TG-35 : TU LoginAPI

2017-01-24 13:28:05 +01:00 · 2017-01-24 13:28:05 +01:00 · 1c275c6501
parent f5b7026e40
commit 1c275c6501
4 changed files with 68 additions and 10 deletions
--- a/backend/app/api/loginAPI.py
+++ b/backend/app/api/loginAPI.py
@ -19,12 +19,9 @@ class LoginAPI(Resource):
        userInfo = self.getUserInfoFromCAS(args['login'], args['password'])

        if userInfo is not None:
-            query = USER.select(USER.c.login == userInfo["login"])
-            res = query.execute()
-            user = res.first()
-            # TODO : check si le user fait partie d'un group actif
-            if user is not None:
-                session['user'] = user.id
+            user = getUser(login=userInfo['login'])
+            if user is not None and isUserAllowed(user["id"]):
+                session['user'] = user
                return {'AUTH_RESULT': 'OK'}, 200
            else:
                return {'AUTH_RESULT': 'NOT_ALLOWED'}, 403
--- a/backend/app/model.py
+++ b/backend/app/model.py
@ -1,5 +1,7 @@
-from app.core import meta
 from sqlalchemy import Table
+from sqlalchemy import or_
+
+from app.core import meta, db, Base

 USER = Table('USER', meta, autoload=False)
 SETTINGS = Table('SETTINGS', meta, autoload=False)
@ -8,3 +10,43 @@ GROUP = Table('GROUP', meta, autoload=False)
 TUTORSHIP = Table('TUTORSHIP', meta, autoload=False)
 PERIOD = Table('PERIOD', meta, autoload=False)
 LIVRET = Table('LIVRET', meta, autoload=False)
+
+user_class = Base.classes.USER
+settings_class = Base.classes.SETTINGS
+hashtable_class = Base.classes.HASHTABLE
+group_class = Base.classes.GROUP
+tutorship_class = Base.classes.TUTORSHIP
+period_class = Base.classes.PERIOD
+livret_class = Base.classes.LIVRET
+
+
+def getUser(id=0, login="", email=""):
+    res = None
+
+    if id == 0 and login == "" and email == "":
+        raise Exception("getUser must be called with one argument !")
+    else:
+        if id != 0:
+            res = db.session.query(user_class).get(id)
+
+        elif login != "":
+            query = USER.select(USER.c.login == login)
+            rows = query.execute()
+            res = rows.first()
+
+        elif email != "":
+            query = USER.select(USER.c.email == email)
+            rows = query.execute()
+            res = rows.first()
+
+        if res is not None:
+            return {"id": res.id, "login": res.login, "email": res.email, "role": res.role, "phone": res.phone}
+        else:
+            return None
+
+
+def isUserAllowed(uid):
+    query = db.session.query(group_class, tutorship_class).join(tutorship_class) \
+        .filter(or_(tutorship_class.student_id == uid, group_class.resp_id == uid))
+    res = query.all()
+    return res is not None and len(res) > 0
--- a/backend/manage.py
+++ b/backend/manage.py
@ -67,6 +67,7 @@ class CheckDB(Command):
        print("\nSETTINGS content :")
        for res in result:
            print(res.key + " = " + res.value + " -> " + res.description)
+        model.getUser(id=1)


 manager.add_command('checkdb', CheckDB())
--- a/backend/tests/api/test_loginAPI.py
+++ b/backend/tests/api/test_loginAPI.py
@ -3,19 +3,37 @@ import unittest
 from flask import json

 from app.core import app
-from app.model import USER, getUser
+from app.model import USER, getUser, GROUP, TUTORSHIP, tutorship_class, group_class, user_class


 class AuthTestCase(unittest.TestCase):
+    uid = None
+    gid = None
+    tid = None
+
    @classmethod
    def setUpClass(cls):
        if getUser(login="admin") is None:
            query = USER.insert().values(login="admin", email="admin@admin.com", role="4", phone="00.00.00.00.00")
-            query.execute()
+            res = query.execute()
+            cls.uid = res.lastrowid
+            query = GROUP.insert().values(name="test", year="2017", class_long="classe toto", class_short="toto",
+                                          department="plop", ressources_dir="/plop/toto", resp_id=cls.uid)
+            res = query.execute()
+            cls.gid = res.lastrowid
+            query = TUTORSHIP.insert().values(student_id=cls.uid, ptutor_id=cls.uid, group_id=cls.gid)
+            res = query.execute()
+            cls.tid = res.lastrowid

    @classmethod
    def tearDownClass(cls):
-        pass
+        if cls.uid is not None and cls.gid is not None and cls.tid is not None:
+            query = TUTORSHIP.delete().where(tutorship_class.id == cls.tid)
+            query.execute()
+            query = GROUP.delete().where(group_class.id == cls.gid)
+            query.execute()
+            query = USER.delete().where(user_class.id == cls.uid)
+            query.execute()

    def setUp(self):
        self.app = app.test_client()