mirror of
https://git.v0id.ovh/n3wt-innov/n3wt-school.git
synced 2026-04-04 03:31:28 +00:00
feat: Securisation du Backend
This commit is contained in:
Luc SORIGNET
@ -4,6 +4,7 @@ from django.utils.decorators import method_decorator
|
||||
from rest_framework.parsers import JSONParser
|
||||
from rest_framework.views import APIView
|
||||
from rest_framework import status
|
||||
from rest_framework.permissions import IsAuthenticated
|
||||
from .models import (
|
||||
Teacher,
|
||||
Speciality,
|
||||
@ -42,6 +43,8 @@ logger = logging.getLogger(__name__)
|
||||
@method_decorator(csrf_protect, name='dispatch')
|
||||
@method_decorator(ensure_csrf_cookie, name='dispatch')
|
||||
class SpecialityListCreateView(APIView):
|
||||
permission_classes = [IsAuthenticated]
|
||||
|
||||
def get(self, request):
|
||||
establishment_id = request.GET.get('establishment_id', None)
|
||||
if establishment_id is None:
|
||||
@ -66,6 +69,8 @@ class SpecialityListCreateView(APIView):
|
||||
@method_decorator(csrf_protect, name='dispatch')
|
||||
@method_decorator(ensure_csrf_cookie, name='dispatch')
|
||||
class SpecialityDetailView(APIView):
|
||||
permission_classes = [IsAuthenticated]
|
||||
|
||||
def get(self, request, id):
|
||||
speciality = getObject(_objectName=Speciality, _columnName='id', _value=id)
|
||||
speciality_serializer=SpecialitySerializer(speciality)
|
||||
@ -87,6 +92,8 @@ class SpecialityDetailView(APIView):
|
||||
@method_decorator(csrf_protect, name='dispatch')
|
||||
@method_decorator(ensure_csrf_cookie, name='dispatch')
|
||||
class TeacherListCreateView(APIView):
|
||||
permission_classes = [IsAuthenticated]
|
||||
|
||||
def get(self, request):
|
||||
establishment_id = request.GET.get('establishment_id', None)
|
||||
if establishment_id is None:
|
||||
@ -121,6 +128,8 @@ class TeacherListCreateView(APIView):
|
||||
@method_decorator(csrf_protect, name='dispatch')
|
||||
@method_decorator(ensure_csrf_cookie, name='dispatch')
|
||||
class TeacherDetailView(APIView):
|
||||
permission_classes = [IsAuthenticated]
|
||||
|
||||
def get (self, request, id):
|
||||
teacher = getObject(_objectName=Teacher, _columnName='id', _value=id)
|
||||
teacher_serializer=TeacherSerializer(teacher)
|
||||
@ -169,6 +178,8 @@ class TeacherDetailView(APIView):
|
||||
@method_decorator(csrf_protect, name='dispatch')
|
||||
@method_decorator(ensure_csrf_cookie, name='dispatch')
|
||||
class SchoolClassListCreateView(APIView):
|
||||
permission_classes = [IsAuthenticated]
|
||||
|
||||
def get(self, request):
|
||||
establishment_id = request.GET.get('establishment_id', None)
|
||||
if establishment_id is None:
|
||||
@ -193,6 +204,8 @@ class SchoolClassListCreateView(APIView):
|
||||
@method_decorator(csrf_protect, name='dispatch')
|
||||
@method_decorator(ensure_csrf_cookie, name='dispatch')
|
||||
class SchoolClassDetailView(APIView):
|
||||
permission_classes = [IsAuthenticated]
|
||||
|
||||
def get (self, request, id):
|
||||
schoolClass = getObject(_objectName=SchoolClass, _columnName='id', _value=id)
|
||||
classe_serializer=SchoolClassSerializer(schoolClass)
|
||||
@ -215,6 +228,8 @@ class SchoolClassDetailView(APIView):
|
||||
@method_decorator(csrf_protect, name='dispatch')
|
||||
@method_decorator(ensure_csrf_cookie, name='dispatch')
|
||||
class PlanningListCreateView(APIView):
|
||||
permission_classes = [IsAuthenticated]
|
||||
|
||||
def get(self, request):
|
||||
schedulesList=getAllObjects(Planning)
|
||||
schedules_serializer=PlanningSerializer(schedulesList, many=True)
|
||||
@ -233,6 +248,8 @@ class PlanningListCreateView(APIView):
|
||||
@method_decorator(csrf_protect, name='dispatch')
|
||||
@method_decorator(ensure_csrf_cookie, name='dispatch')
|
||||
class PlanningDetailView(APIView):
|
||||
permission_classes = [IsAuthenticated]
|
||||
|
||||
def get (self, request, id):
|
||||
planning = getObject(_objectName=Planning, _columnName='classe_id', _value=id)
|
||||
planning_serializer=PlanningSerializer(planning)
|
||||
@ -263,6 +280,8 @@ class PlanningDetailView(APIView):
|
||||
@method_decorator(csrf_protect, name='dispatch')
|
||||
@method_decorator(ensure_csrf_cookie, name='dispatch')
|
||||
class FeeListCreateView(APIView):
|
||||
permission_classes = [IsAuthenticated]
|
||||
|
||||
def get(self, request, *args, **kwargs):
|
||||
establishment_id = request.GET.get('establishment_id', None)
|
||||
if establishment_id is None:
|
||||
@ -287,6 +306,8 @@ class FeeListCreateView(APIView):
|
||||
@method_decorator(csrf_protect, name='dispatch')
|
||||
@method_decorator(ensure_csrf_cookie, name='dispatch')
|
||||
class FeeDetailView(APIView):
|
||||
permission_classes = [IsAuthenticated]
|
||||
|
||||
def get(self, request, id):
|
||||
try:
|
||||
fee = Fee.objects.get(id=id)
|
||||
@ -313,6 +334,8 @@ class FeeDetailView(APIView):
|
||||
@method_decorator(csrf_protect, name='dispatch')
|
||||
@method_decorator(ensure_csrf_cookie, name='dispatch')
|
||||
class DiscountListCreateView(APIView):
|
||||
permission_classes = [IsAuthenticated]
|
||||
|
||||
def get(self, request, *args, **kwargs):
|
||||
establishment_id = request.GET.get('establishment_id', None)
|
||||
if establishment_id is None:
|
||||
@ -337,6 +360,8 @@ class DiscountListCreateView(APIView):
|
||||
@method_decorator(csrf_protect, name='dispatch')
|
||||
@method_decorator(ensure_csrf_cookie, name='dispatch')
|
||||
class DiscountDetailView(APIView):
|
||||
permission_classes = [IsAuthenticated]
|
||||
|
||||
def get(self, request, id):
|
||||
try:
|
||||
discount = Discount.objects.get(id=id)
|
||||
@ -363,6 +388,8 @@ class DiscountDetailView(APIView):
|
||||
@method_decorator(csrf_protect, name='dispatch')
|
||||
@method_decorator(ensure_csrf_cookie, name='dispatch')
|
||||
class PaymentPlanListCreateView(APIView):
|
||||
permission_classes = [IsAuthenticated]
|
||||
|
||||
def get(self, request, *args, **kwargs):
|
||||
establishment_id = request.GET.get('establishment_id', None)
|
||||
if establishment_id is None:
|
||||
@ -387,6 +414,8 @@ class PaymentPlanListCreateView(APIView):
|
||||
@method_decorator(csrf_protect, name='dispatch')
|
||||
@method_decorator(ensure_csrf_cookie, name='dispatch')
|
||||
class PaymentPlanDetailView(APIView):
|
||||
permission_classes = [IsAuthenticated]
|
||||
|
||||
def get(self, request, id):
|
||||
try:
|
||||
payment_plan = PaymentPlan.objects.get(id=id)
|
||||
@ -413,6 +442,8 @@ class PaymentPlanDetailView(APIView):
|
||||
@method_decorator(csrf_protect, name='dispatch')
|
||||
@method_decorator(ensure_csrf_cookie, name='dispatch')
|
||||
class PaymentModeListCreateView(APIView):
|
||||
permission_classes = [IsAuthenticated]
|
||||
|
||||
def get(self, request):
|
||||
establishment_id = request.GET.get('establishment_id', None)
|
||||
if establishment_id is None:
|
||||
@ -437,6 +468,8 @@ class PaymentModeListCreateView(APIView):
|
||||
@method_decorator(csrf_protect, name='dispatch')
|
||||
@method_decorator(ensure_csrf_cookie, name='dispatch')
|
||||
class PaymentModeDetailView(APIView):
|
||||
permission_classes = [IsAuthenticated]
|
||||
|
||||
def get(self, request, id):
|
||||
try:
|
||||
payment_mode = PaymentMode.objects.get(id=id)
|
||||
@ -463,11 +496,13 @@ class PaymentModeDetailView(APIView):
|
||||
@method_decorator(csrf_protect, name='dispatch')
|
||||
@method_decorator(ensure_csrf_cookie, name='dispatch')
|
||||
class CompetencyListCreateView(APIView):
|
||||
permission_classes = [IsAuthenticated]
|
||||
|
||||
def get(self, request):
|
||||
cycle = request.GET.get('cycle')
|
||||
if cycle is None:
|
||||
return JsonResponse({'error': 'cycle est requis'}, safe=False, status=status.HTTP_400_BAD_REQUEST)
|
||||
|
||||
|
||||
competencies_list = getAllObjects(Competency)
|
||||
competencies_list = competencies_list.filter(
|
||||
category__domain__cycle=cycle
|
||||
@ -486,6 +521,8 @@ class CompetencyListCreateView(APIView):
|
||||
@method_decorator(csrf_protect, name='dispatch')
|
||||
@method_decorator(ensure_csrf_cookie, name='dispatch')
|
||||
class CompetencyDetailView(APIView):
|
||||
permission_classes = [IsAuthenticated]
|
||||
|
||||
def get(self, request, id):
|
||||
try:
|
||||
competency = Competency.objects.get(id=id)
|
||||
@ -517,6 +554,8 @@ class CompetencyDetailView(APIView):
|
||||
@method_decorator(csrf_protect, name='dispatch')
|
||||
@method_decorator(ensure_csrf_cookie, name='dispatch')
|
||||
class EstablishmentCompetencyListCreateView(APIView):
|
||||
permission_classes = [IsAuthenticated]
|
||||
|
||||
def get(self, request):
|
||||
establishment_id = request.GET.get('establishment_id')
|
||||
cycle = request.GET.get('cycle')
|
||||
@ -593,10 +632,10 @@ class EstablishmentCompetencyListCreateView(APIView):
|
||||
"data": result
|
||||
}, safe=False)
|
||||
|
||||
def post(self, request):
|
||||
def post(self, request):
|
||||
"""
|
||||
Crée une ou plusieurs compétences custom pour un établissement (is_required=False)
|
||||
Attendu dans le body :
|
||||
Attendu dans le body :
|
||||
[
|
||||
{ "establishment_id": ..., "category_id": ..., "nom": ... },
|
||||
...
|
||||
@ -710,6 +749,8 @@ class EstablishmentCompetencyListCreateView(APIView):
|
||||
@method_decorator(csrf_protect, name='dispatch')
|
||||
@method_decorator(ensure_csrf_cookie, name='dispatch')
|
||||
class EstablishmentCompetencyDetailView(APIView):
|
||||
permission_classes = [IsAuthenticated]
|
||||
|
||||
def get(self, request, id):
|
||||
try:
|
||||
ec = EstablishmentCompetency.objects.get(id=id)
|
||||
|
||||
Reference in New Issue
Block a user