TG-35 : TU LoginAPI

2017-01-24 13:28:05 +01:00
parent f5b7026e40
commit 1c275c6501
4 changed files with 68 additions and 10 deletions
--- a/backend/app/api/loginAPI.py
+++ b/backend/app/api/loginAPI.py
@ -19,12 +19,9 @@ class LoginAPI(Resource):
        userInfo = self.getUserInfoFromCAS(args['login'], args['password'])

        if userInfo is not None:
-            query = USER.select(USER.c.login == userInfo["login"])
-            res = query.execute()
-            user = res.first()
-            # TODO : check si le user fait partie d'un group actif
-            if user is not None:
-                session['user'] = user.id
+            user = getUser(login=userInfo['login'])
+            if user is not None and isUserAllowed(user["id"]):
+                session['user'] = user
                return {'AUTH_RESULT': 'OK'}, 200
            else:
                return {'AUTH_RESULT': 'NOT_ALLOWED'}, 403