QRouland
/
M2OLA
Archived
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
This repository has been archived on 2021-09-15. You can view files and clone it, but cannot push or open issues or pull requests.
M2OLA/backend/app/api/UserAPI.py

82 lines
2.9 KiB
Python
Raw Blame History

from hashlib import sha256
from flask import session
from flask_restful import Resource, request
from app.api.LoginAPI import login_required
from app.model import Roles, getUser, hashExists, USER
from app.utils import checkParams, get_random_string
class UserAPI(Resource):
"""
User Api Resource
"""
@login_required(roles=[Roles.resp_formation, Roles.etudiant])
def post(self):
args = request.get_json(cache=False, force=True)
if not checkParams(['role', 'email', 'name'], args):
return {"ERROR": "One or more parameters are missing !"}, 400
role = args['role']
email = args['email']
name = args['name']
phone = None
user = getUser(email=email)
hashpass = get_random_string()
while hashExists(hashpass):
hashpass = get_random_string()
if user is not None:
return {"UID": user["id"]}, 200
query = USER.insert().values(email=email, role=role, phone=phone, name=name, hash=hashpass)
res = query.execute()
return {"UID": res.lastrowid}, 201
def put(self, uid):
args = request.get_json(cache=False, force=True)
if not checkParams(['role', 'email', 'phone', 'name', 'password', 'firstname'], args):
return {"ERROR": "One or more parameters are missing !"}, 400
role = args['role']
email = args['email']
phone = args['phone']
firstname = args['firstname']
name = args['name']
psw = args['password']
name = firstname.title() + " " + name.upper()
# TODO : Lors de l'ajout des fiches d'absence ca sera ça le critère de recherche + le groupe
if psw is None or len(psw) < 8:
return {"ERROR": "Password can't be empty or less than 8 characters !"}, 400
password = sha256(psw.encode('utf-8')).hexdigest()
user = getUser(uid=uid)
if user is None:
return {"ERROR": "This user doesn't exists !"}, 405
# On n'autorise pas de modifcation anonyme d'un profil s'il est déjà activé (si il a un mdp)
if user["password"] is not None and user["password"] != "" and session.get("user", None) is None:
return {"msg": "UNAUTHORIZED"}, 401
if getUser(email=email) is not None:
return {"ERROR": "A user with this email already exists !"}, 405
query = USER.update().values(email=email, role=role, phone=phone, name=name, psw=password, hash=None) \
.where(USER.c.id == uid)
query.execute()
return {"UID": uid}, 200
def get(self, uid=0, email="", hashcode=""):
if session.get('user', None) is not None:
if uid > 0:
return {'USER': getUser(uid=uid)}, 200
elif email != "":
return {'USER': getUser(email=email)}, 200
if hashcode != "":
return {'USER': getUser(hashcode=hashcode)}, 200
Reference in New Issue View Git Blame Copy Permalink