aurelien.plancke
/
ScoDoc
forked from ScoDoc/ScoDoc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

WIP changed has_permission

This commit is contained in:
Emmanuel Viennet 2021-06-15 15:38:38 +02:00
parent f4611af10e
commit e16b974761
28 changed files with 94 additions and 97 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
app/auth/models.py
View File

@ -10,7 +10,7 @@ import json
import os
from time import time
from flask import current_app, url_for
from flask import current_app, url_for, g
from flask_login import UserMixin, AnonymousUserMixin
from werkzeug.security import generate_password_hash, check_password_hash
@ -127,7 +127,7 @@ class User(UserMixin, db.Model):
return user
# Permissions management:
def has_permission(self, perm, dept):
def has_permission(self, perm, dept=False):
"""Check if user has permission `perm` in given `dept`.
Emulate Zope `has_permission``
@ -135,6 +135,8 @@ class User(UserMixin, db.Model):
perm: integer, one of the value defined in Permission class.
context:
"""
if dept is False:
dept = g.scodoc_dept
# les role liés à ce département, et les roles avec dept=None (super-admin)
roles_in_dept = (
UserRole.query.filter_by(user_id=self.id)

10
app/decorators.py
View File

@ -37,11 +37,13 @@ class ZRequest(object):
"Emulating Zope 2 REQUEST"
def __init__(self):
self.URL = request.base_url
self.URL = request.base_url.encode(
"utf-8"
) # necessaire pour ScoDoc 8 en Python 2
self.URL0 = self.URL
self.BASE0 = request.url_root
self.QUERY_STRING = request.query_string
self.REQUEST_METHOD = request.method
self.BASE0 = request.url_root.encode("utf-8")
self.QUERY_STRING = request.query_string.encode("utf-8")
self.REQUEST_METHOD = request.method.encode("utf-8")
self.AUTHENTICATED_USER = current_user
if request.method == "POST":
self.form = request.form

10
app/scodoc/ZScoUsers.py
View File

@ -49,15 +49,7 @@ from gen_tables import GenTable
import scolars
import sco_cache
import sco_users
from sco_permissions import (
ScoEditAllEvals,
ScoEditAllNotes,
ScoImplement,
ScoSuperAdmin,
ScoUsersAdmin,
ScoUsersView,
ScoView,
)
from sco_exceptions import (
AccessDenied,
ScoException,

2
app/scodoc/debug.py
View File

@ -86,7 +86,7 @@ class FakeUser:
def __str__(self):
return self.name
def has_permission(self, op, context):
def has_permission(self, op, dept):
return True
def has_role(self, role):

5
app/scodoc/html_sco_header.py
View File

@ -28,6 +28,7 @@
import cgi
import sco_utils as scu
from notes_log import log
import html_sidebar
import VERSION
@ -312,7 +313,9 @@ def sco_header(
# Avertissement si mot de passe à changer
if user_check:
authuser = REQUEST.AUTHENTICATED_USER
passwd_temp = context.Users.user_info(user_name=str(authuser))["passwd_temp"]
# passwd_temp = context.Users.user_info(user_name=str(authuser))["passwd_temp"]
log("XXX TODO: Users.user_info")
passwd_temp = False # XXX TODO
if passwd_temp:
H.append(
"""<div class="passwd_warn">

18
app/scodoc/html_sidebar.py
View File

@ -28,12 +28,8 @@
import sco_utils as scu
import sco_preferences
from sco_abs import getAbsSemEtud
from sco_permissions import (
ScoUsersAdmin,
ScoUsersView,
ScoChangePreferences,
ScoAbsChange,
)
from app.scodoc.sco_permissions import Permission
"""
Génération de la "sidebar" (marge gauche des pages HTML)
@ -63,14 +59,14 @@ def sidebar_common(context, REQUEST=None):
% params,
]
if authuser.has_permission(
Permission.ScoUsersAdmin, context
) or authuser.has_permission(ScoUsersView, context):
if authuser.has_permission(Permission.ScoUsersAdmin) or authuser.has_permission(
Permission.ScoUsersView
):
H.append(
"""<a href="%(UsersURL)s" class="sidebar">Utilisateurs</a> <br/>""" % params
)
if authuser.has_permission(Permission.ScoChangePreferences, context):
if authuser.has_permission(Permission.ScoChangePreferences):
H.append(
"""<a href="%(ScoURL)s/edit_preferences" class="sidebar">Paramétrage</a> <br/>"""
% params
@ -121,7 +117,7 @@ def sidebar(context, REQUEST=None):
)
H.append("<ul>")
if REQUEST.AUTHENTICATED_USER.has_permission(Permission.ScoAbsChange, context):
if REQUEST.AUTHENTICATED_USER.has_permission(Permission.ScoAbsChange):
H.append(
"""
<li> <a href="%(ScoURL)s/Absences/SignaleAbsenceEtud?etudid=%(etudid)s">Ajouter</a></li>

2
app/scodoc/notesdb.py
View File

@ -7,6 +7,8 @@ import psycopg2
import psycopg2.pool
import psycopg2.extras
import thread
import sco_utils as scu
from notes_log import log
from sco_exceptions import ScoException, ScoValueError, NoteProcessError
from types import StringType

2
app/scodoc/sco_abs_views.py
View File

@ -875,7 +875,7 @@ def index_html(context, REQUEST=None):
"""<p>Pour signaler, annuler ou justifier une absence, choisissez d'abord l'étudiant concerné:</p>"""
)
H.append(sco_find_etud.form_search_etud(context, REQUEST))
if authuser.has_permission(Permission.ScoAbsChange, context):
if authuser.has_permission(Permission.ScoAbsChange):
H.extend(
(
"""<hr/>

2
app/scodoc/sco_archives_etud.py
View File

@ -53,7 +53,7 @@ EtudsArchive = EtudsArchiver()
def can_edit_etud_archive(context, authuser):
"""True si l'utilisateur peut modifier les archives etudiantes"""
return authuser.has_permission(Permission.ScoEtudAddAnnotations, context)
return authuser.has_permission(Permission.ScoEtudAddAnnotations)
def etud_list_archives_html(context, REQUEST, etudid):

8
app/scodoc/sco_bulletins.py
View File

@ -853,7 +853,7 @@ def can_send_bulletin_by_mail(context, formsemestre_id, REQUEST):
sco_preferences.get_preference(
context, "bul_mail_allowed_for_all", formsemestre_id
)
or authuser.has_permission(Permission.ScoImplement, context)
or authuser.has_permission(Permission.ScoImplement)
or str(authuser) in sem["responsables"]
)
@ -1099,7 +1099,7 @@ def _formsemestre_bulletinetud_header_html(
"endpoint": "notes.formsemestre_edit_options",
"args": {"formsemestre_id": formsemestre_id, "target_url": qurl},
"enabled": (uid in sem["responsables"])
or authuser.has_permission(Permission.ScoImplement, context),
or authuser.has_permission(Permission.ScoImplement),
},
{
"title": 'Version papier (pdf, format "%s")'
@ -1162,7 +1162,7 @@ def _formsemestre_bulletinetud_header_html(
},
"enabled": (
(authuser in sem["responsables"])
or (authuser.has_permission(Permission.ScoEtudInscrit, context))
or (authuser.has_permission(Permission.ScoEtudInscrit))
),
},
{
@ -1172,7 +1172,7 @@ def _formsemestre_bulletinetud_header_html(
"formsemestre_id": formsemestre_id,
"etudid": etudid,
},
"enabled": authuser.has_permission(Permission.ScoImplement, context),
"enabled": authuser.has_permission(Permission.ScoImplement),
},
{
"title": "Enregistrer une validation d'UE antérieure",

2
app/scodoc/sco_debouche.py
View File

@ -32,7 +32,7 @@ from types import StringType
import safehtml
import sco_utils as scu
import ndb as ndb
import notesdb as ndb
from notes_log import log
import VERSION
from sco_exceptions import AccessDenied

4
app/scodoc/sco_dept.py
View File

@ -138,7 +138,7 @@ Chercher étape courante: <input name="etape_apo" type="text" size="8" spellchec
)
#
authuser = REQUEST.AUTHENTICATED_USER
if authuser.has_permission(Permission.ScoEtudInscrit, context):
if authuser.has_permission(Permission.ScoEtudInscrit):
H.append(
"""<hr>
<h3>Gestion des étudiants</h3>
@ -151,7 +151,7 @@ Chercher étape courante: <input name="etape_apo" type="text" size="8" spellchec
"""
)
#
if authuser.has_permission(Permission.ScoEditApo, context):
if authuser.has_permission(Permission.ScoEditApo):
H.append(
"""<hr>
<h3>Exports Apogée</h3>

6
app/scodoc/sco_edit_ue.py
View File

@ -302,7 +302,7 @@ def ue_list(context, formation_id=None, msg="", REQUEST=None):
ue_list.sort(key=lambda u: (u["semestre_id"], u["numero"]))
has_duplicate_ue_codes = len(set([ue["ue_code"] for ue in ue_list])) != len(ue_list)
perm_change = authuser.has_permission(Permission.ScoChangeFormation, context)
perm_change = authuser.has_permission(Permission.ScoChangeFormation)
# editable = (not locked) and perm_change
# On autorise maintanant la modification des formations qui ont des semestres verrouillés,
# sauf si cela affect les notes passées (verrouillées):
@ -310,7 +310,7 @@ def ue_list(context, formation_id=None, msg="", REQUEST=None):
# - pas de changement des codes d'UE utilisés dans des semestres verrouillés
editable = perm_change
tag_editable = (
authuser.has_permission(Permission.ScoEditFormationTags, context) or perm_change
authuser.has_permission(Permission.ScoEditFormationTags) or perm_change
)
if locked:
lockicon = scu.icontag("lock32_img", title="verrouillé")
@ -660,7 +660,7 @@ Si vous souhaitez modifier cette formation (par exemple pour y ajouter un module
H.append("</li>")
H.append("</ul>")
if authuser.has_permission(Permission.ScoImplement, context):
if authuser.has_permission(Permission.ScoImplement):
H.append(
"""<ul>
<li><a class="stdlink" href="formsemestre_createwithmodules?formation_id=%(formation_id)s&semestre_id=1">Mettre en place un nouveau semestre de formation %(acronyme)s</a>

2
app/scodoc/sco_find_etud.py
View File

@ -273,7 +273,7 @@ def form_search_etud_in_accessible_depts(context, REQUEST):
def can_view_dept(context, REQUEST):
"""True if auth user can access (View) this context"""
authuser = REQUEST.AUTHENTICATED_USER
return authuser.has_permission(Permission.ScoView, context)
return authuser.has_permission(Permission.ScoView)
def search_etud_in_accessible_depts(context, expnom=None, code_nip=None, REQUEST=None):

6
app/scodoc/sco_formsemestre_edit.py
View File

@ -108,7 +108,7 @@ def can_edit_sem(context, REQUEST, formsemestre_id="", sem=None):
"""Return sem if user can edit it, False otherwise"""
sem = sem or sco_formsemestre.get_formsemestre(context, formsemestre_id)
authuser = REQUEST.AUTHENTICATED_USER
if not authuser.has_permission(Permission.ScoImplement, context): # pas chef
if not authuser.has_permission(Permission.ScoImplement): # pas chef
if not sem["resp_can_edit"] or str(authuser) not in sem["responsables"]:
return False
return sem
@ -121,7 +121,7 @@ def do_formsemestre_createwithmodules(context, REQUEST=None, edit=False):
formsemestre_id = REQUEST.form["formsemestre_id"]
sem = sco_formsemestre.get_formsemestre(context, formsemestre_id)
authuser = REQUEST.AUTHENTICATED_USER
if not authuser.has_permission(Permission.ScoImplement, context):
if not authuser.has_permission(Permission.ScoImplement):
if not edit:
# il faut ScoImplement pour creer un semestre
raise AccessDenied("vous n'avez pas le droit d'effectuer cette opération")
@ -437,7 +437,7 @@ def do_formsemestre_createwithmodules(context, REQUEST=None, edit=False):
},
),
]
if authuser.has_permission(Permission.ScoImplement, context):
if authuser.has_permission(Permission.ScoImplement):
modform += [
(
"resp_can_edit",

28
app/scodoc/sco_formsemestre_status.py
View File

@ -163,7 +163,7 @@ def formsemestre_status_menubar(context, sem, REQUEST):
% sem,
"args": {"formsemestre_id": formsemestre_id},
"enabled": (
authuser.has_permission(Permission.ScoImplement, context)
authuser.has_permission(Permission.ScoImplement)
or (
str(REQUEST.AUTHENTICATED_USER) in sem["responsables"]
and sem["resp_can_edit"]
@ -177,7 +177,7 @@ def formsemestre_status_menubar(context, sem, REQUEST):
"endpoint": "notes.formsemestre_edit_preferences",
"args": {"formsemestre_id": formsemestre_id},
"enabled": (
authuser.has_permission(Permission.ScoImplement, context)
authuser.has_permission(Permission.ScoImplement)
or (
str(REQUEST.AUTHENTICATED_USER) in sem["responsables"]
and sem["resp_can_edit"]
@ -191,7 +191,7 @@ def formsemestre_status_menubar(context, sem, REQUEST):
"endpoint": "notes.formsemestre_edit_options",
"args": {"formsemestre_id": formsemestre_id},
"enabled": (uid in sem["responsables"])
or authuser.has_permission(Permission.ScoImplement, context),
or authuser.has_permission(Permission.ScoImplement),
"helpmsg": "Change les options",
},
{
@ -199,7 +199,7 @@ def formsemestre_status_menubar(context, sem, REQUEST):
"endpoint": "notes.formsemestre_change_lock",
"args": {"formsemestre_id": formsemestre_id},
"enabled": (uid in sem["responsables"])
or authuser.has_permission(Permission.ScoImplement, context),
or authuser.has_permission(Permission.ScoImplement),
"helpmsg": "",
},
{
@ -227,14 +227,14 @@ def formsemestre_status_menubar(context, sem, REQUEST):
"title": "Cloner ce semestre",
"endpoint": "notes.formsemestre_clone",
"args": {"formsemestre_id": formsemestre_id},
"enabled": authuser.has_permission(Permission.ScoImplement, context),
"enabled": authuser.has_permission(Permission.ScoImplement),
"helpmsg": "",
},
{
"title": "Associer à une nouvelle version du programme",
"endpoint": "notes.formsemestre_associate_new_version",
"args": {"formsemestre_id": formsemestre_id},
"enabled": authuser.has_permission(Permission.ScoChangeFormation, context)
"enabled": authuser.has_permission(Permission.ScoChangeFormation)
and (sem["etat"] == "1"),
"helpmsg": "",
},
@ -242,7 +242,7 @@ def formsemestre_status_menubar(context, sem, REQUEST):
"title": "Supprimer ce semestre",
"endpoint": "notes.formsemestre_delete",
"args": {"formsemestre_id": formsemestre_id},
"enabled": authuser.has_permission(Permission.ScoImplement, context),
"enabled": authuser.has_permission(Permission.ScoImplement),
"helpmsg": "",
},
]
@ -269,14 +269,14 @@ def formsemestre_status_menubar(context, sem, REQUEST):
"title": "Passage des étudiants depuis d'autres semestres",
"endpoint": "notes.formsemestre_inscr_passage",
"args": {"formsemestre_id": formsemestre_id},
"enabled": authuser.has_permission(Permission.ScoEtudInscrit, context)
"enabled": authuser.has_permission(Permission.ScoEtudInscrit)
and (sem["etat"] == "1"),
},
{
"title": "Synchroniser avec étape Apogée",
"endpoint": "notes.formsemestre_synchro_etuds",
"args": {"formsemestre_id": formsemestre_id},
"enabled": authuser.has_permission(Permission.ScoView, context)
"enabled": authuser.has_permission(Permission.ScoView)
and sco_preferences.get_preference(context, "portal_url")
and (sem["etat"] == "1"),
},
@ -284,27 +284,27 @@ def formsemestre_status_menubar(context, sem, REQUEST):
"title": "Inscrire un étudiant",
"endpoint": "notes.formsemestre_inscription_with_modules_etud",
"args": {"formsemestre_id": formsemestre_id},
"enabled": authuser.has_permission(Permission.ScoEtudInscrit, context)
"enabled": authuser.has_permission(Permission.ScoEtudInscrit)
and (sem["etat"] == "1"),
},
{
"title": "Importer des étudiants dans ce semestre (table Excel)",
"endpoint": "notes.form_students_import_excel",
"args": {"formsemestre_id": formsemestre_id},
"enabled": authuser.has_permission(Permission.ScoEtudInscrit, context)
"enabled": authuser.has_permission(Permission.ScoEtudInscrit)
and (sem["etat"] == "1"),
},
{
"title": "Import/export des données admission",
"endpoint": "notes.form_students_import_infos_admissions",
"args": {"formsemestre_id": formsemestre_id},
"enabled": authuser.has_permission(Permission.ScoView, context),
"enabled": authuser.has_permission(Permission.ScoView),
},
{
"title": "Resynchroniser données identité",
"endpoint": "notes.formsemestre_import_etud_admission",
"args": {"formsemestre_id": formsemestre_id},
"enabled": authuser.has_permission(Permission.ScoEtudChangeAdr, context)
"enabled": authuser.has_permission(Permission.ScoEtudChangeAdr)
and sco_preferences.get_preference(context, "portal_url"),
},
{
@ -772,7 +772,7 @@ def _make_listes_sem(context, sem, REQUEST=None, with_absences=True):
#
H = []
# pas de menu absences si pas autorise:
if with_absences and not authuser.has_permission(Permission.ScoAbsChange, context):
if with_absences and not authuser.has_permission(Permission.ScoAbsChange):
with_absences = False
#

2
app/scodoc/sco_groups.py
View File

@ -62,7 +62,7 @@ def can_change_groups(context, REQUEST, formsemestre_id):
if sem["etat"] != "1":
return False # semestre verrouillé
authuser = REQUEST.AUTHENTICATED_USER
if authuser.has_permission(Permission.ScoEtudChangeGroups, context):
if authuser.has_permission(Permission.ScoEtudChangeGroups):
return True # admin, chef dept
uid = str(authuser)
if uid in sem["responsables"]:

8
app/scodoc/sco_groups_view.py
View File

@ -855,13 +855,13 @@ def tab_absences_html(context, groups_infos, etat=None, REQUEST=None):
# Lien pour verif codes INE/NIP
# (pour tous les etudiants du semestre)
group_id = sco_groups.get_default_group(context, groups_infos.formsemestre_id)
if authuser.has_permission(Permission.ScoEtudInscrit, context):
if authuser.has_permission(Permission.ScoEtudInscrit):
H.append(
'<li><a class="stdlink" href="check_group_apogee?group_id=%s&etat=%s">Vérifier codes Apogée</a> (de tous les groupes)</li>'
% (group_id, etat or "")
)
# Lien pour ajout fichiers étudiants
if authuser.has_permission(Permission.ScoEtudAddAnnotations, context):
if authuser.has_permission(Permission.ScoEtudAddAnnotations):
H.append(
"""<li><a class="stdlink" href="etudarchive_import_files_form?group_id=%s">Télécharger des fichiers associés aux étudiants (e.g. dossiers d'admission)</a></li>"""
% (group_id)
@ -884,7 +884,7 @@ def form_choix_jour_saisie_hebdo(
):
"""Formulaire choix jour semaine pour saisie."""
authuser = REQUEST.AUTHENTICATED_USER
if not authuser.has_permission(Permission.ScoAbsChange, context):
if not authuser.has_permission(Permission.ScoAbsChange):
return ""
sem = groups_infos.formsemestre
first_monday = sco_abs.ddmmyyyy(sem["date_debut"]).prev_monday()
@ -925,7 +925,7 @@ def form_choix_jour_saisie_hebdo(
# Formulaire saisie absences semaine
def form_choix_saisie_semaine(context, groups_infos, REQUEST=None):
authuser = REQUEST.AUTHENTICATED_USER
if not authuser.has_permission(Permission.ScoAbsChange, context):
if not authuser.has_permission(Permission.ScoAbsChange):
return ""
# construit l'URL "destination"
# (a laquelle on revient apres saisie absences)

4
app/scodoc/sco_moduleimpl.py
View File

@ -311,7 +311,7 @@ def can_change_module_resp(context, REQUEST, moduleimpl_id):
authuser = REQUEST.AUTHENTICATED_USER
uid = str(authuser)
# admin ou resp. semestre avec flag resp_can_change_resp
if not authuser.has_permission(Permission.ScoImplement, context) and (
if not authuser.has_permission(Permission.ScoImplement) and (
(uid not in sem["responsables"]) or (not sem["resp_can_change_ens"])
):
raise AccessDenied("Modification impossible pour %s" % uid)
@ -334,7 +334,7 @@ def can_change_ens(context, REQUEST, moduleimpl_id, raise_exc=True):
# admin, resp. module ou resp. semestre
if (
uid != M["responsable_id"]
and not authuser.has_permission(Permission.ScoImplement, context)
and not authuser.has_permission(Permission.ScoImplement)
and (uid not in sem["responsables"])
):
if raise_exc:

3
app/scodoc/sco_moduleimpl_inscriptions.py
View File

@ -247,8 +247,7 @@ def moduleimpl_inscriptions_stats(context, formsemestre_id, REQUEST=None):
)
can_change = (
authuser.has_permission(Permission.ScoEtudInscrit, context)
and sem["etat"] == "1"
authuser.has_permission(Permission.ScoEtudInscrit) and sem["etat"] == "1"
)
# Liste des modules

2
app/scodoc/sco_moduleimpl_status.py
View File

@ -241,7 +241,7 @@ def moduleimpl_status(context, moduleimpl_id=None, partition_id=None, REQUEST=No
"""<tr><td class="fichetitre2">Inscrits: </td><td> %d étudiants"""
% len(ModInscrits)
)
if authuser.has_permission(Permission.ScoEtudInscrit, context):
if authuser.has_permission(Permission.ScoEtudInscrit):
H.append(
"""<a class="stdlink" style="margin-left:2em;" href="moduleimpl_inscriptions_edit?moduleimpl_id=%s">modifier</a>"""
% M["moduleimpl_id"]

26
app/scodoc/sco_page_etud.py
View File

@ -68,7 +68,7 @@ def _menuScolarite(context, authuser, sem, etudid):
return lockicon # no menu
if not authuser.has_permission(
ScoEtudInscrit, context
) and not authuser.has_permission(Permission.ScoEtudChangeGroups, context):
) and not authuser.has_permission(Permission.ScoEtudChangeGroups):
return "" # no menu
ins = sem["ins"]
args = {"etudid": etudid, "formsemestre_id": ins["formsemestre_id"]}
@ -89,7 +89,7 @@ def _menuScolarite(context, authuser, sem, etudid):
def_url = "doCancelDef"
def_enabled = (
(ins["etat"] != "D")
and authuser.has_permission(Permission.ScoEtudInscrit, context)
and authuser.has_permission(Permission.ScoEtudInscrit)
and not locked
)
items = [
@ -97,14 +97,14 @@ def _menuScolarite(context, authuser, sem, etudid):
"title": dem_title,
"endpoint": dem_url,
"args": args,
"enabled": authuser.has_permission(Permission.ScoEtudInscrit, context)
"enabled": authuser.has_permission(Permission.ScoEtudInscrit)
and not locked,
},
{
"title": "Validation du semestre (jury)",
"endpoint": "notes.formsemestre_validation_etud_form",
"args": args,
"enabled": authuser.has_permission(Permission.ScoEtudInscrit, context)
"enabled": authuser.has_permission(Permission.ScoEtudInscrit)
and not locked,
},
{"title": def_title, "endpoint": def_url, "enabled": def_enabled},
@ -112,25 +112,25 @@ def _menuScolarite(context, authuser, sem, etudid):
"title": "Inscrire à un module optionnel (ou au sport)",
"endpoint": "notes.formsemestre_inscription_option",
"args": args,
"enabled": authuser.has_permission(Permission.ScoEtudInscrit, context)
"enabled": authuser.has_permission(Permission.ScoEtudInscrit)
and not locked,
},
{
"title": "Désinscrire (en cas d'erreur)",
"endpoint": "notes.formsemestre_desinscription",
"enabled": authuser.has_permission(Permission.ScoEtudInscrit, context)
"enabled": authuser.has_permission(Permission.ScoEtudInscrit)
and not locked,
},
{
"title": "Inscrire à un autre semestre",
"endpoint": "notes.formsemestre_inscription_with_modules_form",
"args": {"etudid": etudid},
"enabled": authuser.has_permission(Permission.ScoEtudInscrit, context),
"enabled": authuser.has_permission(Permission.ScoEtudInscrit),
},
{
"title": "Enregistrer un semestre effectué ailleurs",
"endpoint": "notes.formsemestre_ext_create_form",
"enabled": authuser.has_permission(Permission.ScoImplement, context),
"enabled": authuser.has_permission(Permission.ScoImplement),
},
]
@ -196,7 +196,7 @@ def ficheEtud(context, etudid=None, REQUEST=None):
else:
info["emaillink"] = "<em>(pas d'adresse e-mail)</em>"
# champs dependant des permissions
if authuser.has_permission(Permission.ScoEtudChangeAdr, context):
if authuser.has_permission(Permission.ScoEtudChangeAdr):
info["modifadresse"] = (
'<a class="stdlink" href="formChangeCoordonnees?etudid=%s">modifier adresse</a>'
% etudid
@ -262,7 +262,7 @@ def ficheEtud(context, etudid=None, REQUEST=None):
else:
# non inscrit
l = ["<p><b>Etudiant%s non inscrit%s" % (info["ne"], info["ne"])]
if authuser.has_permission(Permission.ScoEtudInscrit, context):
if authuser.has_permission(Permission.ScoEtudInscrit):
l.append(
'<a href="%s/Notes/formsemestre_inscription_with_modules_form?etudid=%s">inscrire</a></li>'
% (scu.ScoURL(), etudid)
@ -510,19 +510,19 @@ def menus_etud(context, REQUEST=None):
"title": "Changer la photo",
"endpoint": "scolar.formChangePhoto",
"args": {"etudid": etud["etudid"]},
"enabled": authuser.has_permission(Permission.ScoEtudChangeAdr, context),
"enabled": authuser.has_permission(Permission.ScoEtudChangeAdr),
},
{
"title": "Changer les données identité/admission",
"endpoint": "scolar.etudident_edit_form",
"args": {"etudid": etud["etudid"]},
"enabled": authuser.has_permission(Permission.ScoEtudInscrit, context),
"enabled": authuser.has_permission(Permission.ScoEtudInscrit),
},
{
"title": "Supprimer cet étudiant...",
"endpoint": "scolar.etudident_delete",
"args": {"etudid": etud["etudid"]},
"enabled": authuser.has_permission(Permission.ScoEtudInscrit, context),
"enabled": authuser.has_permission(Permission.ScoEtudInscrit),
},
{
"title": "Voir le journal...",

19
app/scodoc/sco_permissions.py
View File

@ -5,10 +5,6 @@
used by auth
"""
import notesdb as ndb
import scolars
import sco_formsemestre
# Définition des permissions: ne pas changer les numéros ou l'ordre des lignes !
_SCO_PERMISSIONS = (
# permission bit, symbol, description
@ -63,6 +59,11 @@ class Permission:
Permission.init_permissions()
import notesdb as ndb
import scolars
import sco_formsemestre
def can_suppress_annotation(context, annotation_id, REQUEST):
"""True if current user can suppress this annotation
Seuls l'auteur de l'annotation et le chef de dept peuvent supprimer
@ -78,15 +79,15 @@ def can_suppress_annotation(context, annotation_id, REQUEST):
# c'est pourquoi on teste aussi ScoEtudInscrit (normalement détenue par le chef)
return (
(str(authuser) == anno["zope_authenticated_user"])
or authuser.has_permission(Permission.ScoEtudSupprAnnotations, context)
or authuser.has_permission(Permission.ScoEtudInscrit, context)
or authuser.has_permission(Permission.ScoEtudSupprAnnotations)
or authuser.has_permission(Permission.ScoEtudInscrit)
)
def can_edit_suivi(context, REQUEST=None):
"""Vrai si l'utilisateur peut modifier les informations de suivi sur la page etud" """
authuser = REQUEST.AUTHENTICATED_USER
return authuser.has_permission(Permission.ScoEtudChangeAdr, context)
return authuser.has_permission(Permission.ScoEtudChangeAdr)
def can_validate_sem(context, REQUEST, formsemestre_id):
@ -107,13 +108,13 @@ def can_edit_pv(context, REQUEST, formsemestre_id):
# Autorise les secrétariats, repérés via la permission ScoEtudChangeAdr
# (ceci nous évite d'ajouter une permission Zope aux installations existantes)
authuser = REQUEST.AUTHENTICATED_USER
return authuser.has_permission(Permission.ScoEtudChangeAdr, context)
return authuser.has_permission(Permission.ScoEtudChangeAdr)
def is_chef_or_diretud(context, REQUEST, sem):
"Vrai si utilisateur est admin, chef dept ou responsable du semestre"
authuser = REQUEST.AUTHENTICATED_USER
if authuser.has_permission(Permission.ScoImplement, context):
if authuser.has_permission(Permission.ScoImplement):
return True # admin, chef dept
uid = str(authuser)
if uid in sem["responsables"]:

4
app/scodoc/sco_saisie_notes.py
View File

@ -76,12 +76,12 @@ def can_edit_notes(context, authuser, moduleimpl_id, allow_ens=True):
if sco_parcours_dut.formsemestre_has_decisions(context, sem["formsemestre_id"]):
# il y a des décisions de jury dans ce semestre !
return (
authuser.has_permission(Permission.ScoEditAllNotes, context)
authuser.has_permission(Permission.ScoEditAllNotes)
or uid in sem["responsables"]
)
else:
if (
(not authuser.has_permission(Permission.ScoEditAllNotes, context))
(not authuser.has_permission(Permission.ScoEditAllNotes))
and uid != M["responsable_id"]
and uid not in sem["responsables"]
):

2
app/scodoc/sco_synchro_etuds.py
View File

@ -91,7 +91,7 @@ def formsemestre_synchro_etuds(
sem["etape_apo_str"] = sco_formsemestre.formsemestre_etape_apo_str(sem)
# Write access ?
authuser = REQUEST.AUTHENTICATED_USER
if not authuser.has_permission(Permission.ScoEtudInscrit, context):
if not authuser.has_permission(Permission.ScoEtudInscrit):
read_only = True
if read_only:
submitted = False

2
app/scodoc/sco_tag_module.py
View File

@ -237,7 +237,7 @@ def module_tag_set(context, module_id="", taglist=[], REQUEST=None):
authuser = REQUEST.AUTHENTICATED_USER
tag_editable = authuser.has_permission(
ScoEditFormationTags, context
) or authuser.has_permission(Permission.ScoChangeFormation, context)
) or authuser.has_permission(Permission.ScoChangeFormation)
if not tag_editable:
raise AccessDenied("Modification des tags impossible pour %s" % authuser)
#

4
app/scodoc/sco_ue_external.py
View File

@ -81,7 +81,7 @@ def external_ue_create(
sem = sco_formsemestre.get_formsemestre(context, formsemestre_id)
# Contrôle d'accès:
authuser = REQUEST.AUTHENTICATED_USER
if not authuser.has_permission(Permission.ScoImplement, context):
if not authuser.has_permission(Permission.ScoImplement):
if not sem["resp_can_edit"] or str(authuser) not in sem["responsables"]:
raise AccessDenied("vous n'avez pas le droit d'effectuer cette opération")
#
@ -210,7 +210,7 @@ def external_ue_create_form(context, formsemestre_id, etudid, REQUEST=None):
sem = sco_formsemestre.get_formsemestre(context, formsemestre_id)
# Contrôle d'accès:
authuser = REQUEST.AUTHENTICATED_USER
if not authuser.has_permission(Permission.ScoImplement, context):
if not authuser.has_permission(Permission.ScoImplement):
if not sem["resp_can_edit"] or str(authuser) not in sem["responsables"]:
raise AccessDenied("vous n'avez pas le droit d'effectuer cette opération")

2
app/scodoc/sco_utils.py
View File

@ -330,7 +330,7 @@ def get_dept_id():
def get_db_cnx_string():
return "SCO" + g.scodoc_dept
return "dbname=SCO" + g.scodoc_dept
def ScoURL():