QRouland/M2OLA
Archived
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

TG-36 : LivretAPI -> création de livret + sécurisation

Browse Source
This commit is contained in:
Clément ARNAUDEAU
2017-03-31 12:35:29 +02:00
parent ab33fb2bbe
commit cf95abbf17
7 changed files with 104 additions and 88 deletions
Download Patch File Download Diff File Expand all files Collapse all files

98
backend/app/api/LivretAPI.py
View File

@@ -1,80 +1,83 @@
import os
from datetime import datetime
from dateutil.relativedelta import relativedelta
from flask import session
from flask_restful import Resource, request
from sqlalchemy import and_
from app.api import mailsModels
from app.model import Roles, getParam, getGroup, getUser, USER, GROUP, TUTORSHIP
from app.utils import send_mail, checkParams
from app.api.LoginAPI import login_required
from app.model import Roles, getParam, getGroup, getUser, USER, GROUP, TUTORSHIP, LIVRET
from app.utils import send_mail, checkParams
class LivretAPI(Resource):
"""
Livret Api Resource
"""
@login_required(roles=[Roles.etudiant])
def post(self):
args = request.get_json(cache=False, force=True)
if not checkParams(['name', 'year', 'class_short', 'class_long', 'department', 'resp_id', 'sec_id'], args):
if not checkParams(['student_id', 'group_id', 'etutor_id', 'company_name', 'company_address', 'contract_type',
'contract_start', 'contract_end', 'description'], args):
return {"ERROR": "One or more parameters are missing !"}, 400
name = args['name']
year = args['year']
class_short = args['class_short']
class_long = args['class_long']
department = args['department']
resp_id = args['resp_id']
sec_id = args['sec_id']
res_dir = getParam('BASE_DIRECTORY') + name + "/"
user = session.get("user")
group_id = args['group_id']
etutor_id = args['etutor_id']
company_name = args['company_name']
company_address = args['company_address']
contract_type = int(args['contract_type'])
contract_start = datetime.strptime(args['contract_start'], "%d-%m-%Y")
contract_end = datetime.strptime(args['contract_end'], "%d-%m-%Y")
description = args['description']
mails = []
group = getGroup(name=name)
if group is not None:
return {"GID": group["id"]}, 200
group = getGroup(gid=group_id)
if group is None:
return {"ERROR": "This group does not exists !"}, 405
user = getUser(uid=resp_id)
query = TUTORSHIP.select(and_(TUTORSHIP.c.group_id == group_id, TUTORSHIP.c.student_id == user["id"]))
res = query.execute()
tutorship = res.first()
if tutorship is None:
return {"ERROR": "This student is not in this group !"}, 405
tutorship_id = tutorship.id
user = getUser(uid=etutor_id)
if user is None:
return {"ERROR": "The user with id " + str(resp_id) + " does not exists !"}, 400
return {"ERROR": "The user with id " + str(etutor_id) + " does not exists !"}, 400
else:
query = USER.select(USER.c.id == user["id"])
rows = query.execute()
res = rows.first()
if res.hash is not None and len(res.hash) > 0:
mail = mailsModels.getMailContent("NEW_RESP_OF_GROUP", {"GROUP": name,
"URL": getParam('OLA_URL') + "registration/"
+ res.hash})
else:
mail = mailsModels.getMailContent("RESP_OF_GROUP", {"GROUP": name,
"URL": getParam('OLA_URL')})
mails.append((user["email"], mail))
if "2" not in user['role'].split('-'):
role = user['role'] + "-2"
query = USER.update().values(role=role).where(USER.c.id == resp_id)
query.execute()
user = getUser(uid=sec_id)
if user is None:
return {"ERROR": "The user with id " + str(sec_id) + " does not exists !"}, 400
else:
query = USER.select(USER.c.id == user["id"])
rows = query.execute()
res = rows.first()
if res.hash is not None and len(res.hash) > 0:
mail = mailsModels.getMailContent("NEW_SEC_OF_GROUP", {"GROUP": name,
mail = mailsModels.getMailContent("NEW_ETUTOR_ADDED", {"GROUP": group["name"],
"URL": getParam('OLA_URL') + "registration/"
+ res.hash})
else:
mail = mailsModels.getMailContent("SEC_OF_GROUP", {"GROUP": name,
mail = mailsModels.getMailContent("ETUTOR_ADDED", {"GROUP": group["name"],
"URL": getParam('OLA_URL')})
mails.append((user["email"], mail))
if "1" not in user['role'].split('-'):
role = user['role'] + "-1"
query = USER.update().values(role=role).where(USER.c.id == sec_id)
query.execute()
if str(Roles.tuteur_entreprise) not in user['role'].split('-'):
return {"ERROR": "The user with id " + str(etutor_id) +
" doesn't have the 'etutor' role (" + str(Roles.tuteur_entreprise) + ") !"}, 400
query = GROUP.insert().values(name=name, year=year, class_short=class_short, class_long=class_long,
department=department, resp_id=resp_id, sec_id=sec_id, ressources_dir=res_dir)
if contract_start > contract_end:
return {"ERROR": "The contract start can't be after its end !"}, 400
res_dir = group["ressources_dir"] + user['id'] + "/"
expire = datetime.now() + relativedelta(year=1)
query = LIVRET.insert().values(tutorship_id=tutorship_id, etutor_id=etutor_id, company_name=company_name,
company_address=company_address, contract_type=contract_type,
contract_start=contract_start, contract_end=contract_end,
description=description, ressources_dir=res_dir, opened='1', expire=expire)
res = query.execute()
os.mkdir(res_dir)
@@ -83,8 +86,9 @@ class LivretAPI(Resource):
mail = m[1]
send_mail(mail[0], addr, mail[1])
return {"GID": res.lastrowid}, 201
return {"LID": res.lastrowid}, 201
@login_required(roles=[Roles.etudiant])
def put(self, gid):
args = request.get_json(cache=False, force=True)
if not checkParams(['name', 'year', 'class_short', 'class_long', 'department', 'resp_id', 'sec_id'], args):
@@ -165,12 +169,14 @@ class LivretAPI(Resource):
return {"GID": gid}, 200
@login_required()
def get(self, gid=0, name=""):
if gid > 0:
return {'GROUP': getGroup(gid=gid)}, 200
elif name != "":
return {'GROUP': getGroup(name=name)}, 200
@login_required(roles=Roles.etudiant)
def options(self, gid):
args = request.get_json(cache=False, force=True)
if not checkParams(['pairs'], args):