ScoDoc/ScoDoc
ScoDoc
/
ScoDoc
6
2
Fork 15
Code Issues 143 Pull Requests Projects 3 Releases 128 Wiki Activity

Configuration: éditeur de rôles et permissions

This commit is contained in:
Emmanuel Viennet 2023-09-29 21:17:31 +02:00
parent db062d5b4a
commit 18263678c2
79 changed files with 910 additions and 561 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
app/api/assiduites.py
View File

@ -451,7 +451,7 @@ def count_assiduites_formsemestre(
@scodoc
@as_json
@login_required
@permission_required(Permission.ScoAbsChange)
@permission_required(Permission.AbsChange)
def assiduite_create(etudid: int = None, nip=None, ine=None):
"""
Création d'une assiduité pour l'étudiant (etudid)
@ -506,7 +506,7 @@ def assiduite_create(etudid: int = None, nip=None, ine=None):
@scodoc
@as_json
@login_required
@permission_required(Permission.ScoAbsChange)
@permission_required(Permission.AbsChange)
def assiduites_create():
"""
Création d'une assiduité ou plusieurs assiduites
@ -648,7 +648,7 @@ def _create_singular(
@login_required
@scodoc
@as_json
@permission_required(Permission.ScoAbsChange)
@permission_required(Permission.AbsChange)
def assiduite_delete():
"""
Suppression d'une assiduité à partir de son id
@ -700,7 +700,7 @@ def _delete_singular(assiduite_id: int, database):
@login_required
@scodoc
@as_json
@permission_required(Permission.ScoAbsChange)
@permission_required(Permission.AbsChange)
def assiduite_edit(assiduite_id: int):
"""
Edition d'une assiduité à partir de son id
@ -740,7 +740,7 @@ def assiduite_edit(assiduite_id: int):
@login_required
@scodoc
@as_json
@permission_required(Permission.ScoAbsChange)
@permission_required(Permission.AbsChange)
def assiduites_edit():
"""
Edition de plusieurs assiduités

4
app/api/billets_absences.py
View File

@ -38,7 +38,7 @@ def billets_absence_etudiant(etudid: int):
@api_web_bp.route("/billets_absence/create", methods=["POST"])
@login_required
@scodoc
@permission_required(Permission.ScoAbsAddBillet)
@permission_required(Permission.AbsAddBillet)
@as_json
def billets_absence_create():
"""Ajout d'un billet d'absence"""
@ -70,7 +70,7 @@ def billets_absence_create():
@api_web_bp.route("/billets_absence/<int:billet_id>/delete", methods=["POST"])
@login_required
@scodoc
@permission_required(Permission.ScoAbsAddBillet)
@permission_required(Permission.AbsAddBillet)
@as_json
def billets_absence_delete(billet_id: int):
"""Suppression d'un billet d'absence"""

4
app/api/etudiants.py
View File

@ -178,11 +178,11 @@ def get_photo_image(etudid: int = None, nip: str = None, ine: str = None):
@api_web_bp.route("/etudiant/etudid/<int:etudid>/photo", methods=["POST"])
@login_required
@scodoc
@permission_required(Permission.ScoEtudChangeAdr)
@permission_required(Permission.EtudChangeAdr)
@as_json
def set_photo_image(etudid: int = None):
"""Enregistre la photo de l'étudiant."""
allowed_depts = current_user.get_depts_with_permission(Permission.ScoEtudChangeAdr)
allowed_depts = current_user.get_depts_with_permission(Permission.EtudChangeAdr)
query = Identite.query.filter_by(id=etudid)
if not None in allowed_depts:
# restreint aux départements autorisés:

6
app/api/evaluations.py
View File

@ -146,7 +146,7 @@ def evaluation_notes(evaluation_id: int):
@api_web_bp.route("/evaluation/<int:evaluation_id>/notes/set", methods=["POST"])
@login_required
@scodoc
@permission_required(Permission.ScoEnsView)
@permission_required(Permission.EnsView)
@as_json
def evaluation_set_notes(evaluation_id: int):
"""Écriture de notes dans une évaluation.
@ -187,7 +187,7 @@ def evaluation_set_notes(evaluation_id: int):
@api_web_bp.route("/moduleimpl/<int:moduleimpl_id>/evaluation/create", methods=["POST"])
@login_required
@scodoc
@permission_required(Permission.ScoEnsView) # permission gérée dans la fonction
@permission_required(Permission.EnsView) # permission gérée dans la fonction
@as_json
def evaluation_create(moduleimpl_id: int):
"""Création d'une évaluation.
@ -251,7 +251,7 @@ def evaluation_create(moduleimpl_id: int):
@api_web_bp.route("/evaluation/<int:evaluation_id>/delete", methods=["POST"])
@login_required
@scodoc
@permission_required(Permission.ScoEnsView) # permission gérée dans la fonction
@permission_required(Permission.EnsView) # permission gérée dans la fonction
@as_json
def evaluation_delete(evaluation_id: int):
"""Suppression d'une évaluation.

6
app/api/formations.py
View File

@ -251,7 +251,7 @@ def referentiel_competences(formation_id: int):
@api_web_bp.route("/set_ue_parcours/<int:ue_id>", methods=["POST"])
@login_required
@scodoc
@permission_required(Permission.ScoChangeFormation)
@permission_required(Permission.EditFormation)
@as_json
def set_ue_parcours(ue_id: int):
"""Associe UE et parcours BUT.
@ -286,7 +286,7 @@ def set_ue_parcours(ue_id: int):
)
@login_required
@scodoc
@permission_required(Permission.ScoChangeFormation)
@permission_required(Permission.EditFormation)
@as_json
def assoc_ue_niveau(ue_id: int, niveau_id: int):
"""Associe l'UE au niveau de compétence"""
@ -315,7 +315,7 @@ def assoc_ue_niveau(ue_id: int, niveau_id: int):
)
@login_required
@scodoc
@permission_required(Permission.ScoChangeFormation)
@permission_required(Permission.EditFormation)
@as_json
def desassoc_ue_niveau(ue_id: int):
"""Désassocie cette UE de son niveau de compétence

12
app/api/jury.py
View File

@ -120,7 +120,7 @@ def _validation_ue_delete(etudid: int, validation_id: int):
# (c'est le cas pour les validations de jury, mais pas pour les "antérieures" non
# rattachées à un formsemestre)
if not g.scodoc_dept: # accès API
if not current_user.has_permission(Permission.ScoEtudInscrit):
if not current_user.has_permission(Permission.EtudInscrit):
return json_error(403, "opération non autorisée (117)")
else:
if validation.formsemestre:
@ -128,7 +128,7 @@ def _validation_ue_delete(etudid: int, validation_id: int):
validation.formsemestre.dept_id != g.scodoc_dept_id
) or not validation.formsemestre.can_edit_jury():
return json_error(403, "opération non autorisée (123)")
elif not current_user.has_permission(Permission.ScoEtudInscrit):
elif not current_user.has_permission(Permission.EtudInscrit):
# Validation non rattachée à un semestre: on doit être chef
return json_error(403, "opération non autorisée (126)")
@ -150,7 +150,7 @@ def _validation_ue_delete(etudid: int, validation_id: int):
)
@login_required
@scodoc
@permission_required(Permission.ScoEtudInscrit)
@permission_required(Permission.EtudInscrit)
@as_json
def autorisation_inscription_delete(etudid: int, validation_id: int):
"Efface cette validation"
@ -178,7 +178,7 @@ def autorisation_inscription_delete(etudid: int, validation_id: int):
)
@login_required
@scodoc
@permission_required(Permission.ScoEtudInscrit)
@permission_required(Permission.EtudInscrit)
@as_json
def validation_rcue_record(etudid: int):
"""Enregistre une validation de RCUE.
@ -305,7 +305,7 @@ def validation_rcue_record(etudid: int):
)
@login_required
@scodoc
@permission_required(Permission.ScoEtudInscrit)
@permission_required(Permission.EtudInscrit)
@as_json
def validation_rcue_delete(etudid: int, validation_id: int):
"Efface cette validation"
@ -333,7 +333,7 @@ def validation_rcue_delete(etudid: int, validation_id: int):
)
@login_required
@scodoc
@permission_required(Permission.ScoEtudInscrit)
@permission_required(Permission.EtudInscrit)
@as_json
def validation_annee_but_delete(etudid: int, validation_id: int):
"Efface cette validation"

16
app/api/justificatifs.py
View File

@ -241,7 +241,7 @@ def justificatifs_formsemestre(formsemestre_id: int, with_query: bool = False):
@scodoc
@login_required
@as_json
@permission_required(Permission.ScoAbsChange)
@permission_required(Permission.AbsChange)
def justif_create(etudid: int = None, nip=None, ine=None):
"""
Création d'un justificatif pour l'étudiant (etudid)
@ -372,7 +372,7 @@ def _create_singular(
@login_required
@scodoc
@as_json
@permission_required(Permission.ScoAbsChange)
@permission_required(Permission.AbsChange)
def justif_edit(justif_id: int):
"""
Edition d'un justificatif à partir de son id
@ -471,7 +471,7 @@ def justif_edit(justif_id: int):
@login_required
@scodoc
@as_json
@permission_required(Permission.ScoAbsChange)
@permission_required(Permission.AbsChange)
def justif_delete():
"""
Suppression d'un justificatif à partir de son id
@ -534,7 +534,7 @@ def _delete_singular(justif_id: int, database):
@scodoc
@login_required
@as_json
@permission_required(Permission.ScoAbsChange)
@permission_required(Permission.AbsChange)
def justif_import(justif_id: int = None):
"""
Importation d'un fichier (création d'archive)
@ -579,7 +579,7 @@ def justif_import(justif_id: int = None):
@api_web_bp.route("/justificatif/<int:justif_id>/export/<filename>", methods=["POST"])
@scodoc
@login_required
@permission_required(Permission.ScoAbsChange)
@permission_required(Permission.AbsChange)
def justif_export(justif_id: int = None, filename: str = None):
"""
Retourne un fichier d'une archive d'un justificatif
@ -610,7 +610,7 @@ def justif_export(justif_id: int = None, filename: str = None):
@scodoc
@login_required
@as_json
@permission_required(Permission.ScoAbsChange)
@permission_required(Permission.AbsChange)
def justif_remove(justif_id: int = None):
"""
Supression d'un fichier ou d'une archive
@ -700,7 +700,7 @@ def justif_list(justif_id: int = None):
for filename in filenames:
if int(filename[1]) == current_user.id or current_user.has_permission(
Permission.ScoJustifView
Permission.AbsJustifView
):
retour["filenames"].append(filename[0])
return retour
@ -712,7 +712,7 @@ def justif_list(justif_id: int = None):
@scodoc
@login_required
@as_json
@permission_required(Permission.ScoAbsChange)
@permission_required(Permission.AbsChange)
def justif_justifies(justif_id: int = None):
"""
Liste assiduite_id justifiées par le justificatif

2
app/api/semset.py
View File

@ -23,7 +23,7 @@
# @api_web_bp.route("/semset/set_periode/<int:semset_id>", methods=["POST"])
# @login_required
# @scodoc
# @permission_required(Permission.ScoEditApo)
# @permission_required(Permission.EditApogee)
# # TODO à modifier pour utiliser @as_json
# def semset_set_periode(semset_id: int):
# "Change la période d'un semset"

28
app/api/users.py
View File

@ -13,7 +13,7 @@ from flask import g, request
from flask_json import as_json
from flask_login import current_user, login_required
from app import db
from app import db, log
from app.api import api_bp as bp, api_web_bp, API_CLIENT_ERROR
from app.scodoc.sco_utils import json_error
from app.auth.models import User, Role, UserRole
@ -29,7 +29,7 @@ from app.scodoc import sco_utils as scu
@api_web_bp.route("/user/<int:uid>")
@login_required
@scodoc
@permission_required(Permission.ScoUsersView)
@permission_required(Permission.UsersView)
@as_json
def user_info(uid: int):
"""
@ -39,7 +39,7 @@ def user_info(uid: int):
if user is None:
return json_error(404, "user not found")
if g.scodoc_dept:
allowed_depts = current_user.get_depts_with_permission(Permission.ScoUsersView)
allowed_depts = current_user.get_depts_with_permission(Permission.UsersView)
if (None not in allowed_depts) and (user.dept not in allowed_depts):
return json_error(404, "user not found")
@ -78,7 +78,7 @@ def users_info_query():
query.join(UserRole, (UserRole.dept == User.dept) | (UserRole.dept == None))
.filter(UserRole.user == current_user)
.join(Role, UserRole.role_id == Role.id)
.filter(Role.permissions.op("&")(Permission.ScoUsersView) != 0)
.filter(Role.permissions.op("&")(Permission.UsersView) != 0)
)
query = query.order_by(User.user_name)
@ -89,7 +89,7 @@ def users_info_query():
@api_web_bp.route("/user/create", methods=["POST"])
@login_required
@scodoc
@permission_required(Permission.ScoUsersAdmin)
@permission_required(Permission.UsersAdmin)
@as_json
def user_create():
"""Création d'un utilisateur
@ -112,7 +112,7 @@ def user_create():
dept = data.get("dept")
if dept == "@all":
dept = None
allowed_depts = current_user.get_depts_with_permission(Permission.ScoUsersAdmin)
allowed_depts = current_user.get_depts_with_permission(Permission.UsersAdmin)
if (None not in allowed_depts) and (dept not in allowed_depts):
return json_error(403, "user_create: departement non autorise")
if (dept is not None) and (
@ -132,7 +132,7 @@ def user_create():
@api_web_bp.route("/user/<int:uid>/edit", methods=["POST"])
@login_required
@scodoc
@permission_required(Permission.ScoUsersAdmin)
@permission_required(Permission.UsersAdmin)
@as_json
def user_edit(uid: int):
"""Modification d'un utilisateur
@ -152,7 +152,7 @@ def user_edit(uid: int):
if dest_dept is not False:
if dest_dept == "@all":
dest_dept = None
allowed_depts = current_user.get_depts_with_permission(Permission.ScoUsersAdmin)
allowed_depts = current_user.get_depts_with_permission(Permission.UsersAdmin)
if (None not in allowed_depts) and (
(orig_dept not in allowed_depts) or (dest_dept not in allowed_depts)
):
@ -177,7 +177,7 @@ def user_edit(uid: int):
@api_web_bp.route("/user/<int:uid>/password", methods=["POST"])
@login_required
@scodoc
@permission_required(Permission.ScoUsersAdmin)
@permission_required(Permission.UsersAdmin)
@as_json
def user_password(uid: int):
"""Modification du mot de passe d'un utilisateur
@ -194,7 +194,7 @@ def user_password(uid: int):
return json_error(404, "user_password: missing password")
if not is_valid_password(password):
return json_error(API_CLIENT_ERROR, "user_password: invalid password")
allowed_depts = current_user.get_depts_with_permission(Permission.ScoUsersAdmin)
allowed_depts = current_user.get_depts_with_permission(Permission.UsersAdmin)
if (None not in allowed_depts) and ((user.dept not in allowed_depts)):
return json_error(403, "user_password: departement non autorise")
user.set_password(password)
@ -271,7 +271,7 @@ def user_role_remove(uid: int, role_name: str, dept: str = None):
@api_web_bp.route("/permissions")
@login_required
@scodoc
@permission_required(Permission.ScoUsersView)
@permission_required(Permission.UsersView)
@as_json
def list_permissions():
"""Liste des noms de permissions définies"""
@ -282,7 +282,7 @@ def list_permissions():
@api_web_bp.route("/role/<string:role_name>")
@login_required
@scodoc
@permission_required(Permission.ScoUsersView)
@permission_required(Permission.UsersView)
@as_json
def list_role(role_name: str):
"""Un rôle"""
@ -293,7 +293,7 @@ def list_role(role_name: str):
@api_web_bp.route("/roles")
@login_required
@scodoc
@permission_required(Permission.ScoUsersView)
@permission_required(Permission.UsersView)
@as_json
def list_roles():
"""Tous les rôles définis"""
@ -321,6 +321,7 @@ def role_permission_add(role_name: str, perm_name: str):
role.add_permission(permission)
db.session.add(role)
db.session.commit()
log(f"role_permission_add({role_name}, {perm_name})")
return role.to_dict()
@ -345,6 +346,7 @@ def role_permission_remove(role_name: str, perm_name: str):
role.remove_permission(permission)
db.session.add(role)
db.session.commit()
log(f"role_permission_remove({role_name}, {perm_name})")
return role.to_dict()

4
app/auth/models.py
View File

@ -541,6 +541,10 @@ class Role(db.Model):
"Remove all permissions from role"
self.permissions = 0
def get_named_permissions(self) -> list[str]:
"List of the names of the permissions associated to this rôle"
return Permission.permissions_names(self.permissions)
def set_named_permissions(self, permission_names: list[str]):
"""Set permissions, given as a list of permissions names.
Raises ScoValueError if invalid permission."""

24
app/auth/routes.py
View File

@ -21,7 +21,9 @@ from app.auth.forms import (
from app.auth.models import Role, User, invalid_user_name
from app.auth.email import send_password_reset_email
from app.decorators import admin_required
from app.forms.generic import SimpleConfirmationForm
from app.models.config import ScoDocSiteConfig
from app.scodoc.sco_roles_default import SCO_ROLES_DEFAULTS
from app.scodoc import sco_utils as scu
_ = lambda x: x # sans babel
@ -158,9 +160,25 @@ def reset_password(token):
@admin_required
def reset_standard_roles_permissions():
"Réinitialise (recrée au besoin) les rôles standards de ScoDoc et leurs permissions"
Role.reset_standard_roles_permissions()
flash("rôles standards réinitialisés !")
return redirect(url_for("scodoc.configuration"))
form = SimpleConfirmationForm()
if request.method == "POST" and form.cancel.data:
return redirect(url_for("scodoc.configuration"))
if form.validate_on_submit():
Role.reset_standard_roles_permissions()
flash("rôles standards réinitialisés !")
return redirect(url_for("scodoc.configuration"))
return render_template(
"form_confirmation.j2",
title="Réinitialiser les roles standards de ScoDoc ?",
form=form,
info_message=f"""<p>Les rôles standards seront recréés et leurs permissions
réinitialisées aux valeurs par défaut de ScoDoc.
</p>
<p>
Les rôles standards sont: <tt>{', '.join(SCO_ROLES_DEFAULTS.keys())}</tt>
</p>
""",
)
@bp.route("/cas_users_generate_excel_sample")

2
app/entreprises/app_relations_entreprises.py
View File

@ -131,7 +131,7 @@ def check_offre_depts(depts: list, offre_depts: list):
"""
Retourne vrai si l'utilisateur a le droit de visibilité sur l'offre
"""
if current_user.has_permission(Permission.RelationsEntreprisesChange, None):
if current_user.has_permission(Permission.RelationsEntrepEdit, None):
return True
for offre_dept in offre_depts:
if offre_dept.dept_id in depts:

102
app/entreprises/routes.py
View File

@ -62,7 +62,7 @@ from config import Config
@bp.route("/", methods=["GET", "POST"])
@permission_required(Permission.RelationsEntreprisesView)
@permission_required(Permission.RelationsEntrepView)
def index():
"""
Permet d'afficher une page avec la liste des entreprises (visible et active) et une liste des dernières opérations
@ -98,7 +98,7 @@ def index():
@bp.route("/logs", methods=["GET"])
@permission_required(Permission.RelationsEntreprisesView)
@permission_required(Permission.RelationsEntrepView)
def logs():
"""
Permet d'afficher les logs (toutes les entreprises)
@ -115,7 +115,7 @@ def logs():
@bp.route("/correspondants", methods=["GET"])
@permission_required(Permission.RelationsEntreprisesCorrespondants)
@permission_required(Permission.RelationsEntrepViewCorrs)
def correspondants():
"""
Permet d'afficher une page avec la liste des correspondants des entreprises visibles et une liste des dernières opérations
@ -141,7 +141,7 @@ def correspondants():
@bp.route("/validation", methods=["GET"])
@permission_required(Permission.RelationsEntreprisesValidate)
@permission_required(Permission.RelationsEntrepValidate)
def validation():
"""
Permet d'afficher une page avec la liste des entreprises a valider (non visible)
@ -155,7 +155,7 @@ def validation():
@bp.route("/fiche_entreprise_validation/<int:entreprise_id>", methods=["GET"])
@permission_required(Permission.RelationsEntreprisesValidate)
@permission_required(Permission.RelationsEntrepValidate)
def fiche_entreprise_validation(entreprise_id):
"""
Permet d'afficher la fiche entreprise d'une entreprise a valider
@ -176,7 +176,7 @@ def fiche_entreprise_validation(entreprise_id):
"/fiche_entreprise_validation/<int:entreprise_id>/validate_entreprise",
methods=["GET", "POST"],
)
@permission_required(Permission.RelationsEntreprisesValidate)
@permission_required(Permission.RelationsEntrepValidate)
def validate_entreprise(entreprise_id):
"""
Permet de valider une entreprise
@ -214,7 +214,7 @@ def validate_entreprise(entreprise_id):
"/fiche_entreprise_validation/<int:entreprise_id>/delete_validation_entreprise",
methods=["GET", "POST"],
)
@permission_required(Permission.RelationsEntreprisesValidate)
@permission_required(Permission.RelationsEntrepValidate)
def delete_validation_entreprise(entreprise_id):
"""
Permet de supprimer une entreprise en attente de validation avec une formulaire de validation
@ -241,7 +241,7 @@ def delete_validation_entreprise(entreprise_id):
flash("L'entreprise a été supprimée de la liste des entreprises à valider.")
return redirect(url_for("entreprises.validation"))
return render_template(
"entreprises/form_confirmation.j2",
"form_confirmation.j2",
title="Supression entreprise",
form=form,
info_message="Cliquez sur le bouton Supprimer pour confirmer votre supression",
@ -249,7 +249,7 @@ def delete_validation_entreprise(entreprise_id):
@bp.route("/offres_recues", methods=["GET"])
@permission_required(Permission.RelationsEntreprisesView)
@permission_required(Permission.RelationsEntrepView)
def offres_recues():
"""
Permet d'afficher la page où l'on peut voir les offres reçues
@ -290,7 +290,7 @@ def offres_recues():
@bp.route(
"/offres_recues/delete_offre_recue/<int:envoi_offre_id>", methods=["GET", "POST"]
)
@permission_required(Permission.RelationsEntreprisesView)
@permission_required(Permission.RelationsEntrepView)
def delete_offre_recue(envoi_offre_id):
"""
Permet de supprimer une offre reçue
@ -304,7 +304,7 @@ def delete_offre_recue(envoi_offre_id):
@bp.route("/preferences", methods=["GET", "POST"])
@permission_required(Permission.RelationsEntreprisesValidate)
@permission_required(Permission.RelationsEntrepValidate)
def preferences():
"""
Permet d'afficher la page des préférences du module gestion des relations entreprises
@ -327,7 +327,7 @@ def preferences():
@bp.route("/add_entreprise", methods=["GET", "POST"])
@permission_required(Permission.RelationsEntreprisesChange)
@permission_required(Permission.RelationsEntrepEdit)
def add_entreprise():
"""
Permet d'ajouter une entreprise dans la base avec un formulaire
@ -385,7 +385,7 @@ def add_entreprise():
notes=form.notes.data.strip(),
)
db.session.add(correspondant)
if current_user.has_permission(Permission.RelationsEntreprisesValidate, None):
if current_user.has_permission(Permission.RelationsEntrepValidate, None):
entreprise.visible = True
lien_entreprise = f"<a href='{url_for('entreprises.fiche_entreprise', entreprise_id=entreprise.id)}'>{entreprise.nom}</a>"
log = EntrepriseHistorique(
@ -414,7 +414,7 @@ def add_entreprise():
@bp.route("/fiche_entreprise/<int:entreprise_id>", methods=["GET"])
@permission_required(Permission.RelationsEntreprisesView)
@permission_required(Permission.RelationsEntrepView)
def fiche_entreprise(entreprise_id):
"""
Permet d'afficher la fiche entreprise d'une entreprise avec une liste des dernières opérations et
@ -456,7 +456,7 @@ def fiche_entreprise(entreprise_id):
@bp.route("/fiche_entreprise/<int:entreprise_id>/logs", methods=["GET"])
@permission_required(Permission.RelationsEntreprisesView)
@permission_required(Permission.RelationsEntrepView)
def logs_entreprise(entreprise_id):
"""
Permet d'afficher les logs d'une entreprise
@ -479,7 +479,7 @@ def logs_entreprise(entreprise_id):
@bp.route("/fiche_entreprise/<int:entreprise_id>/offres_expirees")
@permission_required(Permission.RelationsEntreprisesView)
@permission_required(Permission.RelationsEntrepView)
def offres_expirees(entreprise_id):
"""
Permet d'afficher la liste des offres expirés d'une entreprise
@ -499,7 +499,7 @@ def offres_expirees(entreprise_id):
@bp.route(
"/fiche_entreprise/<int:entreprise_id>/edit_entreprise", methods=["GET", "POST"]
)
@permission_required(Permission.RelationsEntreprisesChange)
@permission_required(Permission.RelationsEntrepEdit)
def edit_entreprise(entreprise_id):
"""
Permet de modifier une entreprise de la base avec un formulaire
@ -580,7 +580,7 @@ def edit_entreprise(entreprise_id):
@bp.route("/fiche_entreprise/<int:entreprise_id>/desactiver", methods=["GET", "POST"])
@permission_required(Permission.RelationsEntreprisesChange)
@permission_required(Permission.RelationsEntrepEdit)
def fiche_entreprise_desactiver(entreprise_id):
"""
Permet de désactiver une entreprise
@ -609,7 +609,7 @@ def fiche_entreprise_desactiver(entreprise_id):
url_for("entreprises.fiche_entreprise", entreprise_id=entreprise.id)
)
return render_template(
"entreprises/form_confirmation.j2",
"form_confirmation.j2",
title="Désactiver entreprise",
form=form,
info_message="Cliquez sur le bouton Modifier pour confirmer la désactivation",
@ -617,7 +617,7 @@ def fiche_entreprise_desactiver(entreprise_id):
@bp.route("/fiche_entreprise/<int:entreprise_id>/activer", methods=["GET", "POST"])
@permission_required(Permission.RelationsEntreprisesChange)
@permission_required(Permission.RelationsEntrepEdit)
def fiche_entreprise_activer(entreprise_id):
"""
Permet d'activer une entreprise
@ -645,7 +645,7 @@ def fiche_entreprise_activer(entreprise_id):
url_for("entreprises.fiche_entreprise", entreprise_id=entreprise.id)
)
return render_template(
"entreprises/form_confirmation.j2",
"form_confirmation.j2",
title="Activer entreprise",
form=form,
info_message="Cliquez sur le bouton Modifier pour confirmer l'activaction",
@ -774,7 +774,7 @@ def delete_taxe_apprentissage(entreprise_id, taxe_id):
url_for("entreprises.fiche_entreprise", entreprise_id=taxe.entreprise_id)
)
return render_template(
"entreprises/form_confirmation.j2",
"form_confirmation.j2",
title="Supprimer taxe apprentissage",
form=form,
info_message="Cliquez sur le bouton Supprimer pour confirmer votre supression",
@ -782,7 +782,7 @@ def delete_taxe_apprentissage(entreprise_id, taxe_id):
@bp.route("/fiche_entreprise/<int:entreprise_id>/add_offre", methods=["GET", "POST"])
@permission_required(Permission.RelationsEntreprisesChange)
@permission_required(Permission.RelationsEntrepEdit)
def add_offre(entreprise_id):
"""
Permet d'ajouter une offre a une entreprise
@ -854,7 +854,7 @@ def add_offre(entreprise_id):
"/fiche_entreprise/<int:entreprise_id>/edit_offre/<int:offre_id>",
methods=["GET", "POST"],
)
@permission_required(Permission.RelationsEntreprisesChange)
@permission_required(Permission.RelationsEntrepEdit)
def edit_offre(entreprise_id, offre_id):
"""
Permet de modifier une offre
@ -930,7 +930,7 @@ def edit_offre(entreprise_id, offre_id):
"/fiche_entreprise/<int:entreprise_id>/delete_offre/<int:offre_id>",
methods=["GET", "POST"],
)
@permission_required(Permission.RelationsEntreprisesChange)
@permission_required(Permission.RelationsEntrepEdit)
def delete_offre(entreprise_id, offre_id):
"""
Permet de supprimer une offre
@ -970,7 +970,7 @@ def delete_offre(entreprise_id, offre_id):
url_for("entreprises.fiche_entreprise", entreprise_id=offre.entreprise_id)
)
return render_template(
"entreprises/form_confirmation.j2",
"form_confirmation.j2",
title="Supression offre",
form=form,
info_message="Cliquez sur le bouton Supprimer pour confirmer votre supression",
@ -981,7 +981,7 @@ def delete_offre(entreprise_id, offre_id):
"/fiche_entreprise/<int:entreprise_id>/expired/<int:offre_id>",
methods=["GET", "POST"],
)
@permission_required(Permission.RelationsEntreprisesChange)
@permission_required(Permission.RelationsEntrepEdit)
def expired(entreprise_id, offre_id):
"""
Permet de rendre expirée et non expirée une offre
@ -1006,7 +1006,7 @@ def expired(entreprise_id, offre_id):
"/fiche_entreprise/<int:entreprise_id>/add_site",
methods=["GET", "POST"],
)
@permission_required(Permission.RelationsEntreprisesChange)
@permission_required(Permission.RelationsEntrepEdit)
def add_site(entreprise_id):
"""
Permet d'ajouter un site a une entreprise
@ -1107,7 +1107,7 @@ def edit_site(entreprise_id, site_id):
"/fiche_entreprise/<int:entreprise_id>/site/<int:site_id>/add_correspondant",
methods=["GET", "POST"],
)
@permission_required(Permission.RelationsEntreprisesChange)
@permission_required(Permission.RelationsEntrepEdit)
def add_correspondant(entreprise_id, site_id):
"""
Permet d'ajouter un correspondant a une entreprise
@ -1163,7 +1163,7 @@ def add_correspondant(entreprise_id, site_id):
"/fiche_entreprise/<int:entreprise_id>/site/<int:site_id>/edit_correspondant/<int:correspondant_id>",
methods=["GET", "POST"],
)
@permission_required(Permission.RelationsEntreprisesChange)
@permission_required(Permission.RelationsEntrepEdit)
def edit_correspondant(entreprise_id, site_id, correspondant_id):
"""
Permet de modifier un correspondant
@ -1243,7 +1243,7 @@ def edit_correspondant(entreprise_id, site_id, correspondant_id):
"/fiche_entreprise/<int:entreprise_id>/site/<int:site_id>/delete_correspondant/<int:correspondant_id>",
methods=["GET", "POST"],
)
@permission_required(Permission.RelationsEntreprisesChange)
@permission_required(Permission.RelationsEntrepEdit)
def delete_correspondant(entreprise_id, site_id, correspondant_id):
"""
Permet de supprimer un correspondant
@ -1289,7 +1289,7 @@ def delete_correspondant(entreprise_id, site_id, correspondant_id):
)
)
return render_template(
"entreprises/form_confirmation.j2",
"form_confirmation.j2",
title="Supression correspondant",
form=form,
info_message="Cliquez sur le bouton Supprimer pour confirmer votre supression",
@ -1297,7 +1297,7 @@ def delete_correspondant(entreprise_id, site_id, correspondant_id):
@bp.route("/fiche_entreprise/<int:entreprise_id>/contacts")
@permission_required(Permission.RelationsEntreprisesView)
@permission_required(Permission.RelationsEntrepView)
def contacts(entreprise_id):
"""
Permet d'afficher une page avec la liste des contacts d'une entreprise
@ -1318,7 +1318,7 @@ def contacts(entreprise_id):
"/fiche_entreprise/<int:entreprise_id>/contacts/add_contact",
methods=["GET", "POST"],
)
@permission_required(Permission.RelationsEntreprisesChange)
@permission_required(Permission.RelationsEntrepEdit)
def add_contact(entreprise_id):
"""
Permet d'ajouter un contact avec une entreprise
@ -1374,7 +1374,7 @@ def add_contact(entreprise_id):
"/fiche_entreprise/<int:entreprise_id>/contacts/edit_contact/<int:contact_id>",
methods=["GET", "POST"],
)
@permission_required(Permission.RelationsEntreprisesChange)
@permission_required(Permission.RelationsEntrepEdit)
def edit_contact(entreprise_id, contact_id):
"""
Permet d'editer un contact avec une entreprise
@ -1430,7 +1430,7 @@ def edit_contact(entreprise_id, contact_id):
"/fiche_entreprise/<int:entreprise_id>/contacts/delete_contact/<int:contact_id>",
methods=["GET", "POST"],
)
@permission_required(Permission.RelationsEntreprisesChange)
@permission_required(Permission.RelationsEntrepEdit)
def delete_contact(entreprise_id, contact_id):
"""
Permet de supprimer un contact
@ -1458,7 +1458,7 @@ def delete_contact(entreprise_id, contact_id):
url_for("entreprises.contacts", entreprise_id=contact.entreprise)
)
return render_template(
"entreprises/form_confirmation.j2",
"form_confirmation.j2",
title="Supression contact",
form=form,
info_message="Cliquez sur le bouton Supprimer pour confirmer votre supression",
@ -1469,7 +1469,7 @@ def delete_contact(entreprise_id, contact_id):
"/fiche_entreprise/<int:entreprise_id>/add_stage_apprentissage",
methods=["GET", "POST"],
)
@permission_required(Permission.RelationsEntreprisesChange)
@permission_required(Permission.RelationsEntrepEdit)
def add_stage_apprentissage(entreprise_id):
"""
Permet d'ajouter un étudiant ayant réalisé un stage ou alternance
@ -1528,7 +1528,7 @@ def add_stage_apprentissage(entreprise_id):
"/fiche_entreprise/<int:entreprise_id>/edit_stage_apprentissage/<int:stage_apprentissage_id>",
methods=["GET", "POST"],
)
@permission_required(Permission.RelationsEntreprisesChange)
@permission_required(Permission.RelationsEntrepEdit)
def edit_stage_apprentissage(entreprise_id, stage_apprentissage_id):
"""
Permet de modifier un étudiant ayant réalisé un stage ou alternance sur la fiche de l'entreprise
@ -1598,7 +1598,7 @@ def edit_stage_apprentissage(entreprise_id, stage_apprentissage_id):
"/fiche_entreprise/<int:entreprise_id>/delete_stage_apprentissage/<int:stage_apprentissage_id>",
methods=["GET", "POST"],
)
@permission_required(Permission.RelationsEntreprisesChange)
@permission_required(Permission.RelationsEntrepEdit)
def delete_stage_apprentissage(entreprise_id, stage_apprentissage_id):
"""
Permet de supprimer un étudiant ayant réalisé un stage ou une alternance sur la fiche entreprise de l'entreprise
@ -1629,7 +1629,7 @@ def delete_stage_apprentissage(entreprise_id, stage_apprentissage_id):
)
)
return render_template(
"entreprises/form_confirmation.j2",
"form_confirmation.j2",
title="Supression stage/apprentissage",
form=form,
info_message="Cliquez sur le bouton Supprimer pour confirmer votre supression",
@ -1640,7 +1640,7 @@ def delete_stage_apprentissage(entreprise_id, stage_apprentissage_id):
"/fiche_entreprise/<int:entreprise_id>/envoyer_offre/<int:offre_id>",
methods=["GET", "POST"],
)
@permission_required(Permission.RelationsEntreprisesSend)
@permission_required(Permission.RelationsEntrepSend)
def envoyer_offre(entreprise_id, offre_id):
"""
Permet d'envoyer une offre à un utilisateur ScoDoc
@ -1686,7 +1686,7 @@ def envoyer_offre(entreprise_id, offre_id):
@bp.route("/etudiants")
@permission_required(Permission.RelationsEntreprisesChange)
@permission_required(Permission.RelationsEntrepEdit)
@as_json
def json_etudiants():
"""
@ -1717,7 +1717,7 @@ def json_etudiants():
@bp.route("/responsables")
@permission_required(Permission.RelationsEntreprisesChange)
@permission_required(Permission.RelationsEntrepEdit)
def json_responsables():
"""
Permet de récuperer un JSON avec tous les utilisateurs ScoDoc
@ -1743,7 +1743,7 @@ def json_responsables():
@bp.route("/export_donnees")
@permission_required(Permission.RelationsEntreprisesExport)
@permission_required(Permission.RelationsEntrepExport)
def export_donnees():
"""
Permet d'exporter la liste des entreprises sous format excel (.xlsx)
@ -1759,7 +1759,7 @@ def export_donnees():
@bp.route("/import_donnees/get_file_sample")
@permission_required(Permission.RelationsEntreprisesExport)
@permission_required(Permission.RelationsEntrepExport)
def import_donnees_get_file_sample():
"""
Permet de récupérer un fichier exemple vide pour pouvoir importer des entreprises
@ -1771,7 +1771,7 @@ def import_donnees_get_file_sample():
@bp.route("/import_donnees", methods=["GET", "POST"])
@permission_required(Permission.RelationsEntreprisesExport)
@permission_required(Permission.RelationsEntrepExport)
def import_donnees():
"""
Permet d'importer des entreprises à partir d'un fichier excel (.xlsx)
@ -1850,7 +1850,7 @@ def import_donnees():
@bp.route(
"/fiche_entreprise/<int:entreprise_id>/offre/<int:offre_id>/get_offre_file/<string:filedir>/<string:filename>"
)
@permission_required(Permission.RelationsEntreprisesView)
@permission_required(Permission.RelationsEntrepView)
def get_offre_file(entreprise_id, offre_id, filedir, filename):
"""
Permet de télécharger un fichier d'une offre
@ -1884,7 +1884,7 @@ def get_offre_file(entreprise_id, offre_id, filedir, filename):
"/fiche_entreprise/<int:entreprise_id>/offre/<int:offre_id>/add_offre_file",
methods=["GET", "POST"],
)
@permission_required(Permission.RelationsEntreprisesChange)
@permission_required(Permission.RelationsEntrepEdit)
def add_offre_file(entreprise_id, offre_id):
"""
Permet d'ajouter un fichier à une offre
@ -1927,7 +1927,7 @@ def add_offre_file(entreprise_id, offre_id):
"/fiche_entreprise/<int:entreprise_id>/offre/<int:offre_id>/delete_offre_file/<string:filedir>",
methods=["GET", "POST"],
)
@permission_required(Permission.RelationsEntreprisesChange)
@permission_required(Permission.RelationsEntrepEdit)
def delete_offre_file(entreprise_id, offre_id, filedir):
"""
Permet de supprimer un fichier d'une offre
@ -1959,7 +1959,7 @@ def delete_offre_file(entreprise_id, offre_id, filedir):
)
)
return render_template(
"entreprises/form_confirmation.j2",
"form_confirmation.j2",
title="Suppression fichier d'une offre",
form=form,
info_message="Cliquez sur le bouton Supprimer pour confirmer votre supression",

17
app/forms/generic.py Normal file
View File

@ -0,0 +1,17 @@
# -*- coding: utf-8 -*-
"""Formulaires génériques
"""
from flask_wtf import FlaskForm
from wtforms import (
SubmitField,
)
SUBMIT_MARGE = {"style": "margin-bottom: 10px;"}
class SimpleConfirmationForm(FlaskForm):
"bête dialogue de confirmation"
submit = SubmitField("OK", render_kw=SUBMIT_MARGE)
cancel = SubmitField("Annuler", render_kw=SUBMIT_MARGE)

58
app/forms/main/role_create.py Normal file
View File

@ -0,0 +1,58 @@
# -*- mode: python -*-
# -*- coding: utf-8 -*-
##############################################################################
#
# ScoDoc
#
# Copyright (c) 1999 - 2023 Emmanuel Viennet. All rights reserved.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
# Emmanuel Viennet emmanuel.viennet@viennet.net
#
##############################################################################
"""
Formulaires création département
"""
from flask_wtf import FlaskForm
from wtforms import SubmitField, validators
from wtforms.fields.simple import StringField, BooleanField
from app.models import SHORT_STR_LEN
class CreateRoleForm(FlaskForm):
"""Formulaire création rôle"""
name = StringField(
label="Nom du rôle",
validators=[
validators.regexp(
r"^[a-zA-Z0-9]*$",
message="Ne doit comporter que lettres et des chiffres",
),
validators.Length(
max=SHORT_STR_LEN,
message=f"Le nom ne doit pas dépasser {SHORT_STR_LEN} caractères",
),
validators.DataRequired("vous devez spécifier le nom du rôle"),
],
)
submit = SubmitField("Créer ce rôle")
cancel = SubmitField("Annuler", render_kw={"formnovalidate": True})

10
app/models/formsemestre.py
View File

@ -424,7 +424,7 @@ class FormSemestre(db.Model):
def can_be_edited_by(self, user):
"""Vrai si user peut modifier ce semestre (est chef ou l'un des responsables)"""
if not user.has_permission(Permission.ScoImplement): # pas chef
if not user.has_permission(Permission.EditFormSemestre): # pas chef
if not self.resp_can_edit or user.id not in [
resp.id for resp in self.responsables
]:
@ -607,7 +607,7 @@ class FormSemestre(db.Model):
def est_chef_or_diretud(self, user: User = None):
"Vrai si utilisateur (par def. current) est admin, chef dept ou responsable du semestre"
user = user or current_user
return user.has_permission(Permission.ScoImplement) or self.est_responsable(
return user.has_permission(Permission.EditFormSemestre) or self.est_responsable(
user
)
@ -618,7 +618,7 @@ class FormSemestre(db.Model):
if not self.etat:
return False # semestre verrouillé
user = user or current_user
if user.has_permission(Permission.ScoEtudChangeGroups):
if user.has_permission(Permission.EtudChangeGroups):
return True # typiquement admin, chef dept
return self.est_responsable(user)
@ -632,9 +632,9 @@ class FormSemestre(db.Model):
def can_edit_pv(self, user: User = None):
"Vrai si utilisateur (par def. current) peut editer un PV de jury de ce semestre"
user = user or current_user
# Autorise les secrétariats, repérés via la permission ScoEtudChangeAdr
# Autorise les secrétariats, repérés via la permission EtudChangeAdr
return self.est_chef_or_diretud(user) or user.has_permission(
Permission.ScoEtudChangeAdr
Permission.EtudChangeAdr
)
def annee_scolaire(self) -> int:

6
app/models/moduleimpls.py
View File

@ -107,7 +107,7 @@ class ModuleImpl(db.Model):
"""
# acces pour resp. moduleimpl et resp. form semestre (dir etud)
if (
user.has_permission(Permission.ScoEditAllEvals)
user.has_permission(Permission.EditAllEvals)
or user.id == self.responsable_id
or user.id in (r.id for r in self.formsemestre.responsables)
):
@ -131,7 +131,7 @@ class ModuleImpl(db.Model):
if not self.formsemestre.etat:
return False # semestre verrouillé
is_dir_etud = user.id in (u.id for u in self.formsemestre.responsables)
can_edit_all_notes = user.has_permission(Permission.ScoEditAllNotes)
can_edit_all_notes = user.has_permission(Permission.EditAllNotes)
if sco_cursus_dut.formsemestre_has_decisions(self.formsemestre_id):
# il y a des décisions de jury dans ce semestre !
return can_edit_all_notes or is_dir_etud
@ -155,7 +155,7 @@ class ModuleImpl(db.Model):
return False
# -- check access
# admin ou resp. semestre avec flag resp_can_change_resp
if user.has_permission(Permission.ScoImplement):
if user.has_permission(Permission.EditFormSemestre):
return True
if (
user.id in [resp.id for resp in self.formsemestre.responsables]

10
app/scodoc/html_sidebar.py
View File

@ -56,18 +56,18 @@ def sidebar_common():
<a href="{scu.NotesURL()}" class="sidebar">Programmes</a> <br>
"""
]
if current_user.has_permission(Permission.ScoAbsChange):
if current_user.has_permission(Permission.AbsChange):
H.append(
f""" <a href="{scu.AssiduitesURL()}" class="sidebar">Assiduité</a> <br> """
)
if current_user.has_permission(
Permission.ScoUsersAdmin
) or current_user.has_permission(Permission.ScoUsersView):
Permission.UsersAdmin
) or current_user.has_permission(Permission.UsersView):
H.append(
f"""<a href="{scu.UsersURL()}" class="sidebar">Utilisateurs</a> <br>"""
)
if current_user.has_permission(Permission.ScoChangePreferences):
if current_user.has_permission(Permission.EditPreferences):
H.append(
f"""<a href="{url_for("scolar.edit_preferences", scodoc_dept=g.scodoc_dept)}"
class="sidebar">Paramétrage</a> <br>"""
@ -126,7 +126,7 @@ def sidebar(etudid: int = None):
<br>{ nbabsjust } J., { nbabsnj } N.J.</span>"""
)
H.append("<ul>")
if current_user.has_permission(Permission.ScoAbsChange):
if current_user.has_permission(Permission.AbsChange):
H.append(
f"""
<li><a href="{ url_for('assiduites.signal_assiduites_etud', scodoc_dept=g.scodoc_dept, etudid=etudid) }">Ajouter</a></li>

2
app/scodoc/sco_archives_etud.py
View File

@ -58,7 +58,7 @@ ETUDS_ARCHIVER = EtudsArchiver()
def can_edit_etud_archive(authuser):
"""True si l'utilisateur peut modifier les archives etudiantes"""
return authuser.has_permission(Permission.ScoEtudAddAnnotations)
return authuser.has_permission(Permission.EtudAddAnnotations)
def etud_list_archives_html(etud: Identite):

6
app/scodoc/sco_bulletins.py
View File

@ -954,7 +954,7 @@ def can_send_bulletin_by_mail(formsemestre_id):
sem = sco_formsemestre.get_formsemestre(formsemestre_id)
return (
sco_preferences.get_preference("bul_mail_allowed_for_all", formsemestre_id)
or current_user.has_permission(Permission.ScoImplement)
or current_user.has_permission(Permission.EditFormSemestre)
or current_user.id in sem["responsables"]
)
@ -1213,7 +1213,7 @@ def make_menu_autres_operations(
},
"enabled": (
formsemestre.can_be_edited_by(current_user)
or current_user.has_permission(Permission.ScoEtudInscrit)
or current_user.has_permission(Permission.EtudInscrit)
),
},
{
@ -1223,7 +1223,7 @@ def make_menu_autres_operations(
"formsemestre_id": formsemestre.id,
"etudid": etud.id,
},
"enabled": current_user.has_permission(Permission.ScoImplement),
"enabled": current_user.has_permission(Permission.EditFormSemestre),
},
{
"title": "Gérer les validations d'UEs antérieures",

4
app/scodoc/sco_bulletins_legacy.py
View File

@ -327,9 +327,9 @@ class BulletinGeneratorLegacy(sco_bulletins_generator.BulletinGenerator):
H.append("""<p class="bull_situation">%(situation)s</p>""" % I)
# --- Appreciations
# le dir. des etud peut ajouter des appreciations,
# mais aussi le chef (perm. ScoEtudInscrit)
# mais aussi le chef (perm. EtudInscrit)
can_edit_app = (authuser.id in self.infos["responsables"]) or (
authuser.has_permission(Permission.ScoEtudInscrit)
authuser.has_permission(Permission.EtudInscrit)
)
H.append('<div class="bull_appreciations">')
appreciations = BulAppreciations.get_appreciations_list(

4
app/scodoc/sco_bulletins_standard.py
View File

@ -155,9 +155,9 @@ class BulletinGeneratorStandard(sco_bulletins_generator.BulletinGenerator):
# ---- APPRECIATIONS
# le dir. des etud peut ajouter des appreciations,
# mais aussi le chef (perm. ScoEtudInscrit)
# mais aussi le chef (perm. EtudInscrit)
can_edit_app = (self.formsemestre.est_responsable(self.authuser)) or (
self.authuser.has_permission(Permission.ScoEtudInscrit)
self.authuser.has_permission(Permission.EtudInscrit)
)
H.append('<div class="bull_appreciations">')
appreciations = BulAppreciations.get_appreciations_list(

6
app/scodoc/sco_dept.py
View File

@ -148,7 +148,7 @@ def index_html(showcodes=0, showsemtable=0):
</p>"""
)
#
if current_user.has_permission(Permission.ScoEtudInscrit):
if current_user.has_permission(Permission.EtudInscrit):
H.append(
"""<hr>
<h3>Gestion des étudiants</h3>
@ -164,7 +164,7 @@ def index_html(showcodes=0, showsemtable=0):
"""
)
#
if current_user.has_permission(Permission.ScoEditApo):
if current_user.has_permission(Permission.EditApogee):
H.append(
f"""<hr>
<h3>Exports Apogée</h3>
@ -247,7 +247,7 @@ def _sem_table_gt(sems, showcodes=False):
columns_ids = ("formsemestre_id",) + columns_ids
html_class = "stripe cell-border compact hover order-column table_leftalign semlist"
if current_user.has_permission(Permission.ScoEditApo):
if current_user.has_permission(Permission.EditApogee):
html_class += " apo_editable"
tab = GenTable(
titles={

2
app/scodoc/sco_edit_module.py
View File

@ -908,7 +908,7 @@ def module_table(formation_id):
<ul class="notes_module_list">
""",
]
editable = current_user.has_permission(Permission.ScoChangeFormation)
editable = current_user.has_permission(Permission.EditFormation)
for module_dict in module_list(args={"formation_id": formation_id}):
H.append('<li class="notes_module_list">%s' % module_dict)

8
app/scodoc/sco_edit_ue.py
View File

@ -718,7 +718,7 @@ def ue_table(formation_id=None, semestre_idx=1, msg=""): # was ue_list
}
ues_with_duplicated_code = [ue for ue in ues if ue["ue_code"] in duplicated_codes]
has_perm_change = current_user.has_permission(Permission.ScoChangeFormation)
has_perm_change = current_user.has_permission(Permission.EditFormation)
# editable = (not locked) and has_perm_change
# On autorise maintenant la modification des formations qui ont
# des semestres verrouillés, sauf si cela affect les notes passées
@ -727,7 +727,7 @@ def ue_table(formation_id=None, semestre_idx=1, msg=""): # was ue_list
# - pas de changement des codes d'UE utilisés dans des semestres verrouillés
editable = has_perm_change
tag_editable = (
current_user.has_permission(Permission.ScoEditFormationTags) or has_perm_change
current_user.has_permission(Permission.EditFormationTags) or has_perm_change
)
if locked:
lockicon = scu.icontag("lock32_img", title="verrouillé")
@ -835,7 +835,7 @@ du programme" (menu "Semestre") si vous avez un semestre en cours);
</a>&nbsp;"""
msg_refcomp = "changer"
H.append(f"""<ul><li>{descr_refcomp}""")
if current_user.has_permission(Permission.ScoChangeFormation):
if current_user.has_permission(Permission.EditFormation):
if (
formation.referentiel_competence is None
or formation.formsemestres.count() == 0
@ -1021,7 +1021,7 @@ du programme" (menu "Semestre") si vous avez un semestre en cours);
H.append("</li>")
H.append("</ul>")
if current_user.has_permission(Permission.ScoImplement):
if current_user.has_permission(Permission.EditFormSemestre):
H.append(
f"""<ul>
<li><a class="stdlink" href="{

4
app/scodoc/sco_formation_recap.py
View File

@ -50,7 +50,7 @@ def formation_table_recap(formation_id, fmt="html") -> Response:
T = []
formation = Formation.query.get_or_404(formation_id)
ues = formation.ues.order_by(UniteEns.semestre_idx, UniteEns.numero)
can_edit = current_user.has_permission(Permission.ScoChangeFormation)
can_edit = current_user.has_permission(Permission.EditFormation)
li = 0
for ue in ues:
# L'UE
@ -138,7 +138,7 @@ def formation_table_recap(formation_id, fmt="html") -> Response:
title = f"""Formation {formation.titre} ({formation.acronyme})
[version {formation.version}] code {formation.formation_code}"""
html_class = "stripe cell-border compact hover order-column formation_table_recap"
if current_user.has_permission(Permission.ScoEditApo):
if current_user.has_permission(Permission.EditApogee):
html_class += " apo_editable"
tab = GenTable(

2
app/scodoc/sco_formations.py
View File

@ -498,7 +498,7 @@ def formation_list_table() -> GenTable:
"edit_img", border="0", alt="modifier", title="Modifier titres et code"
)
editable = current_user.has_permission(Permission.ScoChangeFormation)
editable = current_user.has_permission(Permission.EditFormation)
# Traduit/ajoute des champs à afficher:
rows = []

10
app/scodoc/sco_formsemestre_edit.py
View File

@ -144,7 +144,7 @@ def formsemestre_editwithmodules(formsemestre_id):
def can_edit_sem(formsemestre_id: int = None, sem=None):
"""Return sem if user can edit it, False otherwise"""
sem = sem or sco_formsemestre.get_formsemestre(formsemestre_id)
if not current_user.has_permission(Permission.ScoImplement): # pas chef
if not current_user.has_permission(Permission.EditFormSemestre): # pas chef
if not sem["resp_can_edit"] or current_user.id not in sem["responsables"]:
return False
return sem
@ -162,9 +162,9 @@ def do_formsemestre_createwithmodules(edit=False, formsemestre: FormSemestre = N
"Form choix modules / responsables et création formsemestre"
vals = scu.get_request_args()
# Fonction accessible à tous, contrôle d'acces à la main:
if not current_user.has_permission(Permission.ScoImplement):
if not current_user.has_permission(Permission.EditFormSemestre):
if not edit:
# il faut ScoImplement pour créer un semestre
# il faut EditFormSemestre pour créer un semestre
raise AccessDenied("vous n'avez pas le droit d'effectuer cette opération")
else:
if not formsemestre.resp_can_edit or current_user.id not in (
@ -485,7 +485,7 @@ def do_formsemestre_createwithmodules(edit=False, formsemestre: FormSemestre = N
},
),
]
if current_user.has_permission(Permission.ScoImplement):
if current_user.has_permission(Permission.EditFormSemestre):
modform += [
(
"resp_can_edit",
@ -1539,7 +1539,7 @@ def do_formsemestre_delete(formsemestre_id):
# ---------------------------------------------------------------------------------------
def formsemestre_edit_options(formsemestre_id):
"""dialog to change formsemestre options
(accessible par ScoImplement ou dir. etudes)
(accessible par EditFormSemestre ou dir. etudes)
"""
log("formsemestre_edit_options")
ok, err = sco_permissions_check.check_access_diretud(formsemestre_id)

20
app/scodoc/sco_formsemestre_status.py
View File

@ -157,7 +157,7 @@ def formsemestre_status_menubar(formsemestre: FormSemestre) -> str:
# L'utilisateur est-il resp. du semestre ?
is_responsable = current_user.id in (u.id for u in formsemestre.responsables)
# A le droit de changer le semestre (déverrouiller, préférences bul., ...):
has_perm_change_sem = current_user.has_permission(Permission.ScoImplement) or (
has_perm_change_sem = current_user.has_permission(Permission.EditFormSemestre) or (
formsemestre.resp_can_edit and is_responsable
)
# Peut modifier le semestre (si n'est pas verrouillé):
@ -236,7 +236,7 @@ def formsemestre_status_menubar(formsemestre: FormSemestre) -> str:
"title": "Cloner ce semestre",
"endpoint": "notes.formsemestre_clone",
"args": {"formsemestre_id": formsemestre_id},
"enabled": current_user.has_permission(Permission.ScoImplement),
"enabled": current_user.has_permission(Permission.EditFormSemestre),
"helpmsg": "",
},
{
@ -246,7 +246,7 @@ def formsemestre_status_menubar(formsemestre: FormSemestre) -> str:
"formsemestre_id": formsemestre_id,
"formation_id": formsemestre.formation_id,
},
"enabled": current_user.has_permission(Permission.ScoChangeFormation)
"enabled": current_user.has_permission(Permission.EditFormation)
and formsemestre.etat,
"helpmsg": "",
},
@ -254,7 +254,7 @@ def formsemestre_status_menubar(formsemestre: FormSemestre) -> str:
"title": "Supprimer ce semestre",
"endpoint": "notes.formsemestre_delete",
"args": {"formsemestre_id": formsemestre_id},
"enabled": current_user.has_permission(Permission.ScoImplement),
"enabled": current_user.has_permission(Permission.EditFormSemestre),
"helpmsg": "",
},
]
@ -283,7 +283,7 @@ def formsemestre_status_menubar(formsemestre: FormSemestre) -> str:
"title": "Passage des étudiants depuis d'autres semestres",
"endpoint": "notes.formsemestre_inscr_passage",
"args": {"formsemestre_id": formsemestre_id},
"enabled": current_user.has_permission(Permission.ScoEtudInscrit)
"enabled": current_user.has_permission(Permission.EtudInscrit)
and formsemestre.etat,
},
{
@ -298,14 +298,14 @@ def formsemestre_status_menubar(formsemestre: FormSemestre) -> str:
"title": "Inscrire un étudiant",
"endpoint": "notes.formsemestre_inscription_with_modules_etud",
"args": {"formsemestre_id": formsemestre_id},
"enabled": current_user.has_permission(Permission.ScoEtudInscrit)
"enabled": current_user.has_permission(Permission.EtudInscrit)
and formsemestre.etat,
},
{
"title": "Importer des étudiants dans ce semestre (table Excel)",
"endpoint": "scolar.form_students_import_excel",
"args": {"formsemestre_id": formsemestre_id},
"enabled": current_user.has_permission(Permission.ScoEtudInscrit)
"enabled": current_user.has_permission(Permission.EtudInscrit)
and formsemestre.etat,
},
{
@ -318,7 +318,7 @@ def formsemestre_status_menubar(formsemestre: FormSemestre) -> str:
"title": "Resynchroniser données identité",
"endpoint": "scolar.formsemestre_import_etud_admission",
"args": {"formsemestre_id": formsemestre_id},
"enabled": current_user.has_permission(Permission.ScoEtudChangeAdr)
"enabled": current_user.has_permission(Permission.EtudChangeAdr)
and sco_preferences.get_preference("portal_url"),
},
{
@ -812,7 +812,7 @@ def _make_listes_sem(formsemestre: FormSemestre) -> str:
"""La section avec les groupes et l'assiduité"""
H = []
# pas de menu absences si pas autorise:
can_edit_abs = current_user.has_permission(Permission.ScoAbsChange)
can_edit_abs = current_user.has_permission(Permission.AbsChange)
#
H.append(
f"""<h3>Groupes et absences de {formsemestre.titre}
@ -1080,7 +1080,7 @@ def formsemestre_status(formsemestre_id=None, check_parcours=True):
)
can_edit = formsemestre.can_be_edited_by(current_user)
can_change_all_notes = current_user.has_permission(Permission.ScoEditAllNotes) or (
can_change_all_notes = current_user.has_permission(Permission.EditAllNotes) or (
current_user.id in [resp.id for resp in formsemestre.responsables]
)
use_ue_coefs = sco_preferences.get_preference("use_ue_coefs", formsemestre_id)

2
app/scodoc/sco_formsemestre_validation.py
View File

@ -1291,7 +1291,7 @@ def _get_etud_ue_cap_html(etud: Identite, formsemestre: FormSemestre) -> str:
origine += f" (<b>S{validation.semestre_id}</b>)"
H.append(f"""<li>{validation.html()}""")
if (validation.formsemestre and validation.formsemestre.can_edit_jury()) or (
current_user and current_user.has_permission(Permission.ScoEtudInscrit)
current_user and current_user.has_permission(Permission.EtudInscrit)
):
H.append(
f"""

8
app/scodoc/sco_groups_view.py
View File

@ -865,13 +865,13 @@ def tab_absences_html(groups_infos, etat=None):
# Lien pour verif codes INE/NIP
# (pour tous les etudiants du semestre)
group_id = sco_groups.get_default_group(groups_infos.formsemestre_id)
if authuser.has_permission(Permission.ScoEtudInscrit):
if authuser.has_permission(Permission.EtudInscrit):
H.append(
'<li><a class="stdlink" href="check_group_apogee?group_id=%s&etat=%s">Vérifier codes Apogée</a> (de tous les groupes)</li>'
% (group_id, etat or "")
)
# Lien pour ajout fichiers étudiants
if authuser.has_permission(Permission.ScoEtudAddAnnotations):
if authuser.has_permission(Permission.EtudAddAnnotations):
H.append(
"""<li><a class="stdlink" href="etudarchive_import_files_form?group_id=%s">Télécharger des fichiers associés aux étudiants (e.g. dossiers d'admission)</a></li>"""
% (group_id)
@ -894,7 +894,7 @@ def tab_photos_html(groups_infos, etat=None):
def form_choix_jour_saisie_hebdo(groups_infos, moduleimpl_id=None):
"""Formulaire choix jour semaine pour saisie."""
authuser = current_user
if not authuser.has_permission(Permission.ScoAbsChange):
if not authuser.has_permission(Permission.AbsChange):
return ""
return f"""
<button onclick="window.location='{
@ -913,7 +913,7 @@ def form_choix_jour_saisie_hebdo(groups_infos, moduleimpl_id=None):
# Saisie de l'assiduité par semaine
def form_choix_saisie_semaine(groups_infos):
authuser = current_user
if not authuser.has_permission(Permission.ScoAbsChange):
if not authuser.has_permission(Permission.AbsChange):
return ""
query_args = parse_qs(request.query_string)
moduleimpl_id = query_args.get("moduleimpl_id", [None])[0]

4
app/scodoc/sco_moduleimpl.py
View File

@ -375,7 +375,7 @@ def can_change_module_resp(moduleimpl_id):
raise ScoValueError("Modification impossible: semestre verrouille")
# -- check access
# admin ou resp. semestre avec flag resp_can_change_resp
if not current_user.has_permission(Permission.ScoImplement) and (
if not current_user.has_permission(Permission.EditFormSemestre) and (
(current_user.id not in sem["responsables"]) or (not sem["resp_can_change_ens"])
):
raise AccessDenied(f"Modification impossible pour {current_user}")
@ -396,7 +396,7 @@ def can_change_ens(moduleimpl_id, raise_exc=True):
# admin, resp. module ou resp. semestre
if (
current_user.id != M["responsable_id"]
and not current_user.has_permission(Permission.ScoImplement)
and not current_user.has_permission(Permission.EditFormSemestre)
and (current_user.id not in sem["responsables"])
):
if raise_exc:

4
app/scodoc/sco_moduleimpl_inscriptions.py
View File

@ -278,9 +278,7 @@ def moduleimpl_inscriptions_stats(formsemestre_id):
set_all = set([x["etudid"] for x in inscrits])
partitions, _ = sco_groups.get_formsemestre_groups(formsemestre_id)
can_change = (
authuser.has_permission(Permission.ScoEtudInscrit) and formsemestre.etat
)
can_change = authuser.has_permission(Permission.EtudInscrit) and formsemestre.etat
# Décrit les inscriptions aux modules:
commons = [] # modules communs a tous les etuds du semestre

7
app/scodoc/sco_moduleimpl_status.py
View File

@ -290,7 +290,7 @@ def moduleimpl_status(moduleimpl_id=None, partition_id=None):
H.append(
f"""<tr><td class="fichetitre2">Inscrits: </td><td> {len(mod_inscrits)} étudiants"""
)
if current_user.has_permission(Permission.ScoEtudInscrit):
if current_user.has_permission(Permission.EtudInscrit):
H.append(
f"""<a class="stdlink" style="margin-left:2em;" href="moduleimpl_inscriptions_edit?moduleimpl_id={modimpl.id}">modifier</a>"""
)
@ -317,10 +317,7 @@ def moduleimpl_status(moduleimpl_id=None, partition_id=None):
)
# Adapté à partir d'une suggestion de DS (Le Havre)
# Liens saisies absences seulement si permission et date courante dans le semestre
if (
current_user.has_permission(Permission.ScoAbsChange)
and formsemestre.est_courant()
):
if current_user.has_permission(Permission.AbsChange) and formsemestre.est_courant():
group_id = sco_groups.get_default_group(formsemestre_id)
H.append(
f"""

38
app/scodoc/sco_page_etud.py
View File

@ -70,8 +70,8 @@ def _menu_scolarite(
lockicon = scu.icontag("lock32_img", title="verrouillé", border="0")
return lockicon # no menu
if not authuser.has_permission(
Permission.ScoEtudInscrit
) and not authuser.has_permission(Permission.ScoEtudChangeGroups):
Permission.EtudInscrit
) and not authuser.has_permission(Permission.EtudChangeGroups):
return "" # no menu
args = {"etudid": etudid, "formsemestre_id": formsemestre.id}
@ -92,7 +92,7 @@ def _menu_scolarite(
def_url = "scolar.do_cancel_def"
def_enabled = (
(etat_inscription != scu.DEMISSION)
and authuser.has_permission(Permission.ScoEtudInscrit)
and authuser.has_permission(Permission.EtudInscrit)
and not locked
)
items = [
@ -100,15 +100,13 @@ def _menu_scolarite(
"title": dem_title,
"endpoint": dem_url,
"args": args,
"enabled": authuser.has_permission(Permission.ScoEtudInscrit)
and not locked,
"enabled": authuser.has_permission(Permission.EtudInscrit) and not locked,
},
{
"title": "Validation du semestre (jury)",
"endpoint": "notes.formsemestre_validation_etud_form",
"args": args,
"enabled": authuser.has_permission(Permission.ScoEtudInscrit)
and not locked,
"enabled": authuser.has_permission(Permission.EtudInscrit) and not locked,
},
{
"title": def_title,
@ -120,15 +118,13 @@ def _menu_scolarite(
"title": "Inscrire à un module optionnel (ou au sport)",
"endpoint": "notes.formsemestre_inscription_option",
"args": args,
"enabled": authuser.has_permission(Permission.ScoEtudInscrit)
and not locked,
"enabled": authuser.has_permission(Permission.EtudInscrit) and not locked,
},
{
"title": "Désinscrire (en cas d'erreur)",
"endpoint": "notes.formsemestre_desinscription",
"args": args,
"enabled": authuser.has_permission(Permission.ScoEtudInscrit)
and not locked,
"enabled": authuser.has_permission(Permission.EtudInscrit) and not locked,
},
{
"title": "Gérer les validations d'UEs antérieures",
@ -140,19 +136,19 @@ def _menu_scolarite(
"title": "Inscrire à un autre semestre",
"endpoint": "notes.formsemestre_inscription_with_modules_form",
"args": {"etudid": etudid},
"enabled": authuser.has_permission(Permission.ScoEtudInscrit),
"enabled": authuser.has_permission(Permission.EtudInscrit),
},
{
"title": "Enregistrer un semestre effectué ailleurs",
"endpoint": "notes.formsemestre_ext_create_form",
"args": args,
"enabled": authuser.has_permission(Permission.ScoImplement),
"enabled": authuser.has_permission(Permission.EditFormSemestre),
},
{
"title": "Affecter les notes manquantes",
"endpoint": "notes.formsemestre_note_etuds_sans_notes",
"args": args,
"enabled": authuser.has_permission(Permission.ScoEditAllNotes),
"enabled": authuser.has_permission(Permission.EditAllNotes),
},
]
@ -235,7 +231,7 @@ def ficheEtud(etudid=None):
else:
info["emaillink"] = "<em>(pas d'adresse e-mail)</em>"
# Champ dépendant des permissions:
if authuser.has_permission(Permission.ScoEtudChangeAdr):
if authuser.has_permission(Permission.EtudChangeAdr):
info[
"modifadresse"
] = f"""<a class="stdlink" href="{
@ -333,7 +329,7 @@ def ficheEtud(etudid=None):
}">Visualiser les compétences BUT</a>
</span>
"""
if authuser.has_permission(Permission.ScoEtudInscrit):
if authuser.has_permission(Permission.EtudInscrit):
info[
"link_inscrire_ailleurs"
] = f"""<span class="link_bul_pdf"><a class="stdlink" href="{
@ -351,7 +347,7 @@ def ficheEtud(etudid=None):
else:
# non inscrit
l = [f"""<p><b>Étudiant{info["ne"]} non inscrit{info["ne"]}"""]
if authuser.has_permission(Permission.ScoEtudInscrit):
if authuser.has_permission(Permission.EtudInscrit):
l.append(
f"""<a href="{
url_for("notes.formsemestre_inscription_with_modules_form",
@ -634,25 +630,25 @@ def menus_etud(etudid):
"title": "Changer la photo",
"endpoint": "scolar.form_change_photo",
"args": {"etudid": etud["etudid"]},
"enabled": authuser.has_permission(Permission.ScoEtudChangeAdr),
"enabled": authuser.has_permission(Permission.EtudChangeAdr),
},
{
"title": "Changer les données identité/admission",
"endpoint": "scolar.etudident_edit_form",
"args": {"etudid": etud["etudid"]},
"enabled": authuser.has_permission(Permission.ScoEtudInscrit),
"enabled": authuser.has_permission(Permission.EtudInscrit),
},
{
"title": "Copier dans un autre département...",
"endpoint": "scolar.etud_copy_in_other_dept",
"args": {"etudid": etud["etudid"]},
"enabled": authuser.has_permission(Permission.ScoEtudInscrit),
"enabled": authuser.has_permission(Permission.EtudInscrit),
},
{
"title": "Supprimer cet étudiant...",
"endpoint": "scolar.etudident_delete",
"args": {"etudid": etud["etudid"]},
"enabled": authuser.has_permission(Permission.ScoEtudInscrit),
"enabled": authuser.has_permission(Permission.EtudInscrit),
},
{
"title": "Voir le journal...",

60
app/scodoc/sco_permissions.py
View File

@ -14,51 +14,51 @@ _SCO_PERMISSIONS = (
# - tous rôles lors creation utilisateurs
(1 << 1, "ScoSuperAdmin", "Super Administrateur"),
(1 << 2, "ScoView", "Voir"),
(1 << 3, "ScoEnsView", "Voir les parties pour les enseignants"),
(1 << 4, "ScoObservateur", "Observer (accès lecture restreint aux bulletins)"),
(1 << 5, "ScoUsersAdmin", "Gérer les utilisateurs (de son département)"),
(1 << 6, "ScoUsersView", "Voir les utilisateurs (de tous les dépts)"),
(1 << 7, "ScoChangePreferences", "Modifier les préférences"),
(1 << 8, "ScoChangeFormation", "Changer les formations"),
(1 << 9, "ScoEditFormationTags", "Tagguer les formations"),
(1 << 10, "ScoEditAllNotes", "Modifier toutes les notes"),
(1 << 11, "ScoEditAllEvals", "Modifier toutes les evaluations"),
(1 << 12, "ScoImplement", "Mettre en place une formation (créer un semestre)"),
(1 << 13, "ScoAbsChange", "Saisir des absences"),
(1 << 14, "ScoAbsAddBillet", "Saisir des billets d'absences"),
(1 << 3, "EnsView", "Voir les parties pour les enseignants"),
(1 << 4, "Observateur", "Observer (accès lecture restreint aux bulletins)"),
(1 << 5, "UsersAdmin", "Gérer les utilisateurs (de son département)"),
(1 << 6, "UsersView", "Voir les utilisateurs (de tous les dépts)"),
(1 << 7, "EditPreferences", "Modifier les préférences"),
(1 << 8, "EditFormation", "Changer les formations"),
(1 << 9, "EditFormationTags", "Tagguer les formations"),
(1 << 10, "EditAllNotes", "Modifier toutes les notes"),
(1 << 11, "EditAllEvals", "Modifier toutes les evaluations"),
(1 << 12, "EditFormSemestre", "Mettre en place une formation (créer un semestre)"),
(1 << 13, "AbsChange", "Saisir des absences"),
(1 << 14, "AbsAddBillet", "Saisir des billets d'absences"),
# changer adresse/photo ou pour envoyer bulletins par mail ou pour debouche
(1 << 15, "ScoEtudChangeAdr", "Changer les adresses d'étudiants"),
(1 << 15, "EtudChangeAdr", "Changer les adresses d'étudiants"),
(
1 << 16,
"APIEditGroups",
"API: Modifier les groupes (obsolete, use ScoEtudChangeGroups)",
"API: Modifier les groupes (obsolete, use EtudChangeGroups)",
),
(1 << 16, "ScoEtudChangeGroups", "Modifier les groupes"),
(1 << 16, "EtudChangeGroups", "Modifier les groupes"),
# aussi pour demissions, diplomes:
(1 << 17, "ScoEtudInscrit", "Inscrire des étudiants"),
(1 << 17, "EtudInscrit", "Inscrire des étudiants"),
# aussi pour archives:
(1 << 18, "ScoEtudAddAnnotations", "Éditer les annotations"),
(1 << 19, "ScoEntrepriseView", "Voir la section 'entreprises'"),
(1 << 20, "ScoEntrepriseChange", "Modifier les entreprises"),
(1 << 21, "ScoEditPVJury", "Éditer les PV de jury"),
(1 << 18, "EtudAddAnnotations", "Éditer les annotations"),
# inutilisée (1 << 19, "ScoEntrepriseView", "Voir la section 'entreprises'"),
# inutilisée (1 << 20, "EntrepriseChange", "Modifier les entreprises"),
# XXX inutilisée ? (1 << 21, "EditPVJury", "Éditer les PV de jury"),
# ajouter maquettes Apogee (=> chef dept et secr):
(1 << 22, "ScoEditApo", "Ajouter des maquettes Apogées"),
(1 << 22, "EditApogee", "Gérer les exports Apogée"),
# Application relations entreprises
(1 << 23, "RelationsEntreprisesView", "Voir l'application relations entreprises"),
(1 << 24, "RelationsEntreprisesChange", "Modifier les entreprises"),
(1 << 25, "RelationsEntreprisesSend", "Envoyer des offres"),
(1 << 26, "RelationsEntreprisesValidate", "Valide les entreprises"),
(1 << 27, "RelationsEntreprisesCorrespondants", "Voir les correspondants"),
(1 << 23, "RelationsEntrepView", "Voir l'application relations entreprises"),
(1 << 24, "RelationsEntrepEdit", "Modifier les entreprises"),
(1 << 25, "RelationsEntrepSend", "Envoyer des offres"),
(1 << 26, "RelationsEntrepValidate", "Valide les entreprises"),
(1 << 27, "RelationsEntrepViewCorrs", "Voir les correspondants"),
(
1 << 28,
"RelationsEntreprisesExport",
"RelationsEntrepExport",
"Exporter les données de l'application relations entreprises",
),
(1 << 29, "ScoUsersChangeCASId", "Paramétrer l'id CAS"),
(1 << 29, "UsersChangeCASId", "Paramétrer l'id CAS"),
#
(1 << 40, "ScoEtudChangePhoto", "Modifier la photo d'un étudiant"),
# XXX inutilisée ? (1 << 40, "EtudChangePhoto", "Modifier la photo d'un étudiant"),
# Permissions du module Assiduité)
(1 << 50, "ScoJustifView", "Visualisation des fichiers justificatifs"),
(1 << 50, "AbsJustifView", "Visualisation des fichiers justificatifs"),
# Attention: les permissions sont codées sur 64 bits.
)

18
app/scodoc/sco_permissions_check.py
View File

@ -35,12 +35,12 @@ def can_edit_notes(authuser, moduleimpl_id, allow_ens=True):
if sco_cursus_dut.formsemestre_has_decisions(sem["formsemestre_id"]):
# il y a des décisions de jury dans ce semestre !
return (
authuser.has_permission(Permission.ScoEditAllNotes)
authuser.has_permission(Permission.EditAllNotes)
or authuser.id in sem["responsables"]
)
else:
if (
(not authuser.has_permission(Permission.ScoEditAllNotes))
(not authuser.has_permission(Permission.EditAllNotes))
and authuser.id != M["responsable_id"]
and authuser.id not in sem["responsables"]
):
@ -65,27 +65,29 @@ def can_suppress_annotation(annotation_id):
raise sco_exceptions.ScoValueError("annotation inexistante !")
anno = annos[0]
return (current_user.user_name == anno["author"]) or current_user.has_permission(
Permission.ScoEtudAddAnnotations
Permission.EtudAddAnnotations
)
def can_edit_suivi():
"""Vrai si l'utilisateur peut modifier les informations de suivi sur la page etud" """
return current_user.has_permission(Permission.ScoEtudChangeAdr)
return current_user.has_permission(Permission.EtudChangeAdr)
def is_chef_or_diretud(sem): # remplacé par formsemestre.est_chef_or_diretud
"Vrai si utilisateur est admin, chef dept ou responsable du semestre"
if (
current_user.has_permission(Permission.ScoImplement)
current_user.has_permission(Permission.EditFormSemestre)
or current_user.id in sem["responsables"]
):
return True
return False
def check_access_diretud(formsemestre_id, required_permission=Permission.ScoImplement):
"""Check if access granted: responsable or ScoImplement
def check_access_diretud(
formsemestre_id, required_permission=Permission.EditFormSemestre
):
"""Check if access granted: responsable or EditFormSemestre
Return True|False, HTML_error_page
"""
from app.scodoc import sco_formsemestre
@ -131,7 +133,7 @@ def can_handle_passwd(user: User, allow_admindepts=False) -> bool:
if user.user_name == current_user.user_name:
return True
# If don't have permission in the current dept, abort
if not current_user.has_permission(Permission.ScoUsersAdmin, g.scodoc_dept):
if not current_user.has_permission(Permission.UsersAdmin, g.scodoc_dept):
return False
# Now check that current_user can manage users from this departement
if not current_user.dept:

95
app/scodoc/sco_roles_default.py
View File

@ -7,77 +7,72 @@
from app.scodoc.sco_permissions import Permission as p
SCO_ROLES_DEFAULTS = {
"Observateur": (p.ScoObservateur,),
"Ens": (
p.ScoAbsAddBillet,
p.ScoAbsChange,
p.ScoEnsView,
p.ScoEntrepriseView,
p.ScoEtudAddAnnotations,
p.ScoObservateur,
p.ScoUsersView,
p.AbsAddBillet,
p.AbsChange,
p.EnsView,
p.EtudAddAnnotations,
p.Observateur,
p.UsersView,
p.ScoView,
),
"Secr": (
p.ScoAbsAddBillet,
p.ScoAbsChange,
p.ScoEditApo,
p.ScoEntrepriseChange,
p.ScoEntrepriseView,
p.ScoEtudAddAnnotations,
p.ScoEtudChangeAdr,
p.ScoObservateur,
p.ScoUsersView,
p.AbsAddBillet,
p.AbsChange,
p.EditApogee,
p.EtudAddAnnotations,
p.EtudChangeAdr,
p.Observateur,
p.UsersView,
p.ScoView,
),
# Admin est le chef du département, pas le "super admin"
# on doit donc lister toutes ses permissions:
"Admin": (
p.ScoAbsAddBillet,
p.ScoAbsChange,
p.ScoChangeFormation,
p.ScoChangePreferences,
p.ScoEditAllEvals,
p.ScoEditAllNotes,
p.ScoEditApo,
p.ScoEditFormationTags,
p.ScoEnsView,
p.ScoEntrepriseChange,
p.ScoEntrepriseView,
p.ScoEtudAddAnnotations,
p.ScoEtudChangeAdr,
p.ScoEtudChangeGroups,
p.ScoEtudInscrit,
p.ScoImplement,
p.ScoObservateur,
p.ScoUsersAdmin,
p.ScoUsersView,
p.AbsAddBillet,
p.AbsChange,
p.EditFormation,
p.EditPreferences,
p.EditAllEvals,
p.EditAllNotes,
p.EditApogee,
p.EditFormationTags,
p.EnsView,
p.EtudAddAnnotations,
p.EtudChangeAdr,
p.EtudChangeGroups,
p.EtudInscrit,
p.EditFormSemestre,
p.Observateur,
p.UsersAdmin,
p.UsersView,
p.ScoView,
),
# RespPE est le responsable poursuites d'études
# il peut ajouter des tags sur les formations:
# (doit avoir un rôle Ens en plus !)
"RespPe": (p.ScoEditFormationTags,),
# Rôles pour l'application relations entreprises
# ObservateurEntreprise est un observateur de l'application entreprise
"ObservateurEntreprise": (p.RelationsEntreprisesView,),
"ObservateurEntreprise": (p.RelationsEntrepView,),
# UtilisateurEntreprise est un utilisateur de l'application entreprise (droit de modification)
"UtilisateurEntreprise": (
p.RelationsEntreprisesView,
p.RelationsEntreprisesChange,
p.RelationsEntreprisesCorrespondants,
p.RelationsEntrepView,
p.RelationsEntrepEdit,
p.RelationsEntrepViewCorrs,
),
# AdminEntreprise est un admin de l'application entreprise (toutes les actions possibles de l'application)
"AdminEntreprise": (
p.RelationsEntreprisesView,
p.RelationsEntreprisesChange,
p.RelationsEntreprisesExport,
p.RelationsEntreprisesSend,
p.RelationsEntreprisesValidate,
p.RelationsEntreprisesCorrespondants,
p.RelationsEntrepView,
p.RelationsEntrepEdit,
p.RelationsEntrepExport,
p.RelationsEntrepSend,
p.RelationsEntrepValidate,
p.RelationsEntrepViewCorrs,
),
# LecteurAPI peut utiliser l'API en lecture
"LecteurAPI": (p.ScoView,),
"Observateur": (p.Observateur,),
# RespPE est le responsable poursuites d'études
# il peut ajouter des tags sur les formations:
# (doit avoir un rôle Ens en plus !)
"RespPe": (p.EditFormationTags,),
# Super Admin est un root: création/suppression de départements
# _tous_ les droits
# Afin d'avoir tous les droits, il ne doit pas être asscoié à un département

2
app/scodoc/sco_synchro_etuds.py
View File

@ -92,7 +92,7 @@ def formsemestre_synchro_etuds(
sem = sco_formsemestre.get_formsemestre(formsemestre_id)
sem["etape_apo_str"] = sco_formsemestre.formsemestre_etape_apo_str(sem)
# Write access ?
if not current_user.has_permission(Permission.ScoEtudInscrit):
if not current_user.has_permission(Permission.EtudInscrit):
read_only = True
if read_only:
submitted = False

2
app/scodoc/sco_ue_external.py
View File

@ -92,7 +92,7 @@ def external_ue_create(
log(f"creating external UE in {formsemestre}: {acronyme}")
# Contrôle d'accès:
if not current_user.has_permission(Permission.ScoImplement):
if not current_user.has_permission(Permission.EditFormSemestre):
if (not formsemestre.resp_can_edit) or (
current_user.id not in [u.id for u in formsemestre.responsables]
):

4
app/scodoc/sco_users.py
View File

@ -56,7 +56,7 @@ def index_html(
H = [html_sco_header.html_sem_header("Gestion des utilisateurs")]
if current_user.has_permission(Permission.ScoUsersAdmin, g.scodoc_dept):
if current_user.has_permission(Permission.UsersAdmin, g.scodoc_dept):
H.append(
f"""<p><a href="{url_for("users.create_user_form",
scodoc_dept=g.scodoc_dept)
@ -118,7 +118,7 @@ def index_html(
fmt=fmt,
having_role=having_role,
with_inactives=with_inactives,
with_links=current_user.has_permission(Permission.ScoUsersAdmin, g.scodoc_dept),
with_links=current_user.has_permission(Permission.UsersAdmin, g.scodoc_dept),
)
if fmt != "html":
return content

48
app/static/css/role_editor.css
View File

@ -3,15 +3,51 @@
margin-bottom: 24px;
}
section#roles {
.roles-editor {
background-color: #fffaf4;
border-radius: 8px;
font-size: 90%;
margin-bottom: 24px;
padding: 8px;
}
.role {
.re-row {
/* align-items: center; */
display: flex;
flex-wrap: wrap;
flex-wrap: nowrap;
gap: 4px;
margin-bottom: 32px;
margin-bottom: 8px;
}
.re-row-titres .role-standard {
font-weight: bold;
}
.re-row-perm {
transition: background-color 0.3s ease;
}
.re-row-perm:hover {
background-color: rgba(250, 250, 8, 0.816); /* Highlight color */
cursor: pointer;
}
.re-cell {
/* align-self: center; */
flex-basis: 40px;
flex-grow: 0;
flex-shrink: 0;
overflow-wrap: anywhere;
}
.permission-titre {
flex-basis: 210px;
flex-grow: 0;
flex-shrink: 0;
overflow-wrap: anywhere;
}
.role-titre {
transform: rotate(180deg) translate(60%, 0);
writing-mode: vertical-lr;
}
.role>div, .role span {
@ -26,8 +62,8 @@ section#roles {
}
.role input:checked:not([value=aucun])+span {
background: rgb(165, 6, 59);
border-color: rgb(165, 6, 59);
background: rgb(0, 141, 42);
border-color: rgb(0, 141, 42);
color: #fff;
}

8
app/templates/auth/user_info_page.j2
View File

@ -42,7 +42,7 @@
<ul>
{% if (
current_user.is_administrator()
or current_user.has_permission(Permission.ScoUsersAdmin, user.dept)
or current_user.has_permission(Permission.UsersAdmin, user.dept)
) %}
<li><a class="stdlink" href="{{
url_for( 'users.form_change_password',
@ -50,7 +50,7 @@
}}">modifier le mot de passe ou l'adresse mail</a>
</li>
{% endif %}
{% if current_user.has_permission(Permission.ScoUsersAdmin, dept) %}
{% if current_user.has_permission(Permission.UsersAdmin, dept) %}
<li><a class="stdlink" href="{{
url_for('users.create_user_form', scodoc_dept=g.scodoc_dept,
user_name=user.user_name, edit=1)
@ -59,7 +59,7 @@
{% endif %}
{% if (
current_user.is_administrator()
or current_user.has_permission(Permission.ScoUsersAdmin, user.dept)
or current_user.has_permission(Permission.UsersAdmin, user.dept)
) %}
<li><a class="stdlink" href="{{
url_for('users.toggle_active_user', scodoc_dept=g.scodoc_dept,
@ -96,7 +96,7 @@
</ul>
</div>
{% if current_user.has_permission(Permission.ScoUsersAdmin, dept) %}
{% if current_user.has_permission(Permission.UsersAdmin, dept) %}
<p><a class="stdlink" href="
{{url_for('users.index_html', scodoc_dept=g.scodoc_dept)}}
">Liste de tous les utilisateurs</a></p>

2
app/templates/base.j2
View File

@ -37,7 +37,7 @@
}}">Dept. {{ g.scodoc_dept }}</a></li>
{% endif %}
{% if not current_user.is_anonymous and
current_user.has_permission(current_user.Permission.RelationsEntreprisesView, None) and scu and
current_user.has_permission(current_user.Permission.RelationsEntrepView, None) and scu and
scu.is_entreprises_enabled() %}
<li><a href="{{ url_for('entreprises.index') }}">Entreprises</a></li>
{% endif %}

2
app/templates/but/parcour_formation.j2
View File

@ -8,7 +8,7 @@
{% macro menu_ue(niv, sem="pair", sem_idx=0) -%}
{% if niv['niveau'] %}
{% if current_user.has_permission(sco.Permission.ScoChangeFormation) %}
{% if current_user.has_permission(sco.Permission.EditFormation) %}
<select name="ue_niv_{{niv['niveau'].id}}" id="ue_niv_{{niv['niveau'].id}}"
onchange="assoc_ue_niveau(event,
{{niv['niveau'].id}}, {{parcour.id}}

2
app/templates/entreprises/_correspondant.j2
View File

@ -24,7 +24,7 @@
{% endif %}
</div>
{% if current_user.has_permission(current_user.Permission.RelationsEntreprisesChange, None) %}
{% if current_user.has_permission(current_user.Permission.RelationsEntrepEdit, None) %}
<div class="parent-btn">
<a class="btn btn-primary" href="{{ url_for('entreprises.edit_correspondant', entreprise_id=correspondant.site.entreprise.id, site_id=correspondant.site_id, correspondant_id=correspondant.id) }}">Modifier correspondant</a>
<a class="btn btn-danger" href="{{ url_for('entreprises.delete_correspondant', entreprise_id=correspondant.site.entreprise.id, site_id=correspondant.site_id, correspondant_id=correspondant.id) }}">Supprimer correspondant</a>

10
app/templates/entreprises/_offre.j2
View File

@ -22,28 +22,28 @@
{% for filedir, filename in files %}
<a href="{{ url_for('entreprises.get_offre_file', entreprise_id=entreprise.id, offre_id=offre.id, filedir=filedir, filename=filename )}}">{{ filename }}</a>
{% if current_user.has_permission(current_user.Permission.RelationsEntreprisesChange, None) %}
{% if current_user.has_permission(current_user.Permission.RelationsEntrepEdit, None) %}
<a href="{{ url_for('entreprises.delete_offre_file', entreprise_id=entreprise.id, offre_id=offre.id, filedir=filedir )}}" style="margin-left: 5px;"><img title="Supprimer fichier" alt="supprimer" width="10" height="9" border="0" src="/ScoDoc/static/icons/delete_small_img.png" /></a>
{% endif %}
<br>
{% endfor %}
{% if current_user.has_permission(current_user.Permission.RelationsEntreprisesChange, None) %}
{% if current_user.has_permission(current_user.Permission.RelationsEntrepEdit, None) %}
<a href="{{ url_for('entreprises.add_offre_file', entreprise_id=entreprise.id, offre_id=offre.id) }}">Ajoutez un fichier</a>
{% endif %}
</div>
<div class="parent-btn">
{% if current_user.has_permission(current_user.Permission.RelationsEntreprisesChange, None) %}
{% if current_user.has_permission(current_user.Permission.RelationsEntrepEdit, None) %}
<a class="btn btn-primary" href="{{ url_for('entreprises.edit_offre', entreprise_id=offre.entreprise_id, offre_id=offre.id) }}">Modifier l'offre</a>
<a class="btn btn-danger" href="{{ url_for('entreprises.delete_offre', entreprise_id=offre.entreprise_id, offre_id=offre.id) }}">Supprimer l'offre</a>
{% endif %}
{% if current_user.has_permission(current_user.Permission.RelationsEntreprisesSend, None) %}
{% if current_user.has_permission(current_user.Permission.RelationsEntrepSend, None) %}
<a class="btn btn-primary" href="{{ url_for('entreprises.envoyer_offre', entreprise_id=entreprise.id, offre_id=offre.id) }}">Envoyer l'offre</a>
{% endif %}
{% if current_user.has_permission(current_user.Permission.RelationsEntreprisesChange, None) %}
{% if current_user.has_permission(current_user.Permission.RelationsEntrepEdit, None) %}
{% if not offre.expired %}
<a class="btn btn-danger" href="{{ url_for('entreprises.expired', entreprise_id=offre.entreprise_id, offre_id=offre.id) }}">Rendre expirée</a>
{% else %}

8
app/templates/entreprises/contacts.j2
View File

@ -26,7 +26,7 @@
<div class="container" style="margin-bottom: 10px;">
<h1>Liste des contacts</h1>
{% if current_user.has_permission(current_user.Permission.RelationsEntreprisesChange, None) %}
{% if current_user.has_permission(current_user.Permission.RelationsEntrepEdit, None) %}
<a class="btn btn-primary" style="margin-bottom:10px;"
href="{{ url_for('entreprises.add_contact', entreprise_id=entreprise.id) }}">Ajouter contact</a>
{% endif %}
@ -36,7 +36,7 @@
<td data-priority="">Date</td>
<td data-priority="">Utilisateur</td>
<td data-priority="">Notes</td>
{% if current_user.has_permission(current_user.Permission.RelationsEntreprisesChange, None) %}
{% if current_user.has_permission(current_user.Permission.RelationsEntrepEdit, None) %}
<td data-priority="">Action</td>
{% endif %}
</tr>
@ -47,7 +47,7 @@
<td>{{ contact.date.strftime('%d/%m/%Y %Hh%M') }}</td>
<td>{{ contact.user|get_nomcomplet_by_id }}</td>
<td>{{ contact.notes }}</td>
{% if current_user.has_permission(current_user.Permission.RelationsEntreprisesChange, None) %}
{% if current_user.has_permission(current_user.Permission.RelationsEntrepEdit, None) %}
<td>
<div class="btn-group">
<a class="btn btn-default dropdown-toggle" data-toggle="dropdown" href="#">Action
@ -71,7 +71,7 @@
<td>Date</td>
<td>Utilisateur</td>
<td>Notes</td>
{% if current_user.has_permission(current_user.Permission.RelationsEntreprisesChange, None) %}
{% if current_user.has_permission(current_user.Permission.RelationsEntrepEdit, None) %}
<td>Action</td>
{% endif %}
</tr>

12
app/templates/entreprises/entreprises.j2
View File

@ -24,13 +24,13 @@
{% endif %}
<div class="container boutons">
{% if current_user.has_permission(current_user.Permission.RelationsEntreprisesChange, None) %}
{% if current_user.has_permission(current_user.Permission.RelationsEntrepEdit, None) %}
<a class="btn btn-default" href="{{ url_for('entreprises.add_entreprise') }}">Ajouter une entreprise</a>
{% endif %}
{% if current_user.has_permission(current_user.Permission.RelationsEntreprisesExport, None) %}
{% if current_user.has_permission(current_user.Permission.RelationsEntrepExport, None) %}
<a class="btn btn-default" href="{{ url_for('entreprises.import_donnees') }}">Importer des données</a>
{% endif %}
{% if current_user.has_permission(current_user.Permission.RelationsEntreprisesExport, None) and entreprises %}
{% if current_user.has_permission(current_user.Permission.RelationsEntrepExport, None) and entreprises %}
<a class="btn btn-default" href="{{ url_for('entreprises.export_donnees') }}">Exporter des données</a>
{% endif %}
</div>
@ -57,7 +57,7 @@
<td data-priority="6">Code postal</td>
<td data-priority="5">Ville</td>
<td data-priority="7">Pays</td>
{% if current_user.has_permission(current_user.Permission.RelationsEntreprisesChange, None) %}
{% if current_user.has_permission(current_user.Permission.RelationsEntrepEdit, None) %}
<td data-priority="3">Action</td>
{% endif %}
</tr>
@ -73,7 +73,7 @@
<td>{{ entreprise.codepostal }}</td>
<td>{{ entreprise.ville }}</td>
<td>{{ entreprise.pays }}</td>
{% if current_user.has_permission(current_user.Permission.RelationsEntreprisesChange, None) %}
{% if current_user.has_permission(current_user.Permission.RelationsEntrepEdit, None) %}
<td>
<div class="btn-group">
<a class="btn btn-default dropdown-toggle" data-toggle="dropdown" href="#">Action
@ -105,7 +105,7 @@
<td>Code postal</td>
<td>Ville</td>
<td>Pays</td>
{% if current_user.has_permission(current_user.Permission.RelationsEntreprisesChange, None) %}
{% if current_user.has_permission(current_user.Permission.RelationsEntrepEdit, None) %}
<td>Action</td>
{% endif %}
</tr>

16
app/templates/entreprises/fiche_entreprise.j2
View File

@ -60,7 +60,7 @@
{% endif %}
</div>
{% if current_user.has_permission(current_user.Permission.RelationsEntreprisesChange, None) %}
{% if current_user.has_permission(current_user.Permission.RelationsEntrepEdit, None) %}
<div>
Taxe d'apprentissage<br>
<a class="btn btn-primary"
@ -90,7 +90,7 @@
</div>
<div>
{% if current_user.has_permission(current_user.Permission.RelationsEntreprisesChange, None) %}
{% if current_user.has_permission(current_user.Permission.RelationsEntrepEdit, None) %}
<a class="btn btn-primary"
href="{{ url_for('entreprises.edit_entreprise', entreprise_id=entreprise.id) }}">Modifier</a>
{% if entreprise.active %}
@ -123,7 +123,7 @@
Code postal : {{ site.codepostal }}<br>
Ville : {{ site.ville }}<br>
Pays : {{ site.pays }}
{% if current_user.has_permission(current_user.Permission.RelationsEntreprisesChange, None) %}
{% if current_user.has_permission(current_user.Permission.RelationsEntrepEdit, None) %}
<div>
<a class="btn btn-primary"
href="{{ url_for('entreprises.edit_site', entreprise_id=entreprise.id, site_id=site.id) }}">Modifier</a>
@ -132,7 +132,7 @@
correspondant</a>
</div>
{% endif %}
{% if current_user.has_permission(current_user.Permission.RelationsEntreprisesCorrespondants, None) %}
{% if current_user.has_permission(current_user.Permission.RelationsEntrepViewCorrs, None) %}
{% for correspondant in site.correspondants %}
{% include 'entreprises/_correspondant.j2' %}
{% endfor %}
@ -156,7 +156,7 @@
<div style="margin-bottom: 10px;">
<h3>Liste des stages et apprentissages réalisés au sein de l'entreprise</h3>
{% if current_user.has_permission(current_user.Permission.RelationsEntreprisesChange, None) %}
{% if current_user.has_permission(current_user.Permission.RelationsEntrepEdit, None) %}
<a class="btn btn-primary" href="{{ url_for('entreprises.add_stage_apprentissage', entreprise_id=entreprise.id) }}"
style="margin-bottom:10px;">Ajouter stage ou apprentissage</a>
{% endif %}
@ -170,7 +170,7 @@
<td data-priority="1">Étudiant</td>
<td data-priority="6">Formation</td>
<td data-priority="7">Notes</td>
{% if current_user.has_permission(current_user.Permission.RelationsEntreprisesChange, None) %}
{% if current_user.has_permission(current_user.Permission.RelationsEntrepEdit, None) %}
<td data-priority="3">Action</td>
{% endif %}
</tr>
@ -187,7 +187,7 @@
etudiant.nom|format_nom }} {{ etudiant.prenom|format_prenom }}</a></td>
<td>{% if stage_apprentissage.formation_text %}{{ stage_apprentissage.formation_text }}{% endif %}</td>
<td>{{ stage_apprentissage.notes }}</td>
{% if current_user.has_permission(current_user.Permission.RelationsEntreprisesChange, None) %}
{% if current_user.has_permission(current_user.Permission.RelationsEntrepEdit, None) %}
<td>
<div class="btn-group">
<a class="btn btn-default dropdown-toggle" data-toggle="dropdown" href="#">Action
@ -215,7 +215,7 @@
<td>Étudiant</td>
<td>Formation</td>
<td>Notes</td>
{% if current_user.has_permission(current_user.Permission.RelationsEntreprisesChange, None) %}
{% if current_user.has_permission(current_user.Permission.RelationsEntrepEdit, None) %}
<td>Action</td>
{% endif %}
</tr>

2
app/templates/entreprises/fiche_entreprise_validation.j2
View File

@ -41,7 +41,7 @@
Code postal : {{ site.codepostal }}<br>
Ville : {{ site.ville }}<br>
Pays : {{ site.pays }}
{% if current_user.has_permission(current_user.Permission.RelationsEntreprisesCorrespondants, None) %}
{% if current_user.has_permission(current_user.Permission.RelationsEntrepViewCorrs, None) %}
{% for correspondant in site.correspondants %}
<div class="correspondant">
<div>

4
app/templates/entreprises/nav.j2
View File

@ -6,7 +6,7 @@
<a href="{{ url_for('entreprises.index') }}" class="nav_entreprise_link {% if title=='Entreprises' %}nav_entreprise_link-active{% endif %}">Entreprises</a>
</li>
{% if current_user.has_permission(current_user.Permission.RelationsEntreprisesCorrespondants, None) %}
{% if current_user.has_permission(current_user.Permission.RelationsEntrepViewCorrs, None) %}
<li class="nav_entreprise_item">
<a href="{{ url_for('entreprises.correspondants') }}" class="nav_entreprise_link {% if title=='Correspondants' %}nav_entreprise_link-active{% endif %}">Correspondants</a>
</li>
@ -16,7 +16,7 @@
<a href="{{ url_for('entreprises.offres_recues') }}" class="nav_entreprise_link {% if title=='Offres reçues' %}nav_entreprise_link-active{% endif %}">Offres reçues</a>
</li>
{% if current_user.has_permission(current_user.Permission.RelationsEntreprisesValidate, None) %}
{% if current_user.has_permission(current_user.Permission.RelationsEntrepValidate, None) %}
<li class="nav_entreprise_item">
<a href="{{ url_for('entreprises.validation') }}" class="nav_entreprise_link {% if title=='Validation entreprises' %}nav_entreprise_link-active{% endif %}">Entreprises à valider</a>
</li>

2
app/templates/entreprises/form_confirmation.j2 → app/templates/form_confirmation.j2
View File

@ -5,7 +5,7 @@
{% block app_content %}
<h1>{{ title }}</h1>
<br>
<div>{{ info_message }}</div>
<div>{{ info_message | safe }}</div>
<br>
<div class="row">
<div class="col-md-4">

2
app/templates/main/index.j2
View File

@ -39,7 +39,7 @@
<li><a href="ScoDoc/RT/Scolarite/Notes/essai"><tt>Notes/essai</tt> : test "notes", url
manuelle</a></li>
<li><a href="{{ url_for('notes.essai2' , scodoc_dept='RT') }}"><tt>Notes/essai2</tt></a> : permission
ScoImplement dans RT
EditFormSemestre dans RT
</li>
</ul>
<h3>Essais décorateurs et appels</h3>

69
app/templates/role_editor.j2
View File

@ -1,69 +0,0 @@
{# -*- mode: jinja-html -*- #}
{# -*- Edition des rôles/permissions -- inspiré de partition_editor -*- #}
{% extends "base.j2" %}
{% import 'bootstrap/wtf.html' as wtf %}
{% block styles %}
{{super()}}
<link rel="stylesheet" href="{{ scu.STATIC_DIR }}/css/partition_editor.css">
<link rel="stylesheet" href="{{ scu.STATIC_DIR }}/css/role_editor.css">
{% endblock %}
{% block app_content %}
<h1>Définition des rôles et leurs permissions</h1>
<div class="help">Les rôles sont associés à un ensemble de permissions. Chaque
utilisateur peut avoir un nombre quelconque de rôles <em>dans chaque
département</em>.
Sur cette page vous pouvez modifier les permissions associée à chaque rôle, ou créer de nouveaux rôles.
</div>
{# <div class="links">
<a class="stdlink" href="{{ url_for('scodoc.users') }}">liste des comptes utilisateurs</a>
</div> #}
<main>
<section id="roles">
<div class="permission-roles">
{% for role in roles %}
<div class="role">
<div>{{role.name}}</div>
<label title="Aucune permission">
<input type="checkbox" name="{{role.id}}" value="aucun" checked="" class="">
<span class="aucun"> - </span>
</label>
{% for permission_name in permissions_names %}
<label>
<input type="checkbox"
name="{{role.id}}-{{Permission.get_by_name(permission_name)}}"
value="{{role.id}}-{{Permission.get_by_name(permission_name)}}"
{{"checked" if role.has_permission(Permission.get_by_name(permission_name)) else ''}}
>
<span data-permission="{{
Permission.get_by_name(permission_name)
}}">{{permission_name}}</span>
</label>
{% endfor %}
</div>
{% endfor %}
</div>
</section>
</main>
<script>
function associe_role_permission() {
alert("toto");
}
document.querySelectorAll("label").forEach(btn => {
btn.addEventListener("mousedown", (event) => { event.preventDefault() })
});
document.querySelectorAll(".role input").forEach(input => {
input.addEventListener("input", associe_role_permission)
});
</script>
{% endblock %}

8
app/templates/sco_value_error.j2
View File

@ -7,13 +7,15 @@
{{ exc | safe }}
<p>
<div style="margin-top: 16px;">
{% if g.scodoc_dept %}
<a href="{{ exc.dest_url or url_for('scolar.index_html', scodoc_dept=g.scodoc_dept) }}">continuer</a>
{% elif exc.dest_url %}
<a href="{{ exc.dest_url or url_for('scodoc.index') }}">continuer</a>
{% else %}
<a href="{{ exc.dest_url or url_for('scodoc.index') }}">retour page d'accueil</a>
<a href="{{ exc.dest_url or url_for('scodoc.index') }}">retour page d'accueil</a>
{% endif %}
</p>
</div>
<p style="margin-top: 32px;" class="help">
Si le problème persiste, merci de contacter le support ScoDoc via

33
app/templates/scodoc/permission_info.j2 Normal file
View File

@ -0,0 +1,33 @@
{% extends "base.j2" %}
{% block styles %}
{{super()}}
<style>
.permission-info {
border-radius: 8px;
background-color: #fffaf4;
margin-bottom: 24px;
padding: 8px;
}
</style>
{% endblock %}
{% block app_content %}
<h1>Définition des rôles et leurs permissions</h1>
<div class="permission-info">
<h2>Détails sur la permission {{permission_name}}</h2>
<div class="permission-details">
<div><b>Code de la permission :</b> <tt>{{permission_name}} ({{permission}})</tt></div>
<div><b>Description :</b> <em>{{Permission.description[permission_name]}}</em></div>
</div>
</div>
<div><a class="stdlink" href="{{url_for( 'scodoc.config_roles' )}}">Formulaire d'édition des rôles</a></div>
{% endblock %}

22
app/templates/scodoc/role_create.j2 Normal file
View File

@ -0,0 +1,22 @@
{# -*- mode: jinja-html -*- #}
{% extends "base.j2" %}
{% import 'bootstrap/wtf.html' as wtf %}
{% block app_content %}
<h1>Créer un rôle</h1>
<div class="help">
Un rôle est associé à un ensemble de permissions.
Les utilisateurs peuvent avoir un ou plusieurs rôles dans chaque département.
</div>
<div><b>Rôles déjà existants :</b> <tt>{{', '.join(roles_names)}}</tt>
<div class="row" style="margin-top: 24px;">
<div class="col-md-4">
{{ wtf.quick_form(form) }}
</div>
</div>
{% endblock %}

112
app/templates/scodoc/role_editor.j2 Normal file
View File

@ -0,0 +1,112 @@
{# -*- mode: jinja-html -*- #}
{# -*- Edition des rôles/permissions -*- #}
{% extends "base.j2" %}
{% import 'bootstrap/wtf.html' as wtf %}
{% block styles %}
{{super()}}
<link rel="stylesheet" href="{{ scu.STATIC_DIR }}/css/role_editor.css">
{% endblock %}
{% block app_content %}
<h1>Définition des rôles et leurs permissions</h1>
<div class="help">Les rôles sont associés à un ensemble de permissions. Chaque
utilisateur peut avoir un nombre quelconque de rôles <em>dans chaque
département</em>.
Sur cette page vous pouvez modifier les permissions associée à chaque rôle, ou créer de nouveaux rôles.
Les rôles <b>en gras</b> sont les rôles standards de ScoDoc.
</div>
{# <div class="links">
<a class="stdlink" href="{{ url_for('scodoc.users') }}">liste des comptes utilisateurs</a>
</div> #}
<main class="roles-editor">
<div class="re-row re-row-titres">
<div class="re-cell role-titre permission-titre"></div>
{% for role in roles %}
<div class="re-cell role-titre {{'role-standard' if role.name in SCO_ROLES_DEFAULTS else ''}}">
<a class="discretelink" href="{{
url_for('scodoc.role_info', role_name=role.name)
}}">{{role.name}}</a>
</div>
{% endfor %}
</div>
{% for permission_name in permissions_names %}
<div class="re-row re-row-perm">
<div class="re-cell permission-titre" style="position: relative;">
<div class="with_scoplement">
<div><a class="discretelink" href="{{
url_for('scodoc.permission_info', perm_name=permission_name)
}}">{{permission_name}}</a></div>
<div class="scoplement">
{{ Permission.description.get(permission_name) }}
</div>
</div>
</div>
{% for role in roles %}
<div class="re-cell {{'role-standard' if role.name in SCO_ROLES_DEFAULTS else ''}}">
<label>
<input type="checkbox"
name="{{role.id}}-{{Permission.get_by_name(permission_name)}}"
data-role="{{role.name}}"
data-permission="{{permission_name}}"
{{'checked' if role.has_permission(Permission.get_by_name(permission_name)) else ''}}
>
</label>
</div>
{% endfor %}
</div>
{% endfor %}
</main>
<div>
<a class="stdlink" href="{{url_for('scodoc.role_create')}}">Créer un nouveau rôle</a>
</div>
<div style="margin-top: 16px;">
🛟 <a class="stdlink" href="{{url_for('auth.reset_standard_roles_permissions')}}">Remettre
les permissions des rôles standards à leurs valeurs par défaut</a>
<em>(efface les modifications apportées aux rôles <tt>{{ ', '.join(SCO_ROLES_DEFAULTS.keys()) }}</tt>)</em>
</div>
<script>
async function associe_role_permission(event) {
// /role/<string:role_name>/add_permission/<string:perm_name>"
const method = event.target.checked ? "/add_permission/" : "/remove_permission/";
const url = `${SCO_URL}/../api/role/${event.target.dataset.role}${method}${event.target.dataset.permission}`;
try {
const response = await fetch(
url,
{
method: "POST",
}
);
const data = await response.json();
if (data.role_name != event.target.dataset.role) {
console.error("Fetch error, received:", data);
alert("Une erreur est survenue");
location.reload();
}
sco_message(`rôle ${event.target.dataset.role} enregistré`);
} catch (error) {
console.error("Fetch error:", error);
sco_message("Erreur réseau: valeur non enregistrée");
}
}
document.querySelectorAll("label").forEach(btn => {
btn.addEventListener("mousedown", (event) => { event.preventDefault() })
});
document.querySelectorAll(".re-cell input").forEach(input => {
input.addEventListener("input", associe_role_permission)
});
</script>
{% endblock %}

46
app/templates/scodoc/role_info.j2 Normal file
View File

@ -0,0 +1,46 @@
{# -*- mode: jinja-html -*- #}
{# -*- Info sur un rôle -*- #}
{% extends "base.j2" %}
{% block styles %}
{{super()}}
<style>
.role-info {
border-radius: 8px;
background-color: #fffaf4;
margin-bottom: 24px;
padding: 8px;
}
.role-details {
margin-bottom: 16px;
}
</style>
{% endblock %}
{% block app_content %}
<h1>Définition des rôles et leurs permissions</h1>
<div class="role-info">
<h2>Détails sur le rôle {{role.name}}</h2>
<div class="role-details">
<div><b>Code du rôle :</b> <tt>{{role.name}}</tt></div>
<div><b>Permissions associées :</b> <tt>{{', '.join(role.get_named_permissions())}}</tt></div>
</div>
</div>
<div>
{% if role.name in SCO_ROLES_DEFAULTS %}
<em>Ce rôle fait partie des rôles standards de ScoDoc et ne peut pas être supprimé.</em>
{% else %}
❌ <a class="stdlink" href="{{url_for('scodoc.role_delete', role_name=role.name )}}">supprimer ce rôle</a>
{% endif %}
</div>
<div style="margin-top: 24px;"><a class="stdlink" href="{{url_for( 'scodoc.config_roles' )}}">Formulaire d'édition des rôles</a></div>
{% endblock %}

10
app/templates/sidebar.j2
View File

@ -25,16 +25,16 @@
<a href="{{url_for('scolar.index_html', scodoc_dept=g.scodoc_dept)}}" class="sidebar">Semestres</a> <br>
<a href="{{url_for('notes.index_html', scodoc_dept=g.scodoc_dept)}}" class="sidebar">Programmes</a> <br>
{% if current_user.has_permission(sco.Permission.ScoAbsChange)%}
{% if current_user.has_permission(sco.Permission.AbsChange)%}
<a href="{{url_for('assiduites.bilan_dept', scodoc_dept=g.scodoc_dept)}}" class="sidebar">Assiduité</a> <br>
{% endif %}
{% if current_user.has_permission(sco.Permission.ScoUsersAdmin)
or current_user.has_permission(sco.Permission.ScoUsersView)
{% if current_user.has_permission(sco.Permission.UsersAdmin)
or current_user.has_permission(sco.Permission.UsersView)
%}
<a href="{{url_for('users.index_html', scodoc_dept=g.scodoc_dept)}}" class="sidebar">Utilisateurs</a> <br />
{% endif %}
{% if current_user.has_permission(sco.Permission.ScoChangePreferences) %}
{% if current_user.has_permission(sco.Permission.EditPreferences) %}
<a href="{{url_for('scolar.edit_preferences', scodoc_dept=g.scodoc_dept)}}" class="sidebar">Paramétrage</a> <br>
{% endif %}
{# /sidebar_common #}
@ -61,7 +61,7 @@
<br />{{sco.nbabsjust}} J., {{sco.nbabsnj}} N.J.</span>
{% endif %}
<ul>
{% if current_user.has_permission(sco.Permission.ScoAbsChange) %}
{% if current_user.has_permission(sco.Permission.AbsChange) %}
<li><a href="{{ url_for('assiduites.signal_assiduites_etud', scodoc_dept=g.scodoc_dept,
etudid=sco.etud.id) }}">Ajouter</a></li>
<li><a href="{{ url_for('assiduites.ajout_justificatif_etud', scodoc_dept=g.scodoc_dept,

10
app/views/absences.py
View File

@ -83,7 +83,7 @@ def index_html():
),
]
if current_user.has_permission(
Permission.ScoAbsChange
Permission.AbsChange
) and sco_preferences.get_preference("handle_billets_abs"):
H.append(
f"""
@ -100,7 +100,7 @@ def index_html():
# ----- Gestion des "billets d'absence": signalement par les etudiants eux mêmes (à travers le portail)
@bp.route("/AddBilletAbsence", methods=["GET", "POST"]) # API ScoDoc 7 compat
@scodoc
@permission_required_compat_scodoc7(Permission.ScoAbsAddBillet)
@permission_required_compat_scodoc7(Permission.AbsAddBillet)
@scodoc7func
def AddBilletAbsence(
begin,
@ -152,7 +152,7 @@ def AddBilletAbsence(
@bp.route("/add_billets_absence_form", methods=["GET", "POST"])
@scodoc
@permission_required(Permission.ScoAbsAddBillet)
@permission_required(Permission.AbsAddBillet)
@scodoc7func
def add_billets_absence_form(etudid):
"""Formulaire ajout billet (pour tests seulement, le vrai
@ -272,7 +272,7 @@ def list_billets():
@bp.route("/delete_billets_absence", methods=["POST", "GET"])
@scodoc
@permission_required(Permission.ScoAbsChange)
@permission_required(Permission.AbsChange)
@scodoc7func
def delete_billets_absence(billet_id, dialog_confirmed=False):
"""Supprime un billet."""
@ -333,7 +333,7 @@ def _ProcessBilletAbsence(
@bp.route("/process_billet_absence_form", methods=["POST", "GET"])
@scodoc
@permission_required(Permission.ScoAbsChange)
@permission_required(Permission.AbsChange)
@scodoc7func
def process_billet_absence_form(billet_id: int):
"""Formulaire traitement d'un billet"""

12
app/views/assiduites.py
View File

@ -157,7 +157,7 @@ class HTMLBuilder:
@bp.route("/")
@bp.route("/BilanDept")
@scodoc
@permission_required(Permission.ScoAbsChange)
@permission_required(Permission.AbsChange)
def bilan_dept():
"""Gestionnaire assiduités, page principale"""
H = [
@ -185,7 +185,7 @@ def bilan_dept():
)
H.append(sco_find_etud.form_search_etud(dest_url="assiduites.bilan_etud"))
if current_user.has_permission(
Permission.ScoAbsChange
Permission.AbsChange
) and sco_preferences.get_preference("handle_billets_abs"):
H.append(
f"""
@ -275,7 +275,7 @@ def bilan_dept():
@bp.route("/SignaleAssiduiteEtud")
@scodoc
@permission_required(Permission.ScoAbsChange)
@permission_required(Permission.AbsChange)
def signal_assiduites_etud():
"""
signal_assiduites_etud Saisie de l'assiduité d'un étudiant
@ -477,7 +477,7 @@ def bilan_etud():
@bp.route("/AjoutJustificatifEtud")
@scodoc
@permission_required(Permission.ScoAbsChange)
@permission_required(Permission.AbsChange)
def ajout_justificatif_etud():
"""
ajout_justificatif_etud : Affichage et création/modification des justificatifs de l'étudiant
@ -579,7 +579,7 @@ def calendrier_etud():
@bp.route("/SignalAssiduiteGr")
@scodoc
@permission_required(Permission.ScoAbsChange)
@permission_required(Permission.AbsChange)
def signal_assiduites_group():
"""
signal_assiduites_group Saisie des assiduités des groupes pour le jour donnée
@ -1016,7 +1016,7 @@ def visu_assi_group():
@bp.route("/SignalAssiduiteDifferee")
@scodoc
@permission_required(Permission.ScoAbsChange)
@permission_required(Permission.AbsChange)
def signal_assiduites_diff():
group_ids: list[int] = request.args.get("group_ids", None)
formsemestre_id: int = request.args.get("formsemestre_id", -1)

2
app/views/but_formation.py
View File

@ -120,7 +120,7 @@ def validation_rcues(
@bp.route("/ue_parcours_ects/<int:ue_id>", methods=["GET", "POST"])
@scodoc
@permission_required(Permission.ScoChangeFormation)
@permission_required(Permission.EditFormation)
def ue_parcours_ects(ue_id: int):
"""formulaire (div) pour associer des ECTS par parcours d'une UE"""
ue: UniteEns = (

158
app/views/notes.py
View File

@ -185,7 +185,7 @@ sco_publish(
sco_publish(
"/formsemestre_createwithmodules",
sco_formsemestre_edit.formsemestre_createwithmodules,
Permission.ScoImplement,
Permission.EditFormSemestre,
methods=["GET", "POST"],
)
@ -200,25 +200,25 @@ sco_publish(
sco_publish(
"/formsemestre_clone",
sco_formsemestre_edit.formsemestre_clone,
Permission.ScoImplement,
Permission.EditFormSemestre,
methods=["GET", "POST"],
)
sco_publish(
"/formsemestre_associate_new_version",
sco_formation_versions.formsemestre_associate_new_version,
Permission.ScoChangeFormation,
Permission.EditFormation,
methods=["GET", "POST"],
)
sco_publish(
"/formsemestre_delete",
sco_formsemestre_edit.formsemestre_delete,
Permission.ScoImplement,
Permission.EditFormSemestre,
methods=["GET", "POST"],
)
sco_publish(
"/formsemestre_delete2",
sco_formsemestre_edit.formsemestre_delete2,
Permission.ScoImplement,
Permission.EditFormSemestre,
methods=["GET", "POST"],
)
sco_publish(
@ -240,7 +240,7 @@ sco_publish(
sco_publish(
"/formsemestres_bulletins",
sco_recapcomplet.formsemestres_bulletins,
Permission.ScoObservateur,
Permission.Observateur,
)
sco_publish(
"/moduleimpl_status", sco_moduleimpl_status.moduleimpl_status, Permission.ScoView
@ -254,19 +254,19 @@ sco_publish(
sco_publish(
"/formation_create",
sco_edit_formation.formation_create,
Permission.ScoChangeFormation,
Permission.EditFormation,
methods=["GET", "POST"],
)
sco_publish(
"/formation_delete",
sco_edit_formation.formation_delete,
Permission.ScoChangeFormation,
Permission.EditFormation,
methods=["GET", "POST"],
)
sco_publish(
"/formation_edit",
sco_edit_formation.formation_edit,
Permission.ScoChangeFormation,
Permission.EditFormation,
methods=["GET", "POST"],
)
@ -332,7 +332,7 @@ def formsemestre_bulletinetud(
version=version,
),
can_edit_appreciations=formsemestre.est_responsable(current_user)
or (current_user.has_permission(Permission.ScoEtudInscrit)),
or (current_user.has_permission(Permission.EtudInscrit)),
etud=etud,
formsemestre=formsemestre,
inscription_courante=etud.inscription_courante(),
@ -429,26 +429,26 @@ sco_publish(
sco_publish(
"/ue_create",
sco_edit_ue.ue_create,
Permission.ScoChangeFormation,
Permission.EditFormation,
methods=["GET", "POST"],
)
sco_publish(
"/ue_delete",
sco_edit_ue.ue_delete,
Permission.ScoChangeFormation,
Permission.EditFormation,
methods=["GET", "POST"],
)
sco_publish(
"/ue_edit",
sco_edit_ue.ue_edit,
Permission.ScoChangeFormation,
Permission.EditFormation,
methods=["GET", "POST"],
)
@bp.route("/set_ue_niveau_competence", methods=["POST"])
@scodoc
@permission_required(Permission.ScoChangeFormation)
@permission_required(Permission.EditFormation)
def set_ue_niveau_competence():
"""Associe UE et niveau.
Si le niveau_id est "", désassocie."""
@ -501,7 +501,7 @@ def ue_infos(ue_id):
@bp.route("/ue_set_internal", methods=["GET", "POST"])
@scodoc
@permission_required(Permission.ScoChangeFormation)
@permission_required(Permission.EditFormation)
@scodoc7func
def ue_set_internal(ue_id):
""""""
@ -541,7 +541,7 @@ def ue_sharing_code():
sco_publish(
"/edit_ue_set_code_apogee",
sco_edit_ue.edit_ue_set_code_apogee,
Permission.ScoChangeFormation,
Permission.EditFormation,
methods=["POST"],
)
sco_publish(
@ -568,48 +568,48 @@ sco_publish(
sco_publish(
"/formation_add_malus_modules",
sco_edit_module.formation_add_malus_modules,
Permission.ScoChangeFormation,
Permission.EditFormation,
)
sco_publish(
"/matiere_create",
sco_edit_matiere.matiere_create,
Permission.ScoChangeFormation,
Permission.EditFormation,
methods=["GET", "POST"],
)
sco_publish(
"/matiere_delete",
sco_edit_matiere.matiere_delete,
Permission.ScoChangeFormation,
Permission.EditFormation,
methods=["GET", "POST"],
)
sco_publish(
"/matiere_edit",
sco_edit_matiere.matiere_edit,
Permission.ScoChangeFormation,
Permission.EditFormation,
methods=["GET", "POST"],
)
sco_publish(
"/module_create",
sco_edit_module.module_create,
Permission.ScoChangeFormation,
Permission.EditFormation,
methods=["GET", "POST"],
)
sco_publish(
"/module_delete",
sco_edit_module.module_delete,
Permission.ScoChangeFormation,
Permission.EditFormation,
methods=["GET", "POST"],
)
sco_publish(
"/module_edit",
sco_edit_module.module_edit,
Permission.ScoChangeFormation,
Permission.EditFormation,
methods=["GET", "POST"],
)
sco_publish(
"/edit_module_set_code_apogee",
sco_edit_module.edit_module_set_code_apogee,
Permission.ScoChangeFormation,
Permission.EditFormation,
methods=["GET", "POST"],
)
sco_publish("/module_list", sco_edit_module.module_table, Permission.ScoView)
@ -618,7 +618,7 @@ sco_publish("/module_tag_search", sco_tag_module.module_tag_search, Permission.S
@bp.route("/module_tag_set", methods=["POST"])
@scodoc
@permission_required(Permission.ScoEditFormationTags)
@permission_required(Permission.EditFormationTags)
def module_tag_set():
"""Set tags on module"""
module_id = int(request.form.get("module_id"))
@ -628,7 +628,7 @@ def module_tag_set():
@bp.route("/module_clone", methods=["POST"])
@scodoc
@permission_required(Permission.ScoChangeFormation)
@permission_required(Permission.EditFormation)
def module_clone():
"""Clone existing module"""
module_id = int(request.form.get("module_id"))
@ -656,7 +656,7 @@ def module_clone():
def index_html():
"Page accueil formations"
editable = current_user.has_permission(Permission.ScoChangeFormation)
editable = current_user.has_permission(Permission.EditFormation)
H = [
html_sco_header.sco_header(page_title="Programmes formations"),
@ -735,7 +735,7 @@ def formation_export(formation_id, export_ids=False, fmt=None, export_codes_apo=
@bp.route("/formation_import_xml_form", methods=["GET", "POST"])
@scodoc
@permission_required(Permission.ScoChangeFormation)
@permission_required(Permission.EditFormation)
@scodoc7func
def formation_import_xml_form():
"form import d'une formation en XML"
@ -790,7 +790,7 @@ def formation_import_xml_form():
# sco_publish(
# "/formation_create_new_version",
# sco_formations.formation_create_new_version,
# Permission.ScoChangeFormation,
# Permission.EditFormation,
# )
# --- UE
@ -800,15 +800,13 @@ sco_publish(
Permission.ScoView,
)
sco_publish(
"/module_move", sco_edit_formation.module_move, Permission.ScoChangeFormation
)
sco_publish("/ue_move", sco_edit_formation.ue_move, Permission.ScoChangeFormation)
sco_publish("/module_move", sco_edit_formation.module_move, Permission.EditFormation)
sco_publish("/ue_move", sco_edit_formation.ue_move, Permission.EditFormation)
@bp.route("/ue_clone", methods=["POST"])
@scodoc
@permission_required(Permission.ScoChangeFormation)
@permission_required(Permission.EditFormation)
def ue_clone():
"""Clone existing UE"""
ue_id = int(request.form.get("ue_id"))
@ -1380,12 +1378,12 @@ def edit_enseignants_form_delete(moduleimpl_id, ens_id: int):
# sco_publish(
# "/do_formsemestre_inscription_create",
# sco_formsemestre_inscriptions.do_formsemestre_inscription_create,
# Permission.ScoEtudInscrit,
# Permission.EtudInscrit,
# )
# sco_publish(
# "/do_formsemestre_inscription_edit",
# sco_formsemestre_inscriptions.do_formsemestre_inscription_edit,
# Permission.ScoEtudInscrit,
# Permission.EtudInscrit,
# )
sco_publish(
@ -1409,7 +1407,7 @@ def do_formsemestre_inscription_listinscrits(formsemestre_id, fmt=None):
@bp.route("/formsemestre_desinscription", methods=["GET", "POST"])
@scodoc
@permission_required(Permission.ScoImplement)
@permission_required(Permission.EditFormSemestre)
@scodoc7func
def formsemestre_desinscription(etudid, formsemestre_id, dialog_confirmed=False):
"""désinscrit l'etudiant de ce semestre (et donc de tous les modules).
@ -1493,7 +1491,7 @@ def formsemestre_desinscription(etudid, formsemestre_id, dialog_confirmed=False)
sco_publish(
"/do_formsemestre_desinscription",
sco_formsemestre_inscriptions.do_formsemestre_desinscription,
Permission.ScoEtudInscrit,
Permission.EtudInscrit,
methods=["GET", "POST"],
)
@ -1503,7 +1501,7 @@ sco_publish(
methods=["GET", "POST"],
)
@scodoc
@permission_required(Permission.ScoEtudInscrit)
@permission_required(Permission.EtudInscrit)
def etud_desinscrit_ue(etudid, formsemestre_id, ue_id):
"""
- En classique: désinscrit l'etudiant de tous les modules de cette UE dans ce semestre.
@ -1551,7 +1549,7 @@ def etud_desinscrit_ue(etudid, formsemestre_id, ue_id):
methods=["GET", "POST"],
)
@scodoc
@permission_required(Permission.ScoEtudInscrit)
@permission_required(Permission.EtudInscrit)
def etud_inscrit_ue(etudid, formsemestre_id, ue_id):
"""
En classic: inscrit l'étudiant à tous les modules de cette UE dans ce semestre.
@ -1592,28 +1590,28 @@ def etud_inscrit_ue(etudid, formsemestre_id, ue_id):
sco_publish(
"/formsemestre_inscription_with_modules_form",
sco_formsemestre_inscriptions.formsemestre_inscription_with_modules_form,
Permission.ScoEtudInscrit,
Permission.EtudInscrit,
)
sco_publish(
"/formsemestre_inscription_with_modules_etud",
sco_formsemestre_inscriptions.formsemestre_inscription_with_modules_etud,
Permission.ScoEtudInscrit,
Permission.EtudInscrit,
)
sco_publish(
"/formsemestre_inscription_with_modules",
sco_formsemestre_inscriptions.formsemestre_inscription_with_modules,
Permission.ScoEtudInscrit,
Permission.EtudInscrit,
)
sco_publish(
"/formsemestre_inscription_option",
sco_formsemestre_inscriptions.formsemestre_inscription_option,
Permission.ScoEtudInscrit,
Permission.EtudInscrit,
methods=["GET", "POST"],
)
sco_publish(
"/do_moduleimpl_incription_options",
sco_formsemestre_inscriptions.do_moduleimpl_incription_options,
Permission.ScoEtudInscrit,
Permission.EtudInscrit,
)
sco_publish(
"/formsemestre_inscrits_ailleurs",
@ -1623,7 +1621,7 @@ sco_publish(
sco_publish(
"/moduleimpl_inscriptions_edit",
sco_moduleimpl_inscriptions.moduleimpl_inscriptions_edit,
Permission.ScoEtudInscrit,
Permission.EtudInscrit,
methods=["GET", "POST"],
)
sco_publish(
@ -1638,7 +1636,7 @@ sco_publish(
@bp.route("/evaluation_delete", methods=["GET", "POST"])
@scodoc
@permission_required(Permission.ScoEnsView)
@permission_required(Permission.EnsView)
@scodoc7func
def evaluation_delete(evaluation_id):
"""Form delete evaluation"""
@ -1727,7 +1725,7 @@ def evaluation_delete(evaluation_id):
@bp.route("/evaluation_edit", methods=["GET", "POST"])
@scodoc
@permission_required(Permission.ScoEnsView)
@permission_required(Permission.EnsView)
@scodoc7func
def evaluation_edit(evaluation_id):
"form edit evaluation"
@ -1738,7 +1736,7 @@ def evaluation_edit(evaluation_id):
@bp.route("/evaluation_create", methods=["GET", "POST"])
@scodoc
@permission_required(Permission.ScoEnsView)
@permission_required(Permission.EnsView)
@scodoc7func
def evaluation_create(moduleimpl_id):
"form create evaluation"
@ -1816,7 +1814,7 @@ sco_publish(
sco_publish(
"/placement_eval_selectetuds",
sco_placement.placement_eval_selectetuds,
Permission.ScoEnsView,
Permission.EnsView,
methods=["GET", "POST"],
)
@ -1824,19 +1822,19 @@ sco_publish(
sco_publish(
"/saisie_notes_tableur",
sco_saisie_notes.saisie_notes_tableur,
Permission.ScoEnsView,
Permission.EnsView,
methods=["GET", "POST"],
)
sco_publish(
"/feuille_saisie_notes",
sco_saisie_notes.feuille_saisie_notes,
Permission.ScoEnsView,
Permission.EnsView,
)
sco_publish("/saisie_notes", sco_saisie_notes.saisie_notes, Permission.ScoEnsView)
sco_publish("/saisie_notes", sco_saisie_notes.saisie_notes, Permission.EnsView)
sco_publish(
"/do_evaluation_set_missing",
sco_saisie_notes.do_evaluation_set_missing,
Permission.ScoEnsView,
Permission.EnsView,
methods=["GET", "POST"],
)
sco_publish(
@ -2045,7 +2043,7 @@ sco_publish(
@bp.route("/appreciation_add_form", methods=["GET", "POST"])
@scodoc
@permission_required(Permission.ScoEnsView)
@permission_required(Permission.EnsView)
@scodoc7func
def appreciation_add_form(
etudid=None,
@ -2073,7 +2071,7 @@ def appreciation_add_form(
formsemestre: FormSemestre = FormSemestre.query.get_or_404(formsemestre_id)
# check custom access permission
can_edit_app = formsemestre.est_responsable(current_user) or (
current_user.has_permission(Permission.ScoEtudInscrit)
current_user.has_permission(Permission.EtudInscrit)
)
if not can_edit_app:
raise AccessDenied("vous n'avez pas le droit d'ajouter une appreciation")
@ -2888,7 +2886,7 @@ def formsemestre_jury_but_erase(formsemestre_id: int, etudid: int = None):
methods=["GET", "POST"],
)
@scodoc
@permission_required(Permission.ScoEtudInscrit)
@permission_required(Permission.EtudInscrit)
def erase_decisions_annee_formation(etudid: int, formation_id: int, annee: int):
"""Efface toute les décisions d'une année pour cet étudiant"""
etud: Identite = Identite.query.get_or_404(etudid)
@ -2932,7 +2930,7 @@ def erase_decisions_annee_formation(etudid: int, formation_id: int, annee: int):
methods=["GET", "POST"],
)
@scodoc
@permission_required(Permission.ScoEtudInscrit)
@permission_required(Permission.EtudInscrit)
def jury_delete_manual(etudid: int):
"""Efface toute les décisions d'une année pour cet étudiant"""
etud: Identite = Identite.query.get_or_404(etudid)
@ -2978,46 +2976,46 @@ sco_publish(
sco_archives.formsemestre_get_archived_file,
Permission.ScoView,
)
sco_publish("/view_apo_csv", sco_etape_apogee_view.view_apo_csv, Permission.ScoEditApo)
sco_publish("/view_apo_csv", sco_etape_apogee_view.view_apo_csv, Permission.EditApogee)
sco_publish(
"/view_apo_csv_store",
sco_etape_apogee_view.view_apo_csv_store,
Permission.ScoEditApo,
Permission.EditApogee,
methods=["GET", "POST"],
)
sco_publish(
"/view_apo_csv_download_and_store",
sco_etape_apogee_view.view_apo_csv_download_and_store,
Permission.ScoEditApo,
Permission.EditApogee,
methods=["GET", "POST"],
)
sco_publish(
"/view_apo_csv_delete",
sco_etape_apogee_view.view_apo_csv_delete,
Permission.ScoEditApo,
Permission.EditApogee,
methods=["GET", "POST"],
)
sco_publish(
"/view_scodoc_etuds", sco_etape_apogee_view.view_scodoc_etuds, Permission.ScoEditApo
"/view_scodoc_etuds", sco_etape_apogee_view.view_scodoc_etuds, Permission.EditApogee
)
sco_publish(
"/view_apo_etuds", sco_etape_apogee_view.view_apo_etuds, Permission.ScoEditApo
"/view_apo_etuds", sco_etape_apogee_view.view_apo_etuds, Permission.EditApogee
)
sco_publish(
"/apo_semset_maq_status",
sco_etape_apogee_view.apo_semset_maq_status,
Permission.ScoEditApo,
Permission.EditApogee,
)
sco_publish(
"/apo_csv_export_results",
sco_etape_apogee_view.apo_csv_export_results,
Permission.ScoEditApo,
Permission.EditApogee,
)
@bp.route("/formsemestre_set_apo_etapes", methods=["POST"])
@scodoc
@permission_required(Permission.ScoEditApo)
@permission_required(Permission.EditApogee)
def formsemestre_set_apo_etapes():
"""Change les codes étapes du semestre indiqué.
Args: oid=formsemestre_id, value=chaine "V1RT, V1RT2", codes séparés par des virgules
@ -3046,7 +3044,7 @@ def formsemestre_set_apo_etapes():
@bp.route("/formsemestre_set_elt_annee_apo", methods=["POST"])
@scodoc
@permission_required(Permission.ScoEditApo)
@permission_required(Permission.EditApogee)
def formsemestre_set_elt_annee_apo():
"""Change les codes étapes du semestre indiqué.
Args: oid=formsemestre_id, value=chaine "V3ONM, V3ONM1, V3ONM2", codes séparés par des virgules
@ -3067,7 +3065,7 @@ def formsemestre_set_elt_annee_apo():
@bp.route("/formsemestre_set_elt_sem_apo", methods=["POST"])
@scodoc
@permission_required(Permission.ScoEditApo)
@permission_required(Permission.EditApogee)
def formsemestre_set_elt_sem_apo():
"""Change les codes étapes du semestre indiqué.
Args: oid=formsemestre_id, value=chaine "V3ONM, V3ONM1, V3ONM2", codes séparés par des virgules
@ -3088,7 +3086,7 @@ def formsemestre_set_elt_sem_apo():
@bp.route("/ue_set_apo", methods=["POST"])
@scodoc
@permission_required(Permission.ScoEditApo)
@permission_required(Permission.EditApogee)
def ue_set_apo():
"""Change le code APO de l'UE
Args: oid=ue_id, value=chaine "VRTU12" (1 seul code / UE)
@ -3109,7 +3107,7 @@ def ue_set_apo():
@bp.route("/module_set_apo", methods=["POST"])
@scodoc
@permission_required(Permission.ScoEditApo)
@permission_required(Permission.EditApogee)
def module_set_apo():
"""Change le code APO du module
Args: oid=ue_id, value=chaine "VRTU12" (1 seul code / UE)
@ -3130,35 +3128,35 @@ def module_set_apo():
# sco_semset
sco_publish("/semset_page", sco_semset.semset_page, Permission.ScoEditApo)
sco_publish("/semset_page", sco_semset.semset_page, Permission.EditApogee)
sco_publish(
"/do_semset_create",
sco_semset.do_semset_create,
Permission.ScoEditApo,
Permission.EditApogee,
methods=["GET", "POST"],
)
sco_publish(
"/do_semset_delete",
sco_semset.do_semset_delete,
Permission.ScoEditApo,
Permission.EditApogee,
methods=["GET", "POST"],
)
sco_publish(
"/edit_semset_set_title",
sco_semset.edit_semset_set_title,
Permission.ScoEditApo,
Permission.EditApogee,
methods=["GET", "POST"],
)
sco_publish(
"/do_semset_add_sem",
sco_semset.do_semset_add_sem,
Permission.ScoEditApo,
Permission.EditApogee,
methods=["GET", "POST"],
)
sco_publish(
"/do_semset_remove_sem",
sco_semset.do_semset_remove_sem,
Permission.ScoEditApo,
Permission.EditApogee,
methods=["GET", "POST"],
)
@ -3166,7 +3164,7 @@ sco_publish(
sco_publish(
"/scodoc_table_results",
sco_export_results.scodoc_table_results,
Permission.ScoEditApo,
Permission.EditApogee,
)
sco_publish(
@ -3186,7 +3184,7 @@ sco_publish(
sco_publish(
"/formsemestre_inscr_passage",
sco_inscr_passage.formsemestre_inscr_passage,
Permission.ScoEtudInscrit,
Permission.EtudInscrit,
methods=["GET", "POST"],
)
sco_publish(
@ -3258,7 +3256,7 @@ sco_publish(
@bp.route("/check_sem_integrity")
@scodoc
@permission_required(Permission.ScoImplement)
@permission_required(Permission.EditFormSemestre)
@scodoc7func
def check_sem_integrity(formsemestre_id, fix=False):
"""Debug.

2
app/views/notes_formsemestre.py
View File

@ -48,7 +48,7 @@ from app.views import ScoData
"/formsemestre_change_formation/<int:formsemestre_id>", methods=["GET", "POST"]
)
@scodoc
@permission_required(Permission.ScoImplement)
@permission_required(Permission.EditFormSemestre)
def formsemestre_change_formation(formsemestre_id: int):
"""Propose de changer un formsemestre de formation.
Cette opération est bien sûr impossible... sauf si les deux formations sont identiques.

4
app/views/pn_modules.py
View File

@ -149,7 +149,7 @@ def table_modules_ue_coefs(formation_id, semestre_idx=None, parcours_id: int = N
@bp.route("/set_module_ue_coef", methods=["POST"])
@scodoc
@permission_required(Permission.ScoChangeFormation)
@permission_required(Permission.EditFormation)
def set_module_ue_coef():
"""Set coef from module to UE"""
try:
@ -234,7 +234,7 @@ def edit_modules_ue_coefs():
scodoc_dept=g.scodoc_dept,
),
read_only=locked
or not current_user.has_permission(Permission.ScoChangeFormation),
or not current_user.has_permission(Permission.EditFormation),
semestre_idx=semestre_idx,
semestre_ids=range(1, formation.get_cursus().NB_SEM + 1),
parcours_id=parcours_id,

10
app/views/refcomp.py
View File

@ -63,7 +63,7 @@ def refcomp_show(refcomp_id):
@bp.route("/referentiel/comp/delete/<int:refcomp_id>", methods=["GET", "POST"])
@scodoc
@permission_required(Permission.ScoChangeFormation)
@permission_required(Permission.EditFormation)
def refcomp_delete(refcomp_id):
"""Suppression du référentiel de la base. Le fichier source n'est pas affecté."""
ref = ApcReferentielCompetences.query.get_or_404(refcomp_id)
@ -80,7 +80,7 @@ def refcomp_table():
"""Liste html des ref. comp. chargés dans ce département"""
refs = ApcReferentielCompetences.query.filter_by(dept_id=g.scodoc_dept_id)
columns_ids = ("type_titre", "specialite_long", "version", "json", "nb_formations")
if current_user.has_permission(Permission.ScoChangeFormation):
if current_user.has_permission(Permission.EditFormation):
columns_ids = ("suppr",) + columns_ids
suppr_icon = scu.icontag(
"delete_small_img", border="0", alt="supprimer", title="Supprimer"
@ -128,7 +128,7 @@ def refcomp_table():
"/referentiel/comp/assoc_formation/<int:formation_id>", methods=["GET", "POST"]
)
@scodoc
@permission_required(Permission.ScoChangeFormation)
@permission_required(Permission.EditFormation)
def refcomp_assoc_formation(formation_id: int):
"""Formulaire association ref. compétence"""
formation = Formation.query.get_or_404(formation_id)
@ -173,7 +173,7 @@ def refcomp_assoc_formation(formation_id: int):
@bp.route("/referentiel/comp/desassoc_formation/<int:formation_id>", methods=["GET"])
@scodoc
@permission_required(Permission.ScoChangeFormation)
@permission_required(Permission.EditFormation)
def refcomp_desassoc_formation(formation_id: int):
"""Désassocie la formation de son ref. de compétence"""
formation: Formation = Formation.query.get_or_404(formation_id)
@ -188,7 +188,7 @@ def refcomp_desassoc_formation(formation_id: int):
)
@bp.route("/referentiel/comp/load/<int:formation_id>", methods=["GET", "POST"])
@scodoc
@permission_required(Permission.ScoChangeFormation)
@permission_required(Permission.EditFormation)
def refcomp_load(formation_id=None):
"""Formulaire association ref. compétence"""
if formation_id is not None:

84
app/views/scodoc.py
View File

@ -60,12 +60,15 @@ from app.decorators import (
scodoc7func,
scodoc,
)
from app.forms.generic import SimpleConfirmationForm
from app.forms.main import config_logos, config_main
from app.forms.main.config_assiduites import ConfigAssiduitesForm
from app.forms.main.config_apo import CodesDecisionsForm
from app.forms.main.config_cas import ConfigCASForm
from app.forms.main.config_personalized_links import PersonalizedLinksForm
from app.forms.main.create_dept import CreateDeptForm
from app.forms.main.role_create import CreateRoleForm
from app import models
from app.models import (
Departement,
@ -85,6 +88,7 @@ from app.scodoc import sco_utils as scu
from app.scodoc.sco_exceptions import AccessDenied, ScoValueError
from app.scodoc.sco_permissions import Permission
from app.scodoc.sco_roles_default import SCO_ROLES_DEFAULTS
from app.views import scodoc_bp as bp
import sco_version
@ -151,10 +155,88 @@ def config_roles():
permissions_names = sorted(Permission.permission_by_value.values())
roles = Role.query.order_by(Role.name).all()
return render_template(
"role_editor.j2",
"scodoc/role_editor.j2",
Permission=Permission,
permissions_names=permissions_names,
roles=roles,
SCO_ROLES_DEFAULTS=SCO_ROLES_DEFAULTS,
)
@bp.route("/ScoDoc/permission_info/<string:perm_name>")
@admin_required
def permission_info(perm_name: str):
"""Infos sur une permission"""
permission = Permission.get_by_name(perm_name)
if permission is None:
raise ScoValueError("permission_info: permission inconnue")
return render_template(
"scodoc/permission_info.j2",
permission=permission,
permission_name=perm_name,
Permission=Permission,
)
@bp.route("/ScoDoc/role_info/<string:role_name>")
@admin_required
def role_info(role_name: str):
"""Infos sur un rôle"""
role = Role.query.filter_by(name=role_name).first_or_404()
return render_template(
"scodoc/role_info.j2", role=role, SCO_ROLES_DEFAULTS=SCO_ROLES_DEFAULTS
)
@bp.route("/ScoDoc/role_create", methods=["GET", "POST"])
@admin_required
def role_create():
"""Création d'un nouveau rôle"""
form = CreateRoleForm()
dest_url = url_for("scodoc.config_roles")
if request.method == "POST" and form.cancel.data:
return redirect(dest_url)
if form.validate_on_submit():
role_name = form.name.data.strip()
role: Role = Role.query.filter_by(name=role_name).first()
if role:
raise ScoValueError("Un rôle du même nom existe déjà", dest_url=dest_url)
role = Role(name=role_name)
db.session.add(role)
db.session.commit()
flash(f"Rôle {role_name} créé")
return redirect(dest_url)
roles = Role.query.order_by(Role.name).all()
return render_template(
"scodoc/role_create.j2", form=form, roles_names=[role.name for role in roles]
)
@bp.route("/ScoDoc/role_delete/<string:role_name>", methods=["GET", "POST"])
@admin_required
def role_delete(role_name: str):
"""Suppression d'un rôle"""
role = Role.query.filter_by(name=role_name).first_or_404()
# Ne permet de supprimer les rôles standards (on peut le faire via la ligne de commande ou l'API)
if role.name in SCO_ROLES_DEFAULTS:
raise ScoValueError(
f"Le rôle {role_name} est standard et ne peux pas être supprimé ici."
)
form = SimpleConfirmationForm()
if request.method == "POST" and form.cancel.data:
return redirect(url_for("scodoc.config_roles"))
if form.validate_on_submit():
db.session.delete(role)
db.session.commit()
flash(f"Rôle {role_name} supprimé")
return redirect(url_for("scodoc.config_roles"))
return render_template(
"form_confirmation.j2",
title=f"Supprimer le rôle {role_name} ?",
form=form,
info_message="""<p>Cette suppression est irréversible.</p>""",
)

64
app/views/scolar.py
View File

@ -130,7 +130,7 @@ def sco_publish(route, function, permission, methods=["GET"]):
@bp.route("/edit_preferences", methods=["GET", "POST"])
@scodoc
@permission_required(Permission.ScoChangePreferences)
@permission_required(Permission.EditPreferences)
@scodoc7func
def edit_preferences():
"""Edit global preferences (lien "Paramétrage" département)"""
@ -145,7 +145,7 @@ def formsemestre_edit_preferences(formsemestre_id):
"""Edit preferences for a semestre"""
sem = sco_formsemestre.get_formsemestre(formsemestre_id)
ok = (
current_user.has_permission(Permission.ScoImplement)
current_user.has_permission(Permission.EditFormSemestre)
or ((current_user.id in sem["responsables"]) and sem["resp_can_edit"])
) and (sem["etat"])
if ok:
@ -196,7 +196,7 @@ class DeptLogosConfigurationForm(FlaskForm):
# @bp.route("/config_logos", methods=["GET", "POST"])
# @permission_required(Permission.ScoChangePreferences)
# @permission_required(Permission.EditPreferences)
# def config_logos(scodoc_dept):
# "Panneau de configuration général"
# form = DeptLogosConfigurationForm()
@ -256,7 +256,7 @@ class DeptLogosConfigurationForm(FlaskForm):
# @bp.route("/config_logos", methods=["GET", "POST"])
# @permission_required(Permission.ScoChangePreferences)
# @permission_required(Permission.EditPreferences)
# def config_logos(scodoc_dept):
# "Panneau de configuration général"
# form = DeptLogosConfigurationForm()
@ -661,25 +661,25 @@ sco_publish(
sco_publish(
"/itemsuivi_suppress",
sco_debouche.itemsuivi_suppress,
Permission.ScoEtudChangeAdr,
Permission.EtudChangeAdr,
methods=["GET", "POST"],
)
sco_publish(
"/itemsuivi_create",
sco_debouche.itemsuivi_create,
Permission.ScoEtudChangeAdr,
Permission.EtudChangeAdr,
methods=["GET", "POST"],
)
sco_publish(
"/itemsuivi_set_date",
sco_debouche.itemsuivi_set_date,
Permission.ScoEtudChangeAdr,
Permission.EtudChangeAdr,
methods=["GET", "POST"],
)
sco_publish(
"/itemsuivi_set_situation",
sco_debouche.itemsuivi_set_situation,
Permission.ScoEtudChangeAdr,
Permission.EtudChangeAdr,
methods=["GET", "POST"],
)
sco_publish(
@ -692,14 +692,14 @@ sco_publish(
sco_publish(
"/itemsuivi_tag_set",
sco_debouche.itemsuivi_tag_set,
Permission.ScoEtudChangeAdr,
Permission.EtudChangeAdr,
methods=["GET", "POST"],
)
@bp.route("/doAddAnnotation", methods=["GET", "POST"])
@scodoc
@permission_required(Permission.ScoEtudAddAnnotations)
@permission_required(Permission.EtudAddAnnotations)
@scodoc7func
def doAddAnnotation(etudid, comment):
"ajoute annotation sur etudiant"
@ -750,7 +750,7 @@ def doSuppressAnnotation(etudid, annotation_id):
@bp.route("/form_change_coordonnees", methods=["GET", "POST"])
@scodoc
@permission_required(Permission.ScoEtudChangeAdr)
@permission_required(Permission.EtudChangeAdr)
@scodoc7func
def form_change_coordonnees(etudid):
"edit coordonnees etudiant"
@ -1014,7 +1014,7 @@ def etud_photo_orig_page(etudid=None):
@bp.route("/form_change_photo", methods=["GET", "POST"])
@scodoc
@permission_required(Permission.ScoEtudChangeAdr)
@permission_required(Permission.EtudChangeAdr)
@scodoc7func
def form_change_photo(etudid=None):
"""Formulaire changement photo étudiant"""
@ -1077,7 +1077,7 @@ def form_change_photo(etudid=None):
@bp.route("/form_suppress_photo", methods=["POST", "GET"])
@scodoc
@permission_required(Permission.ScoEtudChangeAdr)
@permission_required(Permission.EtudChangeAdr)
@scodoc7func
def form_suppress_photo(etudid=None, dialog_confirmed=False):
"""Formulaire suppression photo étudiant"""
@ -1102,7 +1102,7 @@ def form_suppress_photo(etudid=None, dialog_confirmed=False):
#
@bp.route("/form_dem")
@scodoc
@permission_required(Permission.ScoEtudInscrit)
@permission_required(Permission.EtudInscrit)
@scodoc7func
def form_dem(etudid, formsemestre_id):
"Formulaire Démission Etudiant"
@ -1116,7 +1116,7 @@ def form_dem(etudid, formsemestre_id):
@bp.route("/form_def")
@scodoc
@permission_required(Permission.ScoEtudInscrit)
@permission_required(Permission.EtudInscrit)
@scodoc7func
def form_def(etudid, formsemestre_id):
"Formulaire Défaillance Etudiant"
@ -1174,7 +1174,7 @@ def _form_dem_of_def(
@bp.route("/do_dem_etudiant")
@scodoc
@permission_required(Permission.ScoEtudInscrit)
@permission_required(Permission.EtudInscrit)
@scodoc7func
def do_dem_etudiant(etudid, formsemestre_id, event_date=None):
"Déclare la démission d'un etudiant dans le semestre"
@ -1190,7 +1190,7 @@ def do_dem_etudiant(etudid, formsemestre_id, event_date=None):
@bp.route("/do_def_etudiant")
@scodoc
@permission_required(Permission.ScoEtudInscrit)
@permission_required(Permission.EtudInscrit)
@scodoc7func
def do_def_etudiant(etudid, formsemestre_id, event_date=None):
"Déclare la défaillance d'un etudiant dans le semestre"
@ -1230,7 +1230,7 @@ def _do_dem_or_def_etud(
@bp.route("/do_cancel_dem", methods=["GET", "POST"])
@scodoc
@permission_required(Permission.ScoEtudInscrit)
@permission_required(Permission.EtudInscrit)
@scodoc7func
def do_cancel_dem(etudid, formsemestre_id, dialog_confirmed=False, args=None):
"Annule une démission"
@ -1249,7 +1249,7 @@ def do_cancel_dem(etudid, formsemestre_id, dialog_confirmed=False, args=None):
@bp.route("/do_cancel_def", methods=["GET", "POST"])
@scodoc
@permission_required(Permission.ScoEtudInscrit)
@permission_required(Permission.EtudInscrit)
@scodoc7func
def do_cancel_def(etudid, formsemestre_id, dialog_confirmed=False, args=None):
"Annule la défaillance de l'étudiant"
@ -1326,7 +1326,7 @@ def _do_cancel_dem_or_def(
@bp.route("/etudident_create_form", methods=["GET", "POST"])
@scodoc
@permission_required(Permission.ScoEtudInscrit)
@permission_required(Permission.EtudInscrit)
@scodoc7func
def etudident_create_form():
"formulaire creation individuelle etudiant"
@ -1335,7 +1335,7 @@ def etudident_create_form():
@bp.route("/etudident_edit_form", methods=["GET", "POST"])
@scodoc
@permission_required(Permission.ScoEtudInscrit)
@permission_required(Permission.EtudInscrit)
@scodoc7func
def etudident_edit_form():
"formulaire edition individuelle etudiant"
@ -1778,7 +1778,7 @@ def _etudident_create_or_edit_form(edit):
@scodoc
@permission_required(
Permission.ScoView
) # il faut aussi ScoEtudInscrit dans le nouveau dept
) # il faut aussi EtudInscrit dans le nouveau dept
def etud_copy_in_other_dept(etudid: int):
"""Crée une copie de l'étudiant (avec ses adresses et codes) dans un autre département
et l'inscrit à un formsemestre
@ -1797,7 +1797,7 @@ def etud_copy_in_other_dept(etudid: int):
abort(404, description="formsemestre_id invalide")
formsemestre: FormSemestre = FormSemestre.query.get_or_404(formsemestre_id)
if not current_user.has_permission(
Permission.ScoEtudInscrit, formsemestre.departement.acronym
Permission.EtudInscrit, formsemestre.departement.acronym
):
raise ScoPermissionDenied("non autorisé")
new_etud = etud.clone(new_dept_id=formsemestre.dept_id)
@ -1827,7 +1827,7 @@ def etud_copy_in_other_dept(etudid: int):
departements = {
dept.id: dept
for dept in Departement.query.order_by(Departement.acronym)
if current_user.has_permission(Permission.ScoEtudInscrit, dept.acronym)
if current_user.has_permission(Permission.EtudInscrit, dept.acronym)
and dept.id != etud.dept_id
}
formsemestres_by_dept = {
@ -1847,7 +1847,7 @@ def etud_copy_in_other_dept(etudid: int):
@bp.route("/etudident_delete", methods=["GET", "POST"])
@scodoc
@permission_required(Permission.ScoEtudInscrit)
@permission_required(Permission.EtudInscrit)
@scodoc7func
def etudident_delete(etudid, dialog_confirmed=False):
"Delete a student"
@ -1921,7 +1921,7 @@ def etudident_delete(etudid, dialog_confirmed=False):
@bp.route("/check_group_apogee")
@scodoc
@permission_required(Permission.ScoEtudInscrit)
@permission_required(Permission.EtudInscrit)
@scodoc7func
def check_group_apogee(group_id, etat=None, fix=False, fixmail=False):
"""Verification des codes Apogee et mail de tout un groupe.
@ -2067,7 +2067,7 @@ def check_group_apogee(group_id, etat=None, fix=False, fixmail=False):
@bp.route("/form_students_import_excel", methods=["GET", "POST"])
@scodoc
@permission_required(Permission.ScoEtudInscrit)
@permission_required(Permission.EtudInscrit)
@scodoc7func
def form_students_import_excel(formsemestre_id=None):
"formulaire import xls"
@ -2209,7 +2209,7 @@ Les champs avec un astérisque (*) doivent être présents (nulls non autorisés
@bp.route("/import_generate_excel_sample")
@scodoc
@permission_required(Permission.ScoEtudInscrit)
@permission_required(Permission.EtudInscrit)
@scodoc7func
def import_generate_excel_sample(with_codesemestre="1"):
"une feuille excel pour importation etudiants"
@ -2256,7 +2256,7 @@ def form_students_import_infos_admissions(formsemestre_id=None):
"formulaire import xls"
authuser = current_user
F = html_sco_header.sco_footer()
if not authuser.has_permission(Permission.ScoEtudInscrit):
if not authuser.has_permission(Permission.EtudInscrit):
# autorise juste l'export
H = [
html_sco_header.sco_header(
@ -2356,7 +2356,7 @@ def form_students_import_infos_admissions(formsemestre_id=None):
@bp.route("/formsemestre_import_etud_admission")
@scodoc
@permission_required(Permission.ScoEtudChangeAdr)
@permission_required(Permission.EtudChangeAdr)
@scodoc7func
def formsemestre_import_etud_admission(formsemestre_id, import_email=True):
"""Reimporte donnees admissions par synchro Portail Apogée"""
@ -2392,13 +2392,13 @@ def formsemestre_import_etud_admission(formsemestre_id, import_email=True):
sco_publish(
"/photos_import_files_form",
sco_trombino.photos_import_files_form,
Permission.ScoEtudChangeAdr,
Permission.EtudChangeAdr,
methods=["GET", "POST"],
)
sco_publish(
"/photos_generate_excel_sample",
sco_trombino.photos_generate_excel_sample,
Permission.ScoEtudChangeAdr,
Permission.EtudChangeAdr,
)

22
app/views/users.py
View File

@ -133,7 +133,7 @@ class Mode(IntEnum):
@bp.route("/")
@bp.route("/index_html")
@scodoc
@permission_required(Permission.ScoUsersView)
@permission_required(Permission.UsersView)
@scodoc7func
def index_html(
all_depts=False, having_role_name: str = "", with_inactives=False, fmt="html"
@ -151,7 +151,7 @@ def _get_administrable_depts() -> list[str]:
"""Liste des acronymes des départements dans lesquels l'utilisateur
courant peut administrer des utilisateurs.
Si SuperAdmin, tous les départements
Sinon, les départements dans lesquels l'utilisateur a la permission ScoUsersAdmin
Sinon, les départements dans lesquels l'utilisateur a la permission UsersAdmin
"""
#
if current_user.is_administrator():
@ -161,7 +161,7 @@ def _get_administrable_depts() -> list[str]:
)
else:
administrable_dept_acronyms = current_user.get_depts_with_permission(
Permission.ScoUsersAdmin
Permission.UsersAdmin
)
if None in administrable_dept_acronyms:
administrable_dept_acronyms = sorted(
@ -209,7 +209,7 @@ def _get_editable_roles(
@bp.route("/create_user_form", methods=["GET", "POST"])
@scodoc
@permission_required(Permission.ScoUsersAdmin)
@permission_required(Permission.UsersAdmin)
@scodoc7func
def create_user_form(user_name=None, edit=0, all_roles=True):
"form. création ou édition utilisateur"
@ -415,7 +415,7 @@ def create_user_form(user_name=None, edit=0, all_roles=True):
"size": 36,
"allow_null": True,
"readonly": not cas_enabled
or not current_user.has_permission(Permission.ScoUsersChangeCASId),
or not current_user.has_permission(Permission.UsersChangeCASId),
},
),
(
@ -596,7 +596,7 @@ def create_user_form(user_name=None, edit=0, all_roles=True):
# empeche modification des paramètres CAS
vals.pop("cas_allow_login", None)
vals.pop("cas_allow_scodoc_login", None)
if not current_user.has_permission(Permission.ScoUsersChangeCASId):
if not current_user.has_permission(Permission.UsersChangeCASId):
vals.pop("cas_id", None)
if "edit" in vals:
edit = int(vals["edit"])
@ -778,7 +778,7 @@ def create_user_form(user_name=None, edit=0, all_roles=True):
@bp.route("/import_users_generate_excel_sample")
@scodoc
@permission_required(Permission.ScoUsersAdmin)
@permission_required(Permission.UsersAdmin)
@scodoc7func
def import_users_generate_excel_sample():
"une feuille excel pour importation utilisateurs"
@ -788,7 +788,7 @@ def import_users_generate_excel_sample():
@bp.route("/import_users_form", methods=["GET", "POST"])
@scodoc
@permission_required(Permission.ScoUsersAdmin)
@permission_required(Permission.UsersAdmin)
@scodoc7func
def import_users_form():
"""Import utilisateurs depuis feuille Excel"""
@ -884,7 +884,7 @@ def import_users_form():
@bp.route("/user_info_page")
@scodoc
@permission_required(Permission.ScoUsersView)
@permission_required(Permission.UsersView)
@scodoc7func
def user_info_page(user_name=None):
"""Display page of info about given user.
@ -1070,7 +1070,7 @@ def change_password(user_name, password, password2):
@bp.route("/toggle_active_user/<user_name>", methods=["GET", "POST"])
@scodoc
@permission_required(Permission.ScoUsersAdmin)
@permission_required(Permission.UsersAdmin)
def toggle_active_user(user_name: str = None):
"""Change active status of a user account"""
if user_name is not None: # scodoc7func converti en int !
@ -1082,7 +1082,7 @@ def toggle_active_user(user_name: str = None):
# permission check:
if not (
current_user.is_administrator()
or current_user.has_permission(Permission.ScoUsersAdmin, u.dept)
or current_user.has_permission(Permission.UsersAdmin, u.dept)
):
raise ScoPermissionDenied()
form = DeactivateUserForm()

2
migrations/versions/57179ae34069_api_permissions.py
View File

@ -19,7 +19,7 @@ depends_on = None
def upgrade():
# Modification des permissions API
# APIView 1<<40 = 1099511627776 => ScoView = 4
# APIEditGroups 1<<41 = 2199023255552 => ScoEtudChangeGroups = 1<<16 65536
# APIEditGroups 1<<41 = 2199023255552 => EtudChangeGroups = 1<<16 65536
op.execute(
"""
update role set permissions = permissions | 4 where (permissions & 1099511627776) <> 0;

2
scodoc.py
View File

@ -289,7 +289,7 @@ def edit_role(rolename, addpermissionname=None, removepermissionname=None): # e
In ScoDoc, permissions are not associated to users but to roles.
Each user has a set of roles in each departement.
Example: `flask edit-role -a ScoEditApo Ens`
Example: `flask edit-role -a EditApogee Ens`
"""
if addpermissionname:
perm_to_add = Permission.get_by_name(addpermissionname)

2
tests/api/make_samples.py
View File

@ -95,7 +95,7 @@ class Sample:
HEADERS = get_auth_headers("test", "test")
elif permission == "ScoSuperAdmin":
HEADERS = get_auth_headers("admin_api", "admin_api")
elif permission == "ScoUsersAdmin":
elif permission == "UsersAdmin":
HEADERS = get_auth_headers("admin_api", "admin_api")
else:
raise SampleException(f"Bad permission : {permission}")

2
tests/api/test_api_permissions.py
View File

@ -85,7 +85,7 @@ def test_permissions(api_headers):
"/ScoDoc/api/justificatif/1/justifies",
]
):
# On passe la route "api/justificatif/<>/list" car elle nécessite la permission ScoJustifView
# On passe la route "api/justificatif/<>/list" car elle nécessite la permission AbsJustifView
# On passe la route "api/justificatif/<>/justifies" car elle nécessite la permission ScoJustifChange
continue

16
tests/api/test_api_users.py
View File

@ -125,16 +125,16 @@ def test_roles(api_admin_headers):
assert role["role_name"] == "Test_Y"
role = POST_JSON(
"/role/Test_Y/edit",
{"permissions": ["ScoView", "ScoAbsChange"]},
{"permissions": ["ScoView", "AbsChange"]},
headers=admin_h,
)
assert set(role["permissions"]) == {"ScoView", "ScoAbsChange"}
role = POST_JSON("/role/Test_Y/add_permission/ScoAbsAddBillet", headers=admin_h)
assert set(role["permissions"]) == {"ScoView", "ScoAbsChange", "ScoAbsAddBillet"}
assert set(role["permissions"]) == {"ScoView", "AbsChange"}
role = POST_JSON("/role/Test_Y/add_permission/AbsAddBillet", headers=admin_h)
assert set(role["permissions"]) == {"ScoView", "AbsChange", "AbsAddBillet"}
role = GET("/role/Test_Y", headers=admin_h)
assert set(role["permissions"]) == {"ScoView", "ScoAbsChange", "ScoAbsAddBillet"}
role = POST_JSON("/role/Test_Y/remove_permission/ScoAbsChange", headers=admin_h)
assert set(role["permissions"]) == {"ScoView", "ScoAbsAddBillet"}
assert set(role["permissions"]) == {"ScoView", "AbsChange", "AbsAddBillet"}
role = POST_JSON("/role/Test_Y/remove_permission/AbsChange", headers=admin_h)
assert set(role["permissions"]) == {"ScoView", "AbsAddBillet"}
ans = POST_JSON("/role/Test_Y/delete", headers=admin_h)
assert ans["OK"] is True
@ -163,7 +163,7 @@ def test_modif_users_depts(api_admin_headers):
)
role_chef = POST_JSON(
"/role/create/chef",
{"permissions": ["ScoView", "ScoUsersAdmin", "ScoUsersView"]},
{"permissions": ["ScoView", "UsersAdmin", "UsersView"]},
headers=admin_h,
)
_ = POST_JSON(

6
tests/ressources/samples/samples.csv
View File

@ -91,11 +91,11 @@
"partition-remove_etudiant";"/partition/2/remove_etudiant/10";"ScoSuperAdmin";"POST";
"partition";"/partition/1";"ScoView";"GET";
"permissions";"/permissions";"ScoView";"GET";
"role-add_permission";"/role/customRole/add_permission/ScoUsersView";"ScoSuperAdmin";"POST";
"role-create";"/role/create/customRole";"ScoSuperAdmin";"POST";"{""permissions"": [""ScoView"", ""ScoUsersView""]}"
"role-add_permission";"/role/customRole/add_permission/UsersView";"ScoSuperAdmin";"POST";
"role-create";"/role/create/customRole";"ScoSuperAdmin";"POST";"{""permissions"": [""ScoView"", ""UsersView""]}"
"role-delete";"/role/customRole/delete";"ScoSuperAdmin";"POST";
"role-edit";"/role/customRole/edit";"ScoSuperAdmin";"POST";"{ ""name"" : ""LaveurDeVitres"", ""permissions"" : [ ""ScoView"" ] }"
"role-remove_permission";"/role/customRole/remove_permission/ScoUsersView";"ScoSuperAdmin";"POST";
"role-remove_permission";"/role/customRole/remove_permission/UsersView";"ScoSuperAdmin";"POST";
"role";"/role/Observateur";"ScoView";"GET";
"roles";"/roles";"ScoView";"GET";
"test-pdf";"/etudiant/etudid/11/formsemestre/1/bulletin";"ScoView";"GET";

Can't render this file because it contains an unexpected character in line 41 and column 2.

12
tests/unit/test_users.py
View File

@ -32,7 +32,7 @@ def test_password_hashing(test_client):
def test_roles_permissions(test_client):
perm = Permission.ScoAbsChange # une permission au hasard
perm = Permission.AbsChange # une permission au hasard
role = Role(name="test")
assert not role.has_permission(perm)
role.add_permission(perm)
@ -51,19 +51,19 @@ def test_roles_permissions(test_client):
role = Role.query.filter_by(name="Ens").first()
assert role
assert role.has_permission(Permission.ScoView)
assert role.has_permission(Permission.ScoAbsChange)
assert role.has_permission(Permission.AbsChange)
# Permissions de Admin
role = Role.query.filter_by(name="Admin").first()
assert role.has_permission(Permission.ScoEtudChangeAdr)
assert role.has_permission(Permission.EtudChangeAdr)
# Permissions de Secr
role = Role.query.filter_by(name="Secr").first()
assert role.has_permission(Permission.ScoEtudChangeAdr)
assert not role.has_permission(Permission.ScoEditAllNotes)
assert role.has_permission(Permission.EtudChangeAdr)
assert not role.has_permission(Permission.EditAllNotes)
def test_users_roles(test_client):
dept = DEPT
perm = Permission.ScoAbsChange
perm = Permission.AbsChange
perm2 = Permission.ScoView
u = User(user_name="un_enseignant")
db.session.add(u)

10
tools/fakedatabase/create_test_api_database.py
View File

@ -86,25 +86,25 @@ def create_users(depts: list[Departement]) -> tuple:
"""Crée les roles et utilisateurs nécessaires aux tests"""
dept = depts[0]
# Le rôle standard LecteurAPI existe déjà: lui donne les permissions
# ScoView, ScoAbsAddBillet, ScoEtudChangeGroups
# ScoView, AbsAddBillet, EtudChangeGroups
role_lecteur = Role.query.filter_by(name="LecteurAPI").first()
if role_lecteur is None:
print("Erreur: rôle LecteurAPI non existant")
sys.exit(1)
perm_sco_view = Permission.get_by_name("ScoView")
role_lecteur.add_permission(perm_sco_view)
perm_sco_users = Permission.get_by_name("ScoUsersView")
perm_sco_users = Permission.get_by_name("UsersView")
role_lecteur.add_permission(perm_sco_users)
# Edition billets
perm_billets = Permission.get_by_name("ScoAbsAddBillet")
perm_billets = Permission.get_by_name("AbsAddBillet")
role_lecteur.add_permission(perm_billets)
perm_groups = Permission.get_by_name("ScoEtudChangeGroups")
perm_groups = Permission.get_by_name("EtudChangeGroups")
role_lecteur.add_permission(perm_groups)
db.session.add(role_lecteur)
# Un role pour juste voir les utilisateurs
role_users_viewer = Role(
name="UsersViewer", permissions=Permission.ScoUsersView | Permission.ScoView
name="UsersViewer", permissions=Permission.UsersView | Permission.ScoView
)
db.session.add(role_users_viewer)
# Role View sur l'API, pour demander un jeton