API: /etudiants/courants avec restriction aux départements

This commit is contained in:
Emmanuel Viennet 2022-07-24 15:51:13 +02:00
parent 0535d99456
commit 936fe3d716
4 changed files with 83 additions and 18 deletions

View File

@ -28,6 +28,7 @@ from functools import wraps
from flask import g from flask import g
from flask_httpauth import HTTPBasicAuth, HTTPTokenAuth from flask_httpauth import HTTPBasicAuth, HTTPTokenAuth
import flask_login
from flask_login import current_user from flask_login import current_user
from app import log from app import log
@ -61,6 +62,7 @@ def verify_token(token) -> User:
""" """
user = User.check_token(token) if token else None user = User.check_token(token) if token else None
flask_login.login_user(user)
g.current_user = user g.current_user = user
return user return user

View File

@ -8,7 +8,9 @@
API : accès aux étudiants API : accès aux étudiants
""" """
from flask import jsonify from flask import g, jsonify
from flask_login import current_user
from sqlalchemy import or_
import app import app
from app.api import bp from app.api import bp
@ -27,33 +29,68 @@ from app.scodoc.sco_permissions import Permission
@permission_required_api(Permission.ScoView, Permission.APIView) @permission_required_api(Permission.ScoView, Permission.APIView)
def etudiants_courants(long=False): def etudiants_courants(long=False):
""" """
Liste des étudiants inscrits dans un formsemestre actuellement en cours. La liste des étudiants des semestres "courants" (tous département)
(date du jour comprise dans la période couverte par le sem.)
dans lesquels l'utilisateur a le rôle APIView (donc tous si le dept du
rôle est None).
Exemple de résultat : Exemple de résultat :
[ [
{ {
"id": 1, "id": 1234,
"nip": 1, "nip": "12345678",
"nom": "MOREL", "ine": null,
"prenom": "JACQUES", "nom": "JOHN",
"civilite": "X", "nom_usuel": None,
}, "prenom": "DEUF",
{ "civilite": "M",
"id": 2, }
"nip": 2,
"nom": "GILLES",
"prenom": "MAXIME",
"civilite": "X",
},
... ...
] ]
En format "long":
{
"boursier": True,
"civilite": "F",
"code_ine": "AP987654",
"code_nip": "1234567",
"codepostaldomicile": "92800",
"date_naissance": "21/06/2000",
"dept_acronym": "CJ",
"dept_id": 1,
"dept_naissance": "092",
"description": "infos portail",
"domicile": "Plaza Condell",
"email": "jeanne.dupont@xxx.fr",
"emailperso": "",
"etudid": 4853,
"id": 4863,
"lieu_naissance": "SEVRES",
"nationalite": "",
"nom": "DUPONT",
"nomprenom": "Mme Jeanne Dupont",
"paysdomicile": "FRANCE",
"prenom": "JEANNE",
"telephone": "0102030405",
"telephonemobile": "",
"typeadresse": "domicile",
"villedomicile": "VALPARAISO",
}
""" """
allowed_depts = current_user.get_depts_with_permission(
Permission.APIView | Permission.ScoView
)
etuds = Identite.query.filter( etuds = Identite.query.filter(
Identite.id == FormSemestreInscription.etudid, Identite.id == FormSemestreInscription.etudid,
FormSemestreInscription.formsemestre_id == FormSemestre.id, FormSemestreInscription.formsemestre_id == FormSemestre.id,
FormSemestre.date_debut <= app.db.func.now(), FormSemestre.date_debut <= app.db.func.now(),
FormSemestre.date_fin >= app.db.func.now(), FormSemestre.date_fin >= app.db.func.now(),
) )
if not None in allowed_depts:
# restreint aux départements autorisés:
etuds = etuds.join(Departement).filter(
or_(Departement.acronym == acronym for acronym in allowed_depts)
)
if long: if long:
data = [etud.to_dict_bul(include_urls=False) for etud in etuds] data = [etud.to_dict_bul(include_urls=False) for etud in etuds]
else: else:

View File

@ -315,6 +315,20 @@ class User(UserMixin, db.Model):
if r is not None if r is not None
) )
def get_depts_with_permission(self, permission: int) -> list[str]:
"""Liste des acronymes de département dans lesquels cet utilisateur
possède la permission indiquée.
L'"acronyme" None signifie "tous les départements".
Si plusieurs permissions (plusieurs bits) sont indiquées, c'est un "ou":
les départements dans lesquels l'utilisateur a l'une des permissions.
"""
return [
user_role.dept
for user_role in UserRole.query.filter_by(user=self)
.join(Role)
.filter(Role.permissions.op("&")(permission) != 0)
]
def is_administrator(self): def is_administrator(self):
"True if i'm an active SuperAdmin" "True if i'm an active SuperAdmin"
return self.active and self.has_permission(Permission.ScoSuperAdmin, dept=None) return self.active and self.has_permission(Permission.ScoSuperAdmin, dept=None)

View File

@ -276,6 +276,7 @@ def edit_role(rolename, addpermissionname=None, removepermissionname=None): # e
if perm_to_add or perm_to_remove: if perm_to_add or perm_to_remove:
db.session.add(role) db.session.add(role)
db.session.commit() db.session.commit()
print(role)
@app.cli.command() @app.cli.command()
@ -301,16 +302,27 @@ def user_role(username, dept_acronym=None, add_role_name=None, remove_role_name=
if not user: if not user:
sys.stderr.write(f"user_role: user {username} does not exists\n") sys.stderr.write(f"user_role: user {username} does not exists\n")
return 1 return 1
# Sans argument, affiche les rôles de l'utilisateur
if dept_acronym is None and add_role_name is None and remove_role_name is None:
print(f"Roles for user {user.user_name}")
for user_role in sorted(
user.user_roles, key=lambda ur: (ur.dept or "", ur.role.name)
):
print(f"""{user_role.dept or "tous"}:\t{user_role.role.name}""")
if dept_acronym: if dept_acronym:
dept = models.Departement.query.filter_by(acronym=dept_acronym).first() dept = models.Departement.query.filter_by(acronym=dept_acronym).first()
if dept is None: if dept is None:
sys.stderr.write(f"Erreur: le departement {dept} n'existe pas !\n") sys.stderr.write(f"Erreur: le departement {dept_acronym} n'existe pas !\n")
return 2 return 2
if add_role_name: if add_role_name:
role = Role.query.filter_by(name=add_role_name).first() role = Role.query.filter_by(name=add_role_name).first()
if role is None: if role is None:
sys.stderr.write(f"user_role: role {add_role_name} does not exists\n") sys.stderr.write(
f"""user_role: role {add_role_name} does not exists
(use list-roles to display existing roles)\n"""
)
return 2 return 2
user.add_role(role, dept_acronym) user.add_role(role, dept_acronym)
if remove_role_name: if remove_role_name: