TG-35 : TU LoginAPI
This commit is contained in:
Clément ARNAUDEAU
parent
f5b7026e40
commit
1c275c6501
@ -19,12 +19,9 @@ class LoginAPI(Resource):
|
|||||||
userInfo = self.getUserInfoFromCAS(args['login'], args['password'])
|
userInfo = self.getUserInfoFromCAS(args['login'], args['password'])
|
||||||
|
|
||||||
if userInfo is not None:
|
if userInfo is not None:
|
||||||
query = USER.select(USER.c.login == userInfo["login"])
|
user = getUser(login=userInfo['login'])
|
||||||
res = query.execute()
|
if user is not None and isUserAllowed(user["id"]):
|
||||||
user = res.first()
|
session['user'] = user
|
||||||
# TODO : check si le user fait partie d'un group actif
|
|
||||||
if user is not None:
|
|
||||||
session['user'] = user.id
|
|
||||||
return {'AUTH_RESULT': 'OK'}, 200
|
return {'AUTH_RESULT': 'OK'}, 200
|
||||||
else:
|
else:
|
||||||
return {'AUTH_RESULT': 'NOT_ALLOWED'}, 403
|
return {'AUTH_RESULT': 'NOT_ALLOWED'}, 403
|
||||||
|
|||||||
@ -1,5 +1,7 @@
|
|||||||
from app.core import meta
|
|
||||||
from sqlalchemy import Table
|
from sqlalchemy import Table
|
||||||
|
from sqlalchemy import or_
|
||||||
|
|
||||||
|
from app.core import meta, db, Base
|
||||||
|
|
||||||
USER = Table('USER', meta, autoload=False)
|
USER = Table('USER', meta, autoload=False)
|
||||||
SETTINGS = Table('SETTINGS', meta, autoload=False)
|
SETTINGS = Table('SETTINGS', meta, autoload=False)
|
||||||
@ -8,3 +10,43 @@ GROUP = Table('GROUP', meta, autoload=False)
|
|||||||
TUTORSHIP = Table('TUTORSHIP', meta, autoload=False)
|
TUTORSHIP = Table('TUTORSHIP', meta, autoload=False)
|
||||||
PERIOD = Table('PERIOD', meta, autoload=False)
|
PERIOD = Table('PERIOD', meta, autoload=False)
|
||||||
LIVRET = Table('LIVRET', meta, autoload=False)
|
LIVRET = Table('LIVRET', meta, autoload=False)
|
||||||
|
|
||||||
|
user_class = Base.classes.USER
|
||||||
|
settings_class = Base.classes.SETTINGS
|
||||||
|
hashtable_class = Base.classes.HASHTABLE
|
||||||
|
group_class = Base.classes.GROUP
|
||||||
|
tutorship_class = Base.classes.TUTORSHIP
|
||||||
|
period_class = Base.classes.PERIOD
|
||||||
|
livret_class = Base.classes.LIVRET
|
||||||
|
|
||||||
|
|
||||||
|
def getUser(id=0, login="", email=""):
|
||||||
|
res = None
|
||||||
|
|
||||||
|
if id == 0 and login == "" and email == "":
|
||||||
|
raise Exception("getUser must be called with one argument !")
|
||||||
|
else:
|
||||||
|
if id != 0:
|
||||||
|
res = db.session.query(user_class).get(id)
|
||||||
|
|
||||||
|
elif login != "":
|
||||||
|
query = USER.select(USER.c.login == login)
|
||||||
|
rows = query.execute()
|
||||||
|
res = rows.first()
|
||||||
|
|
||||||
|
elif email != "":
|
||||||
|
query = USER.select(USER.c.email == email)
|
||||||
|
rows = query.execute()
|
||||||
|
res = rows.first()
|
||||||
|
|
||||||
|
if res is not None:
|
||||||
|
return {"id": res.id, "login": res.login, "email": res.email, "role": res.role, "phone": res.phone}
|
||||||
|
else:
|
||||||
|
return None
|
||||||
|
|
||||||
|
|
||||||
|
def isUserAllowed(uid):
|
||||||
|
query = db.session.query(group_class, tutorship_class).join(tutorship_class) \
|
||||||
|
.filter(or_(tutorship_class.student_id == uid, group_class.resp_id == uid))
|
||||||
|
res = query.all()
|
||||||
|
return res is not None and len(res) > 0
|
||||||
|
|||||||
@ -67,6 +67,7 @@ class CheckDB(Command):
|
|||||||
print("\nSETTINGS content :")
|
print("\nSETTINGS content :")
|
||||||
for res in result:
|
for res in result:
|
||||||
print(res.key + " = " + res.value + " -> " + res.description)
|
print(res.key + " = " + res.value + " -> " + res.description)
|
||||||
|
model.getUser(id=1)
|
||||||
|
|
||||||
|
|
||||||
manager.add_command('checkdb', CheckDB())
|
manager.add_command('checkdb', CheckDB())
|
||||||
|
|||||||
@ -3,19 +3,37 @@ import unittest
|
|||||||
from flask import json
|
from flask import json
|
||||||
|
|
||||||
from app.core import app
|
from app.core import app
|
||||||
from app.model import USER, getUser
|
from app.model import USER, getUser, GROUP, TUTORSHIP, tutorship_class, group_class, user_class
|
||||||
|
|
||||||
|
|
||||||
class AuthTestCase(unittest.TestCase):
|
class AuthTestCase(unittest.TestCase):
|
||||||
|
uid = None
|
||||||
|
gid = None
|
||||||
|
tid = None
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
def setUpClass(cls):
|
def setUpClass(cls):
|
||||||
if getUser(login="admin") is None:
|
if getUser(login="admin") is None:
|
||||||
query = USER.insert().values(login="admin", email="admin@admin.com", role="4", phone="00.00.00.00.00")
|
query = USER.insert().values(login="admin", email="admin@admin.com", role="4", phone="00.00.00.00.00")
|
||||||
query.execute()
|
res = query.execute()
|
||||||
|
cls.uid = res.lastrowid
|
||||||
|
query = GROUP.insert().values(name="test", year="2017", class_long="classe toto", class_short="toto",
|
||||||
|
department="plop", ressources_dir="/plop/toto", resp_id=cls.uid)
|
||||||
|
res = query.execute()
|
||||||
|
cls.gid = res.lastrowid
|
||||||
|
query = TUTORSHIP.insert().values(student_id=cls.uid, ptutor_id=cls.uid, group_id=cls.gid)
|
||||||
|
res = query.execute()
|
||||||
|
cls.tid = res.lastrowid
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
def tearDownClass(cls):
|
def tearDownClass(cls):
|
||||||
pass
|
if cls.uid is not None and cls.gid is not None and cls.tid is not None:
|
||||||
|
query = TUTORSHIP.delete().where(tutorship_class.id == cls.tid)
|
||||||
|
query.execute()
|
||||||
|
query = GROUP.delete().where(group_class.id == cls.gid)
|
||||||
|
query.execute()
|
||||||
|
query = USER.delete().where(user_class.id == cls.uid)
|
||||||
|
query.execute()
|
||||||
|
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
self.app = app.test_client()
|
self.app = app.test_client()
|
||||||
|
|||||||
Reference in New Issue
Block a user