def post(self): args = request.get_json(cache=False, force=True) if not checkParams(['email', 'password'], args): return {"ERROR": "One or more parameters are missing !"}, 400 email = args['email'] psw = args['password'] password = sha256(psw.encode('utf-8')).hexdigest() if "user" in session and session["user"] is not None: return {'AUTH_RESULT': 'ALREADY_LOGGED'}, 201 query = USER.select(USER.c.email == email) rows = query.execute() res = rows.first() if app.config['TESTING']: if res is not None and psw == email: user = getUser(uid=res.id) session['user'] = user return {'AUTH_RESULT': 'OK'}, 200 else: session['user'] = None return {'AUTH_RESULT': 'AUTHENTICATION_FAILED'}, 401 else: if res is not None and password != "" and password == res.psw: user = getUser(uid=res.id) session['user'] = user return {'AUTH_RESULT': 'OK'}, 200 else: session['user'] = None return {'AUTH_RESULT': 'AUTHENTICATION_FAILED'}, 401
def put(self, pid): args = request.get_json(cache=False, force=True) if not checkParams(['text'], args): return {"ERROR": "One or more parameters are missing !"}, 400 text = args['text'] user = session.get("user") mails = [] # On vérifie que la période existe period = getPeriod(pid) if period is None: return {"ERROR": "This period does not exists !"}, 405 # On vérifie que l'utilisateur actuel a le droit de modifier ce livret (étudiant ou tuteur) livret = getLivret(lid=period["livret_id"]) if user["id"] != livret["etutor_id"]["id"] and user["id"] != livret[ "tutorship_id"]["student_id"]["id"]: return {"ERROR": "UNAUTHORIZED"}, 401 # Si c'est le commentaire de l'étudiant, on prévient le tuteur if user["role"] == str(Roles.etudiant): mail = mailsModels.getMailContent("STUD_COMMENT_ADDED", { "ETUDIANT": user["name"], "URL": getParam('OLA_URL') }) mails.append((user["email"], mail)) query = PERIOD.update().values(student_desc=text).where( PERIOD.c.id == pid) else: # Sinon on vérifie que c'est une période d'entreprise if period["type"] == TypesPeriode.universitaire: return { "ERROR": "A tutor can't modify a university period !" }, 405 mail = mailsModels.getMailContent("ETUTOR_COMMENT_ADDED", { "TUTEUR": user["name"], "URL": getParam('OLA_URL') }) mails.append((user["email"], mail)) query = PERIOD.update().values(etutor_desc=text).where( PERIOD.c.id == pid) query.execute() for m in mails: addr = m[0] mail = m[1] send_mail(mail[0], addr, mail[1]) return {"PID": pid}, 200
def options(self, gid): args = request.get_json(cache=False, force=True) if not checkParams(['pairs'], args): return {"ERROR": "One or more parameters are missing !"}, 400 pairs = args["pairs"] group = getGroup(gid=gid) if group is None: return {"ERROR": "This group does not exists !"}, 405 for p in pairs: try: stud = getUser(uid=p[0]) if stud is None: return { "ERROR": "The user with id " + str(p[0]) + " does not exists !" }, 400 elif stud['role'] != str(Roles.etudiant): return { "ERROR": "A student must have the 'student' role !" }, 400 tutor = getUser(uid=p[1]) if tutor is None: return { "ERROR": "The user with id " + str(p[1]) + " does not exists !" }, 400 elif tutor['role'] == str(Roles.etudiant): return {"ERROR": "A student can't be a tutor !"}, 400 elif "3" not in tutor['role'].split('-'): role = tutor['role'] + "-" + str(Roles.tuteur_univ) query = USER.update().values(role=role).where( USER.c.id == p[1]) query.execute() except IndexError: return {"ERROR": "Pairs are incorrectly formed !"}, 409 query = TUTORSHIP.insert().values(group_id=gid, student_id=p[0], ptutor_id=p[1]) query.execute() query = USER.select(USER.c.id == stud["id"]) rows = query.execute() res = rows.first() if res.hash is not None and len(res.hash) > 0: mail = mailsModels.getMailContent( "NEW_STUD_OF_GROUP", { "GROUP": group["name"], "URL": getParam('OLA_URL') + "registration/" + res.hash }) else: mail = mailsModels.getMailContent("STUD_OF_GROUP", { "GROUP": group["name"], "URL": getParam('OLA_URL') }) send_mail(mail[0], stud["email"], mail[1]) return {"RESULT": "Pairs added successfully"}, 200
def post(self): args = request.get_json(cache=False, force=True) if not checkParams([ 'name', 'year', 'class_short', 'class_long', 'department', 'resp_id', 'sec_id' ], args): return {"ERROR": "One or more parameters are missing !"}, 400 name = args['name'] year = args['year'] class_short = args['class_short'] class_long = args['class_long'] department = args['department'] resp_id = args['resp_id'] sec_id = args['sec_id'] res_dir = getParam('BASE_DIRECTORY') + name + "/" mails = [] group = getGroup(name=name) if group is not None: return {"GID": group["id"]}, 200 user = getUser(uid=resp_id) if user is None: return { "ERROR": "The user with id " + str(resp_id) + " does not exists !" }, 400 else: query = USER.select(USER.c.id == user["id"]) rows = query.execute() res = rows.first() if res.hash is not None and len(res.hash) > 0: mail = mailsModels.getMailContent( "NEW_RESP_OF_GROUP", { "GROUP": name, "URL": getParam('OLA_URL') + "registration/" + res.hash }) else: mail = mailsModels.getMailContent("RESP_OF_GROUP", { "GROUP": name, "URL": getParam('OLA_URL') }) mails.append((user["email"], mail)) if str(Roles.resp_formation) not in user['role'].split('-'): role = user['role'] + "-" + str(Roles.resp_formation) query = USER.update().values(role=role).where( USER.c.id == resp_id) query.execute() user = getUser(uid=sec_id) if user is None: return { "ERROR": "The user with id " + str(sec_id) + " does not exists !" }, 400 else: query = USER.select(USER.c.id == user["id"]) rows = query.execute() res = rows.first() if res.hash is not None and len(res.hash) > 0: mail = mailsModels.getMailContent( "NEW_SEC_OF_GROUP", { "GROUP": name, "URL": getParam('OLA_URL') + "registration/" + res.hash }) else: mail = mailsModels.getMailContent("SEC_OF_GROUP", { "GROUP": name, "URL": getParam('OLA_URL') }) mails.append((user["email"], mail)) if str(Roles.secretaire) not in user['role'].split('-'): role = user['role'] + "-" + str(Roles.secretaire) query = USER.update().values(role=role).where( USER.c.id == sec_id) query.execute() query = GROUP.insert().values(name=name, year=year, class_short=class_short, class_long=class_long, department=department, resp_id=resp_id, sec_id=sec_id, ressources_dir=res_dir) res = query.execute() os.mkdir(res_dir) for m in mails: addr = m[0] mail = m[1] send_mail(mail[0], addr, mail[1]) return {"GID": res.lastrowid}, 201
def post(self): args = request.get_json(cache=False, force=True) if not checkParams([ 'group_id', 'etutor_id', 'company_name', 'company_address', 'contract_type', 'contract_start', 'contract_end', 'description' ], args): return {"ERROR": "One or more parameters are missing !"}, 400 user = session.get("user") group_id = args['group_id'] etutor_id = args['etutor_id'] company_name = args['company_name'] company_address = args['company_address'] contract_type = int(args['contract_type']) contract_start = datetime.strptime(args['contract_start'], "%d-%m-%Y") contract_end = datetime.strptime(args['contract_end'], "%d-%m-%Y") description = args['description'] mails = [] group = getGroup(gid=group_id) if group is None: return { "ERROR": "This group with id " + str(group_id) + "does not exists !" }, 405 tutorship = getTutorship(gid=group_id, student=user["id"]) if tutorship is None: return { "ERROR": "The current student is not registered in the group" + str(group_id) + " !" }, 405 tutorship_id = tutorship["id"] livret = getLivret(group_id=group_id, student_id=user["id"]) if livret is not None: return {"LID": livret["id"]}, 200 # On vérifie que l'utilisateur actuel a le droit de modifier ce livret if user["id"] != livret["tutorship_id"]["student_id"]: return {"ERROR": "UNAUTHORIZED"}, 401 user2 = getUser(uid=etutor_id) if user2 is None: return { "ERROR": "The user with id " + str(etutor_id) + " does not exists !" }, 400 else: query = USER.select(USER.c.id == user2["id"]) rows = query.execute() res = rows.first() if res.hash is not None and len(res.hash) > 0: mail = mailsModels.getMailContent( "NEW_ETUTOR_ADDED", { "GROUPE": group["name"], "URL": getParam('OLA_URL') + "registration/" + res.hash }) else: mail = mailsModels.getMailContent("ETUTOR_ADDED", { "GROUPE": group["name"], "URL": getParam('OLA_URL') }) mails.append((user2["email"], mail)) if str(Roles.tuteur_entreprise) not in user2['role'].split('-'): return { "ERROR": "The user with id " + str(etutor_id) + " doesn't have the 'etutor' role (" + str(Roles.tuteur_entreprise) + ") !" }, 400 if contract_start > contract_end: return { "ERROR": "The contract start can't be after its end !" }, 400 res_dir = group["ressources_dir"] + "/" + str(user['id']) + "/" expire = datetime.now() + timedelta(days=365) query = LIVRET.insert().values(tutorship_id=tutorship_id, etutor_id=etutor_id, company_name=company_name, company_address=company_address, contract_type=contract_type, contract_start=contract_start, contract_end=contract_end, description=description, ressources_dir=res_dir, opened='1', expire=expire) res = query.execute() os.mkdir(res_dir) for m in mails: addr = m[0] mail = m[1] send_mail(mail[0], addr, mail[1]) return {"LID": res.lastrowid}, 201
def put(self, lid): args = request.get_json(cache=False, force=True) if not checkParams([ 'etutor_id', 'company_name', 'company_address', 'contract_type', 'contract_start', 'contract_end', 'description' ], args): return {"ERROR": "One or more parameters are missing !"}, 400 etutor_id = args['etutor_id'] company_name = args['company_name'] company_address = args['company_address'] contract_type = int(args['contract_type']) contract_start = datetime.strptime(args['contract_start'], "%d-%m-%Y") contract_end = datetime.strptime(args['contract_end'], "%d-%m-%Y") description = args['description'] mails = [] livret = getLivret(lid=lid) if livret is None: return {"ERROR": "This livret does not exists !"}, 405 # On vérifie que l'utilisateur actuel a le droit de modifier ce livret user = session.get("user") if user["id"] != livret["tutorship_id"]["student_id"]: return {"ERROR": "UNAUTHORIZED"}, 401 user = getUser(uid=etutor_id) if user is None: return { "ERROR": "The user with id " + str(etutor_id) + " does not exists !" }, 400 else: query = USER.select(USER.c.id == user["id"]) rows = query.execute() res = rows.first() if res.hash is not None and len(res.hash) > 0: mail = mailsModels.getMailContent( "NEW_ETUTOR_ADDED", { "GROUPE": livret["tutorship_id"]["group_id"]["name"], "URL": getParam('OLA_URL') + "registration/" + res.hash }) else: mail = mailsModels.getMailContent( "ETUTOR_ADDED", { "GROUPE": livret["tutorship_id"]["group_id"]["name"], "URL": getParam('OLA_URL') }) mails.append((user["email"], mail)) if str(Roles.tuteur_entreprise) not in user['role'].split('-'): return { "ERROR": "The user with id " + str(etutor_id) + " doesn't have the 'etutor' role (" + str(Roles.tuteur_entreprise) + ") !" }, 400 if contract_start > contract_end: return { "ERROR": "The contract start can't be after its end !" }, 400 query = LIVRET.update().values(etutor_id=etutor_id, company_name=company_name, company_address=company_address, contract_type=contract_type, contract_start=contract_start, contract_end=contract_end, description=description) \ .where(LIVRET.c.id == lid) query.execute() for m in mails: addr = m[0] mail = m[1] send_mail(mail[0], addr, mail[1]) return {"LID": lid}, 200
def post(self): args = request.get_json(cache=False, force=True) if not checkParams(['group_id', 'period_type', 'start', 'end'], args): return {"ERROR": "One or more parameters are missing !"}, 400 group_id = args['group_id'] period_type = args['period_type'] start = datetime.strptime(args['start'], "%d-%m-%Y") end = datetime.strptime(args['end'], "%d-%m-%Y") # On vérifie que le groupe existe group = getGroup(gid=group_id) if group is None: return { "ERROR": "This group with id " + str(group_id) + "does not exists !" }, 405 if start > end: return { "ERROR": "The period's start can't be after its end !" }, 400 # On vérifie que l'utilisateur actuel a le droit de modifier ce groupe user = session.get("user") if user["id"] != group["resp_id"]: return {"ERROR": "UNAUTHORIZED"}, 401 # On récupère tous les livrets de ce groupe query = select([LIVRET.c.id, TUTORSHIP.c.student_id]).where( and_(TUTORSHIP.c.id == LIVRET.c.tutorship_id, TUTORSHIP.c.group_id == group_id)) res = query.execute() # Pour chaque livret du groupe on ajoute la période et on prévient l'étudiant for row in res: # On crée un répertoire avec un nom aléatoire res_dir = group["ressources_dir"] + "/" + str( row.student_id) + "/" + get_random_string() + "/" while os.path.exists(res_dir): res_dir = group["ressources_dir"] + "/" + str( row.student_id) + "/" + get_random_string() + "/" # Enregistrement des infos en base query = PERIOD.insert().values(livret_id=row.id, type=period_type, start=start, end=end, ressources_dir=res_dir) query.execute() os.mkdir(res_dir) # Envoi d'un mail mail = mailsModels.getMailContent( "NEW_PERIOD", { "GROUPE": group["name"], "URL": getParam('OLA_URL') + "mon_livret" }) send_mail(mail[0], getUser(row.student_id)["email"], mail[1]) return {"RESULT": "OK"}, 201