From b6ca3dbdc887929ec01cfd0ca85902ae32f017e1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cl=C3=A9ment=20ARNAUDEAU?= <clement.arnaudeau@yahoo.fr>
Date: Tue, 14 Mar 2017 10:14:11 +0100
Subject: [PATCH] TG-59 : Ajout de l'API UserAPI + passage du role en VARCHAR

---
 API_Interfaces.txt         | 32 +++++++++++++++++++++-
 backend/OLA.mysql          | 10 +++----
 backend/app/api/UserAPI.py | 55 ++++++++++++++++++++++++++++++++++++++
 backend/app/model.py       |  8 +++---
 backend/app/urls.py        |  4 +++
 backend/app/utils.py       |  8 +++++-
 6 files changed, 106 insertions(+), 11 deletions(-)
 create mode 100644 backend/app/api/UserAPI.py

diff --git a/API_Interfaces.txt b/API_Interfaces.txt
index 00475be..4760495 100644
--- a/API_Interfaces.txt
+++ b/API_Interfaces.txt
@@ -18,10 +18,40 @@ UserInfoAPI (api/userInfo)
 #######################
 GET -> Get the current logged user, return None if no one is connected
     Out:
-        200 -> USER = <USER_OBJECT>|None : Dictionary containing user infos or None
+        200 -> USER = <USER_OBJECT>|null : Dictionary containing user infos or null
 
 
 ########################
 Redirect to cas auth (/login)
 ########################
 Redirect to cas auth
+
+
+########################
+UserAPI (api/user)
+########################
+POST -> Create a user if it not already exists
+    In:
+        CASid = Login of the user caught from the CAS authentication
+        role = Role of the user (can be concatenated with -) 1=secrétaire, 2=resp_formation, 3=tuteur_univ, 4=étudiant
+    Out:
+        200 -> UID = <USER_ID> : The user already exists with the id USER_ID
+        201 -> UID = <USER_ID> : The user has been successfully created with the id USER_ID
+        400 -> ERROR = "One or more parameters are missing" : Bad request
+
+PUT -> Modify an existing user
+    In: (Suffix = /byuid/<USER_ID>)
+        CASid = Login of the user caught from the CAS authentication
+        role = Role of the user (can be concatenated with -) 1=secrétaire, 2=resp_formation, 3=tuteur_univ, 4=étudiant
+        phone = Phone number of the user (00.00.00.00.00)
+        email = Email of the user
+    Out:
+        200 -> UID = <USER_ID> : The user has been modified sucessfully with the id USER_ID
+        400 -> ERROR = "One or more parameters are missing !" : Bad request
+        405 -> ERROR = "This user doesn't exists !" : Bad USER_ID provided
+
+GET -> Getting specified user infos
+    In: (Suffixes = /byuid/<USER_ID> | /bylogin/<USER_LOGIN> | /byemail/<USER_EMAIL>)
+    Out:
+        200 -> USER = <USER_OBJECT>|null : Dictionary containing user infos or null
+
diff --git a/backend/OLA.mysql b/backend/OLA.mysql
index 7d5ac6f..7958fb2 100644
--- a/backend/OLA.mysql
+++ b/backend/OLA.mysql
@@ -37,11 +37,11 @@ CREATE TABLE IF NOT EXISTS `GROUP`
 
 CREATE TABLE IF NOT EXISTS `USER`
 (
-    id BIGINT NOT NULL AUTO_INCREMENT,
-    `login` VARCHAR(128) NOT NULL,
-    `role` INT NOT NULL,
-    email VARCHAR(256) NOT NULL,
-    phone VARCHAR(15),
+  id      BIGINT       NOT NULL AUTO_INCREMENT,
+  `login` VARCHAR(128) NOT NULL,
+  `role`  VARCHAR(10)  NOT NULL,
+  email   VARCHAR(256) NOT NULL,
+  phone   VARCHAR(15),
     PRIMARY KEY(id)
 ) ENGINE = INNODB;
 
diff --git a/backend/app/api/UserAPI.py b/backend/app/api/UserAPI.py
new file mode 100644
index 0000000..2560302
--- /dev/null
+++ b/backend/app/api/UserAPI.py
@@ -0,0 +1,55 @@
+from flask_restful import Resource, request
+
+from app.model import *
+from app.utils import checkParams
+
+
+class UserAPI(Resource):
+    """
+        User Api Resource
+    """
+
+    def post(self):
+        args = request.get_json(cache=False, force=True)
+        if not checkParams(['CASid', 'role'], args):
+            return {"ERROR": "One or more parameters are missing !"}, 400
+
+        CASid = args['CASid']
+        role = args['role']
+        email = self.getEmailFromCAS(CASid)
+        phone = None
+        user = getUser(login=CASid)
+        if user is not None:
+            return {"UID": user["id"]}, 200
+
+        query = USER.insert().values(login=CASid, email=email, role=role, phone=phone)
+        res = query.execute()
+        return {"UID": res.lastrowid}, 201
+
+    def put(self, uid):
+        args = request.get_json(cache=False, force=True)
+        if not checkParams(['CASid', 'role', 'email', 'phone'], args):
+            return {"ERROR": "One or more parameters are missing !"}, 400
+
+        if getUser(uid=uid) is None:
+            return {"ERROR": "This user doesn't exists !"}, 405
+
+        CASid = args['CASid']
+        role = args['role']
+        email = args['email']
+        phone = args['phone']
+        query = USER.update().values(login=CASid, email=email, role=role, phone=phone).where(USER.c.id == uid)
+        query.execute()
+        return {"UID": uid}, 200
+
+    def get(self, uid=0, login="", email=""):
+        if uid > 0:
+            return {'USER': getUser(uid=uid)}, 200
+        elif login != "":
+            return {'USER': getUser(login=login)}, 200
+        elif email != "":
+            return {'USER': getUser(email=email)}, 200
+
+    @staticmethod
+    def getEmailFromCAS(CASid):
+        return ""
diff --git a/backend/app/model.py b/backend/app/model.py
index d9ef81b..c56ae96 100644
--- a/backend/app/model.py
+++ b/backend/app/model.py
@@ -20,14 +20,14 @@ period_class = Base.classes.PERIOD
 livret_class = Base.classes.LIVRET
 
 
-def getUser(id=0, login="", email=""):
+def getUser(uid=0, login="", email=""):
     res = None
 
-    if id == 0 and login == "" and email == "":
+    if uid == 0 and login == "" and email == "":
         raise Exception("getUser must be called with one argument !")
     else:
-        if id != 0:
-            res = db.session.query(user_class).get(id)
+        if uid != 0:
+            res = db.session.query(user_class).get(uid)
 
         elif login != "":
             query = USER.select(USER.c.login == login)
diff --git a/backend/app/urls.py b/backend/app/urls.py
index e34d1e9..7f8083e 100644
--- a/backend/app/urls.py
+++ b/backend/app/urls.py
@@ -1,3 +1,4 @@
+from app.api.UserAPI import UserAPI
 from app.api.UserInfoAPI import UserInfoAPI
 from app.api.exampleapi import SomeApi
 from app.api.loginAPI import LoginAPI
@@ -6,3 +7,6 @@ from app.core import api
 # Some Api resource
 api.add_resource(SomeApi, '/api/someapi', '/api/someapi/<int:id>')
 api.add_resource(LoginAPI, '/api/login')
+api.add_resource(UserAPI, '/api/user', '/api/user/byuid/<int:uid>', '/api/user/bylogin/<string:login>',
+                 '/api/user/byemail/<string:email>')
+api.add_resource(UserInfoAPI, '/api/userInfo')
diff --git a/backend/app/utils.py b/backend/app/utils.py
index eb16e2e..06026fc 100644
--- a/backend/app/utils.py
+++ b/backend/app/utils.py
@@ -37,7 +37,8 @@ def new_alchemy_encoder(revisit_self=False, fields_to_expand=[]):
 
                     # is this field another SQLalchemy object, or a list of SQLalchemy objects?
                     if isinstance(val.__class__, DeclarativeMeta) or (
-                            isinstance(val, list) and len(val) > 0 and isinstance(val[0].__class__, DeclarativeMeta)):
+                                    isinstance(val, list) and len(val) > 0 and isinstance(val[0].__class__,
+                                                                                          DeclarativeMeta)):
                         # unless we're expanding this field, stop here
                         if field not in fields_to_expand:
                             # not expanding this field: set it to None and continue
@@ -51,3 +52,8 @@ def new_alchemy_encoder(revisit_self=False, fields_to_expand=[]):
             return json.JSONEncoder.default(self, obj)
 
     return AlchemyEncoder
+
+
+def checkParams(wanted, args):
+    inter = [elt for elt in wanted if elt in args]
+    return len(inter) == len(wanted)