TG-35 : TU LoginAPI
This commit is contained in:
Clément ARNAUDEAU
@ -19,12 +19,9 @@ class LoginAPI(Resource):
|
||||
userInfo = self.getUserInfoFromCAS(args['login'], args['password'])
|
||||
|
||||
if userInfo is not None:
|
||||
query = USER.select(USER.c.login == userInfo["login"])
|
||||
res = query.execute()
|
||||
user = res.first()
|
||||
# TODO : check si le user fait partie d'un group actif
|
||||
if user is not None:
|
||||
session['user'] = user.id
|
||||
user = getUser(login=userInfo['login'])
|
||||
if user is not None and isUserAllowed(user["id"]):
|
||||
session['user'] = user
|
||||
return {'AUTH_RESULT': 'OK'}, 200
|
||||
else:
|
||||
return {'AUTH_RESULT': 'NOT_ALLOWED'}, 403
|
||||
|
||||
@ -1,5 +1,7 @@
|
||||
from app.core import meta
|
||||
from sqlalchemy import Table
|
||||
from sqlalchemy import or_
|
||||
|
||||
from app.core import meta, db, Base
|
||||
|
||||
USER = Table('USER', meta, autoload=False)
|
||||
SETTINGS = Table('SETTINGS', meta, autoload=False)
|
||||
@ -8,3 +10,43 @@ GROUP = Table('GROUP', meta, autoload=False)
|
||||
TUTORSHIP = Table('TUTORSHIP', meta, autoload=False)
|
||||
PERIOD = Table('PERIOD', meta, autoload=False)
|
||||
LIVRET = Table('LIVRET', meta, autoload=False)
|
||||
|
||||
user_class = Base.classes.USER
|
||||
settings_class = Base.classes.SETTINGS
|
||||
hashtable_class = Base.classes.HASHTABLE
|
||||
group_class = Base.classes.GROUP
|
||||
tutorship_class = Base.classes.TUTORSHIP
|
||||
period_class = Base.classes.PERIOD
|
||||
livret_class = Base.classes.LIVRET
|
||||
|
||||
|
||||
def getUser(id=0, login="", email=""):
|
||||
res = None
|
||||
|
||||
if id == 0 and login == "" and email == "":
|
||||
raise Exception("getUser must be called with one argument !")
|
||||
else:
|
||||
if id != 0:
|
||||
res = db.session.query(user_class).get(id)
|
||||
|
||||
elif login != "":
|
||||
query = USER.select(USER.c.login == login)
|
||||
rows = query.execute()
|
||||
res = rows.first()
|
||||
|
||||
elif email != "":
|
||||
query = USER.select(USER.c.email == email)
|
||||
rows = query.execute()
|
||||
res = rows.first()
|
||||
|
||||
if res is not None:
|
||||
return {"id": res.id, "login": res.login, "email": res.email, "role": res.role, "phone": res.phone}
|
||||
else:
|
||||
return None
|
||||
|
||||
|
||||
def isUserAllowed(uid):
|
||||
query = db.session.query(group_class, tutorship_class).join(tutorship_class) \
|
||||
.filter(or_(tutorship_class.student_id == uid, group_class.resp_id == uid))
|
||||
res = query.all()
|
||||
return res is not None and len(res) > 0
|
||||
|
||||
Reference in New Issue
Block a user