From 677415fbfcaf46c998359fd7efd2800352525dba Mon Sep 17 00:00:00 2001 From: Lyanis Souidi Date: Sat, 10 Feb 2024 14:11:34 +0100 Subject: [PATCH 1/3] Ajout des annotations dans l'API --- app/models/etudiants.py | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/app/models/etudiants.py b/app/models/etudiants.py index 6a275b46..21b8d1ce 100644 --- a/app/models/etudiants.py +++ b/app/models/etudiants.py @@ -518,6 +518,12 @@ class Identite(models.ScoDocModel): e["dept_acronym"] = self.departement.acronym e.pop("departement", None) e["sort_key"] = self.sort_key + e["annotations"] = [ + annot.to_dict() + for annot in EtudAnnotation.query.filter_by(etudid=self.id).order_by( + desc(EtudAnnotation.date) + ) + ] if restrict: # Met à None les attributs protégés: for attr in self.protected_attrs: @@ -1076,6 +1082,12 @@ class EtudAnnotation(db.Model): author = db.Column(db.Text) # le pseudo (user_name), was zope_authenticated_user comment = db.Column(db.Text) + def to_dict(self): + """Représentation dictionnaire.""" + e = dict(self.__dict__) + e.pop("_sa_instance_state", None) + return e + from app.models.formsemestre import FormSemestre from app.models.modules import Module From e989a4ffa8b59fefb100841b18e3aea342308faf Mon Sep 17 00:00:00 2001 From: Lyanis Souidi Date: Sat, 10 Feb 2024 15:53:57 +0100 Subject: [PATCH 2/3] =?UTF-8?q?Restreint=20l'acc=C3=A8s=20aux=20annotation?= =?UTF-8?q?s=20via=20l'API=20=C3=A0=20la=20permission=20ViewEtudData?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/models/etudiants.py | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/app/models/etudiants.py b/app/models/etudiants.py index 21b8d1ce..86490dd3 100644 --- a/app/models/etudiants.py +++ b/app/models/etudiants.py @@ -519,7 +519,7 @@ class Identite(models.ScoDocModel): e.pop("departement", None) e["sort_key"] = self.sort_key e["annotations"] = [ - annot.to_dict() + annot.to_dict(restrict=restrict) for annot in EtudAnnotation.query.filter_by(etudid=self.id).order_by( desc(EtudAnnotation.date) ) @@ -1082,10 +1082,14 @@ class EtudAnnotation(db.Model): author = db.Column(db.Text) # le pseudo (user_name), was zope_authenticated_user comment = db.Column(db.Text) - def to_dict(self): - """Représentation dictionnaire.""" + protected_attrs = {"comment"} + + def to_dict(self, restrict=False): + """Représentation dictionnaire. Si restrict, filtre les champs protégés (RGPD).""" e = dict(self.__dict__) e.pop("_sa_instance_state", None) + if restrict: + e = {k: v for (k, v) in e.items() if k not in self.protected_attrs} return e From dbd0124c2ce53aafbb977c35f05e0ef341443812 Mon Sep 17 00:00:00 2001 From: Lyanis Souidi Date: Sat, 10 Feb 2024 19:32:43 +0100 Subject: [PATCH 3/3] Retrait des annotations inutiles sur certaines routes API --- app/api/etudiants.py | 10 +++++++--- app/models/etudiants.py | 15 ++++++++------- 2 files changed, 15 insertions(+), 10 deletions(-) diff --git a/app/api/etudiants.py b/app/api/etudiants.py index d66c648d..b1d07c5f 100755 --- a/app/api/etudiants.py +++ b/app/api/etudiants.py @@ -105,7 +105,9 @@ def etudiants_courants(long=False): ) if long: restrict = not current_user.has_permission(Permission.ViewEtudData) - data = [etud.to_dict_api(restrict=restrict) for etud in etuds] + data = [ + etud.to_dict_api(restrict=restrict, with_annotations=True) for etud in etuds + ] else: data = [etud.to_dict_short() for etud in etuds] return data @@ -140,7 +142,7 @@ def etudiant(etudid: int = None, nip: str = None, ine: str = None): message="étudiant inconnu", ) restrict = not current_user.has_permission(Permission.ViewEtudData) - return etud.to_dict_api(restrict=restrict) + return etud.to_dict_api(restrict=restrict, with_annotations=True) @bp.route("/etudiant/etudid//photo") @@ -253,7 +255,9 @@ def etudiants(etudid: int = None, nip: str = None, ine: str = None): or_(Departement.acronym == acronym for acronym in allowed_depts) ) restrict = not current_user.has_permission(Permission.ViewEtudData) - return [etud.to_dict_api(restrict=restrict) for etud in query] + return [ + etud.to_dict_api(restrict=restrict, with_annotations=True) for etud in query + ] @bp.route("/etudiants/name/") diff --git a/app/models/etudiants.py b/app/models/etudiants.py index 86490dd3..5e61d028 100644 --- a/app/models/etudiants.py +++ b/app/models/etudiants.py @@ -506,7 +506,7 @@ class Identite(models.ScoDocModel): d["id"] = self.id # a été écrasé par l'id de adresse return d - def to_dict_api(self, restrict=False) -> dict: + def to_dict_api(self, restrict=False, with_annotations=False) -> dict: """Représentation dictionnaire pour export API, avec adresses et admission. Si restrict, supprime les infos "personnelles" (boursier) """ @@ -518,12 +518,13 @@ class Identite(models.ScoDocModel): e["dept_acronym"] = self.departement.acronym e.pop("departement", None) e["sort_key"] = self.sort_key - e["annotations"] = [ - annot.to_dict(restrict=restrict) - for annot in EtudAnnotation.query.filter_by(etudid=self.id).order_by( - desc(EtudAnnotation.date) - ) - ] + if with_annotations: + e["annotations"] = [ + annot.to_dict(restrict=restrict) + for annot in EtudAnnotation.query.filter_by(etudid=self.id).order_by( + desc(EtudAnnotation.date) + ) + ] if restrict: # Met à None les attributs protégés: for attr in self.protected_attrs: