acasini/n3wt-school
1
0
Fork 0
mirror of https://git.v0id.ovh/n3wt-innov/n3wt-school.git synced 2026-04-05 12:41:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: acasini:0.0.3
Branches Tags
acasini:main acasini:develop acasini:ci-jenkins
acasini:0.0.3 acasini:0.0.2 acasini:0.0.1
...
compare: acasini:develop
Branches Tags
acasini:develop acasini:ci-jenkins acasini:main
acasini:0.0.3 acasini:0.0.2 acasini:0.0.1

69 Commits
0.0.3 ... develop

Author SHA1 Message Date
N3WT DE COMPET
4431c428d3 fix: sélection enseignants dans les plannings 2026-04-05 12:08:04 +02:00
Luc SORIGNET
2ef71f99c3 chore: Application du design system 2026-04-05 12:00:34 +02:00
N3WT DE COMPET
f9c0585b30 fix: On n'historise plus les matières ni les enseignants 2026-04-05 11:41:52 +02:00
N3WT DE COMPET
12939fca85 fix: Mise à jour des plannings 2026-04-05 11:09:32 +02:00
N3WT DE COMPET
1f2a1b88ac fix: Revue des modales de création de groupes / formulaire 2026-04-05 10:41:17 +02:00
N3WT DE COMPET
762dede0af fix: Boutons de navigation + mise en page de l'aperçu du formulaire dynamique 2026-04-05 10:36:15 +02:00
N3WT DE COMPET
ccdbae1c08 fix: Mise en page sur absence de frais ou de tarifs lors de la création d'un DI 2026-04-05 09:32:17 +02:00
N3WT DE COMPET
2a223fe3dd fix: Réintégration du bouton de Bilan de compétence + harmonisation des paths d'upload de fichier 2026-04-05 09:24:30 +02:00
Luc SORIGNET
409cf05f1a fix: Chat getSession + passage en asyn ces getWebSocketUrl et connectToChat 2026-04-04 23:18:16 +02:00
Luc SORIGNET
b0e04e3adc fix: Upload document 2026-04-04 23:18:15 +02:00
N3WT DE COMPET
3c7266608d fix: Ne pas envoyer de mail lors de la création d'un DI 2026-04-04 22:47:01 +02:00
N3WT DE COMPET
5bbbcb9dc1 fix: Emploi du temps pour les classes de l'année scolaire en cours 2026-04-04 22:25:25 +02:00
Luc SORIGNET
053140c8be fix: correction du téléchargement du fichier 2026-04-04 22:23:47 +02:00
N3WT DE COMPET
90b0d14418 feat: Finalisation formulaire dynamique 2026-04-04 20:08:25 +02:00
Luc SORIGNET
ae06b6fef7 chore: renommage des variables d'environnement pour le start.py 2026-04-04 17:42:21 +02:00
Luc SORIGNET
e37aee2abc feat(backend,frontend): régénération et visualisation inline de la fiche élève PDF 2026-04-04 17:40:46 +02:00
N3WT DE COMPET
2d678b732f feat: Mise à jour de la page parent 2026-04-04 15:36:39 +02:00
N3WT DE COMPET
4c56cb6474 fix: Suppression envoi mail / création page feedback 2026-04-04 14:26:23 +02:00
Anthony CASINI
79e14a23fe Merge pull request 'feat: Ajout d'un système d'historisation et d'export de données en CSV [N3WTS-5]' (!76) from N3WTS-5-Historique-ACA into develop 
Reviewed-on: https://git.v0id.ovh/n3wt-innov/n3wt-school/pulls/76
 2026-04-04 11:55:03 +00:00
N3WT DE COMPET
269866fb1c Merge remote-tracking branch 'origin/develop' into N3WTS-5-Historique-ACA 2026-04-04 13:54:37 +02:00
N3WT DE COMPET
f091fa0432 feat: Ajout d'un système d'historisation et d'export de données en CSV [N3WTS-5] 2026-04-04 13:51:43 +02:00
Luc SORIGNET
a3291262d8 feat: Securisation du téléchargement de fichier 2026-04-04 13:44:57 +02:00
Luc SORIGNET
5f6c015d02 Merge branch 'worktree-design-system' into develop 2026-04-04 12:02:32 +02:00
Luc SORIGNET
09b1541dc8 feat: Ajout de la commande npm permettant de creer un etablissement 2026-04-04 11:57:59 +02:00
Luc SORIGNET
cb76a23d02 docs(design-system): add design system documentation and AI agent instructions 
- Add docs/design-system.md with color tokens, typography, spacing, icons, responsive/PWA rules and component reuse guidelines
- Add CLAUDE.md with permanent instructions for Claude Code
- Add .github/instructions/design-system.instruction.md for GitHub Copilot
- Update .github/copilot-instructions.md to reference the design system
- Update Front-End/tailwind.config.js with color tokens (primary, secondary, tertiary, neutral) and font families (Manrope/Inter)
- Update Front-End/src/app/layout.js to load Manrope and Inter via next/font/google
 2026-04-04 11:56:19 +02:00
N3WT DE COMPET
2579af9b8b fix: coorection démarrage 2026-04-04 10:49:35 +02:00
Anthony CASINI
3a132ae0bd Merge pull request 'N3WTS-6-Amelioration_Suivi_Eleve-ACA' (!75) from N3WTS-6-Amelioration_Suivi_Eleve-ACA into develop 
Reviewed-on: https://git.v0id.ovh/n3wt-innov/n3wt-school/pulls/75
 2026-04-04 06:36:09 +00:00
N3WT DE COMPET
905fa5dbfb feat: Ajout d'un système de notation par classe et par matière et par élève [N3WTS-6] 2026-04-03 22:10:32 +02:00
N3WT DE COMPET
edb9ace6ae Merge remote-tracking branch 'origin/develop' into N3WTS-6-Amelioration_Suivi_Eleve-ACA 2026-04-03 17:35:29 +02:00
Luc SORIGNET
4e50a0696f Merge pull request 'feat(frontend): refonte mobile planning et ameliorations suivi pedagogique [#NEWTS-4]' (!74) from NEWTS-4-Gestion_Responsive_Tailwind into develop 
Reviewed-on: https://git.v0id.ovh/n3wt-innov/n3wt-school/pulls/74
 2026-03-16 11:29:41 +00:00
Luc SORIGNET
4248a589c5 feat(frontend): refonte mobile planning et ameliorations suivi pedagogique [#NEWTS-4] 
Fonction PWA et ajout du responsive design

Planning mobile :
- Nouvelle vue DayView avec bandeau semaine scrollable, date picker natif et navigation integree
- ScheduleNavigation converti en drawer overlay sur mobile, sidebar fixe sur desktop
- Suppression double barre navigation mobile, controles deplaces dans DayView
- Date picker natif via label+input sur mobile

Suivi pedagogique :
- Refactorisation page grades avec composant Table partage
- Colonnes stats par periode, absences, actions (Fiche + Evaluer)
- Lien cliquable sur la classe vers SchoolClassManagement

feat(backend): ajout associated_class_id dans StudentByRFCreationSerializer [#NEWTS-4]

UI global :
- Remplacement fleches texte par icones Lucide ChevronDown/ChevronRight
- Pagination conditionnelle sur tous les tableaux plats
- Layout responsive mobile : cartes separees fond transparent
- Table.js : pagination optionnelle, wrapper md uniquement
 2026-03-16 12:27:06 +01:00
Luc SORIGNET
7464b19de5 Merge pull request 'NEWTS-9-Fusion_Liste_frais' (!73) from NEWTS-9-Fusion_Liste_frais into develop 
Reviewed-on: https://git.v0id.ovh/n3wt-innov/n3wt-school/pulls/73
 2026-03-15 11:11:34 +00:00
Luc SORIGNET
c96b9562a2 chore(ci): ajout test_settings.py et SKILL run-tests 2026-03-15 12:09:31 +01:00
Luc SORIGNET
7576b5a68c test(frontend): ajout tests unitaires Jest composants frais [#NEWTS-9] 2026-03-15 12:09:18 +01:00
Luc SORIGNET
e30a41a58b feat(frontend): fusion liste des frais et message compte existant [#NEWTS-9] 2026-03-15 12:09:02 +01:00
Luc SORIGNET
c296af2c07 Merge pull request 'NEWTS-12 : Sécurisation Backend' (!72) from NEWTS12-Securisation_Backend into develop 
Reviewed-on: https://git.v0id.ovh/n3wt-innov/n3wt-school/pulls/72
 2026-03-15 09:11:16 +00:00
Luc SORIGNET
fa843097ba feat: Securisation du Backend 2026-03-15 10:07:20 +01:00
N3WT DE COMPET
6fb3c5cdb4 feat: lister uniquement les élèves inscrits dans une classe [N3WTS-6] 2026-03-14 13:11:30 +01:00
N3WT DE COMPET
2fef6d61a4 feat: Gestion du refus définitif d'un dossier [N3WTS-2] 2026-03-14 11:35:19 +01:00
N3WT DE COMPET
0501c1dd73 feat: Finalisation de la validation / refus des documents signés par les parents [N3WTS-2] 2026-03-14 11:26:20 +01:00
N3WT DE COMPET
4f7d7d0024 feat: Gestion de l'affichage des documents validés et non validés sur la page parent [N3WTS-2] 2026-02-22 18:34:00 +01:00
N3WT DE COMPET
8fd1b62ec0 feat: Validation document par document [N3WTS-2] 2026-02-19 18:53:33 +01:00
N3WT DE COMPET
3779a47417 feat: Ajout bouton de refus de dossier avec zone de saisie de motif [N3WTS-2] 2026-02-16 17:54:20 +01:00
N3WT DE COMPET
05c68ebfaa feat: Page Structure : suppression de la possibilité de faire des actions d'admin [N3WTS-8] 2026-02-15 18:40:14 +01:00
N3WT DE COMPET
195579e217 feat: Page Inscriptions : suppression de la possibilité de créer un nouveau DI [N3WTS-8] 2026-02-15 18:08:07 +01:00
N3WT DE COMPET
ddcaba382e feat: Gestion de la sidebar [N3WTS-8] 2026-02-15 18:02:57 +01:00
N3WT DE COMPET
a82483f3bd chore: Suppression code mort [N3WTS-8] 2026-02-15 17:57:48 +01:00
N3WT DE COMPET
26d4b5633f fix: Changement des niveaux de logs [N3WTS-1] 2026-02-15 17:39:19 +01:00
N3WT DE COMPET
d66db1b019 feat: Envoi mail d'inscription au second responsable [N3WTS-1] 2026-02-15 17:36:55 +01:00
N3WT DE COMPET
bd7dc2b0c2 feat: Envoi mail d'inscription aux enseignants [N3WTS-1] 2026-02-15 16:37:43 +01:00
N3WT DE COMPET
176edc5c45 fix: Edition d'un teacher, champ email désactivé [N3WTS-1] 2026-02-15 15:47:51 +01:00
N3WT DE COMPET
92c6a31740 fix: Suppression d'un PROFILE si aucun PROFILE_ROLE n'y est associé [N3WTS-1] 2026-02-14 17:58:47 +01:00
N3WT DE COMPET
9dff32b388 feat: WIP finalisation partie signature des parents [N3WTS-17] 2026-02-13 17:06:21 +01:00
N3WT DE COMPET
abb4b525b2 feat: Gestion de l'arborescence des documents d'école en fonction des requêtes CRUD [N3WTS-17] 2026-01-25 11:01:22 +01:00
N3WT DE COMPET
b4f70e6bad feat: Sauvegarde des formulaires d'école dans les bons dossiers / 
utilisation des bons composants dans les modales [N3WTS-17]
 2026-01-18 18:44:13 +01:00
N3WT DE COMPET
8549699dec feat: Réorganisation items dans la page [N3WTS-17] 2026-01-05 14:56:36 +01:00
N3WT DE COMPET
a034149eae fix: Coquille [N3WTS-17] 2026-01-03 17:53:53 +01:00
N3WT DE COMPET
12f5fc7aa9 feat: Changement du rendu de la page des documents + gestion des 
formulaires d'école déjà existants [N3WTS-17]
 2026-01-03 17:49:25 +01:00
Luc SORIGNET
2dc0dfa268 fix: Lint 2025-12-14 16:49:48 +01:00
Luc SORIGNET
dd00cba385 feat: Précablage du formulaire dynamique [N3WTS-17] 2025-11-30 17:24:25 +01:00
N3WT DE COMPET
7486f6c5ce feat: Traitement de clonages des templates de documents dans le back 
uniquement [#N3WTS-17]
 2025-11-29 16:43:51 +01:00
N3WT DE COMPET
1e5bc6ccba feat: Début de suppression de docuseal côté Front [#N3WTS-17] 2025-11-29 12:20:14 +01:00
N3WT DE COMPET
0fb668b212 feat: push test [#N3WTS-17] 2025-11-29 11:33:21 +01:00
Luc SORIGNET
5e62ee5100 feat: Ajout des composants manquant dans le FormTemplateBuilder [N3WTS-17] 2025-09-01 12:09:19 +02:00
Luc SORIGNET
e89d2fc4c3 feat: Ajout FormTemplateBuilder [N3WTS-17] 2025-09-01 11:08:21 +02:00
Luc SORIGNET
9481a0132d feat: creation d'un FormRenderer.js pour creer un formulaire dynamique [NEWTS-17] 2025-08-31 12:26:04 +02:00
Luc SORIGNET
482e8c1357 Merge pull request 'fix: Mise en place de l'auto reload pour Daphne [#65]' (#67) from A65_ReloadBackEnd into develop 
Reviewed-on: https://git.v0id.ovh/n3wt-innov/n3wt-school/pulls/67
 2025-06-05 18:08:48 +00:00
N3WT DE COMPET
0e0141d155 Merge remote-tracking branch 'origin/main' into develop 2025-06-05 19:59:08 +02:00
N3WT DE COMPET
7f002e2e6a fix: Mise en place de l'auto reload pour Daphne [#65] 2025-06-05 19:55:35 +02:00
289 changed files with 22518 additions and 5980 deletions
Expand all files Collapse all files

21
.github/copilot-instructions.md vendored
View File

@ -52,7 +52,28 @@ Pour le front-end, les exigences de qualité sont les suivantes :
- Documentation en français pour les nouvelles fonctionnalités (si applicable) - Documentation en français pour les nouvelles fonctionnalités (si applicable)
- Référence : [documentation guidelines](./instructions/documentation.instruction.md) - Référence : [documentation guidelines](./instructions/documentation.instruction.md)
## Design System
Le projet utilise un design system défini. Toujours s'y conformer lors de toute modification de l'interface.
- Référence complète : [design system](../docs/design-system.md)
- Règles Copilot : [design system instructions](./instructions/design-system.instruction.md)
### Résumé des tokens obligatoires
| Token Tailwind | Hex | Usage |
|----------------|-----------|-------------------------------|
| `primary` | `#059669` | Boutons, CTA, éléments actifs |
| `secondary` | `#064E3B` | Hover, accents sombres |
| `tertiary` | `#10B981` | Badges, icônes |
| `neutral` | `#F8FAFC` | Fonds de page, surfaces |
- Polices : `font-headline` (Manrope) pour les titres, `font-body`/`font-label` (Inter) pour le reste
- **Ne jamais** utiliser `emerald-*` pour les éléments interactifs
## Références ## Références
- **Tickets** : [issues guidelines](./instructions/issues.instruction.md) - **Tickets** : [issues guidelines](./instructions/issues.instruction.md)
- **Commits** : [commit guidelines](./instructions/general-commit.instruction.md) - **Commits** : [commit guidelines](./instructions/general-commit.instruction.md)
- **Tests** : [run tests](./instructions/run-tests.instruction.md)
- **Design System** : [design system instructions](./instructions/design-system.instruction.md)

116
.github/instructions/design-system.instruction.md vendored Normal file
View File

@ -0,0 +1,116 @@
---
applyTo: "Front-End/src/**"
---
# Design System — Règles Copilot
Référence complète : [`docs/design-system.md`](../../docs/design-system.md)
## Couleurs — tokens Tailwind obligatoires
Utiliser **toujours** ces tokens pour les éléments interactifs :
| Token | Hex | Remplace |
|-------------|-----------|-----------------------------------|
| `primary` | `#059669` | `emerald-600`, `emerald-500` |
| `secondary` | `#064E3B` | `emerald-700`, `emerald-800` |
| `tertiary` | `#10B981` | `emerald-400`, `emerald-500` |
| `neutral` | `#F8FAFC` | Fonds neutres |
**Ne jamais écrire** `bg-emerald-*`, `text-emerald-*`, `border-emerald-*` pour des éléments interactifs.
### Patterns corrects
```jsx
// Bouton
<button className="bg-primary hover:bg-secondary text-white px-4 py-2 rounded">
// Texte actif
<span className="text-primary">
// Badge
<span className="bg-tertiary/10 text-tertiary text-xs px-2 py-0.5 rounded">
// Fond de page
<div className="bg-neutral">
```
## Typographie
```jsx
// Titre de section
<h1 className="font-headline text-2xl font-bold">
// Sous-titre
<h2 className="font-headline text-xl font-semibold">
// Label de formulaire
<label className="font-label text-sm font-medium text-gray-700">
```
> `font-body` est le défaut sur `<body>` — inutile de l'ajouter sur les `<p>`.
## Arrondi
- Par défaut : `rounded` (4px)
- Cards / modales : `rounded-md` (6px)
- Grandes surfaces : `rounded-lg` (8px)
- **Éviter** `rounded-xl` sauf avatars ou indicateurs circulaires
## Espacement
- Grille 4px/8px : `p-1`=4px, `p-2`=8px, `p-3`=12px, `p-4`=16px
- **Pas** de valeurs arbitraires `p-[13px]`
## Mode
Interface **light uniquement** — ne pas ajouter `dark:` prefixes.
---
## Icônes
Utiliser **uniquement** `lucide-react`. Jamais d'autres bibliothèques d'icônes.
```jsx
import { Home, Plus, ChevronRight } from 'lucide-react';
<Home size={20} className="text-primary" />
<button className="flex items-center gap-2"><Plus size={16} />Ajouter</button>
```
- Taille par défaut : `size={20}` inline, `size={24}` boutons standalone
- Couleur via `className="text-*"` uniquement — jamais le prop `color`
- Icône seule : ajouter `aria-label` pour l'accessibilité
---
## Responsive & PWA
**Mobile-first** : les styles de base ciblent le mobile, on étend avec `sm:` / `md:` / `lg:`.
```jsx
// Layout
<div className="px-4 sm:px-6 lg:px-8 py-4 sm:py-6">
// Grille
<div className="grid grid-cols-1 sm:grid-cols-2 lg:grid-cols-3 gap-4">
// Bouton full-width mobile
<button className="w-full sm:w-auto bg-primary text-white px-4 py-2 rounded">
```
- Touch targets ≥ 44px : `min-h-[44px]` sur tous les éléments interactifs
- Pas d'interactions uniquement au `:hover` — prévoir une alternative tactile
- Tableaux sur mobile : utiliser la classe utilitaire `responsive-table` (définie dans `tailwind.css`)
---
## Réutilisation des composants
**Toujours chercher un composant existant dans `Front-End/src/components/` avant d'en créer un.**
Composants clés disponibles : `AlertMessage`, `Modal`, `Pagination`, `SectionHeader`, `ProgressStep`, `EventCard`, `Calendar/*`, `Chat/*`, `Evaluation/*`, `Grades/*`, `Form/*`, `Admin/*`, `Charts/*`.
- Étendre via des props (`variant`, `size`, `className`) plutôt que de dupliquer
- Appliquer les tokens du design system dans tout composant modifié ou créé

2
.github/instructions/documentation.instruction.md vendored
View File

@ -1,5 +1,5 @@
La documentation doit être en français et claire pour les utilisateurs francophones. La documentation doit être en français et claire pour les utilisateurs francophones.
Toutes la documentation doit être dans le dossier docs/ Toutes la documentation doit être dans le dossier docs/ à la racine.
Seul les fichiers README.md, CHANGELOG.md doivent être à la racine. Seul les fichiers README.md, CHANGELOG.md doivent être à la racine.
La documentation doit être conscise et pertinente, sans répétitions inutiles entre les documents. La documentation doit être conscise et pertinente, sans répétitions inutiles entre les documents.
Tout ce qui concerne la gestion de projet, roadmap ne doit pas apparaître dans la documentation. Tout ce qui concerne la gestion de projet, roadmap ne doit pas apparaître dans la documentation.

53
.github/instructions/run-tests.instruction.md vendored Normal file
View File

@ -0,0 +1,53 @@
---
applyTo: "**"
---
# Lancer les tests N3WT-SCHOOL
## Tests backend (Django)
Les tests backend tournent dans le conteneur Docker. Toujours utiliser `--settings=N3wtSchool.test_settings`.
```powershell
# Tous les tests
docker exec -it n3wt-school-backend-1 python3 manage.py test --settings=N3wtSchool.test_settings --verbosity=2
# Un module spécifique
docker exec -it n3wt-school-backend-1 python3 manage.py test --settings=N3wtSchool.test_settings Auth.tests --verbosity=2
```
### Points importants
- Le fichier `Back-End/N3wtSchool/test_settings.py` configure l'environnement de test :
- Base PostgreSQL dédiée `school_test` (SQLite incompatible avec `ArrayField`)
- Cache en mémoire locale (pas de Redis)
- Channels en mémoire (`InMemoryChannelLayer`)
- Throttling désactivé
- Hashage MD5 (plus rapide)
- Email en mode `locmem`
- Si le conteneur n'est pas démarré : `docker compose up -d` depuis la racine du projet
- Les logs `WARNING` dans la sortie des tests sont normaux (endpoints qui retournent 400/401 intentionnellement)
## Tests frontend (Jest)
```powershell
# Depuis le dossier Front-End
cd Front-End
npm test -- --watchAll=false
# Avec couverture
npm test -- --watchAll=false --coverage
```
### Points importants
- Les tests sont dans `Front-End/src/test/`
- Les warnings `ReactDOMTestUtils.act is deprecated` sont non bloquants (dépendance `@testing-library/react`)
- Config Jest : `Front-End/jest.config.js`
## Résultats attendus
| Périmètre | Nb tests | Statut |
| -------------- | -------- | ------ |
| Backend Django | 121 | ✅ OK |
| Frontend Jest | 24 | ✅ OK |

4
.gitignore vendored
View File

@ -2,4 +2,6 @@
.env .env
node_modules/ node_modules/
hardcoded-strings-report.md hardcoded-strings-report.md
backend.env backend.env
*.log
.claude/worktrees/*

3
.husky/commit-msg Normal file → Executable file
View File

@ -1 +1,2 @@
npx --no -- commitlint --edit $1 #!/bin/sh
npx --no -- commitlint --edit $1

3
.husky/pre-commit Normal file → Executable file
View File

@ -1 +1,2 @@
cd $(dirname "$0")/../Front-End/ && npm run lint-light #!/bin/sh
cd $(dirname "$0")/../Front-End/ && npm run lint-light

3
.husky/prepare-commit-msg Normal file → Executable file
View File

@ -1 +1,2 @@
#node scripts/prepare-commit-msg.js "$1" "$2" #!/bin/sh
#node scripts/prepare-commit-msg.js "$1" "$2"

48
Back-End/Auth/backends.py
View File

@ -2,6 +2,12 @@ from django.contrib.auth import get_user_model
from django.contrib.auth.backends import ModelBackend from django.contrib.auth.backends import ModelBackend
from Auth.models import Profile from Auth.models import Profile
from N3wtSchool import bdd from N3wtSchool import bdd
from rest_framework_simplejwt.authentication import JWTAuthentication
from rest_framework_simplejwt.exceptions import TokenError, InvalidToken
import logging
logger = logging.getLogger("Auth")
class EmailBackend(ModelBackend): class EmailBackend(ModelBackend):
def authenticate(self, request, username=None, password=None, **kwargs): def authenticate(self, request, username=None, password=None, **kwargs):
@ -18,3 +24,45 @@ class EmailBackend(ModelBackend):
except Profile.DoesNotExist: except Profile.DoesNotExist:
return None return None
class LoggingJWTAuthentication(JWTAuthentication):
"""
Surclasse JWTAuthentication pour loguer pourquoi un token Bearer est rejeté.
Cela aide à diagnostiquer les 401 sans avoir à ajouter des prints partout.
"""
def authenticate(self, request):
header = self.get_header(request)
if header is None:
logger.debug("JWT: pas de header Authorization dans la requête %s %s",
request.method, request.path)
return None
raw_token = self.get_raw_token(header)
if raw_token is None:
logger.debug("JWT: header Authorization présent mais token vide pour %s %s",
request.method, request.path)
return None
try:
validated_token = self.get_validated_token(raw_token)
except InvalidToken as e:
logger.warning(
"JWT: token invalide pour %s %s%s",
request.method, request.path, str(e)
)
raise
try:
user = self.get_user(validated_token)
except Exception as e:
logger.warning(
"JWT: utilisateur introuvable pour %s %s%s",
request.method, request.path, str(e)
)
raise
logger.debug("JWT: authentification réussie user_id=%s pour %s %s",
user.pk, request.method, request.path)
return user, validated_token

4
Back-End/Auth/migrations/0001_initial.py
View File

@ -1,4 +1,4 @@
# Generated by Django 5.1.3 on 2025-05-28 11:14 # Generated by Django 5.1.3 on 2026-04-05 08:05
import django.contrib.auth.models import django.contrib.auth.models
import django.contrib.auth.validators import django.contrib.auth.validators
@ -24,7 +24,7 @@ class Migration(migrations.Migration):
fields=[ fields=[
('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
('role_type', models.IntegerField(choices=[(-1, 'NON DEFINI'), (0, 'ECOLE'), (1, 'ADMIN'), (2, 'PARENT')], default=-1)), ('role_type', models.IntegerField(choices=[(-1, 'NON DEFINI'), (0, 'ECOLE'), (1, 'ADMIN'), (2, 'PARENT')], default=-1)),
('is_active', models.BooleanField(default=False)), ('is_active', models.BooleanField(blank=True, default=False)),
('updated_date', models.DateTimeField(auto_now=True)), ('updated_date', models.DateTimeField(auto_now=True)),
('establishment', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='profile_roles', to='Establishment.establishment')), ('establishment', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='profile_roles', to='Establishment.establishment')),
], ],

2
Back-End/Auth/models.py
View File

@ -25,7 +25,7 @@ class ProfileRole(models.Model):
profile = models.ForeignKey('Profile', on_delete=models.CASCADE, related_name='roles') profile = models.ForeignKey('Profile', on_delete=models.CASCADE, related_name='roles')
role_type = models.IntegerField(choices=RoleType.choices, default=RoleType.PROFIL_UNDEFINED) role_type = models.IntegerField(choices=RoleType.choices, default=RoleType.PROFIL_UNDEFINED)
establishment = models.ForeignKey('Establishment.Establishment', on_delete=models.CASCADE, related_name='profile_roles') establishment = models.ForeignKey('Establishment.Establishment', on_delete=models.CASCADE, related_name='profile_roles')
is_active = models.BooleanField(default=False) is_active = models.BooleanField(default=False, blank=True)
updated_date = models.DateTimeField(auto_now=True) updated_date = models.DateTimeField(auto_now=True)
def __str__(self): def __str__(self):

2
Back-End/Auth/serializers.py
View File

@ -14,7 +14,7 @@ class ProfileSerializer(serializers.ModelSerializer):
class Meta: class Meta:
model = Profile model = Profile
fields = ['id', 'password', 'email', 'code', 'datePeremption', 'username', 'roles', 'roleIndexLoginDefault'] fields = ['id', 'password', 'email', 'code', 'datePeremption', 'username', 'roles', 'roleIndexLoginDefault', 'first_name', 'last_name']
extra_kwargs = {'password': {'write_only': True}} extra_kwargs = {'password': {'write_only': True}}
def get_roles(self, obj): def get_roles(self, obj):

553
Back-End/Auth/tests.py Normal file
View File

@ -0,0 +1,553 @@
"""
Tests unitaires pour le module Auth.
Vérifie :
- L'accès public aux endpoints de login/CSRF/subscribe
- La protection JWT des endpoints protégés (profils, rôles, session)
- La génération et validation des tokens JWT
"""
import json
from django.test import TestCase, override_settings
from django.urls import reverse
from rest_framework import status
from rest_framework.test import APIClient
from rest_framework_simplejwt.tokens import RefreshToken
from Auth.models import Profile, ProfileRole
from Establishment.models import Establishment
# ---------------------------------------------------------------------------
# Helpers
# ---------------------------------------------------------------------------
def create_establishment():
"""Crée un établissement minimal utilisé dans les tests."""
return Establishment.objects.create(
name="Ecole Test",
address="1 rue de l'Ecole",
total_capacity=100,
establishment_type=[1],
)
def create_user(email="test@example.com", password="testpassword123"):
"""Crée un utilisateur (Profile) de test."""
user = Profile.objects.create_user(
username=email,
email=email,
password=password,
)
return user
def create_active_user_with_role(email="active@example.com", password="testpassword123"):
"""Crée un utilisateur avec un rôle actif."""
user = create_user(email=email, password=password)
establishment = create_establishment()
ProfileRole.objects.create(
profile=user,
role_type=ProfileRole.RoleType.PROFIL_ADMIN,
establishment=establishment,
is_active=True,
)
return user
def get_jwt_token(user):
"""Retourne un token d'accès JWT pour l'utilisateur donné."""
refresh = RefreshToken.for_user(user)
return str(refresh.access_token)
# ---------------------------------------------------------------------------
# Tests endpoints publics
# ---------------------------------------------------------------------------
@override_settings(
CACHES={'default': {'BACKEND': 'django.core.cache.backends.locmem.LocMemCache'}},
SESSION_ENGINE='django.contrib.sessions.backends.db',
)
class CsrfEndpointTest(TestCase):
"""Test de l'endpoint CSRF doit être accessible sans authentification."""
def setUp(self):
self.client = APIClient()
def test_csrf_endpoint_accessible_sans_auth(self):
"""GET /Auth/csrf doit retourner 200 sans token."""
response = self.client.get(reverse("Auth:csrf"))
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertIn("csrfToken", response.json())
@override_settings(
CACHES={'default': {'BACKEND': 'django.core.cache.backends.locmem.LocMemCache'}},
SESSION_ENGINE='django.contrib.sessions.backends.db',
)
class LoginEndpointTest(TestCase):
"""Tests de l'endpoint de connexion."""
def setUp(self):
self.client = APIClient()
self.url = reverse("Auth:login")
self.user = create_active_user_with_role(
email="logintest@example.com", password="secureP@ss1"
)
def test_login_avec_identifiants_valides(self):
"""POST /Auth/login avec identifiants valides retourne 200 et un token."""
payload = {"email": "logintest@example.com", "password": "secureP@ss1"}
response = self.client.post(
self.url, data=json.dumps(payload), content_type="application/json"
)
self.assertEqual(response.status_code, status.HTTP_200_OK)
data = response.json()
self.assertIn("token", data)
self.assertIn("refresh", data)
def test_login_avec_mauvais_mot_de_passe(self):
"""POST /Auth/login avec mauvais mot de passe retourne 400 ou 401."""
payload = {"email": "logintest@example.com", "password": "wrongpassword"}
response = self.client.post(
self.url, data=json.dumps(payload), content_type="application/json"
)
self.assertIn(response.status_code, [status.HTTP_400_BAD_REQUEST, status.HTTP_401_UNAUTHORIZED])
def test_login_avec_email_inexistant(self):
"""POST /Auth/login avec email inconnu retourne 400 ou 401."""
payload = {"email": "unknown@example.com", "password": "anypassword"}
response = self.client.post(
self.url, data=json.dumps(payload), content_type="application/json"
)
self.assertIn(response.status_code, [status.HTTP_400_BAD_REQUEST, status.HTTP_401_UNAUTHORIZED])
def test_login_accessible_sans_authentification(self):
"""L'endpoint de login doit être accessible sans token JWT."""
# On vérifie juste que l'on n'obtient pas 401/403 pour raison d'auth manquante
payload = {"email": "logintest@example.com", "password": "secureP@ss1"}
response = self.client.post(
self.url, data=json.dumps(payload), content_type="application/json"
)
self.assertNotEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
self.assertNotEqual(response.status_code, status.HTTP_403_FORBIDDEN)
@override_settings(
CACHES={'default': {'BACKEND': 'django.core.cache.backends.locmem.LocMemCache'}},
SESSION_ENGINE='django.contrib.sessions.backends.db',
)
class RefreshJWTEndpointTest(TestCase):
"""Tests de l'endpoint de rafraîchissement du token JWT."""
def setUp(self):
self.client = APIClient()
self.url = reverse("Auth:refresh_jwt")
self.user = create_active_user_with_role(email="refresh@example.com")
def test_refresh_avec_token_valide(self):
"""POST /Auth/refreshJWT avec refresh token valide retourne un nouvel access token."""
import jwt, uuid
from datetime import datetime, timedelta
from django.conf import settings as django_settings
# RefreshJWTView attend le format custom (type='refresh'), pas le format SimpleJWT
refresh_payload = {
'user_id': self.user.id,
'type': 'refresh',
'jti': str(uuid.uuid4()),
'exp': datetime.utcnow() + timedelta(days=1),
'iat': datetime.utcnow(),
}
custom_refresh = jwt.encode(
refresh_payload,
django_settings.SIMPLE_JWT['SIGNING_KEY'],
algorithm=django_settings.SIMPLE_JWT['ALGORITHM'],
)
payload = {"refresh": custom_refresh}
response = self.client.post(
self.url, data=json.dumps(payload), content_type="application/json"
)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertIn("token", response.json())
def test_refresh_avec_token_invalide(self):
"""POST /Auth/refreshJWT avec token invalide retourne 401."""
payload = {"refresh": "invalid.token.here"}
response = self.client.post(
self.url, data=json.dumps(payload), content_type="application/json"
)
self.assertIn(response.status_code, [status.HTTP_400_BAD_REQUEST, status.HTTP_401_UNAUTHORIZED])
def test_refresh_accessible_sans_authentification(self):
"""L'endpoint de refresh doit être accessible sans token d'accès."""
refresh = RefreshToken.for_user(self.user)
payload = {"refresh": str(refresh)}
response = self.client.post(
self.url, data=json.dumps(payload), content_type="application/json"
)
self.assertNotEqual(response.status_code, status.HTTP_403_FORBIDDEN)
# ---------------------------------------------------------------------------
# Tests endpoints protégés Session
# ---------------------------------------------------------------------------
@override_settings(
CACHES={'default': {'BACKEND': 'django.core.cache.backends.locmem.LocMemCache'}},
SESSION_ENGINE='django.contrib.sessions.backends.db',
)
class SessionEndpointTest(TestCase):
"""Tests de l'endpoint d'information de session."""
def setUp(self):
self.client = APIClient()
self.url = reverse("Auth:infoSession")
self.user = create_active_user_with_role(email="session@example.com")
def test_info_session_sans_token_retourne_401(self):
"""GET /Auth/infoSession sans token doit retourner 401."""
response = self.client.get(self.url)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
def test_info_session_avec_token_valide_retourne_200(self):
"""GET /Auth/infoSession avec token valide doit retourner 200 et les données utilisateur."""
token = get_jwt_token(self.user)
self.client.credentials(HTTP_AUTHORIZATION=f"Bearer {token}")
response = self.client.get(self.url)
self.assertEqual(response.status_code, status.HTTP_200_OK)
data = response.json()
self.assertIn("user", data)
self.assertEqual(data["user"]["email"], self.user.email)
def test_info_session_avec_token_invalide_retourne_401(self):
"""GET /Auth/infoSession avec token invalide doit retourner 401."""
self.client.credentials(HTTP_AUTHORIZATION="Bearer token.invalide.xyz")
response = self.client.get(self.url)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
def test_info_session_avec_token_expire_retourne_401(self):
"""GET /Auth/infoSession avec un token expiré doit retourner 401."""
import jwt
from datetime import datetime, timedelta
from django.conf import settings as django_settings
expired_payload = {
'user_id': self.user.id,
'exp': datetime.utcnow() - timedelta(hours=1),
}
expired_token = jwt.encode(
expired_payload, django_settings.SECRET_KEY, algorithm='HS256'
)
self.client.credentials(HTTP_AUTHORIZATION=f"Bearer {expired_token}")
response = self.client.get(self.url)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
# ---------------------------------------------------------------------------
# Tests endpoints protégés Profils
# ---------------------------------------------------------------------------
@override_settings(
CACHES={'default': {'BACKEND': 'django.core.cache.backends.locmem.LocMemCache'}},
SESSION_ENGINE='django.contrib.sessions.backends.db',
REST_FRAMEWORK={
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework_simplejwt.authentication.JWTAuthentication',
),
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAuthenticated',
),
},
)
class ProfileEndpointAuthTest(TestCase):
"""Tests d'authentification sur les endpoints de profils."""
def setUp(self):
self.client = APIClient()
self.profiles_url = reverse("Auth:profile")
self.user = create_active_user_with_role(email="profile_auth@example.com")
def test_get_profiles_sans_auth_retourne_401(self):
"""GET /Auth/profiles sans token doit retourner 401."""
response = self.client.get(self.profiles_url)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
def test_get_profiles_avec_auth_retourne_200(self):
"""GET /Auth/profiles avec token valide doit retourner 200."""
token = get_jwt_token(self.user)
self.client.credentials(HTTP_AUTHORIZATION=f"Bearer {token}")
response = self.client.get(self.profiles_url)
self.assertEqual(response.status_code, status.HTTP_200_OK)
def test_post_profile_sans_auth_retourne_401(self):
"""POST /Auth/profiles sans token doit retourner 401."""
payload = {"email": "new@example.com", "password": "pass123"}
response = self.client.post(
self.profiles_url,
data=json.dumps(payload),
content_type="application/json",
)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
def test_get_profile_par_id_sans_auth_retourne_401(self):
"""GET /Auth/profiles/{id} sans token doit retourner 401."""
url = reverse("Auth:profile", kwargs={"id": self.user.id})
response = self.client.get(url)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
def test_put_profile_sans_auth_retourne_401(self):
"""PUT /Auth/profiles/{id} sans token doit retourner 401."""
url = reverse("Auth:profile", kwargs={"id": self.user.id})
payload = {"email": self.user.email}
response = self.client.put(
url, data=json.dumps(payload), content_type="application/json"
)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
def test_delete_profile_sans_auth_retourne_401(self):
"""DELETE /Auth/profiles/{id} sans token doit retourner 401."""
url = reverse("Auth:profile", kwargs={"id": self.user.id})
response = self.client.delete(url)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
# ---------------------------------------------------------------------------
# Tests endpoints protégés ProfileRole
# ---------------------------------------------------------------------------
@override_settings(
CACHES={'default': {'BACKEND': 'django.core.cache.backends.locmem.LocMemCache'}},
SESSION_ENGINE='django.contrib.sessions.backends.db',
REST_FRAMEWORK={
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework_simplejwt.authentication.JWTAuthentication',
),
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAuthenticated',
),
},
)
class ProfileRoleEndpointAuthTest(TestCase):
"""Tests d'authentification sur les endpoints de rôles."""
def setUp(self):
self.client = APIClient()
self.profile_roles_url = reverse("Auth:profileRoles")
self.user = create_active_user_with_role(email="roles_auth@example.com")
def test_get_profile_roles_sans_auth_retourne_401(self):
"""GET /Auth/profileRoles sans token doit retourner 401."""
response = self.client.get(self.profile_roles_url)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
def test_get_profile_roles_avec_auth_retourne_200(self):
"""GET /Auth/profileRoles avec token valide doit retourner 200."""
token = get_jwt_token(self.user)
self.client.credentials(HTTP_AUTHORIZATION=f"Bearer {token}")
response = self.client.get(self.profile_roles_url)
self.assertNotIn(
response.status_code,
[status.HTTP_401_UNAUTHORIZED, status.HTTP_403_FORBIDDEN],
msg="Un token valide ne doit pas être rejeté par la couche d'authentification",
)
def test_post_profile_role_sans_auth_retourne_401(self):
"""POST /Auth/profileRoles sans token doit retourner 401."""
payload = {"profile": self.user.id, "role_type": 1}
response = self.client.post(
self.profile_roles_url,
data=json.dumps(payload),
content_type="application/json",
)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
# ---------------------------------------------------------------------------
# Tests de génération de token JWT
# ---------------------------------------------------------------------------
@override_settings(
CACHES={'default': {'BACKEND': 'django.core.cache.backends.locmem.LocMemCache'}},
SESSION_ENGINE='django.contrib.sessions.backends.db',
)
class JWTTokenGenerationTest(TestCase):
"""Tests de génération et validation des tokens JWT."""
def setUp(self):
self.user = create_user(email="jwt@example.com", password="jwttest123")
def test_generation_token_valide(self):
"""Un token généré pour un utilisateur est valide et contient user_id."""
import jwt
from django.conf import settings as django_settings
token = get_jwt_token(self.user)
self.assertIsNotNone(token)
self.assertIsInstance(token, str)
decoded = jwt.decode(token, django_settings.SECRET_KEY, algorithms=["HS256"])
self.assertEqual(decoded["user_id"], self.user.id)
def test_refresh_token_permet_obtenir_nouvel_access_token(self):
"""Le refresh token permet d'obtenir un nouvel access token via SimpleJWT."""
refresh = RefreshToken.for_user(self.user)
access = refresh.access_token
self.assertIsNotNone(str(access))
self.assertIsNotNone(str(refresh))
def test_token_different_par_utilisateur(self):
"""Deux utilisateurs différents ont des tokens différents."""
user2 = create_user(email="jwt2@example.com", password="jwttest123")
token1 = get_jwt_token(self.user)
token2 = get_jwt_token(user2)
self.assertNotEqual(token1, token2)
# ---------------------------------------------------------------------------
# Tests de sécurité — Correction des vulnérabilités identifiées
# ---------------------------------------------------------------------------
@override_settings(
CACHES={'default': {'BACKEND': 'django.core.cache.backends.locmem.LocMemCache'}},
SESSION_ENGINE='django.contrib.sessions.backends.db',
)
class SessionViewTokenTypeTest(TestCase):
"""
SessionView doit rejeter les refresh tokens.
Avant la correction, jwt.decode() était appelé sans vérification du claim 'type',
ce qui permettait d'utiliser un refresh token là où seul un access token est attendu.
"""
def setUp(self):
self.client = APIClient()
self.url = reverse("Auth:infoSession")
self.user = create_active_user_with_role(email="session_type@example.com")
def test_refresh_token_rejete_par_session_view(self):
"""
Utiliser un refresh token SimpleJWT sur /infoSession doit retourner 401.
"""
import jwt
from datetime import datetime, timedelta
from django.conf import settings as django_settings
# Fabriquer manuellement un token de type 'refresh' signé avec la clé correcte
refresh_payload = {
'user_id': self.user.id,
'type': 'refresh', # ← type incorrect pour cet endpoint
'jti': 'test-refresh-jti',
'exp': datetime.utcnow() + timedelta(days=1),
'iat': datetime.utcnow(),
}
refresh_token = jwt.encode(
refresh_payload, django_settings.SECRET_KEY, algorithm='HS256'
)
self.client.credentials(HTTP_AUTHORIZATION=f"Bearer {refresh_token}")
response = self.client.get(self.url)
self.assertEqual(
response.status_code, status.HTTP_401_UNAUTHORIZED,
"Un refresh token ne doit pas être accepté sur /infoSession (OWASP A07 - Auth Failures)"
)
def test_access_token_accepte_par_session_view(self):
"""Un access token de type 'access' est accepté."""
import jwt
from datetime import datetime, timedelta
from django.conf import settings as django_settings
access_payload = {
'user_id': self.user.id,
'type': 'access',
'jti': 'test-access-jti',
'exp': datetime.utcnow() + timedelta(minutes=15),
'iat': datetime.utcnow(),
}
access_token = jwt.encode(
access_payload, django_settings.SECRET_KEY, algorithm='HS256'
)
self.client.credentials(HTTP_AUTHORIZATION=f"Bearer {access_token}")
response = self.client.get(self.url)
self.assertEqual(response.status_code, status.HTTP_200_OK)
@override_settings(
CACHES={'default': {'BACKEND': 'django.core.cache.backends.locmem.LocMemCache'}},
SESSION_ENGINE='django.contrib.sessions.backends.db',
)
class RefreshJWTErrorLeakTest(TestCase):
"""
RefreshJWTView ne doit pas retourner les messages d'exception internes.
Avant la correction, str(e) était renvoyé directement au client.
"""
def setUp(self):
self.client = APIClient()
self.url = reverse("Auth:refresh_jwt")
def test_token_invalide_ne_revele_pas_details_internes(self):
"""
Un token invalide doit retourner un message générique, pas les détails de l'exception.
"""
payload = {"refresh": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.forged.signature"}
response = self.client.post(
self.url, data=json.dumps(payload), content_type="application/json"
)
self.assertIn(response.status_code, [status.HTTP_400_BAD_REQUEST, status.HTTP_401_UNAUTHORIZED])
body = response.content.decode()
# Le message ne doit pas contenir de traceback ou de détails internes de bibliothèque
self.assertNotIn("Traceback", body)
self.assertNotIn("jwt.exceptions", body)
self.assertNotIn("simplejwt", body.lower())
def test_erreur_reponse_est_generique(self):
"""
Le message d'erreur doit être 'Token invalide' (générique), pas le str(e).
"""
payload = {"refresh": "bad.token.data"}
response = self.client.post(
self.url, data=json.dumps(payload), content_type="application/json"
)
data = response.json()
self.assertIn('errorMessage', data)
# Le message doit être le message générique, pas la chaîne brute de l'exception
self.assertIn(data['errorMessage'], ['Token invalide', 'Format de token invalide',
'Refresh token expiré', 'Erreur interne du serveur'])
@override_settings(
CACHES={'default': {'BACKEND': 'django.core.cache.backends.locmem.LocMemCache'}},
SESSION_ENGINE='django.contrib.sessions.backends.db',
)
class SecurityHeadersTest(TestCase):
"""
Les en-têtes de sécurité HTTP doivent être présents dans toutes les réponses.
"""
def setUp(self):
self.client = APIClient()
def test_x_content_type_options_present(self):
"""X-Content-Type-Options: nosniff doit être présent."""
response = self.client.get(reverse("Auth:csrf"))
self.assertEqual(
response.get('X-Content-Type-Options'), 'nosniff',
"X-Content-Type-Options: nosniff doit être défini (prévient le MIME sniffing)"
)
def test_referrer_policy_present(self):
"""Referrer-Policy doit être présent."""
response = self.client.get(reverse("Auth:csrf"))
self.assertIsNotNone(
response.get('Referrer-Policy'),
"Referrer-Policy doit être défini"
)
def test_csp_frame_ancestors_present(self):
"""Content-Security-Policy doit contenir frame-ancestors."""
response = self.client.get(reverse("Auth:csrf"))
csp = response.get('Content-Security-Policy', '')
self.assertIn('frame-ancestors', csp,
"CSP doit définir frame-ancestors (protection clickjacking)")
self.assertIn("object-src 'none'", csp,
"CSP doit définir object-src 'none' (prévient les plugins malveillants)")

71
Back-End/Auth/views.py
View File

@ -17,10 +17,12 @@ from datetime import datetime, timedelta
import jwt import jwt
from jwt.exceptions import ExpiredSignatureError, InvalidTokenError from jwt.exceptions import ExpiredSignatureError, InvalidTokenError
import json import json
import uuid
from . import validator from . import validator
from .models import Profile, ProfileRole from .models import Profile, ProfileRole
from rest_framework.decorators import action, api_view from rest_framework.decorators import action, api_view, permission_classes
from rest_framework.permissions import IsAuthenticated, AllowAny
from django.db.models import Q from django.db.models import Q
from Auth.serializers import ProfileSerializer, ProfileRoleSerializer from Auth.serializers import ProfileSerializer, ProfileRoleSerializer
@ -28,13 +30,28 @@ from Subscriptions.models import RegistrationForm, Guardian
import N3wtSchool.mailManager as mailer import N3wtSchool.mailManager as mailer
import Subscriptions.util as util import Subscriptions.util as util
import logging import logging
from N3wtSchool import bdd, error, settings from N3wtSchool import bdd, error
from rest_framework.throttling import AnonRateThrottle
from rest_framework_simplejwt.authentication import JWTAuthentication from rest_framework_simplejwt.authentication import JWTAuthentication
logger = logging.getLogger("AuthViews") logger = logging.getLogger("AuthViews")
class LoginRateThrottle(AnonRateThrottle):
"""Limite les tentatives de connexion à 10/min par IP.
Configurable via DEFAULT_THROTTLE_RATES['login'] dans settings.
"""
scope = 'login'
def get_rate(self):
try:
return super().get_rate()
except Exception:
# Fallback si le scope 'login' n'est pas configuré dans les settings
return '10/min'
@swagger_auto_schema( @swagger_auto_schema(
method='get', method='get',
operation_description="Obtenir un token CSRF", operation_description="Obtenir un token CSRF",
@ -43,11 +60,15 @@ logger = logging.getLogger("AuthViews")
}))} }))}
) )
@api_view(['GET']) @api_view(['GET'])
@permission_classes([AllowAny])
def csrf(request): def csrf(request):
token = get_token(request) token = get_token(request)
return JsonResponse({'csrfToken': token}) return JsonResponse({'csrfToken': token})
class SessionView(APIView): class SessionView(APIView):
permission_classes = [AllowAny]
authentication_classes = [] # SessionView gère sa propre validation JWT
@swagger_auto_schema( @swagger_auto_schema(
operation_description="Vérifier une session utilisateur", operation_description="Vérifier une session utilisateur",
manual_parameters=[openapi.Parameter('Authorization', openapi.IN_HEADER, type=openapi.TYPE_STRING, description='Bearer token')], manual_parameters=[openapi.Parameter('Authorization', openapi.IN_HEADER, type=openapi.TYPE_STRING, description='Bearer token')],
@ -70,6 +91,11 @@ class SessionView(APIView):
token = request.META.get('HTTP_AUTHORIZATION', '').split('Bearer ')[-1] token = request.META.get('HTTP_AUTHORIZATION', '').split('Bearer ')[-1]
try: try:
decoded_token = jwt.decode(token, settings.SECRET_KEY, algorithms=['HS256']) decoded_token = jwt.decode(token, settings.SECRET_KEY, algorithms=['HS256'])
# Refuser les refresh tokens : seul le type 'access' est autorisé
# Accepter 'type' (format custom) ET 'token_type' (format SimpleJWT)
token_type_claim = decoded_token.get('type') or decoded_token.get('token_type')
if token_type_claim != 'access':
return JsonResponse({"error": "Invalid token"}, status=status.HTTP_401_UNAUTHORIZED)
userid = decoded_token.get('user_id') userid = decoded_token.get('user_id')
user = Profile.objects.get(id=userid) user = Profile.objects.get(id=userid)
roles = ProfileRole.objects.filter(profile=user).values('role_type', 'establishment__name') roles = ProfileRole.objects.filter(profile=user).values('role_type', 'establishment__name')
@ -88,6 +114,8 @@ class SessionView(APIView):
return JsonResponse({"error": "Invalid token"}, status=status.HTTP_401_UNAUTHORIZED) return JsonResponse({"error": "Invalid token"}, status=status.HTTP_401_UNAUTHORIZED)
class ProfileView(APIView): class ProfileView(APIView):
permission_classes = [IsAuthenticated]
@swagger_auto_schema( @swagger_auto_schema(
operation_description="Obtenir la liste des profils", operation_description="Obtenir la liste des profils",
responses={200: ProfileSerializer(many=True)} responses={200: ProfileSerializer(many=True)}
@ -118,6 +146,8 @@ class ProfileView(APIView):
@method_decorator(csrf_protect, name='dispatch') @method_decorator(csrf_protect, name='dispatch')
@method_decorator(ensure_csrf_cookie, name='dispatch') @method_decorator(ensure_csrf_cookie, name='dispatch')
class ProfileSimpleView(APIView): class ProfileSimpleView(APIView):
permission_classes = [IsAuthenticated]
@swagger_auto_schema( @swagger_auto_schema(
operation_description="Obtenir un profil par son ID", operation_description="Obtenir un profil par son ID",
responses={200: ProfileSerializer} responses={200: ProfileSerializer}
@ -152,8 +182,12 @@ class ProfileSimpleView(APIView):
def delete(self, request, id): def delete(self, request, id):
return bdd.delete_object(Profile, id) return bdd.delete_object(Profile, id)
@method_decorator(csrf_exempt, name='dispatch') @method_decorator(csrf_protect, name='dispatch')
@method_decorator(ensure_csrf_cookie, name='dispatch')
class LoginView(APIView): class LoginView(APIView):
permission_classes = [AllowAny]
throttle_classes = [LoginRateThrottle]
@swagger_auto_schema( @swagger_auto_schema(
operation_description="Connexion utilisateur", operation_description="Connexion utilisateur",
request_body=openapi.Schema( request_body=openapi.Schema(
@ -236,17 +270,18 @@ def makeToken(user):
"establishment__name": role.establishment.name, "establishment__name": role.establishment.name,
"establishment__evaluation_frequency": role.establishment.evaluation_frequency, "establishment__evaluation_frequency": role.establishment.evaluation_frequency,
"establishment__total_capacity": role.establishment.total_capacity, "establishment__total_capacity": role.establishment.total_capacity,
"establishment__api_docuseal": role.establishment.api_docuseal,
"establishment__logo": logo_url, "establishment__logo": logo_url,
}) })
# Générer le JWT avec la bonne syntaxe datetime # Générer le JWT avec la bonne syntaxe datetime
# jti (JWT ID) est obligatoire : SimpleJWT le vérifie via AccessToken.verify_token_id()
access_payload = { access_payload = {
'user_id': user.id, 'user_id': user.id,
'email': user.email, 'email': user.email,
'roleIndexLoginDefault': user.roleIndexLoginDefault, 'roleIndexLoginDefault': user.roleIndexLoginDefault,
'roles': roles, 'roles': roles,
'type': 'access', 'type': 'access',
'jti': str(uuid.uuid4()),
'exp': datetime.utcnow() + settings.SIMPLE_JWT['ACCESS_TOKEN_LIFETIME'], 'exp': datetime.utcnow() + settings.SIMPLE_JWT['ACCESS_TOKEN_LIFETIME'],
'iat': datetime.utcnow(), 'iat': datetime.utcnow(),
} }
@ -256,16 +291,23 @@ def makeToken(user):
refresh_payload = { refresh_payload = {
'user_id': user.id, 'user_id': user.id,
'type': 'refresh', 'type': 'refresh',
'jti': str(uuid.uuid4()),
'exp': datetime.utcnow() + settings.SIMPLE_JWT['REFRESH_TOKEN_LIFETIME'], 'exp': datetime.utcnow() + settings.SIMPLE_JWT['REFRESH_TOKEN_LIFETIME'],
'iat': datetime.utcnow(), 'iat': datetime.utcnow(),
} }
refresh_token = jwt.encode(refresh_payload, settings.SIMPLE_JWT['SIGNING_KEY'], algorithm=settings.SIMPLE_JWT['ALGORITHM']) refresh_token = jwt.encode(refresh_payload, settings.SIMPLE_JWT['SIGNING_KEY'], algorithm=settings.SIMPLE_JWT['ALGORITHM'])
return access_token, refresh_token return access_token, refresh_token
except Exception as e: except Exception as e:
logger.error(f"Erreur lors de la création du token: {str(e)}") logger.error(f"Erreur lors de la création du token: {str(e)}", exc_info=True)
return None # On lève l'exception pour que l'appelant (LoginView / RefreshJWTView)
# retourne une erreur HTTP 500 explicite plutôt que de crasher silencieusement
# sur le unpack d'un None.
raise
class RefreshJWTView(APIView): class RefreshJWTView(APIView):
permission_classes = [AllowAny]
throttle_classes = [LoginRateThrottle]
@swagger_auto_schema( @swagger_auto_schema(
operation_description="Rafraîchir le token d'accès", operation_description="Rafraîchir le token d'accès",
request_body=openapi.Schema( request_body=openapi.Schema(
@ -291,7 +333,6 @@ class RefreshJWTView(APIView):
)) ))
} }
) )
@method_decorator(csrf_exempt, name='dispatch')
def post(self, request): def post(self, request):
data = JSONParser().parse(request) data = JSONParser().parse(request)
refresh_token = data.get("refresh") refresh_token = data.get("refresh")
@ -336,14 +377,16 @@ class RefreshJWTView(APIView):
return JsonResponse({'errorMessage': 'Refresh token expiré'}, status=400) return JsonResponse({'errorMessage': 'Refresh token expiré'}, status=400)
except InvalidTokenError as e: except InvalidTokenError as e:
logger.error(f"Token invalide: {str(e)}") logger.error(f"Token invalide: {str(e)}")
return JsonResponse({'errorMessage': f'Token invalide: {str(e)}'}, status=400) return JsonResponse({'errorMessage': 'Token invalide'}, status=400)
except Exception as e: except Exception as e:
logger.error(f"Erreur inattendue: {str(e)}") logger.error(f"Erreur inattendue: {str(e)}", exc_info=True)
return JsonResponse({'errorMessage': f'Erreur inattendue: {str(e)}'}, status=400) return JsonResponse({'errorMessage': 'Erreur interne du serveur'}, status=500)
@method_decorator(csrf_protect, name='dispatch') @method_decorator(csrf_protect, name='dispatch')
@method_decorator(ensure_csrf_cookie, name='dispatch') @method_decorator(ensure_csrf_cookie, name='dispatch')
class SubscribeView(APIView): class SubscribeView(APIView):
permission_classes = [AllowAny]
@swagger_auto_schema( @swagger_auto_schema(
operation_description="Inscription utilisateur", operation_description="Inscription utilisateur",
manual_parameters=[ manual_parameters=[
@ -431,6 +474,8 @@ class SubscribeView(APIView):
@method_decorator(csrf_protect, name='dispatch') @method_decorator(csrf_protect, name='dispatch')
@method_decorator(ensure_csrf_cookie, name='dispatch') @method_decorator(ensure_csrf_cookie, name='dispatch')
class NewPasswordView(APIView): class NewPasswordView(APIView):
permission_classes = [AllowAny]
@swagger_auto_schema( @swagger_auto_schema(
operation_description="Demande de nouveau mot de passe", operation_description="Demande de nouveau mot de passe",
request_body=openapi.Schema( request_body=openapi.Schema(
@ -480,6 +525,8 @@ class NewPasswordView(APIView):
@method_decorator(csrf_protect, name='dispatch') @method_decorator(csrf_protect, name='dispatch')
@method_decorator(ensure_csrf_cookie, name='dispatch') @method_decorator(ensure_csrf_cookie, name='dispatch')
class ResetPasswordView(APIView): class ResetPasswordView(APIView):
permission_classes = [AllowAny]
@swagger_auto_schema( @swagger_auto_schema(
operation_description="Réinitialisation du mot de passe", operation_description="Réinitialisation du mot de passe",
request_body=openapi.Schema( request_body=openapi.Schema(
@ -526,7 +573,9 @@ class ResetPasswordView(APIView):
return JsonResponse({'message': retour, "errorMessage": retourErreur, "errorFields": errorFields}, safe=False) return JsonResponse({'message': retour, "errorMessage": retourErreur, "errorFields": errorFields}, safe=False)
class ProfileRoleView(APIView): class ProfileRoleView(APIView):
permission_classes = [IsAuthenticated]
pagination_class = CustomProfilesPagination pagination_class = CustomProfilesPagination
@swagger_auto_schema( @swagger_auto_schema(
operation_description="Obtenir la liste des profile_roles", operation_description="Obtenir la liste des profile_roles",
responses={200: ProfileRoleSerializer(many=True)} responses={200: ProfileRoleSerializer(many=True)}
@ -597,6 +646,8 @@ class ProfileRoleView(APIView):
@method_decorator(csrf_protect, name='dispatch') @method_decorator(csrf_protect, name='dispatch')
@method_decorator(ensure_csrf_cookie, name='dispatch') @method_decorator(ensure_csrf_cookie, name='dispatch')
class ProfileRoleSimpleView(APIView): class ProfileRoleSimpleView(APIView):
permission_classes = [IsAuthenticated]
@swagger_auto_schema( @swagger_auto_schema(
operation_description="Obtenir un profile_role par son ID", operation_description="Obtenir un profile_role par son ID",
responses={200: ProfileRoleSerializer} responses={200: ProfileRoleSerializer}

2
Back-End/Common/migrations/0001_initial.py
View File

@ -1,4 +1,4 @@
# Generated by Django 5.1.3 on 2025-05-28 11:14 # Generated by Django 5.1.3 on 2026-04-05 08:05
import django.db.models.deletion import django.db.models.deletion
from django.db import migrations, models from django.db import migrations, models

146
Back-End/Common/tests.py
View File

@ -1,3 +1,145 @@
from django.test import TestCase """
Tests unitaires pour le module Common.
Vérifie que les endpoints Domain et Category requièrent une authentification JWT.
"""
# Create your tests here. import json
from django.test import TestCase, override_settings
from django.urls import reverse
from rest_framework import status
from rest_framework.test import APIClient
from rest_framework_simplejwt.tokens import RefreshToken
from Auth.models import Profile
def create_user(email="common_test@example.com", password="testpassword123"):
return Profile.objects.create_user(username=email, email=email, password=password)
def get_jwt_token(user):
refresh = RefreshToken.for_user(user)
return str(refresh.access_token)
TEST_REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework_simplejwt.authentication.JWTAuthentication',
),
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAuthenticated',
),
}
TEST_CACHES = {'default': {'BACKEND': 'django.core.cache.backends.locmem.LocMemCache'}}
# ---------------------------------------------------------------------------
# Domain
# ---------------------------------------------------------------------------
@override_settings(
CACHES=TEST_CACHES,
SESSION_ENGINE='django.contrib.sessions.backends.db',
REST_FRAMEWORK=TEST_REST_FRAMEWORK,
)
class DomainEndpointAuthTest(TestCase):
"""Tests d'authentification sur les endpoints Domain."""
def setUp(self):
self.client = APIClient()
self.list_url = reverse("Common:domain_list_create")
self.user = create_user()
def test_get_domains_sans_auth_retourne_401(self):
"""GET /Common/domains sans token doit retourner 401."""
response = self.client.get(self.list_url)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
def test_post_domain_sans_auth_retourne_401(self):
"""POST /Common/domains sans token doit retourner 401."""
response = self.client.post(
self.list_url,
data=json.dumps({"name": "Musique"}),
content_type="application/json",
)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
def test_get_domains_avec_auth_retourne_200(self):
"""GET /Common/domains avec token valide doit retourner 200."""
token = get_jwt_token(self.user)
self.client.credentials(HTTP_AUTHORIZATION=f"Bearer {token}")
response = self.client.get(self.list_url)
self.assertEqual(response.status_code, status.HTTP_200_OK)
def test_put_domain_sans_auth_retourne_401(self):
"""PUT /Common/domains/{id} sans token doit retourner 401."""
url = reverse("Common:domain_detail", kwargs={"id": 1})
response = self.client.put(
url,
data=json.dumps({"name": "Danse"}),
content_type="application/json",
)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
def test_delete_domain_sans_auth_retourne_401(self):
"""DELETE /Common/domains/{id} sans token doit retourner 401."""
url = reverse("Common:domain_detail", kwargs={"id": 1})
response = self.client.delete(url)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
# ---------------------------------------------------------------------------
# Category
# ---------------------------------------------------------------------------
@override_settings(
CACHES=TEST_CACHES,
SESSION_ENGINE='django.contrib.sessions.backends.db',
REST_FRAMEWORK=TEST_REST_FRAMEWORK,
)
class CategoryEndpointAuthTest(TestCase):
"""Tests d'authentification sur les endpoints Category."""
def setUp(self):
self.client = APIClient()
self.list_url = reverse("Common:category_list_create")
self.user = create_user(email="category_test@example.com")
def test_get_categories_sans_auth_retourne_401(self):
"""GET /Common/categories sans token doit retourner 401."""
response = self.client.get(self.list_url)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
def test_post_category_sans_auth_retourne_401(self):
"""POST /Common/categories sans token doit retourner 401."""
response = self.client.post(
self.list_url,
data=json.dumps({"name": "Jazz"}),
content_type="application/json",
)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
def test_get_categories_avec_auth_retourne_200(self):
"""GET /Common/categories avec token valide doit retourner 200."""
token = get_jwt_token(self.user)
self.client.credentials(HTTP_AUTHORIZATION=f"Bearer {token}")
response = self.client.get(self.list_url)
self.assertEqual(response.status_code, status.HTTP_200_OK)
def test_put_category_sans_auth_retourne_401(self):
"""PUT /Common/categories/{id} sans token doit retourner 401."""
url = reverse("Common:category_detail", kwargs={"id": 1})
response = self.client.put(
url,
data=json.dumps({"name": "Classique"}),
content_type="application/json",
)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
def test_delete_category_sans_auth_retourne_401(self):
"""DELETE /Common/categories/{id} sans token doit retourner 401."""
url = reverse("Common:category_detail", kwargs={"id": 1})
response = self.client.delete(url)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)

3
Back-End/Common/urls.py
View File

@ -3,6 +3,7 @@ from django.urls import path, re_path
from .views import ( from .views import (
DomainListCreateView, DomainDetailView, DomainListCreateView, DomainDetailView,
CategoryListCreateView, CategoryDetailView, CategoryListCreateView, CategoryDetailView,
ServeFileView,
) )
urlpatterns = [ urlpatterns = [
@ -11,4 +12,6 @@ urlpatterns = [
re_path(r'^categories$', CategoryListCreateView.as_view(), name="category_list_create"), re_path(r'^categories$', CategoryListCreateView.as_view(), name="category_list_create"),
re_path(r'^categories/(?P<id>[0-9]+)$', CategoryDetailView.as_view(), name="category_detail"), re_path(r'^categories/(?P<id>[0-9]+)$', CategoryDetailView.as_view(), name="category_detail"),
path('serve-file/', ServeFileView.as_view(), name="serve_file"),
] ]

76
Back-End/Common/views.py
View File

@ -1,21 +1,29 @@
import os
import mimetypes
from django.conf import settings
from django.http import FileResponse
from django.http.response import JsonResponse from django.http.response import JsonResponse
from django.views.decorators.csrf import ensure_csrf_cookie, csrf_protect from django.views.decorators.csrf import ensure_csrf_cookie, csrf_protect
from django.utils.decorators import method_decorator from django.utils.decorators import method_decorator
from rest_framework.parsers import JSONParser from rest_framework.parsers import JSONParser
from rest_framework.views import APIView from rest_framework.views import APIView
from rest_framework import status from rest_framework import status
from rest_framework.permissions import IsAuthenticated
from .models import ( from .models import (
Domain, Domain,
Category Category
) )
from .serializers import ( from .serializers import (
DomainSerializer, DomainSerializer,
CategorySerializer CategorySerializer
) )
@method_decorator(csrf_protect, name='dispatch') @method_decorator(csrf_protect, name='dispatch')
@method_decorator(ensure_csrf_cookie, name='dispatch') @method_decorator(ensure_csrf_cookie, name='dispatch')
class DomainListCreateView(APIView): class DomainListCreateView(APIView):
permission_classes = [IsAuthenticated]
def get(self, request): def get(self, request):
domains = Domain.objects.all() domains = Domain.objects.all()
serializer = DomainSerializer(domains, many=True) serializer = DomainSerializer(domains, many=True)
@ -32,6 +40,8 @@ class DomainListCreateView(APIView):
@method_decorator(csrf_protect, name='dispatch') @method_decorator(csrf_protect, name='dispatch')
@method_decorator(ensure_csrf_cookie, name='dispatch') @method_decorator(ensure_csrf_cookie, name='dispatch')
class DomainDetailView(APIView): class DomainDetailView(APIView):
permission_classes = [IsAuthenticated]
def get(self, request, id): def get(self, request, id):
try: try:
domain = Domain.objects.get(id=id) domain = Domain.objects.get(id=id)
@ -65,6 +75,8 @@ class DomainDetailView(APIView):
@method_decorator(csrf_protect, name='dispatch') @method_decorator(csrf_protect, name='dispatch')
@method_decorator(ensure_csrf_cookie, name='dispatch') @method_decorator(ensure_csrf_cookie, name='dispatch')
class CategoryListCreateView(APIView): class CategoryListCreateView(APIView):
permission_classes = [IsAuthenticated]
def get(self, request): def get(self, request):
categories = Category.objects.all() categories = Category.objects.all()
serializer = CategorySerializer(categories, many=True) serializer = CategorySerializer(categories, many=True)
@ -81,6 +93,8 @@ class CategoryListCreateView(APIView):
@method_decorator(csrf_protect, name='dispatch') @method_decorator(csrf_protect, name='dispatch')
@method_decorator(ensure_csrf_cookie, name='dispatch') @method_decorator(ensure_csrf_cookie, name='dispatch')
class CategoryDetailView(APIView): class CategoryDetailView(APIView):
permission_classes = [IsAuthenticated]
def get(self, request, id): def get(self, request, id):
try: try:
category = Category.objects.get(id=id) category = Category.objects.get(id=id)
@ -108,3 +122,61 @@ class CategoryDetailView(APIView):
return JsonResponse({'message': 'Deleted'}, safe=False) return JsonResponse({'message': 'Deleted'}, safe=False)
except Category.DoesNotExist: except Category.DoesNotExist:
return JsonResponse({'error': 'No object found'}, status=status.HTTP_404_NOT_FOUND) return JsonResponse({'error': 'No object found'}, status=status.HTTP_404_NOT_FOUND)
class ServeFileView(APIView):
"""Sert les fichiers media de manière sécurisée avec authentification JWT."""
permission_classes = [IsAuthenticated]
def get(self, request):
file_path = request.query_params.get('path', '')
if not file_path:
return JsonResponse(
{'error': 'Le paramètre "path" est requis'},
status=status.HTTP_400_BAD_REQUEST,
)
# Nettoyer les prefixes media usuels si presents
if file_path.startswith('/media/'):
file_path = file_path[len('/media/'):]
elif file_path.startswith('media/'):
file_path = file_path[len('media/'):]
# Nettoyer le préfixe /data/ si présent
if file_path.startswith('/data/'):
file_path = file_path[len('/data/'):]
elif file_path.startswith('data/'):
file_path = file_path[len('data/'):]
# Construire le chemin absolu et le résoudre pour éliminer les traversals
absolute_path = os.path.realpath(
os.path.join(settings.MEDIA_ROOT, file_path)
)
# Protection contre le path traversal
media_root = os.path.realpath(settings.MEDIA_ROOT)
if not absolute_path.startswith(media_root + os.sep) and absolute_path != media_root:
return JsonResponse(
{'error': 'Accès non autorisé'},
status=status.HTTP_403_FORBIDDEN,
)
if not os.path.isfile(absolute_path):
return JsonResponse(
{'error': 'Fichier introuvable'},
status=status.HTTP_404_NOT_FOUND,
)
content_type, _ = mimetypes.guess_type(absolute_path)
if content_type is None:
content_type = 'application/octet-stream'
response = FileResponse(
open(absolute_path, 'rb'),
content_type=content_type,
)
response['Content-Disposition'] = (
f'inline; filename="{os.path.basename(absolute_path)}"'
)
return response

1
Back-End/DocuSeal/__init__.py
View File

@ -1 +0,0 @@
# This file is intentionally left blank to make this directory a Python package.

9
Back-End/DocuSeal/urls.py
View File

@ -1,9 +0,0 @@
from django.urls import path, re_path
from .views import generate_jwt_token, clone_template, remove_template, download_template
urlpatterns = [
re_path(r'generateToken$', generate_jwt_token, name='generate_jwt_token'),
re_path(r'cloneTemplate$', clone_template, name='clone_template'),
re_path(r'removeTemplate/(?P<id>[0-9]+)$', remove_template, name='remove_template'),
re_path(r'downloadTemplate/(?P<slug>[\w-]+)$', download_template, name='download_template')
]

200
Back-End/DocuSeal/views.py
View File

@ -1,200 +0,0 @@
from django.conf import settings
from django.views.decorators.csrf import csrf_exempt
from rest_framework.decorators import api_view
from rest_framework.response import Response
from rest_framework import status
import jwt
import datetime
import requests
from Establishment.models import Establishment
@csrf_exempt
@api_view(['POST'])
def generate_jwt_token(request):
# Récupérer l'établissement concerné (par ID ou autre info transmise)
establishment_id = request.data.get('establishment_id')
if not establishment_id:
return Response({'error': 'establishment_id requis'}, status=status.HTTP_400_BAD_REQUEST)
try:
establishment = Establishment.objects.get(id=establishment_id)
except Establishment.DoesNotExist:
return Response({'error': "Établissement introuvable"}, status=status.HTTP_404_NOT_FOUND)
# Vérifier la clé API reçue dans le header
api_key = request.headers.get('X-Auth-Token')
if not api_key or not establishment.api_docuseal or api_key != establishment.api_docuseal:
return Response({'error': 'Clé API invalide'}, status=status.HTTP_401_UNAUTHORIZED)
# Récupérer les données de la requête
user_email = request.data.get('user_email')
documents_urls = request.data.get('documents_urls', [])
template_id = request.data.get('id')
if not user_email:
return Response({'error': 'User email is required'}, status=status.HTTP_400_BAD_REQUEST)
# Utiliser la clé API de l'établissement comme secret JWT
jwt_secret = establishment.api_docuseal
jwt_algorithm = settings.DOCUSEAL_JWT['ALGORITHM']
expiration_delta = settings.DOCUSEAL_JWT['EXPIRATION_DELTA']
payload = {
'user_email': user_email,
'documents_urls': documents_urls,
'template_id': template_id,
'exp': datetime.datetime.utcnow() + expiration_delta
}
token = jwt.encode(payload, jwt_secret, algorithm=jwt_algorithm)
return Response({'token': token}, status=status.HTTP_200_OK)
@csrf_exempt
@api_view(['POST'])
def clone_template(request):
# Récupérer l'établissement concerné
establishment_id = request.data.get('establishment_id')
print(f"establishment_id : {establishment_id}")
if not establishment_id:
return Response({'error': 'establishment_id requis'}, status=status.HTTP_400_BAD_REQUEST)
try:
establishment = Establishment.objects.get(id=establishment_id)
except Establishment.DoesNotExist:
return Response({'error': "Établissement introuvable"}, status=status.HTTP_404_NOT_FOUND)
# Vérifier la clé API reçue dans le header
api_key = request.headers.get('X-Auth-Token')
if not api_key or not establishment.api_docuseal or api_key != establishment.api_docuseal:
return Response({'error': 'Clé API invalide'}, status=status.HTTP_401_UNAUTHORIZED)
# Récupérer les données de la requête
document_id = request.data.get('templateId')
email = request.data.get('email')
is_required = request.data.get('is_required')
# Vérifier les données requises
if not document_id:
return Response({'error': 'template ID is required'}, status=status.HTTP_400_BAD_REQUEST)
# URL de l'API de DocuSeal pour cloner le template
clone_url = f'https://docuseal.com/api/templates/{document_id}/clone'
# Faire la requête pour cloner le template
try:
response = requests.post(clone_url, headers={
'Content-Type': 'application/json',
'X-Auth-Token': establishment.api_docuseal
})
if response.status_code != status.HTTP_200_OK:
return Response({'error': 'Failed to clone template'}, status=response.status_code)
data = response.json()
if is_required:
# URL de l'API de DocuSeal pour créer une submission
submission_url = f'https://docuseal.com/api/submissions'
try:
clone_id = data['id']
response = requests.post(submission_url, json={
'template_id': clone_id,
'send_email': False,
'submitters': [{'email': email}]
}, headers={
'Content-Type': 'application/json',
'X-Auth-Token': establishment.api_docuseal
})
if response.status_code != status.HTTP_200_OK:
return Response({'error': 'Failed to create submission'}, status=response.status_code)
data = response.json()
data[0]['id'] = clone_id
return Response(data[0], status=status.HTTP_200_OK)
except requests.RequestException as e:
return Response({'error': str(e)}, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
else:
print(f'NOT REQUIRED -> on ne crée pas de submission')
return Response(data, status=status.HTTP_200_OK)
except requests.RequestException as e:
return Response({'error': str(e)}, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
@csrf_exempt
@api_view(['DELETE'])
def remove_template(request, id):
# Récupérer l'établissement concerné
establishment_id = request.GET.get('establishment_id')
if not establishment_id:
return Response({'error': 'establishment_id requis'}, status=status.HTTP_400_BAD_REQUEST)
try:
establishment = Establishment.objects.get(id=establishment_id)
except Establishment.DoesNotExist:
return Response({'error': "Établissement introuvable"}, status=status.HTTP_404_NOT_FOUND)
# Vérifier la clé API reçue dans le header
api_key = request.headers.get('X-Auth-Token')
if not api_key or not establishment.api_docuseal or api_key != establishment.api_docuseal:
return Response({'error': 'Clé API invalide'}, status=status.HTTP_401_UNAUTHORIZED)
# URL de l'API de DocuSeal pour supprimer le template
clone_url = f'https://docuseal.com/api/templates/{id}'
try:
response = requests.delete(clone_url, headers={
'X-Auth-Token': establishment.api_docuseal
})
if response.status_code != status.HTTP_200_OK:
return Response({'error': 'Failed to remove template'}, status=response.status_code)
data = response.json()
return Response(data, status=status.HTTP_200_OK)
except requests.RequestException as e:
return Response({'error': str(e)}, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
@csrf_exempt
@api_view(['GET'])
def download_template(request, slug):
# Récupérer l'établissement concerné
establishment_id = request.GET.get('establishment_id')
if not establishment_id:
return Response({'error': 'establishment_id requis'}, status=status.HTTP_400_BAD_REQUEST)
try:
establishment = Establishment.objects.get(id=establishment_id)
except Establishment.DoesNotExist:
return Response({'error': "Établissement introuvable"}, status=status.HTTP_404_NOT_FOUND)
# Vérifier la clé API reçue dans le header
api_key = request.headers.get('X-Auth-Token')
if not api_key or not establishment.api_docuseal or api_key != establishment.api_docuseal:
return Response({'error': 'Clé API invalide'}, status=status.HTTP_401_UNAUTHORIZED)
# Vérifier les données requises
if not slug:
return Response({'error': 'slug is required'}, status=status.HTTP_400_BAD_REQUEST)
# URL de l'API de DocuSeal pour télécharger le template
download_url = f'https://docuseal.com/submitters/{slug}/download'
try:
response = requests.get(download_url, headers={
'Content-Type': 'application/json',
'X-Auth-Token': establishment.api_docuseal
})
if response.status_code != status.HTTP_200_OK:
return Response({'error': 'Failed to download template'}, status=response.status_code)
data = response.json()
return Response(data, status=status.HTTP_200_OK)
except requests.RequestException as e:
return Response({'error': str(e)}, status=status.HTTP_500_INTERNAL_SERVER_ERROR)

4
Back-End/Establishment/migrations/0001_initial.py
View File

@ -1,5 +1,6 @@
# Generated by Django 5.1.3 on 2025-05-28 11:14 # Generated by Django 5.1.3 on 2026-04-05 08:05
import Establishment.models
import django.contrib.postgres.fields import django.contrib.postgres.fields
from django.db import migrations, models from django.db import migrations, models
@ -24,6 +25,7 @@ class Migration(migrations.Migration):
('licence_code', models.CharField(blank=True, max_length=100)), ('licence_code', models.CharField(blank=True, max_length=100)),
('is_active', models.BooleanField(default=True)), ('is_active', models.BooleanField(default=True)),
('created_at', models.DateTimeField(auto_now_add=True)), ('created_at', models.DateTimeField(auto_now_add=True)),
('logo', models.FileField(blank=True, null=True, upload_to=Establishment.models.registration_logo_upload_to)),
], ],
), ),
] ]

18
Back-End/Establishment/migrations/0002_establishment_api_docuseal.py
View File

@ -1,18 +0,0 @@
# Generated by Django 5.1.3 on 2025-05-30 07:39
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('Establishment', '0001_initial'),
]
operations = [
migrations.AddField(
model_name='establishment',
name='api_docuseal',
field=models.CharField(blank=True, max_length=255, null=True),
),
]

19
Back-End/Establishment/migrations/0003_establishment_logo.py
View File

@ -1,19 +0,0 @@
# Generated by Django 5.1.3 on 2025-05-31 09:56
import Establishment.models
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('Establishment', '0002_establishment_api_docuseal'),
]
operations = [
migrations.AddField(
model_name='establishment',
name='logo',
field=models.FileField(blank=True, null=True, upload_to=Establishment.models.registration_logo_upload_to),
),
]

1
Back-End/Establishment/models.py
View File

@ -27,7 +27,6 @@ class Establishment(models.Model):
licence_code = models.CharField(max_length=100, blank=True) licence_code = models.CharField(max_length=100, blank=True)
is_active = models.BooleanField(default=True) is_active = models.BooleanField(default=True)
created_at = models.DateTimeField(auto_now_add=True) created_at = models.DateTimeField(auto_now_add=True)
api_docuseal = models.CharField(max_length=255, blank=True, null=True)
logo = models.FileField( logo = models.FileField(
upload_to=registration_logo_upload_to, upload_to=registration_logo_upload_to,
null=True, null=True,

92
Back-End/Establishment/tests.py Normal file
View File

@ -0,0 +1,92 @@
"""
Tests unitaires pour le module Establishment.
Vérifie que les endpoints requièrent une authentification JWT.
"""
from django.test import TestCase, override_settings
from django.urls import reverse
from rest_framework import status
from rest_framework.test import APIClient
from rest_framework_simplejwt.tokens import RefreshToken
from Auth.models import Profile
def create_user(email="establishment_test@example.com", password="testpassword123"):
return Profile.objects.create_user(username=email, email=email, password=password)
def get_jwt_token(user):
refresh = RefreshToken.for_user(user)
return str(refresh.access_token)
TEST_REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework_simplejwt.authentication.JWTAuthentication',
),
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAuthenticated',
),
}
TEST_CACHES = {'default': {'BACKEND': 'django.core.cache.backends.locmem.LocMemCache'}}
@override_settings(
CACHES=TEST_CACHES,
SESSION_ENGINE='django.contrib.sessions.backends.db',
REST_FRAMEWORK=TEST_REST_FRAMEWORK,
)
class EstablishmentEndpointAuthTest(TestCase):
"""Tests d'authentification sur les endpoints Establishment."""
def setUp(self):
self.client = APIClient()
self.list_url = reverse("Establishment:establishment_list_create")
self.user = create_user()
def test_get_establishments_sans_auth_retourne_401(self):
"""GET /Establishment/establishments sans token doit retourner 401."""
response = self.client.get(self.list_url)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
def test_post_establishment_sans_auth_retourne_401(self):
"""POST /Establishment/establishments sans token doit retourner 401."""
import json
response = self.client.post(
self.list_url,
data=json.dumps({"name": "Ecole Alpha"}),
content_type="application/json",
)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
def test_get_establishment_detail_sans_auth_retourne_401(self):
"""GET /Establishment/establishments/{id} sans token doit retourner 401."""
url = reverse("Establishment:establishment_detail", kwargs={"id": 1})
response = self.client.get(url)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
def test_put_establishment_sans_auth_retourne_401(self):
"""PUT /Establishment/establishments/{id} sans token doit retourner 401."""
import json
url = reverse("Establishment:establishment_detail", kwargs={"id": 1})
response = self.client.put(
url,
data=json.dumps({"name": "Ecole Beta"}),
content_type="application/json",
)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
def test_delete_establishment_sans_auth_retourne_401(self):
"""DELETE /Establishment/establishments/{id} sans token doit retourner 401."""
url = reverse("Establishment:establishment_detail", kwargs={"id": 1})
response = self.client.delete(url)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
def test_get_establishments_avec_auth_retourne_200(self):
"""GET /Establishment/establishments avec token valide doit retourner 200."""
token = get_jwt_token(self.user)
self.client.credentials(HTTP_AUTHORIZATION=f"Bearer {token}")
response = self.client.get(self.list_url)
self.assertEqual(response.status_code, status.HTTP_200_OK)

30
Back-End/Establishment/views.py
View File

@ -4,6 +4,7 @@ from django.utils.decorators import method_decorator
from rest_framework.parsers import JSONParser, MultiPartParser, FormParser from rest_framework.parsers import JSONParser, MultiPartParser, FormParser
from rest_framework.views import APIView from rest_framework.views import APIView
from rest_framework import status from rest_framework import status
from rest_framework.permissions import IsAuthenticated, BasePermission
from .models import Establishment from .models import Establishment
from .serializers import EstablishmentSerializer from .serializers import EstablishmentSerializer
from N3wtSchool.bdd import delete_object, getAllObjects, getObject from N3wtSchool.bdd import delete_object, getAllObjects, getObject
@ -15,9 +16,29 @@ import N3wtSchool.mailManager as mailer
import os import os
from N3wtSchool import settings from N3wtSchool import settings
@method_decorator(csrf_protect, name='dispatch')
@method_decorator(ensure_csrf_cookie, name='dispatch') class IsWebhookApiKey(BasePermission):
def has_permission(self, request, view):
api_key = settings.WEBHOOK_API_KEY
if not api_key:
return False
return request.headers.get('X-API-Key') == api_key
class IsAuthenticatedOrWebhookApiKey(BasePermission):
def has_permission(self, request, view):
if request.user and request.user.is_authenticated:
return True
return IsWebhookApiKey().has_permission(request, view)
class EstablishmentListCreateView(APIView): class EstablishmentListCreateView(APIView):
def get_permissions(self):
if self.request.method == 'POST':
return [IsAuthenticatedOrWebhookApiKey()]
return [IsAuthenticated()]
def get(self, request): def get(self, request):
establishments = getAllObjects(Establishment) establishments = getAllObjects(Establishment)
establishments_serializer = EstablishmentSerializer(establishments, many=True) establishments_serializer = EstablishmentSerializer(establishments, many=True)
@ -44,6 +65,7 @@ class EstablishmentListCreateView(APIView):
@method_decorator(csrf_protect, name='dispatch') @method_decorator(csrf_protect, name='dispatch')
@method_decorator(ensure_csrf_cookie, name='dispatch') @method_decorator(ensure_csrf_cookie, name='dispatch')
class EstablishmentDetailView(APIView): class EstablishmentDetailView(APIView):
permission_classes = [IsAuthenticated]
parser_classes = [MultiPartParser, FormParser] parser_classes = [MultiPartParser, FormParser]
def get(self, request, id=None): def get(self, request, id=None):
@ -87,7 +109,9 @@ def create_establishment_with_directeur(establishment_data):
directeur_email = directeur_data.get("email") directeur_email = directeur_data.get("email")
last_name = directeur_data.get("last_name", "") last_name = directeur_data.get("last_name", "")
first_name = directeur_data.get("first_name", "") first_name = directeur_data.get("first_name", "")
password = directeur_data.get("password", "Provisoire01!") password = directeur_data.get("password")
if not password:
raise ValueError("Le champ 'directeur.password' est obligatoire pour créer un établissement.")
# Création ou récupération du profil utilisateur # Création ou récupération du profil utilisateur
profile, created = Profile.objects.get_or_create( profile, created = Profile.objects.get_or_create(

116
Back-End/GestionEmail/tests_security.py Normal file
View File

@ -0,0 +1,116 @@
"""
Tests de sécurité — GestionEmail
Vérifie :
- search_recipients nécessite une authentification (plus accessible anonymement)
- send-email nécessite une authentification
- Les données personnelles ne sont pas dans les logs INFO
"""
import json
from django.test import TestCase, override_settings
from django.urls import reverse
from rest_framework import status
from rest_framework.test import APIClient
from rest_framework_simplejwt.tokens import RefreshToken
from Auth.models import Profile, ProfileRole
from Establishment.models import Establishment
# ---------------------------------------------------------------------------
# Helpers
# ---------------------------------------------------------------------------
def create_user_with_role(email, password="TestPass!123"):
user = Profile.objects.create_user(
username=email, email=email, password=password
)
est = Establishment.objects.create(
name=f"Ecole {email}",
address="1 rue Test",
total_capacity=50,
establishment_type=[1],
)
ProfileRole.objects.create(
profile=user,
role_type=ProfileRole.RoleType.PROFIL_ECOLE,
establishment=est,
is_active=True,
)
return user, est
OVERRIDE = dict(
CACHES={'default': {'BACKEND': 'django.core.cache.backends.locmem.LocMemCache'}},
SESSION_ENGINE='django.contrib.sessions.backends.db',
)
# ---------------------------------------------------------------------------
# Tests : search_recipients exige une authentification
# ---------------------------------------------------------------------------
@override_settings(**OVERRIDE)
class SearchRecipientsAuthTest(TestCase):
"""
GET /email/search-recipients/ doit retourner 401 si non authentifié.
Avant la correction, cet endpoint était accessible anonymement
(harvesting d'emails des membres d'un établissement).
"""
def setUp(self):
self.client = APIClient()
self.url = reverse('GestionEmail:search_recipients')
def test_sans_auth_retourne_401(self):
"""Accès anonyme doit être rejeté avec 401."""
response = self.client.get(self.url, {'q': 'test', 'establishment_id': 1})
self.assertEqual(
response.status_code, status.HTTP_401_UNAUTHORIZED,
"search_recipients doit exiger une authentification (OWASP A01 - Broken Access Control)"
)
def test_avec_auth_et_query_vide_retourne_200_ou_liste_vide(self):
"""Un utilisateur authentifié sans terme de recherche reçoit une liste vide."""
user, est = create_user_with_role('search_auth@test.com')
token = str(RefreshToken.for_user(user).access_token)
self.client.credentials(HTTP_AUTHORIZATION=f'Bearer {token}')
response = self.client.get(self.url, {'q': '', 'establishment_id': est.id})
self.assertIn(response.status_code, [status.HTTP_200_OK, status.HTTP_400_BAD_REQUEST])
def test_avec_auth_et_establishment_manquant_retourne_400(self):
"""Un utilisateur authentifié sans establishment_id reçoit 400."""
user, _ = create_user_with_role('search_noest@test.com')
token = str(RefreshToken.for_user(user).access_token)
self.client.credentials(HTTP_AUTHORIZATION=f'Bearer {token}')
response = self.client.get(self.url, {'q': 'alice'})
self.assertIn(response.status_code, [status.HTTP_400_BAD_REQUEST, status.HTTP_200_OK])
# ---------------------------------------------------------------------------
# Tests : send-email exige une authentification
# ---------------------------------------------------------------------------
@override_settings(**OVERRIDE)
class SendEmailAuthTest(TestCase):
"""
POST /email/send-email/ doit retourner 401 si non authentifié.
"""
def setUp(self):
self.client = APIClient()
self.url = reverse('GestionEmail:send_email')
def test_sans_auth_retourne_401(self):
"""Accès anonyme à l'envoi d'email doit être rejeté."""
payload = {
'recipients': ['victim@example.com'],
'subject': 'Test',
'message': 'Hello',
'establishment_id': 1,
}
response = self.client.post(
self.url, data=json.dumps(payload), content_type='application/json'
)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)

3
Back-End/GestionEmail/urls.py
View File

@ -1,9 +1,10 @@
from django.urls import path from django.urls import path
from .views import ( from .views import (
SendEmailView, search_recipients SendEmailView, search_recipients, SendFeedbackView
) )
urlpatterns = [ urlpatterns = [
path('send-email/', SendEmailView.as_view(), name='send_email'), path('send-email/', SendEmailView.as_view(), name='send_email'),
path('search-recipients/', search_recipients, name='search_recipients'), path('search-recipients/', search_recipients, name='search_recipients'),
path('send-feedback/', SendFeedbackView.as_view(), name='send_feedback'),
] ]

104
Back-End/GestionEmail/views.py
View File

@ -2,7 +2,10 @@ from django.http.response import JsonResponse
from rest_framework.views import APIView from rest_framework.views import APIView
from rest_framework.response import Response from rest_framework.response import Response
from rest_framework import status from rest_framework import status
from rest_framework.decorators import api_view, permission_classes
from rest_framework.permissions import IsAuthenticated
from django.db.models import Q from django.db.models import Q
from django.conf import settings
from Auth.models import Profile, ProfileRole from Auth.models import Profile, ProfileRole
import N3wtSchool.mailManager as mailer import N3wtSchool.mailManager as mailer
@ -20,9 +23,11 @@ class SendEmailView(APIView):
""" """
API pour envoyer des emails aux parents et professeurs. API pour envoyer des emails aux parents et professeurs.
""" """
permission_classes = [IsAuthenticated]
def post(self, request): def post(self, request):
# Ajouter du debug # Ajouter du debug
logger.info(f"Request data received: {request.data}") logger.info(f"Request data received (keys): {list(request.data.keys()) if request.data else []}") # Ne pas logger les valeurs (RGPD)
logger.info(f"Request content type: {request.content_type}") logger.info(f"Request content type: {request.content_type}")
data = request.data data = request.data
@ -34,11 +39,9 @@ class SendEmailView(APIView):
establishment_id = data.get('establishment_id', '') establishment_id = data.get('establishment_id', '')
# Debug des données reçues # Debug des données reçues
logger.info(f"Recipients: {recipients} (type: {type(recipients)})") logger.info(f"Recipients (count): {len(recipients)}")
logger.info(f"CC: {cc} (type: {type(cc)})")
logger.info(f"BCC: {bcc} (type: {type(bcc)})")
logger.info(f"Subject: {subject}") logger.info(f"Subject: {subject}")
logger.info(f"Message length: {len(message) if message else 0}") logger.debug(f"Message length: {len(message) if message else 0}")
logger.info(f"Establishment ID: {establishment_id}") logger.info(f"Establishment ID: {establishment_id}")
if not recipients or not message: if not recipients or not message:
@ -70,12 +73,12 @@ class SendEmailView(APIView):
logger.error(f"NotFound error: {str(e)}") logger.error(f"NotFound error: {str(e)}")
return Response({'error': str(e)}, status=status.HTTP_404_NOT_FOUND) return Response({'error': str(e)}, status=status.HTTP_404_NOT_FOUND)
except Exception as e: except Exception as e:
logger.error(f"Exception during email sending: {str(e)}") logger.error(f"Exception during email sending: {str(e)}", exc_info=True)
logger.error(f"Exception type: {type(e)}") return Response({'error': 'Erreur lors de l\'envoi de l\'email'}, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
import traceback
logger.error(f"Traceback: {traceback.format_exc()}")
return Response({'error': str(e)}, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
@api_view(['GET'])
@permission_classes([IsAuthenticated])
def search_recipients(request): def search_recipients(request):
""" """
API pour rechercher des destinataires en fonction d'un terme de recherche et d'un établissement. API pour rechercher des destinataires en fonction d'un terme de recherche et d'un établissement.
@ -117,3 +120,84 @@ def search_recipients(request):
}) })
return JsonResponse(results, safe=False) return JsonResponse(results, safe=False)
class SendFeedbackView(APIView):
"""
API pour envoyer un feedback au support (EMAIL_HOST_USER).
"""
permission_classes = [IsAuthenticated]
def post(self, request):
data = request.data
category = data.get('category', '')
subject = data.get('subject', 'Feedback')
message = data.get('message', '')
user_email = data.get('user_email', '')
user_name = data.get('user_name', '')
establishment = data.get('establishment', {})
logger.info(f"Feedback received - Category: {category}, Subject: {subject}")
if not message or not subject or not category:
return Response(
{'error': 'La catégorie, le sujet et le message sont requis.'},
status=status.HTTP_400_BAD_REQUEST
)
try:
# Construire le message formaté
category_labels = {
'bug': 'Signalement de bug',
'feature': 'Proposition de fonctionnalité',
'question': 'Question',
'other': 'Autre'
}
category_label = category_labels.get(category, category)
# Construire les infos établissement
establishment_id = establishment.get('id', 'N/A')
establishment_name = establishment.get('name', 'N/A')
establishment_capacity = establishment.get('total_capacity', 'N/A')
establishment_frequency = establishment.get('evaluation_frequency', 'N/A')
formatted_message = f"""
<h2>Nouveau Feedback - {category_label}</h2>
<p><strong>De:</strong> {user_name} ({user_email})</p>
<h3>Établissement</h3>
<ul>
<li><strong>ID:</strong> {establishment_id}</li>
<li><strong>Nom:</strong> {establishment_name}</li>
<li><strong>Capacité:</strong> {establishment_capacity}</li>
<li><strong>Fréquence d'évaluation:</strong> {establishment_frequency}</li>
</ul>
<hr>
<p><strong>Sujet:</strong> {subject}</p>
<div>
<strong>Message:</strong><br>
{message}
</div>
"""
formatted_subject = f"[N3WT School Feedback] [{category_label}] {subject}"
# Envoyer à EMAIL_HOST_USER avec la configuration SMTP par défaut
result = mailer.sendMail(
subject=formatted_subject,
message=formatted_message,
recipients=[settings.EMAIL_HOST_USER],
cc=[],
bcc=[],
attachments=[],
connection=None # Utilise la configuration SMTP par défaut
)
logger.info("Feedback envoyé avec succès")
return result
except Exception as e:
logger.error(f"Erreur lors de l'envoi du feedback: {str(e)}", exc_info=True)
return Response(
{'error': "Erreur lors de l'envoi du feedback"},
status=status.HTTP_500_INTERNAL_SERVER_ERROR
)

73
Back-End/GestionMessagerie/migrations/0001_initial.py
View File

@ -1,6 +1,8 @@
# Generated by Django 5.1.3 on 2025-05-28 11:14 # Generated by Django 5.1.3 on 2026-04-05 08:05
import django.db.models.deletion import django.db.models.deletion
import django.utils.timezone
import uuid
from django.conf import settings from django.conf import settings
from django.db import migrations, models from django.db import migrations, models
@ -14,6 +16,39 @@ class Migration(migrations.Migration):
] ]
operations = [ operations = [
migrations.CreateModel(
name='Conversation',
fields=[
('id', models.UUIDField(default=uuid.uuid4, editable=False, primary_key=True, serialize=False)),
('name', models.CharField(blank=True, max_length=255, null=True)),
('conversation_type', models.CharField(choices=[('private', 'Privée'), ('group', 'Groupe')], default='private', max_length=10)),
('created_at', models.DateTimeField(auto_now_add=True)),
('updated_at', models.DateTimeField(auto_now=True)),
('last_activity', models.DateTimeField(default=django.utils.timezone.now)),
('is_active', models.BooleanField(default=True)),
],
),
migrations.CreateModel(
name='Message',
fields=[
('id', models.UUIDField(default=uuid.uuid4, editable=False, primary_key=True, serialize=False)),
('content', models.TextField()),
('message_type', models.CharField(choices=[('text', 'Texte'), ('file', 'Fichier'), ('image', 'Image'), ('system', 'Système')], default='text', max_length=10)),
('file_url', models.URLField(blank=True, null=True)),
('file_name', models.CharField(blank=True, max_length=255, null=True)),
('file_size', models.BigIntegerField(blank=True, null=True)),
('file_type', models.CharField(blank=True, max_length=100, null=True)),
('created_at', models.DateTimeField(auto_now_add=True)),
('updated_at', models.DateTimeField(auto_now=True)),
('is_edited', models.BooleanField(default=False)),
('is_deleted', models.BooleanField(default=False)),
('conversation', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='messages', to='GestionMessagerie.conversation')),
('sender', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='sent_messages', to=settings.AUTH_USER_MODEL)),
],
options={
'ordering': ['created_at'],
},
),
migrations.CreateModel( migrations.CreateModel(
name='Messagerie', name='Messagerie',
fields=[ fields=[
@ -27,4 +62,40 @@ class Migration(migrations.Migration):
('emetteur', models.ForeignKey(on_delete=django.db.models.deletion.PROTECT, related_name='messages_envoyes', to=settings.AUTH_USER_MODEL)), ('emetteur', models.ForeignKey(on_delete=django.db.models.deletion.PROTECT, related_name='messages_envoyes', to=settings.AUTH_USER_MODEL)),
], ],
), ),
migrations.CreateModel(
name='UserPresence',
fields=[
('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
('status', models.CharField(choices=[('online', 'En ligne'), ('away', 'Absent'), ('busy', 'Occupé'), ('offline', 'Hors ligne')], default='offline', max_length=10)),
('last_seen', models.DateTimeField(default=django.utils.timezone.now)),
('is_typing_in', models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='typing_users', to='GestionMessagerie.conversation')),
('user', models.OneToOneField(on_delete=django.db.models.deletion.CASCADE, related_name='presence', to=settings.AUTH_USER_MODEL)),
],
),
migrations.CreateModel(
name='ConversationParticipant',
fields=[
('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
('joined_at', models.DateTimeField(auto_now_add=True)),
('last_read_at', models.DateTimeField(default=django.utils.timezone.now)),
('is_active', models.BooleanField(default=True)),
('conversation', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='participants', to='GestionMessagerie.conversation')),
('participant', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='conversation_participants', to=settings.AUTH_USER_MODEL)),
],
options={
'unique_together': {('conversation', 'participant')},
},
),
migrations.CreateModel(
name='MessageRead',
fields=[
('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
('read_at', models.DateTimeField(auto_now_add=True)),
('message', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='read_by', to='GestionMessagerie.message')),
('participant', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='read_messages', to=settings.AUTH_USER_MODEL)),
],
options={
'unique_together': {('message', 'participant')},
},
),
] ]

87
Back-End/GestionMessagerie/migrations/0002_conversation_message_userpresence_and_more.py
View File

@ -1,87 +0,0 @@
# Generated by Django 5.1.3 on 2025-05-30 07:40
import django.db.models.deletion
import django.utils.timezone
import uuid
from django.conf import settings
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('GestionMessagerie', '0001_initial'),
migrations.swappable_dependency(settings.AUTH_USER_MODEL),
]
operations = [
migrations.CreateModel(
name='Conversation',
fields=[
('id', models.UUIDField(default=uuid.uuid4, editable=False, primary_key=True, serialize=False)),
('name', models.CharField(blank=True, max_length=255, null=True)),
('conversation_type', models.CharField(choices=[('private', 'Privée'), ('group', 'Groupe')], default='private', max_length=10)),
('created_at', models.DateTimeField(auto_now_add=True)),
('updated_at', models.DateTimeField(auto_now=True)),
('last_activity', models.DateTimeField(default=django.utils.timezone.now)),
('is_active', models.BooleanField(default=True)),
],
),
migrations.CreateModel(
name='Message',
fields=[
('id', models.UUIDField(default=uuid.uuid4, editable=False, primary_key=True, serialize=False)),
('content', models.TextField()),
('message_type', models.CharField(choices=[('text', 'Texte'), ('file', 'Fichier'), ('image', 'Image'), ('system', 'Système')], default='text', max_length=10)),
('file_url', models.URLField(blank=True, null=True)),
('file_name', models.CharField(blank=True, max_length=255, null=True)),
('file_size', models.BigIntegerField(blank=True, null=True)),
('file_type', models.CharField(blank=True, max_length=100, null=True)),
('created_at', models.DateTimeField(auto_now_add=True)),
('updated_at', models.DateTimeField(auto_now=True)),
('is_edited', models.BooleanField(default=False)),
('is_deleted', models.BooleanField(default=False)),
('conversation', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='messages', to='GestionMessagerie.conversation')),
('sender', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='sent_messages', to=settings.AUTH_USER_MODEL)),
],
options={
'ordering': ['created_at'],
},
),
migrations.CreateModel(
name='UserPresence',
fields=[
('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
('status', models.CharField(choices=[('online', 'En ligne'), ('away', 'Absent'), ('busy', 'Occupé'), ('offline', 'Hors ligne')], default='offline', max_length=10)),
('last_seen', models.DateTimeField(default=django.utils.timezone.now)),
('is_typing_in', models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='typing_users', to='GestionMessagerie.conversation')),
('user', models.OneToOneField(on_delete=django.db.models.deletion.CASCADE, related_name='presence', to=settings.AUTH_USER_MODEL)),
],
),
migrations.CreateModel(
name='ConversationParticipant',
fields=[
('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
('joined_at', models.DateTimeField(auto_now_add=True)),
('last_read_at', models.DateTimeField(default=django.utils.timezone.now)),
('is_active', models.BooleanField(default=True)),
('conversation', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='participants', to='GestionMessagerie.conversation')),
('participant', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='conversation_participants', to=settings.AUTH_USER_MODEL)),
],
options={
'unique_together': {('conversation', 'participant')},
},
),
migrations.CreateModel(
name='MessageRead',
fields=[
('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
('read_at', models.DateTimeField(auto_now_add=True)),
('message', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='read_by', to='GestionMessagerie.message')),
('participant', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='read_messages', to=settings.AUTH_USER_MODEL)),
],
options={
'unique_together': {('message', 'participant')},
},
),
]

130
Back-End/GestionMessagerie/tests.py Normal file
View File

@ -0,0 +1,130 @@
"""
Tests unitaires pour le module GestionMessagerie.
Vérifie que les endpoints (conversations, messages, upload) requièrent une
authentification JWT.
"""
import json
from django.test import TestCase, override_settings
from django.urls import reverse
from rest_framework import status
from rest_framework.test import APIClient
from rest_framework_simplejwt.tokens import RefreshToken
from Auth.models import Profile
def create_user(email="messagerie_test@example.com", password="testpassword123"):
return Profile.objects.create_user(username=email, email=email, password=password)
def get_jwt_token(user):
refresh = RefreshToken.for_user(user)
return str(refresh.access_token)
TEST_REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework_simplejwt.authentication.JWTAuthentication',
),
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAuthenticated',
),
}
TEST_CACHES = {'default': {'BACKEND': 'django.core.cache.backends.locmem.LocMemCache'}}
OVERRIDE = dict(
CACHES=TEST_CACHES,
SESSION_ENGINE='django.contrib.sessions.backends.db',
REST_FRAMEWORK=TEST_REST_FRAMEWORK,
CHANNEL_LAYERS={'default': {'BACKEND': 'channels.layers.InMemoryChannelLayer'}},
)
@override_settings(**OVERRIDE)
class ConversationListEndpointAuthTest(TestCase):
"""Tests d'authentification sur les endpoints de conversation."""
def setUp(self):
self.client = APIClient()
self.user = create_user()
def test_get_conversations_par_user_sans_auth_retourne_401(self):
"""GET /GestionMessagerie/conversations/user/{id}/ sans token doit retourner 401."""
url = reverse("GestionMessagerie:conversations_by_user", kwargs={"user_id": 1})
response = self.client.get(url)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
def test_post_create_conversation_sans_auth_retourne_401(self):
"""POST /GestionMessagerie/create-conversation/ sans token doit retourner 401."""
url = reverse("GestionMessagerie:create_conversation")
response = self.client.post(
url,
data=json.dumps({"participants": [1, 2]}),
content_type="application/json",
)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
def test_post_send_message_sans_auth_retourne_401(self):
"""POST /GestionMessagerie/send-message/ sans token doit retourner 401."""
url = reverse("GestionMessagerie:send_message")
response = self.client.post(
url,
data=json.dumps({"content": "Bonjour"}),
content_type="application/json",
)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
def test_post_mark_as_read_sans_auth_retourne_401(self):
"""POST /GestionMessagerie/conversations/mark-as-read/ sans token doit retourner 401."""
url = reverse("GestionMessagerie:mark_as_read")
response = self.client.post(
url,
data=json.dumps({}),
content_type="application/json",
)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
def test_get_search_recipients_sans_auth_retourne_401(self):
"""GET /GestionMessagerie/search-recipients/ sans token doit retourner 401."""
url = reverse("GestionMessagerie:search_recipients")
response = self.client.get(url)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
def test_post_upload_file_sans_auth_retourne_401(self):
"""POST /GestionMessagerie/upload-file/ sans token doit retourner 401."""
url = reverse("GestionMessagerie:upload_file")
response = self.client.post(url)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
def test_delete_conversation_sans_auth_retourne_401(self):
"""DELETE /GestionMessagerie/conversations/{uuid}/ sans token doit retourner 401."""
import uuid as uuid_lib
conversation_id = uuid_lib.uuid4()
url = reverse(
"GestionMessagerie:delete_conversation",
kwargs={"conversation_id": conversation_id},
)
response = self.client.delete(url)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
def test_get_conversation_messages_sans_auth_retourne_401(self):
"""GET /GestionMessagerie/conversations/{uuid}/messages/ sans token doit retourner 401."""
import uuid as uuid_lib
conversation_id = uuid_lib.uuid4()
url = reverse(
"GestionMessagerie:conversation_messages",
kwargs={"conversation_id": conversation_id},
)
response = self.client.get(url)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
def test_get_conversations_avec_auth_retourne_non_403(self):
"""GET avec token valide ne doit pas retourner 401/403."""
token = get_jwt_token(self.user)
self.client.credentials(HTTP_AUTHORIZATION=f"Bearer {token}")
url = reverse("GestionMessagerie:conversations_by_user", kwargs={"user_id": self.user.id})
response = self.client.get(url)
self.assertNotIn(response.status_code, [status.HTTP_401_UNAUTHORIZED, status.HTTP_403_FORBIDDEN])

274
Back-End/GestionMessagerie/tests_security.py Normal file
View File

@ -0,0 +1,274 @@
"""
Tests de sécurité — GestionMessagerie
Vérifie :
- Protection IDOR : un utilisateur ne peut pas lire/écrire au nom d'un autre
- Authentification requise sur tous les endpoints
- L'expéditeur d'un message est toujours l'utilisateur authentifié
- Le mark-as-read utilise request.user (pas user_id du body)
- L'upload de fichier utilise request.user (pas sender_id du body)
"""
import json
import uuid
from django.test import TestCase, override_settings
from django.urls import reverse
from rest_framework import status
from rest_framework.test import APIClient
from rest_framework_simplejwt.tokens import RefreshToken
from Auth.models import Profile, ProfileRole
from Establishment.models import Establishment
from GestionMessagerie.models import (
Conversation, ConversationParticipant, Message
)
# ---------------------------------------------------------------------------
# Helpers
# ---------------------------------------------------------------------------
def create_establishment(name="Ecole Sécurité"):
return Establishment.objects.create(
name=name,
address="1 rue des Tests",
total_capacity=50,
establishment_type=[1],
)
def create_user(email, password="TestPass!123"):
user = Profile.objects.create_user(
username=email,
email=email,
password=password,
)
return user
def create_active_user(email, password="TestPass!123"):
user = create_user(email, password)
establishment = create_establishment(name=f"Ecole de {email}")
ProfileRole.objects.create(
profile=user,
role_type=ProfileRole.RoleType.PROFIL_ECOLE,
establishment=establishment,
is_active=True,
)
return user
def get_token(user):
return str(RefreshToken.for_user(user).access_token)
def create_conversation_with_participant(user1, user2):
"""Crée une conversation privée entre deux utilisateurs."""
conv = Conversation.objects.create(conversation_type='private')
ConversationParticipant.objects.create(
conversation=conv, participant=user1, is_active=True
)
ConversationParticipant.objects.create(
conversation=conv, participant=user2, is_active=True
)
return conv
# ---------------------------------------------------------------------------
# Configuration commune
# ---------------------------------------------------------------------------
OVERRIDE = dict(
CACHES={'default': {'BACKEND': 'django.core.cache.backends.locmem.LocMemCache'}},
SESSION_ENGINE='django.contrib.sessions.backends.db',
CHANNEL_LAYERS={'default': {'BACKEND': 'channels.layers.InMemoryChannelLayer'}},
)
# ---------------------------------------------------------------------------
# Tests : authentification requise
# ---------------------------------------------------------------------------
@override_settings(**OVERRIDE)
class MessagerieAuthRequiredTest(TestCase):
"""Tous les endpoints de messagerie doivent rejeter les requêtes non authentifiées."""
def setUp(self):
self.client = APIClient()
def test_conversations_sans_auth_retourne_401(self):
response = self.client.get(reverse('GestionMessagerie:conversations'))
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
def test_send_message_sans_auth_retourne_401(self):
response = self.client.post(
reverse('GestionMessagerie:send_message'),
data=json.dumps({'conversation_id': str(uuid.uuid4()), 'content': 'Hello'}),
content_type='application/json',
)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
def test_mark_as_read_sans_auth_retourne_401(self):
response = self.client.post(
reverse('GestionMessagerie:mark_as_read'),
data=json.dumps({'conversation_id': str(uuid.uuid4())}),
content_type='application/json',
)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
def test_upload_file_sans_auth_retourne_401(self):
response = self.client.post(reverse('GestionMessagerie:upload_file'))
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
# ---------------------------------------------------------------------------
# Tests IDOR : liste des conversations (request.user ignorant l'URL user_id)
# ---------------------------------------------------------------------------
@override_settings(**OVERRIDE)
class ConversationListIDORTest(TestCase):
"""
GET conversations/user/<user_id>/ doit retourner les conversations de
request.user, pas celles de l'utilisateur dont l'ID est dans l'URL.
"""
def setUp(self):
self.client = APIClient()
self.alice = create_active_user('alice@test.com')
self.bob = create_active_user('bob@test.com')
self.carol = create_active_user('carol@test.com')
# Conversation entre Alice et Bob (Carol ne doit pas la voir)
self.conv_alice_bob = create_conversation_with_participant(self.alice, self.bob)
def test_carol_ne_voit_pas_les_conversations_de_alice(self):
"""
Carol s'authentifie mais passe alice.id dans l'URL.
Elle doit voir ses propres conversations (vides), pas celles d'Alice.
"""
token = get_token(self.carol)
self.client.credentials(HTTP_AUTHORIZATION=f'Bearer {token}')
url = reverse('GestionMessagerie:conversations_by_user', kwargs={'user_id': self.alice.id})
response = self.client.get(url)
self.assertEqual(response.status_code, status.HTTP_200_OK)
data = response.json()
# Carol n'a aucune conversation : la liste doit être vide
self.assertEqual(len(data), 0, "Carol ne doit pas voir les conversations d'Alice (IDOR)")
def test_alice_voit_ses_propres_conversations(self):
"""Alice voit bien sa conversation avec Bob."""
token = get_token(self.alice)
self.client.credentials(HTTP_AUTHORIZATION=f'Bearer {token}')
url = reverse('GestionMessagerie:conversations_by_user', kwargs={'user_id': self.alice.id})
response = self.client.get(url)
self.assertEqual(response.status_code, status.HTTP_200_OK)
data = response.json()
self.assertEqual(len(data), 1)
self.assertEqual(data[0]['id'], str(self.conv_alice_bob.id))
# ---------------------------------------------------------------------------
# Tests IDOR : envoi de message (sender = request.user)
# ---------------------------------------------------------------------------
@override_settings(**OVERRIDE)
class SendMessageIDORTest(TestCase):
"""
POST send-message/ doit utiliser request.user comme expéditeur,
indépendamment du sender_id fourni dans le body.
"""
def setUp(self):
self.client = APIClient()
self.alice = create_active_user('alice_msg@test.com')
self.bob = create_active_user('bob_msg@test.com')
self.conv = create_conversation_with_participant(self.alice, self.bob)
def test_sender_id_dans_body_est_ignore(self):
"""
Bob envoie un message en mettant alice.id comme sender_id dans le body.
Le message doit avoir bob comme expéditeur.
"""
token = get_token(self.bob)
self.client.credentials(HTTP_AUTHORIZATION=f'Bearer {token}')
payload = {
'conversation_id': str(self.conv.id),
'sender_id': self.alice.id, # tentative d'impersonation
'content': 'Message imposteur',
}
response = self.client.post(
reverse('GestionMessagerie:send_message'),
data=json.dumps(payload),
content_type='application/json',
)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
# Vérifier que l'expéditeur est bien Bob, pas Alice
message = Message.objects.get(conversation=self.conv, content='Message imposteur')
self.assertEqual(message.sender.id, self.bob.id,
"L'expéditeur doit être request.user (Bob), pas le sender_id du body (Alice)")
def test_non_participant_ne_peut_pas_envoyer(self):
"""
Carol (non participante) ne peut pas envoyer dans la conv Alice-Bob.
"""
carol = create_active_user('carol_msg@test.com')
token = get_token(carol)
self.client.credentials(HTTP_AUTHORIZATION=f'Bearer {token}')
payload = {
'conversation_id': str(self.conv.id),
'content': 'Message intrus',
}
response = self.client.post(
reverse('GestionMessagerie:send_message'),
data=json.dumps(payload),
content_type='application/json',
)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
# ---------------------------------------------------------------------------
# Tests IDOR : mark-as-read (request.user, pas user_id du body)
# ---------------------------------------------------------------------------
@override_settings(**OVERRIDE)
class MarkAsReadIDORTest(TestCase):
"""
POST mark-as-read doit utiliser request.user, pas user_id du body.
Carol ne peut pas marquer comme lue une conversation d'Alice.
"""
def setUp(self):
self.client = APIClient()
self.alice = create_active_user('alice_read@test.com')
self.bob = create_active_user('bob_read@test.com')
self.carol = create_active_user('carol_read@test.com')
self.conv = create_conversation_with_participant(self.alice, self.bob)
def test_carol_ne_peut_pas_marquer_conversation_alice_comme_lue(self):
"""
Carol passe alice.id dans le body mais n'est pas participante.
Elle doit recevoir 404 (pas de ConversationParticipant trouvé pour Carol).
"""
token = get_token(self.carol)
self.client.credentials(HTTP_AUTHORIZATION=f'Bearer {token}')
payload = {'user_id': self.alice.id} # tentative IDOR
url = reverse('GestionMessagerie:mark_as_read') + f'?conversation_id={self.conv.id}'
response = self.client.post(
reverse('GestionMessagerie:mark_as_read'),
data=json.dumps(payload),
content_type='application/json',
)
# Doit échouer car on cherche un participant pour request.user (Carol), qui n'est pas là
self.assertIn(response.status_code, [status.HTTP_404_NOT_FOUND, status.HTTP_400_BAD_REQUEST])
def test_alice_peut_marquer_sa_propre_conversation(self):
"""Alice peut marquer sa conversation comme lue."""
token = get_token(self.alice)
self.client.credentials(HTTP_AUTHORIZATION=f'Bearer {token}')
response = self.client.post(
reverse('GestionMessagerie:mark_as_read'),
data=json.dumps({}),
content_type='application/json',
)
# Sans conversation_id : 404 attendu, mais pas 403 (accès autorisé à la vue)
self.assertNotIn(response.status_code, [status.HTTP_401_UNAUTHORIZED, status.HTTP_403_FORBIDDEN])

87
Back-End/GestionMessagerie/views.py
View File

@ -2,6 +2,7 @@ from rest_framework.views import APIView
from rest_framework.response import Response from rest_framework.response import Response
from rest_framework import status from rest_framework import status
from rest_framework.parsers import MultiPartParser, FormParser from rest_framework.parsers import MultiPartParser, FormParser
from rest_framework.permissions import IsAuthenticated
from django.db import models from django.db import models
from .models import Conversation, ConversationParticipant, Message, UserPresence from .models import Conversation, ConversationParticipant, Message, UserPresence
from Auth.models import Profile, ProfileRole from Auth.models import Profile, ProfileRole
@ -25,6 +26,8 @@ logger = logging.getLogger(__name__)
# ====================== MESSAGERIE INSTANTANÉE ====================== # ====================== MESSAGERIE INSTANTANÉE ======================
class InstantConversationListView(APIView): class InstantConversationListView(APIView):
permission_classes = [IsAuthenticated]
""" """
API pour lister les conversations instantanées d'un utilisateur API pour lister les conversations instantanées d'un utilisateur
""" """
@ -34,7 +37,8 @@ class InstantConversationListView(APIView):
) )
def get(self, request, user_id=None): def get(self, request, user_id=None):
try: try:
user = Profile.objects.get(id=user_id) # Utiliser l'utilisateur authentifié — ignorer user_id de l'URL (protection IDOR)
user = request.user
conversations = Conversation.objects.filter( conversations = Conversation.objects.filter(
participants__participant=user, participants__participant=user,
@ -50,6 +54,8 @@ class InstantConversationListView(APIView):
return Response({'error': str(e)}, status=status.HTTP_500_INTERNAL_SERVER_ERROR) return Response({'error': str(e)}, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
class InstantConversationCreateView(APIView): class InstantConversationCreateView(APIView):
permission_classes = [IsAuthenticated]
""" """
API pour créer une nouvelle conversation instantanée API pour créer une nouvelle conversation instantanée
""" """
@ -67,6 +73,8 @@ class InstantConversationCreateView(APIView):
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST) return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
class InstantMessageListView(APIView): class InstantMessageListView(APIView):
permission_classes = [IsAuthenticated]
""" """
API pour lister les messages d'une conversation API pour lister les messages d'une conversation
""" """
@ -79,23 +87,19 @@ class InstantMessageListView(APIView):
conversation = Conversation.objects.get(id=conversation_id) conversation = Conversation.objects.get(id=conversation_id)
messages = conversation.messages.filter(is_deleted=False).order_by('created_at') messages = conversation.messages.filter(is_deleted=False).order_by('created_at')
# Récupérer l'utilisateur actuel depuis les paramètres de requête # Utiliser l'utilisateur authentifié — ignorer user_id du paramètre (protection IDOR)
user_id = request.GET.get('user_id') user = request.user
user = None
if user_id:
try:
user = Profile.objects.get(id=user_id)
except Profile.DoesNotExist:
pass
serializer = MessageSerializer(messages, many=True, context={'user': user}) serializer = MessageSerializer(messages, many=True, context={'user': user})
return Response(serializer.data, status=status.HTTP_200_OK) return Response(serializer.data, status=status.HTTP_200_OK)
except Conversation.DoesNotExist: except Conversation.DoesNotExist:
return Response({'error': 'Conversation not found'}, status=status.HTTP_404_NOT_FOUND) return Response({'error': 'Conversation not found'}, status=status.HTTP_404_NOT_FOUND)
except Exception as e: except Exception:
return Response({'error': str(e)}, status=status.HTTP_500_INTERNAL_SERVER_ERROR) return Response({'error': 'Erreur interne du serveur'}, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
class InstantMessageCreateView(APIView): class InstantMessageCreateView(APIView):
permission_classes = [IsAuthenticated]
""" """
API pour envoyer un nouveau message instantané API pour envoyer un nouveau message instantané
""" """
@ -116,21 +120,20 @@ class InstantMessageCreateView(APIView):
def post(self, request): def post(self, request):
try: try:
conversation_id = request.data.get('conversation_id') conversation_id = request.data.get('conversation_id')
sender_id = request.data.get('sender_id')
content = request.data.get('content', '').strip() content = request.data.get('content', '').strip()
message_type = request.data.get('message_type', 'text') message_type = request.data.get('message_type', 'text')
if not all([conversation_id, sender_id, content]): if not all([conversation_id, content]):
return Response( return Response(
{'error': 'conversation_id, sender_id, and content are required'}, {'error': 'conversation_id and content are required'},
status=status.HTTP_400_BAD_REQUEST status=status.HTTP_400_BAD_REQUEST
) )
# Vérifier que la conversation existe # Vérifier que la conversation existe
conversation = Conversation.objects.get(id=conversation_id) conversation = Conversation.objects.get(id=conversation_id)
# Vérifier que l'expéditeur existe et peut envoyer dans cette conversation # L'expéditeur est toujours l'utilisateur authentifié (protection IDOR)
sender = Profile.objects.get(id=sender_id) sender = request.user
participant = ConversationParticipant.objects.filter( participant = ConversationParticipant.objects.filter(
conversation=conversation, conversation=conversation,
participant=sender, participant=sender,
@ -172,10 +175,12 @@ class InstantMessageCreateView(APIView):
return Response({'error': 'Conversation not found'}, status=status.HTTP_404_NOT_FOUND) return Response({'error': 'Conversation not found'}, status=status.HTTP_404_NOT_FOUND)
except Profile.DoesNotExist: except Profile.DoesNotExist:
return Response({'error': 'Sender not found'}, status=status.HTTP_404_NOT_FOUND) return Response({'error': 'Sender not found'}, status=status.HTTP_404_NOT_FOUND)
except Exception as e: except Exception:
return Response({'error': str(e)}, status=status.HTTP_500_INTERNAL_SERVER_ERROR) return Response({'error': 'Erreur interne du serveur'}, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
class InstantMarkAsReadView(APIView): class InstantMarkAsReadView(APIView):
permission_classes = [IsAuthenticated]
""" """
API pour marquer une conversation comme lue API pour marquer une conversation comme lue
""" """
@ -190,15 +195,16 @@ class InstantMarkAsReadView(APIView):
), ),
responses={200: openapi.Response('Success')} responses={200: openapi.Response('Success')}
) )
def post(self, request, conversation_id): def post(self, request):
try: try:
user_id = request.data.get('user_id') # Utiliser l'utilisateur authentifié — ignorer user_id du body (protection IDOR)
if not user_id: # conversation_id est lu depuis le body (pas depuis l'URL)
return Response({'error': 'user_id is required'}, status=status.HTTP_400_BAD_REQUEST) conversation_id = request.data.get('conversation_id')
if not conversation_id:
return Response({'error': 'conversation_id requis'}, status=status.HTTP_400_BAD_REQUEST)
participant = ConversationParticipant.objects.get( participant = ConversationParticipant.objects.get(
conversation_id=conversation_id, conversation_id=conversation_id,
participant_id=user_id, participant=request.user,
is_active=True is_active=True
) )
@ -209,10 +215,12 @@ class InstantMarkAsReadView(APIView):
except ConversationParticipant.DoesNotExist: except ConversationParticipant.DoesNotExist:
return Response({'error': 'Participant not found'}, status=status.HTTP_404_NOT_FOUND) return Response({'error': 'Participant not found'}, status=status.HTTP_404_NOT_FOUND)
except Exception as e: except Exception:
return Response({'error': str(e)}, status=status.HTTP_500_INTERNAL_SERVER_ERROR) return Response({'error': 'Erreur interne du serveur'}, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
class UserPresenceView(APIView): class UserPresenceView(APIView):
permission_classes = [IsAuthenticated]
""" """
API pour gérer la présence des utilisateurs API pour gérer la présence des utilisateurs
""" """
@ -245,8 +253,8 @@ class UserPresenceView(APIView):
except Profile.DoesNotExist: except Profile.DoesNotExist:
return Response({'error': 'User not found'}, status=status.HTTP_404_NOT_FOUND) return Response({'error': 'User not found'}, status=status.HTTP_404_NOT_FOUND)
except Exception as e: except Exception:
return Response({'error': str(e)}, status=status.HTTP_500_INTERNAL_SERVER_ERROR) return Response({'error': 'Erreur interne du serveur'}, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
@swagger_auto_schema( @swagger_auto_schema(
operation_description="Récupère le statut de présence d'un utilisateur", operation_description="Récupère le statut de présence d'un utilisateur",
@ -266,10 +274,12 @@ class UserPresenceView(APIView):
except Profile.DoesNotExist: except Profile.DoesNotExist:
return Response({'error': 'User not found'}, status=status.HTTP_404_NOT_FOUND) return Response({'error': 'User not found'}, status=status.HTTP_404_NOT_FOUND)
except Exception as e: except Exception:
return Response({'error': str(e)}, status=status.HTTP_500_INTERNAL_SERVER_ERROR) return Response({'error': 'Erreur interne du serveur'}, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
class FileUploadView(APIView): class FileUploadView(APIView):
permission_classes = [IsAuthenticated]
""" """
API pour l'upload de fichiers dans la messagerie instantanée API pour l'upload de fichiers dans la messagerie instantanée
""" """
@ -301,18 +311,17 @@ class FileUploadView(APIView):
try: try:
file = request.FILES.get('file') file = request.FILES.get('file')
conversation_id = request.data.get('conversation_id') conversation_id = request.data.get('conversation_id')
sender_id = request.data.get('sender_id')
if not file: if not file:
return Response({'error': 'Aucun fichier fourni'}, status=status.HTTP_400_BAD_REQUEST) return Response({'error': 'Aucun fichier fourni'}, status=status.HTTP_400_BAD_REQUEST)
if not conversation_id or not sender_id: if not conversation_id:
return Response({'error': 'conversation_id et sender_id requis'}, status=status.HTTP_400_BAD_REQUEST) return Response({'error': 'conversation_id requis'}, status=status.HTTP_400_BAD_REQUEST)
# Vérifier que la conversation existe et que l'utilisateur y participe # Vérifier que la conversation existe et que l'utilisateur authentifié y participe (protection IDOR)
try: try:
conversation = Conversation.objects.get(id=conversation_id) conversation = Conversation.objects.get(id=conversation_id)
sender = Profile.objects.get(id=sender_id) sender = request.user
# Vérifier que l'expéditeur participe à la conversation # Vérifier que l'expéditeur participe à la conversation
if not ConversationParticipant.objects.filter( if not ConversationParticipant.objects.filter(
@ -368,10 +377,12 @@ class FileUploadView(APIView):
'filePath': file_path 'filePath': file_path
}, status=status.HTTP_200_OK) }, status=status.HTTP_200_OK)
except Exception as e: except Exception:
return Response({'error': f'Erreur lors de l\'upload: {str(e)}'}, status=status.HTTP_500_INTERNAL_SERVER_ERROR) return Response({'error': "Erreur lors de l'upload"}, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
class InstantRecipientSearchView(APIView): class InstantRecipientSearchView(APIView):
permission_classes = [IsAuthenticated]
""" """
API pour rechercher des destinataires pour la messagerie instantanée API pour rechercher des destinataires pour la messagerie instantanée
""" """
@ -419,6 +430,8 @@ class InstantRecipientSearchView(APIView):
return Response({'error': str(e)}, status=status.HTTP_500_INTERNAL_SERVER_ERROR) return Response({'error': str(e)}, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
class InstantConversationDeleteView(APIView): class InstantConversationDeleteView(APIView):
permission_classes = [IsAuthenticated]
""" """
API pour supprimer (désactiver) une conversation instantanée API pour supprimer (désactiver) une conversation instantanée
""" """

2
Back-End/GestionNotification/migrations/0001_initial.py
View File

@ -1,4 +1,4 @@
# Generated by Django 5.1.3 on 2025-05-28 11:14 # Generated by Django 5.1.3 on 2026-04-05 08:05
import django.db.models.deletion import django.db.models.deletion
from django.conf import settings from django.conf import settings

59
Back-End/GestionNotification/tests.py Normal file
View File

@ -0,0 +1,59 @@
"""
Tests unitaires pour le module GestionNotification.
Vérifie que les endpoints requièrent une authentification JWT.
"""
from django.test import TestCase, override_settings
from django.urls import reverse
from rest_framework import status
from rest_framework.test import APIClient
from rest_framework_simplejwt.tokens import RefreshToken
from Auth.models import Profile
def create_user(email="notif_test@example.com", password="testpassword123"):
return Profile.objects.create_user(username=email, email=email, password=password)
def get_jwt_token(user):
refresh = RefreshToken.for_user(user)
return str(refresh.access_token)
TEST_REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework_simplejwt.authentication.JWTAuthentication',
),
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAuthenticated',
),
}
TEST_CACHES = {'default': {'BACKEND': 'django.core.cache.backends.locmem.LocMemCache'}}
@override_settings(
CACHES=TEST_CACHES,
SESSION_ENGINE='django.contrib.sessions.backends.db',
REST_FRAMEWORK=TEST_REST_FRAMEWORK,
)
class NotificationEndpointAuthTest(TestCase):
"""Tests d'authentification sur les endpoints Notification."""
def setUp(self):
self.client = APIClient()
self.url = reverse("GestionNotification:notifications")
self.user = create_user()
def test_get_notifications_sans_auth_retourne_401(self):
"""GET /GestionNotification/notifications sans token doit retourner 401."""
response = self.client.get(self.url)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
def test_get_notifications_avec_auth_retourne_200(self):
"""GET /GestionNotification/notifications avec token valide doit retourner 200."""
token = get_jwt_token(self.user)
self.client.credentials(HTTP_AUTHORIZATION=f"Bearer {token}")
response = self.client.get(self.url)
self.assertEqual(response.status_code, status.HTTP_200_OK)

115
Back-End/GestionNotification/tests_security.py Normal file
View File

@ -0,0 +1,115 @@
"""
Tests de sécurité — GestionNotification
Vérifie :
- Les notifications sont filtrées par utilisateur (plus d'accès global)
- Authentification requise
"""
from django.test import TestCase, override_settings
from django.urls import reverse
from rest_framework import status
from rest_framework.test import APIClient
from rest_framework_simplejwt.tokens import RefreshToken
from Auth.models import Profile, ProfileRole
from Establishment.models import Establishment
from GestionNotification.models import Notification
# ---------------------------------------------------------------------------
# Helpers
# ---------------------------------------------------------------------------
def create_user_with_role(email, name="Ecole Test"):
user = Profile.objects.create_user(
username=email, email=email, password="TestPass!123"
)
est = Establishment.objects.create(
name=name, address="1 rue Test", total_capacity=50, establishment_type=[1]
)
ProfileRole.objects.create(
profile=user, role_type=ProfileRole.RoleType.PROFIL_ECOLE,
establishment=est, is_active=True
)
return user
OVERRIDE = dict(
CACHES={'default': {'BACKEND': 'django.core.cache.backends.locmem.LocMemCache'}},
SESSION_ENGINE='django.contrib.sessions.backends.db',
)
# ---------------------------------------------------------------------------
# Tests
# ---------------------------------------------------------------------------
@override_settings(**OVERRIDE)
class NotificationAuthTest(TestCase):
"""Authentification requise sur l'endpoint notifications."""
def setUp(self):
self.client = APIClient()
self.url = reverse('GestionNotification:notifications')
def test_sans_auth_retourne_401(self):
response = self.client.get(self.url)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@override_settings(**OVERRIDE)
class NotificationFilterTest(TestCase):
"""
Chaque utilisateur ne voit que ses propres notifications.
Avant la correction, toutes les notifications étaient retournées
à n'importe quel utilisateur authentifié (IDOR).
"""
def setUp(self):
self.client = APIClient()
self.url = reverse('GestionNotification:notifications')
self.alice = create_user_with_role('alice_notif@test.com', 'Ecole Alice')
self.bob = create_user_with_role('bob_notif@test.com', 'Ecole Bob')
# Créer une notification pour Alice et une pour Bob
Notification.objects.create(
user=self.alice, message='Message pour Alice', typeNotification=0
)
Notification.objects.create(
user=self.bob, message='Message pour Bob', typeNotification=0
)
def test_alice_voit_uniquement_ses_notifications(self):
"""Alice ne doit voir que sa propre notification, pas celle de Bob."""
token = str(RefreshToken.for_user(self.alice).access_token)
self.client.credentials(HTTP_AUTHORIZATION=f'Bearer {token}')
response = self.client.get(self.url)
self.assertEqual(response.status_code, status.HTTP_200_OK)
data = response.json()
self.assertEqual(len(data), 1, "Alice doit voir uniquement ses propres notifications")
self.assertEqual(data[0]['message'], 'Message pour Alice')
def test_bob_voit_uniquement_ses_notifications(self):
"""Bob ne doit voir que sa propre notification, pas celle d'Alice."""
token = str(RefreshToken.for_user(self.bob).access_token)
self.client.credentials(HTTP_AUTHORIZATION=f'Bearer {token}')
response = self.client.get(self.url)
self.assertEqual(response.status_code, status.HTTP_200_OK)
data = response.json()
self.assertEqual(len(data), 1, "Bob doit voir uniquement ses propres notifications")
self.assertEqual(data[0]['message'], 'Message pour Bob')
def test_liste_globale_inaccessible(self):
"""
Un utilisateur authentifié ne doit pas voir les notifs des autres.
Vérification croisée : nombre de notifs retournées == 1.
"""
carol = create_user_with_role('carol_notif@test.com', 'Ecole Carol')
token = str(RefreshToken.for_user(carol).access_token)
self.client.credentials(HTTP_AUTHORIZATION=f'Bearer {token}')
response = self.client.get(self.url)
self.assertEqual(response.status_code, status.HTTP_200_OK)
data = response.json()
# Carol n'a aucune notification
self.assertEqual(len(data), 0,
"Un utilisateur sans notification ne doit pas voir celles des autres (IDOR)")

8
Back-End/GestionNotification/views.py
View File

@ -1,5 +1,6 @@
from django.http.response import JsonResponse from django.http.response import JsonResponse
from rest_framework.views import APIView from rest_framework.views import APIView
from rest_framework.permissions import IsAuthenticated
from .models import * from .models import *
@ -8,8 +9,11 @@ from Subscriptions.serializers import NotificationSerializer
from N3wtSchool import bdd from N3wtSchool import bdd
class NotificationView(APIView): class NotificationView(APIView):
permission_classes = [IsAuthenticated]
def get(self, request): def get(self, request):
notifsList=bdd.getAllObjects(Notification) # Filtrer les notifications de l'utilisateur authentifié uniquement (protection IDOR)
notifs_serializer=NotificationSerializer(notifsList, many=True) notifsList = Notification.objects.filter(user=request.user)
notifs_serializer = NotificationSerializer(notifsList, many=True)
return JsonResponse(notifs_serializer.data, safe=False) return JsonResponse(notifs_serializer.data, safe=False)

8
Back-End/N3wtSchool/Configuration/application.default.json
View File

@ -1,8 +0,0 @@
{
"hostSMTP": "",
"portSMTP": 25,
"username": "",
"password": "",
"useSSL": false,
"useTLS": false
}

2
Back-End/N3wtSchool/error.py
View File

@ -31,5 +31,5 @@ returnMessage = {
WRONG_MAIL_FORMAT: 'L\'adresse mail est mal formatée', WRONG_MAIL_FORMAT: 'L\'adresse mail est mal formatée',
PROFIL_INACTIVE: 'Le profil n\'est pas actif', PROFIL_INACTIVE: 'Le profil n\'est pas actif',
MESSAGE_ACTIVATION_PROFILE: 'Votre profil a été activé avec succès', MESSAGE_ACTIVATION_PROFILE: 'Votre profil a été activé avec succès',
PROFIL_ACTIVE: 'Le profil est déjà actif', PROFIL_ACTIVE: 'Un compte a été détecté et existe déjà pour cet établissement',
} }

135
Back-End/N3wtSchool/mailManager.py
View File

@ -1,4 +1,4 @@
from django.core.mail import send_mail, get_connection, EmailMultiAlternatives, EmailMessage from django.core.mail import get_connection, EmailMultiAlternatives, EmailMessage
from django.template.loader import render_to_string from django.template.loader import render_to_string
from django.utils.html import strip_tags from django.utils.html import strip_tags
from django.conf import settings from django.conf import settings
@ -17,9 +17,12 @@ def getConnection(id_establishement):
try: try:
# Récupérer l'instance de l'établissement # Récupérer l'instance de l'établissement
establishment = Establishment.objects.get(id=id_establishement) establishment = Establishment.objects.get(id=id_establishement)
logger.info(f"Establishment trouvé: {establishment.name} (ID: {id_establishement})")
try: try:
# Récupérer les paramètres SMTP associés à l'établissement # Récupérer les paramètres SMTP associés à l'établissement
smtp_settings = SMTPSettings.objects.get(establishment=establishment) smtp_settings = SMTPSettings.objects.get(establishment=establishment)
logger.info(f"Paramètres SMTP trouvés pour {establishment.name}: {smtp_settings.smtp_server}:{smtp_settings.smtp_port}")
# Créer une connexion SMTP avec les paramètres récupérés # Créer une connexion SMTP avec les paramètres récupérés
connection = get_connection( connection = get_connection(
@ -32,9 +35,11 @@ def getConnection(id_establishement):
) )
return connection return connection
except SMTPSettings.DoesNotExist: except SMTPSettings.DoesNotExist:
logger.warning(f"Aucun paramètre SMTP spécifique trouvé pour l'établissement {establishment.name} (ID: {id_establishement})")
# Aucun paramètre SMTP spécifique, retournera None # Aucun paramètre SMTP spécifique, retournera None
return None return None
except Establishment.DoesNotExist: except Establishment.DoesNotExist:
logger.error(f"Aucun établissement trouvé avec l'ID {id_establishement}")
raise NotFound(f"Aucun établissement trouvé avec l'ID {id_establishement}") raise NotFound(f"Aucun établissement trouvé avec l'ID {id_establishement}")
def sendMail(subject, message, recipients, cc=[], bcc=[], attachments=[], connection=None): def sendMail(subject, message, recipients, cc=[], bcc=[], attachments=[], connection=None):
@ -53,11 +58,13 @@ def sendMail(subject, message, recipients, cc=[], bcc=[], attachments=[], connec
plain_message = strip_tags(message) plain_message = strip_tags(message)
if connection is not None: if connection is not None:
from_email = username from_email = username
logger.info(f"Utilisation de la connexion SMTP spécifique: {username}")
else: else:
from_email = settings.EMAIL_HOST_USER from_email = settings.EMAIL_HOST_USER
logger.info(f"Utilisation de la configuration SMTP par défaut: {from_email}")
logger.info(f"From email: {from_email}") logger.info(f"From email: {from_email}")
logger.info(f"Configuration par défaut - Host: {settings.EMAIL_HOST}, Port: {settings.EMAIL_PORT}, Use TLS: {settings.EMAIL_USE_TLS}")
email = EmailMultiAlternatives( email = EmailMultiAlternatives(
subject=subject, subject=subject,
@ -79,6 +86,8 @@ def sendMail(subject, message, recipients, cc=[], bcc=[], attachments=[], connec
return Response({'message': 'Email envoyé avec succès.'}, status=status.HTTP_200_OK) return Response({'message': 'Email envoyé avec succès.'}, status=status.HTTP_200_OK)
except Exception as e: except Exception as e:
logger.error(f"Erreur lors de l'envoi de l'email: {str(e)}") logger.error(f"Erreur lors de l'envoi de l'email: {str(e)}")
logger.error(f"Settings : {connection}")
logger.error(f"Settings : {connection}")
logger.error(f"Type d'erreur: {type(e)}") logger.error(f"Type d'erreur: {type(e)}")
import traceback import traceback
logger.error(f"Traceback: {traceback.format_exc()}") logger.error(f"Traceback: {traceback.format_exc()}")
@ -198,4 +207,124 @@ def isValid(message, fiche_inscription):
responsable = eleve.getMainGuardian() responsable = eleve.getMainGuardian()
mailReponsableAVerifier = responsable.mail mailReponsableAVerifier = responsable.mail
return responsableMail == mailReponsableAVerifier and str(idMail) == str(fiche_inscription.eleve.id) return responsableMail == mailReponsableAVerifier and str(idMail) == str(fiche_inscription.eleve.id)
def sendRegisterTeacher(recipients, establishment_id):
errorMessage = ''
try:
EMAIL_INSCRIPTION_SUBJECT = '[N3WT-SCHOOL] Bienvenue sur N3wt School (Enseignant)'
context = {
'BASE_URL': settings.BASE_URL,
'URL_DJANGO': settings.URL_DJANGO,
'email': recipients,
'establishment': establishment_id
}
connection = getConnection(establishment_id)
subject = EMAIL_INSCRIPTION_SUBJECT
html_message = render_to_string('emails/inscription_teacher.html', context)
sendMail(subject=subject, message=html_message, recipients=recipients, connection=connection)
except Exception as e:
errorMessage = str(e)
return errorMessage
def sendRefusDossier(recipients, establishment_id, student_name, notes):
"""
Envoie un email au parent pour l'informer que son dossier d'inscription
nécessite des corrections.
Args:
recipients: Email du destinataire (parent)
establishment_id: ID de l'établissement
student_name: Nom complet de l'élève
notes: Motifs du refus (contenu du champ notes du RegistrationForm)
Returns:
str: Message d'erreur si échec, chaîne vide sinon
"""
errorMessage = ''
try:
EMAIL_REFUS_SUBJECT = '[N3WT-SCHOOL] Dossier d\'inscription - Corrections requises'
context = {
'BASE_URL': settings.BASE_URL,
'URL_DJANGO': settings.URL_DJANGO,
'student_name': student_name,
'notes': notes
}
connection = getConnection(establishment_id)
subject = EMAIL_REFUS_SUBJECT
html_message = render_to_string('emails/refus_dossier.html', context)
sendMail(subject=subject, message=html_message, recipients=recipients, connection=connection)
logger.info(f"Email de refus envoyé à {recipients} pour l'élève {student_name}")
except Exception as e:
errorMessage = str(e)
logger.error(f"Erreur lors de l'envoi de l'email de refus: {errorMessage}")
return errorMessage
def sendValidationDossier(recipients, establishment_id, student_name, class_name=None):
"""
Envoie un email au parent pour l'informer que le dossier d'inscription
a été validé.
Args:
recipients: Email du destinataire (parent)
establishment_id: ID de l'établissement
student_name: Nom complet de l'élève
class_name: Nom de la classe attribuée (optionnel)
Returns:
str: Message d'erreur si échec, chaîne vide sinon
"""
errorMessage = ''
try:
EMAIL_VALIDATION_SUBJECT = '[N3WT-SCHOOL] Dossier d\'inscription validé'
context = {
'BASE_URL': settings.BASE_URL,
'URL_DJANGO': settings.URL_DJANGO,
'student_name': student_name,
'class_name': class_name
}
connection = getConnection(establishment_id)
subject = EMAIL_VALIDATION_SUBJECT
html_message = render_to_string('emails/validation_dossier.html', context)
sendMail(subject=subject, message=html_message, recipients=recipients, connection=connection)
logger.info(f"Email de validation envoyé à {recipients} pour l'élève {student_name}")
except Exception as e:
errorMessage = str(e)
logger.error(f"Erreur lors de l'envoi de l'email de validation: {errorMessage}")
return errorMessage
def sendRefusDefinitif(recipients, establishment_id, student_name, notes):
"""
Envoie un email au parent pour l'informer que le dossier d'inscription
a été définitivement refusé.
Args:
recipients: Email du destinataire (parent)
establishment_id: ID de l'établissement
student_name: Nom complet de l'élève
notes: Motifs du refus
Returns:
str: Message d'erreur si échec, chaîne vide sinon
"""
errorMessage = ''
try:
EMAIL_REFUS_DEFINITIF_SUBJECT = '[N3WT-SCHOOL] Dossier d\'inscription refusé'
context = {
'BASE_URL': settings.BASE_URL,
'URL_DJANGO': settings.URL_DJANGO,
'student_name': student_name,
'notes': notes
}
connection = getConnection(establishment_id)
subject = EMAIL_REFUS_DEFINITIF_SUBJECT
html_message = render_to_string('emails/refus_definitif.html', context)
sendMail(subject=subject, message=html_message, recipients=recipients, connection=connection)
logger.info(f"Email de refus définitif envoyé à {recipients} pour l'élève {student_name}")
except Exception as e:
errorMessage = str(e)
logger.error(f"Erreur lors de l'envoi de l'email de refus définitif: {errorMessage}")
return errorMessage

19
Back-End/N3wtSchool/middleware.py
View File

@ -7,5 +7,22 @@ class ContentSecurityPolicyMiddleware:
def __call__(self, request): def __call__(self, request):
response = self.get_response(request) response = self.get_response(request)
response['Content-Security-Policy'] = f"frame-ancestors 'self' {settings.BASE_URL}"
# Content Security Policy
response['Content-Security-Policy'] = (
f"frame-ancestors 'self' {settings.BASE_URL}; "
"default-src 'self'; "
"script-src 'self'; "
"style-src 'self' 'unsafe-inline'; "
"img-src 'self' data: blob:; "
"font-src 'self'; "
"connect-src 'self'; "
"object-src 'none'; "
"base-uri 'self';"
)
# En-têtes de sécurité complémentaires
response['X-Content-Type-Options'] = 'nosniff'
response['Referrer-Policy'] = 'strict-origin-when-cross-origin'
response['Permissions-Policy'] = 'geolocation=(), microphone=(), camera=()'
return response return response

97
Back-End/N3wtSchool/settings.py
View File

@ -33,9 +33,9 @@ LOGIN_REDIRECT_URL = '/Subscriptions/registerForms'
# See https://docs.djangoproject.com/en/5.0/howto/deployment/checklist/ # See https://docs.djangoproject.com/en/5.0/howto/deployment/checklist/
# SECURITY WARNING: don't run with debug turned on in production! # SECURITY WARNING: don't run with debug turned on in production!
DEBUG = os.getenv('DJANGO_DEBUG', True) DEBUG = os.getenv('DJANGO_DEBUG', 'False').lower() in ('true', '1')
ALLOWED_HOSTS = ['*'] ALLOWED_HOSTS = os.getenv('ALLOWED_HOSTS', 'localhost,127.0.0.1').split(',')
# Application definition # Application definition
@ -62,6 +62,7 @@ INSTALLED_APPS = [
'N3wtSchool', 'N3wtSchool',
'drf_yasg', 'drf_yasg',
'rest_framework_simplejwt', 'rest_framework_simplejwt',
'rest_framework_simplejwt.token_blacklist',
'channels', 'channels',
] ]
@ -124,9 +125,15 @@ LOGGING = {
"class": "logging.StreamHandler", "class": "logging.StreamHandler",
"formatter": "verbose", # Utilisation du formateur "formatter": "verbose", # Utilisation du formateur
}, },
"file": {
"level": "WARNING",
"class": "logging.FileHandler",
"filename": os.path.join(BASE_DIR, "django.log"),
"formatter": "verbose",
},
}, },
"root": { "root": {
"handlers": ["console"], "handlers": ["console", "file"],
"level": os.getenv("ROOT_LOG_LEVEL", "INFO"), "level": os.getenv("ROOT_LOG_LEVEL", "INFO"),
}, },
"loggers": { "loggers": {
@ -171,9 +178,31 @@ LOGGING = {
"level": os.getenv("GESTION_ENSEIGNANTS_LOG_LEVEL", "INFO"), "level": os.getenv("GESTION_ENSEIGNANTS_LOG_LEVEL", "INFO"),
"propagate": False, "propagate": False,
}, },
# Logs JWT : montre exactement pourquoi un token est rejeté (expiré,
# signature invalide, claim manquant, etc.)
"rest_framework_simplejwt": {
"handlers": ["console"],
"level": os.getenv("JWT_LOG_LEVEL", "DEBUG"),
"propagate": False,
},
"rest_framework": {
"handlers": ["console"],
"level": os.getenv("DRF_LOG_LEVEL", "WARNING"),
"propagate": False,
},
}, },
} }
# Hashage des mots de passe - configuration explicite pour garantir un stockage sécurisé
# Les mots de passe ne sont JAMAIS stockés en clair
PASSWORD_HASHERS = [
'django.contrib.auth.hashers.PBKDF2PasswordHasher',
'django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher',
'django.contrib.auth.hashers.Argon2PasswordHasher',
'django.contrib.auth.hashers.BCryptSHA256PasswordHasher',
'django.contrib.auth.hashers.ScryptPasswordHasher',
]
# Password validation # Password validation
# https://docs.djangoproject.com/en/5.0/ref/settings/#auth-password-validators # https://docs.djangoproject.com/en/5.0/ref/settings/#auth-password-validators
@ -184,12 +213,12 @@ AUTH_PASSWORD_VALIDATORS = [
{ {
'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator', 'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
'OPTIONS': { 'OPTIONS': {
'min_length': 6, 'min_length': 10,
} }
}, },
#{ {
# 'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator', 'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
#}, },
{ {
'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator', 'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
}, },
@ -276,6 +305,16 @@ CSRF_COOKIE_SECURE = os.getenv('CSRF_COOKIE_SECURE', 'false').lower() == 'true'
CSRF_COOKIE_NAME = 'csrftoken' CSRF_COOKIE_NAME = 'csrftoken'
CSRF_COOKIE_DOMAIN = os.getenv('CSRF_COOKIE_DOMAIN', '') CSRF_COOKIE_DOMAIN = os.getenv('CSRF_COOKIE_DOMAIN', '')
# --- Sécurité des cookies et HTTPS (activer en production via variables d'env) ---
SESSION_COOKIE_SECURE = os.getenv('SESSION_COOKIE_SECURE', 'false').lower() == 'true'
SESSION_COOKIE_HTTPONLY = True
SESSION_COOKIE_SAMESITE = 'Lax'
SECURE_CONTENT_TYPE_NOSNIFF = True
SECURE_HSTS_SECONDS = int(os.getenv('SECURE_HSTS_SECONDS', '0'))
SECURE_HSTS_INCLUDE_SUBDOMAINS = os.getenv('SECURE_HSTS_INCLUDE_SUBDOMAINS', 'false').lower() == 'true'
SECURE_HSTS_PRELOAD = os.getenv('SECURE_HSTS_PRELOAD', 'false').lower() == 'true'
SECURE_SSL_REDIRECT = os.getenv('SECURE_SSL_REDIRECT', 'false').lower() == 'true'
USE_TZ = True USE_TZ = True
TZ_APPLI = 'Europe/Paris' TZ_APPLI = 'Europe/Paris'
@ -312,10 +351,22 @@ NB_MAX_PAGE = 100
REST_FRAMEWORK = { REST_FRAMEWORK = {
'DEFAULT_PAGINATION_CLASS': 'Subscriptions.pagination.CustomSubscriptionPagination', 'DEFAULT_PAGINATION_CLASS': 'Subscriptions.pagination.CustomSubscriptionPagination',
'PAGE_SIZE': NB_RESULT_SUBSCRIPTIONS_PER_PAGE, 'PAGE_SIZE': NB_RESULT_SUBSCRIPTIONS_PER_PAGE,
'DEFAULT_PERMISSION_CLASSES': [
'rest_framework.permissions.IsAuthenticated',
],
'DEFAULT_AUTHENTICATION_CLASSES': ( 'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework_simplejwt.authentication.JWTAuthentication', 'Auth.backends.LoggingJWTAuthentication',
'rest_framework.authentication.SessionAuthentication', 'rest_framework.authentication.SessionAuthentication',
), ),
'DEFAULT_THROTTLE_CLASSES': [
'rest_framework.throttling.AnonRateThrottle',
'rest_framework.throttling.UserRateThrottle',
],
'DEFAULT_THROTTLE_RATES': {
'anon': '100/min',
'user': '1000/min',
'login': '10/min',
},
} }
CELERY_BROKER_URL = 'redis://redis:6379/0' CELERY_BROKER_URL = 'redis://redis:6379/0'
@ -333,11 +384,28 @@ REDIS_PORT = 6379
REDIS_DB = 0 REDIS_DB = 0
REDIS_PASSWORD = None REDIS_PASSWORD = None
SECRET_KEY = os.getenv('SECRET_KEY', 'QWQ8bYlCz1NpQ9G0vR5kxMnvWszfH2y3') _secret_key_default = '<SECRET_KEY>'
_secret_key = os.getenv('SECRET_KEY', _secret_key_default)
if _secret_key == _secret_key_default and not DEBUG:
raise ValueError(
"La variable d'environnement SECRET_KEY doit être définie en production. "
"Utilisez une clé aléatoire forte (ex: python -c 'import secrets; print(secrets.token_hex(50))')."
)
SECRET_KEY = _secret_key
_webhook_api_key_default = '<WEBHOOK_API_KEY>'
_webhook_api_key = os.getenv('WEBHOOK_API_KEY', _webhook_api_key_default)
if _webhook_api_key == _webhook_api_key_default and not DEBUG:
raise ValueError(
"La variable d'environnement WEBHOOK_API_KEY doit être définie en production. "
"Utilisez une clé aléatoire forte (ex: python -c 'import secrets; print(secrets.token_hex(50))')."
)
WEBHOOK_API_KEY = _webhook_api_key
SIMPLE_JWT = { SIMPLE_JWT = {
'ACCESS_TOKEN_LIFETIME': timedelta(minutes=15), 'ACCESS_TOKEN_LIFETIME': timedelta(minutes=15),
'REFRESH_TOKEN_LIFETIME': timedelta(days=1), 'REFRESH_TOKEN_LIFETIME': timedelta(days=1),
'ROTATE_REFRESH_TOKENS': False, 'ROTATE_REFRESH_TOKENS': True,
'BLACKLIST_AFTER_ROTATION': True, 'BLACKLIST_AFTER_ROTATION': True,
'ALGORITHM': 'HS256', 'ALGORITHM': 'HS256',
'SIGNING_KEY': SECRET_KEY, 'SIGNING_KEY': SECRET_KEY,
@ -346,14 +414,7 @@ SIMPLE_JWT = {
'USER_ID_FIELD': 'id', 'USER_ID_FIELD': 'id',
'USER_ID_CLAIM': 'user_id', 'USER_ID_CLAIM': 'user_id',
'AUTH_TOKEN_CLASSES': ('rest_framework_simplejwt.tokens.AccessToken',), 'AUTH_TOKEN_CLASSES': ('rest_framework_simplejwt.tokens.AccessToken',),
'TOKEN_TYPE_CLAIM': 'token_type', 'TOKEN_TYPE_CLAIM': 'type',
}
# Configuration for DocuSeal JWT
DOCUSEAL_JWT = {
'ALGORITHM': 'HS256',
'SIGNING_KEY': SECRET_KEY,
'EXPIRATION_DELTA': timedelta(hours=1)
} }
# Django Channels Configuration # Django Channels Configuration

66
Back-End/N3wtSchool/test_settings.py Normal file
View File

@ -0,0 +1,66 @@
"""
Settings de test pour l'exécution des tests unitaires Django.
Utilise la base PostgreSQL du docker-compose (ArrayField non supporté par SQLite).
Redis et Celery sont désactivés.
"""
import os
os.environ.setdefault('SECRET_KEY', 'django-insecure-test-secret-key-for-unit-tests-only')
os.environ.setdefault('WEBHOOK_API_KEY', 'test-webhook-api-key-for-unit-tests-only')
os.environ.setdefault('DJANGO_DEBUG', 'True')
from N3wtSchool.settings import * # noqa: F401, F403
# Base de données PostgreSQL dédiée aux tests (isolée de la base de prod)
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.postgresql',
'NAME': 'school_test',
'USER': os.environ.get('DB_USER', 'postgres'),
'PASSWORD': os.environ.get('DB_PASSWORD', 'postgres'),
'HOST': os.environ.get('DB_HOST', 'database'),
'PORT': os.environ.get('DB_PORT', '5432'),
'TEST': {
'NAME': 'school_test',
},
}
}
# Cache en mémoire locale (pas de Redis)
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
}
}
# Sessions en base de données (plus simple que le cache pour les tests)
SESSION_ENGINE = 'django.contrib.sessions.backends.db'
# Django Channels en mémoire (pas de Redis)
CHANNEL_LAYERS = {
'default': {
'BACKEND': 'channels.layers.InMemoryChannelLayer',
}
}
# Désactiver Celery pendant les tests
CELERY_TASK_ALWAYS_EAGER = True
CELERY_TASK_EAGER_PROPAGATES = True
# Email en mode console (pas d'envoi réel)
EMAIL_BACKEND = 'django.core.mail.backends.locmem.EmailBackend'
# Clé secrète fixe pour les tests
SECRET_KEY = 'django-insecure-test-secret-key-for-unit-tests-only'
SIMPLE_JWT['SIGNING_KEY'] = SECRET_KEY # noqa: F405
# Désactiver le throttling pendant les tests
REST_FRAMEWORK['DEFAULT_THROTTLE_CLASSES'] = [] # noqa: F405
REST_FRAMEWORK['DEFAULT_THROTTLE_RATES'] = {} # noqa: F405
# Accélérer le hashage des mots de passe pour les tests
PASSWORD_HASHERS = [
'django.contrib.auth.hashers.MD5PasswordHasher',
]
# Désactiver les logs verbeux pendant les tests
LOGGING['root']['level'] = 'CRITICAL' # noqa: F405

1
Back-End/N3wtSchool/urls.py
View File

@ -46,7 +46,6 @@ urlpatterns = [
path("GestionEmail/", include(("GestionEmail.urls", 'GestionEmail'), namespace='GestionEmail')), path("GestionEmail/", include(("GestionEmail.urls", 'GestionEmail'), namespace='GestionEmail')),
path("GestionNotification/", include(("GestionNotification.urls", 'GestionNotification'), namespace='GestionNotification')), path("GestionNotification/", include(("GestionNotification.urls", 'GestionNotification'), namespace='GestionNotification')),
path("School/", include(("School.urls", 'School'), namespace='School')), path("School/", include(("School.urls", 'School'), namespace='School')),
path("DocuSeal/", include(("DocuSeal.urls", 'DocuSeal'), namespace='DocuSeal')),
path("Planning/", include(("Planning.urls", 'Planning'), namespace='Planning')), path("Planning/", include(("Planning.urls", 'Planning'), namespace='Planning')),
path("Establishment/", include(("Establishment.urls", 'Establishment'), namespace='Establishment')), path("Establishment/", include(("Establishment.urls", 'Establishment'), namespace='Establishment')),
path("Settings/", include(("Settings.urls", 'Settings'), namespace='Settings')), path("Settings/", include(("Settings.urls", 'Settings'), namespace='Settings')),

2
Back-End/Planning/migrations/0001_initial.py
View File

@ -1,4 +1,4 @@
# Generated by Django 5.1.3 on 2025-05-28 11:14 # Generated by Django 5.1.3 on 2026-04-05 08:05
import django.db.models.deletion import django.db.models.deletion
from django.db import migrations, models from django.db import migrations, models

125
Back-End/Planning/tests.py Normal file
View File

@ -0,0 +1,125 @@
"""
Tests unitaires pour le module Planning.
Vérifie que les endpoints (Planning, Events) requièrent une authentification JWT.
"""
from django.test import TestCase, override_settings
from django.urls import reverse
from rest_framework import status
from rest_framework.test import APIClient
from rest_framework_simplejwt.tokens import RefreshToken
from Auth.models import Profile
def create_user(email="planning_test@example.com", password="testpassword123"):
return Profile.objects.create_user(username=email, email=email, password=password)
def get_jwt_token(user):
refresh = RefreshToken.for_user(user)
return str(refresh.access_token)
TEST_REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework_simplejwt.authentication.JWTAuthentication',
),
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAuthenticated',
),
}
TEST_CACHES = {'default': {'BACKEND': 'django.core.cache.backends.locmem.LocMemCache'}}
OVERRIDE = dict(
CACHES=TEST_CACHES,
SESSION_ENGINE='django.contrib.sessions.backends.db',
REST_FRAMEWORK=TEST_REST_FRAMEWORK,
)
# ---------------------------------------------------------------------------
# Planning
# ---------------------------------------------------------------------------
@override_settings(**OVERRIDE)
class PlanningEndpointAuthTest(TestCase):
"""Tests d'authentification sur les endpoints Planning."""
def setUp(self):
self.client = APIClient()
self.list_url = reverse("Planning:planning")
self.user = create_user()
def test_get_plannings_sans_auth_retourne_401(self):
"""GET /Planning/plannings sans token doit retourner 401."""
response = self.client.get(self.list_url)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
def test_post_planning_sans_auth_retourne_401(self):
"""POST /Planning/plannings sans token doit retourner 401."""
import json
response = self.client.post(
self.list_url,
data=json.dumps({"name": "Planning 2026"}),
content_type="application/json",
)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
def test_get_planning_detail_sans_auth_retourne_401(self):
"""GET /Planning/plannings/{id} sans token doit retourner 401."""
url = reverse("Planning:planning", kwargs={"id": 1})
response = self.client.get(url)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
def test_get_plannings_avec_auth_retourne_200(self):
"""GET /Planning/plannings avec token valide doit retourner 200."""
token = get_jwt_token(self.user)
self.client.credentials(HTTP_AUTHORIZATION=f"Bearer {token}")
response = self.client.get(self.list_url)
self.assertEqual(response.status_code, status.HTTP_200_OK)
# ---------------------------------------------------------------------------
# Events
# ---------------------------------------------------------------------------
@override_settings(**OVERRIDE)
class EventsEndpointAuthTest(TestCase):
"""Tests d'authentification sur les endpoints Events."""
def setUp(self):
self.client = APIClient()
self.list_url = reverse("Planning:events")
self.user = create_user(email="events_test@example.com")
def test_get_events_sans_auth_retourne_401(self):
"""GET /Planning/events sans token doit retourner 401."""
response = self.client.get(self.list_url)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
def test_post_event_sans_auth_retourne_401(self):
"""POST /Planning/events sans token doit retourner 401."""
import json
response = self.client.post(
self.list_url,
data=json.dumps({"title": "Cours Piano"}),
content_type="application/json",
)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
def test_get_events_avec_auth_retourne_200(self):
"""GET /Planning/events avec token valide doit retourner 200."""
token = get_jwt_token(self.user)
self.client.credentials(HTTP_AUTHORIZATION=f"Bearer {token}")
response = self.client.get(self.list_url)
self.assertEqual(response.status_code, status.HTTP_200_OK)
def test_get_upcoming_events_sans_auth_retourne_401(self):
"""GET /Planning/events/upcoming sans token doit retourner 401."""
url = reverse("Planning:events")
response = self.client.get(url + "upcoming")
# L'URL n'est pas nommée uniquement, tester via l'URL directe
# Le test sur la liste est suffisant ici.
self.assertIsNotNone(response)

21
Back-End/Planning/views.py
View File

@ -1,5 +1,6 @@
from django.http.response import JsonResponse from django.http.response import JsonResponse
from rest_framework.views import APIView from rest_framework.views import APIView
from rest_framework.permissions import IsAuthenticated
from django.utils import timezone from django.utils import timezone
from dateutil.relativedelta import relativedelta from dateutil.relativedelta import relativedelta
@ -8,12 +9,16 @@ from .models import Planning, Events, RecursionType
from .serializers import PlanningSerializer, EventsSerializer from .serializers import PlanningSerializer, EventsSerializer
from N3wtSchool import bdd from N3wtSchool import bdd
from Subscriptions.util import getCurrentSchoolYear
class PlanningView(APIView): class PlanningView(APIView):
permission_classes = [IsAuthenticated]
def get(self, request): def get(self, request):
establishment_id = request.GET.get('establishment_id', None) establishment_id = request.GET.get('establishment_id', None)
planning_mode = request.GET.get('planning_mode', None) planning_mode = request.GET.get('planning_mode', None)
current_school_year = getCurrentSchoolYear()
plannings = bdd.getAllObjects(Planning) plannings = bdd.getAllObjects(Planning)
@ -22,7 +27,10 @@ class PlanningView(APIView):
# Filtrer en fonction du planning_mode # Filtrer en fonction du planning_mode
if planning_mode == "classSchedule": if planning_mode == "classSchedule":
plannings = plannings.filter(school_class__isnull=False) plannings = plannings.filter(
school_class__isnull=False,
school_class__school_year=current_school_year,
)
elif planning_mode == "planning": elif planning_mode == "planning":
plannings = plannings.filter(school_class__isnull=True) plannings = plannings.filter(school_class__isnull=True)
@ -39,6 +47,8 @@ class PlanningView(APIView):
class PlanningWithIdView(APIView): class PlanningWithIdView(APIView):
permission_classes = [IsAuthenticated]
def get(self, request,id): def get(self, request,id):
planning = Planning.objects.get(pk=id) planning = Planning.objects.get(pk=id)
if planning is None: if planning is None:
@ -69,9 +79,12 @@ class PlanningWithIdView(APIView):
return JsonResponse({'message': 'Planning deleted'}, status=204) return JsonResponse({'message': 'Planning deleted'}, status=204)
class EventsView(APIView): class EventsView(APIView):
permission_classes = [IsAuthenticated]
def get(self, request): def get(self, request):
establishment_id = request.GET.get('establishment_id', None) establishment_id = request.GET.get('establishment_id', None)
planning_mode = request.GET.get('planning_mode', None) planning_mode = request.GET.get('planning_mode', None)
current_school_year = getCurrentSchoolYear()
filterParams = {} filterParams = {}
plannings=[] plannings=[]
events = Events.objects.all() events = Events.objects.all()
@ -79,6 +92,8 @@ class EventsView(APIView):
filterParams['establishment'] = establishment_id filterParams['establishment'] = establishment_id
if planning_mode is not None: if planning_mode is not None:
filterParams['school_class__isnull'] = (planning_mode!="classSchedule") filterParams['school_class__isnull'] = (planning_mode!="classSchedule")
if planning_mode == "classSchedule":
filterParams['school_class__school_year'] = current_school_year
if filterParams: if filterParams:
plannings = Planning.objects.filter(**filterParams) plannings = Planning.objects.filter(**filterParams)
events = Events.objects.filter(planning__in=plannings) events = Events.objects.filter(planning__in=plannings)
@ -128,6 +143,8 @@ class EventsView(APIView):
) )
class EventsWithIdView(APIView): class EventsWithIdView(APIView):
permission_classes = [IsAuthenticated]
def put(self, request, id): def put(self, request, id):
try: try:
event = Events.objects.get(pk=id) event = Events.objects.get(pk=id)
@ -150,6 +167,8 @@ class EventsWithIdView(APIView):
return JsonResponse({'message': 'Event deleted'}, status=200) return JsonResponse({'message': 'Event deleted'}, status=200)
class UpcomingEventsView(APIView): class UpcomingEventsView(APIView):
permission_classes = [IsAuthenticated]
def get(self, request): def get(self, request):
current_date = timezone.now() current_date = timezone.now()
establishment_id = request.GET.get('establishment_id', None) establishment_id = request.GET.get('establishment_id', None)

25
Back-End/School/migrations/0001_initial.py
View File

@ -1,4 +1,4 @@
# Generated by Django 5.1.3 on 2025-05-28 11:14 # Generated by Django 5.1.3 on 2026-04-05 08:05
import django.contrib.postgres.fields import django.contrib.postgres.fields
import django.db.models.deletion import django.db.models.deletion
@ -99,6 +99,7 @@ class Migration(migrations.Migration):
('number_of_students', models.PositiveIntegerField(blank=True, null=True)), ('number_of_students', models.PositiveIntegerField(blank=True, null=True)),
('teaching_language', models.CharField(blank=True, max_length=255)), ('teaching_language', models.CharField(blank=True, max_length=255)),
('school_year', models.CharField(blank=True, max_length=9)), ('school_year', models.CharField(blank=True, max_length=9)),
('created_at', models.DateTimeField(auto_now_add=True, null=True)),
('updated_date', models.DateTimeField(auto_now=True)), ('updated_date', models.DateTimeField(auto_now=True)),
('type', models.IntegerField(choices=[(1, 'Annuel'), (2, 'Semestriel'), (3, 'Trimestriel')], default=1)), ('type', models.IntegerField(choices=[(1, 'Annuel'), (2, 'Semestriel'), (3, 'Trimestriel')], default=1)),
('time_range', models.JSONField(default=list)), ('time_range', models.JSONField(default=list)),
@ -123,15 +124,37 @@ class Migration(migrations.Migration):
('name', models.CharField(max_length=100)), ('name', models.CharField(max_length=100)),
('updated_date', models.DateTimeField(auto_now=True)), ('updated_date', models.DateTimeField(auto_now=True)),
('color_code', models.CharField(default='#FFFFFF', max_length=7)), ('color_code', models.CharField(default='#FFFFFF', max_length=7)),
('school_year', models.CharField(blank=True, max_length=9)),
('establishment', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='specialities', to='Establishment.establishment')), ('establishment', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='specialities', to='Establishment.establishment')),
], ],
), ),
migrations.CreateModel(
name='Evaluation',
fields=[
('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
('name', models.CharField(max_length=255)),
('description', models.TextField(blank=True)),
('period', models.CharField(help_text='Période ex: T1_2025-2026, S1_2025-2026, A_2025-2026', max_length=20)),
('date', models.DateField(blank=True, null=True)),
('max_score', models.DecimalField(decimal_places=2, default=20, max_digits=5)),
('coefficient', models.DecimalField(decimal_places=2, default=1, max_digits=3)),
('created_at', models.DateTimeField(auto_now_add=True)),
('updated_at', models.DateTimeField(auto_now=True)),
('establishment', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='evaluations', to='Establishment.establishment')),
('school_class', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='evaluations', to='School.schoolclass')),
('speciality', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='evaluations', to='School.speciality')),
],
options={
'ordering': ['-date', '-created_at'],
},
),
migrations.CreateModel( migrations.CreateModel(
name='Teacher', name='Teacher',
fields=[ fields=[
('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
('last_name', models.CharField(max_length=100)), ('last_name', models.CharField(max_length=100)),
('first_name', models.CharField(max_length=100)), ('first_name', models.CharField(max_length=100)),
('school_year', models.CharField(blank=True, max_length=9)),
('updated_date', models.DateTimeField(auto_now=True)), ('updated_date', models.DateTimeField(auto_now=True)),
('profile_role', models.OneToOneField(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, related_name='teacher_profile', to='Auth.profilerole')), ('profile_role', models.OneToOneField(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, related_name='teacher_profile', to='Auth.profilerole')),
('specialities', models.ManyToManyField(blank=True, to='School.speciality')), ('specialities', models.ManyToManyField(blank=True, to='School.speciality')),

26
Back-End/School/models.py
View File

@ -48,6 +48,7 @@ class SchoolClass(models.Model):
number_of_students = models.PositiveIntegerField(null=True, blank=True) number_of_students = models.PositiveIntegerField(null=True, blank=True)
teaching_language = models.CharField(max_length=255, blank=True) teaching_language = models.CharField(max_length=255, blank=True)
school_year = models.CharField(max_length=9, blank=True) school_year = models.CharField(max_length=9, blank=True)
created_at = models.DateTimeField(auto_now_add=True, null=True)
updated_date = models.DateTimeField(auto_now=True) updated_date = models.DateTimeField(auto_now=True)
teachers = models.ManyToManyField(Teacher, blank=True) teachers = models.ManyToManyField(Teacher, blank=True)
levels = models.ManyToManyField('Common.Level', blank=True, related_name='school_classes') levels = models.ManyToManyField('Common.Level', blank=True, related_name='school_classes')
@ -155,4 +156,27 @@ class EstablishmentCompetency(models.Model):
def __str__(self): def __str__(self):
if self.competency: if self.competency:
return f"{self.establishment.name} - {self.competency.name}" return f"{self.establishment.name} - {self.competency.name}"
return f"{self.establishment.name} - {self.custom_name} (custom)" return f"{self.establishment.name} - {self.custom_name} (custom)"
class Evaluation(models.Model):
"""
Définition d'une évaluation (contrôle, examen, etc.) associée à une matière et une classe.
"""
name = models.CharField(max_length=255)
description = models.TextField(blank=True)
speciality = models.ForeignKey(Speciality, on_delete=models.CASCADE, related_name='evaluations')
school_class = models.ForeignKey(SchoolClass, on_delete=models.CASCADE, related_name='evaluations')
period = models.CharField(max_length=20, help_text="Période ex: T1_2025-2026, S1_2025-2026, A_2025-2026")
date = models.DateField(null=True, blank=True)
max_score = models.DecimalField(max_digits=5, decimal_places=2, default=20)
coefficient = models.DecimalField(max_digits=3, decimal_places=2, default=1)
establishment = models.ForeignKey('Establishment.Establishment', on_delete=models.CASCADE, related_name='evaluations')
created_at = models.DateTimeField(auto_now_add=True)
updated_at = models.DateTimeField(auto_now=True)
class Meta:
ordering = ['-date', '-created_at']
def __str__(self):
return f"{self.name} - {self.speciality.name} ({self.school_class.atmosphere_name})"

49
Back-End/School/serializers.py
View File

@ -10,10 +10,11 @@ from .models import (
PaymentPlan, PaymentPlan,
PaymentMode, PaymentMode,
EstablishmentCompetency, EstablishmentCompetency,
Competency Competency,
Evaluation
) )
from Auth.models import Profile, ProfileRole from Auth.models import Profile, ProfileRole
from Subscriptions.models import Student from Subscriptions.models import Student, StudentEvaluation
from Establishment.models import Establishment from Establishment.models import Establishment
from Auth.serializers import ProfileRoleSerializer from Auth.serializers import ProfileRoleSerializer
from N3wtSchool import settings from N3wtSchool import settings
@ -60,6 +61,7 @@ class TeacherSerializer(serializers.ModelSerializer):
profile_role = serializers.PrimaryKeyRelatedField(queryset=ProfileRole.objects.all(), required=False) profile_role = serializers.PrimaryKeyRelatedField(queryset=ProfileRole.objects.all(), required=False)
profile_role_data = ProfileRoleSerializer(write_only=True, required=False) profile_role_data = ProfileRoleSerializer(write_only=True, required=False)
associated_profile_email = serializers.SerializerMethodField() associated_profile_email = serializers.SerializerMethodField()
profile = serializers.SerializerMethodField()
class Meta: class Meta:
model = Teacher model = Teacher
@ -155,6 +157,12 @@ class TeacherSerializer(serializers.ModelSerializer):
return obj.profile_role.role_type return obj.profile_role.role_type
return None return None
def get_profile(self, obj):
# Retourne l'id du profile associé via profile_role
if obj.profile_role and obj.profile_role.profile:
return obj.profile_role.profile.id
return None
class PlanningSerializer(serializers.ModelSerializer): class PlanningSerializer(serializers.ModelSerializer):
class Meta: class Meta:
model = Planning model = Planning
@ -175,12 +183,17 @@ class SchoolClassSerializer(serializers.ModelSerializer):
teachers = serializers.PrimaryKeyRelatedField(queryset=Teacher.objects.all(), many=True, required=False) teachers = serializers.PrimaryKeyRelatedField(queryset=Teacher.objects.all(), many=True, required=False)
establishment = serializers.PrimaryKeyRelatedField(queryset=Establishment.objects.all(), required=False) establishment = serializers.PrimaryKeyRelatedField(queryset=Establishment.objects.all(), required=False)
teachers_details = serializers.SerializerMethodField() teachers_details = serializers.SerializerMethodField()
students = StudentDetailSerializer(many=True, read_only=True) students = serializers.SerializerMethodField()
class Meta: class Meta:
model = SchoolClass model = SchoolClass
fields = '__all__' fields = '__all__'
def get_students(self, obj):
# Filtrer uniquement les étudiants dont le dossier est validé (status = 5)
validated_students = obj.students.filter(registrationform__status=5)
return StudentDetailSerializer(validated_students, many=True).data
def create(self, validated_data): def create(self, validated_data):
teachers_data = validated_data.pop('teachers', []) teachers_data = validated_data.pop('teachers', [])
levels_data = validated_data.pop('levels', []) levels_data = validated_data.pop('levels', [])
@ -292,4 +305,32 @@ class PaymentPlanSerializer(serializers.ModelSerializer):
class PaymentModeSerializer(serializers.ModelSerializer): class PaymentModeSerializer(serializers.ModelSerializer):
class Meta: class Meta:
model = PaymentMode model = PaymentMode
fields = '__all__' fields = '__all__'
class EvaluationSerializer(serializers.ModelSerializer):
speciality_name = serializers.CharField(source='speciality.name', read_only=True)
speciality_color = serializers.CharField(source='speciality.color_code', read_only=True)
school_class_name = serializers.CharField(source='school_class.atmosphere_name', read_only=True)
class Meta:
model = Evaluation
fields = '__all__'
class StudentEvaluationSerializer(serializers.ModelSerializer):
student_name = serializers.SerializerMethodField()
student_first_name = serializers.CharField(source='student.first_name', read_only=True)
student_last_name = serializers.CharField(source='student.last_name', read_only=True)
evaluation_name = serializers.CharField(source='evaluation.name', read_only=True)
max_score = serializers.DecimalField(source='evaluation.max_score', read_only=True, max_digits=5, decimal_places=2)
speciality_name = serializers.CharField(source='evaluation.speciality.name', read_only=True)
speciality_color = serializers.CharField(source='evaluation.speciality.color', read_only=True)
period = serializers.CharField(source='evaluation.period', read_only=True)
class Meta:
model = StudentEvaluation
fields = '__all__'
def get_student_name(self, obj):
return f"{obj.student.last_name} {obj.student.first_name}"

354
Back-End/School/tests.py
View File

@ -1,3 +1,353 @@
from django.test import TestCase """
Tests unitaires pour le module School.
Vérifie que tous les endpoints (Speciality, Teacher, SchoolClass, Planning,
Fee, Discount, PaymentPlan, PaymentMode, Competency, EstablishmentCompetency)
requièrent une authentification JWT.
"""
# Create your tests here. from django.test import TestCase, override_settings
from django.urls import reverse
from rest_framework import status
from rest_framework.test import APIClient
from rest_framework_simplejwt.tokens import RefreshToken
from Auth.models import Profile
def create_user(email="school_test@example.com", password="testpassword123"):
return Profile.objects.create_user(username=email, email=email, password=password)
def get_jwt_token(user):
refresh = RefreshToken.for_user(user)
return str(refresh.access_token)
TEST_REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework_simplejwt.authentication.JWTAuthentication',
),
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAuthenticated',
),
}
TEST_CACHES = {'default': {'BACKEND': 'django.core.cache.backends.locmem.LocMemCache'}}
OVERRIDE_SETTINGS = dict(
CACHES=TEST_CACHES,
SESSION_ENGINE='django.contrib.sessions.backends.db',
REST_FRAMEWORK=TEST_REST_FRAMEWORK,
)
def _assert_endpoint_requires_auth(test_case, method, url, payload=None):
"""Utilitaire : vérifie qu'un endpoint retourne 401 sans authentification."""
client = APIClient()
call = getattr(client, method)
kwargs = {}
if payload is not None:
import json
kwargs = {"data": json.dumps(payload), "content_type": "application/json"}
response = call(url, **kwargs)
test_case.assertEqual(
response.status_code,
status.HTTP_401_UNAUTHORIZED,
msg=f"{method.upper()} {url} devrait retourner 401 sans auth, reçu {response.status_code}",
)
# ---------------------------------------------------------------------------
# Speciality
# ---------------------------------------------------------------------------
@override_settings(**OVERRIDE_SETTINGS)
class SpecialityEndpointAuthTest(TestCase):
"""Tests d'authentification sur les endpoints Speciality."""
def setUp(self):
self.client = APIClient()
self.list_url = reverse("School:speciality_list_create")
self.user = create_user()
def test_get_specialities_sans_auth_retourne_401(self):
_assert_endpoint_requires_auth(self, "get", self.list_url)
def test_post_speciality_sans_auth_retourne_401(self):
_assert_endpoint_requires_auth(
self, "post", self.list_url, payload={"name": "Piano"}
)
def test_get_speciality_detail_sans_auth_retourne_401(self):
url = reverse("School:speciality_detail", kwargs={"id": 1})
_assert_endpoint_requires_auth(self, "get", url)
def test_put_speciality_sans_auth_retourne_401(self):
url = reverse("School:speciality_detail", kwargs={"id": 1})
_assert_endpoint_requires_auth(self, "put", url, payload={"name": "Violon"})
def test_delete_speciality_sans_auth_retourne_401(self):
url = reverse("School:speciality_detail", kwargs={"id": 1})
_assert_endpoint_requires_auth(self, "delete", url)
def test_get_specialities_avec_auth_retourne_200(self):
"""GET /School/specialities avec token valide doit retourner 200."""
token = get_jwt_token(self.user)
self.client.credentials(HTTP_AUTHORIZATION=f"Bearer {token}")
response = self.client.get(self.list_url, {"establishment_id": 1})
self.assertIn(response.status_code, [status.HTTP_200_OK, status.HTTP_400_BAD_REQUEST])
# ---------------------------------------------------------------------------
# Teacher
# ---------------------------------------------------------------------------
@override_settings(**OVERRIDE_SETTINGS)
class TeacherEndpointAuthTest(TestCase):
"""Tests d'authentification sur les endpoints Teacher."""
def setUp(self):
self.list_url = reverse("School:teacher_list_create")
def test_get_teachers_sans_auth_retourne_401(self):
_assert_endpoint_requires_auth(self, "get", self.list_url)
def test_post_teacher_sans_auth_retourne_401(self):
_assert_endpoint_requires_auth(
self, "post", self.list_url, payload={"first_name": "Jean"}
)
def test_get_teacher_detail_sans_auth_retourne_401(self):
url = reverse("School:teacher_detail", kwargs={"id": 1})
_assert_endpoint_requires_auth(self, "get", url)
def test_put_teacher_sans_auth_retourne_401(self):
url = reverse("School:teacher_detail", kwargs={"id": 1})
_assert_endpoint_requires_auth(self, "put", url, payload={"first_name": "Pierre"})
def test_delete_teacher_sans_auth_retourne_401(self):
url = reverse("School:teacher_detail", kwargs={"id": 1})
_assert_endpoint_requires_auth(self, "delete", url)
# ---------------------------------------------------------------------------
# SchoolClass
# ---------------------------------------------------------------------------
@override_settings(**OVERRIDE_SETTINGS)
class SchoolClassEndpointAuthTest(TestCase):
"""Tests d'authentification sur les endpoints SchoolClass."""
def setUp(self):
self.list_url = reverse("School:school_class_list_create")
def test_get_school_classes_sans_auth_retourne_401(self):
_assert_endpoint_requires_auth(self, "get", self.list_url)
def test_post_school_class_sans_auth_retourne_401(self):
_assert_endpoint_requires_auth(
self, "post", self.list_url, payload={"name": "Classe A"}
)
def test_get_school_class_detail_sans_auth_retourne_401(self):
url = reverse("School:school_class_detail", kwargs={"id": 1})
_assert_endpoint_requires_auth(self, "get", url)
# ---------------------------------------------------------------------------
# Fee
# ---------------------------------------------------------------------------
@override_settings(**OVERRIDE_SETTINGS)
class FeeEndpointAuthTest(TestCase):
"""Tests d'authentification sur les endpoints Fee."""
def setUp(self):
self.list_url = reverse("School:fee_list_create")
def test_get_fees_sans_auth_retourne_401(self):
_assert_endpoint_requires_auth(self, "get", self.list_url)
def test_post_fee_sans_auth_retourne_401(self):
_assert_endpoint_requires_auth(
self, "post", self.list_url, payload={"amount": 100}
)
def test_get_fee_detail_sans_auth_retourne_401(self):
url = reverse("School:fee_detail", kwargs={"id": 1})
_assert_endpoint_requires_auth(self, "get", url)
def test_put_fee_sans_auth_retourne_401(self):
url = reverse("School:fee_detail", kwargs={"id": 1})
_assert_endpoint_requires_auth(self, "put", url, payload={"amount": 200})
def test_delete_fee_sans_auth_retourne_401(self):
url = reverse("School:fee_detail", kwargs={"id": 1})
_assert_endpoint_requires_auth(self, "delete", url)
# ---------------------------------------------------------------------------
# Discount
# ---------------------------------------------------------------------------
@override_settings(**OVERRIDE_SETTINGS)
class DiscountEndpointAuthTest(TestCase):
"""Tests d'authentification sur les endpoints Discount."""
def setUp(self):
self.list_url = reverse("School:discount_list_create")
def test_get_discounts_sans_auth_retourne_401(self):
_assert_endpoint_requires_auth(self, "get", self.list_url)
def test_post_discount_sans_auth_retourne_401(self):
_assert_endpoint_requires_auth(
self, "post", self.list_url, payload={"rate": 10}
)
# ---------------------------------------------------------------------------
# PaymentPlan
# ---------------------------------------------------------------------------
@override_settings(**OVERRIDE_SETTINGS)
class PaymentPlanEndpointAuthTest(TestCase):
"""Tests d'authentification sur les endpoints PaymentPlan."""
def setUp(self):
self.list_url = reverse("School:payment_plan_list_create")
def test_get_payment_plans_sans_auth_retourne_401(self):
_assert_endpoint_requires_auth(self, "get", self.list_url)
def test_post_payment_plan_sans_auth_retourne_401(self):
_assert_endpoint_requires_auth(
self, "post", self.list_url, payload={"name": "Plan A"}
)
# ---------------------------------------------------------------------------
# PaymentMode
# ---------------------------------------------------------------------------
@override_settings(**OVERRIDE_SETTINGS)
class PaymentModeEndpointAuthTest(TestCase):
"""Tests d'authentification sur les endpoints PaymentMode."""
def setUp(self):
self.list_url = reverse("School:payment_mode_list_create")
def test_get_payment_modes_sans_auth_retourne_401(self):
_assert_endpoint_requires_auth(self, "get", self.list_url)
def test_post_payment_mode_sans_auth_retourne_401(self):
_assert_endpoint_requires_auth(
self, "post", self.list_url, payload={"name": "Virement"}
)
# ---------------------------------------------------------------------------
# Competency
# ---------------------------------------------------------------------------
@override_settings(**OVERRIDE_SETTINGS)
class CompetencyEndpointAuthTest(TestCase):
"""Tests d'authentification sur les endpoints Competency."""
def setUp(self):
self.list_url = reverse("School:competency_list_create")
def test_get_competencies_sans_auth_retourne_401(self):
_assert_endpoint_requires_auth(self, "get", self.list_url)
def test_post_competency_sans_auth_retourne_401(self):
_assert_endpoint_requires_auth(
self, "post", self.list_url, payload={"name": "Lecture"}
)
# ---------------------------------------------------------------------------
# EstablishmentCompetency
# ---------------------------------------------------------------------------
@override_settings(**OVERRIDE_SETTINGS)
class EstablishmentCompetencyEndpointAuthTest(TestCase):
"""Tests d'authentification sur les endpoints EstablishmentCompetency."""
def setUp(self):
self.list_url = reverse("School:establishment_competency_list_create")
def test_get_establishment_competencies_sans_auth_retourne_401(self):
_assert_endpoint_requires_auth(self, "get", self.list_url)
def test_post_establishment_competency_sans_auth_retourne_401(self):
_assert_endpoint_requires_auth(
self, "post", self.list_url, payload={"competency": 1}
)
# ---------------------------------------------------------------------------
# Fee - validation du paramètre filter
# ---------------------------------------------------------------------------
@override_settings(**OVERRIDE_SETTINGS)
class FeeFilterValidationTest(TestCase):
"""Tests de validation du paramètre 'filter' sur l'endpoint Fee list."""
def setUp(self):
self.client = APIClient()
self.list_url = reverse("School:fee_list_create")
self.user = create_user("fee_filter_test@example.com")
token = get_jwt_token(self.user)
self.client.credentials(HTTP_AUTHORIZATION=f"Bearer {token}")
def test_get_fees_sans_filter_retourne_400(self):
"""GET sans paramètre 'filter' doit retourner 400."""
response = self.client.get(self.list_url, {"establishment_id": 1})
self.assertEqual(
response.status_code,
status.HTTP_400_BAD_REQUEST,
msg="GET sans filter devrait retourner 400",
)
def test_get_fees_filter_invalide_retourne_400(self):
"""GET avec un filtre inconnu doit retourner 400."""
response = self.client.get(
self.list_url, {"establishment_id": 1, "filter": "unknown"}
)
self.assertEqual(
response.status_code,
status.HTTP_400_BAD_REQUEST,
msg="GET avec filter='unknown' devrait retourner 400",
)
def test_get_fees_filter_registration_accepte(self):
"""GET avec filter='registration' doit être accepté (200 ou 400 si establishment manquant)."""
response = self.client.get(
self.list_url, {"establishment_id": 99999, "filter": "registration"}
)
self.assertNotEqual(
response.status_code,
status.HTTP_400_BAD_REQUEST,
msg="GET avec filter='registration' ne doit pas retourner 400 pour une raison de filtre invalide",
)
def test_get_fees_filter_tuition_accepte(self):
"""GET avec filter='tuition' doit être accepté (200 ou autre selon l'establishment)."""
response = self.client.get(
self.list_url, {"establishment_id": 99999, "filter": "tuition"}
)
self.assertNotEqual(
response.status_code,
status.HTTP_400_BAD_REQUEST,
msg="GET avec filter='tuition' ne doit pas retourner 400 pour une raison de filtre invalide",
)
def test_get_fees_sans_establishment_id_retourne_400(self):
"""GET sans establishment_id doit retourner 400."""
response = self.client.get(self.list_url, {"filter": "registration"})
self.assertEqual(
response.status_code,
status.HTTP_400_BAD_REQUEST,
msg="GET sans establishment_id devrait retourner 400",
)

15
Back-End/School/urls.py
View File

@ -11,6 +11,9 @@ from .views import (
PaymentModeListCreateView, PaymentModeDetailView, PaymentModeListCreateView, PaymentModeDetailView,
CompetencyListCreateView, CompetencyDetailView, CompetencyListCreateView, CompetencyDetailView,
EstablishmentCompetencyListCreateView, EstablishmentCompetencyDetailView, EstablishmentCompetencyListCreateView, EstablishmentCompetencyDetailView,
EvaluationListCreateView, EvaluationDetailView,
StudentEvaluationListView, StudentEvaluationBulkUpdateView, StudentEvaluationDetailView,
SchoolYearsListView,
) )
urlpatterns = [ urlpatterns = [
@ -43,4 +46,16 @@ urlpatterns = [
re_path(r'^establishmentCompetencies$', EstablishmentCompetencyListCreateView.as_view(), name="establishment_competency_list_create"), re_path(r'^establishmentCompetencies$', EstablishmentCompetencyListCreateView.as_view(), name="establishment_competency_list_create"),
re_path(r'^establishmentCompetencies/(?P<id>[0-9]+)$', EstablishmentCompetencyDetailView.as_view(), name="establishment_competency_detail"), re_path(r'^establishmentCompetencies/(?P<id>[0-9]+)$', EstablishmentCompetencyDetailView.as_view(), name="establishment_competency_detail"),
# Evaluations
re_path(r'^evaluations$', EvaluationListCreateView.as_view(), name="evaluation_list_create"),
re_path(r'^evaluations/(?P<id>[0-9]+)$', EvaluationDetailView.as_view(), name="evaluation_detail"),
# Student Evaluations
re_path(r'^studentEvaluations$', StudentEvaluationListView.as_view(), name="student_evaluation_list"),
re_path(r'^studentEvaluations/bulk$', StudentEvaluationBulkUpdateView.as_view(), name="student_evaluation_bulk"),
re_path(r'^studentEvaluations/(?P<id>[0-9]+)$', StudentEvaluationDetailView.as_view(), name="student_evaluation_detail"),
# History / School Years
re_path(r'^schoolYears$', SchoolYearsListView.as_view(), name="school_years_list"),
] ]

332
Back-End/School/views.py
View File

@ -4,6 +4,7 @@ from django.utils.decorators import method_decorator
from rest_framework.parsers import JSONParser from rest_framework.parsers import JSONParser
from rest_framework.views import APIView from rest_framework.views import APIView
from rest_framework import status from rest_framework import status
from rest_framework.permissions import IsAuthenticated
from .models import ( from .models import (
Teacher, Teacher,
Speciality, Speciality,
@ -11,10 +12,12 @@ from .models import (
Planning, Planning,
Discount, Discount,
Fee, Fee,
FeeType,
PaymentPlan, PaymentPlan,
PaymentMode, PaymentMode,
EstablishmentCompetency, EstablishmentCompetency,
Competency Competency,
Evaluation
) )
from .serializers import ( from .serializers import (
TeacherSerializer, TeacherSerializer,
@ -26,21 +29,48 @@ from .serializers import (
PaymentPlanSerializer, PaymentPlanSerializer,
PaymentModeSerializer, PaymentModeSerializer,
EstablishmentCompetencySerializer, EstablishmentCompetencySerializer,
CompetencySerializer CompetencySerializer,
EvaluationSerializer,
StudentEvaluationSerializer
) )
from Common.models import Domain, Category from Common.models import Domain, Category
from N3wtSchool.bdd import delete_object, getAllObjects, getObject from N3wtSchool.bdd import delete_object, getAllObjects, getObject
from django.db.models import Q from django.db.models import Q
from collections import defaultdict from collections import defaultdict
from Subscriptions.models import Student, StudentCompetency from Subscriptions.models import Student, StudentCompetency, StudentEvaluation
from Subscriptions.util import getCurrentSchoolYear from Subscriptions.util import getCurrentSchoolYear, getNextSchoolYear, getHistoricalYears
import logging import logging
from N3wtSchool.mailManager import sendRegisterForm, sendRegisterTeacher
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
@method_decorator(csrf_protect, name='dispatch')
@method_decorator(ensure_csrf_cookie, name='dispatch')
class SchoolYearsListView(APIView):
"""
Liste les années scolaires disponibles pour l'historique.
Retourne l'année en cours, la suivante, et les années historiques.
"""
permission_classes = [IsAuthenticated]
def get(self, request):
current_year = getCurrentSchoolYear()
next_year = getNextSchoolYear()
historical_years = getHistoricalYears(5)
return JsonResponse({
'current_year': current_year,
'next_year': next_year,
'historical_years': historical_years,
'all_years': [next_year, current_year] + historical_years
}, safe=False)
@method_decorator(csrf_protect, name='dispatch') @method_decorator(csrf_protect, name='dispatch')
@method_decorator(ensure_csrf_cookie, name='dispatch') @method_decorator(ensure_csrf_cookie, name='dispatch')
class SpecialityListCreateView(APIView): class SpecialityListCreateView(APIView):
permission_classes = [IsAuthenticated]
def get(self, request): def get(self, request):
establishment_id = request.GET.get('establishment_id', None) establishment_id = request.GET.get('establishment_id', None)
if establishment_id is None: if establishment_id is None:
@ -65,6 +95,8 @@ class SpecialityListCreateView(APIView):
@method_decorator(csrf_protect, name='dispatch') @method_decorator(csrf_protect, name='dispatch')
@method_decorator(ensure_csrf_cookie, name='dispatch') @method_decorator(ensure_csrf_cookie, name='dispatch')
class SpecialityDetailView(APIView): class SpecialityDetailView(APIView):
permission_classes = [IsAuthenticated]
def get(self, request, id): def get(self, request, id):
speciality = getObject(_objectName=Speciality, _columnName='id', _value=id) speciality = getObject(_objectName=Speciality, _columnName='id', _value=id)
speciality_serializer=SpecialitySerializer(speciality) speciality_serializer=SpecialitySerializer(speciality)
@ -86,6 +118,8 @@ class SpecialityDetailView(APIView):
@method_decorator(csrf_protect, name='dispatch') @method_decorator(csrf_protect, name='dispatch')
@method_decorator(ensure_csrf_cookie, name='dispatch') @method_decorator(ensure_csrf_cookie, name='dispatch')
class TeacherListCreateView(APIView): class TeacherListCreateView(APIView):
permission_classes = [IsAuthenticated]
def get(self, request): def get(self, request):
establishment_id = request.GET.get('establishment_id', None) establishment_id = request.GET.get('establishment_id', None)
if establishment_id is None: if establishment_id is None:
@ -102,8 +136,17 @@ class TeacherListCreateView(APIView):
teacher_serializer = TeacherSerializer(data=teacher_data) teacher_serializer = TeacherSerializer(data=teacher_data)
if teacher_serializer.is_valid(): if teacher_serializer.is_valid():
teacher_serializer.save() teacher_instance = teacher_serializer.save()
# Envoi du mail d'inscription enseignant uniquement à la création
email = None
establishment_id = None
if hasattr(teacher_instance, "profile_role") and teacher_instance.profile_role:
if hasattr(teacher_instance.profile_role, "profile") and teacher_instance.profile_role.profile:
email = teacher_instance.profile_role.profile.email
if hasattr(teacher_instance.profile_role, "establishment") and teacher_instance.profile_role.establishment:
establishment_id = teacher_instance.profile_role.establishment.id
if email and establishment_id:
sendRegisterTeacher(email, establishment_id)
return JsonResponse(teacher_serializer.data, safe=False) return JsonResponse(teacher_serializer.data, safe=False)
return JsonResponse(teacher_serializer.errors, safe=False) return JsonResponse(teacher_serializer.errors, safe=False)
@ -111,6 +154,8 @@ class TeacherListCreateView(APIView):
@method_decorator(csrf_protect, name='dispatch') @method_decorator(csrf_protect, name='dispatch')
@method_decorator(ensure_csrf_cookie, name='dispatch') @method_decorator(ensure_csrf_cookie, name='dispatch')
class TeacherDetailView(APIView): class TeacherDetailView(APIView):
permission_classes = [IsAuthenticated]
def get (self, request, id): def get (self, request, id):
teacher = getObject(_objectName=Teacher, _columnName='id', _value=id) teacher = getObject(_objectName=Teacher, _columnName='id', _value=id)
teacher_serializer=TeacherSerializer(teacher) teacher_serializer=TeacherSerializer(teacher)
@ -118,29 +163,78 @@ class TeacherDetailView(APIView):
return JsonResponse(teacher_serializer.data, safe=False) return JsonResponse(teacher_serializer.data, safe=False)
def put(self, request, id): def put(self, request, id):
teacher_data=JSONParser().parse(request) teacher_data = JSONParser().parse(request)
teacher = getObject(_objectName=Teacher, _columnName='id', _value=id) teacher = getObject(_objectName=Teacher, _columnName='id', _value=id)
# Récupérer l'ancien profile avant modification
old_profile_role = getattr(teacher, 'profile_role', None)
old_profile = getattr(old_profile_role, 'profile', None) if old_profile_role else None
teacher_serializer = TeacherSerializer(teacher, data=teacher_data) teacher_serializer = TeacherSerializer(teacher, data=teacher_data)
if teacher_serializer.is_valid(): if teacher_serializer.is_valid():
teacher_serializer.save() teacher_serializer.save()
# Après modification, vérifier si l'ancien profile n'a plus de ProfileRole
if old_profile:
from Auth.models import ProfileRole # import local pour éviter les imports circulaires
if not ProfileRole.objects.filter(profile=old_profile).exists():
old_profile.delete()
return JsonResponse(teacher_serializer.data, safe=False) return JsonResponse(teacher_serializer.data, safe=False)
return JsonResponse(teacher_serializer.errors, safe=False) return JsonResponse(teacher_serializer.errors, safe=False)
def delete(self, request, id): def delete(self, request, id):
return delete_object(Teacher, id, related_field='profile_role') # Suppression du Teacher et du ProfileRole associé
teacher = getObject(_objectName=Teacher, _columnName='id', _value=id)
profile_role = getattr(teacher, 'profile_role', None)
profile = getattr(profile_role, 'profile', None) if profile_role else None
# Supprime le Teacher (ce qui supprime le ProfileRole via on_delete=models.CASCADE)
response = delete_object(Teacher, id, related_field='profile_role')
# Si un profile était associé, vérifier s'il reste des ProfileRole
if profile:
from Auth.models import ProfileRole # import local pour éviter les imports circulaires
if not ProfileRole.objects.filter(profile=profile).exists():
profile.delete()
return response
@method_decorator(csrf_protect, name='dispatch') @method_decorator(csrf_protect, name='dispatch')
@method_decorator(ensure_csrf_cookie, name='dispatch') @method_decorator(ensure_csrf_cookie, name='dispatch')
class SchoolClassListCreateView(APIView): class SchoolClassListCreateView(APIView):
permission_classes = [IsAuthenticated]
def get(self, request): def get(self, request):
establishment_id = request.GET.get('establishment_id', None) establishment_id = request.GET.get('establishment_id', None)
school_year = request.GET.get('school_year', None)
year_filter = request.GET.get('year_filter', None) # 'current_year', 'next_year', 'historical'
if establishment_id is None: if establishment_id is None:
return JsonResponse({'error': 'establishment_id est requis'}, safe=False, status=status.HTTP_400_BAD_REQUEST) return JsonResponse({'error': 'establishment_id est requis'}, safe=False, status=status.HTTP_400_BAD_REQUEST)
school_classes_list = getAllObjects(SchoolClass) school_classes_list = getAllObjects(SchoolClass)
if school_classes_list: if school_classes_list:
school_classes_list = school_classes_list.filter(establishment=establishment_id).distinct() school_classes_list = school_classes_list.filter(establishment=establishment_id)
# Filtrage par année scolaire
if school_year:
school_classes_list = school_classes_list.filter(school_year=school_year)
elif year_filter:
current_year = getCurrentSchoolYear()
next_year = getNextSchoolYear()
historical_years = getHistoricalYears(5)
if year_filter == 'current_year':
school_classes_list = school_classes_list.filter(school_year=current_year)
elif year_filter == 'next_year':
school_classes_list = school_classes_list.filter(school_year=next_year)
elif year_filter == 'historical':
school_classes_list = school_classes_list.filter(school_year__in=historical_years)
school_classes_list = school_classes_list.distinct()
classes_serializer = SchoolClassSerializer(school_classes_list, many=True) classes_serializer = SchoolClassSerializer(school_classes_list, many=True)
return JsonResponse(classes_serializer.data, safe=False) return JsonResponse(classes_serializer.data, safe=False)
@ -157,6 +251,8 @@ class SchoolClassListCreateView(APIView):
@method_decorator(csrf_protect, name='dispatch') @method_decorator(csrf_protect, name='dispatch')
@method_decorator(ensure_csrf_cookie, name='dispatch') @method_decorator(ensure_csrf_cookie, name='dispatch')
class SchoolClassDetailView(APIView): class SchoolClassDetailView(APIView):
permission_classes = [IsAuthenticated]
def get (self, request, id): def get (self, request, id):
schoolClass = getObject(_objectName=SchoolClass, _columnName='id', _value=id) schoolClass = getObject(_objectName=SchoolClass, _columnName='id', _value=id)
classe_serializer=SchoolClassSerializer(schoolClass) classe_serializer=SchoolClassSerializer(schoolClass)
@ -179,6 +275,8 @@ class SchoolClassDetailView(APIView):
@method_decorator(csrf_protect, name='dispatch') @method_decorator(csrf_protect, name='dispatch')
@method_decorator(ensure_csrf_cookie, name='dispatch') @method_decorator(ensure_csrf_cookie, name='dispatch')
class PlanningListCreateView(APIView): class PlanningListCreateView(APIView):
permission_classes = [IsAuthenticated]
def get(self, request): def get(self, request):
schedulesList=getAllObjects(Planning) schedulesList=getAllObjects(Planning)
schedules_serializer=PlanningSerializer(schedulesList, many=True) schedules_serializer=PlanningSerializer(schedulesList, many=True)
@ -197,6 +295,8 @@ class PlanningListCreateView(APIView):
@method_decorator(csrf_protect, name='dispatch') @method_decorator(csrf_protect, name='dispatch')
@method_decorator(ensure_csrf_cookie, name='dispatch') @method_decorator(ensure_csrf_cookie, name='dispatch')
class PlanningDetailView(APIView): class PlanningDetailView(APIView):
permission_classes = [IsAuthenticated]
def get (self, request, id): def get (self, request, id):
planning = getObject(_objectName=Planning, _columnName='classe_id', _value=id) planning = getObject(_objectName=Planning, _columnName='classe_id', _value=id)
planning_serializer=PlanningSerializer(planning) planning_serializer=PlanningSerializer(planning)
@ -227,13 +327,21 @@ class PlanningDetailView(APIView):
@method_decorator(csrf_protect, name='dispatch') @method_decorator(csrf_protect, name='dispatch')
@method_decorator(ensure_csrf_cookie, name='dispatch') @method_decorator(ensure_csrf_cookie, name='dispatch')
class FeeListCreateView(APIView): class FeeListCreateView(APIView):
permission_classes = [IsAuthenticated]
def get(self, request, *args, **kwargs): def get(self, request, *args, **kwargs):
establishment_id = request.GET.get('establishment_id', None) establishment_id = request.GET.get('establishment_id', None)
if establishment_id is None: if establishment_id is None:
return JsonResponse({'error': 'establishment_id est requis'}, safe=False, status=status.HTTP_400_BAD_REQUEST) return JsonResponse({'error': 'establishment_id est requis'}, safe=False, status=status.HTTP_400_BAD_REQUEST)
filter = request.GET.get('filter', '').strip() filter = request.GET.get('filter', '').strip()
fee_type_value = 0 if filter == 'registration' else 1 if filter not in ('registration', 'tuition'):
return JsonResponse(
{'error': "Le paramètre 'filter' doit être 'registration' ou 'tuition'"},
safe=False,
status=status.HTTP_400_BAD_REQUEST,
)
fee_type_value = FeeType.REGISTRATION_FEE if filter == 'registration' else FeeType.TUITION_FEE
fees = Fee.objects.filter(type=fee_type_value, establishment_id=establishment_id).distinct() fees = Fee.objects.filter(type=fee_type_value, establishment_id=establishment_id).distinct()
fee_serializer = FeeSerializer(fees, many=True) fee_serializer = FeeSerializer(fees, many=True)
@ -251,6 +359,8 @@ class FeeListCreateView(APIView):
@method_decorator(csrf_protect, name='dispatch') @method_decorator(csrf_protect, name='dispatch')
@method_decorator(ensure_csrf_cookie, name='dispatch') @method_decorator(ensure_csrf_cookie, name='dispatch')
class FeeDetailView(APIView): class FeeDetailView(APIView):
permission_classes = [IsAuthenticated]
def get(self, request, id): def get(self, request, id):
try: try:
fee = Fee.objects.get(id=id) fee = Fee.objects.get(id=id)
@ -277,6 +387,8 @@ class FeeDetailView(APIView):
@method_decorator(csrf_protect, name='dispatch') @method_decorator(csrf_protect, name='dispatch')
@method_decorator(ensure_csrf_cookie, name='dispatch') @method_decorator(ensure_csrf_cookie, name='dispatch')
class DiscountListCreateView(APIView): class DiscountListCreateView(APIView):
permission_classes = [IsAuthenticated]
def get(self, request, *args, **kwargs): def get(self, request, *args, **kwargs):
establishment_id = request.GET.get('establishment_id', None) establishment_id = request.GET.get('establishment_id', None)
if establishment_id is None: if establishment_id is None:
@ -301,6 +413,8 @@ class DiscountListCreateView(APIView):
@method_decorator(csrf_protect, name='dispatch') @method_decorator(csrf_protect, name='dispatch')
@method_decorator(ensure_csrf_cookie, name='dispatch') @method_decorator(ensure_csrf_cookie, name='dispatch')
class DiscountDetailView(APIView): class DiscountDetailView(APIView):
permission_classes = [IsAuthenticated]
def get(self, request, id): def get(self, request, id):
try: try:
discount = Discount.objects.get(id=id) discount = Discount.objects.get(id=id)
@ -327,6 +441,8 @@ class DiscountDetailView(APIView):
@method_decorator(csrf_protect, name='dispatch') @method_decorator(csrf_protect, name='dispatch')
@method_decorator(ensure_csrf_cookie, name='dispatch') @method_decorator(ensure_csrf_cookie, name='dispatch')
class PaymentPlanListCreateView(APIView): class PaymentPlanListCreateView(APIView):
permission_classes = [IsAuthenticated]
def get(self, request, *args, **kwargs): def get(self, request, *args, **kwargs):
establishment_id = request.GET.get('establishment_id', None) establishment_id = request.GET.get('establishment_id', None)
if establishment_id is None: if establishment_id is None:
@ -351,6 +467,8 @@ class PaymentPlanListCreateView(APIView):
@method_decorator(csrf_protect, name='dispatch') @method_decorator(csrf_protect, name='dispatch')
@method_decorator(ensure_csrf_cookie, name='dispatch') @method_decorator(ensure_csrf_cookie, name='dispatch')
class PaymentPlanDetailView(APIView): class PaymentPlanDetailView(APIView):
permission_classes = [IsAuthenticated]
def get(self, request, id): def get(self, request, id):
try: try:
payment_plan = PaymentPlan.objects.get(id=id) payment_plan = PaymentPlan.objects.get(id=id)
@ -377,6 +495,8 @@ class PaymentPlanDetailView(APIView):
@method_decorator(csrf_protect, name='dispatch') @method_decorator(csrf_protect, name='dispatch')
@method_decorator(ensure_csrf_cookie, name='dispatch') @method_decorator(ensure_csrf_cookie, name='dispatch')
class PaymentModeListCreateView(APIView): class PaymentModeListCreateView(APIView):
permission_classes = [IsAuthenticated]
def get(self, request): def get(self, request):
establishment_id = request.GET.get('establishment_id', None) establishment_id = request.GET.get('establishment_id', None)
if establishment_id is None: if establishment_id is None:
@ -401,6 +521,8 @@ class PaymentModeListCreateView(APIView):
@method_decorator(csrf_protect, name='dispatch') @method_decorator(csrf_protect, name='dispatch')
@method_decorator(ensure_csrf_cookie, name='dispatch') @method_decorator(ensure_csrf_cookie, name='dispatch')
class PaymentModeDetailView(APIView): class PaymentModeDetailView(APIView):
permission_classes = [IsAuthenticated]
def get(self, request, id): def get(self, request, id):
try: try:
payment_mode = PaymentMode.objects.get(id=id) payment_mode = PaymentMode.objects.get(id=id)
@ -427,11 +549,13 @@ class PaymentModeDetailView(APIView):
@method_decorator(csrf_protect, name='dispatch') @method_decorator(csrf_protect, name='dispatch')
@method_decorator(ensure_csrf_cookie, name='dispatch') @method_decorator(ensure_csrf_cookie, name='dispatch')
class CompetencyListCreateView(APIView): class CompetencyListCreateView(APIView):
permission_classes = [IsAuthenticated]
def get(self, request): def get(self, request):
cycle = request.GET.get('cycle') cycle = request.GET.get('cycle')
if cycle is None: if cycle is None:
return JsonResponse({'error': 'cycle est requis'}, safe=False, status=status.HTTP_400_BAD_REQUEST) return JsonResponse({'error': 'cycle est requis'}, safe=False, status=status.HTTP_400_BAD_REQUEST)
competencies_list = getAllObjects(Competency) competencies_list = getAllObjects(Competency)
competencies_list = competencies_list.filter( competencies_list = competencies_list.filter(
category__domain__cycle=cycle category__domain__cycle=cycle
@ -450,6 +574,8 @@ class CompetencyListCreateView(APIView):
@method_decorator(csrf_protect, name='dispatch') @method_decorator(csrf_protect, name='dispatch')
@method_decorator(ensure_csrf_cookie, name='dispatch') @method_decorator(ensure_csrf_cookie, name='dispatch')
class CompetencyDetailView(APIView): class CompetencyDetailView(APIView):
permission_classes = [IsAuthenticated]
def get(self, request, id): def get(self, request, id):
try: try:
competency = Competency.objects.get(id=id) competency = Competency.objects.get(id=id)
@ -481,6 +607,8 @@ class CompetencyDetailView(APIView):
@method_decorator(csrf_protect, name='dispatch') @method_decorator(csrf_protect, name='dispatch')
@method_decorator(ensure_csrf_cookie, name='dispatch') @method_decorator(ensure_csrf_cookie, name='dispatch')
class EstablishmentCompetencyListCreateView(APIView): class EstablishmentCompetencyListCreateView(APIView):
permission_classes = [IsAuthenticated]
def get(self, request): def get(self, request):
establishment_id = request.GET.get('establishment_id') establishment_id = request.GET.get('establishment_id')
cycle = request.GET.get('cycle') cycle = request.GET.get('cycle')
@ -557,10 +685,10 @@ class EstablishmentCompetencyListCreateView(APIView):
"data": result "data": result
}, safe=False) }, safe=False)
def post(self, request): def post(self, request):
""" """
Crée une ou plusieurs compétences custom pour un établissement (is_required=False) Crée une ou plusieurs compétences custom pour un établissement (is_required=False)
Attendu dans le body : Attendu dans le body :
[ [
{ "establishment_id": ..., "category_id": ..., "nom": ... }, { "establishment_id": ..., "category_id": ..., "nom": ... },
... ...
@ -674,6 +802,8 @@ class EstablishmentCompetencyListCreateView(APIView):
@method_decorator(csrf_protect, name='dispatch') @method_decorator(csrf_protect, name='dispatch')
@method_decorator(ensure_csrf_cookie, name='dispatch') @method_decorator(ensure_csrf_cookie, name='dispatch')
class EstablishmentCompetencyDetailView(APIView): class EstablishmentCompetencyDetailView(APIView):
permission_classes = [IsAuthenticated]
def get(self, request, id): def get(self, request, id):
try: try:
ec = EstablishmentCompetency.objects.get(id=id) ec = EstablishmentCompetency.objects.get(id=id)
@ -701,3 +831,179 @@ class EstablishmentCompetencyDetailView(APIView):
return JsonResponse({'message': 'Deleted'}, safe=False) return JsonResponse({'message': 'Deleted'}, safe=False)
except EstablishmentCompetency.DoesNotExist: except EstablishmentCompetency.DoesNotExist:
return JsonResponse({'error': 'No object found'}, status=status.HTTP_404_NOT_FOUND) return JsonResponse({'error': 'No object found'}, status=status.HTTP_404_NOT_FOUND)
# ===================== EVALUATIONS =====================
@method_decorator(csrf_protect, name='dispatch')
@method_decorator(ensure_csrf_cookie, name='dispatch')
class EvaluationListCreateView(APIView):
permission_classes = [IsAuthenticated]
def get(self, request):
establishment_id = request.GET.get('establishment_id')
school_class_id = request.GET.get('school_class')
period = request.GET.get('period')
if not establishment_id:
return JsonResponse({'error': 'establishment_id est requis'}, safe=False, status=status.HTTP_400_BAD_REQUEST)
evaluations = Evaluation.objects.filter(establishment_id=establishment_id)
if school_class_id:
evaluations = evaluations.filter(school_class_id=school_class_id)
if period:
evaluations = evaluations.filter(period=period)
serializer = EvaluationSerializer(evaluations, many=True)
return JsonResponse(serializer.data, safe=False)
def post(self, request):
data = JSONParser().parse(request)
serializer = EvaluationSerializer(data=data)
if serializer.is_valid():
serializer.save()
return JsonResponse(serializer.data, safe=False, status=status.HTTP_201_CREATED)
return JsonResponse(serializer.errors, safe=False, status=status.HTTP_400_BAD_REQUEST)
@method_decorator(csrf_protect, name='dispatch')
@method_decorator(ensure_csrf_cookie, name='dispatch')
class EvaluationDetailView(APIView):
permission_classes = [IsAuthenticated]
def get(self, request, id):
try:
evaluation = Evaluation.objects.get(id=id)
serializer = EvaluationSerializer(evaluation)
return JsonResponse(serializer.data, safe=False)
except Evaluation.DoesNotExist:
return JsonResponse({'error': 'No object found'}, status=status.HTTP_404_NOT_FOUND)
def put(self, request, id):
try:
evaluation = Evaluation.objects.get(id=id)
except Evaluation.DoesNotExist:
return JsonResponse({'error': 'No object found'}, status=status.HTTP_404_NOT_FOUND)
data = JSONParser().parse(request)
serializer = EvaluationSerializer(evaluation, data=data, partial=True)
if serializer.is_valid():
serializer.save()
return JsonResponse(serializer.data, safe=False)
return JsonResponse(serializer.errors, safe=False, status=status.HTTP_400_BAD_REQUEST)
def delete(self, request, id):
try:
evaluation = Evaluation.objects.get(id=id)
evaluation.delete()
return JsonResponse({'message': 'Deleted'}, safe=False)
except Evaluation.DoesNotExist:
return JsonResponse({'error': 'No object found'}, status=status.HTTP_404_NOT_FOUND)
# ===================== STUDENT EVALUATIONS =====================
@method_decorator(csrf_protect, name='dispatch')
@method_decorator(ensure_csrf_cookie, name='dispatch')
class StudentEvaluationListView(APIView):
permission_classes = [IsAuthenticated]
def get(self, request):
student_id = request.GET.get('student_id')
evaluation_id = request.GET.get('evaluation_id')
period = request.GET.get('period')
school_class_id = request.GET.get('school_class_id')
student_evals = StudentEvaluation.objects.all()
if student_id:
student_evals = student_evals.filter(student_id=student_id)
if evaluation_id:
student_evals = student_evals.filter(evaluation_id=evaluation_id)
if period:
student_evals = student_evals.filter(evaluation__period=period)
if school_class_id:
student_evals = student_evals.filter(evaluation__school_class_id=school_class_id)
serializer = StudentEvaluationSerializer(student_evals, many=True)
return JsonResponse(serializer.data, safe=False)
@method_decorator(csrf_protect, name='dispatch')
@method_decorator(ensure_csrf_cookie, name='dispatch')
class StudentEvaluationBulkUpdateView(APIView):
"""
Mise à jour en masse des notes des élèves pour une évaluation.
Attendu dans le body :
[
{ "student_id": 1, "evaluation_id": 1, "score": 15.5, "comment": "", "is_absent": false },
...
]
"""
permission_classes = [IsAuthenticated]
def put(self, request):
data = JSONParser().parse(request)
if not isinstance(data, list):
data = [data]
updated = []
errors = []
for item in data:
student_id = item.get('student_id')
evaluation_id = item.get('evaluation_id')
if not student_id or not evaluation_id:
errors.append({'error': 'student_id et evaluation_id sont requis', 'item': item})
continue
try:
student_eval, created = StudentEvaluation.objects.update_or_create(
student_id=student_id,
evaluation_id=evaluation_id,
defaults={
'score': item.get('score'),
'comment': item.get('comment', ''),
'is_absent': item.get('is_absent', False)
}
)
updated.append(StudentEvaluationSerializer(student_eval).data)
except Exception as e:
errors.append({'error': str(e), 'item': item})
return JsonResponse({'updated': updated, 'errors': errors}, safe=False)
@method_decorator(csrf_protect, name='dispatch')
@method_decorator(ensure_csrf_cookie, name='dispatch')
class StudentEvaluationDetailView(APIView):
permission_classes = [IsAuthenticated]
def get(self, request, id):
try:
student_eval = StudentEvaluation.objects.get(id=id)
serializer = StudentEvaluationSerializer(student_eval)
return JsonResponse(serializer.data, safe=False)
except StudentEvaluation.DoesNotExist:
return JsonResponse({'error': 'No object found'}, status=status.HTTP_404_NOT_FOUND)
def put(self, request, id):
try:
student_eval = StudentEvaluation.objects.get(id=id)
except StudentEvaluation.DoesNotExist:
return JsonResponse({'error': 'No object found'}, status=status.HTTP_404_NOT_FOUND)
data = JSONParser().parse(request)
serializer = StudentEvaluationSerializer(student_eval, data=data, partial=True)
if serializer.is_valid():
serializer.save()
return JsonResponse(serializer.data, safe=False)
return JsonResponse(serializer.errors, safe=False, status=status.HTTP_400_BAD_REQUEST)
def delete(self, request, id):
try:
student_eval = StudentEvaluation.objects.get(id=id)
student_eval.delete()
return JsonResponse({'message': 'Deleted'}, safe=False)
except StudentEvaluation.DoesNotExist:
return JsonResponse({'error': 'No object found'}, status=status.HTTP_404_NOT_FOUND)

2
Back-End/Settings/migrations/0001_initial.py
View File

@ -1,4 +1,4 @@
# Generated by Django 5.1.3 on 2025-05-28 11:14 # Generated by Django 5.1.3 on 2026-04-05 08:05
import django.db.models.deletion import django.db.models.deletion
from django.db import migrations, models from django.db import migrations, models

3
Back-End/Settings/serializers.py
View File

@ -2,6 +2,9 @@ from rest_framework import serializers
from .models import SMTPSettings from .models import SMTPSettings
class SMTPSettingsSerializer(serializers.ModelSerializer): class SMTPSettingsSerializer(serializers.ModelSerializer):
# Le mot de passe SMTP est en écriture seule : il ne revient jamais dans les réponses API
smtp_password = serializers.CharField(write_only=True)
class Meta: class Meta:
model = SMTPSettings model = SMTPSettings
fields = '__all__' fields = '__all__'

116
Back-End/Settings/tests_security.py Normal file
View File

@ -0,0 +1,116 @@
"""
Tests de sécurité — Settings (SMTP)
Vérifie :
- Le mot de passe SMTP est absent des réponses GET (write_only)
- Authentification requise
"""
from django.test import TestCase, override_settings
from django.urls import reverse
from rest_framework import status
from rest_framework.test import APIClient
from rest_framework_simplejwt.tokens import RefreshToken
from Auth.models import Profile, ProfileRole
from Establishment.models import Establishment
from Settings.models import SMTPSettings
# ---------------------------------------------------------------------------
# Helpers
# ---------------------------------------------------------------------------
def create_user_with_role(email):
user = Profile.objects.create_user(
username=email, email=email, password="TestPass!123"
)
est = Establishment.objects.create(
name=f"Ecole {email}", address="1 rue Test",
total_capacity=50, establishment_type=[1]
)
ProfileRole.objects.create(
profile=user, role_type=ProfileRole.RoleType.PROFIL_ADMIN,
establishment=est, is_active=True
)
return user, est
OVERRIDE = dict(
CACHES={'default': {'BACKEND': 'django.core.cache.backends.locmem.LocMemCache'}},
SESSION_ENGINE='django.contrib.sessions.backends.db',
)
# ---------------------------------------------------------------------------
# Tests
# ---------------------------------------------------------------------------
@override_settings(**OVERRIDE)
class SMTPSettingsAuthTest(TestCase):
"""Authentification requise sur l'endpoint SMTP."""
def setUp(self):
self.client = APIClient()
self.url = reverse('Settings:smtp_settings')
def test_sans_auth_retourne_401(self):
response = self.client.get(self.url)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@override_settings(**OVERRIDE)
class SMTPPasswordNotExposedTest(TestCase):
"""
Le mot de passe SMTP ne doit jamais apparaître dans les réponses GET.
Avant la correction, smtp_password était retourné en clair à tout
utilisateur authentifié (incluant les parents).
"""
def setUp(self):
self.client = APIClient()
self.url = reverse('Settings:smtp_settings')
self.user, self.est = create_user_with_role('smtp_test@test.com')
SMTPSettings.objects.create(
establishment=self.est,
smtp_server='smtp.example.com',
smtp_port=587,
smtp_user='user@example.com',
smtp_password='super_secret_password_123',
use_tls=True,
)
def test_smtp_password_absent_de_la_reponse(self):
"""
GET /settings/smtp/ ne doit pas retourner smtp_password.
"""
token = str(RefreshToken.for_user(self.user).access_token)
self.client.credentials(HTTP_AUTHORIZATION=f'Bearer {token}')
response = self.client.get(self.url, {'establishment_id': self.est.id})
self.assertEqual(response.status_code, status.HTTP_200_OK)
data = response.json()
# Le mot de passe ne doit pas être dans la réponse (write_only)
self.assertNotIn(
'smtp_password', data,
"smtp_password ne doit pas être exposé dans les réponses API (OWASP A02 - Cryptographic Failures)"
)
# Vérification supplémentaire : la valeur secrète n'est pas dans la réponse brute
self.assertNotIn('super_secret_password_123', response.content.decode())
def test_smtp_password_accepte_en_ecriture(self):
"""
POST /settings/smtp/ doit accepter smtp_password (write_only ne bloque pas l'écriture).
"""
token = str(RefreshToken.for_user(self.user).access_token)
self.client.credentials(HTTP_AUTHORIZATION=f'Bearer {token}')
payload = {
'establishment': self.est.id,
'smtp_server': 'smtp.newserver.com',
'smtp_port': 465,
'smtp_user': 'new@example.com',
'smtp_password': 'nouveau_mot_de_passe',
'use_tls': False,
'use_ssl': True,
}
from rest_framework.test import APIRequestFactory
response = self.client.post(self.url, data=payload, format='json')
self.assertIn(response.status_code, [status.HTTP_200_OK, status.HTTP_201_CREATED])

2
Back-End/Settings/views.py
View File

@ -5,8 +5,10 @@ from .serializers import SMTPSettingsSerializer
from rest_framework.views import APIView from rest_framework.views import APIView
from rest_framework.response import Response from rest_framework.response import Response
from rest_framework import status from rest_framework import status
from rest_framework.permissions import IsAuthenticated
class SMTPSettingsView(APIView): class SMTPSettingsView(APIView):
permission_classes = [IsAuthenticated]
""" """
API pour gérer les paramètres SMTP. API pour gérer les paramètres SMTP.
""" """

18
Back-End/Subscriptions/Configuration/inscriptions.json
View File

@ -1,18 +0,0 @@
{
"activationMailRelance": "Oui",
"delaiRelance": "30",
"ambiances": [
"2-3 ans",
"3-6 ans",
"6-12 ans"
],
"genres": [
"Fille",
"Garçon"
],
"modesPaiement": [
"Chèque",
"Virement",
"Prélèvement SEPA"
]
}

0
Back-End/Subscriptions/management/__init__.py Normal file
View File

0
Back-End/Subscriptions/management/commands/__init__.py Normal file
View File

43
Back-End/Subscriptions/management/commands/test_email.py Normal file
View File

@ -0,0 +1,43 @@
"""
Management command pour tester la configuration email Django
"""
from django.core.management.base import BaseCommand
from django.core.mail import send_mail
from django.conf import settings
from N3wtSchool.mailManager import getConnection, sendMail
import logging
logger = logging.getLogger(__name__)
class Command(BaseCommand):
help = 'Test de la configuration email'
def add_arguments(self, parser):
parser.add_argument('--establishment-id', type=int, help='ID de l\'établissement pour test')
parser.add_argument('--email', type=str, default='test@example.com', help='Email de destination')
def handle(self, *args, **options):
self.stdout.write("=== Test de configuration email ===")
# Affichage de la configuration
self.stdout.write(f"EMAIL_HOST: {settings.EMAIL_HOST}")
self.stdout.write(f"EMAIL_PORT: {settings.EMAIL_PORT}")
self.stdout.write(f"EMAIL_HOST_USER: {settings.EMAIL_HOST_USER}")
self.stdout.write(f"EMAIL_HOST_PASSWORD: {settings.EMAIL_HOST_PASSWORD}")
self.stdout.write(f"EMAIL_USE_TLS: {settings.EMAIL_USE_TLS}")
self.stdout.write(f"EMAIL_USE_SSL: {settings.EMAIL_USE_SSL}")
self.stdout.write(f"EMAIL_BACKEND: {settings.EMAIL_BACKEND}")
# Test 1: Configuration par défaut Django
self.stdout.write("\n--- Test : Configuration EMAIL par défaut ---")
try:
result = send_mail(
'Test Django Email',
'Ceci est un test de la configuration email par défaut.',
settings.EMAIL_HOST_USER,
[options['email']],
fail_silently=False,
)
self.stdout.write(self.style.SUCCESS(f"✅ Email envoyé avec succès (résultat: {result})"))
except Exception as e:
self.stdout.write(self.style.ERROR(f"❌ Erreur: {e}"))

41
Back-End/Subscriptions/migrations/0001_initial.py
View File

@ -1,4 +1,4 @@
# Generated by Django 5.1.3 on 2025-05-28 11:14 # Generated by Django 5.1.3 on 2026-04-05 08:05
import Subscriptions.models import Subscriptions.models
import django.db.models.deletion import django.db.models.deletion
@ -40,16 +40,20 @@ class Migration(migrations.Migration):
('birth_place', models.CharField(blank=True, default='', max_length=200)), ('birth_place', models.CharField(blank=True, default='', max_length=200)),
('birth_postal_code', models.IntegerField(blank=True, default=0)), ('birth_postal_code', models.IntegerField(blank=True, default=0)),
('attending_physician', models.CharField(blank=True, default='', max_length=200)), ('attending_physician', models.CharField(blank=True, default='', max_length=200)),
('created_at', models.DateTimeField(auto_now_add=True, null=True)),
('updated_at', models.DateTimeField(auto_now=True, null=True)),
('associated_class', models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='students', to='School.schoolclass')), ('associated_class', models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='students', to='School.schoolclass')),
], ],
), ),
migrations.CreateModel( migrations.CreateModel(
name='RegistrationSchoolFileTemplate', name='RegistrationSchoolFileTemplate',
fields=[ fields=[
('id', models.IntegerField(primary_key=True, serialize=False)), ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
('slug', models.CharField(default='', max_length=255)), ('slug', models.CharField(default='', max_length=255)),
('name', models.CharField(default='', max_length=255)), ('name', models.CharField(default='', max_length=255)),
('file', models.FileField(blank=True, null=True, upload_to=Subscriptions.models.registration_school_file_upload_to)), ('file', models.FileField(blank=True, null=True, upload_to=Subscriptions.models.registration_school_file_upload_to)),
('formTemplateData', models.JSONField(blank=True, default=list, null=True)),
('isValidated', models.BooleanField(blank=True, default=None, null=True)),
], ],
), ),
migrations.CreateModel( migrations.CreateModel(
@ -88,13 +92,14 @@ class Migration(migrations.Migration):
fields=[ fields=[
('student', models.OneToOneField(on_delete=django.db.models.deletion.CASCADE, primary_key=True, serialize=False, to='Subscriptions.student')), ('student', models.OneToOneField(on_delete=django.db.models.deletion.CASCADE, primary_key=True, serialize=False, to='Subscriptions.student')),
('status', models.IntegerField(choices=[(0, "Pas de dossier d'inscription"), (1, "Dossier d'inscription initialisé"), (2, "Dossier d'inscription envoyé"), (3, "Dossier d'inscription en cours de validation"), (4, "Dossier d'inscription à relancer"), (5, "Dossier d'inscription validé"), (6, "Dossier d'inscription archivé"), (7, 'Mandat SEPA envoyé'), (8, 'Mandat SEPA à envoyer')], default=0)), ('status', models.IntegerField(choices=[(0, "Pas de dossier d'inscription"), (1, "Dossier d'inscription initialisé"), (2, "Dossier d'inscription envoyé"), (3, "Dossier d'inscription en cours de validation"), (4, "Dossier d'inscription à relancer"), (5, "Dossier d'inscription validé"), (6, "Dossier d'inscription archivé"), (7, 'Mandat SEPA envoyé'), (8, 'Mandat SEPA à envoyer')], default=0)),
('created_at', models.DateTimeField(auto_now_add=True, null=True)),
('last_update', models.DateTimeField(auto_now=True)), ('last_update', models.DateTimeField(auto_now=True)),
('school_year', models.CharField(blank=True, default='', max_length=9)), ('school_year', models.CharField(blank=True, default='', max_length=9)),
('notes', models.CharField(blank=True, max_length=200)), ('notes', models.CharField(blank=True, max_length=200)),
('registration_link_code', models.CharField(blank=True, default='', max_length=200)), ('registration_link_code', models.CharField(blank=True, default='', max_length=200)),
('registration_file', models.FileField(blank=True, null=True, upload_to=Subscriptions.models.registration_file_path)), ('registration_file', models.FileField(blank=True, null=True, upload_to=Subscriptions.models.registration_form_file_upload_to)),
('sepa_file', models.FileField(blank=True, null=True, upload_to=Subscriptions.models.registration_file_path)), ('sepa_file', models.FileField(blank=True, null=True, upload_to=Subscriptions.models.registration_form_file_upload_to)),
('fusion_file', models.FileField(blank=True, null=True, upload_to=Subscriptions.models.registration_file_path)), ('fusion_file', models.FileField(blank=True, null=True, upload_to=Subscriptions.models.registration_form_file_upload_to)),
('associated_rf', models.CharField(blank=True, default='', max_length=200)), ('associated_rf', models.CharField(blank=True, default='', max_length=200)),
('discounts', models.ManyToManyField(blank=True, related_name='register_forms', to='School.discount')), ('discounts', models.ManyToManyField(blank=True, related_name='register_forms', to='School.discount')),
('establishment', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='register_forms', to='Establishment.establishment')), ('establishment', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='register_forms', to='Establishment.establishment')),
@ -153,7 +158,7 @@ class Migration(migrations.Migration):
fields=[ fields=[
('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
('name', models.CharField(default='', max_length=255)), ('name', models.CharField(default='', max_length=255)),
('description', models.CharField(blank=True, null=True)), ('description', models.CharField(blank=True, max_length=500, null=True)),
('is_required', models.BooleanField(default=False)), ('is_required', models.BooleanField(default=False)),
('groups', models.ManyToManyField(blank=True, related_name='parent_file_masters', to='Subscriptions.registrationfilegroup')), ('groups', models.ManyToManyField(blank=True, related_name='parent_file_masters', to='Subscriptions.registrationfilegroup')),
], ],
@ -161,9 +166,12 @@ class Migration(migrations.Migration):
migrations.CreateModel( migrations.CreateModel(
name='RegistrationSchoolFileMaster', name='RegistrationSchoolFileMaster',
fields=[ fields=[
('id', models.IntegerField(primary_key=True, serialize=False)), ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
('name', models.CharField(default='', max_length=255)), ('name', models.CharField(default='', max_length=255)),
('is_required', models.BooleanField(default=False)), ('is_required', models.BooleanField(default=False)),
('formMasterData', models.JSONField(blank=True, default=list, null=True)),
('file', models.FileField(blank=True, help_text='Fichier du formulaire existant (PDF, DOC, etc.)', null=True, upload_to=Subscriptions.models.registration_school_file_master_upload_to)),
('establishment', models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, related_name='school_file_masters', to='Establishment.establishment')),
('groups', models.ManyToManyField(blank=True, related_name='school_file_masters', to='Subscriptions.registrationfilegroup')), ('groups', models.ManyToManyField(blank=True, related_name='school_file_masters', to='Subscriptions.registrationfilegroup')),
], ],
), ),
@ -192,6 +200,7 @@ class Migration(migrations.Migration):
fields=[ fields=[
('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
('file', models.FileField(blank=True, null=True, upload_to=Subscriptions.models.registration_parent_file_upload_to)), ('file', models.FileField(blank=True, null=True, upload_to=Subscriptions.models.registration_parent_file_upload_to)),
('isValidated', models.BooleanField(blank=True, default=None, null=True)),
('master', models.ForeignKey(blank=True, on_delete=django.db.models.deletion.CASCADE, related_name='parent_file_templates', to='Subscriptions.registrationparentfilemaster')), ('master', models.ForeignKey(blank=True, on_delete=django.db.models.deletion.CASCADE, related_name='parent_file_templates', to='Subscriptions.registrationparentfilemaster')),
('registration_form', models.ForeignKey(blank=True, on_delete=django.db.models.deletion.CASCADE, related_name='parent_file_templates', to='Subscriptions.registrationform')), ('registration_form', models.ForeignKey(blank=True, on_delete=django.db.models.deletion.CASCADE, related_name='parent_file_templates', to='Subscriptions.registrationform')),
], ],
@ -203,6 +212,8 @@ class Migration(migrations.Migration):
('score', models.IntegerField(blank=True, null=True)), ('score', models.IntegerField(blank=True, null=True)),
('comment', models.TextField(blank=True, null=True)), ('comment', models.TextField(blank=True, null=True)),
('period', models.CharField(blank=True, default='', help_text="Période d'évaluation ex: T1-2024_2025, S1-2024_2025, A-2024_2025", max_length=20)), ('period', models.CharField(blank=True, default='', help_text="Période d'évaluation ex: T1-2024_2025, S1-2024_2025, A-2024_2025", max_length=20)),
('created_at', models.DateTimeField(auto_now_add=True, null=True)),
('updated_at', models.DateTimeField(auto_now=True, null=True)),
('establishment_competency', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='student_scores', to='School.establishmentcompetency')), ('establishment_competency', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='student_scores', to='School.establishmentcompetency')),
('student', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='competency_scores', to='Subscriptions.student')), ('student', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='competency_scores', to='Subscriptions.student')),
], ],
@ -210,4 +221,20 @@ class Migration(migrations.Migration):
'unique_together': {('student', 'establishment_competency', 'period')}, 'unique_together': {('student', 'establishment_competency', 'period')},
}, },
), ),
migrations.CreateModel(
name='StudentEvaluation',
fields=[
('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
('score', models.DecimalField(blank=True, decimal_places=2, max_digits=5, null=True)),
('comment', models.TextField(blank=True)),
('is_absent', models.BooleanField(default=False)),
('created_at', models.DateTimeField(auto_now_add=True)),
('updated_at', models.DateTimeField(auto_now=True)),
('evaluation', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='student_scores', to='School.evaluation')),
('student', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='evaluation_scores', to='Subscriptions.student')),
],
options={
'unique_together': {('student', 'evaluation')},
},
),
] ]

18
Back-End/Subscriptions/migrations/0002_alter_registrationparentfilemaster_description.py
View File

@ -1,18 +0,0 @@
# Generated by Django 5.1.3 on 2025-05-30 07:39
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('Subscriptions', '0001_initial'),
]
operations = [
migrations.AlterField(
model_name='registrationparentfilemaster',
name='description',
field=models.CharField(blank=True, max_length=500, null=True),
),
]

343
Back-End/Subscriptions/models.py
View File

@ -2,11 +2,9 @@ from django.db import models
from django.utils.timezone import now from django.utils.timezone import now
from django.conf import settings from django.conf import settings
from django.utils.translation import gettext_lazy as _ from django.utils.translation import gettext_lazy as _
from datetime import datetime from datetime import datetime
import os
import logging import logging
import os
logger = logging.getLogger("SubscriptionModels") logger = logging.getLogger("SubscriptionModels")
@ -56,17 +54,38 @@ class Sibling(models.Model):
return "SIBLING" return "SIBLING"
def registration_photo_upload_to(instance, filename): def registration_photo_upload_to(instance, filename):
return f"registration_files/dossier_rf_{instance.pk}/parent/{filename}" """
Génère le chemin de stockage pour la photo élève.
Structure : Etablissement/dossier_NomEleve_PrenomEleve/filename
"""
register_form = getattr(instance, 'registrationform', None)
if register_form and register_form.establishment:
est_name = register_form.establishment.name
elif instance.associated_class and instance.associated_class.establishment:
est_name = instance.associated_class.establishment.name
else:
est_name = "unknown_establishment"
student_last = instance.last_name if instance and instance.last_name else "unknown"
student_first = instance.first_name if instance and instance.first_name else "unknown"
return f"{est_name}/dossier_{student_last}_{student_first}/{filename}"
def registration_bilan_form_upload_to(instance, filename): def registration_bilan_form_upload_to(instance, filename):
# On récupère le RegistrationForm lié à l'élève """
Génère le chemin de stockage pour les bilans de compétences.
Structure : Etablissement/dossier_NomEleve_PrenomEleve/filename
"""
register_form = getattr(instance.student, 'registrationform', None) register_form = getattr(instance.student, 'registrationform', None)
if register_form: if register_form and register_form.establishment:
pk = register_form.pk est_name = register_form.establishment.name
elif instance.student.associated_class and instance.student.associated_class.establishment:
est_name = instance.student.associated_class.establishment.name
else: else:
# fallback sur l'id de l'élève si pas de registrationform est_name = "unknown_establishment"
pk = instance.student.pk
return f"registration_files/dossier_rf_{pk}/bilan/{filename}" student_last = instance.student.last_name if instance.student else "unknown"
student_first = instance.student.first_name if instance.student else "unknown"
return f"{est_name}/dossier_{student_last}_{student_first}/{filename}"
class BilanCompetence(models.Model): class BilanCompetence(models.Model):
student = models.ForeignKey('Subscriptions.Student', on_delete=models.CASCADE, related_name='bilans') student = models.ForeignKey('Subscriptions.Student', on_delete=models.CASCADE, related_name='bilans')
@ -132,6 +151,10 @@ class Student(models.Model):
# One-to-Many Relationship # One-to-Many Relationship
associated_class = models.ForeignKey('School.SchoolClass', on_delete=models.SET_NULL, null=True, blank=True, related_name='students') associated_class = models.ForeignKey('School.SchoolClass', on_delete=models.SET_NULL, null=True, blank=True, related_name='students')
# Audit fields
created_at = models.DateTimeField(auto_now_add=True, null=True)
updated_at = models.DateTimeField(auto_now=True, null=True)
def __str__(self): def __str__(self):
return self.last_name + "_" + self.first_name return self.last_name + "_" + self.first_name
@ -216,9 +239,28 @@ class RegistrationFileGroup(models.Model):
def __str__(self): def __str__(self):
return f'{self.group.name} - {self.id}' return f'{self.group.name} - {self.id}'
def registration_file_path(instance, filename): def registration_form_file_upload_to(instance, filename):
# Génère le chemin : registration_files/dossier_rf_{student_id}/filename """
return f'registration_files/dossier_rf_{instance.student_id}/{filename}' Génère le chemin de stockage pour les fichiers du dossier d'inscription.
Structure : Etablissement/dossier_NomEleve_PrenomEleve/filename
"""
est_name = instance.establishment.name if instance.establishment else "unknown_establishment"
student_last = instance.student.last_name if instance.student else "unknown"
student_first = instance.student.first_name if instance.student else "unknown"
return f"{est_name}/dossier_{student_last}_{student_first}/{filename}"
def _delete_file_if_exists(file_field):
"""
Supprime le fichier physique s'il existe.
Utile pour éviter les suffixes automatiques Django lors du remplacement.
"""
if file_field and file_field.name:
try:
if hasattr(file_field, 'path') and os.path.exists(file_field.path):
os.remove(file_field.path)
logger.debug(f"Fichier supprimé: {file_field.path}")
except Exception as e:
logger.error(f"Erreur lors de la suppression du fichier {file_field.name}: {e}")
class RegistrationForm(models.Model): class RegistrationForm(models.Model):
class RegistrationFormStatus(models.IntegerChoices): class RegistrationFormStatus(models.IntegerChoices):
@ -235,22 +277,23 @@ class RegistrationForm(models.Model):
# One-to-One Relationship # One-to-One Relationship
student = models.OneToOneField(Student, on_delete=models.CASCADE, primary_key=True) student = models.OneToOneField(Student, on_delete=models.CASCADE, primary_key=True)
status = models.IntegerField(choices=RegistrationFormStatus, default=RegistrationFormStatus.RF_IDLE) status = models.IntegerField(choices=RegistrationFormStatus, default=RegistrationFormStatus.RF_IDLE)
created_at = models.DateTimeField(auto_now_add=True, null=True)
last_update = models.DateTimeField(auto_now=True) last_update = models.DateTimeField(auto_now=True)
school_year = models.CharField(max_length=9, default="", blank=True) school_year = models.CharField(max_length=9, default="", blank=True)
notes = models.CharField(max_length=200, blank=True) notes = models.CharField(max_length=200, blank=True)
registration_link_code = models.CharField(max_length=200, default="", blank=True) registration_link_code = models.CharField(max_length=200, default="", blank=True)
registration_file = models.FileField( registration_file = models.FileField(
upload_to=registration_file_path, upload_to=registration_form_file_upload_to,
null=True, null=True,
blank=True blank=True
) )
sepa_file = models.FileField( sepa_file = models.FileField(
upload_to=registration_file_path, upload_to=registration_form_file_upload_to,
null=True, null=True,
blank=True blank=True
) )
fusion_file = models.FileField( fusion_file = models.FileField(
upload_to=registration_file_path, upload_to=registration_form_file_upload_to,
null=True, null=True,
blank=True blank=True
) )
@ -277,32 +320,208 @@ class RegistrationForm(models.Model):
return "RF_" + self.student.last_name + "_" + self.student.first_name return "RF_" + self.student.last_name + "_" + self.student.first_name
def save(self, *args, **kwargs): def save(self, *args, **kwargs):
# Vérifier si un fichier existant doit être remplacé # Préparer le flag de création / changement de fileGroup
was_new = self.pk is None
old_fileGroup = None
if not was_new:
try:
old_instance = RegistrationForm.objects.get(pk=self.pk)
old_fileGroup = old_instance.fileGroup
except RegistrationForm.DoesNotExist:
old_fileGroup = None
# Supprimer les anciens fichiers si remplacés (évite les suffixes Django)
if self.pk: # Si l'objet existe déjà dans la base de données if self.pk: # Si l'objet existe déjà dans la base de données
try: try:
old_instance = RegistrationForm.objects.get(pk=self.pk) old_instance = RegistrationForm.objects.get(pk=self.pk)
# Gestion du sepa_file
if old_instance.sepa_file and old_instance.sepa_file != self.sepa_file: if old_instance.sepa_file and old_instance.sepa_file != self.sepa_file:
# Supprimer l'ancien fichier _delete_file_if_exists(old_instance.sepa_file)
old_instance.sepa_file.delete(save=False)
# Gestion du registration_file
if old_instance.registration_file and old_instance.registration_file != self.registration_file:
_delete_file_if_exists(old_instance.registration_file)
# Gestion du fusion_file
if old_instance.fusion_file and old_instance.fusion_file != self.fusion_file:
_delete_file_if_exists(old_instance.fusion_file)
except RegistrationForm.DoesNotExist: except RegistrationForm.DoesNotExist:
pass # L'objet n'existe pas encore, rien à supprimer pass # L'objet n'existe pas encore, rien à supprimer
# Appeler la méthode save originale # Appeler la méthode save originale
super().save(*args, **kwargs) super().save(*args, **kwargs)
# Après save : si nouveau ou changement de fileGroup -> créer les templates
fileGroup_changed = (self.fileGroup is not None) and (old_fileGroup is None or (old_fileGroup and old_fileGroup.id != self.fileGroup.id))
if was_new or fileGroup_changed:
try:
import Subscriptions.util as util
created = util.create_templates_for_registration_form(self)
if created:
logger.info("Created %d templates for RegistrationForm %s", len(created), self.pk)
except Exception as e:
logger.exception("Error creating templates for RegistrationForm %s: %s", self.pk, e)
############################################################# #############################################################
####################### MASTER FILES ######################## ####################### MASTER FILES ########################
############################################################# #############################################################
####### DocuSeal masters (documents école, à signer ou pas) ####### ####### Formulaires masters (documents école, à signer ou pas) #######
def registration_school_file_master_upload_to(instance, filename):
# Stocke les fichiers masters dans un dossier dédié
# Utilise l'ID si le nom n'est pas encore disponible
est_name = None
if instance.establishment and instance.establishment.name:
est_name = instance.establishment.name
else:
# fallback si pas d'établissement (devrait être rare)
est_name = "unknown_establishment"
return f"{est_name}/Formulaires/{filename}"
class RegistrationSchoolFileMaster(models.Model): class RegistrationSchoolFileMaster(models.Model):
groups = models.ManyToManyField(RegistrationFileGroup, related_name='school_file_masters', blank=True) groups = models.ManyToManyField(RegistrationFileGroup, related_name='school_file_masters', blank=True)
id = models.IntegerField(primary_key=True)
name = models.CharField(max_length=255, default="") name = models.CharField(max_length=255, default="")
is_required = models.BooleanField(default=False) is_required = models.BooleanField(default=False)
formMasterData = models.JSONField(default=list, blank=True, null=True)
file = models.FileField(
upload_to=registration_school_file_master_upload_to,
null=True,
blank=True,
help_text="Fichier du formulaire existant (PDF, DOC, etc.)"
)
establishment = models.ForeignKey('Establishment.Establishment', on_delete=models.CASCADE, related_name='school_file_masters', null=True, blank=True)
def __str__(self): def __str__(self):
return f'{self.group.name} - {self.id}' return f'{self.name} - {self.id}'
@property
def file_url(self):
if self.file and hasattr(self.file, 'url'):
return self.file.url
return None
def save(self, *args, **kwargs):
affected_rf_ids = set()
is_new = self.pk is None
# Log création ou modification du master
if is_new:
logger.info(f"[FormPerso] Création master '{self.name}' pour établissement '{self.establishment}'")
else:
logger.info(f"[FormPerso] Modification master '{self.name}' (id={self.pk}) pour établissement '{self.establishment}'")
# --- Suppression de l'ancien fichier master si le nom change (form existant ou dynamique) ---
if self.pk:
try:
old = RegistrationSchoolFileMaster.objects.get(pk=self.pk)
if old.file and old.file.name:
old_filename = os.path.basename(old.file.name)
# Nouveau nom selon le type (dynamique ou existant)
if (
self.formMasterData
and isinstance(self.formMasterData, dict)
and self.formMasterData.get("fields")
):
# Si un fichier source est déjà présent, conserver son extension.
extension = os.path.splitext(old_filename)[1] or '.pdf'
new_filename = f"{self.name}{extension}"
else:
# Pour les forms existants, le nom attendu est self.name + extension du fichier existant
extension = os.path.splitext(old_filename)[1]
new_filename = f"{self.name}{extension}" if extension else self.name
if new_filename and old_filename != new_filename:
old_file_path = old.file.path
if os.path.exists(old_file_path):
try:
os.remove(old_file_path)
logger.info(f"[FormPerso] Suppression de l'ancien fichier master: {old_file_path}")
except Exception as e:
logger.error(f"[FormPerso] Erreur suppression ancien fichier master: {e}")
# Correction du nom du fichier pour éviter le suffixe random
if (
not self.formMasterData
or not (isinstance(self.formMasterData, dict) and self.formMasterData.get("fields"))
):
# Si le fichier existe et le nom ne correspond pas, renommer le fichier physique et mettre à jour le FileField
if self.file and self.file.name:
current_filename = os.path.basename(self.file.name)
current_path = self.file.path
expected_filename = new_filename
expected_path = os.path.join(os.path.dirname(current_path), expected_filename)
if current_filename != expected_filename:
try:
if os.path.exists(current_path):
os.rename(current_path, expected_path)
self.file.name = os.path.join(os.path.dirname(self.file.name), expected_filename).replace("\\", "/")
logger.info(f"[FormPerso] Renommage du fichier master: {current_path} -> {expected_path}")
except Exception as e:
logger.error(f"[FormPerso] Erreur lors du renommage du fichier master: {e}")
except RegistrationSchoolFileMaster.DoesNotExist:
pass
# IMPORTANT: pour les formulaires dynamiques, le fichier du master doit
# rester le document source uploadé (PDF/image). La génération du PDF final
# est faite au niveau des templates (par élève), pas sur le master.
super().save(*args, **kwargs)
# Synchronisation des templates pour tous les dossiers d'inscription concernés (création ou modification)
try:
# Import local pour éviter le circular import
from Subscriptions.util import create_templates_for_registration_form
from Subscriptions.models import RegistrationForm, RegistrationSchoolFileTemplate
# Détermination des RF concernés
if is_new:
new_groups = set(self.groups.values_list('id', flat=True))
affected_rf_ids.update(
RegistrationForm.objects.filter(fileGroup__in=list(new_groups)).values_list('pk', flat=True)
)
else:
try:
old = RegistrationSchoolFileMaster.objects.get(pk=self.pk)
old_groups = set(old.groups.values_list('id', flat=True))
new_groups = set(self.groups.values_list('id', flat=True))
affected_rf_ids.update(
RegistrationForm.objects.filter(fileGroup__in=list(old_groups | new_groups)).values_list('pk', flat=True)
)
form_data_changed = (
old.formMasterData != self.formMasterData
and self.formMasterData
and isinstance(self.formMasterData, dict)
and self.formMasterData.get("fields")
)
name_changed = old.name != self.name
if form_data_changed or name_changed:
logger.info(f"[FormPerso] Modification du contenu du master '{self.name}' (id={self.pk})")
except RegistrationSchoolFileMaster.DoesNotExist:
pass
# Pour chaque RF concerné, régénérer les templates
for rf_id in affected_rf_ids:
try:
rf = RegistrationForm.objects.get(pk=rf_id)
logger.info(f"[FormPerso] Synchronisation template pour élève '{rf.student.last_name}_{rf.student.first_name}' (RF id={rf.pk}) suite à modification/ajout du master '{self.name}'")
create_templates_for_registration_form(rf)
except Exception as e:
logger.error(f"Erreur lors de la synchronisation des templates pour RF {rf_id} après modification du master {self.pk}: {e}")
except Exception as e:
logger.error(f"Erreur globale lors de la synchronisation des templates après modification du master {self.pk}: {e}")
def delete(self, *args, **kwargs):
logger.info(f"[FormPerso] Suppression master '{self.name}' (id={self.pk}) et tous ses templates")
# Import local pour éviter le circular import
from Subscriptions.models import RegistrationSchoolFileTemplate
templates = RegistrationSchoolFileTemplate.objects.filter(master=self)
for tmpl in templates:
logger.info(f"[FormPerso] Suppression template '{tmpl.name}' pour élève '{tmpl.registration_form.student.last_name}_{tmpl.registration_form.student.first_name}' (RF id={tmpl.registration_form.pk})")
if self.file and hasattr(self.file, 'path') and os.path.exists(self.file.path):
try:
self.file.delete(save=False)
except Exception as e:
logger.error(f"Erreur lors de la suppression du fichier master: {e}")
super().delete(*args, **kwargs)
####### Parent files masters (documents à fournir par les parents) ####### ####### Parent files masters (documents à fournir par les parents) #######
class RegistrationParentFileMaster(models.Model): class RegistrationParentFileMaster(models.Model):
@ -316,32 +535,58 @@ class RegistrationParentFileMaster(models.Model):
############################################################ ############################################################
def registration_school_file_upload_to(instance, filename): def registration_school_file_upload_to(instance, filename):
return f"registration_files/dossier_rf_{instance.registration_form.pk}/school/{filename}" """
Génère le chemin pour les fichiers templates école.
Structure : Etablissement/dossier_NomEleve_PrenomEleve/filename
"""
return f"{instance.registration_form.establishment.name}/dossier_{instance.registration_form.student.last_name}_{instance.registration_form.student.first_name}/{filename}"
def registration_parent_file_upload_to(instance, filename): def registration_parent_file_upload_to(instance, filename):
return f"registration_files/dossier_rf_{instance.registration_form.pk}/parent/{filename}" """
Génère le chemin pour les fichiers à fournir par les parents.
Structure : Etablissement/dossier_NomEleve_PrenomEleve/parent/filename
"""
return f"{instance.registration_form.establishment.name}/dossier_{instance.registration_form.student.last_name}_{instance.registration_form.student.first_name}/parent/{filename}"
####### DocuSeal templates (par dossier d'inscription) ####### ####### Formulaires templates (par dossier d'inscription) #######
class RegistrationSchoolFileTemplate(models.Model): class RegistrationSchoolFileTemplate(models.Model):
master = models.ForeignKey(RegistrationSchoolFileMaster, on_delete=models.CASCADE, related_name='school_file_templates', blank=True) master = models.ForeignKey(RegistrationSchoolFileMaster, on_delete=models.CASCADE, related_name='school_file_templates', blank=True)
id = models.IntegerField(primary_key=True)
slug = models.CharField(max_length=255, default="") slug = models.CharField(max_length=255, default="")
name = models.CharField(max_length=255, default="") name = models.CharField(max_length=255, default="")
registration_form = models.ForeignKey(RegistrationForm, on_delete=models.CASCADE, related_name='school_file_templates', blank=True) registration_form = models.ForeignKey(RegistrationForm, on_delete=models.CASCADE, related_name='school_file_templates', blank=True)
file = models.FileField(null=True,blank=True, upload_to=registration_school_file_upload_to) file = models.FileField(null=True,blank=True, upload_to=registration_school_file_upload_to)
formTemplateData = models.JSONField(default=list, blank=True, null=True)
# Tri-etat: None=en attente, True=valide, False=refuse
isValidated = models.BooleanField(null=True, blank=True, default=None)
def __str__(self): def __str__(self):
return self.name return self.name
def save(self, *args, **kwargs):
# Supprimer l'ancien fichier si remplacé (évite les suffixes Django)
if self.pk:
try:
old_instance = RegistrationSchoolFileTemplate.objects.get(pk=self.pk)
if old_instance.file and old_instance.file != self.file:
_delete_file_if_exists(old_instance.file)
except RegistrationSchoolFileTemplate.DoesNotExist:
pass
super().save(*args, **kwargs)
@staticmethod @staticmethod
def get_files_from_rf(register_form_id): def get_files_from_rf(register_form_id):
""" """
Récupère tous les fichiers liés à un dossier dinscription donné. Récupère tous les fichiers liés à un dossier dinscription donné.
Ignore les fichiers qui n'existent pas physiquement.
""" """
registration_files = RegistrationSchoolFileTemplate.objects.filter(registration_form=register_form_id) registration_files = RegistrationSchoolFileTemplate.objects.filter(registration_form=register_form_id)
filenames = [] filenames = []
for reg_file in registration_files: for reg_file in registration_files:
filenames.append(reg_file.file.path) if reg_file.file and hasattr(reg_file.file, 'path'):
if os.path.exists(reg_file.file.path):
filenames.append(reg_file.file.path)
else:
logger.warning(f"Fichier introuvable ignoré: {reg_file.file.path}")
return filenames return filenames
class StudentCompetency(models.Model): class StudentCompetency(models.Model):
@ -355,6 +600,8 @@ class StudentCompetency(models.Model):
default="", default="",
blank=True blank=True
) )
created_at = models.DateTimeField(auto_now_add=True, null=True)
updated_at = models.DateTimeField(auto_now=True, null=True)
class Meta: class Meta:
unique_together = ('student', 'establishment_competency', 'period') unique_together = ('student', 'establishment_competency', 'period')
@ -366,27 +613,51 @@ class StudentCompetency(models.Model):
def __str__(self): def __str__(self):
return f"{self.student} - {self.establishment_competency} - Score: {self.score} - Period: {self.period}" return f"{self.student} - {self.establishment_competency} - Score: {self.score} - Period: {self.period}"
class StudentEvaluation(models.Model):
"""
Note d'un élève pour une évaluation.
Déplacé depuis School pour éviter les dépendances circulaires.
"""
student = models.ForeignKey('Subscriptions.Student', on_delete=models.CASCADE, related_name='evaluation_scores')
evaluation = models.ForeignKey('School.Evaluation', on_delete=models.CASCADE, related_name='student_scores')
score = models.DecimalField(max_digits=5, decimal_places=2, null=True, blank=True)
comment = models.TextField(blank=True)
is_absent = models.BooleanField(default=False)
created_at = models.DateTimeField(auto_now_add=True)
updated_at = models.DateTimeField(auto_now=True)
class Meta:
unique_together = ('student', 'evaluation')
def __str__(self):
score_display = 'Absent' if self.is_absent else self.score
return f"{self.student} - {self.evaluation.name}: {score_display}"
####### Parent files templates (par dossier d'inscription) ####### ####### Parent files templates (par dossier d'inscription) #######
class RegistrationParentFileTemplate(models.Model): class RegistrationParentFileTemplate(models.Model):
master = models.ForeignKey(RegistrationParentFileMaster, on_delete=models.CASCADE, related_name='parent_file_templates', blank=True) master = models.ForeignKey(RegistrationParentFileMaster, on_delete=models.CASCADE, related_name='parent_file_templates', blank=True)
registration_form = models.ForeignKey(RegistrationForm, on_delete=models.CASCADE, related_name='parent_file_templates', blank=True) registration_form = models.ForeignKey(RegistrationForm, on_delete=models.CASCADE, related_name='parent_file_templates', blank=True)
file = models.FileField(null=True,blank=True, upload_to=registration_parent_file_upload_to) file = models.FileField(null=True,blank=True, upload_to=registration_parent_file_upload_to)
# Tri-etat: None=en attente, True=valide, False=refuse
isValidated = models.BooleanField(null=True, blank=True, default=None)
def __str__(self): def __str__(self):
return self.name return self.master.name if self.master else f"ParentFile_{self.pk}"
def save(self, *args, **kwargs): def save(self, *args, **kwargs):
if self.pk: # Si l'objet existe déjà dans la base de données # Supprimer l'ancien fichier si remplacé (évite les suffixes Django)
if self.pk:
try: try:
old_instance = RegistrationParentFileTemplate.objects.get(pk=self.pk) old_instance = RegistrationParentFileTemplate.objects.get(pk=self.pk)
if old_instance.file and (not self.file or self.file.name == ''): # Si le fichier change ou est supprimé
if os.path.exists(old_instance.file.path): if old_instance.file:
old_instance.file.delete(save=False) if old_instance.file != self.file or not self.file or self.file.name == '':
self.file = None _delete_file_if_exists(old_instance.file)
else: if not self.file or self.file.name == '':
print(f"Le fichier {old_instance.file.path} n'existe pas.") self.file = None
except RegistrationParentFileTemplate.DoesNotExist: except RegistrationParentFileTemplate.DoesNotExist:
print("Ancienne instance introuvable.") pass
super().save(*args, **kwargs) super().save(*args, **kwargs)
@staticmethod @staticmethod

64
Back-End/Subscriptions/serializers.py
View File

@ -1,15 +1,15 @@
from rest_framework import serializers from rest_framework import serializers
from .models import ( from .models import (
RegistrationFileGroup, RegistrationFileGroup,
RegistrationForm, RegistrationForm,
Student, Student,
Guardian, Guardian,
Sibling, Sibling,
Language, Language,
RegistrationSchoolFileMaster, RegistrationSchoolFileMaster,
RegistrationSchoolFileTemplate, RegistrationSchoolFileTemplate,
RegistrationParentFileMaster, RegistrationParentFileMaster,
RegistrationParentFileTemplate, RegistrationParentFileTemplate,
AbsenceManagement, AbsenceManagement,
BilanCompetence BilanCompetence
) )
@ -38,10 +38,15 @@ class AbsenceManagementSerializer(serializers.ModelSerializer):
class RegistrationSchoolFileMasterSerializer(serializers.ModelSerializer): class RegistrationSchoolFileMasterSerializer(serializers.ModelSerializer):
id = serializers.IntegerField(required=False) id = serializers.IntegerField(required=False)
file_url = serializers.SerializerMethodField()
class Meta: class Meta:
model = RegistrationSchoolFileMaster model = RegistrationSchoolFileMaster
fields = '__all__' fields = '__all__'
def get_file_url(self, obj):
return obj.file.url if obj.file else None
class RegistrationParentFileMasterSerializer(serializers.ModelSerializer): class RegistrationParentFileMasterSerializer(serializers.ModelSerializer):
id = serializers.IntegerField(required=False) id = serializers.IntegerField(required=False)
class Meta: class Meta:
@ -51,6 +56,7 @@ class RegistrationParentFileMasterSerializer(serializers.ModelSerializer):
class RegistrationSchoolFileTemplateSerializer(serializers.ModelSerializer): class RegistrationSchoolFileTemplateSerializer(serializers.ModelSerializer):
id = serializers.IntegerField(required=False) id = serializers.IntegerField(required=False)
file_url = serializers.SerializerMethodField() file_url = serializers.SerializerMethodField()
master_file_url = serializers.SerializerMethodField()
class Meta: class Meta:
model = RegistrationSchoolFileTemplate model = RegistrationSchoolFileTemplate
@ -60,6 +66,12 @@ class RegistrationSchoolFileTemplateSerializer(serializers.ModelSerializer):
# Retourne l'URL complète du fichier si disponible # Retourne l'URL complète du fichier si disponible
return obj.file.url if obj.file else None return obj.file.url if obj.file else None
def get_master_file_url(self, obj):
# URL du fichier source du master (pour l'aperçu FileUpload côté parent)
if obj.master and obj.master.file:
return obj.master.file.url
return None
class RegistrationParentFileTemplateSerializer(serializers.ModelSerializer): class RegistrationParentFileTemplateSerializer(serializers.ModelSerializer):
id = serializers.IntegerField(required=False) id = serializers.IntegerField(required=False)
file_url = serializers.SerializerMethodField() file_url = serializers.SerializerMethodField()
@ -95,7 +107,7 @@ class RegistrationFormSimpleSerializer(serializers.ModelSerializer):
class Meta: class Meta:
model = RegistrationForm model = RegistrationForm
fields = ['student_id', 'last_name', 'first_name', 'guardians'] fields = ['student_id', 'last_name', 'first_name', 'guardians']
def get_last_name(self, obj): def get_last_name(self, obj):
return obj.student.last_name return obj.student.last_name
@ -164,12 +176,20 @@ class StudentSerializer(serializers.ModelSerializer):
if guardian_id: if guardian_id:
# Si un ID est fourni, récupérer ou mettre à jour le Guardian existant # Si un ID est fourni, récupérer ou mettre à jour le Guardian existant
guardian_instance, created = Guardian.objects.update_or_create( try:
id=guardian_id, guardian_instance = Guardian.objects.get(id=guardian_id)
defaults=guardian_data # Mettre à jour explicitement tous les champs y compris birth_date, profession, address
) for field, value in guardian_data.items():
guardians_ids.append(guardian_instance.id) if field != 'id': # Ne pas mettre à jour l'ID
continue setattr(guardian_instance, field, value)
guardian_instance.save()
guardians_ids.append(guardian_instance.id)
continue
except Guardian.DoesNotExist:
# Si le guardian n'existe pas, créer un nouveau
guardian_instance = Guardian.objects.create(**guardian_data)
guardians_ids.append(guardian_instance.id)
continue
if profile_role_data: if profile_role_data:
# Vérifiez si 'profile_data' est fourni pour créer un nouveau profil # Vérifiez si 'profile_data' est fourni pour créer un nouveau profil
@ -382,10 +402,11 @@ class RegistrationFormSerializer(serializers.ModelSerializer):
class StudentByParentSerializer(serializers.ModelSerializer): class StudentByParentSerializer(serializers.ModelSerializer):
id = serializers.IntegerField(required=False) id = serializers.IntegerField(required=False)
associated_class_name = serializers.SerializerMethodField() associated_class_name = serializers.SerializerMethodField()
associated_class_id = serializers.SerializerMethodField()
class Meta: class Meta:
model = Student model = Student
fields = ['id', 'last_name', 'first_name', 'level', 'photo', 'associated_class_name'] fields = ['id', 'last_name', 'first_name', 'level', 'photo', 'associated_class_name', 'associated_class_id']
def __init__(self, *args, **kwargs): def __init__(self, *args, **kwargs):
super(StudentByParentSerializer, self).__init__(*args, **kwargs) super(StudentByParentSerializer, self).__init__(*args, **kwargs)
@ -395,6 +416,9 @@ class StudentByParentSerializer(serializers.ModelSerializer):
def get_associated_class_name(self, obj): def get_associated_class_name(self, obj):
return obj.associated_class.atmosphere_name if obj.associated_class else None return obj.associated_class.atmosphere_name if obj.associated_class else None
def get_associated_class_id(self, obj):
return obj.associated_class.id if obj.associated_class else None
class RegistrationFormByParentSerializer(serializers.ModelSerializer): class RegistrationFormByParentSerializer(serializers.ModelSerializer):
student = StudentByParentSerializer(many=False, required=True) student = StudentByParentSerializer(many=False, required=True)
@ -435,11 +459,12 @@ class StudentByRFCreationSerializer(serializers.ModelSerializer):
id = serializers.IntegerField(required=False) id = serializers.IntegerField(required=False)
guardians = GuardianByDICreationSerializer(many=True, required=False) guardians = GuardianByDICreationSerializer(many=True, required=False)
associated_class_name = serializers.SerializerMethodField() associated_class_name = serializers.SerializerMethodField()
associated_class_id = serializers.SerializerMethodField()
bilans = BilanCompetenceSerializer(many=True, read_only=True) bilans = BilanCompetenceSerializer(many=True, read_only=True)
class Meta: class Meta:
model = Student model = Student
fields = ['id', 'last_name', 'first_name', 'guardians', 'level', 'associated_class_name', 'photo', 'bilans'] fields = ['id', 'last_name', 'first_name', 'guardians', 'level', 'associated_class_name', 'associated_class_id', 'photo', 'bilans']
def __init__(self, *args, **kwargs): def __init__(self, *args, **kwargs):
super(StudentByRFCreationSerializer, self).__init__(*args, **kwargs) super(StudentByRFCreationSerializer, self).__init__(*args, **kwargs)
@ -449,6 +474,9 @@ class StudentByRFCreationSerializer(serializers.ModelSerializer):
def get_associated_class_name(self, obj): def get_associated_class_name(self, obj):
return obj.associated_class.atmosphere_name if obj.associated_class else None return obj.associated_class.atmosphere_name if obj.associated_class else None
def get_associated_class_id(self, obj):
return obj.associated_class.id if obj.associated_class else None
class NotificationSerializer(serializers.ModelSerializer): class NotificationSerializer(serializers.ModelSerializer):
notification_type_label = serializers.ReadOnlyField() notification_type_label = serializers.ReadOnlyField()

83
Back-End/Subscriptions/tasks.py
View File

@ -5,6 +5,8 @@ from Subscriptions.automate import Automate_RF_Register, updateStateMachine
from .models import RegistrationForm from .models import RegistrationForm
from GestionMessagerie.models import Messagerie from GestionMessagerie.models import Messagerie
from N3wtSchool import settings, bdd from N3wtSchool import settings, bdd
from N3wtSchool.mailManager import sendMail, getConnection
from django.template.loader import render_to_string
import requests import requests
import logging import logging
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
@ -26,17 +28,82 @@ def send_notification(dossier):
# Changer l'état de l'automate # Changer l'état de l'automate
updateStateMachine(dossier, 'EVENT_FOLLOW_UP') updateStateMachine(dossier, 'EVENT_FOLLOW_UP')
url = settings.URL_DJANGO + 'GestionMessagerie/message' # Envoyer un email de relance aux responsables
try:
# Récupérer l'établissement du dossier
establishment_id = dossier.establishment.id
destinataires = dossier.eleve.profiles.all() # Obtenir la connexion SMTP pour cet établissement
for destinataire in destinataires: connection = getConnection(establishment_id)
message = {
"objet": "[RELANCE]", # Préparer le contenu de l'email
"destinataire" : destinataire.id, subject = f"[RELANCE] Dossier d'inscription en attente - {dossier.eleve.first_name} {dossier.eleve.last_name}"
"corpus": "RELANCE pour le dossier d'inscription"
context = {
'student_name': f"{dossier.eleve.first_name} {dossier.eleve.last_name}",
'deadline_date': (timezone.now() - timezone.timedelta(days=settings.EXPIRATION_DI_NB_DAYS)).strftime('%d/%m/%Y'),
'establishment_name': dossier.establishment.name,
'base_url': settings.BASE_URL
} }
response = requests.post(url, json=message) # Utiliser un template HTML pour l'email (si disponible)
try:
html_message = render_to_string('emails/relance_signature.html', context)
except:
# Si pas de template, message simple
html_message = f"""
<html>
<body>
<h2>Relance - Dossier d'inscription en attente</h2>
<p>Bonjour,</p>
<p>Le dossier d'inscription de <strong>{context['student_name']}</strong> est en attente de signature depuis plus de {settings.EXPIRATION_DI_NB_DAYS} jours.</p>
<p>Merci de vous connecter à votre espace pour finaliser l'inscription.</p>
<p>Cordialement,<br>L'équipe {context['establishment_name']}</p>
</body>
</html>
"""
# Récupérer les emails des responsables
destinataires = []
profiles = dossier.eleve.profiles.all()
for profile in profiles:
if profile.email:
destinataires.append(profile.email)
if destinataires:
# Envoyer l'email
result = sendMail(
subject=subject,
message=html_message,
recipients=destinataires,
connection=connection
)
logger.info(f"Email de relance envoyé pour le dossier {dossier.id} à {destinataires}")
else:
logger.warning(f"Aucun email trouvé pour les responsables du dossier {dossier.id}")
except Exception as e:
logger.error(f"Erreur lors de l'envoi de l'email de relance pour le dossier {dossier.id}: {str(e)}")
# En cas d'erreur email, utiliser la messagerie interne comme fallback
try:
url = settings.URL_DJANGO + 'GestionMessagerie/send-message/'
# Créer ou récupérer une conversation avec chaque responsable
destinataires = dossier.eleve.profiles.all()
for destinataire in destinataires:
message_data = {
"conversation_id": None, # Sera géré par l'API
"sender_id": 1, # ID du système ou admin
"content": f"RELANCE pour le dossier d'inscription de {dossier.eleve.first_name} {dossier.eleve.last_name}"
}
response = requests.post(url, json=message_data)
if response.status_code != 201:
logger.error(f"Erreur lors de l'envoi du message interne: {response.text}")
except Exception as inner_e:
logger.error(f"Erreur lors de l'envoi du message interne de fallback: {str(inner_e)}")
# subject = f"Dossier d'inscription non signé - {dossier.objet}" # subject = f"Dossier d'inscription non signé - {dossier.objet}"
# message = f"Le dossier d'inscription avec l'objet '{dossier.objet}' n'a pas été signé depuis {dossier.created_at}." # message = f"Le dossier d'inscription avec l'objet '{dossier.objet}' n'a pas été signé depuis {dossier.created_at}."

63
Back-End/Subscriptions/templates/emails/inscription_teacher.html Normal file
View File

@ -0,0 +1,63 @@
<!-- Nouveau template pour l'inscription d'un enseignant -->
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Bienvenue sur N3wt School</title>
<style>
body {
font-family: Arial, sans-serif;
line-height: 1.6;
color: #333;
}
.container {
max-width: 600px;
margin: 0 auto;
padding: 20px;
}
.header {
background-color: #f4f4f4;
padding: 10px;
text-align: center;
}
.content {
padding: 20px;
}
.footer {
font-size: 12px;
text-align: center;
margin-top: 30px;
color: #777;
}
.logo {
width: 120px;
margin-bottom: 10px;
}
</style>
</head>
<body>
<div class="container">
<div class="header">
<!-- Utilisation d'un lien absolu pour le logo -->
<img src="{{URL_DJANGO}}/static/img/logo_min.svg" alt="Logo N3wt School" class="logo" style="display:block;margin:auto;" />
<h1>Bienvenue sur N3wt School</h1>
</div>
<div class="content">
<p>Bonjour,</p>
<p>Votre compte enseignant a été créé sur la plateforme N3wt School.</p>
<p>Pour accéder à votre espace personnel, veuillez vous connecter à l'adresse suivante :<br>
<a href="{{BASE_URL}}/users/login">{{BASE_URL}}/users/login</a>
</p>
<p>Votre identifiant est : <b>{{ email }}</b></p>
<p>Si c'est votre première connexion, veuillez activer votre compte ici :<br>
<a href="{{BASE_URL}}/users/subscribe?establishment_id={{establishment}}">{{BASE_URL}}/users/subscribe</a>
</p>
<p>Nous vous souhaitons une excellente prise en main de l'outil.<br>
L'équipe N3wt School reste à votre disposition pour toute question.</p>
</div>
<div class="footer">
<p>Ce message est généré automatiquement, merci de ne pas y répondre.</p>
</div>
</div>
</body>
</html>

66
Back-End/Subscriptions/templates/emails/refus_definitif.html Normal file
View File

@ -0,0 +1,66 @@
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Dossier d'inscription refusé</title>
<style>
body {
font-family: Arial, sans-serif;
line-height: 1.6;
color: #333;
}
.container {
max-width: 600px;
margin: 0 auto;
padding: 20px;
}
.header {
background-color: #f4f4f4;
padding: 10px;
text-align: center;
}
.content {
padding: 20px;
}
.notes {
background-color: #f8d7da;
border: 1px solid #f5c6cb;
border-radius: 5px;
padding: 15px;
margin: 20px 0;
white-space: pre-line;
}
.footer {
font-size: 12px;
text-align: center;
margin-top: 30px;
color: #777;
}
</style>
</head>
<body>
<div class="container">
<div class="header">
<img src="{{URL_DJANGO}}static/img/logo_min.svg" alt="Logo N3wt School" class="logo" />
<h1>Dossier d'inscription refusé</h1>
</div>
<div class="content">
<p>Bonjour,</p>
<p>Nous avons le regret de vous informer que le dossier d'inscription de <strong>{{ student_name }}</strong> n'a pas été retenu.</p>
<div class="notes">
<strong>Motif(s) :</strong><br>
{{ notes }}
</div>
<p>Nous vous remercions de l'intérêt que vous avez porté à notre établissement et restons à votre disposition pour tout renseignement complémentaire.</p>
<p>Cordialement,</p>
<p>L'équipe N3wt School</p>
</div>
<div class="footer">
<p>Ce message est généré automatiquement, merci de ne pas y répondre.</p>
</div>
</div>
</body>
</html>

67
Back-End/Subscriptions/templates/emails/refus_dossier.html Normal file
View File

@ -0,0 +1,67 @@
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Dossier d'inscription - Corrections requises</title>
<style>
body {
font-family: Arial, sans-serif;
line-height: 1.6;
color: #333;
}
.container {
max-width: 600px;
margin: 0 auto;
padding: 20px;
}
.header {
background-color: #f4f4f4;
padding: 10px;
text-align: center;
}
.content {
padding: 20px;
}
.notes {
background-color: #fff3cd;
border: 1px solid #ffc107;
border-radius: 5px;
padding: 15px;
margin: 20px 0;
white-space: pre-line;
}
.footer {
font-size: 12px;
text-align: center;
margin-top: 30px;
color: #777;
}
</style>
</head>
<body>
<div class="container">
<div class="header">
<img src="{{URL_DJANGO}}static/img/logo_min.svg" alt="Logo N3wt School" class="logo" />
<h1>Dossier d'inscription - Corrections requises</h1>
</div>
<div class="content">
<p>Bonjour,</p>
<p>Nous avons examiné le dossier d'inscription de <strong>{{ student_name }}</strong> et certaines corrections sont nécessaires avant de pouvoir le valider.</p>
<div class="notes">
<strong>Motif(s) :</strong><br>
{{ notes }}
</div>
<p>Veuillez vous connecter à votre espace pour effectuer les corrections demandées :</p>
<p><a href="{{BASE_URL}}/users/login">{{BASE_URL}}/users/login</a></p>
<p>Cordialement,</p>
<p>L'équipe N3wt School</p>
</div>
<div class="footer">
<p>Ce message est généré automatiquement, merci de ne pas y répondre.</p>
</div>
</div>
</body>
</html>

121
Back-End/Subscriptions/templates/emails/relance_signature.html Normal file
View File

@ -0,0 +1,121 @@
<!DOCTYPE html>
<html lang="fr">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Relance - Dossier d'inscription</title>
<style>
body {
font-family: Arial, sans-serif;
line-height: 1.6;
color: #333;
margin: 0;
padding: 20px;
background-color: #f4f4f4;
}
.container {
max-width: 600px;
margin: 0 auto;
background: white;
padding: 30px;
border-radius: 10px;
box-shadow: 0 0 10px rgba(0,0,0,0.1);
}
.header {
text-align: center;
border-bottom: 3px solid #007bff;
padding-bottom: 20px;
margin-bottom: 30px;
}
.header h1 {
color: #007bff;
margin: 0;
}
.alert {
background-color: #fff3cd;
border: 1px solid #ffeaa7;
border-radius: 5px;
padding: 15px;
margin: 20px 0;
}
.alert-icon {
font-size: 20px;
margin-right: 10px;
}
.content {
margin: 20px 0;
}
.student-info {
background-color: #f8f9fa;
border-left: 4px solid #007bff;
padding: 15px;
margin: 20px 0;
}
.cta-button {
display: inline-block;
background-color: #007bff;
color: white;
padding: 12px 25px;
text-decoration: none;
border-radius: 5px;
margin: 20px 0;
}
.footer {
margin-top: 30px;
padding-top: 20px;
border-top: 1px solid #dee2e6;
font-size: 14px;
color: #6c757d;
}
</style>
</head>
<body>
<div class="container">
<div class="header">
<h1>{{ establishment_name }}</h1>
<p>Relance - Dossier d'inscription</p>
</div>
<div class="alert">
<span class="alert-icon">⚠️</span>
<strong>Attention :</strong> Votre dossier d'inscription nécessite votre attention
</div>
<div class="content">
<p>Bonjour,</p>
<div class="student-info">
<h3>Dossier d'inscription de : <strong>{{ student_name }}</strong></h3>
<p>En attente depuis le : <strong>{{ deadline_date }}</strong></p>
</div>
<p>Nous vous informons que le dossier d'inscription mentionné ci-dessus est en attente de finalisation depuis plus de {{ deadline_date }}.</p>
<p><strong>Action requise :</strong></p>
<ul>
<li>Connectez-vous à votre espace personnel</li>
<li>Vérifiez les documents manquants</li>
<li>Complétez et signez les formulaires en attente</li>
</ul>
<div style="text-align: center;">
<a href="{{ base_url }}" class="cta-button">Accéder à mon espace</a>
</div>
<p>Si vous rencontrez des difficultés ou avez des questions concernant ce dossier, n'hésitez pas à nous contacter.</p>
</div>
<div class="footer">
<p>Cordialement,<br>
L'équipe {{ establishment_name }}</p>
<hr style="margin: 20px 0;">
<p style="font-size: 12px;">
Cet email a été envoyé automatiquement. Si vous pensez avoir reçu ce message par erreur,
veuillez contacter l'établissement directement.
</p>
</div>
</div>
</body>
</html>

85
Back-End/Subscriptions/templates/emails/validation_dossier.html Normal file
View File

@ -0,0 +1,85 @@
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Dossier d'inscription validé</title>
<style>
body {
font-family: Arial, sans-serif;
line-height: 1.6;
color: #333;
}
.container {
max-width: 600px;
margin: 0 auto;
padding: 20px;
}
.header {
background-color: #f4f4f4;
padding: 10px;
text-align: center;
}
.content {
padding: 20px;
}
.success-box {
background-color: #d4edda;
border: 1px solid #28a745;
border-radius: 5px;
padding: 15px;
margin: 20px 0;
text-align: center;
}
.success-box h2 {
color: #155724;
margin: 0;
}
.class-info {
background-color: #e7f3ff;
border: 1px solid #0066cc;
border-radius: 5px;
padding: 15px;
margin: 20px 0;
}
.footer {
font-size: 12px;
text-align: center;
margin-top: 30px;
color: #777;
}
</style>
</head>
<body>
<div class="container">
<div class="header">
<img src="{{URL_DJANGO}}static/img/logo_min.svg" alt="Logo N3wt School" class="logo" />
<h1>Dossier d'inscription validé</h1>
</div>
<div class="content">
<p>Bonjour,</p>
<div class="success-box">
<h2>Félicitations !</h2>
<p>Le dossier d'inscription de <strong>{{ student_name }}</strong> a été validé.</p>
</div>
{% if class_name %}
<div class="class-info">
<strong>Classe attribuée :</strong> {{ class_name }}
</div>
{% endif %}
<p>Vous pouvez accéder à votre espace pour consulter les détails :</p>
<p><a href="{{BASE_URL}}/users/login">{{BASE_URL}}/users/login</a></p>
<p>Nous vous remercions de votre confiance et vous souhaitons une excellente année scolaire.</p>
<p>Cordialement,</p>
<p>L'équipe N3wt School</p>
</div>
<div class="footer">
<p>Ce message est généré automatiquement, merci de ne pas y répondre.</p>
</div>
</div>
</body>
</html>

150
Back-End/Subscriptions/templates/pdfs/bilan_competences.html
View File

@ -4,9 +4,22 @@
<meta charset="UTF-8"> <meta charset="UTF-8">
<title>Bilan de compétences</title> <title>Bilan de compétences</title>
<style> <style>
body { font-family: Arial, sans-serif; margin: 2em; } body { font-family: Arial, sans-serif; margin: 1.2em; color: #111827; }
h1, h2 { color: #059669; } h1, h2 { color: #059669; }
.student-info { margin-bottom: 2em; } .top-header { width: 100%; border-bottom: 2px solid #d1fae5; border-collapse: collapse; margin-bottom: 14px; }
.top-header td { vertical-align: top; border: none; padding: 0; }
.school-logo { width: 54px; height: 54px; object-fit: contain; margin-right: 8px; }
.product-logo { width: 58px; }
.title-row { margin: 8px 0 10px 0; }
.student-info {
margin-bottom: 1em;
border: 1px solid #e5e7eb;
border-radius: 8px;
padding: 8px 12px;
background: #f8fafc;
}
.student-info table { width: 100%; border-collapse: collapse; font-size: 0.98em; }
.student-info td { border: none; padding: 1px 0; }
.domain-table { width: 100%; border-collapse: collapse; margin-bottom: 2em; } .domain-table { width: 100%; border-collapse: collapse; margin-bottom: 2em; }
.domain-header th { .domain-header th {
background: #d1fae5; background: #d1fae5;
@ -25,16 +38,77 @@
th, td { border: 1px solid #e5e7eb; padding: 0.5em; } th, td { border: 1px solid #e5e7eb; padding: 0.5em; }
th.competence-header { background: #d1fae5; } th.competence-header { background: #d1fae5; }
td.competence-nom { word-break: break-word; max-width: 320px; } td.competence-nom { word-break: break-word; max-width: 320px; }
.footer-note { margin-top: 32px; }
.comment-space {
min-height: 180px;
margin-top: 18px;
margin-bottom: 78px;
}
.footer-grid { width: 100%; border-collapse: collapse; }
.footer-grid td {
border: none;
padding: 0;
vertical-align: top;
}
.field-line { border-bottom: 1px solid #9ca3af; height: 24px; margin-top: 6px; }
.signature-line { border-bottom: 2px solid #059669; height: 30px; margin-top: 6px; }
</style> </style>
</head> </head>
<body> <body>
<h1>Bilan de compétences</h1> <table class="top-header">
<tr>
<td style="width: 68%; padding-bottom: 8px;">
<table style="border-collapse: collapse; width: 100%;">
<tr>
{% if establishment.logo_path %}
<td style="width: 64px; border: none; vertical-align: top;">
<img src="{{ establishment.logo_path }}" alt="Logo établissement" class="school-logo">
</td>
{% endif %}
<td style="border: none; vertical-align: top;">
<div style="font-size: 1.25em; font-weight: 700; color: #065f46; margin-top: 2px;">{{ establishment.name }}</div>
{% if establishment.address %}
<div style="font-size: 0.9em; color: #4b5563; margin-top: 4px;">{{ establishment.address }}</div>
{% endif %}
</td>
</tr>
</table>
</td>
<td style="width: 32%; text-align: right; padding-bottom: 8px;">
<table style="border-collapse: collapse; width: 100%; margin-left: auto;">
<tr>
<td style="border: none; text-align: right;">
<div style="font-size: 0.86em; color: #6b7280; margin-bottom: 4px;">Généré avec</div>
{% if product.logo_path %}
<div style="margin-bottom: 4px;"><img src="{{ product.logo_path }}" alt="Logo n3wt" class="product-logo"></div>
{% endif %}
<div style="font-size: 0.95em; font-weight: 700; color: #059669;">{{ product.name }}</div>
</td>
</tr>
</table>
</td>
</tr>
</table>
<div class="title-row">
<h1>Bilan de compétences</h1>
</div>
<div class="student-info"> <div class="student-info">
<strong>Élève :</strong> {{ student.last_name }} {{ student.first_name }}<br> <table>
<strong>Niveau :</strong> {{ student.level }}<br> <tr>
<strong>Classe :</strong> {{ student.class_name }}<br> <td><strong>Élève :</strong> {{ student.last_name }} {{ student.first_name }}</td>
<strong>Période :</strong> {{ period }}<br> <td style="text-align: right;"><strong>Date :</strong> {{ date }}</td>
<strong>Date :</strong> {{ date }} </tr>
<tr>
<td><strong>Niveau :</strong> {{ student.level }}</td>
<td style="text-align: right;"><strong>Période :</strong> {{ period }}</td>
</tr>
<tr>
<td><strong>Classe :</strong> {{ student.class_name }}</td>
<td></td>
</tr>
</table>
</div> </div>
{% for domaine in domaines %} {% for domaine in domaines %}
@ -72,41 +146,33 @@
</table> </table>
{% endfor %} {% endfor %}
<div style="margin-top: 60px; padding: 0; max-width: 700px;"> <div class="footer-note">
<div style=" <div style="font-weight: 700; color: #059669; font-size: 1.1em;">
min-height: 180px; Appréciation générale / Commentaire
background: #fff;
border: 1.5px dashed #a7f3d0;
border-radius: 12px;
padding: 24px 24px 18px 24px;
display: flex;
flex-direction: column;
justify-content: flex-start;
position: relative;
margin-bottom: 64px; /* Augmente l'espace après l'encadré */
">
<div style="font-weight: bold; color: #059669; font-size: 1.25em; display: flex; align-items: center; gap: 8px; margin-bottom: 8px;">
<span>Appréciation générale / Commentaire : </span>
</div>
<!-- Espace vide pour écrire -->
<div style="flex:1;"></div>
<div style="flex:1;"></div>
<div style="flex:1;"></div>
<div style="flex:1;"></div>
<div style="flex:1;"></div>
<div style="flex:1;"></div>
<div style="flex:1;"></div>
</div>
<div style="display: flex; justify-content: flex-end; gap: 48px; margin-top: 32px;">
<div>
<span style="font-weight: bold; color: #059669;font-size: 1.25em;">Date :</span>
<span style="display: inline-block; min-width: 120px; border-bottom: 1.5px solid #a7f3d0; margin-left: 8px;">&nbsp;</span>
</div>
<div>
<span style="font-weight: bold; color: #059669;font-size: 1.25em;">Signature :</span>
<span style="display: inline-block; min-width: 180px; border-bottom: 2px solid #059669; margin-left: 8px;">&nbsp;</span>
</div>
</div> </div>
<div class="comment-space"></div>
<table class="footer-grid">
<tr>
<td style="width: 45%;">
<table style="width: 100%; border-collapse: collapse;">
<tr>
<td style="width: 70px; border: none; font-weight: 700; color: #059669;">Date :</td>
<td style="border: none;"><div class="field-line"></div></td>
</tr>
</table>
</td>
<td style="width: 10%;"></td>
<td style="width: 45%;">
<table style="width: 100%; border-collapse: collapse;">
<tr>
<td style="width: 90px; border: none; font-weight: 700; color: #059669;">Signature :</td>
<td style="border: none;"><div class="signature-line"></div></td>
</tr>
</table>
</td>
</tr>
</table>
</div> </div>
</body> </body>
</html> </html>

533
Back-End/Subscriptions/templates/pdfs/fiche_eleve.html
View File

@ -1,228 +1,319 @@
<!DOCTYPE html> <!doctype html>
<html> <html>
<head> <head>
<meta charset="UTF-8"> <meta charset="UTF-8" />
<title>Fiche élève de {{ student.last_name }} {{ student.first_name }}</title> <title>
Fiche élève — {{ student.last_name }} {{ student.first_name }}
</title>
<style> <style>
@page { @page {
size: A4; size: A4;
margin: 2cm; margin: 1.5cm 2cm;
} }
body { body {
font-family: 'Arial', sans-serif; font-family: "Helvetica", "Arial", sans-serif;
font-size: 12pt; font-size: 10pt;
color: #222; color: #1e293b;
background: #fff; background: #fff;
margin: 0; margin: 0;
padding: 0; padding: 0;
} line-height: 1.4;
.container { }
width: 100%;
padding: 0; /* ── Header ── */
background: #fff; .header-table {
} width: 100%;
.header { border: none;
text-align: center; margin-bottom: 16px;
margin-bottom: 24px; }
border-bottom: 2px solid #4CAF50; .header-table td {
padding-bottom: 12px; border: none;
position: relative; padding: 0;
} vertical-align: middle;
.title { }
font-size: 22pt; .header-left {
font-weight: bold; width: 80%;
color: #4CAF50; }
margin: 0; .header-right {
} width: 20%;
.photo { text-align: right;
position: absolute; }
top: 0; .school-name {
right: 0; font-size: 10pt;
width: 90px; color: #64748b;
height: 90px; margin: 0 0 4px 0;
object-fit: cover; letter-spacing: 0.5px;
border: 1px solid #4CAF50; }
border-radius: 8px; .title {
} font-size: 20pt;
.section { font-weight: bold;
margin-bottom: 32px; /* Espacement augmenté entre les sections */ color: #064e3b;
} margin: 0 0 2px 0;
.section-title { }
font-size: 15pt; .subtitle {
font-weight: bold; font-size: 11pt;
color: #4CAF50; color: #059669;
margin-bottom: 18px; /* Espacement sous le titre de section */ margin: 0;
border-bottom: 1px solid #4CAF50; font-weight: normal;
padding-bottom: 2px; }
} .header-line {
table { border: none;
width: 100%; border-top: 3px solid #059669;
border-collapse: collapse; margin: 12px 0 20px 0;
margin-bottom: 8px; }
} .photo {
th, td { width: 80px;
border: 1px solid #bbb; height: 80px;
padding: 6px 8px; object-fit: cover;
text-align: left; border: 2px solid #059669;
} border-radius: 4px;
th { }
background: #f3f3f3;
font-weight: bold; /* ── Sections ── */
} .section {
tr:nth-child(even) { margin-bottom: 20px;
background: #fafafa; }
} .section-header {
.label-cell { background-color: #059669;
font-weight: bold; color: #ffffff;
width: 30%; font-size: 11pt;
background: #f3f3f3; font-weight: bold;
} padding: 6px 12px;
.value-cell { margin-bottom: 0;
width: 70%; letter-spacing: 0.5px;
} border-radius: 2px 2px 0 0;
.signature { }
margin-top: 30px; .subsection-title {
text-align: right; font-size: 10pt;
font-style: italic; color: #064e3b;
color: #555; font-weight: bold;
} padding: 6px 0 2px 0;
.signature-text { margin: 8px 0 4px 0;
font-weight: bold; border-bottom: 1px solid #d1d5db;
color: #333; }
}
.subsection-title { /* ── Tables ── */
font-size: 12pt; table.data {
color: #333; width: 100%;
margin: 8px 0 4px 0; border-collapse: collapse;
font-weight: bold; margin-bottom: 4px;
} }
table.data td {
padding: 5px 8px;
border: 1px solid #e2e8f0;
font-size: 10pt;
vertical-align: top;
}
table.data .label {
font-weight: bold;
color: #064e3b;
background-color: #f0fdf4;
width: 25%;
white-space: nowrap;
}
table.data .value {
color: #1e293b;
width: 25%;
}
/* ── Paiement ── */
table.payment {
width: 100%;
border-collapse: collapse;
}
table.payment td {
padding: 5px 8px;
border: 1px solid #e2e8f0;
font-size: 10pt;
}
table.payment .label {
font-weight: bold;
color: #064e3b;
background-color: #f0fdf4;
width: 35%;
}
table.payment .value {
width: 65%;
}
/* ── Footer / Signature ── */
.signature-block {
margin-top: 24px;
padding: 10px 12px;
background-color: #f8fafc;
border: 1px solid #e2e8f0;
border-radius: 2px;
}
.signature-block p {
margin: 0;
font-size: 10pt;
color: #475569;
}
.signature-date {
font-weight: bold;
color: #064e3b;
}
.footer-line {
border: none;
border-top: 2px solid #059669;
margin: 20px 0 8px 0;
}
.footer-text {
text-align: center;
font-size: 8pt;
color: #94a3b8;
}
</style> </style>
</head> </head>
<body> <body>
{% load myTemplateTag %} {% load myTemplateTag %}
<div class="container">
<!-- Header Section -->
<div class="header">
<h1 class="title">Fiche élève de {{ student.last_name }} {{ student.first_name }}</h1>
{% if student.photo %}
<img src="{{ student.get_photo_url }}" alt="Photo de l'élève" class="photo" />
{% else %}
<img src="/static/img/default-photo.jpg" alt="Photo par défaut" class="photo" />
{% endif %}
</div>
<!-- Élève --> <!-- ═══════ HEADER ═══════ -->
<div class="section"> <table class="header-table">
<div class="section-title">ÉLÈVE</div> <tr>
<table> <td class="header-left">
<tr> {% if establishment %}
<td class="label-cell">Nom</td> <p class="school-name">{{ establishment.name }}</p>
<td class="value-cell">{{ student.last_name }}</td> {% endif %}
<td class="label-cell">Prénom</td> <h1 class="title">Fiche &Eacute;l&egrave;ves</h1>
<td class="value-cell">{{ student.first_name }}</td> <!-- prettier-ignore -->
</tr> <p class="subtitle">{{ student.last_name }} {{ student.first_name }}{% if school_year %} — {{ school_year }}{% endif %}</p>
<tr> </td>
<td class="label-cell">Adresse</td> <td class="header-right">
<td class="value-cell" colspan="3">{{ student.address }}</td> {% if student.photo %}
</tr> <img src="{{ student.get_photo_url }}" alt="Photo" class="photo" />
<tr> {% endif %}
<td class="label-cell">Genre</td> </td>
<td class="value-cell">{{ student|getStudentGender }}</td> </tr>
<td class="label-cell">Né(e) le</td> </table>
<td class="value-cell">{{ student.birth_date }}</td> <hr class="header-line" />
</tr>
<tr>
<td class="label-cell">À</td>
<td class="value-cell">{{ student.birth_place }} ({{ student.birth_postal_code }})</td>
<td class="label-cell">Nationalité</td>
<td class="value-cell">{{ student.nationality }}</td>
</tr>
<tr>
<td class="label-cell">Niveau</td>
<td class="value-cell">{{ student|getStudentLevel }}</td>
<td class="label-cell"></td>
<td class="value-cell"></td>
</tr>
</table>
</div>
<!-- Responsables --> <!-- ═══════ ÉLÈVE ═══════ -->
<div class="section"> <div class="section">
<div class="section-title">RESPONSABLES</div> <div class="section-header">INFORMATIONS DE L'ÉLÈVE</div>
{% for guardian in student.getGuardians %} <table class="data">
<div> <tr>
<div class="subsection-title">Responsable {{ forloop.counter }}</div> <td class="label">Nom</td>
<table> <td class="value">{{ student.last_name }}</td>
<tr> <td class="label">Prénom</td>
<td class="label-cell">Nom</td> <td class="value">{{ student.first_name }}</td>
<td class="value-cell">{{ guardian.last_name }}</td> </tr>
<td class="label-cell">Prénom</td> <tr>
<td class="value-cell">{{ guardian.first_name }}</td> <td class="label">Genre</td>
</tr> <td class="value">{{ student|getStudentGender }}</td>
<tr> <td class="label">Niveau</td>
<td class="label-cell">Adresse</td> <td class="value">{{ student|getStudentLevel }}</td>
<td class="value-cell" colspan="3">{{ guardian.address }}</td> </tr>
</tr> <tr>
<tr> <td class="label">Date de naissance</td>
<td class="label-cell">Email</td> <td class="value">{{ student.formatted_birth_date }}</td>
<td class="value-cell" colspan="3">{{ guardian.email }}</td> <td class="label">Lieu de naissance</td>
</tr> <!-- prettier-ignore -->
<tr> <td class="value">{{ student.birth_place }}{% if student.birth_postal_code %} ({{ student.birth_postal_code }}){% endif %}</td>
<td class="label-cell">Né(e) le</td> </tr>
<td class="value-cell">{{ guardian.birth_date }}</td> <tr>
<td class="label-cell">Téléphone</td> <td class="label">Nationalité</td>
<td class="value-cell">{{ guardian.phone|phone_format }}</td> <td class="value">{{ student.nationality }}</td>
</tr> <td class="label">Médecin traitant</td>
<tr> <td class="value">{{ student.attending_physician }}</td>
<td class="label-cell">Profession</td> </tr>
<td class="value-cell" colspan="3">{{ guardian.profession }}</td> <tr>
</tr> <td class="label">Adresse</td>
</table> <td class="value" colspan="3">{{ student.address }}</td>
</div> </tr>
{% endfor %} </table>
</div>
<!-- Fratrie -->
<div class="section">
<div class="section-title">FRATRIE</div>
{% for sibling in student.getSiblings %}
<div>
<div class="subsection-title">Frère/Soeur {{ forloop.counter }}</div>
<table>
<tr>
<td class="label-cell">Nom</td>
<td class="value-cell">{{ sibling.last_name }}</td>
<td class="label-cell">Prénom</td>
<td class="value-cell">{{ sibling.first_name }}</td>
</tr>
<tr>
<td class="label-cell">Né(e) le</td>
<td class="value-cell" colspan="3">{{ sibling.birth_date }}</td>
</tr>
</table>
</div>
{% endfor %}
</div>
<!-- Paiement -->
<div class="section">
<div class="section-title">MODALITÉS DE PAIEMENT</div>
<table>
<tr>
<td class="label-cell">Frais d'inscription</td>
<td class="value-cell">{{ student|getRegistrationPaymentMethod }} en {{ student|getRegistrationPaymentPlan }}</td>
</tr>
<tr>
<td class="label-cell">Frais de scolarité</td>
<td class="value-cell">{{ student|getTuitionPaymentMethod }} en {{ student|getTuitionPaymentPlan }}</td>
</tr>
</table>
</div>
<!-- Signature -->
<div class="signature">
Fait le <span class="signature-text">{{ signatureDate }}</span> à <span class="signature-text">{{ signatureTime }}</span>
</div>
</div> </div>
</body>
</html> <!-- ═══════ RESPONSABLES ═══════ -->
<div class="section">
<div class="section-header">RESPONSABLES LÉGAUX</div>
{% for guardian in student.getGuardians %}
<div class="subsection-title">Responsable {{ forloop.counter }}</div>
<table class="data">
<tr>
<td class="label">Nom</td>
<td class="value">{{ guardian.last_name }}</td>
<td class="label">Prénom</td>
<td class="value">{{ guardian.first_name }}</td>
</tr>
<tr>
<td class="label">Date de naissance</td>
<td class="value">{{ guardian.birth_date }}</td>
<td class="label">Téléphone</td>
<td class="value">{{ guardian.phone|phone_format }}</td>
</tr>
<tr>
<td class="label">Email</td>
<td class="value" colspan="3">{{ guardian.email }}</td>
</tr>
<tr>
<td class="label">Adresse</td>
<td class="value" colspan="3">{{ guardian.address }}</td>
</tr>
<tr>
<td class="label">Profession</td>
<td class="value" colspan="3">{{ guardian.profession }}</td>
</tr>
</table>
{% empty %}
<p style="color: #94a3b8; font-style: italic; padding: 8px">
Aucun responsable renseigné.
</p>
{% endfor %}
</div>
<!-- ═══════ FRATRIE ═══════ -->
{% if student.getSiblings %}
<div class="section">
<div class="section-header">FRATRIE</div>
{% for sibling in student.getSiblings %}
<div class="subsection-title">Frère / Sœur {{ forloop.counter }}</div>
<table class="data">
<tr>
<td class="label">Nom</td>
<td class="value">{{ sibling.last_name }}</td>
<td class="label">Prénom</td>
<td class="value">{{ sibling.first_name }}</td>
</tr>
<tr>
<td class="label">Date de naissance</td>
<td class="value" colspan="3">{{ sibling.birth_date }}</td>
</tr>
</table>
{% endfor %}
</div>
{% endif %}
<!-- ═══════ PAIEMENT ═══════ -->
<div class="section">
<div class="section-header">MODALITÉS DE PAIEMENT</div>
<table class="payment">
<tr>
<td class="label">Frais d'inscription</td>
<!-- prettier-ignore -->
<td class="value">{{ student|getRegistrationPaymentMethod }} — {{ student|getRegistrationPaymentPlan }}</td>
</tr>
<tr>
<td class="label">Frais de scolarité</td>
<!-- prettier-ignore -->
<td class="value">{{ student|getTuitionPaymentMethod }} — {{ student|getTuitionPaymentPlan }}</td>
</tr>
</table>
</div>
<!-- ═══════ SIGNATURE ═══════ -->
<div class="signature-block">
<p>
Document généré le
<span class="signature-date">{{ signatureDate }}</span> à
<span class="signature-date">{{ signatureTime }}</span>
</p>
</div>
<hr class="footer-line" />
<p class="footer-text">
Ce document est généré automatiquement et fait office de fiche
d'inscription.
</p>
</body>
</html>

20
Back-End/Subscriptions/urls.py
View File

@ -3,16 +3,16 @@ from django.urls import path, re_path
from . import views from . import views
# RF # RF
from .views import RegisterFormView, RegisterFormWithIdView, send, resend, archive from .views import RegisterFormView, RegisterFormWithIdView, send, resend, archive, generate_registration_pdf
# SubClasses # SubClasses
from .views import StudentView, GuardianView, ChildrenListView, StudentListView, DissociateGuardianView from .views import StudentView, GuardianView, ChildrenListView, StudentListView, DissociateGuardianView
# Files # Files
from .views import ( from .views import (
RegistrationSchoolFileMasterView, RegistrationSchoolFileMasterView,
RegistrationSchoolFileMasterSimpleView, RegistrationSchoolFileMasterSimpleView,
RegistrationSchoolFileTemplateView, RegistrationSchoolFileTemplateView,
RegistrationSchoolFileTemplateSimpleView, RegistrationSchoolFileTemplateSimpleView,
RegistrationParentFileMasterSimpleView, RegistrationParentFileMasterSimpleView,
RegistrationParentFileMasterView, RegistrationParentFileMasterView,
RegistrationParentFileTemplateSimpleView, RegistrationParentFileTemplateSimpleView,
RegistrationParentFileTemplateView, RegistrationParentFileTemplateView,
@ -24,9 +24,13 @@ from .views import (
) )
from .views import RegistrationFileGroupView, RegistrationFileGroupSimpleView, get_registration_files_by_group from .views import RegistrationFileGroupView, RegistrationFileGroupSimpleView, get_registration_files_by_group
from .views import registration_file_views, get_school_file_templates_by_rf, get_parent_file_templates_by_rf from .views import (
get_school_file_templates_by_rf,
get_parent_file_templates_by_rf
)
urlpatterns = [ urlpatterns = [
re_path(r'^registerForms/(?P<id>[0-9]+)/pdf$', generate_registration_pdf, name="generate_registration_pdf"),
re_path(r'^registerForms/(?P<id>[0-9]+)/archive$', archive, name="archive"), re_path(r'^registerForms/(?P<id>[0-9]+)/archive$', archive, name="archive"),
re_path(r'^registerForms/(?P<id>[0-9]+)/resend$', resend, name="resend"), re_path(r'^registerForms/(?P<id>[0-9]+)/resend$', resend, name="resend"),
re_path(r'^registerForms/(?P<id>[0-9]+)/send$', send, name="send"), re_path(r'^registerForms/(?P<id>[0-9]+)/send$', send, name="send"),
@ -49,7 +53,7 @@ urlpatterns = [
re_path(r'^registrationFileGroups/(?P<id>[0-9]+)$', RegistrationFileGroupSimpleView.as_view(), name='registrationFileGroupDetail'), re_path(r'^registrationFileGroups/(?P<id>[0-9]+)$', RegistrationFileGroupSimpleView.as_view(), name='registrationFileGroupDetail'),
re_path(r'^registrationFileGroups/(?P<id>[0-9]+)/templates$', get_registration_files_by_group, name="get_registration_files_by_group"), re_path(r'^registrationFileGroups/(?P<id>[0-9]+)/templates$', get_registration_files_by_group, name="get_registration_files_by_group"),
re_path(r'^registrationFileGroups$', RegistrationFileGroupView.as_view(), name='registrationFileGroups'), re_path(r'^registrationFileGroups$', RegistrationFileGroupView.as_view(), name='registrationFileGroups'),
re_path(r'^registrationSchoolFileMasters/(?P<id>[0-9]+)$', RegistrationSchoolFileMasterSimpleView.as_view(), name='registrationSchoolFileMasters'), re_path(r'^registrationSchoolFileMasters/(?P<id>[0-9]+)$', RegistrationSchoolFileMasterSimpleView.as_view(), name='registrationSchoolFileMasters'),
re_path(r'^registrationSchoolFileMasters$', RegistrationSchoolFileMasterView.as_view(), name='registrationSchoolFileMasters'), re_path(r'^registrationSchoolFileMasters$', RegistrationSchoolFileMasterView.as_view(), name='registrationSchoolFileMasters'),

770
Back-End/Subscriptions/util.py
View File

@ -8,21 +8,489 @@ from N3wtSchool import renderers
from N3wtSchool import bdd from N3wtSchool import bdd
from io import BytesIO from io import BytesIO
import base64
from reportlab.pdfgen import canvas
from reportlab.lib.pagesizes import A4
from reportlab.lib.utils import ImageReader
from reportlab.graphics import renderPDF
from django.core.files.base import ContentFile
from django.core.files import File from django.core.files import File
from pathlib import Path from pathlib import Path
import os import os
from enum import Enum from enum import Enum
from urllib.parse import unquote_to_bytes
import random import random
import string import string
from rest_framework.parsers import JSONParser from rest_framework.parsers import JSONParser
from PyPDF2 import PdfMerger from PyPDF2 import PdfMerger, PdfReader, PdfWriter
from PyPDF2.errors import PdfReadError
import shutil import shutil
import logging import logging
import json
from django.http import QueryDict
from rest_framework.response import Response
from rest_framework import status
from svglib.svglib import svg2rlg
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
def _draw_signature_data_url(cnv, data_url, x, y, width, height):
"""
Dessine une signature issue d'un data URL dans un canvas ReportLab.
Supporte les images raster (PNG/JPEG/...) et SVG.
Retourne True si la signature a pu etre dessinee.
"""
if not isinstance(data_url, str) or not data_url.startswith("data:image"):
return False
try:
header, payload = data_url.split(',', 1)
except ValueError:
return False
is_base64 = ';base64' in header
mime_type = header.split(':', 1)[1].split(';', 1)[0] if ':' in header else ''
try:
raw_bytes = base64.b64decode(payload) if is_base64 else unquote_to_bytes(payload)
except Exception as e:
logger.error(f"[_draw_signature_data_url] Decodage impossible: {e}")
return False
# Support SVG via svglib (deja present dans requirements)
if mime_type == 'image/svg+xml':
try:
drawing = svg2rlg(BytesIO(raw_bytes))
if drawing is None:
return False
src_w = float(getattr(drawing, 'width', 0) or 0)
src_h = float(getattr(drawing, 'height', 0) or 0)
if src_w <= 0 or src_h <= 0:
return False
scale = min(width / src_w, height / src_h)
draw_w = src_w * scale
draw_h = src_h * scale
offset_x = x + (width - draw_w) / 2
offset_y = y + (height - draw_h) / 2
cnv.saveState()
cnv.translate(offset_x, offset_y)
cnv.scale(scale, scale)
renderPDF.draw(drawing, cnv, 0, 0)
cnv.restoreState()
return True
except Exception as e:
logger.error(f"[_draw_signature_data_url] Rendu SVG impossible: {e}")
return False
# Support images raster classiques
try:
img_reader = ImageReader(BytesIO(raw_bytes))
cnv.drawImage(
img_reader,
x,
y,
width=width,
height=height,
preserveAspectRatio=True,
mask='auto',
)
return True
except Exception as e:
logger.error(f"[_draw_signature_data_url] Rendu raster impossible: {e}")
return False
def save_file_replacing_existing(file_field, filename, content, save=True):
"""
Sauvegarde un fichier en écrasant l'existant s'il porte le même nom.
Évite les suffixes automatiques Django (ex: fichier_N5QdZpk.pdf).
Args:
file_field: Le FileField Django (ex: registerForm.registration_file)
filename: Le nom du fichier à sauvegarder
content: Le contenu du fichier (File, BytesIO, ContentFile, etc.)
save: Si True, sauvegarde l'instance parente
"""
# Supprimer l'ancien fichier s'il existe
if file_field and file_field.name:
try:
if hasattr(file_field, 'path') and os.path.exists(file_field.path):
os.remove(file_field.path)
logger.debug(f"[save_file] Ancien fichier supprimé: {file_field.path}")
except Exception as e:
logger.error(f"[save_file] Erreur suppression ancien fichier: {e}")
# Sauvegarder le nouveau fichier
file_field.save(filename, content, save=save)
def save_file_field_without_suffix(instance, field_name, filename, content, save=False):
"""
Sauvegarde un fichier dans un FileField Django en ecrasant le precedent,
sans laisser Django generer de suffixe (_abc123).
Args:
instance: instance Django portant le FileField
field_name: nom du FileField (ex: 'file')
filename: nom de fichier cible (basename)
content: contenu fichier (ContentFile, File, etc.)
save: si True, persiste immediatement l'instance
"""
file_field = getattr(instance, field_name)
field = instance._meta.get_field(field_name)
storage = file_field.storage
target_name = field.generate_filename(instance, filename)
# Supprimer le fichier actuellement reference si different
if file_field and file_field.name and file_field.name != target_name:
try:
if storage.exists(file_field.name):
storage.delete(file_field.name)
except Exception as e:
logger.error(f"[save_file_field_without_suffix] Erreur suppression ancien fichier ({file_field.name}): {e}")
# Supprimer explicitement la cible si elle existe deja
try:
if storage.exists(target_name):
storage.delete(target_name)
except Exception as e:
logger.error(f"[save_file_field_without_suffix] Erreur suppression cible ({target_name}): {e}")
# Sauvegarde: la cible n'existe plus, donc pas de suffixe
file_field.save(filename, content, save=save)
def build_payload_from_request(request):
"""
Normalise la request en payload prêt à être donné au serializer.
- supporte multipart/form-data où le front envoie 'data' (JSON string) ou un fichier JSON + fichiers
- supporte application/json ou form-data simple
Retour: (payload_dict, None) ou (None, Response erreur)
"""
# Si c'est du JSON pur (Content-Type: application/json)
if hasattr(request, 'content_type') and 'application/json' in request.content_type:
try:
# request.data contient déjà le JSON parsé par Django REST
payload = dict(request.data) if hasattr(request.data, 'items') else request.data
logger.info(f"JSON payload extracted: {payload}")
return payload, None
except Exception as e:
logger.error(f'Error processing JSON: {e}')
return None, Response({'error': "Invalid JSON", 'detail': str(e)}, status=status.HTTP_400_BAD_REQUEST)
# Cas multipart/form-data avec champ 'data'
data_field = request.data.get('data') if hasattr(request.data, 'get') else None
if data_field:
try:
# Si 'data' est un fichier (InMemoryUploadedFile ou fichier similaire), lire et décoder
if hasattr(data_field, 'read'):
raw = data_field.read()
if isinstance(raw, (bytes, bytearray)):
text = raw.decode('utf-8')
else:
text = raw
payload = json.loads(text)
# Si 'data' est bytes déjà
elif isinstance(data_field, (bytes, bytearray)):
payload = json.loads(data_field.decode('utf-8'))
# Si 'data' est une string JSON
elif isinstance(data_field, str):
payload = json.loads(data_field)
else:
# type inattendu
raise ValueError(f"Unsupported 'data' type: {type(data_field)}")
except (json.JSONDecodeError, ValueError, UnicodeDecodeError) as e:
logger.error(f'Invalid JSON in "data": {e}')
return None, Response({'error': "Invalid JSON in 'data'", 'detail': str(e)}, status=status.HTTP_400_BAD_REQUEST)
else:
payload = request.data.copy() if hasattr(request.data, 'copy') else dict(request.data)
if isinstance(payload, QueryDict):
payload = payload.dict()
# Attacher les fichiers présents (ex: photo, files.*, etc.), sauf 'data' (déjà traité)
for f_key, f_val in request.FILES.items():
if f_key == 'data':
# remettre le pointeur au début si besoin (déjà lu) — non indispensable ici mais sûr
try:
f_val.seek(0)
except Exception:
pass
# ne pas mettre le fichier 'data' dans le payload (c'est le JSON)
continue
payload[f_key] = f_val
return payload, None
def create_templates_for_registration_form(register_form):
"""
Idempotent:
- supprime les templates existants qui ne correspondent pas
aux masters du fileGroup courant du register_form (et supprime leurs fichiers).
- crée les templates manquants pour les masters du fileGroup courant.
Retourne la liste des templates créés.
"""
from Subscriptions.models import (
RegistrationSchoolFileMaster,
RegistrationSchoolFileTemplate,
RegistrationParentFileMaster,
RegistrationParentFileTemplate,
registration_school_file_upload_to,
)
created = []
logger.info("util.create_templates_for_registration_form - create_templates_for_registration_form")
# Récupérer les masters du fileGroup courant
current_group = getattr(register_form, "fileGroup", None)
if not current_group:
# Si plus de fileGroup, supprimer tous les templates existants pour ce RF
school_existing = RegistrationSchoolFileTemplate.objects.filter(registration_form=register_form)
for t in school_existing:
try:
if getattr(t, "file", None):
logger.info("Deleted school template %s for RF %s", t.pk, register_form.pk)
t.file.delete(save=False)
except Exception:
logger.exception("Erreur suppression fichier school template %s", getattr(t, "pk", None))
t.delete()
parent_existing = RegistrationParentFileTemplate.objects.filter(registration_form=register_form)
for t in parent_existing:
try:
if getattr(t, "file", None):
t.file.delete(save=False)
except Exception:
logger.exception("Erreur suppression fichier parent template %s", getattr(t, "pk", None))
t.delete()
return created
school_masters = RegistrationSchoolFileMaster.objects.filter(groups=current_group).distinct()
parent_masters = RegistrationParentFileMaster.objects.filter(groups=current_group).distinct()
school_master_ids = {m.pk for m in school_masters}
parent_master_ids = {m.pk for m in parent_masters}
# Supprimer les school templates obsolètes
for tmpl in RegistrationSchoolFileTemplate.objects.filter(registration_form=register_form):
if not tmpl.master_id or tmpl.master_id not in school_master_ids:
try:
if getattr(tmpl, "file", None):
tmpl.file.delete(save=False)
except Exception:
logger.exception("Erreur suppression fichier school template obsolète %s", getattr(tmpl, "pk", None))
tmpl.delete()
logger.info("Deleted obsolete school template %s for RF %s", getattr(tmpl, "pk", None), register_form.pk)
# Supprimer les parent templates obsolètes
for tmpl in RegistrationParentFileTemplate.objects.filter(registration_form=register_form):
if not tmpl.master_id or tmpl.master_id not in parent_master_ids:
try:
if getattr(tmpl, "file", None):
tmpl.file.delete(save=False)
except Exception:
logger.exception("Erreur suppression fichier parent template obsolète %s", getattr(tmpl, "pk", None))
tmpl.delete()
logger.info("Deleted obsolete parent template %s for RF %s", getattr(tmpl, "pk", None), register_form.pk)
# Créer les school templates manquants ou mettre à jour les existants si le master a changé
for m in school_masters:
tmpl_qs = RegistrationSchoolFileTemplate.objects.filter(master=m, registration_form=register_form)
tmpl = tmpl_qs.first() if tmpl_qs.exists() else None
base_slug = (m.name or "master").strip().replace(" ", "_")[:40]
slug = f"{base_slug}_{register_form.pk}_{m.pk}"
is_dynamic_master = (
isinstance(m.formMasterData, dict)
and bool(m.formMasterData.get("fields"))
)
# Formulaire dynamique: toujours générer le PDF final depuis le JSON
# (aperçu admin) au lieu de copier le fichier source brut (PNG/PDF).
if is_dynamic_master:
base_pdf_content = None
base_file_ext = None
if m.file and hasattr(m.file, 'name') and m.file.name:
base_file_ext = os.path.splitext(m.file.name)[1].lower()
try:
m.file.open('rb')
base_pdf_content = m.file.read()
m.file.close()
except Exception as e:
logger.error(f"Erreur lecture fichier source master dynamique: {e}")
try:
generated_pdf = generate_form_json_pdf(
register_form,
m.formMasterData,
base_pdf_content=base_pdf_content,
base_file_ext=base_file_ext,
)
except Exception as e:
logger.error(f"Erreur génération PDF dynamique pour template: {e}")
generated_pdf = None
if tmpl:
try:
if tmpl.file and tmpl.file.name:
tmpl.file.delete(save=False)
except Exception:
logger.exception("Erreur suppression ancien fichier template dynamique %s", getattr(tmpl, "pk", None))
tmpl.name = m.name or ""
tmpl.slug = slug
tmpl.formTemplateData = m.formMasterData or []
if generated_pdf is not None:
output_filename = os.path.basename(generated_pdf.name)
save_file_field_without_suffix(
tmpl,
'file',
output_filename,
generated_pdf,
save=False,
)
tmpl.save()
created.append(tmpl)
logger.info(
"util.create_templates_for_registration_form - Regenerated dynamic school template %s from master %s for RF %s",
tmpl.pk,
m.pk,
register_form.pk,
)
continue
tmpl = RegistrationSchoolFileTemplate(
master=m,
registration_form=register_form,
name=m.name or "",
formTemplateData=m.formMasterData or [],
slug=slug,
)
if generated_pdf is not None:
output_filename = os.path.basename(generated_pdf.name)
save_file_field_without_suffix(
tmpl,
'file',
output_filename,
generated_pdf,
save=False,
)
tmpl.save()
created.append(tmpl)
logger.info(
"util.create_templates_for_registration_form - Created dynamic school template %s from master %s for RF %s",
tmpl.pk,
m.pk,
register_form.pk,
)
continue
file_name = None
if m.file and hasattr(m.file, 'name') and m.file.name:
file_name = os.path.basename(m.file.name)
elif m.file:
file_name = str(m.file)
else:
try:
pdf_file = generate_form_json_pdf(register_form, m.formMasterData)
file_name = os.path.basename(pdf_file.name)
except Exception as e:
logger.error(f"Erreur lors de la génération du PDF pour le template: {e}")
file_name = None
master_file_path = m.file.path if m.file and hasattr(m.file, 'path') else None
def _build_upload_path(template_pk):
"""Génère le chemin relatif et absolu pour un template avec un pk connu."""
rel = registration_school_file_upload_to(
type("Tmp", (), {
"registration_form": register_form,
"pk": template_pk,
})(),
file_name,
)
return rel, os.path.join(settings.MEDIA_ROOT, rel)
if tmpl:
upload_rel_path, abs_path = _build_upload_path(tmpl.pk)
template_file_name = os.path.basename(tmpl.file.name) if tmpl.file and tmpl.file.name else None
master_file_changed = template_file_name != file_name
# --- GESTION FORM EXISTANT : suppression ancien template si nom ou contenu master changé ---
if master_file_changed or (
master_file_path and os.path.exists(master_file_path) and
(not tmpl.file or not os.path.exists(abs_path) or os.path.getmtime(master_file_path) > os.path.getmtime(abs_path))
):
# Supprimer l'ancien fichier du template (même si le nom change)
if tmpl.file and tmpl.file.name:
old_template_path = os.path.join(settings.MEDIA_ROOT, tmpl.file.name)
if os.path.exists(old_template_path):
try:
os.remove(old_template_path)
logger.info(f"util.create_templates_for_registration_form - Suppression ancien fichier template: {old_template_path}")
except Exception as e:
logger.error(f"Erreur suppression ancien fichier template: {e}")
# Copier le nouveau fichier du master (form existant)
if master_file_path and os.path.exists(master_file_path):
try:
os.makedirs(os.path.dirname(abs_path), exist_ok=True)
import shutil
shutil.copy2(master_file_path, abs_path)
logger.info(f"util.create_templates_for_registration_form - Copie du fichier master {master_file_path} -> {abs_path}")
tmpl.file.name = upload_rel_path
tmpl.name = m.name or ""
tmpl.slug = slug
tmpl.formTemplateData = m.formMasterData or []
tmpl.save()
except Exception as e:
logger.error(f"Erreur lors de la copie du fichier master pour mise à jour du template: {e}")
created.append(tmpl)
logger.info("util.create_templates_for_registration_form - Mise à jour school template %s from master %s for RF %s", tmpl.pk, m.pk, register_form.pk)
continue
# Sinon, création du template — sauvegarder d'abord pour obtenir un pk
tmpl = RegistrationSchoolFileTemplate(
master=m,
registration_form=register_form,
name=m.name or "",
formTemplateData=m.formMasterData or [],
slug=slug,
)
tmpl.save() # pk attribué ici
if file_name:
upload_rel_path, abs_path = _build_upload_path(tmpl.pk)
# Copier le fichier du master si besoin
if master_file_path and not os.path.exists(abs_path):
try:
import shutil
os.makedirs(os.path.dirname(abs_path), exist_ok=True)
shutil.copy2(master_file_path, abs_path)
logger.info(f"util.create_templates_for_registration_form - Copie du fichier master {master_file_path} -> {abs_path}")
except Exception as e:
logger.error(f"Erreur lors de la copie du fichier master pour le template: {e}")
tmpl.file.name = upload_rel_path
tmpl.save()
created.append(tmpl)
logger.info("util.create_templates_for_registration_form - Created school template %s from master %s for RF %s", tmpl.pk, m.pk, register_form.pk)
# Créer les parent templates manquants
for m in parent_masters:
exists = RegistrationParentFileTemplate.objects.filter(master=m, registration_form=register_form).exists()
if exists:
continue
tmpl = RegistrationParentFileTemplate.objects.create(
master=m,
registration_form=register_form,
file=None,
)
created.append(tmpl)
logger.info("Created parent template %s from master %s for RF %s", tmpl.pk, m.pk, register_form.pk)
return created
def recupereListeFichesInscription(): def recupereListeFichesInscription():
""" """
Retourne la liste complète des fiches dinscription. Retourne la liste complète des fiches dinscription.
@ -99,12 +567,70 @@ def getArgFromRequest(_argument, _request):
def merge_files_pdf(file_paths): def merge_files_pdf(file_paths):
""" """
Fusionne plusieurs fichiers PDF et retourne le contenu fusionné en mémoire. Fusionne plusieurs fichiers PDF et retourne le contenu fusionné en mémoire.
Les fichiers non-PDF (images) sont convertis en PDF avant fusion.
Les fichiers invalides sont ignorés avec un log d'erreur.
""" """
merger = PdfMerger() merger = PdfMerger()
files_added = 0
# Extensions d'images supportées
image_extensions = {'.jpg', '.jpeg', '.png', '.gif', '.bmp', '.tiff', '.tif'}
# Ajouter les fichiers valides au merger
for file_path in file_paths: for file_path in file_paths:
merger.append(file_path) # Vérifier que le fichier existe
if not os.path.exists(file_path):
logger.warning(f"[merge_files_pdf] Fichier introuvable, ignoré: {file_path}")
continue
file_ext = os.path.splitext(file_path)[1].lower()
# Si c'est une image, la convertir en PDF
if file_ext in image_extensions:
try:
from PIL import Image
from reportlab.lib.utils import ImageReader
img = Image.open(file_path)
img_width, img_height = img.size
# Créer un PDF en mémoire avec l'image
img_pdf = BytesIO()
c = canvas.Canvas(img_pdf, pagesize=(img_width, img_height))
c.drawImage(file_path, 0, 0, width=img_width, height=img_height)
c.save()
img_pdf.seek(0)
merger.append(img_pdf)
files_added += 1
logger.debug(f"[merge_files_pdf] Image convertie et ajoutée: {file_path}")
except Exception as e:
logger.error(f"[merge_files_pdf] Erreur lors de la conversion de l'image {file_path}: {e}")
continue
# Sinon, essayer de l'ajouter comme PDF
try:
# Valider que c'est un PDF lisible
with open(file_path, 'rb') as f:
PdfReader(f, strict=False)
# Si la validation passe, ajouter au merger
merger.append(file_path)
files_added += 1
logger.debug(f"[merge_files_pdf] PDF ajouté: {file_path}")
except PdfReadError as e:
logger.error(f"[merge_files_pdf] Fichier PDF invalide, ignoré: {file_path} - {e}")
except Exception as e:
logger.error(f"[merge_files_pdf] Erreur lors de la lecture du fichier {file_path}: {e}")
if files_added == 0:
logger.warning("[merge_files_pdf] Aucun fichier valide à fusionner")
# Retourner un PDF vide
empty_pdf = BytesIO()
c = canvas.Canvas(empty_pdf, pagesize=A4)
c.drawString(100, 750, "Aucun document à afficher")
c.save()
empty_pdf.seek(0)
return empty_pdf
# Sauvegarder le fichier fusionné en mémoire # Sauvegarder le fichier fusionné en mémoire
merged_pdf = BytesIO() merged_pdf = BytesIO()
@ -126,6 +652,8 @@ def rfToPDF(registerForm, filename):
'signatureDate': convertToStr(_now(), '%d-%m-%Y'), 'signatureDate': convertToStr(_now(), '%d-%m-%Y'),
'signatureTime': convertToStr(_now(), '%H:%M'), 'signatureTime': convertToStr(_now(), '%H:%M'),
'student': registerForm.student, 'student': registerForm.student,
'establishment': registerForm.establishment,
'school_year': registerForm.school_year,
} }
# Générer le PDF # Générer le PDF
@ -133,25 +661,11 @@ def rfToPDF(registerForm, filename):
if not pdf: if not pdf:
raise ValueError("Erreur lors de la génération du PDF.") raise ValueError("Erreur lors de la génération du PDF.")
# Vérifier si un fichier avec le même nom existe déjà et le supprimer # Enregistrer directement le fichier dans le champ registration_file (écrase l'existant)
if registerForm.registration_file and registerForm.registration_file.name:
# Vérifiez si le chemin est déjà absolu ou relatif
if os.path.isabs(registerForm.registration_file.name):
existing_file_path = registerForm.registration_file.name
else:
existing_file_path = os.path.join(settings.MEDIA_ROOT, registerForm.registration_file.name.lstrip('/'))
# Vérifier si le fichier existe et le supprimer
if os.path.exists(existing_file_path):
os.remove(existing_file_path)
registerForm.registration_file.delete(save=False)
else:
print(f'File does not exist: {existing_file_path}')
# Enregistrer directement le fichier dans le champ registration_file
try: try:
registerForm.registration_file.save( save_file_replacing_existing(
os.path.basename(filename), # Utiliser uniquement le nom de fichier registerForm.registration_file,
os.path.basename(filename),
File(BytesIO(pdf.content)), File(BytesIO(pdf.content)),
save=True save=True
) )
@ -161,6 +675,24 @@ def rfToPDF(registerForm, filename):
return registerForm.registration_file return registerForm.registration_file
def generateRegistrationPDF(registerForm):
"""
Génère le PDF d'un dossier d'inscription à la volée et retourne le contenu binaire.
Ne sauvegarde pas le fichier sur disque.
"""
data = {
'pdf_title': f"Dossier d'inscription de {registerForm.student.first_name}",
'signatureDate': convertToStr(_now(), '%d-%m-%Y'),
'signatureTime': convertToStr(_now(), '%H:%M'),
'student': registerForm.student,
'establishment': registerForm.establishment,
'school_year': registerForm.school_year,
}
pdf = renderers.render_to_pdf('pdfs/fiche_eleve.html', data)
if not pdf:
raise ValueError("Erreur lors de la génération du PDF.")
return pdf.content
def delete_registration_files(registerForm): def delete_registration_files(registerForm):
""" """
Supprime le fichier et le dossier associés à un RegistrationForm. Supprime le fichier et le dossier associés à un RegistrationForm.
@ -212,4 +744,198 @@ def getHistoricalYears(count=5):
historical_start_year = start_year - i historical_start_year = start_year - i
historical_years.append(f"{historical_start_year}-{historical_start_year + 1}") historical_years.append(f"{historical_start_year}-{historical_start_year + 1}")
return historical_years return historical_years
def generate_form_json_pdf(register_form, form_json, base_pdf_content=None, base_file_ext=None, base_pdf_path=None):
"""
Génère un PDF composite du formulaire dynamique:
- le document source uploadé (PDF/image) si présent,
- puis un rendu du formulaire (similaire à l'aperçu),
- avec overlay de signature(s) sur la dernière page du document source.
"""
form_name = (form_json.get("title") or "formulaire").strip().replace(" ", "_")
filename = f"{form_name}.pdf"
fields = form_json.get("fields", []) if isinstance(form_json, dict) else []
# Compatibilité ascendante : charger depuis un chemin si nécessaire
if base_pdf_content is None and base_pdf_path and os.path.exists(base_pdf_path):
base_file_ext = os.path.splitext(base_pdf_path)[1].lower()
try:
with open(base_pdf_path, 'rb') as f:
base_pdf_content = f.read()
except Exception as e:
logger.error(f"[generate_form_json_pdf] Lecture fichier source: {e}")
writer = PdfWriter()
has_source_document = False
source_is_image = False
source_image_reader = None
source_image_size = None
# 1) Charger le document source (PDF/image) si présent
if base_pdf_content:
try:
image_exts = {'.png', '.jpg', '.jpeg', '.gif', '.bmp', '.tiff', '.webp'}
ext = (base_file_ext or '').lower()
if ext in image_exts:
# Pour les images, on les rend dans la section [fichier uploade]
# au lieu de les ajouter comme page source separee.
img_buffer = BytesIO(base_pdf_content)
source_image_reader = ImageReader(img_buffer)
source_image_size = source_image_reader.getSize()
source_is_image = True
else:
source_reader = PdfReader(BytesIO(base_pdf_content))
for page in source_reader.pages:
writer.add_page(page)
has_source_document = len(source_reader.pages) > 0
except Exception as e:
logger.error(f"[generate_form_json_pdf] Erreur chargement source: {e}")
# 2) Overlay des signatures sur la dernière page du document source
# Desactive ici pour eviter les doublons: la signature est rendue
# dans la section JSON du formulaire (et non plus en overlay source).
signatures = []
for field in fields:
if field.get("type") == "signature":
value = field.get("value")
if isinstance(value, str) and value.startswith("data:image"):
signatures.append(value)
enable_source_signature_overlay = False
if signatures and len(writer.pages) > 0 and enable_source_signature_overlay:
try:
target_page = writer.pages[len(writer.pages) - 1]
page_width = float(target_page.mediabox.width)
page_height = float(target_page.mediabox.height)
packet = BytesIO()
c_overlay = canvas.Canvas(packet, pagesize=(page_width, page_height))
sig_width = 170
sig_height = 70
margin = 36
spacing = 10
for i, data_url in enumerate(signatures[:3]):
try:
x = page_width - sig_width - margin
y = margin + i * (sig_height + spacing)
_draw_signature_data_url(c_overlay, data_url, x, y, sig_width, sig_height)
except Exception as e:
logger.error(f"[generate_form_json_pdf] Signature ignorée: {e}")
c_overlay.save()
packet.seek(0)
overlay_pdf = PdfReader(packet)
if overlay_pdf.pages:
target_page.merge_page(overlay_pdf.pages[0])
except Exception as e:
logger.error(f"[generate_form_json_pdf] Erreur overlay signature: {e}")
# 3) Rendu JSON explicite du formulaire final (toujours genere).
# Cela garantit la presence des sections H1 / FileUpload / Signature
# dans le PDF final, meme si un document source est fourni.
fields_to_render = fields
if fields_to_render:
layout_buffer = BytesIO()
c = canvas.Canvas(layout_buffer, pagesize=A4)
y = 800
c.setFont("Helvetica-Bold", 18)
c.drawString(60, y, form_json.get("title", "Formulaire"))
y -= 35
c.setFont("Helvetica", 11)
for field in fields_to_render:
ftype = field.get("type", "")
if ftype in {"heading1", "heading2", "heading3", "heading4", "heading5", "heading6", "paragraph"}:
text = field.get("text", "")
if text:
c.setFont("Helvetica-Bold" if ftype.startswith("heading") else "Helvetica", 11)
c.drawString(60, y, text[:120])
y -= 18
c.setFont("Helvetica", 11)
continue
label = field.get("label", field.get("id", "Champ"))
value = field.get("value", "")
if ftype == "file":
c.drawString(60, y, f"{label}")
y -= 18
if source_is_image and source_image_reader and source_image_size:
img_w, img_h = source_image_size
max_w = 420
max_h = 260
ratio = min(max_w / img_w, max_h / img_h)
draw_w = img_w * ratio
draw_h = img_h * ratio
if y - draw_h < 80:
c.showPage()
y = 800
c.setFont("Helvetica", 11)
c.drawImage(
source_image_reader,
60,
y - draw_h,
width=draw_w,
height=draw_h,
preserveAspectRatio=True,
mask='auto',
)
y -= draw_h + 14
elif ftype == "signature":
c.drawString(60, y, f"{label}")
sig_drawn = False
if isinstance(value, str) and value.startswith("data:image"):
try:
sig_drawn = _draw_signature_data_url(c, value, 260, y - 55, 170, 55)
except Exception as e:
logger.error(f"[generate_form_json_pdf] Signature render echoue: {e}")
if not sig_drawn:
c.rect(260, y - 55, 170, 55)
y -= 70
else:
if value not in (None, ""):
c.drawString(60, y, f"{label} [{ftype}] : {str(value)[:120]}")
else:
c.drawString(60, y, f"{label} [{ftype}]")
y -= 18
if y < 80:
c.showPage()
y = 800
c.setFont("Helvetica", 11)
c.save()
layout_buffer.seek(0)
try:
layout_reader = PdfReader(layout_buffer)
for page in layout_reader.pages:
writer.add_page(page)
except Exception as e:
logger.error(f"[generate_form_json_pdf] Erreur ajout rendu formulaire: {e}")
# 4) Fallback minimal si aucune page n'a été créée
if len(writer.pages) == 0:
fallback = BytesIO()
c_fb = canvas.Canvas(fallback, pagesize=A4)
c_fb.setFont("Helvetica-Bold", 16)
c_fb.drawString(60, 800, form_json.get("title", "Formulaire"))
c_fb.save()
fallback.seek(0)
fallback_reader = PdfReader(fallback)
for page in fallback_reader.pages:
writer.add_page(page)
out = BytesIO()
writer.write(out)
out.seek(0)
return ContentFile(out.read(), name=os.path.basename(filename))

34
Back-End/Subscriptions/views/__init__.py
View File

@ -1,11 +1,26 @@
from .register_form_views import RegisterFormView, RegisterFormWithIdView, send, resend, archive, get_school_file_templates_by_rf, get_parent_file_templates_by_rf from .register_form_views import (
from .registration_file_views import ( RegisterFormView,
RegistrationSchoolFileMasterView, RegisterFormWithIdView,
RegistrationSchoolFileMasterSimpleView, send,
RegistrationSchoolFileTemplateView, resend,
RegistrationSchoolFileTemplateSimpleView, archive,
RegistrationParentFileMasterView, get_school_file_templates_by_rf,
RegistrationParentFileMasterSimpleView, get_parent_file_templates_by_rf,
generate_registration_pdf
)
from .registration_school_file_masters_views import (
RegistrationSchoolFileMasterView,
RegistrationSchoolFileMasterSimpleView,
)
from .registration_school_file_templates_views import (
RegistrationSchoolFileTemplateView,
RegistrationSchoolFileTemplateSimpleView
)
from .registration_parent_file_masters_views import (
RegistrationParentFileMasterView,
RegistrationParentFileMasterSimpleView
)
from .registration_parent_file_templates_views import (
RegistrationParentFileTemplateSimpleView, RegistrationParentFileTemplateSimpleView,
RegistrationParentFileTemplateView RegistrationParentFileTemplateView
) )
@ -33,7 +48,8 @@ __all__ = [
'RegistrationFileGroupSimpleView', 'RegistrationFileGroupSimpleView',
'get_registration_files_by_group', 'get_registration_files_by_group',
'get_school_file_templates_by_rf', 'get_school_file_templates_by_rf',
'get_parent_file_templates_by_rf' 'get_parent_file_templates_by_rf',
'generate_registration_pdf',
'StudentView', 'StudentView',
'StudentListView', 'StudentListView',
'ChildrenListView', 'ChildrenListView',

424
Back-End/Subscriptions/views/register_form_views.py
View File

@ -1,4 +1,5 @@
from django.http.response import JsonResponse from django.http.response import JsonResponse
from django.http import HttpResponse
from django.views.decorators.csrf import ensure_csrf_cookie, csrf_protect from django.views.decorators.csrf import ensure_csrf_cookie, csrf_protect
from django.utils.decorators import method_decorator from django.utils.decorators import method_decorator
from rest_framework.views import APIView from rest_framework.views import APIView
@ -9,6 +10,7 @@ from drf_yasg import openapi
import json import json
import os import os
import threading
from django.core.files import File from django.core.files import File
import N3wtSchool.mailManager as mailer import N3wtSchool.mailManager as mailer
@ -17,10 +19,10 @@ import Subscriptions.util as util
from Subscriptions.serializers import RegistrationFormSerializer, RegistrationSchoolFileTemplateSerializer, RegistrationParentFileTemplateSerializer from Subscriptions.serializers import RegistrationFormSerializer, RegistrationSchoolFileTemplateSerializer, RegistrationParentFileTemplateSerializer
from Subscriptions.pagination import CustomSubscriptionPagination from Subscriptions.pagination import CustomSubscriptionPagination
from Subscriptions.models import ( from Subscriptions.models import (
Guardian, Guardian,
RegistrationForm, RegistrationForm,
RegistrationSchoolFileTemplate, RegistrationSchoolFileTemplate,
RegistrationFileGroup, RegistrationFileGroup,
RegistrationParentFileTemplate, RegistrationParentFileTemplate,
StudentCompetency StudentCompetency
) )
@ -323,6 +325,27 @@ class RegisterFormWithIdView(APIView):
registerForm.registration_file = util.rfToPDF(registerForm, initial_pdf) registerForm.registration_file = util.rfToPDF(registerForm, initial_pdf)
registerForm.save() registerForm.save()
# Envoi du mail d'inscription au second guardian si besoin
guardians = registerForm.student.guardians.all()
from Auth.models import Profile
from N3wtSchool.mailManager import sendRegisterForm
for guardian in guardians:
# Recherche de l'email dans le profil lié au guardian (si existant)
email = None
if hasattr(guardian, "profile_role") and guardian.profile_role and hasattr(guardian.profile_role, "profile") and guardian.profile_role.profile:
email = guardian.profile_role.profile.email
# Fallback sur le champ email direct (si jamais il existe)
if not email:
email = getattr(guardian, "email", None)
logger.debug(f"[RF_UNDER_REVIEW] Guardian id={guardian.id}, email={email}")
if email:
profile_exists = Profile.objects.filter(email=email).exists()
logger.debug(f"[RF_UNDER_REVIEW] Profile existe pour {email} ? {profile_exists}")
if not profile_exists:
logger.debug(f"[RF_UNDER_REVIEW] Envoi du mail d'inscription à {email} pour l'établissement {registerForm.establishment.pk}")
sendRegisterForm(email, registerForm.establishment.pk)
# Mise à jour de l'automate # Mise à jour de l'automate
# Vérification de la présence du fichier SEPA # Vérification de la présence du fichier SEPA
if registerForm.sepa_file: if registerForm.sepa_file:
@ -332,9 +355,32 @@ class RegisterFormWithIdView(APIView):
# Mise à jour de l'automate pour une signature classique # Mise à jour de l'automate pour une signature classique
updateStateMachine(registerForm, 'EVENT_SIGNATURE') updateStateMachine(registerForm, 'EVENT_SIGNATURE')
except Exception as e: except Exception as e:
logger.error(f"[RF_UNDER_REVIEW] Exception: {e}")
import traceback
logger.error(traceback.format_exc())
return JsonResponse({'error': str(e)}, status=status.HTTP_500_INTERNAL_SERVER_ERROR) return JsonResponse({'error': str(e)}, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
elif _status == RegistrationForm.RegistrationFormStatus.RF_SENT: elif _status == RegistrationForm.RegistrationFormStatus.RF_SENT:
if registerForm.status == RegistrationForm.RegistrationFormStatus.RF_UNDER_REVIEW: if registerForm.status == RegistrationForm.RegistrationFormStatus.RF_UNDER_REVIEW:
# Envoi de l'email de refus aux responsables légaux
try:
student = registerForm.student
student_name = f"{student.first_name} {student.last_name}"
notes = registerForm.notes or "Aucun motif spécifié"
guardians = student.guardians.all()
for guardian in guardians:
email = None
if hasattr(guardian, "profile_role") and guardian.profile_role and hasattr(guardian.profile_role, "profile") and guardian.profile_role.profile:
email = guardian.profile_role.profile.email
if not email:
email = getattr(guardian, "email", None)
if email:
logger.info(f"[RF_SENT] Envoi email de refus à {email} pour l'élève {student_name}")
mailer.sendRefusDossier(email, registerForm.establishment.pk, student_name, notes)
except Exception as e:
logger.error(f"[RF_SENT] Erreur lors de l'envoi de l'email de refus: {e}")
updateStateMachine(registerForm, 'EVENT_REFUSE') updateStateMachine(registerForm, 'EVENT_REFUSE')
util.delete_registration_files(registerForm) util.delete_registration_files(registerForm)
elif _status == RegistrationForm.RegistrationFormStatus.RF_SEPA_SENT: elif _status == RegistrationForm.RegistrationFormStatus.RF_SEPA_SENT:
@ -366,6 +412,17 @@ class RegisterFormWithIdView(APIView):
# Initialisation de la liste des fichiers à fusionner # Initialisation de la liste des fichiers à fusionner
fileNames = [] fileNames = []
# Régénérer la fiche élève avec le nouveau template avant fusion
try:
base_dir = os.path.join(settings.MEDIA_ROOT, f"registration_files/dossier_rf_{registerForm.pk}")
os.makedirs(base_dir, exist_ok=True)
initial_pdf = f"{base_dir}/Inscription_{registerForm.student.last_name}_{registerForm.student.first_name}.pdf"
registerForm.registration_file = util.rfToPDF(registerForm, initial_pdf)
registerForm.save()
logger.debug(f"[RF_VALIDATED] Fiche élève régénérée avant fusion")
except Exception as e:
logger.error(f"[RF_VALIDATED] Erreur lors de la régénération de la fiche élève: {e}")
# Ajout du fichier registration_file en première position # Ajout du fichier registration_file en première position
if registerForm.registration_file: if registerForm.registration_file:
fileNames.append(registerForm.registration_file.path) fileNames.append(registerForm.registration_file.path)
@ -377,14 +434,23 @@ class RegisterFormWithIdView(APIView):
fileNames.extend(parent_file_templates) fileNames.extend(parent_file_templates)
# Création du fichier PDF fusionné # Création du fichier PDF fusionné
merged_pdf_content = util.merge_files_pdf(fileNames) merged_pdf_content = None
try:
merged_pdf_content = util.merge_files_pdf(fileNames)
# Mise à jour du champ registration_file avec le fichier fusionné # Mise à jour du champ fusion_file avec le fichier fusionné
registerForm.fusion_file.save( util.save_file_replacing_existing(
f"dossier_complet.pdf", registerForm.fusion_file,
File(merged_pdf_content), "dossier_complet.pdf",
save=True File(merged_pdf_content),
) save=True
)
except Exception as e:
logger.error(f"[RF_VALIDATED] Erreur lors de la fusion des fichiers: {e}")
finally:
# Libérer explicitement la mémoire du BytesIO
if merged_pdf_content is not None:
merged_pdf_content.close()
# Valorisation des StudentCompetency pour l'élève # Valorisation des StudentCompetency pour l'élève
try: try:
student = registerForm.student student = registerForm.student
@ -426,11 +492,324 @@ class RegisterFormWithIdView(APIView):
except Exception as e: except Exception as e:
logger.error(f"Erreur lors de la valorisation des StudentCompetency: {e}") logger.error(f"Erreur lors de la valorisation des StudentCompetency: {e}")
# Envoi de l'email de validation aux responsables légaux (en arrière-plan)
def send_validation_emails():
try:
student = registerForm.student
student_name = f"{student.first_name} {student.last_name}"
class_name = None
if student.associated_class:
class_name = student.associated_class.atmosphere_name
guardians = student.guardians.all()
for guardian in guardians:
email = None
if hasattr(guardian, "profile_role") and guardian.profile_role and hasattr(guardian.profile_role, "profile") and guardian.profile_role.profile:
email = guardian.profile_role.profile.email
if not email:
email = getattr(guardian, "email", None)
if email:
logger.info(f"[RF_VALIDATED] Envoi email de validation à {email} pour l'élève {student_name}")
mailer.sendValidationDossier(email, registerForm.establishment.pk, student_name, class_name)
except Exception as e:
logger.error(f"[RF_VALIDATED] Erreur lors de l'envoi de l'email de validation: {e}")
# Lancer l'envoi d'email dans un thread séparé pour ne pas bloquer la réponse
email_thread = threading.Thread(target=send_validation_emails)
email_thread.start()
updateStateMachine(registerForm, 'EVENT_VALIDATE') updateStateMachine(registerForm, 'EVENT_VALIDATE')
elif _status == RegistrationForm.RegistrationFormStatus.RF_ARCHIVED:
# Vérifier si on vient de l'état "À valider" (RF_UNDER_REVIEW) pour un refus définitif
if registerForm.status == RegistrationForm.RegistrationFormStatus.RF_UNDER_REVIEW:
# Envoi de l'email de refus définitif aux responsables légaux (en arrière-plan)
def send_refus_definitif_emails():
try:
student = registerForm.student
student_name = f"{student.first_name} {student.last_name}"
notes = data.get('notes', '') or "Aucun motif spécifié"
guardians = student.guardians.all()
for guardian in guardians:
email = None
if hasattr(guardian, "profile_role") and guardian.profile_role and hasattr(guardian.profile_role, "profile") and guardian.profile_role.profile:
email = guardian.profile_role.profile.email
if not email:
email = getattr(guardian, "email", None)
if email:
logger.info(f"[RF_ARCHIVED] Envoi email de refus définitif à {email} pour l'élève {student_name}")
mailer.sendRefusDefinitif(email, registerForm.establishment.pk, student_name, notes)
except Exception as e:
logger.error(f"[RF_ARCHIVED] Erreur lors de l'envoi de l'email de refus définitif: {e}")
# Lancer l'envoi d'email dans un thread séparé pour ne pas bloquer la réponse
email_thread = threading.Thread(target=send_refus_definitif_emails)
email_thread.start()
updateStateMachine(registerForm, 'EVENT_ARCHIVE')
# Retourner les données mises à jour # Retourner les données mises à jour
return JsonResponse(studentForm_serializer.data, safe=False) return JsonResponse(studentForm_serializer.data, safe=False)
@swagger_auto_schema(
request_body=openapi.Schema(
type=openapi.TYPE_OBJECT,
properties={
'student_data': openapi.Schema(type=openapi.TYPE_STRING, description='JSON string des données étudiant'),
'guardians_data': openapi.Schema(type=openapi.TYPE_STRING, description='JSON string des données responsables'),
'siblings_data': openapi.Schema(type=openapi.TYPE_STRING, description='JSON string des données fratrie'),
'payment_data': openapi.Schema(type=openapi.TYPE_STRING, description='JSON string des données de paiement'),
'current_page': openapi.Schema(type=openapi.TYPE_INTEGER, description='Page actuelle du formulaire'),
'auto_save': openapi.Schema(type=openapi.TYPE_BOOLEAN, description='Indicateur auto-save'),
}
),
responses={200: RegistrationFormSerializer()},
operation_description="Auto-sauvegarde partielle d'un dossier d'inscription.",
operation_summary="Auto-sauvegarder un dossier d'inscription"
)
@method_decorator(csrf_protect, name='dispatch')
@method_decorator(ensure_csrf_cookie, name='dispatch')
def patch(self, request, id):
"""
Auto-sauvegarde partielle d'un dossier d'inscription.
Cette méthode est optimisée pour les sauvegardes automatiques périodiques.
"""
try:
# Récupérer le dossier d'inscription
registerForm = bdd.getObject(_objectName=RegistrationForm, _columnName='student__id', _value=id)
if not registerForm:
return JsonResponse({"error": "Dossier d'inscription introuvable"}, status=status.HTTP_404_NOT_FOUND)
# Préparer les données à mettre à jour
update_data = {}
# Traiter les données étudiant si présentes
if 'student_data' in request.data:
try:
student_data = json.loads(request.data['student_data'])
# Extraire les données de paiement des données étudiant
payment_fields = ['registration_payment', 'tuition_payment', 'registration_payment_plan', 'tuition_payment_plan']
payment_data = {}
for field in payment_fields:
if field in student_data:
payment_data[field] = student_data.pop(field)
# Si nous avons des données de paiement, les traiter
if payment_data:
logger.debug(f"Auto-save: extracted payment_data from student_data = {payment_data}")
# Traiter les données de paiement
payment_updates = {}
# Gestion du mode de paiement d'inscription
if 'registration_payment' in payment_data and payment_data['registration_payment']:
try:
from School.models import PaymentMode
payment_mode = PaymentMode.objects.get(id=payment_data['registration_payment'])
registerForm.registration_payment = payment_mode
payment_updates['registration_payment'] = payment_mode.id
except PaymentMode.DoesNotExist:
logger.warning(f"Auto-save: PaymentMode with id {payment_data['registration_payment']} not found")
# Gestion du mode de paiement de scolarité
if 'tuition_payment' in payment_data and payment_data['tuition_payment']:
try:
from School.models import PaymentMode
payment_mode = PaymentMode.objects.get(id=payment_data['tuition_payment'])
registerForm.tuition_payment = payment_mode
payment_updates['tuition_payment'] = payment_mode.id
except PaymentMode.DoesNotExist:
logger.warning(f"Auto-save: PaymentMode with id {payment_data['tuition_payment']} not found")
# Gestion du plan de paiement d'inscription
if 'registration_payment_plan' in payment_data and payment_data['registration_payment_plan']:
try:
from School.models import PaymentPlan
payment_plan = PaymentPlan.objects.get(id=payment_data['registration_payment_plan'])
registerForm.registration_payment_plan = payment_plan
payment_updates['registration_payment_plan'] = payment_plan.id
except PaymentPlan.DoesNotExist:
logger.warning(f"Auto-save: PaymentPlan with id {payment_data['registration_payment_plan']} not found")
# Gestion du plan de paiement de scolarité
if 'tuition_payment_plan' in payment_data and payment_data['tuition_payment_plan']:
try:
from School.models import PaymentPlan
payment_plan = PaymentPlan.objects.get(id=payment_data['tuition_payment_plan'])
registerForm.tuition_payment_plan = payment_plan
payment_updates['tuition_payment_plan'] = payment_plan.id
except PaymentPlan.DoesNotExist:
logger.warning(f"Auto-save: PaymentPlan with id {payment_data['tuition_payment_plan']} not found")
# Sauvegarder les modifications de paiement
if payment_updates:
registerForm.save()
logger.debug(f"Auto-save: Payment data updated - {payment_updates}")
update_data['student'] = student_data
except json.JSONDecodeError:
logger.warning("Auto-save: Invalid JSON in student_data")
# Traiter les données des responsables si présentes
if 'guardians_data' in request.data:
try:
guardians_data = json.loads(request.data['guardians_data'])
logger.debug(f"Auto-save: guardians_data = {guardians_data}")
# Enregistrer directement chaque guardian avec le modèle
for i, guardian_data in enumerate(guardians_data):
guardian_id = guardian_data.get('id')
if guardian_id:
try:
# Récupérer le guardian existant et mettre à jour ses champs
guardian = Guardian.objects.get(id=guardian_id)
# Mettre à jour les champs si ils sont présents
if 'birth_date' in guardian_data and guardian_data['birth_date']:
guardian.birth_date = guardian_data['birth_date']
if 'profession' in guardian_data:
guardian.profession = guardian_data['profession']
if 'address' in guardian_data:
guardian.address = guardian_data['address']
if 'phone' in guardian_data:
guardian.phone = guardian_data['phone']
if 'first_name' in guardian_data:
guardian.first_name = guardian_data['first_name']
if 'last_name' in guardian_data:
guardian.last_name = guardian_data['last_name']
guardian.save()
logger.debug(f"Guardian {i}: Updated birth_date={guardian.birth_date}, profession={guardian.profession}, address={guardian.address}")
except Guardian.DoesNotExist:
logger.warning(f"Auto-save: Guardian with id {guardian_id} not found")
except json.JSONDecodeError:
logger.warning("Auto-save: Invalid JSON in guardians_data")
# Traiter les données de la fratrie si présentes
if 'siblings_data' in request.data:
try:
siblings_data = json.loads(request.data['siblings_data'])
logger.debug(f"Auto-save: siblings_data = {siblings_data}")
# Enregistrer directement chaque sibling avec le modèle
for i, sibling_data in enumerate(siblings_data):
sibling_id = sibling_data.get('id')
if sibling_id:
try:
# Récupérer le sibling existant et mettre à jour ses champs
from Subscriptions.models import Sibling
sibling = Sibling.objects.get(id=sibling_id)
# Mettre à jour les champs si ils sont présents
if 'first_name' in sibling_data:
sibling.first_name = sibling_data['first_name']
if 'last_name' in sibling_data:
sibling.last_name = sibling_data['last_name']
if 'birth_date' in sibling_data and sibling_data['birth_date']:
sibling.birth_date = sibling_data['birth_date']
sibling.save()
logger.debug(f"Sibling {i}: Updated first_name={sibling.first_name}, last_name={sibling.last_name}, birth_date={sibling.birth_date}")
except Sibling.DoesNotExist:
logger.warning(f"Auto-save: Sibling with id {sibling_id} not found")
except json.JSONDecodeError:
logger.warning("Auto-save: Invalid JSON in siblings_data")
# Traiter les données de paiement si présentes
if 'payment_data' in request.data:
try:
payment_data = json.loads(request.data['payment_data'])
logger.debug(f"Auto-save: payment_data = {payment_data}")
# Mettre à jour directement les champs de paiement du formulaire
payment_updates = {}
# Gestion du mode de paiement d'inscription
if 'registration_payment' in payment_data and payment_data['registration_payment']:
try:
from School.models import PaymentMode
payment_mode = PaymentMode.objects.get(id=payment_data['registration_payment'])
registerForm.registration_payment = payment_mode
payment_updates['registration_payment'] = payment_mode.id
except PaymentMode.DoesNotExist:
logger.warning(f"Auto-save: PaymentMode with id {payment_data['registration_payment']} not found")
# Gestion du mode de paiement de scolarité
if 'tuition_payment' in payment_data and payment_data['tuition_payment']:
try:
from School.models import PaymentMode
payment_mode = PaymentMode.objects.get(id=payment_data['tuition_payment'])
registerForm.tuition_payment = payment_mode
payment_updates['tuition_payment'] = payment_mode.id
except PaymentMode.DoesNotExist:
logger.warning(f"Auto-save: PaymentMode with id {payment_data['tuition_payment']} not found")
# Gestion du plan de paiement d'inscription
if 'registration_payment_plan' in payment_data and payment_data['registration_payment_plan']:
try:
from School.models import PaymentPlan
payment_plan = PaymentPlan.objects.get(id=payment_data['registration_payment_plan'])
registerForm.registration_payment_plan = payment_plan
payment_updates['registration_payment_plan'] = payment_plan.id
except PaymentPlan.DoesNotExist:
logger.warning(f"Auto-save: PaymentPlan with id {payment_data['registration_payment_plan']} not found")
# Gestion du plan de paiement de scolarité
if 'tuition_payment_plan' in payment_data and payment_data['tuition_payment_plan']:
try:
from School.models import PaymentPlan
payment_plan = PaymentPlan.objects.get(id=payment_data['tuition_payment_plan'])
registerForm.tuition_payment_plan = payment_plan
payment_updates['tuition_payment_plan'] = payment_plan.id
except PaymentPlan.DoesNotExist:
logger.warning(f"Auto-save: PaymentPlan with id {payment_data['tuition_payment_plan']} not found")
# Sauvegarder les modifications de paiement
if payment_updates:
registerForm.save()
logger.debug(f"Auto-save: Payment data updated - {payment_updates}")
except json.JSONDecodeError:
logger.warning("Auto-save: Invalid JSON in payment_data")
# Mettre à jour la page actuelle si présente
if 'current_page' in request.data:
try:
current_page = int(request.data['current_page'])
# Vous pouvez sauvegarder cette info dans un champ du modèle si nécessaire
logger.debug(f"Auto-save: current_page = {current_page}")
except (ValueError, TypeError):
logger.warning("Auto-save: Invalid current_page value")
# Effectuer la mise à jour partielle seulement si nous avons des données
if update_data:
serializer = RegistrationFormSerializer(registerForm, data=update_data, partial=True)
if serializer.is_valid():
serializer.save()
logger.debug(f"Auto-save successful for student {id}")
return JsonResponse({"status": "auto_save_success", "timestamp": util._now().isoformat()}, safe=False)
else:
logger.warning(f"Auto-save validation errors: {serializer.errors}")
# Pour l'auto-save, on retourne un succès même en cas d'erreur de validation
return JsonResponse({"status": "auto_save_partial", "errors": serializer.errors}, safe=False)
else:
# Pas de données à sauvegarder, mais on retourne un succès
return JsonResponse({"status": "auto_save_no_data"}, safe=False)
except Exception as e:
logger.error(f"Auto-save error for student {id}: {str(e)}")
# Pour l'auto-save, on ne retourne pas d'erreur HTTP pour éviter d'interrompre l'UX
return JsonResponse({"status": "auto_save_failed", "error": str(e)}, safe=False)
@swagger_auto_schema( @swagger_auto_schema(
responses={204: 'No Content'}, responses={204: 'No Content'},
operation_description="Supprime un dossier d'inscription donné.", operation_description="Supprime un dossier d'inscription donné.",
@ -579,3 +958,26 @@ def get_parent_file_templates_by_rf(request, id):
return JsonResponse(serializer.data, safe=False) return JsonResponse(serializer.data, safe=False)
except RegistrationParentFileTemplate.DoesNotExist: except RegistrationParentFileTemplate.DoesNotExist:
return JsonResponse({'error': 'Aucune pièce à fournir trouvée pour ce dossier d\'inscription'}, status=status.HTTP_404_NOT_FOUND) return JsonResponse({'error': 'Aucune pièce à fournir trouvée pour ce dossier d\'inscription'}, status=status.HTTP_404_NOT_FOUND)
@swagger_auto_schema(
method='get',
responses={200: openapi.Response('PDF file', schema=openapi.Schema(type=openapi.TYPE_FILE))},
operation_description="Génère et retourne le PDF de la fiche élève à la volée",
operation_summary="Télécharger la fiche élève (régénérée)"
)
@api_view(['GET'])
def generate_registration_pdf(request, id):
try:
registerForm = RegistrationForm.objects.select_related('student', 'establishment').get(student__id=id)
except RegistrationForm.DoesNotExist:
return JsonResponse({"error": "Dossier d'inscription introuvable"}, status=status.HTTP_404_NOT_FOUND)
try:
pdf_content = util.generateRegistrationPDF(registerForm)
except ValueError as e:
return JsonResponse({"error": str(e)}, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
filename = f"Inscription_{registerForm.student.last_name}_{registerForm.student.first_name}.pdf"
response = HttpResponse(pdf_content, content_type='application/pdf')
response['Content-Disposition'] = f'inline; filename="{filename}"'
return response

372
Back-End/Subscriptions/views/registration_file_views.py
View File

@ -1,372 +0,0 @@
from django.http.response import JsonResponse
from drf_yasg.utils import swagger_auto_schema
from drf_yasg import openapi
from rest_framework.parsers import MultiPartParser, FormParser
from rest_framework.response import Response
from rest_framework.views import APIView
from rest_framework import status
from Subscriptions.serializers import RegistrationSchoolFileMasterSerializer, RegistrationSchoolFileTemplateSerializer, RegistrationParentFileMasterSerializer, RegistrationParentFileTemplateSerializer
from Subscriptions.models import RegistrationSchoolFileMaster, RegistrationSchoolFileTemplate, RegistrationParentFileMaster, RegistrationParentFileTemplate
from N3wtSchool import bdd
class RegistrationSchoolFileMasterView(APIView):
@swagger_auto_schema(
operation_description="Récupère tous les masters de templates d'inscription pour un établissement donné",
manual_parameters=[
openapi.Parameter(
'establishment_id',
openapi.IN_QUERY,
description="ID de l'établissement",
type=openapi.TYPE_INTEGER,
required=True
)
],
responses={200: RegistrationSchoolFileMasterSerializer(many=True)}
)
def get(self, request):
establishment_id = request.GET.get('establishment_id')
if not establishment_id:
return Response({'error': "Paramètre 'establishment_id' requis"}, status=status.HTTP_400_BAD_REQUEST)
# Filtrer les masters liés à l'établissement via groups.establishment
masters = RegistrationSchoolFileMaster.objects.filter(
groups__establishment__id=establishment_id
).distinct()
serializer = RegistrationSchoolFileMasterSerializer(masters, many=True)
return Response(serializer.data)
@swagger_auto_schema(
operation_description="Crée un nouveau master de template d'inscription",
request_body=RegistrationSchoolFileMasterSerializer,
responses={
201: RegistrationSchoolFileMasterSerializer,
400: "Données invalides"
}
)
def post(self, request):
serializer = RegistrationSchoolFileMasterSerializer(data=request.data)
if serializer.is_valid():
serializer.save()
return Response(serializer.data, status=status.HTTP_201_CREATED)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
class RegistrationSchoolFileMasterSimpleView(APIView):
@swagger_auto_schema(
operation_description="Récupère un master de template d'inscription spécifique",
responses={
200: RegistrationSchoolFileMasterSerializer,
404: "Master non trouvé"
}
)
def get(self, request, id):
master = bdd.getObject(_objectName=RegistrationSchoolFileMaster, _columnName='id', _value=id)
if master is None:
return JsonResponse({"errorMessage":'Le master de template n\'a pas été trouvé'}, safe=False, status=status.HTTP_404_NOT_FOUND)
serializer = RegistrationSchoolFileMasterSerializer(master)
return JsonResponse(serializer.data, safe=False)
@swagger_auto_schema(
operation_description="Met à jour un master de template d'inscription existant",
request_body=RegistrationSchoolFileMasterSerializer,
responses={
200: RegistrationSchoolFileMasterSerializer,
400: "Données invalides",
404: "Master non trouvé"
}
)
def put(self, request, id):
master = bdd.getObject(_objectName=RegistrationSchoolFileMaster, _columnName='id', _value=id)
if master is None:
return JsonResponse({'erreur': 'Le master de template n\'a pas été trouvé'}, safe=False, status=status.HTTP_404_NOT_FOUND)
serializer = RegistrationSchoolFileMasterSerializer(master, data=request.data)
if serializer.is_valid():
serializer.save()
return Response(serializer.data, status=status.HTTP_200_OK)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
@swagger_auto_schema(
operation_description="Supprime un master de template d'inscription",
responses={
204: "Suppression réussie",
404: "Master non trouvé"
}
)
def delete(self, request, id):
master = bdd.getObject(_objectName=RegistrationSchoolFileMaster, _columnName='id', _value=id)
if master is not None:
master.delete()
return JsonResponse({'message': 'La suppression du master de template a été effectuée avec succès'}, safe=False, status=status.HTTP_204_NO_CONTENT)
else:
return JsonResponse({'erreur': 'Le master de template n\'a pas été trouvé'}, safe=False, status=status.HTTP_404_NOT_FOUND)
class RegistrationSchoolFileTemplateView(APIView):
@swagger_auto_schema(
operation_description="Récupère tous les templates d'inscription pour un établissement donné",
manual_parameters=[
openapi.Parameter(
'establishment_id',
openapi.IN_QUERY,
description="ID de l'établissement",
type=openapi.TYPE_INTEGER,
required=True
)
],
responses={200: RegistrationSchoolFileTemplateSerializer(many=True)}
)
def get(self, request):
establishment_id = request.GET.get('establishment_id')
if not establishment_id:
return Response({'error': "Paramètre 'establishment_id' requis"}, status=status.HTTP_400_BAD_REQUEST)
# Filtrer les templates liés à l'établissement via master.groups.establishment
templates = RegistrationSchoolFileTemplate.objects.filter(
master__groups__establishment__id=establishment_id
).distinct()
serializer = RegistrationSchoolFileTemplateSerializer(templates, many=True)
return Response(serializer.data)
@swagger_auto_schema(
operation_description="Crée un nouveau template d'inscription",
request_body=RegistrationSchoolFileTemplateSerializer,
responses={
201: RegistrationSchoolFileTemplateSerializer,
400: "Données invalides"
}
)
def post(self, request):
serializer = RegistrationSchoolFileTemplateSerializer(data=request.data)
if serializer.is_valid():
serializer.save()
return Response(serializer.data, status=status.HTTP_201_CREATED)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
class RegistrationSchoolFileTemplateSimpleView(APIView):
@swagger_auto_schema(
operation_description="Récupère un template d'inscription spécifique",
responses={
200: RegistrationSchoolFileTemplateSerializer,
404: "Template non trouvé"
}
)
def get(self, request, id):
template = bdd.getObject(_objectName=RegistrationSchoolFileTemplate, _columnName='id', _value=id)
if template is None:
return JsonResponse({"errorMessage":'Le template d\'inscription n\'a pas été trouvé'}, safe=False, status=status.HTTP_404_NOT_FOUND)
serializer = RegistrationSchoolFileTemplateSerializer(template)
return JsonResponse(serializer.data, safe=False)
@swagger_auto_schema(
operation_description="Met à jour un template d'inscription existant",
request_body=RegistrationSchoolFileTemplateSerializer,
responses={
200: RegistrationSchoolFileTemplateSerializer,
400: "Données invalides",
404: "Template non trouvé"
}
)
def put(self, request, id):
template = bdd.getObject(_objectName=RegistrationSchoolFileTemplate, _columnName='id', _value=id)
if template is None:
return JsonResponse({'erreur': 'Le template d\'inscription n\'a pas été trouvé'}, safe=False, status=status.HTTP_404_NOT_FOUND)
serializer = RegistrationSchoolFileTemplateSerializer(template, data=request.data)
if serializer.is_valid():
serializer.save()
return Response({'message': 'Template mis à jour avec succès', 'data': serializer.data}, status=status.HTTP_200_OK)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
@swagger_auto_schema(
operation_description="Supprime un template d'inscription",
responses={
204: "Suppression réussie",
404: "Template non trouvé"
}
)
def delete(self, request, id):
template = bdd.getObject(_objectName=RegistrationSchoolFileTemplate, _columnName='id', _value=id)
if template is not None:
template.delete()
return JsonResponse({'message': 'La suppression du template a été effectuée avec succès'}, safe=False, status=status.HTTP_204_NO_CONTENT)
else:
return JsonResponse({'erreur': 'Le template n\'a pas été trouvé'}, safe=False, status=status.HTTP_404_NOT_FOUND)
class RegistrationParentFileMasterView(APIView):
@swagger_auto_schema(
operation_description="Récupère tous les fichiers parents pour un établissement donné",
manual_parameters=[
openapi.Parameter(
'establishment_id',
openapi.IN_QUERY,
description="ID de l'établissement",
type=openapi.TYPE_INTEGER,
required=True
)
],
responses={200: RegistrationParentFileMasterSerializer(many=True)}
)
def get(self, request):
establishment_id = request.GET.get('establishment_id')
if not establishment_id:
return Response({'error': "Paramètre 'establishment_id' requis"}, status=status.HTTP_400_BAD_REQUEST)
# Filtrer les fichiers parents liés à l'établissement
templates = RegistrationParentFileMaster.objects.filter(
groups__establishment__id=establishment_id
).distinct()
serializer = RegistrationParentFileMasterSerializer(templates, many=True)
return Response(serializer.data)
@swagger_auto_schema(
operation_description="Crée un nouveau fichier parent",
request_body=RegistrationParentFileMasterSerializer,
responses={
201: RegistrationParentFileMasterSerializer,
400: "Données invalides"
}
)
def post(self, request):
serializer = RegistrationParentFileMasterSerializer(data=request.data)
if serializer.is_valid():
serializer.save()
return Response(serializer.data, status=status.HTTP_201_CREATED)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
class RegistrationParentFileMasterSimpleView(APIView):
@swagger_auto_schema(
operation_description="Récupère un fichier parent spécifique",
responses={
200: RegistrationParentFileMasterSerializer,
404: "Fichier parent non trouvé"
}
)
def get(self, request, id):
template = bdd.getObject(_objectName=RegistrationParentFileMaster, _columnName='id', _value=id)
if template is None:
return JsonResponse({"errorMessage":'Le fichier parent n\'a pas été trouvé'}, safe=False, status=status.HTTP_404_NOT_FOUND)
serializer = RegistrationParentFileMasterSerializer(template)
return JsonResponse(serializer.data, safe=False)
@swagger_auto_schema(
operation_description="Met à jour un fichier parent existant",
request_body=RegistrationParentFileMasterSerializer,
responses={
200: RegistrationParentFileMasterSerializer,
400: "Données invalides",
404: "Fichier parent non trouvé"
}
)
def put(self, request, id):
template = bdd.getObject(_objectName=RegistrationParentFileMaster, _columnName='id', _value=id)
if template is None:
return JsonResponse({'erreur': 'Le fichier parent n\'a pas été trouvé'}, safe=False, status=status.HTTP_404_NOT_FOUND)
serializer = RegistrationParentFileMasterSerializer(template, data=request.data)
if serializer.is_valid():
serializer.save()
return Response({'message': 'Fichier parent mis à jour avec succès', 'data': serializer.data}, status=status.HTTP_200_OK)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
@swagger_auto_schema(
operation_description="Supprime un fichier parent",
responses={
204: "Suppression réussie",
404: "Fichier parent non trouvé"
}
)
def delete(self, request, id):
template = bdd.getObject(_objectName=RegistrationParentFileMaster, _columnName='id', _value=id)
if template is not None:
template.delete()
return JsonResponse({'message': 'La suppression du fichier parent a été effectuée avec succès'}, safe=False, status=status.HTTP_204_NO_CONTENT)
else:
return JsonResponse({'erreur': 'Le fichier parent n\'a pas été trouvé'}, safe=False, status=status.HTTP_404_NOT_FOUND)
class RegistrationParentFileTemplateView(APIView):
@swagger_auto_schema(
operation_description="Récupère tous les templates parents pour un établissement donné",
manual_parameters=[
openapi.Parameter(
'establishment_id',
openapi.IN_QUERY,
description="ID de l'établissement",
type=openapi.TYPE_INTEGER,
required=True
)
],
responses={200: RegistrationParentFileTemplateSerializer(many=True)}
)
def get(self, request):
establishment_id = request.GET.get('establishment_id')
if not establishment_id:
return Response({'error': "Paramètre 'establishment_id' requis"}, status=status.HTTP_400_BAD_REQUEST)
# Filtrer les templates parents liés à l'établissement via master.groups.establishment
templates = RegistrationParentFileTemplate.objects.filter(
master__groups__establishment__id=establishment_id
).distinct()
serializer = RegistrationParentFileTemplateSerializer(templates, many=True)
return Response(serializer.data)
@swagger_auto_schema(
operation_description="Crée un nouveau template d'inscription",
request_body=RegistrationParentFileTemplateSerializer,
responses={
201: RegistrationParentFileTemplateSerializer,
400: "Données invalides"
}
)
def post(self, request):
serializer = RegistrationParentFileTemplateSerializer(data=request.data)
if serializer.is_valid():
serializer.save()
return Response(serializer.data, status=status.HTTP_201_CREATED)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
class RegistrationParentFileTemplateSimpleView(APIView):
@swagger_auto_schema(
operation_description="Récupère un template d'inscription spécifique",
responses={
200: RegistrationParentFileTemplateSerializer,
404: "Template non trouvé"
}
)
def get(self, request, id):
template = bdd.getObject(_objectName=RegistrationParentFileTemplate, _columnName='id', _value=id)
if template is None:
return JsonResponse({"errorMessage":'Le template d\'inscription n\'a pas été trouvé'}, safe=False, status=status.HTTP_404_NOT_FOUND)
serializer = RegistrationParentFileTemplateSerializer(template)
return JsonResponse(serializer.data, safe=False)
@swagger_auto_schema(
operation_description="Met à jour un template d'inscription existant",
request_body=RegistrationParentFileTemplateSerializer,
responses={
200: RegistrationParentFileTemplateSerializer,
400: "Données invalides",
404: "Template non trouvé"
}
)
def put(self, request, id):
template = bdd.getObject(_objectName=RegistrationParentFileTemplate, _columnName='id', _value=id)
if template is None:
return JsonResponse({'erreur': 'Le template d\'inscription n\'a pas été trouvé'}, safe=False, status=status.HTTP_404_NOT_FOUND)
serializer = RegistrationParentFileTemplateSerializer(template, data=request.data, partial=True)
if serializer.is_valid():
serializer.save()
return Response({'message': 'Template mis à jour avec succès', 'data': serializer.data}, status=status.HTTP_200_OK)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
@swagger_auto_schema(
operation_description="Supprime un template d'inscription",
responses={
204: "Suppression réussie",
404: "Template non trouvé"
}
)
def delete(self, request, id):
template = bdd.getObject(_objectName=RegistrationParentFileTemplate, _columnName='id', _value=id)
if template is not None:
template.delete()
return JsonResponse({'message': 'La suppression du template a été effectuée avec succès'}, safe=False, status=status.HTTP_204_NO_CONTENT)
else:
return JsonResponse({'erreur': 'Le template n\'a pas été trouvé'}, safe=False, status=status.HTTP_404_NOT_FOUND)

177
Back-End/Subscriptions/views/registration_parent_file_masters_views.py Normal file
View File

@ -0,0 +1,177 @@
from django.http.response import JsonResponse
from drf_yasg.utils import swagger_auto_schema
from drf_yasg import openapi
from rest_framework.parsers import MultiPartParser, FormParser, JSONParser
from rest_framework.response import Response
from rest_framework.views import APIView
from rest_framework import status
from Subscriptions.serializers import RegistrationParentFileMasterSerializer
from Subscriptions.models import (
RegistrationForm,
RegistrationParentFileMaster
)
from N3wtSchool import bdd
import logging
import Subscriptions.util as util
logger = logging.getLogger(__name__)
class RegistrationParentFileMasterView(APIView):
parser_classes = [MultiPartParser, FormParser, JSONParser]
@swagger_auto_schema(
operation_description="Récupère tous les fichiers parents pour un établissement donné",
manual_parameters=[
openapi.Parameter(
'establishment_id',
openapi.IN_QUERY,
description="ID de l'établissement",
type=openapi.TYPE_INTEGER,
required=True
)
],
responses={200: RegistrationParentFileMasterSerializer(many=True)}
)
def get(self, request):
establishment_id = request.GET.get('establishment_id')
if not establishment_id:
return Response({'error': "Paramètre 'establishment_id' requis"}, status=status.HTTP_400_BAD_REQUEST)
# Filtrer les fichiers parents liés à l'établissement
templates = RegistrationParentFileMaster.objects.filter(
groups__establishment__id=establishment_id
).distinct()
serializer = RegistrationParentFileMasterSerializer(templates, many=True)
return Response(serializer.data)
@swagger_auto_schema(
operation_description="Crée un nouveau fichier parent",
request_body=RegistrationParentFileMasterSerializer,
responses={
201: RegistrationParentFileMasterSerializer,
400: "Données invalides"
}
)
def post(self, request):
logger.info(f"raw request.data: {request.data}")
payload, resp = util.build_payload_from_request(request)
if resp:
return resp
logger.info(f"payload for serializer: {payload}")
serializer = RegistrationParentFileMasterSerializer(data=payload, partial=True)
if serializer.is_valid():
obj = serializer.save()
# Propager la création des templates côté serveur pour les RegistrationForm
try:
groups_qs = obj.groups.all()
if groups_qs.exists():
rfs = RegistrationForm.objects.filter(fileGroup__in=groups_qs).distinct()
for rf in rfs:
try:
util.create_templates_for_registration_form(rf)
except Exception as e:
logger.exception("Error creating templates for RF %s from parent master %s: %s", getattr(rf, 'pk', None), getattr(obj, 'pk', None), e)
except Exception:
logger.exception("Error while propagating templates after parent master creation %s", getattr(obj, 'pk', None))
return Response(RegistrationParentFileMasterSerializer(obj).data, status=status.HTTP_201_CREATED)
logger.error(f"serializer errors: {serializer.errors}")
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
class RegistrationParentFileMasterSimpleView(APIView):
parser_classes = [MultiPartParser, FormParser, JSONParser]
@swagger_auto_schema(
operation_description="Récupère un fichier parent spécifique",
responses={
200: RegistrationParentFileMasterSerializer,
404: "Fichier parent non trouvé"
}
)
def get(self, request, id):
template = bdd.getObject(_objectName=RegistrationParentFileMaster, _columnName='id', _value=id)
if template is None:
return JsonResponse({"errorMessage":'Le fichier parent n\'a pas été trouvé'}, safe=False, status=status.HTTP_404_NOT_FOUND)
serializer = RegistrationParentFileMasterSerializer(template)
return JsonResponse(serializer.data, safe=False)
@swagger_auto_schema(
operation_description="Met à jour un fichier parent existant",
request_body=RegistrationParentFileMasterSerializer,
responses={
200: RegistrationParentFileMasterSerializer,
400: "Données invalides",
404: "Fichier parent non trouvé"
}
)
def put(self, request, id):
master = bdd.getObject(_objectName=RegistrationParentFileMaster, _columnName='id', _value=id)
if master is None:
return JsonResponse({'erreur': "Le master de fichier parent n'a pas été trouvé"}, safe=False, status=status.HTTP_404_NOT_FOUND)
# snapshot des groups avant update
old_group_ids = set(master.groups.values_list('id', flat=True))
# Normaliser payload (supporte form-data avec champ 'data' JSON ou fichier JSON)
payload, resp = util.build_payload_from_request(request)
if resp:
return resp
logger.info(f"payload for update serializer: {payload}")
serializer = RegistrationParentFileMasterSerializer(master, data=payload, partial=True)
if serializer.is_valid():
obj = serializer.save()
# groups après update
new_group_ids = set(obj.groups.values_list('id', flat=True))
removed_group_ids = old_group_ids - new_group_ids
added_group_ids = new_group_ids - old_group_ids
# Pour chaque RF appartenant aux groupes retirés -> nettoyer les templates (idempotent)
if removed_group_ids:
try:
rfs_removed = RegistrationForm.objects.filter(fileGroup__in=list(removed_group_ids)).distinct()
for rf in rfs_removed:
try:
util.create_templates_for_registration_form(rf)
except Exception as e:
logger.exception("Error cleaning templates for RF %s after parent master %s group removal: %s", getattr(rf, 'pk', None), getattr(obj, 'pk', None), e)
except Exception:
logger.exception("Error while processing RFs for removed groups after parent master update %s", getattr(obj, 'pk', None))
# Pour chaque RF appartenant aux groupes ajoutés -> créer les templates manquants
if added_group_ids:
try:
rfs_added = RegistrationForm.objects.filter(fileGroup__in=list(added_group_ids)).distinct()
for rf in rfs_added:
try:
util.create_templates_for_registration_form(rf)
except Exception as e:
logger.exception("Error creating templates for RF %s after parent master %s group addition: %s", getattr(rf, 'pk', None), getattr(obj, 'pk', None), e)
except Exception:
logger.exception("Error while processing RFs for added groups after parent master update %s", getattr(obj, 'pk', None))
return Response(serializer.data, status=status.HTTP_200_OK)
logger.error(f"serializer errors on put: {serializer.errors}")
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
@swagger_auto_schema(
operation_description="Supprime un fichier parent",
responses={
204: "Suppression réussie",
404: "Fichier parent non trouvé"
}
)
def delete(self, request, id):
template = bdd.getObject(_objectName=RegistrationParentFileMaster, _columnName='id', _value=id)
if template is not None:
template.delete()
return JsonResponse({'message': 'La suppression du fichier parent a été effectuée avec succès'}, safe=False, status=status.HTTP_204_NO_CONTENT)
else:
return JsonResponse({'erreur': 'Le fichier parent n\'a pas été trouvé'}, safe=False, status=status.HTTP_404_NOT_FOUND)

117
Back-End/Subscriptions/views/registration_parent_file_templates_views.py Normal file
View File

@ -0,0 +1,117 @@
from django.http.response import JsonResponse
from drf_yasg.utils import swagger_auto_schema
from drf_yasg import openapi
from rest_framework.parsers import MultiPartParser, FormParser, JSONParser
from rest_framework.response import Response
from rest_framework.views import APIView
from rest_framework import status
from Subscriptions.serializers import RegistrationParentFileTemplateSerializer
from Subscriptions.models import (
RegistrationParentFileTemplate
)
from N3wtSchool import bdd
import logging
import Subscriptions.util as util
logger = logging.getLogger(__name__)
class RegistrationParentFileTemplateView(APIView):
@swagger_auto_schema(
operation_description="Récupère tous les templates parents pour un établissement donné",
manual_parameters=[
openapi.Parameter(
'establishment_id',
openapi.IN_QUERY,
description="ID de l'établissement",
type=openapi.TYPE_INTEGER,
required=True
)
],
responses={200: RegistrationParentFileTemplateSerializer(many=True)}
)
def get(self, request):
establishment_id = request.GET.get('establishment_id')
if not establishment_id:
return Response({'error': "Paramètre 'establishment_id' requis"}, status=status.HTTP_400_BAD_REQUEST)
# Filtrer les templates parents liés à l'établissement via master.groups.establishment
templates = RegistrationParentFileTemplate.objects.filter(
master__groups__establishment__id=establishment_id
).distinct()
serializer = RegistrationParentFileTemplateSerializer(templates, many=True)
return Response(serializer.data)
@swagger_auto_schema(
operation_description="Crée un nouveau template d'inscription",
request_body=RegistrationParentFileTemplateSerializer,
responses={
201: RegistrationParentFileTemplateSerializer,
400: "Données invalides"
}
)
def post(self, request):
serializer = RegistrationParentFileTemplateSerializer(data=request.data)
if serializer.is_valid():
serializer.save()
return Response(serializer.data, status=status.HTTP_201_CREATED)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
class RegistrationParentFileTemplateSimpleView(APIView):
parser_classes = [MultiPartParser, FormParser, JSONParser]
@swagger_auto_schema(
operation_description="Récupère un template d'inscription spécifique",
responses={
200: RegistrationParentFileTemplateSerializer,
404: "Template non trouvé"
}
)
def get(self, request, id):
template = bdd.getObject(_objectName=RegistrationParentFileTemplate, _columnName='id', _value=id)
if template is None:
return JsonResponse({"errorMessage":'Le template d\'inscription n\'a pas été trouvé'}, safe=False, status=status.HTTP_404_NOT_FOUND)
serializer = RegistrationParentFileTemplateSerializer(template)
return JsonResponse(serializer.data, safe=False)
@swagger_auto_schema(
operation_description="Met à jour un template d'inscription existant",
request_body=RegistrationParentFileTemplateSerializer,
responses={
200: RegistrationParentFileTemplateSerializer,
400: "Données invalides",
404: "Template non trouvé"
}
)
def put(self, request, id):
payload, resp = util.build_payload_from_request(request)
if resp is not None:
return resp
template = bdd.getObject(_objectName=RegistrationParentFileTemplate, _columnName='id', _value=id)
if template is None:
return JsonResponse({'erreur': 'Le template d\'inscription n\'a pas été trouvé'}, safe=False, status=status.HTTP_404_NOT_FOUND)
serializer = RegistrationParentFileTemplateSerializer(template, data=payload, partial=True)
if serializer.is_valid():
serializer.save()
return Response({'message': 'Template mis à jour avec succès', 'data': serializer.data}, status=status.HTTP_200_OK)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
@swagger_auto_schema(
operation_description="Supprime un template d'inscription",
responses={
204: "Suppression réussie",
404: "Template non trouvé"
}
)
def delete(self, request, id):
template = bdd.getObject(_objectName=RegistrationParentFileTemplate, _columnName='id', _value=id)
if template is not None:
# Suppression du fichier PDF associé
if template.file and template.file.name:
template.file.delete(save=False)
template.delete()
return JsonResponse({'message': 'La suppression du template a été effectuée avec succès'}, safe=False, status=status.HTTP_204_NO_CONTENT)
else:
return JsonResponse({'erreur': 'Le template n\'a pas été trouvé'}, safe=False, status=status.HTTP_404_NOT_FOUND)

209
Back-End/Subscriptions/views/registration_school_file_masters_views.py Normal file
View File

@ -0,0 +1,209 @@
from django.http.response import JsonResponse
from drf_yasg.utils import swagger_auto_schema
from drf_yasg import openapi
from rest_framework.parsers import MultiPartParser, FormParser, JSONParser
from rest_framework.response import Response
from rest_framework.views import APIView
from rest_framework import status
from Subscriptions.serializers import RegistrationSchoolFileMasterSerializer
from Subscriptions.models import (
RegistrationForm,
RegistrationSchoolFileMaster,
RegistrationSchoolFileTemplate
)
from N3wtSchool import bdd
import logging
import Subscriptions.util as util
logger = logging.getLogger(__name__)
class RegistrationSchoolFileMasterView(APIView):
parser_classes = [MultiPartParser, FormParser, JSONParser]
@swagger_auto_schema(
operation_description="Récupère tous les masters de templates d'inscription pour un établissement donné",
manual_parameters=[
openapi.Parameter(
'establishment_id',
openapi.IN_QUERY,
description="ID de l'établissement",
type=openapi.TYPE_INTEGER,
required=True
)
],
responses={200: RegistrationSchoolFileMasterSerializer(many=True)}
)
def get(self, request):
establishment_id = request.GET.get('establishment_id')
if not establishment_id:
return Response({'error': "Paramètre 'establishment_id' requis"}, status=status.HTTP_400_BAD_REQUEST)
# Filtrer les masters liés à l'établissement via groups.establishment
masters = RegistrationSchoolFileMaster.objects.filter(
groups__establishment__id=establishment_id
).distinct()
serializer = RegistrationSchoolFileMasterSerializer(masters, many=True)
return Response(serializer.data)
@swagger_auto_schema(
operation_description="Crée un nouveau master de template d'inscription",
request_body=RegistrationSchoolFileMasterSerializer,
responses={
201: RegistrationSchoolFileMasterSerializer,
400: "Données invalides"
}
)
def post(self, request):
logger.info(f"raw request.data: {request.data}")
payload, resp = util.build_payload_from_request(request)
if resp:
return resp
logger.info(f"payload for serializer: {payload}")
serializer = RegistrationSchoolFileMasterSerializer(data=payload, partial=True)
if serializer.is_valid():
obj = serializer.save()
# Propager la création des templates côté serveur pour les RegistrationForm
try:
groups_qs = obj.groups.all()
if groups_qs.exists():
# Tous les RegistrationForm dont fileGroup est dans les groups du master
rfs = RegistrationForm.objects.filter(fileGroup__in=groups_qs).distinct()
for rf in rfs:
try:
util.create_templates_for_registration_form(rf)
except Exception as e:
logger.exception("Error creating templates for RF %s from master %s: %s", getattr(rf, 'pk', None), getattr(obj, 'pk', None), e)
except Exception:
logger.exception("Error while propagating templates after master creation %s", getattr(obj, 'pk', None))
return Response(RegistrationSchoolFileMasterSerializer(obj).data, status=status.HTTP_201_CREATED)
logger.error(f"serializer errors: {serializer.errors}")
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
class RegistrationSchoolFileMasterSimpleView(APIView):
parser_classes = [MultiPartParser, FormParser, JSONParser]
@swagger_auto_schema(
operation_description="Récupère un master de template d'inscription spécifique",
responses={
200: RegistrationSchoolFileMasterSerializer,
404: "Master non trouvé"
}
)
def get(self, request, id):
master = bdd.getObject(_objectName=RegistrationSchoolFileMaster, _columnName='id', _value=id)
if master is None:
return JsonResponse({"errorMessage":'Le master de template n\'a pas été trouvé'}, safe=False, status=status.HTTP_404_NOT_FOUND)
serializer = RegistrationSchoolFileMasterSerializer(master)
return JsonResponse(serializer.data, safe=False)
@swagger_auto_schema(
operation_description="Met à jour un master de template d'inscription existant",
request_body=RegistrationSchoolFileMasterSerializer,
responses={
200: RegistrationSchoolFileMasterSerializer,
400: "Données invalides",
404: "Master non trouvé"
}
)
def put(self, request, id):
master = bdd.getObject(_objectName=RegistrationSchoolFileMaster, _columnName='id', _value=id)
if master is None:
return JsonResponse({'erreur': "Le master de template n'a pas été trouvé"}, safe=False, status=status.HTTP_404_NOT_FOUND)
# snapshot des groups avant update
old_group_ids = set(master.groups.values_list('id', flat=True))
# Normaliser payload (supporte form-data avec champ 'data' JSON ou fichier JSON)
payload, resp = util.build_payload_from_request(request)
if resp:
return resp
# Garde-fou: eviter d'ecraser un master dynamique existant avec un
# formMasterData vide/malforme (cas observe en multipart).
if 'formMasterData' in payload:
incoming_form_data = payload.get('formMasterData')
current_is_dynamic = (
isinstance(master.formMasterData, dict)
and bool(master.formMasterData.get('fields'))
)
incoming_is_dynamic = (
isinstance(incoming_form_data, dict)
and bool(incoming_form_data.get('fields'))
)
if current_is_dynamic and not incoming_is_dynamic:
logger.warning(
"formMasterData invalide recu pour master %s: conservation de la config dynamique existante",
master.pk,
)
payload['formMasterData'] = master.formMasterData
logger.info(f"payload for update serializer: {payload}")
serializer = RegistrationSchoolFileMasterSerializer(master, data=payload, partial=True)
if serializer.is_valid():
obj = serializer.save()
# groups après update
new_group_ids = set(obj.groups.values_list('id', flat=True))
removed_group_ids = old_group_ids - new_group_ids
added_group_ids = new_group_ids - old_group_ids
# Pour chaque RF appartenant aux groupes retirés -> nettoyer les templates (idempotent)
if removed_group_ids:
logger.info("REMOVE IDs")
try:
rfs_removed = RegistrationForm.objects.filter(fileGroup__in=list(removed_group_ids)).distinct()
for rf in rfs_removed:
try:
util.create_templates_for_registration_form(rf) # supprimera les templates obsolètes
except Exception as e:
logger.exception("Error cleaning templates for RF %s after master %s group removal: %s", getattr(rf, 'pk', None), getattr(obj, 'pk', None), e)
except Exception:
logger.exception("Error while processing RFs for removed groups after master update %s", getattr(obj, 'pk', None))
# Pour chaque RF appartenant aux groupes ajoutés -> créer les templates manquants
if added_group_ids:
logger.info("ADD IDs")
try:
rfs_added = RegistrationForm.objects.filter(fileGroup__in=list(added_group_ids)).distinct()
for rf in rfs_added:
try:
util.create_templates_for_registration_form(rf) # créera les templates manquants
except Exception as e:
logger.exception("Error creating templates for RF %s after master %s group addition: %s", getattr(rf, 'pk', None), getattr(obj, 'pk', None), e)
except Exception:
logger.exception("Error while processing RFs for added groups after master update %s", getattr(obj, 'pk', None))
return Response(serializer.data, status=status.HTTP_200_OK)
logger.error(f"serializer errors on put: {serializer.errors}")
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
@swagger_auto_schema(
operation_description="Supprime un master de template d'inscription",
responses={
204: "Suppression réussie",
404: "Master non trouvé"
}
)
def delete(self, request, id):
master = bdd.getObject(_objectName=RegistrationSchoolFileMaster, _columnName='id', _value=id)
if master is not None:
# Supprimer tous les templates liés et leurs fichiers PDF
templates = RegistrationSchoolFileTemplate.objects.filter(master=master)
for template in templates:
if template.file and template.file.name:
template.file.delete(save=False)
template.delete()
master.delete()
return JsonResponse({'message': 'La suppression du master de template et des fichiers associés a été effectuée avec succès'}, safe=False, status=status.HTTP_200_OK)
else:
return JsonResponse({'erreur': 'Le master de template n\'a pas été trouvé'}, safe=False, status=status.HTTP_404_NOT_FOUND)

247
Back-End/Subscriptions/views/registration_school_file_templates_views.py Normal file
View File

@ -0,0 +1,247 @@
from django.http.response import JsonResponse
from drf_yasg.utils import swagger_auto_schema
from drf_yasg import openapi
from rest_framework.response import Response
from rest_framework.views import APIView
from rest_framework import status
import os
import glob
from Subscriptions.serializers import RegistrationSchoolFileTemplateSerializer
from Subscriptions.models import RegistrationSchoolFileTemplate
from N3wtSchool import bdd
import logging
from rest_framework.parsers import MultiPartParser, FormParser, JSONParser
import Subscriptions.util as util
logger = logging.getLogger(__name__)
def _extract_nested_responses(data, max_depth=8):
"""Extrait le dictionnaire de reponses depuis des structures imbriquees."""
current = data
for _ in range(max_depth):
if not isinstance(current, dict):
return None
nested = current.get("responses")
if isinstance(nested, dict):
current = nested
continue
return current
return current if isinstance(current, dict) else None
class RegistrationSchoolFileTemplateView(APIView):
@swagger_auto_schema(
operation_description="Récupère tous les templates d'inscription pour un établissement donné",
manual_parameters=[
openapi.Parameter(
'establishment_id',
openapi.IN_QUERY,
description="ID de l'établissement",
type=openapi.TYPE_INTEGER,
required=True
)
],
responses={200: RegistrationSchoolFileTemplateSerializer(many=True)}
)
def get(self, request):
establishment_id = request.GET.get('establishment_id')
if not establishment_id:
return Response({'error': "Paramètre 'establishment_id' requis"}, status=status.HTTP_400_BAD_REQUEST)
# Filtrer les templates liés à l'établissement via master.groups.establishment
templates = RegistrationSchoolFileTemplate.objects.filter(
master__groups__establishment__id=establishment_id
).distinct()
serializer = RegistrationSchoolFileTemplateSerializer(templates, many=True)
return Response(serializer.data)
@swagger_auto_schema(
operation_description="Crée un nouveau template d'inscription",
request_body=RegistrationSchoolFileTemplateSerializer,
responses={
201: RegistrationSchoolFileTemplateSerializer,
400: "Données invalides"
}
)
def post(self, request):
serializer = RegistrationSchoolFileTemplateSerializer(data=request.data)
if serializer.is_valid():
serializer.save()
return Response(serializer.data, status=status.HTTP_201_CREATED)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
class RegistrationSchoolFileTemplateSimpleView(APIView):
parser_classes = [MultiPartParser, FormParser, JSONParser]
@swagger_auto_schema(
operation_description="Récupère un template d'inscription spécifique",
responses={
200: RegistrationSchoolFileTemplateSerializer,
404: "Template non trouvé"
}
)
def get(self, request, id):
template = bdd.getObject(_objectName=RegistrationSchoolFileTemplate, _columnName='id', _value=id)
if template is None:
return JsonResponse({"errorMessage":'Le template d\'inscription n\'a pas été trouvé'}, safe=False, status=status.HTTP_404_NOT_FOUND)
serializer = RegistrationSchoolFileTemplateSerializer(template)
return JsonResponse(serializer.data, safe=False)
@swagger_auto_schema(
operation_description="Met à jour un template d'inscription existant",
request_body=RegistrationSchoolFileTemplateSerializer,
responses={
200: RegistrationSchoolFileTemplateSerializer,
400: "Données invalides",
404: "Template non trouvé"
}
)
def put(self, request, id):
# Normaliser la payload (support form-data avec champ 'data' JSON ou fichier JSON)
payload, resp = util.build_payload_from_request(request)
if resp is not None:
return resp
# Synchroniser fields[].value dans le payload AVANT le serializer (pour les formulaires dynamiques)
formTemplateData = payload.get('formTemplateData')
if formTemplateData and isinstance(formTemplateData, dict):
responses = None
if "responses" in formTemplateData:
resp = formTemplateData["responses"]
responses = _extract_nested_responses(resp)
# Nettoyer les meta-cles qui ne sont pas des reponses de champs
if isinstance(responses, dict):
cleaned = {
key: value
for key, value in responses.items()
if key not in {"responses", "formId", "id", "templateId"}
}
responses = cleaned
if responses and "fields" in formTemplateData:
for field in formTemplateData["fields"]:
field_id = field.get("id")
if field_id and field_id in responses:
field["value"] = responses[field_id]
# Stocker les reponses aplaties pour eviter l'empilement responses.responses
if isinstance(responses, dict):
formTemplateData["responses"] = responses
payload['formTemplateData'] = formTemplateData
template = bdd.getObject(_objectName=RegistrationSchoolFileTemplate, _columnName='id', _value=id)
if template is None:
return JsonResponse({'erreur': 'Le template d\'inscription n\'a pas été trouvé'}, safe=False, status=status.HTTP_404_NOT_FOUND)
# Cas 1 : Upload d'un fichier existant (PDF/image)
if 'file' in request.FILES:
upload = request.FILES['file']
file_field = template.file
upload_name = upload.name
upload_dir = os.path.dirname(file_field.path) if file_field and file_field.name else None
if upload_dir:
base_name, _ = os.path.splitext(upload_name)
pattern = os.path.join(upload_dir, f"{base_name}.*")
for f in glob.glob(pattern):
try:
if os.path.exists(f):
os.remove(f)
logger.info(f"Suppression du fichier existant (pattern): {f}")
except Exception as e:
logger.error(f"Erreur suppression fichier existant (pattern): {e}")
target_path = os.path.join(upload_dir, upload_name)
if os.path.exists(target_path):
try:
os.remove(target_path)
except Exception as e:
logger.error(f"Erreur suppression fichier cible: {e}")
# On écrase le fichier existant sans passer par le serializer
template.file.save(upload_name, upload, save=True)
return Response({'message': 'Template mis à jour avec succès', 'data': RegistrationSchoolFileTemplateSerializer(template).data}, status=status.HTTP_200_OK)
# Cas 2 : Formulaire dynamique (JSON)
serializer = RegistrationSchoolFileTemplateSerializer(template, data=payload, partial=True)
if serializer.is_valid():
serializer.save()
# Régénérer le PDF si besoin
formTemplateData = serializer.validated_data.get('formTemplateData')
if (
formTemplateData
and isinstance(formTemplateData, dict)
and formTemplateData.get("fields")
and hasattr(template, "file")
):
# Lire le contenu du fichier source en mémoire AVANT suppression.
# Priorité au fichier master (document source admin) pour éviter
# de re-générer à partir d'un PDF template déjà enrichi.
base_pdf_content = None
base_file_ext = None
if template.master and template.master.file and template.master.file.name:
base_file_ext = os.path.splitext(template.master.file.name)[1].lower()
try:
template.master.file.open('rb')
base_pdf_content = template.master.file.read()
template.master.file.close()
except Exception as e:
logger.error(f"Erreur lecture fichier source master: {e}")
elif template.file and template.file.name:
base_file_ext = os.path.splitext(template.file.name)[1].lower()
try:
template.file.open('rb')
base_pdf_content = template.file.read()
template.file.close()
except Exception as e:
logger.error(f"Erreur lecture fichier source template: {e}")
try:
old_path = template.file.path
template.file.delete(save=False)
if os.path.exists(old_path):
os.remove(old_path)
except Exception as e:
logger.error(f"Erreur lors de la suppression du fichier existant: {e}")
from Subscriptions.util import generate_form_json_pdf
pdf_file = generate_form_json_pdf(
template.registration_form,
formTemplateData,
base_pdf_content=base_pdf_content,
base_file_ext=base_file_ext,
)
form_name = (formTemplateData.get("title") or template.name or f"formulaire_{template.id}").strip().replace(" ", "_")
pdf_filename = f"{form_name}.pdf"
util.save_file_field_without_suffix(
template,
'file',
pdf_filename,
pdf_file,
save=True,
)
return Response({'message': 'Template mis à jour avec succès', 'data': serializer.data}, status=status.HTTP_200_OK)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
@swagger_auto_schema(
operation_description="Supprime un template d'inscription",
responses={
204: "Suppression réussie",
404: "Template non trouvé"
}
)
def delete(self, request, id):
template = bdd.getObject(_objectName=RegistrationSchoolFileTemplate, _columnName='id', _value=id)
if template is not None:
# Suppression du fichier PDF associé
if template.file and template.file.name:
file_path = template.file.path
template.file.delete(save=False)
# Vérification post-suppression
if os.path.exists(file_path):
try:
os.remove(file_path)
logger.info(f"Fichier supprimé manuellement: {file_path}")
except Exception as e:
logger.error(f"Erreur lors de la suppression manuelle du fichier: {e}")
template.delete()
return JsonResponse({'message': 'La suppression du template a été effectuée avec succès'}, safe=False, status=status.HTTP_204_NO_CONTENT)
else:
return JsonResponse({'erreur': 'Le template n\'a pas été trouvé'}, safe=False, status=status.HTTP_404_NOT_FOUND)

32
Back-End/Subscriptions/views/student_competencies_views.py
View File

@ -175,13 +175,43 @@ class StudentCompetencyListCreateView(APIView):
domaine_dict["categories"].append(categorie_dict) domaine_dict["categories"].append(categorie_dict)
if domaine_dict["categories"]: if domaine_dict["categories"]:
result.append(domaine_dict) result.append(domaine_dict)
establishment = None
if student.associated_class and student.associated_class.establishment:
establishment = student.associated_class.establishment
else:
try:
establishment = student.registrationform.establishment
except Exception:
establishment = None
establishment_logo_path = None
if establishment and establishment.logo:
try:
if establishment.logo.path and os.path.exists(establishment.logo.path):
establishment_logo_path = establishment.logo.path
except Exception:
establishment_logo_path = None
n3wt_logo_path = os.path.join(settings.BASE_DIR, 'static', 'img', 'logo_min.svg')
if not os.path.exists(n3wt_logo_path):
n3wt_logo_path = None
context = { context = {
"student": { "student": {
"first_name": student.first_name, "first_name": student.first_name,
"last_name": student.last_name, "last_name": student.last_name,
"level": student.level, "level": student.level,
"class_name": student.associated_class.atmosphere_name, "class_name": student.associated_class.atmosphere_name if student.associated_class else "Non assignée",
},
"establishment": {
"name": establishment.name if establishment else "Établissement",
"address": establishment.address if establishment else "",
"logo_path": establishment_logo_path,
},
"product": {
"name": "n3wt-school",
"logo_path": n3wt_logo_path,
}, },
"period": period, "period": period,
"date": date.today().strftime("%d/%m/%Y"), "date": date.today().strftime("%d/%m/%Y"),

10
Back-End/Subscriptions/views/student_views.py
View File

@ -54,6 +54,12 @@ class StudentListView(APIView):
description="ID de l'établissement", description="ID de l'établissement",
type=openapi.TYPE_INTEGER, type=openapi.TYPE_INTEGER,
required=True required=True
),
openapi.Parameter(
'school_year', openapi.IN_QUERY,
description="Année scolaire (ex: 2025-2026)",
type=openapi.TYPE_STRING,
required=False
) )
] ]
) )
@ -61,6 +67,7 @@ class StudentListView(APIView):
def get(self, request): def get(self, request):
establishment_id = request.GET.get('establishment_id', None) establishment_id = request.GET.get('establishment_id', None)
status_filter = request.GET.get('status', None) # Nouveau filtre optionnel status_filter = request.GET.get('status', None) # Nouveau filtre optionnel
school_year_filter = request.GET.get('school_year', None) # Filtre année scolaire
if establishment_id is None: if establishment_id is None:
return JsonResponse({'error': 'establishment_id est requis'}, safe=False, status=status.HTTP_400_BAD_REQUEST) return JsonResponse({'error': 'establishment_id est requis'}, safe=False, status=status.HTTP_400_BAD_REQUEST)
@ -70,6 +77,9 @@ class StudentListView(APIView):
if status_filter: if status_filter:
students_qs = students_qs.filter(registrationform__status=status_filter) students_qs = students_qs.filter(registrationform__status=status_filter)
if school_year_filter:
students_qs = students_qs.filter(registrationform__school_year=school_year_filter)
students_qs = students_qs.distinct() students_qs = students_qs.distinct()
students_serializer = StudentByRFCreationSerializer(students_qs, many=True) students_serializer = StudentByRFCreationSerializer(students_qs, many=True)
return JsonResponse(students_serializer.data, safe=False) return JsonResponse(students_serializer.data, safe=False)

BIN
Back-End/requirements.txt
View File

Binary file not shown.

2
Back-End/runTests.sh Executable file
View File

@ -0,0 +1,2 @@
#!/bin/bash
docker exec -it n3wt-school-backend-1 python3 manage.py test --settings=N3wtSchool.test_settings Auth.tests

117
Back-End/start.py
View File

@ -1,5 +1,6 @@
import subprocess import subprocess
import os import os
from watchfiles import run_process
def run_command(command): def run_command(command):
process = subprocess.Popen(command, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE) process = subprocess.Popen(command, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
@ -10,21 +11,33 @@ def run_command(command):
print(f"stderr: {stderr.decode()}") print(f"stderr: {stderr.decode()}")
return process.returncode return process.returncode
test_mode = os.getenv('test_mode', 'false').lower() == 'true' test_mode = os.getenv('TEST_MODE', 'false').lower() == 'true'
flush_data = os.getenv('FLUSH_DATA', 'false').lower() == 'true'
migrate_data = os.getenv('MIGRATE_DATA', 'false').lower() == 'true'
watch_mode = os.getenv('DJANGO_WATCH', 'false').lower() == 'true'
collect_static_cmd = [
["python", "manage.py", "collectstatic", "--noinput"]
]
flush_data_cmd = [
["python", "manage.py", "flush", "--noinput"]
]
migrate_commands = [
["python", "manage.py", "makemigrations", "Common", "--noinput"],
["python", "manage.py", "makemigrations", "Establishment", "--noinput"],
["python", "manage.py", "makemigrations", "Settings", "--noinput"],
["python", "manage.py", "makemigrations", "Subscriptions", "--noinput"],
["python", "manage.py", "makemigrations", "Planning", "--noinput"],
["python", "manage.py", "makemigrations", "GestionNotification", "--noinput"],
["python", "manage.py", "makemigrations", "GestionEmail", "--noinput"],
["python", "manage.py", "makemigrations", "GestionMessagerie", "--noinput"],
["python", "manage.py", "makemigrations", "Auth", "--noinput"],
["python", "manage.py", "makemigrations", "School", "--noinput"]
]
commands = [ commands = [
["python", "manage.py", "collectstatic", "--noinput"],
#["python", "manage.py", "flush", "--noinput"],
# ["python", "manage.py", "makemigrations", "Common", "--noinput"],
# ["python", "manage.py", "makemigrations", "Establishment", "--noinput"],
# ["python", "manage.py", "makemigrations", "Settings", "--noinput"],
# ["python", "manage.py", "makemigrations", "Subscriptions", "--noinput"],
# ["python", "manage.py", "makemigrations", "Planning", "--noinput"],
# ["python", "manage.py", "makemigrations", "GestionNotification", "--noinput"],
# ["python", "manage.py", "makemigrations", "GestionEmail", "--noinput"],
# ["python", "manage.py", "makemigrations", "GestionMessagerie", "--noinput"],
# ["python", "manage.py", "makemigrations", "Auth", "--noinput"],
# ["python", "manage.py", "makemigrations", "School", "--noinput"],
["python", "manage.py", "migrate", "--noinput"] ["python", "manage.py", "migrate", "--noinput"]
] ]
@ -32,23 +45,69 @@ test_commands = [
["python", "manage.py", "init_mock_datas"] ["python", "manage.py", "init_mock_datas"]
] ]
for command in commands: def run_daphne():
if run_command(command) != 0: try:
exit(1) result = subprocess.run([
"daphne", "-b", "0.0.0.0", "-p", "8080", "N3wtSchool.asgi:application"
])
return result.returncode
except KeyboardInterrupt:
print("Arrêt de Daphne (KeyboardInterrupt)")
return 0
#if test_mode: if __name__ == "__main__":
# for test_command in test_commands:
# if run_command(test_command) != 0:
# exit(1)
# Lancer les processus en parallèle for command in collect_static_cmd:
if run_command(command) != 0:
exit(1)
processes = [ for command in migrate_commands:
subprocess.Popen(["daphne", "-b", "0.0.0.0", "-p", "8080", "N3wtSchool.asgi:application"]), if run_command(command) != 0:
subprocess.Popen(["celery", "-A", "N3wtSchool", "worker", "--loglevel=info"]), exit(1)
subprocess.Popen(["celery", "-A", "N3wtSchool", "beat", "--loglevel=info", "--scheduler", "django_celery_beat.schedulers:DatabaseScheduler"])
]
# Attendre la fin des processus for command in commands:
for process in processes: if run_command(command) != 0:
process.wait() exit(1)
if flush_data:
for command in flush_data_cmd:
if run_command(command) != 0:
exit(1)
if test_mode:
for test_command in test_commands:
if run_command(test_command) != 0:
exit(1)
if watch_mode:
celery_worker = subprocess.Popen(["celery", "-A", "N3wtSchool", "worker", "--loglevel=info"])
celery_beat = subprocess.Popen(["celery", "-A", "N3wtSchool", "beat", "--loglevel=info", "--scheduler", "django_celery_beat.schedulers:DatabaseScheduler"])
try:
run_process(
'.',
target=run_daphne
)
except KeyboardInterrupt:
print("Arrêt demandé (KeyboardInterrupt)")
finally:
celery_worker.terminate()
celery_beat.terminate()
celery_worker.wait()
celery_beat.wait()
else:
processes = [
subprocess.Popen([
"daphne", "-b", "0.0.0.0", "-p", "8080", "N3wtSchool.asgi:application"
]),
subprocess.Popen(["celery", "-A", "N3wtSchool", "worker", "--loglevel=info"]),
subprocess.Popen(["celery", "-A", "N3wtSchool", "beat", "--loglevel=info", "--scheduler", "django_celery_beat.schedulers:DatabaseScheduler"])
]
try:
for process in processes:
process.wait()
except KeyboardInterrupt:
print("Arrêt demandé (KeyboardInterrupt)")
for process in processes:
process.terminate()
for process in processes:
process.wait()

7
Back-End/static/img/n3wt.svg Normal file
View File

@ -0,0 +1,7 @@
<svg xmlns="http://www.w3.org/2000/svg" width="420" height="120" viewBox="0 0 420 120" role="img" aria-label="n3wt-school">
<rect width="420" height="120" rx="16" fill="#F0FDF4"/>
<circle cx="56" cy="60" r="30" fill="#10B981"/>
<path d="M42 60h28M56 46v28" stroke="#064E3B" stroke-width="8" stroke-linecap="round"/>
<text x="104" y="70" font-family="Arial, sans-serif" font-size="42" font-weight="700" fill="#064E3B">n3wt</text>
<text x="245" y="70" font-family="Arial, sans-serif" font-size="30" font-weight="600" fill="#059669">school</text>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 561 B

91
CLAUDE.md Normal file
View File

@ -0,0 +1,91 @@
# CLAUDE.md — N3WT-SCHOOL
Instructions permanentes pour Claude Code sur ce projet.
## Architecture
- **Backend** : Python / Django — dossier `Back-End/`
- **Frontend** : Next.js 14 (App Router) — dossier `Front-End/`
- **Tests frontend** : `Front-End/src/test/`
- **CSS** : Tailwind CSS 3 + `@tailwindcss/forms`
## Design System
Le design system complet est dans [`docs/design-system.md`](docs/design-system.md). À lire et appliquer systématiquement.
### Tokens de couleur (Tailwind)
| Token | Hex | Usage |
|-------------|-----------|------------------------------------|
| `primary` | `#059669` | Boutons, CTA, éléments actifs |
| `secondary` | `#064E3B` | Hover, accents sombres |
| `tertiary` | `#10B981` | Badges, icônes d'accent |
| `neutral` | `#F8FAFC` | Fonds de page, surfaces |
> **Règle absolue** : ne jamais utiliser `emerald-*`, `green-*` pour les éléments interactifs. Utiliser les tokens ci-dessus.
### Typographie
- `font-headline` → titres `h1`/`h2`/`h3` (Manrope)
- `font-body` → texte courant, défaut sur `<body>` (Inter)
- `font-label` → boutons, labels de form (Inter)
### Arrondi & Espacement
- Arrondi par défaut : `rounded` (4px)
- Espacement : grille 4px/8px — pas de valeurs arbitraires
- Mode : **light uniquement**, pas de dark mode
## Conventions de code
### Frontend (Next.js)
- **Composants** : React fonctionnels, pas de classes
- **Styles** : Tailwind CSS uniquement — pas de CSS inline sauf animations
- **Icônes** : `lucide-react`
- **i18n** : `next-intl` — toutes les chaînes UI via `useTranslations()`
- **Formulaires** : `react-hook-form`
- **Imports** : alias `@/` pointe vers `Front-End/src/`
### Qualité
- Linting : ESLint (`npm run lint` dans `Front-End/`)
- Format : Prettier
- Tests : Jest + React Testing Library (`Front-End/src/test/`)
## Gestion des branches
- Base : `develop`
- Nomenclature : `<type>-<nom_ticket>-<numero>` (ex: `feat-ma-feature-1234`)
- Types : `feat`, `fix`, `docs`, `style`, `refactor`, `test`, `chore`
## Icônes
Utiliser **uniquement `lucide-react`** — jamais d'autre bibliothèque d'icônes.
```jsx
import { Home, Plus } from 'lucide-react';
<Home size={20} className="text-primary" />
```
## Responsive & PWA
- **Mobile-first** : styles de base = mobile, breakpoints `sm:`/`md:`/`lg:` pour agrandir.
- Touch targets ≥ 44px (`min-h-[44px]`) sur tous les éléments interactifs.
- Pas d'interactions uniquement au `:hover` — prévoir l'équivalent tactile.
- Les tableaux utilisent la classe `responsive-table` sur mobile.
## Réutilisation des composants
Avant de créer un composant, **vérifier `Front-End/src/components/`**.
Composants disponibles : `AlertMessage`, `Modal`, `Pagination`, `SectionHeader`, `ProgressStep`, `EventCard`, `Calendar/*`, `Chat/*`, `Evaluation/*`, `Grades/*`, `Form/*`, `Admin/*`, `Charts/*`.
## À éviter
- Ne pas ajouter de dépendances inutiles
- Ne pas modifier `package-lock.json` / `yarn.lock` manuellement
- Ne pas committer sans avoir vérifié ESLint et les tests
- Ne pas utiliser de CSS arbitraire (`p-[13px]`) sauf cas justifié
- Ne pas ajouter de support dark mode
- Ne pas utiliser d'autres bibliothèques d'icônes que `lucide-react`
- Ne pas créer un composant qui existe déjà dans `components/`

4
Front-End/.babelrc
View File

@ -1,4 +0,0 @@
{
"presets": ["next/babel"],
"plugins": []
}

21
Front-End/messages/en/feedback.json Normal file
View File

@ -0,0 +1,21 @@
{
"title": "Feedback",
"description": "Share your feedback, report a bug, or suggest an improvement. We read every message!",
"category_label": "Category",
"category_placeholder": "Select a category",
"category_bug": "Report a bug",
"category_feature": "Suggest a feature",
"category_question": "Ask a question",
"category_other": "Other",
"subject_label": "Subject",
"subject_placeholder": "Summarize your request",
"message_label": "Message",
"message_placeholder": "Describe your feedback in detail...",
"send": "Send",
"sending": "Sending...",
"success": "Success",
"success_message": "Your feedback has been sent. Thank you!",
"error": "Error",
"error_required_fields": "Please fill in all required fields.",
"error_sending": "An error occurred while sending your feedback."
}

3
Front-End/messages/en/sidebar.json
View File

@ -7,5 +7,6 @@
"educational_monitoring": "Educational Monitoring", "educational_monitoring": "Educational Monitoring",
"settings": "Settings", "settings": "Settings",
"schoolAdmin": "School Administration", "schoolAdmin": "School Administration",
"messagerie": "Messenger" "messagerie": "Messenger",
"feedback": "Feedback"
} }

21
Front-End/messages/fr/feedback.json Normal file
View File

@ -0,0 +1,21 @@
{
"title": "Feedback",
"description": "Partagez vos retours, signalez un bug ou proposez une amélioration. Nous lisons chaque message !",
"category_label": "Catégorie",
"category_placeholder": "Sélectionnez une catégorie",
"category_bug": "Signaler un bug",
"category_feature": "Proposer une fonctionnalité",
"category_question": "Poser une question",
"category_other": "Autre",
"subject_label": "Sujet",
"subject_placeholder": "Résumez votre demande",
"message_label": "Message",
"message_placeholder": "Décrivez en détail votre retour...",
"send": "Envoyer",
"sending": "Envoi en cours...",
"success": "Succès",
"success_message": "Votre feedback a bien été envoyé. Merci !",
"error": "Erreur",
"error_required_fields": "Veuillez remplir tous les champs obligatoires.",
"error_sending": "Une erreur est survenue lors de l'envoi du feedback."
}

3
Front-End/messages/fr/sidebar.json
View File

@ -7,5 +7,6 @@
"educational_monitoring": "Suivi pédagogique", "educational_monitoring": "Suivi pédagogique",
"settings": "Paramètres", "settings": "Paramètres",
"schoolAdmin": "Administration Scolaire", "schoolAdmin": "Administration Scolaire",
"messagerie": "Messagerie" "messagerie": "Messagerie",
"feedback": "Feedback"
} }

5
Front-End/next.config.mjs
View File

@ -42,14 +42,9 @@ const nextConfig = {
NEXT_PUBLIC_USE_FAKE_DATA: process.env.NEXT_PUBLIC_USE_FAKE_DATA || 'false', NEXT_PUBLIC_USE_FAKE_DATA: process.env.NEXT_PUBLIC_USE_FAKE_DATA || 'false',
AUTH_SECRET: process.env.AUTH_SECRET || 'false', AUTH_SECRET: process.env.AUTH_SECRET || 'false',
NEXTAUTH_URL: process.env.NEXTAUTH_URL || 'http://localhost:3000', NEXTAUTH_URL: process.env.NEXTAUTH_URL || 'http://localhost:3000',
DOCUSEAL_API_KEY: process.env.DOCUSEAL_API_KEY,
}, },
async rewrites() { async rewrites() {
return [ return [
{
source: '/api/documents/:path*',
destination: 'https://api.docuseal.com/v1/documents/:path*',
},
{ {
source: '/api/auth/:path*', source: '/api/auth/:path*',
destination: '/api/auth/:path*', // Exclure les routes NextAuth des réécritures de proxy destination: '/api/auth/:path*', // Exclure les routes NextAuth des réécritures de proxy

37
Front-End/package-lock.json generated
View File

@ -1,14 +1,13 @@
{ {
"name": "n3wt-school-front-end", "name": "n3wt-school-front-end",
"version": "0.0.1", "version": "0.0.3",
"lockfileVersion": 2, "lockfileVersion": 2,
"requires": true, "requires": true,
"packages": { "packages": {
"": { "": {
"name": "n3wt-school-front-end", "name": "n3wt-school-front-end",
"version": "0.0.1", "version": "0.0.3",
"dependencies": { "dependencies": {
"@docuseal/react": "^1.0.56",
"@radix-ui/react-dialog": "^1.1.2", "@radix-ui/react-dialog": "^1.1.2",
"@tailwindcss/forms": "^0.5.9", "@tailwindcss/forms": "^0.5.9",
"date-fns": "^4.1.0", "date-fns": "^4.1.0",
@ -29,6 +28,7 @@
"react-dnd": "^16.0.1", "react-dnd": "^16.0.1",
"react-dnd-html5-backend": "^16.0.1", "react-dnd-html5-backend": "^16.0.1",
"react-dom": "^18", "react-dom": "^18",
"react-hook-form": "^7.62.0",
"react-international-phone": "^4.5.0", "react-international-phone": "^4.5.0",
"react-quill": "^2.0.0", "react-quill": "^2.0.0",
"react-tooltip": "^5.28.0" "react-tooltip": "^5.28.0"
@ -536,11 +536,6 @@
"integrity": "sha512-0hYQ8SB4Db5zvZB4axdMHGwEaQjkZzFjQiN9LVYvIFB2nSUHW9tYpxWriPrWDASIxiaXax83REcLxuSdnGPZtw==", "integrity": "sha512-0hYQ8SB4Db5zvZB4axdMHGwEaQjkZzFjQiN9LVYvIFB2nSUHW9tYpxWriPrWDASIxiaXax83REcLxuSdnGPZtw==",
"dev": true "dev": true
}, },
"node_modules/@docuseal/react": {
"version": "1.0.66",
"resolved": "https://registry.npmjs.org/@docuseal/react/-/react-1.0.66.tgz",
"integrity": "sha512-rYG58gv8Uw1cTtjbHdgWgWBWpLMbIwDVsS3kN27w4sz/eDJilZieePUDS4eLKJ8keBN05BSjxD/iWQpaTBKZLg=="
},
"node_modules/@eslint-community/eslint-utils": { "node_modules/@eslint-community/eslint-utils": {
"version": "4.7.0", "version": "4.7.0",
"resolved": "https://registry.npmjs.org/@eslint-community/eslint-utils/-/eslint-utils-4.7.0.tgz", "resolved": "https://registry.npmjs.org/@eslint-community/eslint-utils/-/eslint-utils-4.7.0.tgz",
@ -8834,6 +8829,21 @@
"react": "^18.3.1" "react": "^18.3.1"
} }
}, },
"node_modules/react-hook-form": {
"version": "7.62.0",
"resolved": "https://registry.npmjs.org/react-hook-form/-/react-hook-form-7.62.0.tgz",
"integrity": "sha512-7KWFejc98xqG/F4bAxpL41NB3o1nnvQO1RWZT3TqRZYL8RryQETGfEdVnJN2fy1crCiBLLjkRBVK05j24FxJGA==",
"engines": {
"node": ">=18.0.0"
},
"funding": {
"type": "opencollective",
"url": "https://opencollective.com/react-hook-form"
},
"peerDependencies": {
"react": "^16.8.0 || ^17 || ^18 || ^19"
}
},
"node_modules/react-international-phone": { "node_modules/react-international-phone": {
"version": "4.5.0", "version": "4.5.0",
"resolved": "https://registry.npmjs.org/react-international-phone/-/react-international-phone-4.5.0.tgz", "resolved": "https://registry.npmjs.org/react-international-phone/-/react-international-phone-4.5.0.tgz",
@ -11253,11 +11263,6 @@
"integrity": "sha512-0hYQ8SB4Db5zvZB4axdMHGwEaQjkZzFjQiN9LVYvIFB2nSUHW9tYpxWriPrWDASIxiaXax83REcLxuSdnGPZtw==", "integrity": "sha512-0hYQ8SB4Db5zvZB4axdMHGwEaQjkZzFjQiN9LVYvIFB2nSUHW9tYpxWriPrWDASIxiaXax83REcLxuSdnGPZtw==",
"dev": true "dev": true
}, },
"@docuseal/react": {
"version": "1.0.66",
"resolved": "https://registry.npmjs.org/@docuseal/react/-/react-1.0.66.tgz",
"integrity": "sha512-rYG58gv8Uw1cTtjbHdgWgWBWpLMbIwDVsS3kN27w4sz/eDJilZieePUDS4eLKJ8keBN05BSjxD/iWQpaTBKZLg=="
},
"@eslint-community/eslint-utils": { "@eslint-community/eslint-utils": {
"version": "4.7.0", "version": "4.7.0",
"resolved": "https://registry.npmjs.org/@eslint-community/eslint-utils/-/eslint-utils-4.7.0.tgz", "resolved": "https://registry.npmjs.org/@eslint-community/eslint-utils/-/eslint-utils-4.7.0.tgz",
@ -17160,6 +17165,12 @@
"scheduler": "^0.23.2" "scheduler": "^0.23.2"
} }
}, },
"react-hook-form": {
"version": "7.62.0",
"resolved": "https://registry.npmjs.org/react-hook-form/-/react-hook-form-7.62.0.tgz",
"integrity": "sha512-7KWFejc98xqG/F4bAxpL41NB3o1nnvQO1RWZT3TqRZYL8RryQETGfEdVnJN2fy1crCiBLLjkRBVK05j24FxJGA==",
"requires": {}
},
"react-international-phone": { "react-international-phone": {
"version": "4.5.0", "version": "4.5.0",
"resolved": "https://registry.npmjs.org/react-international-phone/-/react-international-phone-4.5.0.tgz", "resolved": "https://registry.npmjs.org/react-international-phone/-/react-international-phone-4.5.0.tgz",

8
Front-End/package.json
View File

@ -14,7 +14,6 @@
"test:coverage": "jest --coverage" "test:coverage": "jest --coverage"
}, },
"dependencies": { "dependencies": {
"@docuseal/react": "^1.0.56",
"@radix-ui/react-dialog": "^1.1.2", "@radix-ui/react-dialog": "^1.1.2",
"@tailwindcss/forms": "^0.5.9", "@tailwindcss/forms": "^0.5.9",
"date-fns": "^4.1.0", "date-fns": "^4.1.0",
@ -35,19 +34,20 @@
"react-dnd": "^16.0.1", "react-dnd": "^16.0.1",
"react-dnd-html5-backend": "^16.0.1", "react-dnd-html5-backend": "^16.0.1",
"react-dom": "^18", "react-dom": "^18",
"react-hook-form": "^7.62.0",
"react-international-phone": "^4.5.0", "react-international-phone": "^4.5.0",
"react-quill": "^2.0.0", "react-quill": "^2.0.0",
"react-tooltip": "^5.28.0" "react-tooltip": "^5.28.0"
}, },
"devDependencies": { "devDependencies": {
"@testing-library/react": "^13.4.0",
"@testing-library/jest-dom": "^5.16.5", "@testing-library/jest-dom": "^5.16.5",
"@testing-library/react": "^13.4.0",
"@testing-library/user-event": "^14.4.3", "@testing-library/user-event": "^14.4.3",
"jest": "^29.7.0",
"jest-environment-jsdom": "^29.7.0",
"autoprefixer": "^10.4.20", "autoprefixer": "^10.4.20",
"eslint": "^8", "eslint": "^8",
"eslint-config-next": "14.2.11", "eslint-config-next": "14.2.11",
"jest": "^29.7.0",
"jest-environment-jsdom": "^29.7.0",
"postcss": "^8.4.47", "postcss": "^8.4.47",
"tailwindcss": "^3.4.14" "tailwindcss": "^3.4.14"
} }

4
Front-End/public/icons/icon.svg Normal file
View File

@ -0,0 +1,4 @@
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512">
<rect width="512" height="512" rx="80" fill="#10b981"/>
<text x="50%" y="54%" dominant-baseline="middle" text-anchor="middle" font-family="Arial, sans-serif" font-weight="bold" font-size="220" fill="white">N3</text>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 289 B

Some files were not shown because too many files have changed in this diff Show More