QRouland/M2OLA
Archived
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

TG-35 : TU LoginAPI

Browse Source
This commit is contained in:
Clément ARNAUDEAU 2017-01-24 13:28:05 +01:00
parent f5b7026e40
commit 1c275c6501
4 changed files with 68 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
backend/app/api/loginAPI.py
View File

@ -19,12 +19,9 @@ class LoginAPI(Resource):
userInfo = self.getUserInfoFromCAS(args['login'], args['password'])
if userInfo is not None:
query = USER.select(USER.c.login == userInfo["login"])
res = query.execute()
user = res.first()
# TODO : check si le user fait partie d'un group actif
if user is not None:
session['user'] = user.id
user = getUser(login=userInfo['login'])
if user is not None and isUserAllowed(user["id"]):
session['user'] = user
return {'AUTH_RESULT': 'OK'}, 200
else:
return {'AUTH_RESULT': 'NOT_ALLOWED'}, 403

44
backend/app/model.py
View File

@ -1,5 +1,7 @@
from app.core import meta
from sqlalchemy import Table
from sqlalchemy import or_
from app.core import meta, db, Base
USER = Table('USER', meta, autoload=False)
SETTINGS = Table('SETTINGS', meta, autoload=False)
@ -8,3 +10,43 @@ GROUP = Table('GROUP', meta, autoload=False)
TUTORSHIP = Table('TUTORSHIP', meta, autoload=False)
PERIOD = Table('PERIOD', meta, autoload=False)
LIVRET = Table('LIVRET', meta, autoload=False)
user_class = Base.classes.USER
settings_class = Base.classes.SETTINGS
hashtable_class = Base.classes.HASHTABLE
group_class = Base.classes.GROUP
tutorship_class = Base.classes.TUTORSHIP
period_class = Base.classes.PERIOD
livret_class = Base.classes.LIVRET
def getUser(id=0, login="", email=""):
res = None
if id == 0 and login == "" and email == "":
raise Exception("getUser must be called with one argument !")
else:
if id != 0:
res = db.session.query(user_class).get(id)
elif login != "":
query = USER.select(USER.c.login == login)
rows = query.execute()
res = rows.first()
elif email != "":
query = USER.select(USER.c.email == email)
rows = query.execute()
res = rows.first()
if res is not None:
return {"id": res.id, "login": res.login, "email": res.email, "role": res.role, "phone": res.phone}
else:
return None
def isUserAllowed(uid):
query = db.session.query(group_class, tutorship_class).join(tutorship_class) \
.filter(or_(tutorship_class.student_id == uid, group_class.resp_id == uid))
res = query.all()
return res is not None and len(res) > 0

1
backend/manage.py
View File

@ -67,6 +67,7 @@ class CheckDB(Command):
print("\nSETTINGS content :")
for res in result:
print(res.key + " = " + res.value + " -> " + res.description)
model.getUser(id=1)
manager.add_command('checkdb', CheckDB())

24
backend/tests/api/test_loginAPI.py
View File

@ -3,19 +3,37 @@ import unittest
from flask import json
from app.core import app
from app.model import USER, getUser
from app.model import USER, getUser, GROUP, TUTORSHIP, tutorship_class, group_class, user_class
class AuthTestCase(unittest.TestCase):
uid = None
gid = None
tid = None
@classmethod
def setUpClass(cls):
if getUser(login="admin") is None:
query = USER.insert().values(login="admin", email="admin@admin.com", role="4", phone="00.00.00.00.00")
query.execute()
res = query.execute()
cls.uid = res.lastrowid
query = GROUP.insert().values(name="test", year="2017", class_long="classe toto", class_short="toto",
department="plop", ressources_dir="/plop/toto", resp_id=cls.uid)
res = query.execute()
cls.gid = res.lastrowid
query = TUTORSHIP.insert().values(student_id=cls.uid, ptutor_id=cls.uid, group_id=cls.gid)
res = query.execute()
cls.tid = res.lastrowid
@classmethod
def tearDownClass(cls):
pass
if cls.uid is not None and cls.gid is not None and cls.tid is not None:
query = TUTORSHIP.delete().where(tutorship_class.id == cls.tid)
query.execute()
query = GROUP.delete().where(group_class.id == cls.gid)
query.execute()
query = USER.delete().where(user_class.id == cls.uid)
query.execute()
def setUp(self):
self.app = app.test_client()