: