WIP refactoring: permissions, ...

2021-06-12 22:43:22 +02:00 · 2021-06-12 22:43:22 +02:00 · 7b61b25ff1
parent dcb53e9c35
commit 7b61b25ff1
34 changed files with 368 additions and 237 deletions
--- a/app/decorators.py
+++ b/app/decorators.py
@ -76,7 +76,7 @@ class ZResponse(object):
        return flask.redirect(url)  # http 302
    def setHeader(self, header, value):
-        self.headers[header.tolower()] = value
+        self.headers[header.lower()] = value
 def permission_required(permission):
--- a/app/scodoc/ZEntreprises.py
+++ b/app/scodoc/ZEntreprises.py
@ -111,7 +111,9 @@ class ZEntreprises(
 <ul class="insidebar">"""
            % params,
        ]
-        if REQUEST.AUTHENTICATED_USER.has_permission(ScoEntrepriseChange, self):
+        if REQUEST.AUTHENTICATED_USER.has_permission(
            Permission.ScoEntrepriseChange, self
        ):
            H.append(
                """<li class="insidebar"><a href="%(ScoURL)s/Entreprises/entreprise_create" class="sidebar">Nouvelle entreprise</a> </li>"""
                % params
@ -138,7 +140,9 @@ class ZEntreprises(
      <li class="insidebar"><a href="%(ScoURL)s/Entreprises/entreprise_correspondant_list?entreprise_id=%(entreprise_id)s" class="sidebar">Corresp.</a></li>"""
                    % params
                )  # """
-                if REQUEST.AUTHENTICATED_USER.has_permission(ScoEntrepriseChange, self):
+                if REQUEST.AUTHENTICATED_USER.has_permission(
                    Permission.ScoEntrepriseChange, self
                ):
                    H.append(
                        """<li class="insidebar"><a href="%(ScoURL)s/Entreprises/entreprise_correspondant_create?entreprise_id=%(entreprise_id)s" class="sidebar">Nouveau Corresp.</a></li>"""
                        % params
@ -147,7 +151,9 @@ class ZEntreprises(
                    """<li class="insidebar"><a href="%(ScoURL)s/Entreprises/entreprise_contact_list?entreprise_id=%(entreprise_id)s" class="sidebar">Contacts</a></li>"""
                    % params
                )
-                if REQUEST.AUTHENTICATED_USER.has_permission(ScoEntrepriseChange, self):
+                if REQUEST.AUTHENTICATED_USER.has_permission(
                    Permission.ScoEntrepriseChange, self
                ):
                    H.append(
                        """<li class="insidebar"><a href="%(ScoURL)s/Entreprises/entreprise_contact_create?entreprise_id=%(entreprise_id)s" class="sidebar">Nouveau "contact"</a></li>"""
                        % params
@ -156,7 +162,9 @@ class ZEntreprises(
        #
        H.append("""<br/><br/>%s""" % scu.icontag("entreprise_side_img"))
-        if not REQUEST.AUTHENTICATED_USER.has_permission(ScoEntrepriseChange, self):
+        if not REQUEST.AUTHENTICATED_USER.has_permission(
            Permission.ScoEntrepriseChange, self
        ):
            H.append("""<br/><em>(Lecture seule)</em>""")
        H.append("""</div> </div> <!-- end of sidebar -->""")
        return "".join(H)
@ -336,7 +344,9 @@ class ZEntreprises(
        H.append(tab.html())
-        if REQUEST.AUTHENTICATED_USER.has_permission(ScoEntrepriseChange, self):
+        if REQUEST.AUTHENTICATED_USER.has_permission(
            Permission.ScoEntrepriseChange, self
        ):
            if entreprise_id:
                H.append(
                    """<p class="entreprise_create"><a class="entreprise_create" href="entreprise_contact_create?entreprise_id=%(entreprise_id)s">nouveau "contact"</a></p>
@ -443,7 +453,9 @@ class ZEntreprises(
        H.append(tab.html())
-        if REQUEST.AUTHENTICATED_USER.has_permission(ScoEntrepriseChange, self):
+        if REQUEST.AUTHENTICATED_USER.has_permission(
            Permission.ScoEntrepriseChange, self
        ):
            H.append(
                """<p class="entreprise_create"><a class="entreprise_create" href="entreprise_correspondant_create?entreprise_id=%(entreprise_id)s">Ajouter un correspondant dans l'entreprise %(nom)s</a></p>
                """
@ -556,7 +568,9 @@ class ZEntreprises(
        if tf[0] == 0:
            H.append(tf[1])
-            if REQUEST.AUTHENTICATED_USER.has_permission(ScoEntrepriseChange, self):
+            if REQUEST.AUTHENTICATED_USER.has_permission(
                Permission.ScoEntrepriseChange, self
            ):
                H.append(
                    """<p class="entreprise_descr"><a class="entreprise_delete" href="entreprise_contact_delete?entreprise_contact_id=%s">Supprimer ce contact</a> </p>"""
                    % entreprise_contact_id
@ -1130,7 +1144,7 @@ class ZEntreprises(
    def entreprise_edit(self, entreprise_id, REQUEST=None, start=1):
        """Form. edit entreprise"""
        authuser = REQUEST.AUTHENTICATED_USER
-        readonly = not authuser.has_permission(ScoEntrepriseChange, self)
+        readonly = not authuser.has_permission(Permission.ScoEntrepriseChange, self)
        F = sco_entreprises.do_entreprise_list(
            self, args={"entreprise_id": entreprise_id}
        )[0]
--- a/app/scodoc/ZScoDoc.py
+++ b/app/scodoc/ZScoDoc.py
@ -131,7 +131,9 @@ class ZScoDoc(ObjectManager, PropertyManager, RoleManager, Item, Persistent, Imp
    def _check_admin_perm(self, REQUEST):
        """Check if user has permission to add/delete departements"""
        authuser = REQUEST.AUTHENTICATED_USER
-        if authuser.has_role("manager") or authuser.has_permission(ScoSuperAdmin, self):
+        if authuser.has_role("manager") or authuser.has_permission(
            Permission.ScoSuperAdmin, self
        ):
            return ""
        else:
            return """<h2>Vous n'avez pas le droit d'accéder à cette page</h2>"""
@ -294,7 +296,8 @@ class ZScoDoc(ObjectManager, PropertyManager, RoleManager, Item, Persistent, Imp
            [
                d.id
                for d in self._list_depts()
-                if (not viewable) or authuser.has_permission(ScoView, d.Scolarite)
+                if (not viewable)
                or authuser.has_permission(Permission.ScoView, d.Scolarite)
            ],
            name="depts",
            format=format,
@ -480,7 +483,7 @@ class ZScoDoc(ObjectManager, PropertyManager, RoleManager, Item, Persistent, Imp
            else:
                dest_folder = ""
            for deptFolder in self._list_depts():
-                if authuser.has_permission(ScoView, deptFolder.Scolarite):
+                if authuser.has_permission(Permission.ScoView, deptFolder.Scolarite):
                    link_cls = "link_accessible"
                else:
                    link_cls = "link_unauthorized"
@ -561,7 +564,7 @@ E. Viennet (Université Paris 13).</p>
        authuser = REQUEST.AUTHENTICATED_USER
        try:
            dept = getattr(self, deptfoldername)
-            if authuser.has_permission(ScoView, dept):
+            if authuser.has_permission(Permission.ScoView, dept):
                return REQUEST.RESPONSE.redirect("ScoDoc/%s/Scolarite" % deptfoldername)
        except:
            log(
--- a/app/scodoc/ZScoUsers.py
+++ b/app/scodoc/ZScoUsers.py
@ -141,7 +141,7 @@ class ZScoUsers(
        H = [self.sco_header(REQUEST, page_title="Gestion des utilisateurs")]
        H.append("<h2>Gestion des utilisateurs</h2>")
-        if authuser.has_permission(ScoUsersAdmin, self):
+        if authuser.has_permission(Permission.ScoUsersAdmin, self):
            H.append(
                '<p><a href="create_user_form" class="stdlink">Ajouter un utilisateur</a>'
            )
@ -170,7 +170,7 @@ class ZScoUsers(
            with_olds=with_olds,
            format=format,
            REQUEST=REQUEST,
-            with_links=authuser.has_permission(ScoUsersAdmin, self),
+            with_links=authuser.has_permission(Permission.ScoUsersAdmin, self),
        )
        if format != "html":
            return L
@ -338,7 +338,7 @@ class ZScoUsers(
        if str(authuser) == user_name:
            return True
        # has permission ?
-        if not authuser.has_permission(ScoUsersAdmin, self):
+        if not authuser.has_permission(Permission.ScoUsersAdmin, self):
            return False
        # Ok, now check that authuser can manage users from this departement
        # Get user info
@ -499,11 +499,11 @@ class ZScoUsers(
                "<p>L' utilisateur '%s' n'est pas défini dans ce module.</p>"
                % user_name
            )
-            if authuser.has_permission(ScoEditAllNotes, self):
+            if authuser.has_permission(Permission.ScoEditAllNotes, self):
                H.append("<p>(il peut modifier toutes les notes)</p>")
-            if authuser.has_permission(ScoEditAllEvals, self):
+            if authuser.has_permission(Permission.ScoEditAllEvals, self):
                H.append("<p>(il peut modifier toutes les évaluations)</p>")
-            if authuser.has_permission(ScoImplement, self):
+            if authuser.has_permission(Permission.ScoImplement, self):
                H.append("<p>(il peut creer des formations)</p>")
        else:
            H.append(
@ -520,7 +520,7 @@ class ZScoUsers(
             <li><a class="stdlink" href="form_change_password?user_name=%(user_name)s">changer le mot de passe</a></li>"""
                % info[0]
            )
-            if authuser.has_permission(ScoUsersAdmin, self):
+            if authuser.has_permission(Permission.ScoUsersAdmin, self):
                H.append(
                    """
             <li><a  class="stdlink" href="create_user_form?user_name=%(user_name)s&edit=1">modifier/déactiver ce compte</a></li>
@ -560,7 +560,7 @@ class ZScoUsers(
                        b = "non"
                    H.append("<li>%s : %s</li>" % (permname, b))
            H.append("</ul></div>")
-        if authuser.has_permission(ScoUsersAdmin, self):
+        if authuser.has_permission(Permission.ScoUsersAdmin, self):
            H.append(
                '<p><a class="stdlink" href="%s/Users">Liste de tous les utilisateurs</a></p>'
                % self.ScoURL()
@ -602,13 +602,13 @@ class ZScoUsers(
        else:
            H.append("<h2>Création d'un utilisateur</h2>")
-        if authuser.has_permission(ScoSuperAdmin, self):
+        if authuser.has_permission(Permission.ScoSuperAdmin, self):
            H.append("""<p class="warning">Vous êtes super administrateur !</p>""")
        # Noms de roles pouvant etre attribues aux utilisateurs via ce dialogue
        # si pas SuperAdmin, restreint aux rôles EnsX, SecrX, DeptX
        #
-        if authuser.has_permission(ScoSuperAdmin, self):
+        if authuser.has_permission(Permission.ScoSuperAdmin, self):
            log("create_user_form called by %s (super admin)" % (auth_name,))
            editable_roles = set(self._all_roles())
        else:
--- a/app/scodoc/html_sco_header.py
+++ b/app/scodoc/html_sco_header.py
@ -28,7 +28,6 @@
 import cgi
 import sco_utils as scu
 from sco_formsemestre_status import formsemestre_page_title
 """
 HTML Header/Footer for ScoDoc pages
@ -263,3 +262,6 @@ def sco_footer(context, REQUEST=None):
    return (
        """</div><!-- /gtrcontent -->""" + scu.CUSTOM_HTML_FOOTER + """</body></html>"""
    )
 from sco_formsemestre_status import formsemestre_page_title
--- a/app/scodoc/html_sidebar.py
+++ b/app/scodoc/html_sidebar.py
@ -62,14 +62,14 @@ def sidebar_common(context, REQUEST=None):
        % params,
    ]
-    if authuser.has_permission(ScoUsersAdmin, context) or authuser.has_permission(
+    if authuser.has_permission(
-        ScoUsersView, context
+        Permission.ScoUsersAdmin, context
-    ):
+    ) or authuser.has_permission(ScoUsersView, context):
        H.append(
            """<a href="%(UsersURL)s" class="sidebar">Utilisateurs</a> <br/>""" % params
        )
-    if authuser.has_permission(ScoChangePreferences, context):
+    if authuser.has_permission(Permission.ScoChangePreferences, context):
        H.append(
            """<a href="%(ScoURL)s/edit_preferences" class="sidebar">Paramétrage</a> <br/>"""
            % params
@ -120,7 +120,7 @@ def sidebar(context, REQUEST=None):
            )
        H.append("<ul>")
-        if REQUEST.AUTHENTICATED_USER.has_permission(ScoAbsChange, context):
+        if REQUEST.AUTHENTICATED_USER.has_permission(Permission.ScoAbsChange, context):
            H.append(
                """
 <li>     <a href="%(ScoURL)s/Absences/SignaleAbsenceEtud?etudid=%(etudid)s">Ajouter</a></li>
--- a/app/scodoc/sco_abs_views.py
+++ b/app/scodoc/sco_abs_views.py
@ -88,7 +88,13 @@ def doSignaleAbsence(
            nbadded += 2
        else:
            context._AddAbsence(
-                etudid, jour, demijournee, estjust, REQUEST, description_abs, moduleimpl_id
+                etudid,
                jour,
                demijournee,
                estjust,
                REQUEST,
                description_abs,
                moduleimpl_id,
            )
            nbadded += 1
    #
@ -846,7 +852,7 @@ def absences_index_html(context, REQUEST=None):
            """<p>Pour signaler, annuler ou justifier une absence, choisissez d'abord l'étudiant concerné:</p>"""
        )
        H.append(sco_find_etud.form_search_etud(context, REQUEST))
-        if authuser.has_permission(ScoAbsChange, context):
+        if authuser.has_permission(Permission.ScoAbsChange, context):
            H.extend(
                (
                    """<hr/>
--- a/app/scodoc/sco_archives_etud.py
+++ b/app/scodoc/sco_archives_etud.py
@ -53,7 +53,7 @@ EtudsArchive = EtudsArchiver()
 def can_edit_etud_archive(context, authuser):
    """True si l'utilisateur peut modifier les archives etudiantes"""
-    return authuser.has_permission(ScoEtudAddAnnotations, context)
+    return authuser.has_permission(Permission.ScoEtudAddAnnotations, context)
 def etud_list_archives_html(context, REQUEST, etudid):
--- a/app/scodoc/sco_bulletins.py
+++ b/app/scodoc/sco_bulletins.py
@ -842,7 +842,7 @@ def can_send_bulletin_by_mail(context, formsemestre_id, REQUEST):
    sem = sco_formsemestre.get_formsemestre(context, formsemestre_id)
    return (
        context.get_preference("bul_mail_allowed_for_all", formsemestre_id)
-        or authuser.has_permission(ScoImplement, context)
+        or authuser.has_permission(Permission.ScoImplement, context)
        or str(authuser) in sem["responsables"]
    )
@ -1077,7 +1077,7 @@ def _formsemestre_bulletinetud_header_html(
            "url": "formsemestre_edit_options?formsemestre_id=%s&target_url=%s"
            % (formsemestre_id, qurl),
            "enabled": (uid in sem["responsables"])
-            or authuser.has_permission(ScoImplement, context),
+            or authuser.has_permission(Permission.ScoImplement, context),
        },
        {
            "title": 'Version papier (pdf, format "%s")'
@ -1120,14 +1120,14 @@ def _formsemestre_bulletinetud_header_html(
            % (etudid, formsemestre_id),
            "enabled": (
                (authuser in sem["responsables"])
-                or (authuser.has_permission(ScoEtudInscrit, context))
+                or (authuser.has_permission(Permission.ScoEtudInscrit, context))
            ),
        },
        {
            "title": "Enregistrer un semestre effectué ailleurs",
            "url": "formsemestre_ext_create_form?etudid=%s&formsemestre_id=%s"
            % (etudid, formsemestre_id),
-            "enabled": authuser.has_permission(ScoImplement, context),
+            "enabled": authuser.has_permission(Permission.ScoImplement, context),
        },
        {
            "title": "Enregistrer une validation d'UE antérieure",
--- a/app/scodoc/sco_bulletins_legacy.py
+++ b/app/scodoc/sco_bulletins_legacy.py
@ -316,7 +316,7 @@ class BulletinGeneratorLegacy(sco_bulletins_generator.BulletinGenerator):
        # le dir. des etud peut ajouter des appreciations,
        # mais aussi le chef (perm. ScoEtudInscrit)
        can_edit_app = (str(authuser) in self.infos["responsables"]) or (
-            authuser.has_permission(ScoEtudInscrit, self.context)
+            authuser.has_permission(Permission.ScoEtudInscrit, self.context)
        )
        H.append('<div class="bull_appreciations">')
        if I["appreciations_list"]:
--- a/app/scodoc/sco_bulletins_standard.py
+++ b/app/scodoc/sco_bulletins_standard.py
@ -153,7 +153,7 @@ class BulletinGeneratorStandard(sco_bulletins_generator.BulletinGenerator):
        # le dir. des etud peut ajouter des appreciations,
        # mais aussi le chef (perm. ScoEtudInscrit)
        can_edit_app = (str(self.authuser) in self.infos["responsables"]) or (
-            self.authuser.has_permission(ScoEtudInscrit, self.context)
+            self.authuser.has_permission(Permission.ScoEtudInscrit, self.context)
        )
        H.append('<div class="bull_appreciations">')
        for app in self.infos["appreciations_list"]:
--- a/app/scodoc/sco_core.py
+++ b/app/scodoc/sco_core.py
@ -17,3 +17,10 @@ def sco_get_version(context, REQUEST=None):
 def test_refactor(context, x=1):
    x = context.toto()
    y = ("context=" + context.module_is_locked("alpha")) + "23"
    z = context.sco_header(
        a_long_argument_hahahahaha=1,
        another_very_long_arggggggggggggg=2,
        z=6,
        u=99,
        kkkkkk=1,
    )
--- a/app/scodoc/sco_dept.py
+++ b/app/scodoc/sco_dept.py
@ -138,7 +138,7 @@ Chercher étape courante: <input name="etape_apo" type="text" size="8" spellchec
    )
    #
    authuser = REQUEST.AUTHENTICATED_USER
-    if authuser.has_permission(ScoEtudInscrit, context):
+    if authuser.has_permission(Permission.ScoEtudInscrit, context):
        H.append(
            """<hr>
        <h3>Gestion des étudiants</h3>
@ -151,7 +151,7 @@ Chercher étape courante: <input name="etape_apo" type="text" size="8" spellchec
        """
        )
    #
-    if authuser.has_permission(ScoEditApo, context):
+    if authuser.has_permission(Permission.ScoEditApo, context):
        H.append(
            """<hr>
        <h3>Exports Apogée</h3>
--- a/app/scodoc/sco_edit_formation.py
+++ b/app/scodoc/sco_edit_formation.py
@ -35,6 +35,7 @@ from TrivialFormulator import TrivialFormulator, TF, tf_error_message
 import sco_codes_parcours
 import sco_formsemestre
 from sco_exceptions import ScoValueError
 import sco_formation
 def formation_delete(context, formation_id=None, dialog_confirmed=False, REQUEST=None):
@ -223,6 +224,32 @@ def formation_edit(context, formation_id=None, create=False, REQUEST=None):
        return REQUEST.RESPONSE.redirect("ue_list?formation_id=%s" % formation_id)
 def do_formation_create(context, args, REQUEST):
    "create a formation"
    cnx = context.GetDBConnexion()
    # check unique acronyme/titre/version
    a = args.copy()
    if a.has_key("formation_id"):
        del a["formation_id"]
    F = context.formation_list(args=a)
    if len(F) > 0:
        log("do_formation_create: error: %d formations matching args=%s" % (len(F), a))
        raise ScoValueError("Formation non unique (%s) !" % str(a))
    # Si pas de formation_code, l'enleve (default SQL)
    if args.has_key("formation_code") and not args["formation_code"]:
        del args["formation_code"]
    #
    r = _formationEditor.create(cnx, args)
    sco_news.add(
        context,
        REQUEST,
        typ=NEWS_FORM,
        text="Création de la formation %(titre)s (%(acronyme)s)" % args,
    )
    return r
 def do_formation_edit(context, args):
    "edit a formation"
    # log('do_formation_edit( args=%s )'%args)
@ -238,7 +265,7 @@ def do_formation_edit(context, args):
        del args["formation_code"]
    cnx = context.GetDBConnexion()
-    context._formationEditor.edit(cnx, args)
+    sco_formation._formationEditor.edit(cnx, args)
    # Invalide les semestres utilisant cette formation:
    for sem in sco_formsemestre.do_formsemestre_list(
--- a/app/scodoc/sco_edit_module.py
+++ b/app/scodoc/sco_edit_module.py
@ -417,7 +417,9 @@ def module_list(context, formation_id, REQUEST=None):
        % F,
        '<ul class="notes_module_list">',
    ]
-    editable = REQUEST.AUTHENTICATED_USER.has_permission(ScoChangeFormation, context)
+    editable = REQUEST.AUTHENTICATED_USER.has_permission(
        Permission.ScoChangeFormation, context
    )
    for Mod in context.do_module_list(args={"formation_id": formation_id}):
        H.append('<li class="notes_module_list">%s' % Mod)
--- a/app/scodoc/sco_edit_ue.py
+++ b/app/scodoc/sco_edit_ue.py
@ -300,14 +300,16 @@ def ue_list(context, formation_id=None, msg="", REQUEST=None):
    ue_list.sort(key=lambda u: (u["semestre_id"], u["numero"]))
    has_duplicate_ue_codes = len(set([ue["ue_code"] for ue in ue_list])) != len(ue_list)
-    perm_change = authuser.has_permission(ScoChangeFormation, context)
+    perm_change = authuser.has_permission(Permission.ScoChangeFormation, context)
    # editable = (not locked) and perm_change
    # On autorise maintanant la modification des formations qui ont des semestres verrouillés,
    # sauf si cela affect les notes passées (verrouillées):
    #   - pas de modif des modules utilisés dans des semestres verrouillés
    #   - pas de changement des codes d'UE utilisés dans des semestres verrouillés
    editable = perm_change
-    tag_editable = authuser.has_permission(ScoEditFormationTags, context) or perm_change
+    tag_editable = (
        authuser.has_permission(Permission.ScoEditFormationTags, context) or perm_change
    )
    if locked:
        lockicon = scu.icontag("lock32_img", title="verrouillé")
    else:
@ -653,7 +655,7 @@ Si vous souhaitez modifier cette formation (par exemple pour y ajouter un module
            H.append("</li>")
        H.append("</ul>")
-    if authuser.has_permission(ScoImplement, context):
+    if authuser.has_permission(Permission.ScoImplement, context):
        H.append(
            """<ul>
        <li><a class="stdlink" href="formsemestre_createwithmodules?formation_id=%(formation_id)s&semestre_id=1">Mettre en place un nouveau semestre de formation %(acronyme)s</a>
--- a/app/scodoc/sco_find_etud.py
+++ b/app/scodoc/sco_find_etud.py
@ -266,7 +266,7 @@ def form_search_etud_in_accessible_depts(context, REQUEST):
 def can_view_dept(context, REQUEST):
    """True if auth user can access (View) this context"""
    authuser = REQUEST.AUTHENTICATED_USER
-    return authuser.has_permission(ScoView, context)
+    return authuser.has_permission(Permission.ScoView, context)
 def search_etud_in_accessible_depts(context, expnom=None, code_nip=None, REQUEST=None):
--- a/app/scodoc/sco_formations.py
+++ b/app/scodoc/sco_formations.py
@ -217,7 +217,9 @@ def formation_list_table(context, formation_id=None, args={}, REQUEST=None):
        "edit_img", border="0", alt="modifier", title="Modifier titres et code"
    )
-    editable = REQUEST.AUTHENTICATED_USER.has_permission(ScoChangeFormation, context)
+    editable = REQUEST.AUTHENTICATED_USER.has_permission(
        Permission.ScoChangeFormation, context
    )
    # Traduit/ajoute des champs à afficher:
    for f in formations:
--- a/app/scodoc/sco_formsemestre_edit.py
+++ b/app/scodoc/sco_formsemestre_edit.py
@ -105,7 +105,7 @@ def can_edit_sem(context, REQUEST, formsemestre_id="", sem=None):
    """Return sem if user can edit it, False otherwise"""
    sem = sem or sco_formsemestre.get_formsemestre(context, formsemestre_id)
    authuser = REQUEST.AUTHENTICATED_USER
-    if not authuser.has_permission(ScoImplement, context):  # pas chef
+    if not authuser.has_permission(Permission.ScoImplement, context):  # pas chef
        if not sem["resp_can_edit"] or str(authuser) not in sem["responsables"]:
            return False
    return sem
@ -118,7 +118,7 @@ def do_formsemestre_createwithmodules(context, REQUEST=None, edit=False):
        formsemestre_id = REQUEST.form["formsemestre_id"]
        sem = sco_formsemestre.get_formsemestre(context, formsemestre_id)
    authuser = REQUEST.AUTHENTICATED_USER
-    if not authuser.has_permission(ScoImplement, context):
+    if not authuser.has_permission(Permission.ScoImplement, context):
        if not edit:
            # il faut ScoImplement pour creer un semestre
            raise AccessDenied("vous n'avez pas le droit d'effectuer cette opération")
@ -434,7 +434,7 @@ def do_formsemestre_createwithmodules(context, REQUEST=None, edit=False):
            },
        ),
    ]
-    if authuser.has_permission(ScoImplement, context):
+    if authuser.has_permission(Permission.ScoImplement, context):
        modform += [
            (
                "resp_can_edit",
--- a/app/scodoc/sco_formsemestre_status.py
+++ b/app/scodoc/sco_formsemestre_status.py
@ -157,7 +157,7 @@ def formsemestre_status_menubar(context, sem, REQUEST):
            "url": "formsemestre_editwithmodules?formation_id=%(formation_id)s&formsemestre_id=%(formsemestre_id)s"
            % sem,
            "enabled": (
-                authuser.has_permission(ScoImplement, context)
+                authuser.has_permission(Permission.ScoImplement, context)
                or (
                    str(REQUEST.AUTHENTICATED_USER) in sem["responsables"]
                    and sem["resp_can_edit"]
@ -171,7 +171,7 @@ def formsemestre_status_menubar(context, sem, REQUEST):
            "url": "formsemestre_edit_preferences?formsemestre_id=%(formsemestre_id)s"
            % sem,
            "enabled": (
-                authuser.has_permission(ScoImplement, context)
+                authuser.has_permission(Permission.ScoImplement, context)
                or (
                    str(REQUEST.AUTHENTICATED_USER) in sem["responsables"]
                    and sem["resp_can_edit"]
@ -184,14 +184,14 @@ def formsemestre_status_menubar(context, sem, REQUEST):
            "title": "Réglages bulletins",
            "url": "formsemestre_edit_options?formsemestre_id=" + formsemestre_id,
            "enabled": (uid in sem["responsables"])
-            or authuser.has_permission(ScoImplement, context),
+            or authuser.has_permission(Permission.ScoImplement, context),
            "helpmsg": "Change les options",
        },
        {
            "title": change_lock_msg,
            "url": "formsemestre_change_lock?formsemestre_id=" + formsemestre_id,
            "enabled": (uid in sem["responsables"])
-            or authuser.has_permission(ScoImplement, context),
+            or authuser.has_permission(Permission.ScoImplement, context),
            "helpmsg": "",
        },
        {
@ -216,21 +216,21 @@ def formsemestre_status_menubar(context, sem, REQUEST):
        {
            "title": "Cloner ce semestre",
            "url": "formsemestre_clone?formsemestre_id=" + formsemestre_id,
-            "enabled": authuser.has_permission(ScoImplement, context),
+            "enabled": authuser.has_permission(Permission.ScoImplement, context),
            "helpmsg": "",
        },
        {
            "title": "Associer à une nouvelle version du programme",
            "url": "formsemestre_associate_new_version?formsemestre_id="
            + formsemestre_id,
-            "enabled": authuser.has_permission(ScoChangeFormation, context)
+            "enabled": authuser.has_permission(Permission.ScoChangeFormation, context)
            and (sem["etat"] == "1"),
            "helpmsg": "",
        },
        {
            "title": "Supprimer ce semestre",
            "url": "formsemestre_delete?formsemestre_id=" + formsemestre_id,
-            "enabled": authuser.has_permission(ScoImplement, context),
+            "enabled": authuser.has_permission(Permission.ScoImplement, context),
            "helpmsg": "",
        },
    ]
@ -254,13 +254,13 @@ def formsemestre_status_menubar(context, sem, REQUEST):
        {
            "title": "Passage des étudiants depuis d'autres semestres",
            "url": "formsemestre_inscr_passage?formsemestre_id=" + formsemestre_id,
-            "enabled": authuser.has_permission(ScoEtudInscrit, context)
+            "enabled": authuser.has_permission(Permission.ScoEtudInscrit, context)
            and (sem["etat"] == "1"),
        },
        {
            "title": "Synchroniser avec étape Apogée",
            "url": "formsemestre_synchro_etuds?formsemestre_id=" + formsemestre_id,
-            "enabled": authuser.has_permission(ScoView, context)
+            "enabled": authuser.has_permission(Permission.ScoView, context)
            and context.get_preference("portal_url")
            and (sem["etat"] == "1"),
        },
@ -268,26 +268,26 @@ def formsemestre_status_menubar(context, sem, REQUEST):
            "title": "Inscrire un étudiant",
            "url": "formsemestre_inscription_with_modules_etud?formsemestre_id="
            + formsemestre_id,
-            "enabled": authuser.has_permission(ScoEtudInscrit, context)
+            "enabled": authuser.has_permission(Permission.ScoEtudInscrit, context)
            and (sem["etat"] == "1"),
        },
        {
            "title": "Importer des étudiants dans ce semestre (table Excel)",
            "url": "form_students_import_excel?formsemestre_id=" + formsemestre_id,
-            "enabled": authuser.has_permission(ScoEtudInscrit, context)
+            "enabled": authuser.has_permission(Permission.ScoEtudInscrit, context)
            and (sem["etat"] == "1"),
        },
        {
            "title": "Import/export des données admission",
            "url": "form_students_import_infos_admissions?formsemestre_id="
            + formsemestre_id,
-            "enabled": authuser.has_permission(ScoView, context),
+            "enabled": authuser.has_permission(Permission.ScoView, context),
        },
        {
            "title": "Resynchroniser données identité",
            "url": "formsemestre_import_etud_admission?formsemestre_id="
            + formsemestre_id,
-            "enabled": authuser.has_permission(ScoEtudChangeAdr, context)
+            "enabled": authuser.has_permission(Permission.ScoEtudChangeAdr, context)
            and context.get_preference("portal_url"),
        },
        {
@ -750,7 +750,7 @@ def _make_listes_sem(context, sem, REQUEST=None, with_absences=True):
    #
    H = []
    # pas de menu absences si pas autorise:
-    if with_absences and not authuser.has_permission(ScoAbsChange, context):
+    if with_absences and not authuser.has_permission(Permission.ScoAbsChange, context):
        with_absences = False
    #
--- a/app/scodoc/sco_groups.py
+++ b/app/scodoc/sco_groups.py
@ -62,7 +62,7 @@ def can_change_groups(context, REQUEST, formsemestre_id):
    if sem["etat"] != "1":
        return False  # semestre verrouillé
    authuser = REQUEST.AUTHENTICATED_USER
-    if authuser.has_permission(ScoEtudChangeGroups, context):
+    if authuser.has_permission(Permission.ScoEtudChangeGroups, context):
        return True  # admin, chef dept
    uid = str(authuser)
    if uid in sem["responsables"]:
--- a/app/scodoc/sco_groups_view.py
+++ b/app/scodoc/sco_groups_view.py
@ -851,13 +851,13 @@ def tab_absences_html(context, groups_infos, etat=None, REQUEST=None):
    # Lien pour verif codes INE/NIP
    # (pour tous les etudiants du semestre)
    group_id = sco_groups.get_default_group(context, groups_infos.formsemestre_id)
-    if authuser.has_permission(ScoEtudInscrit, context):
+    if authuser.has_permission(Permission.ScoEtudInscrit, context):
        H.append(
            '<li><a class="stdlink" href="check_group_apogee?group_id=%s&etat=%s">Vérifier codes Apogée</a> (de tous les groupes)</li>'
            % (group_id, etat or "")
        )
    # Lien pour ajout fichiers étudiants
-    if authuser.has_permission(ScoEtudAddAnnotations, context):
+    if authuser.has_permission(Permission.ScoEtudAddAnnotations, context):
        H.append(
            """<li><a class="stdlink" href="etudarchive_import_files_form?group_id=%s">Télécharger des fichiers associés aux étudiants (e.g. dossiers d'admission)</a></li>"""
            % (group_id)
@ -880,7 +880,7 @@ def form_choix_jour_saisie_hebdo(
 ):
    """Formulaire choix jour semaine pour saisie."""
    authuser = REQUEST.AUTHENTICATED_USER
-    if not authuser.has_permission(ScoAbsChange, context):
+    if not authuser.has_permission(Permission.ScoAbsChange, context):
        return ""
    sem = groups_infos.formsemestre
    first_monday = sco_abs.ddmmyyyy(sem["date_debut"]).prev_monday()
@ -921,7 +921,7 @@ def form_choix_jour_saisie_hebdo(
 # Formulaire saisie absences semaine
 def form_choix_saisie_semaine(context, groups_infos, REQUEST=None):
    authuser = REQUEST.AUTHENTICATED_USER
-    if not authuser.has_permission(ScoAbsChange, context):
+    if not authuser.has_permission(Permission.ScoAbsChange, context):
        return ""
    # construit l'URL "destination"
    # (a laquelle on revient apres saisie absences)
--- a/app/scodoc/sco_moduleimpl.py
+++ b/app/scodoc/sco_moduleimpl.py
@ -302,7 +302,7 @@ def can_change_module_resp(context, REQUEST, moduleimpl_id):
    authuser = REQUEST.AUTHENTICATED_USER
    uid = str(authuser)
    # admin ou resp. semestre avec flag resp_can_change_resp
-    if not authuser.has_permission(ScoImplement, context) and (
+    if not authuser.has_permission(Permission.ScoImplement, context) and (
        (uid not in sem["responsables"]) or (not sem["resp_can_change_ens"])
    ):
        raise AccessDenied("Modification impossible pour %s" % uid)
@ -325,7 +325,7 @@ def can_change_ens(context, REQUEST, moduleimpl_id, raise_exc=True):
    # admin, resp. module ou resp. semestre
    if (
        uid != M["responsable_id"]
-        and not authuser.has_permission(ScoImplement, context)
+        and not authuser.has_permission(Permission.ScoImplement, context)
        and (uid not in sem["responsables"])
    ):
        if raise_exc:
--- a/app/scodoc/sco_moduleimpl_inscriptions.py
+++ b/app/scodoc/sco_moduleimpl_inscriptions.py
@ -245,7 +245,10 @@ def moduleimpl_inscriptions_stats(context, formsemestre_id, REQUEST=None):
        context, formsemestre_id
    )
-    can_change = authuser.has_permission(ScoEtudInscrit, context) and sem["etat"] == "1"
+    can_change = (
        authuser.has_permission(Permission.ScoEtudInscrit, context)
        and sem["etat"] == "1"
    )
    # Liste des modules
    Mlist = sco_moduleimpl.do_moduleimpl_withmodule_list(
--- a/app/scodoc/sco_moduleimpl_status.py
+++ b/app/scodoc/sco_moduleimpl_status.py
@ -217,7 +217,7 @@ def moduleimpl_status(context, moduleimpl_id=None, partition_id=None, REQUEST=No
        """<tr><td class="fichetitre2">Inscrits: </td><td> %d étudiants"""
        % len(ModInscrits)
    )
-    if authuser.has_permission(ScoEtudInscrit, context):
+    if authuser.has_permission(Permission.ScoEtudInscrit, context):
        H.append(
            """<a class="stdlink" style="margin-left:2em;" href="moduleimpl_inscriptions_edit?moduleimpl_id=%s">modifier</a>"""
            % M["moduleimpl_id"]
--- a/app/scodoc/sco_page_etud.py
+++ b/app/scodoc/sco_page_etud.py
@ -67,80 +67,78 @@ def _menuScolarite(context, authuser, sem, etudid):
        return lockicon  # no menu
    if not authuser.has_permission(
        ScoEtudInscrit, context
-    ) and not authuser.has_permission(ScoEtudChangeGroups, context):
+    ) and not authuser.has_permission(Permission.ScoEtudChangeGroups, context):
        return ""  # no menu
    ins = sem["ins"]
    args = {"etudid": etudid, "formsemestre_id": ins["formsemestre_id"]}
    if ins["etat"] != "D":
        dem_title = "Démission"
-        dem_url = (
+        dem_url = "formDem?etudid=%(etudid)s&formsemestre_id=%(formsemestre_id)s" % args
            "formDem?etudid=%(etudid)s&formsemestre_id=%(formsemestre_id)s" % args
        )
    else:
        dem_title = "Annuler la démission"
        dem_url = (
-            "doCancelDem?etudid=%(etudid)s&formsemestre_id=%(formsemestre_id)s"
+            "doCancelDem?etudid=%(etudid)s&formsemestre_id=%(formsemestre_id)s" % args
            % args
        )
    # Note: seul un etudiant inscrit (I) peut devenir défaillant.
    if ins["etat"] != sco_codes_parcours.DEF:
        def_title = "Déclarer défaillance"
-        def_url = (
+        def_url = "formDef?etudid=%(etudid)s&formsemestre_id=%(formsemestre_id)s" % args
            "formDef?etudid=%(etudid)s&formsemestre_id=%(formsemestre_id)s" % args
        )
    elif ins["etat"] == sco_codes_parcours.DEF:
        def_title = "Annuler la défaillance"
        def_url = (
-            "doCancelDef?etudid=%(etudid)s&formsemestre_id=%(formsemestre_id)s"
+            "doCancelDef?etudid=%(etudid)s&formsemestre_id=%(formsemestre_id)s" % args
            % args
        )
    def_enabled = (
        (ins["etat"] != "D")
-        and authuser.has_permission(ScoEtudInscrit, context)
+        and authuser.has_permission(Permission.ScoEtudInscrit, context)
        and not locked
    )
    items = [
        #        { 'title' : 'Changer de groupe',
        #          'url' : 'formChangeGroup?etudid=%s&formsemestre_id=%s' % (etudid,ins['formsemestre_id']),
-        #          'enabled' : authuser.has_permission(ScoEtudChangeGroups,context) and not locked,
+        #          'enabled' : authuser.has_permission(Permission.ScoEtudChangeGroups,context) and not locked,
        #        },
        {
            "title": dem_title,
            "url": dem_url,
-            "enabled": authuser.has_permission(ScoEtudInscrit, context) and not locked,
+            "enabled": authuser.has_permission(Permission.ScoEtudInscrit, context)
            and not locked,
        },
        {
            "title": "Validation du semestre (jury)",
            "url": "Notes/formsemestre_validation_etud_form?etudid=%(etudid)s&formsemestre_id=%(formsemestre_id)s"
            % args,
-            "enabled": authuser.has_permission(ScoEtudInscrit, context) and not locked,
+            "enabled": authuser.has_permission(Permission.ScoEtudInscrit, context)
            and not locked,
        },
        {"title": def_title, "url": def_url, "enabled": def_enabled},
        {
            "title": "Inscrire à un module optionnel (ou au sport)",
            "url": "Notes/formsemestre_inscription_option?formsemestre_id=%(formsemestre_id)s&etudid=%(etudid)s"
            % args,
-            "enabled": authuser.has_permission(ScoEtudInscrit, context) and not locked,
+            "enabled": authuser.has_permission(Permission.ScoEtudInscrit, context)
            and not locked,
        },
        {
            "title": "Désinscrire (en cas d'erreur)",
            "url": "Notes/formsemestre_desinscription?formsemestre_id=%(formsemestre_id)s&etudid=%(etudid)s"
            % args,
-            "enabled": authuser.has_permission(ScoEtudInscrit, context) and not locked,
+            "enabled": authuser.has_permission(Permission.ScoEtudInscrit, context)
            and not locked,
        },
        {
            "title": "Inscrire à un autre semestre",
            "url": "Notes/formsemestre_inscription_with_modules_form?etudid=%(etudid)s"
            % args,
-            "enabled": authuser.has_permission(ScoEtudInscrit, context),
+            "enabled": authuser.has_permission(Permission.ScoEtudInscrit, context),
        },
        {
            "title": "Enregistrer un semestre effectué ailleurs",
            "url": "Notes/formsemestre_ext_create_form?formsemestre_id=%(formsemestre_id)s&etudid=%(etudid)s"
            % args,
-            "enabled": authuser.has_permission(ScoImplement, context),
+            "enabled": authuser.has_permission(Permission.ScoImplement, context),
        },
    ]
@ -206,7 +204,7 @@ def ficheEtud(context, etudid=None, REQUEST=None):
    else:
        info["emaillink"] = "<em>(pas d'adresse e-mail)</em>"
    # champs dependant des permissions
-    if authuser.has_permission(ScoEtudChangeAdr, context):
+    if authuser.has_permission(Permission.ScoEtudChangeAdr, context):
        info["modifadresse"] = (
            '<a class="stdlink" href="formChangeCoordonnees?etudid=%s">modifier adresse</a>'
            % etudid
@ -272,7 +270,7 @@ def ficheEtud(context, etudid=None, REQUEST=None):
    else:
        # non inscrit
        l = ["<p><b>Etudiant%s non inscrit%s" % (info["ne"], info["ne"])]
-        if authuser.has_permission(ScoEtudInscrit, context):
+        if authuser.has_permission(Permission.ScoEtudInscrit, context):
            l.append(
                '<a href="%s/Notes/formsemestre_inscription_with_modules_form?etudid=%s">inscrire</a></li>'
                % (context.ScoURL(), etudid)
@ -517,17 +515,17 @@ def menus_etud(context, REQUEST=None):
        {
            "title": "Changer la photo",
            "url": "formChangePhoto?etudid=%(etudid)s" % etud,
-            "enabled": authuser.has_permission(ScoEtudChangeAdr, context),
+            "enabled": authuser.has_permission(Permission.ScoEtudChangeAdr, context),
        },
        {
            "title": "Changer les données identité/admission",
            "url": "etudident_edit_form?etudid=%(etudid)s" % etud,
-            "enabled": authuser.has_permission(ScoEtudInscrit, context),
+            "enabled": authuser.has_permission(Permission.ScoEtudInscrit, context),
        },
        {
            "title": "Supprimer cet étudiant...",
            "url": "etudident_delete?etudid=%(etudid)s" % etud,
-            "enabled": authuser.has_permission(ScoEtudInscrit, context),
+            "enabled": authuser.has_permission(Permission.ScoEtudInscrit, context),
        },
        {
            "title": "Voir le journal...",
--- a/app/scodoc/sco_saisie_notes.py
+++ b/app/scodoc/sco_saisie_notes.py
@ -74,12 +74,12 @@ def can_edit_notes(context, authuser, moduleimpl_id, allow_ens=True):
    if sco_parcours_dut.formsemestre_has_decisions(context, sem["formsemestre_id"]):
        # il y a des décisions de jury dans ce semestre !
        return (
-            authuser.has_permission(ScoEditAllNotes, context)
+            authuser.has_permission(Permission.ScoEditAllNotes, context)
            or uid in sem["responsables"]
        )
    else:
        if (
-            (not authuser.has_permission(ScoEditAllNotes, context))
+            (not authuser.has_permission(Permission.ScoEditAllNotes, context))
            and uid != M["responsable_id"]
            and uid not in sem["responsables"]
        ):
--- a/app/scodoc/sco_synchro_etuds.py
+++ b/app/scodoc/sco_synchro_etuds.py
@ -90,7 +90,7 @@ def formsemestre_synchro_etuds(
    sem["etape_apo_str"] = sco_formsemestre.formsemestre_etape_apo_str(sem)
    # Write access ?
    authuser = REQUEST.AUTHENTICATED_USER
-    if not authuser.has_permission(ScoEtudInscrit, context):
+    if not authuser.has_permission(Permission.ScoEtudInscrit, context):
        read_only = True
    if read_only:
        submitted = False
--- a/app/scodoc/sco_tag_module.py
+++ b/app/scodoc/sco_tag_module.py
@ -237,7 +237,7 @@ def module_tag_set(context, module_id="", taglist=[], REQUEST=None):
        authuser = REQUEST.AUTHENTICATED_USER
        tag_editable = authuser.has_permission(
            ScoEditFormationTags, context
-        ) or authuser.has_permission(ScoChangeFormation, context)
+        ) or authuser.has_permission(Permission.ScoChangeFormation, context)
        if not tag_editable:
            raise AccessDenied("Modification des tags impossible pour %s" % authuser)
    #
--- a/app/scodoc/sco_ue_external.py
+++ b/app/scodoc/sco_ue_external.py
@ -81,7 +81,7 @@ def external_ue_create(
    sem = sco_formsemestre.get_formsemestre(context, formsemestre_id)
    # Contrôle d'accès:
    authuser = REQUEST.AUTHENTICATED_USER
-    if not authuser.has_permission(ScoImplement, context):
+    if not authuser.has_permission(Permission.ScoImplement, context):
        if not sem["resp_can_edit"] or str(authuser) not in sem["responsables"]:
            raise AccessDenied("vous n'avez pas le droit d'effectuer cette opération")
    #
@ -210,7 +210,7 @@ def external_ue_create_form(context, formsemestre_id, etudid, REQUEST=None):
    sem = sco_formsemestre.get_formsemestre(context, formsemestre_id)
    # Contrôle d'accès:
    authuser = REQUEST.AUTHENTICATED_USER
-    if not authuser.has_permission(ScoImplement, context):
+    if not authuser.has_permission(Permission.ScoImplement, context):
        if not sem["resp_can_edit"] or str(authuser) not in sem["responsables"]:
            raise AccessDenied("vous n'avez pas le droit d'effectuer cette opération")
--- a/app/views/absences.py
+++ b/app/views/absences.py
@ -95,6 +95,16 @@ from app.scodoc.sco_abs import ddmmyyyy
 CSSSTYLES = html_sco_header.BOOTSTRAP_MULTISELECT_CSS
 context = ScoDoc7Context(globals())
 def sco_publish(route, function, permission):
    """Declare a route for a python function,
    protected by permission and called following ScoDoc 7 Zope standards.
    """
    bp.route(route)(permission_required(permission)(scodoc7func(context)(function)))
 def _toboolean(x):
    "convert a value to boolean (ensure backward compat with OLD intranet code)"
    if type(x) == type(""):
--- a/app/views/notes.py
+++ b/app/views/notes.py
@ -67,68 +67,68 @@ from app.scodoc.sco_exceptions import (
    ScoGenError,
    AccessDenied,
 )
 from app.scodoc.sco_permissions import Permission, ScoImplement
 from app.scodoc.TrivialFormulator import TrivialFormulator
 import app.scodoc.htmlutils as htmlutils
 import app.scodoc.sco_excel as sco_excel
 from app.scodoc.gen_tables import GenTable
 from app.scodoc import sco_cache as sco_cache
 from app.scodoc import scolars as scolars
 from app.scodoc import sco_news as sco_news
 from app.scodoc.sco_news import NEWS_INSCR, NEWS_NOTE, NEWS_FORM, NEWS_SEM, NEWS_MISC
 from app.scodoc import sco_formsemestre as sco_formsemestre
 from app.scodoc import sco_formsemestre_edit as sco_formsemestre_edit
 from app.scodoc import sco_formsemestre_status as sco_formsemestre_status
 from app.scodoc import sco_formsemestre_inscriptions as sco_formsemestre_inscriptions
 from app.scodoc import sco_formsemestre_custommenu as sco_formsemestre_custommenu
 from app.scodoc import sco_moduleimpl as sco_moduleimpl
 from app.scodoc import sco_moduleimpl_status as sco_moduleimpl_status
 from app.scodoc import sco_moduleimpl_inscriptions as sco_moduleimpl_inscriptions
 from app.scodoc import sco_evaluations as sco_evaluations
 from app.scodoc import sco_groups as sco_groups
 from app.scodoc import sco_edit_ue as sco_edit_ue
 from app.scodoc import sco_edit_formation as sco_edit_formation
 from app.scodoc import sco_edit_matiere as sco_edit_matiere
 from app.scodoc import sco_edit_module as sco_edit_module
 from app.scodoc import sco_tag_module as sco_tag_module
 from app.scodoc import sco_bulletins as sco_bulletins
 from app.scodoc import sco_bulletins_pdf as sco_bulletins_pdf
 from app.scodoc import sco_compute_moy as sco_compute_moy
 from app.scodoc import sco_recapcomplet as sco_recapcomplet
 from app.scodoc import sco_liste_notes as sco_liste_notes
 from app.scodoc import sco_saisie_notes as sco_saisie_notes
 from app.scodoc import sco_placement as sco_placement
 from app.scodoc import sco_undo_notes as sco_undo_notes
 from app.scodoc import sco_formations as sco_formations
 from app.scodoc import sco_report as sco_report
 from app.scodoc import sco_lycee as sco_lycee
 from app.scodoc import sco_poursuite_dut as sco_poursuite_dut
 from app.scodoc import pe_view as pe_view
 from app.scodoc import sco_debouche as sco_debouche
 from app.scodoc import sco_ue_external as sco_ue_external
 from app.scodoc import sco_cost_formation as sco_cost_formation
 from app.scodoc import sco_formsemestre_validation as sco_formsemestre_validation
 from app.scodoc import sco_parcours_dut as sco_parcours_dut
 from app.scodoc import sco_codes_parcours as sco_codes_parcours
 from app.scodoc import sco_pvjury as sco_pvjury
 from app.scodoc import sco_pvpdf as sco_pvpdf
 from app.scodoc import sco_prepajury as sco_prepajury
 from app.scodoc import sco_inscr_passage as sco_inscr_passage
 from app.scodoc import sco_synchro_etuds as sco_synchro_etuds
 from app.scodoc import sco_archives as sco_archives
 from app.scodoc import sco_apogee_csv as sco_apogee_csv
 from app.scodoc import sco_etape_apogee_view as sco_etape_apogee_view
 from app.scodoc import sco_apogee_compare as sco_apogee_compare
 from app.scodoc import sco_semset as sco_semset
 from app.scodoc import sco_export_results as sco_export_results
 from app.scodoc import sco_formsemestre_exterieurs as sco_formsemestre_exterieurs
 from app.scodoc.sco_pdf import PDFLOCK
 from app.scodoc import notes_table as notes_table
 from app.scodoc.notes_table import NOTES_CACHE_INST, CacheNotesTable
 import app.scodoc.VERSION as VERSION
 from app.scodoc.sco_news import NEWS_INSCR, NEWS_NOTE, NEWS_FORM, NEWS_SEM, NEWS_MISC
 from app.scodoc.gen_tables import GenTable
 from app.scodoc.sco_permissions import Permission, ScoImplement
 from app.scodoc.TrivialFormulator import TrivialFormulator
 from app.scodoc import htmlutils
 from app.scodoc import sco_excel
 from app.scodoc import sco_cache
 from app.scodoc import scolars
 from app.scodoc import sco_news
 from app.scodoc import sco_formsemestre
 from app.scodoc import sco_formsemestre_edit
 from app.scodoc import sco_formsemestre_status
 from app.scodoc import sco_formsemestre_inscriptions
 from app.scodoc import sco_formsemestre_custommenu
 from app.scodoc import sco_moduleimpl
 from app.scodoc import sco_moduleimpl_status
 from app.scodoc import sco_moduleimpl_inscriptions
 from app.scodoc import sco_evaluations
 from app.scodoc import sco_groups
 from app.scodoc import sco_edit_ue
 from app.scodoc import sco_edit_formation
 from app.scodoc import sco_edit_matiere
 from app.scodoc import sco_edit_module
 from app.scodoc import sco_tag_module
 from app.scodoc import sco_bulletins
 from app.scodoc import sco_bulletins_pdf
 from app.scodoc import sco_compute_moy
 from app.scodoc import sco_recapcomplet
 from app.scodoc import sco_liste_notes
 from app.scodoc import sco_saisie_notes
 from app.scodoc import sco_placement
 from app.scodoc import sco_undo_notes
 from app.scodoc import sco_formations
 from app.scodoc import sco_report
 from app.scodoc import sco_lycee
 from app.scodoc import sco_poursuite_dut
 from app.scodoc import pe_view
 from app.scodoc import sco_debouche
 from app.scodoc import sco_ue_external
 from app.scodoc import sco_cost_formation
 from app.scodoc import sco_formsemestre_validation
 from app.scodoc import sco_parcours_dut
 from app.scodoc import sco_codes_parcours
 from app.scodoc import sco_pvjury
 from app.scodoc import sco_pvpdf
 from app.scodoc import sco_prepajury
 from app.scodoc import sco_inscr_passage
 from app.scodoc import sco_synchro_etuds
 from app.scodoc import sco_archives
 from app.scodoc import sco_apogee_csv
 from app.scodoc import sco_etape_apogee_view
 from app.scodoc import sco_apogee_compare
 from app.scodoc import sco_semset
 from app.scodoc import sco_export_results
 from app.scodoc import sco_formsemestre_exterieurs
 from app.scodoc import notes_table
 context = ScoDoc7Context(globals())
 def sco_publish(route, function, permission):
@ -405,7 +405,9 @@ sco_publish(
 def index_html(context, REQUEST=None):
    "Page accueil formations"
-    editable = REQUEST.AUTHENTICATED_USER.has_permission(ScoChangeFormation, context)
+    editable = REQUEST.AUTHENTICATED_USER.has_permission(
        Permission.ScoChangeFormation, g.scodoc_dept
    )
    H = [
        context.sco_header(REQUEST, page_title="Programmes formations"),
@ -435,21 +437,6 @@ def index_html(context, REQUEST=None):
 # --------------------------------------------------------------------
 # --- Formations
 _formationEditor = ndb.EditableTable(
    "notes_formations",
    "formation_id",
    (
        "formation_id",
        "acronyme",
        "titre",
        "titre_officiel",
        "version",
        "formation_code",
        "type_parcours",
        "code_specialite",
    ),
    sortkey="acronyme",
 )
@bp.route("/do_formation_create")
@ -470,7 +457,7 @@ def do_formation_create(context, args, REQUEST):
    if args.has_key("formation_code") and not args["formation_code"]:
        del args["formation_code"]
    #
-    r = context._formationEditor.create(cnx, args)
+    r = _formationEditor.create(cnx, args)
    sco_news.add(
        context,
@ -497,7 +484,7 @@ def do_formation_delete(context, oid, REQUEST):
    for ue in ues:
        context._do_ue_delete(ue["ue_id"], REQUEST=REQUEST, force=True)
-    context._formationEditor.delete(cnx, oid)
+    _formationEditor.delete(cnx, oid)
    # news
    sco_news.add(
@ -523,7 +510,7 @@ def formation_list(context, format=None, REQUEST=None, formation_id=None, args={
        else:
            args = {"formation_id": formation_id}
    cnx = context.GetDBConnexion()
-    r = context._formationEditor.list(cnx, args=args)
+    r = _formationEditor.list(cnx, args=args)
    # log('%d formations found' % len(r))
    return scu.sendResult(REQUEST, r, name="formation", format=format)
@ -2247,7 +2234,7 @@ def _evaluation_check_write_access(context, REQUEST, moduleimpl_id=None):
    sem = sco_formsemestre.get_formsemestre(context, M["formsemestre_id"])
    if (
-        (not authuser.has_permission(ScoEditAllEvals, context))
+        (not authuser.has_permission(Permission.ScoEditAllEvals, context))
        and uid != M["responsable_id"]
        and uid not in sem["responsables"]
    ):
@ -2834,7 +2821,7 @@ def appreciation_add_form(
    sem = sco_formsemestre.get_formsemestre(context, formsemestre_id)
    # check custom access permission
    can_edit_app = (str(authuser) in sem["responsables"]) or (
-        authuser.has_permission(ScoEtudInscrit, context)
+        authuser.has_permission(Permission.ScoEtudInscrit, context)
    )
    if not can_edit_app:
        raise AccessDenied("vous n'avez pas le droit d'ajouter une appreciation")
@ -2923,7 +2910,7 @@ def _can_edit_pv(context, REQUEST, formsemestre_id):
    # Autorise les secrétariats, repérés via la permission ScoEtudChangeAdr
    # (ceci nous évite d'ajouter une permission Zope aux installations existantes)
    authuser = REQUEST.AUTHENTICATED_USER
-    return authuser.has_permission(ScoEtudChangeAdr, context)
+    return authuser.has_permission(Permission.ScoEtudChangeAdr, context)
 # --- FORMULAIRE POUR VALIDATION DES UE ET SEMESTRES
@ -2939,7 +2926,7 @@ def _can_validate_sem(context, REQUEST, formsemestre_id):
 def _is_chef_or_diretud(context, REQUEST, sem):
    "Vrai si utilisateur est admin, chef dept ou responsable du semestre"
    authuser = REQUEST.AUTHENTICATED_USER
-    if authuser.has_permission(ScoImplement, context):
+    if authuser.has_permission(Permission.ScoImplement, context):
        return True  # admin, chef dept
    uid = str(authuser)
    if uid in sem["responsables"]:
--- a/app/views/scolar.py
+++ b/app/views/scolar.py
@ -88,7 +88,6 @@ from app.scodoc.sco_permissions import (
    ScoEditApo,
    ScoSuperAdmin,
 )
 import app.scodoc.sco_permissions
 from app.scodoc.sco_exceptions import (
    AccessDenied,
    ScoException,
@ -99,10 +98,9 @@ from app.scodoc.sco_exceptions import (
    ScoInvalidDept,
 )
 from app.scodoc.TrivialFormulator import TrivialFormulator, tf_error_message
-import app.scodoc.scolars
+from app.scodoc.sco_news import NEWS_INSCR, NEWS_NOTE, NEWS_FORM, NEWS_SEM, NEWS_MISC
-import app.scodoc.sco_codes_parcours
+from app.scodoc.VERSION import SCOVERSION, SCONEWS
-import app.scodoc.sco_preferences
+
 import app.scodoc.sco_formations
 from app.scodoc.scolars import (
    format_nom,
    format_prenom,
@ -111,40 +109,50 @@ from app.scodoc.scolars import (
    format_lycee_from_code,
 )
 from app.scodoc.scolars import format_telephone, format_pays, make_etud_args
 import app.scodoc.sco_find_etud
 import app.scodoc.sco_photos
 import app.scodoc.sco_formsemestre
 import app.scodoc.sco_formsemestre_edit
 import app.scodoc.sco_news
 from app.scodoc.sco_news import NEWS_INSCR, NEWS_NOTE, NEWS_FORM, NEWS_SEM, NEWS_MISC
 import app.scodoc.html_sco_header
 import app.scodoc.html_sidebar
 from app.scodoc.gen_tables import GenTable
 import app.scodoc.sco_excel
 import app.scodoc.imageresize
-import app.scodoc.ImportScolars
+from app.scodoc import scolars
-import app.scodoc.sco_abs
+from app.scodoc import sco_codes_parcours
-import app.scodoc.sco_portal_apogee
+from app.scodoc import sco_preferences
-import app.scodoc.sco_synchro_etuds
+from app.scodoc import sco_formations
-import app.scodoc.sco_page_etud
+from app.scodoc import sco_permissions
-import app.scodoc.sco_groups
+from app.scodoc import sco_find_etud
-import app.scodoc.sco_trombino
+from app.scodoc import sco_photos
-import app.scodoc.sco_groups_view
+from app.scodoc import sco_formsemestre
-import app.scodoc.sco_trombino_tours
+from app.scodoc import sco_formsemestre_edit
-import app.scodoc.sco_parcours_dut
+from app.scodoc import sco_news
-import app.scodoc.sco_report
+from app.scodoc import html_sco_header
-import app.scodoc.sco_archives_etud
+from app.scodoc import html_sidebar
-import app.scodoc.sco_debouche
+from app.scodoc import sco_excel
-import app.scodoc.sco_groups_edit
+from app.scodoc import imageresize
-import app.scodoc.sco_up_to_date
+from app.scodoc import ImportScolars
-import app.scodoc.sco_edt_cal
+from app.scodoc import sco_abs
-import app.scodoc.sco_dept
+from app.scodoc import sco_portal_apogee
-import app.scodoc.sco_dump_db
+from app.scodoc import sco_synchro_etuds
 from app.scodoc import sco_page_etud
 from app.scodoc import sco_groups
 from app.scodoc import sco_trombino
 from app.scodoc import sco_groups_view
 from app.scodoc import sco_trombino_tours
 from app.scodoc import sco_parcours_dut
 from app.scodoc import sco_report
 from app.scodoc import sco_archives_etud
 from app.scodoc import sco_debouche
 from app.scodoc import sco_groups_edit
 from app.scodoc import sco_up_to_date
 from app.scodoc import sco_edt_cal
 from app.scodoc import sco_dept
 from app.scodoc import sco_dump_db
-from app.scodoc.VERSION import SCOVERSION, SCONEWS
+
 context = ScoDoc7Context(globals())
 def sco_publish(route, function, permission):
    """Declare a route for a python function,
    protected by permission and called following ScoDoc 7 Zope standards.
    """
    bp.route(route)(permission_required(permission)(scodoc7func(context)(function)))
 log.set_log_directory(Config.INSTANCE_HOME + "/log")
@ -221,7 +229,7 @@ def formsemestre_edit_preferences(context, formsemestre_id, REQUEST):
    authuser = REQUEST.AUTHENTICATED_USER
    sem = sco_formsemestre.get_formsemestre(context.Notes, formsemestre_id)
    ok = (
-        authuser.has_permission(ScoImplement, context)
+        authuser.has_permission(Permission.ScoImplement, context)
        or ((str(authuser) in sem["responsables"]) and sem["resp_can_edit"])
    ) and (sem["etat"] == "1")
    if ok:
@ -361,7 +369,8 @@ sco_publish(
 # XMLgetEtudInfos était le nom dans l'ancienne API ScoDoc 6
-@bp.route("/etud_info", "/XMLgetEtudInfos")
+@bp.route("/etud_info")
@bp.route("/XMLgetEtudInfos")
@permission_required(Permission.ScoView)
@scodoc7func(context)
 def etud_info(context, etudid=None, format="xml", REQUEST=None):
@ -494,7 +503,7 @@ sco_publish(
 # vrai si l'utilisateur peut modifier les informations de suivi sur la page etud"
 def can_edit_suivi(context, REQUEST=None):
    authuser = REQUEST.AUTHENTICATED_USER
-    return authuser.has_permission(ScoEtudChangeAdr, context)
+    return authuser.has_permission(Permission.ScoEtudChangeAdr, context)
 sco_publish(
@ -561,8 +570,8 @@ def canSuppressAnnotation(context, annotation_id, REQUEST):
    # c'est pourquoi on teste aussi ScoEtudInscrit (normalement détenue par le chef)
    return (
        (str(authuser) == anno["zope_authenticated_user"])
-        or authuser.has_permission(ScoEtudSupprAnnotations, context)
+        or authuser.has_permission(Permission.ScoEtudSupprAnnotations, context)
-        or authuser.has_permission(ScoEtudInscrit, context)
+        or authuser.has_permission(Permission.ScoEtudInscrit, context)
    )
@ -1861,7 +1870,7 @@ def form_students_import_infos_admissions(context, REQUEST, formsemestre_id=None
    "formulaire import xls"
    authuser = REQUEST.AUTHENTICATED_USER
    F = context.sco_footer(REQUEST)
-    if not authuser.has_permission(ScoEtudInscrit, context):
+    if not authuser.has_permission(Permission.ScoEtudInscrit, context):
        # autorise juste l'export
        H = [
            context.sco_header(
--- a/refactor.py
+++ b/refactor.py
@ -16,21 +16,21 @@ Pour chaque module dans views et dans scodoc:
 from __future__ import print_function
 import re
 from pprint import pprint as pp
 import os
 import sys
 import types
-
+import tempfile
 import shutil
 import click
 import flask
-import app
+# import flask
 from app import create_app, cli, db
 from app.auth.models import User, Role, UserRole
-from config import Config
+# import app
 # from app import create_app, cli, db
 # from app.auth.models import User, Role, UserRole
-from app.views import notes
+# from app.views import notes
 TYPES_TO_SCAN = {
    types.FunctionType,
@ -61,6 +61,8 @@ def scan_views_symbols():
    """Scan modules in app.views and returns
    { }
    """
    import app
    views_modules = [
        getattr(app.views, mod_name)
        for mod_name in dir(app.views)
@ -102,6 +104,63 @@ def replace_context_calls(sourcefilename, sym2mod):
    return source2, undefined_list
-sym2mod = scan_views_symbols()
+# sym2mod = scan_views_symbols()
-source2, undefined_list = replace_context_calls("app/scodoc/sco_core.py", sym2mod)
+# source2, undefined_list = replace_context_calls("app/scodoc/sco_core.py", sym2mod)
 def list_context_calls(sourcefilename):
    """List of methods called on context in this file"""
    source = open(sourcefilename).read()
    exp = re.compile(r"context\.([a-zA-Z0-9_]+)")
    return sorted(set(exp.findall(source)))
@click.group()
 def cli():
    pass
@cli.command()
@click.argument("src_filenames", nargs=-1)
 def showcontextcalls(src_filenames):
    click.echo("Initialized the database")
    S = {}
    for sourcefilename in src_filenames:
        l = list_context_calls(sourcefilename)
        module_name = os.path.splitext(os.path.split(sourcefilename)[1])[0]
        for m in l:
            if m in S:
                S[m].append(module_name)
            else:
                S[m] = [module_name]
        #
        for method in sorted(S.keys()):
            print(method + ":\t" + ", ".join(S[method]))
@cli.command()
@click.argument("method", nargs=1)
@click.argument("module", nargs=1)
@click.argument("src_filenames", nargs=-1)
 def refactor(method, module, src_filenames):
    """Replace call context.method
    by module.method
    in all given source filenames
    """
    backup = tempfile.mkdtemp(dir="/tmp")
    for sourcefilename in src_filenames:
        print("reading %s" % sourcefilename)
        source = open(sourcefilename).read()
        source2 = source.replace("context." + method, module + "." + method)
        shutil.move(sourcefilename, backup)
        open(sourcefilename, "w").write(source2)
    print("Done.\noriginal files saved in %s\n" % backup)
 if __name__ == "__main__":
    try:
        cli(obj={})
    except SystemExit as e:
        if e.code != 0:
            raise