From e16b974761004a4178b61af4446d8d663b54507d Mon Sep 17 00:00:00 2001
From: Emmanuel Viennet <emmanuel.viennet@gmail.com>
Date: Tue, 15 Jun 2021 15:38:38 +0200
Subject: [PATCH] WIP changed has_permission

---
 app/auth/models.py                        |  6 +++--
 app/decorators.py                         | 10 ++++----
 app/scodoc/ZScoUsers.py                   | 10 +-------
 app/scodoc/debug.py                       |  2 +-
 app/scodoc/html_sco_header.py             |  5 +++-
 app/scodoc/html_sidebar.py                | 18 ++++++---------
 app/scodoc/notesdb.py                     |  2 ++
 app/scodoc/sco_abs_views.py               |  2 +-
 app/scodoc/sco_archives_etud.py           |  2 +-
 app/scodoc/sco_bulletins.py               |  8 +++----
 app/scodoc/sco_debouche.py                |  2 +-
 app/scodoc/sco_dept.py                    |  4 ++--
 app/scodoc/sco_edit_ue.py                 |  6 ++---
 app/scodoc/sco_find_etud.py               |  2 +-
 app/scodoc/sco_formsemestre_edit.py       |  6 ++---
 app/scodoc/sco_formsemestre_status.py     | 28 +++++++++++------------
 app/scodoc/sco_groups.py                  |  2 +-
 app/scodoc/sco_groups_view.py             |  8 +++----
 app/scodoc/sco_moduleimpl.py              |  4 ++--
 app/scodoc/sco_moduleimpl_inscriptions.py |  3 +--
 app/scodoc/sco_moduleimpl_status.py       |  2 +-
 app/scodoc/sco_page_etud.py               | 26 ++++++++++-----------
 app/scodoc/sco_permissions.py             | 19 +++++++--------
 app/scodoc/sco_saisie_notes.py            |  4 ++--
 app/scodoc/sco_synchro_etuds.py           |  2 +-
 app/scodoc/sco_tag_module.py              |  2 +-
 app/scodoc/sco_ue_external.py             |  4 ++--
 app/scodoc/sco_utils.py                   |  2 +-
 28 files changed, 94 insertions(+), 97 deletions(-)

diff --git a/app/auth/models.py b/app/auth/models.py
index 57622ba8..85b9243b 100644
--- a/app/auth/models.py
+++ b/app/auth/models.py
@@ -10,7 +10,7 @@ import json
 import os
 from time import time
 
-from flask import current_app, url_for
+from flask import current_app, url_for, g
 from flask_login import UserMixin, AnonymousUserMixin
 from werkzeug.security import generate_password_hash, check_password_hash
 
@@ -127,7 +127,7 @@ class User(UserMixin, db.Model):
         return user
 
     # Permissions management:
-    def has_permission(self, perm, dept):
+    def has_permission(self, perm, dept=False):
         """Check if user has permission `perm` in given `dept`.
         Emulate Zope `has_permission``
 
@@ -135,6 +135,8 @@ class User(UserMixin, db.Model):
             perm: integer, one of the value defined in Permission class.
             context:
         """
+        if dept is False:
+            dept = g.scodoc_dept
         # les role liés à ce département, et les roles avec dept=None (super-admin)
         roles_in_dept = (
             UserRole.query.filter_by(user_id=self.id)
diff --git a/app/decorators.py b/app/decorators.py
index 93feccc7..e4867cd2 100644
--- a/app/decorators.py
+++ b/app/decorators.py
@@ -37,11 +37,13 @@ class ZRequest(object):
     "Emulating Zope 2 REQUEST"
 
     def __init__(self):
-        self.URL = request.base_url
+        self.URL = request.base_url.encode(
+            "utf-8"
+        )  # necessaire pour ScoDoc 8 en Python 2
         self.URL0 = self.URL
-        self.BASE0 = request.url_root
-        self.QUERY_STRING = request.query_string
-        self.REQUEST_METHOD = request.method
+        self.BASE0 = request.url_root.encode("utf-8")
+        self.QUERY_STRING = request.query_string.encode("utf-8")
+        self.REQUEST_METHOD = request.method.encode("utf-8")
         self.AUTHENTICATED_USER = current_user
         if request.method == "POST":
             self.form = request.form
diff --git a/app/scodoc/ZScoUsers.py b/app/scodoc/ZScoUsers.py
index 8429bd66..6f226a94 100644
--- a/app/scodoc/ZScoUsers.py
+++ b/app/scodoc/ZScoUsers.py
@@ -49,15 +49,7 @@ from gen_tables import GenTable
 import scolars
 import sco_cache
 import sco_users
-from sco_permissions import (
-    ScoEditAllEvals,
-    ScoEditAllNotes,
-    ScoImplement,
-    ScoSuperAdmin,
-    ScoUsersAdmin,
-    ScoUsersView,
-    ScoView,
-)
+
 from sco_exceptions import (
     AccessDenied,
     ScoException,
diff --git a/app/scodoc/debug.py b/app/scodoc/debug.py
index 48e992b7..feb315ee 100644
--- a/app/scodoc/debug.py
+++ b/app/scodoc/debug.py
@@ -86,7 +86,7 @@ class FakeUser:
     def __str__(self):
         return self.name
 
-    def has_permission(self, op, context):
+    def has_permission(self, op, dept):
         return True
 
     def has_role(self, role):
diff --git a/app/scodoc/html_sco_header.py b/app/scodoc/html_sco_header.py
index c45b25bb..13ad4186 100644
--- a/app/scodoc/html_sco_header.py
+++ b/app/scodoc/html_sco_header.py
@@ -28,6 +28,7 @@
 import cgi
 
 import sco_utils as scu
+from notes_log import log
 import html_sidebar
 import VERSION
 
@@ -312,7 +313,9 @@ def sco_header(
     # Avertissement si mot de passe à changer
     if user_check:
         authuser = REQUEST.AUTHENTICATED_USER
-        passwd_temp = context.Users.user_info(user_name=str(authuser))["passwd_temp"]
+        # passwd_temp = context.Users.user_info(user_name=str(authuser))["passwd_temp"]
+        log("XXX TODO: Users.user_info")
+        passwd_temp = False  # XXX  TODO
         if passwd_temp:
             H.append(
                 """<div class="passwd_warn">
diff --git a/app/scodoc/html_sidebar.py b/app/scodoc/html_sidebar.py
index 49569cc8..ef397345 100644
--- a/app/scodoc/html_sidebar.py
+++ b/app/scodoc/html_sidebar.py
@@ -28,12 +28,8 @@
 import sco_utils as scu
 import sco_preferences
 from sco_abs import getAbsSemEtud
-from sco_permissions import (
-    ScoUsersAdmin,
-    ScoUsersView,
-    ScoChangePreferences,
-    ScoAbsChange,
-)
+from app.scodoc.sco_permissions import Permission
+
 
 """
 Génération de la "sidebar" (marge gauche des pages HTML)
@@ -63,14 +59,14 @@ def sidebar_common(context, REQUEST=None):
         % params,
     ]
 
-    if authuser.has_permission(
-        Permission.ScoUsersAdmin, context
-    ) or authuser.has_permission(ScoUsersView, context):
+    if authuser.has_permission(Permission.ScoUsersAdmin) or authuser.has_permission(
+        Permission.ScoUsersView
+    ):
         H.append(
             """<a href="%(UsersURL)s" class="sidebar">Utilisateurs</a> <br/>""" % params
         )
 
-    if authuser.has_permission(Permission.ScoChangePreferences, context):
+    if authuser.has_permission(Permission.ScoChangePreferences):
         H.append(
             """<a href="%(ScoURL)s/edit_preferences" class="sidebar">Paramétrage</a> <br/>"""
             % params
@@ -121,7 +117,7 @@ def sidebar(context, REQUEST=None):
             )
 
         H.append("<ul>")
-        if REQUEST.AUTHENTICATED_USER.has_permission(Permission.ScoAbsChange, context):
+        if REQUEST.AUTHENTICATED_USER.has_permission(Permission.ScoAbsChange):
             H.append(
                 """
 <li>     <a href="%(ScoURL)s/Absences/SignaleAbsenceEtud?etudid=%(etudid)s">Ajouter</a></li>
diff --git a/app/scodoc/notesdb.py b/app/scodoc/notesdb.py
index 9be117d6..5a4ca9df 100644
--- a/app/scodoc/notesdb.py
+++ b/app/scodoc/notesdb.py
@@ -7,6 +7,8 @@ import psycopg2
 import psycopg2.pool
 import psycopg2.extras
 import thread
+
+import sco_utils as scu
 from notes_log import log
 from sco_exceptions import ScoException, ScoValueError, NoteProcessError
 from types import StringType
diff --git a/app/scodoc/sco_abs_views.py b/app/scodoc/sco_abs_views.py
index 446a83fe..3775784f 100644
--- a/app/scodoc/sco_abs_views.py
+++ b/app/scodoc/sco_abs_views.py
@@ -875,7 +875,7 @@ def index_html(context, REQUEST=None):
             """<p>Pour signaler, annuler ou justifier une absence, choisissez d'abord l'étudiant concerné:</p>"""
         )
         H.append(sco_find_etud.form_search_etud(context, REQUEST))
-        if authuser.has_permission(Permission.ScoAbsChange, context):
+        if authuser.has_permission(Permission.ScoAbsChange):
             H.extend(
                 (
                     """<hr/>
diff --git a/app/scodoc/sco_archives_etud.py b/app/scodoc/sco_archives_etud.py
index 22015d4d..f376f516 100644
--- a/app/scodoc/sco_archives_etud.py
+++ b/app/scodoc/sco_archives_etud.py
@@ -53,7 +53,7 @@ EtudsArchive = EtudsArchiver()
 
 def can_edit_etud_archive(context, authuser):
     """True si l'utilisateur peut modifier les archives etudiantes"""
-    return authuser.has_permission(Permission.ScoEtudAddAnnotations, context)
+    return authuser.has_permission(Permission.ScoEtudAddAnnotations)
 
 
 def etud_list_archives_html(context, REQUEST, etudid):
diff --git a/app/scodoc/sco_bulletins.py b/app/scodoc/sco_bulletins.py
index 9eae0b8d..c594d891 100644
--- a/app/scodoc/sco_bulletins.py
+++ b/app/scodoc/sco_bulletins.py
@@ -853,7 +853,7 @@ def can_send_bulletin_by_mail(context, formsemestre_id, REQUEST):
         sco_preferences.get_preference(
             context, "bul_mail_allowed_for_all", formsemestre_id
         )
-        or authuser.has_permission(Permission.ScoImplement, context)
+        or authuser.has_permission(Permission.ScoImplement)
         or str(authuser) in sem["responsables"]
     )
 
@@ -1099,7 +1099,7 @@ def _formsemestre_bulletinetud_header_html(
             "endpoint": "notes.formsemestre_edit_options",
             "args": {"formsemestre_id": formsemestre_id, "target_url": qurl},
             "enabled": (uid in sem["responsables"])
-            or authuser.has_permission(Permission.ScoImplement, context),
+            or authuser.has_permission(Permission.ScoImplement),
         },
         {
             "title": 'Version papier (pdf, format "%s")'
@@ -1162,7 +1162,7 @@ def _formsemestre_bulletinetud_header_html(
             },
             "enabled": (
                 (authuser in sem["responsables"])
-                or (authuser.has_permission(Permission.ScoEtudInscrit, context))
+                or (authuser.has_permission(Permission.ScoEtudInscrit))
             ),
         },
         {
@@ -1172,7 +1172,7 @@ def _formsemestre_bulletinetud_header_html(
                 "formsemestre_id": formsemestre_id,
                 "etudid": etudid,
             },
-            "enabled": authuser.has_permission(Permission.ScoImplement, context),
+            "enabled": authuser.has_permission(Permission.ScoImplement),
         },
         {
             "title": "Enregistrer une validation d'UE antérieure",
diff --git a/app/scodoc/sco_debouche.py b/app/scodoc/sco_debouche.py
index 2b4347d0..450f2ce7 100644
--- a/app/scodoc/sco_debouche.py
+++ b/app/scodoc/sco_debouche.py
@@ -32,7 +32,7 @@ from types import StringType
 import safehtml
 
 import sco_utils as scu
-import ndb as ndb
+import notesdb as ndb
 from notes_log import log
 import VERSION
 from sco_exceptions import AccessDenied
diff --git a/app/scodoc/sco_dept.py b/app/scodoc/sco_dept.py
index 715eaced..8d422a75 100644
--- a/app/scodoc/sco_dept.py
+++ b/app/scodoc/sco_dept.py
@@ -138,7 +138,7 @@ Chercher étape courante: <input name="etape_apo" type="text" size="8" spellchec
     )
     #
     authuser = REQUEST.AUTHENTICATED_USER
-    if authuser.has_permission(Permission.ScoEtudInscrit, context):
+    if authuser.has_permission(Permission.ScoEtudInscrit):
         H.append(
             """<hr>
         <h3>Gestion des étudiants</h3>
@@ -151,7 +151,7 @@ Chercher étape courante: <input name="etape_apo" type="text" size="8" spellchec
         """
         )
     #
-    if authuser.has_permission(Permission.ScoEditApo, context):
+    if authuser.has_permission(Permission.ScoEditApo):
         H.append(
             """<hr>
         <h3>Exports Apogée</h3>
diff --git a/app/scodoc/sco_edit_ue.py b/app/scodoc/sco_edit_ue.py
index d4c6584d..a6adf4f7 100644
--- a/app/scodoc/sco_edit_ue.py
+++ b/app/scodoc/sco_edit_ue.py
@@ -302,7 +302,7 @@ def ue_list(context, formation_id=None, msg="", REQUEST=None):
     ue_list.sort(key=lambda u: (u["semestre_id"], u["numero"]))
     has_duplicate_ue_codes = len(set([ue["ue_code"] for ue in ue_list])) != len(ue_list)
 
-    perm_change = authuser.has_permission(Permission.ScoChangeFormation, context)
+    perm_change = authuser.has_permission(Permission.ScoChangeFormation)
     # editable = (not locked) and perm_change
     # On autorise maintanant la modification des formations qui ont des semestres verrouillés,
     # sauf si cela affect les notes passées (verrouillées):
@@ -310,7 +310,7 @@ def ue_list(context, formation_id=None, msg="", REQUEST=None):
     #   - pas de changement des codes d'UE utilisés dans des semestres verrouillés
     editable = perm_change
     tag_editable = (
-        authuser.has_permission(Permission.ScoEditFormationTags, context) or perm_change
+        authuser.has_permission(Permission.ScoEditFormationTags) or perm_change
     )
     if locked:
         lockicon = scu.icontag("lock32_img", title="verrouillé")
@@ -660,7 +660,7 @@ Si vous souhaitez modifier cette formation (par exemple pour y ajouter un module
             H.append("</li>")
         H.append("</ul>")
 
-    if authuser.has_permission(Permission.ScoImplement, context):
+    if authuser.has_permission(Permission.ScoImplement):
         H.append(
             """<ul>
         <li><a class="stdlink" href="formsemestre_createwithmodules?formation_id=%(formation_id)s&semestre_id=1">Mettre en place un nouveau semestre de formation %(acronyme)s</a>
diff --git a/app/scodoc/sco_find_etud.py b/app/scodoc/sco_find_etud.py
index 32174799..676680d5 100644
--- a/app/scodoc/sco_find_etud.py
+++ b/app/scodoc/sco_find_etud.py
@@ -273,7 +273,7 @@ def form_search_etud_in_accessible_depts(context, REQUEST):
 def can_view_dept(context, REQUEST):
     """True if auth user can access (View) this context"""
     authuser = REQUEST.AUTHENTICATED_USER
-    return authuser.has_permission(Permission.ScoView, context)
+    return authuser.has_permission(Permission.ScoView)
 
 
 def search_etud_in_accessible_depts(context, expnom=None, code_nip=None, REQUEST=None):
diff --git a/app/scodoc/sco_formsemestre_edit.py b/app/scodoc/sco_formsemestre_edit.py
index b426997f..2452e455 100644
--- a/app/scodoc/sco_formsemestre_edit.py
+++ b/app/scodoc/sco_formsemestre_edit.py
@@ -108,7 +108,7 @@ def can_edit_sem(context, REQUEST, formsemestre_id="", sem=None):
     """Return sem if user can edit it, False otherwise"""
     sem = sem or sco_formsemestre.get_formsemestre(context, formsemestre_id)
     authuser = REQUEST.AUTHENTICATED_USER
-    if not authuser.has_permission(Permission.ScoImplement, context):  # pas chef
+    if not authuser.has_permission(Permission.ScoImplement):  # pas chef
         if not sem["resp_can_edit"] or str(authuser) not in sem["responsables"]:
             return False
     return sem
@@ -121,7 +121,7 @@ def do_formsemestre_createwithmodules(context, REQUEST=None, edit=False):
         formsemestre_id = REQUEST.form["formsemestre_id"]
         sem = sco_formsemestre.get_formsemestre(context, formsemestre_id)
     authuser = REQUEST.AUTHENTICATED_USER
-    if not authuser.has_permission(Permission.ScoImplement, context):
+    if not authuser.has_permission(Permission.ScoImplement):
         if not edit:
             # il faut ScoImplement pour creer un semestre
             raise AccessDenied("vous n'avez pas le droit d'effectuer cette opération")
@@ -437,7 +437,7 @@ def do_formsemestre_createwithmodules(context, REQUEST=None, edit=False):
             },
         ),
     ]
-    if authuser.has_permission(Permission.ScoImplement, context):
+    if authuser.has_permission(Permission.ScoImplement):
         modform += [
             (
                 "resp_can_edit",
diff --git a/app/scodoc/sco_formsemestre_status.py b/app/scodoc/sco_formsemestre_status.py
index e993bc33..78eba04c 100644
--- a/app/scodoc/sco_formsemestre_status.py
+++ b/app/scodoc/sco_formsemestre_status.py
@@ -163,7 +163,7 @@ def formsemestre_status_menubar(context, sem, REQUEST):
             % sem,
             "args": {"formsemestre_id": formsemestre_id},
             "enabled": (
-                authuser.has_permission(Permission.ScoImplement, context)
+                authuser.has_permission(Permission.ScoImplement)
                 or (
                     str(REQUEST.AUTHENTICATED_USER) in sem["responsables"]
                     and sem["resp_can_edit"]
@@ -177,7 +177,7 @@ def formsemestre_status_menubar(context, sem, REQUEST):
             "endpoint": "notes.formsemestre_edit_preferences",
             "args": {"formsemestre_id": formsemestre_id},
             "enabled": (
-                authuser.has_permission(Permission.ScoImplement, context)
+                authuser.has_permission(Permission.ScoImplement)
                 or (
                     str(REQUEST.AUTHENTICATED_USER) in sem["responsables"]
                     and sem["resp_can_edit"]
@@ -191,7 +191,7 @@ def formsemestre_status_menubar(context, sem, REQUEST):
             "endpoint": "notes.formsemestre_edit_options",
             "args": {"formsemestre_id": formsemestre_id},
             "enabled": (uid in sem["responsables"])
-            or authuser.has_permission(Permission.ScoImplement, context),
+            or authuser.has_permission(Permission.ScoImplement),
             "helpmsg": "Change les options",
         },
         {
@@ -199,7 +199,7 @@ def formsemestre_status_menubar(context, sem, REQUEST):
             "endpoint": "notes.formsemestre_change_lock",
             "args": {"formsemestre_id": formsemestre_id},
             "enabled": (uid in sem["responsables"])
-            or authuser.has_permission(Permission.ScoImplement, context),
+            or authuser.has_permission(Permission.ScoImplement),
             "helpmsg": "",
         },
         {
@@ -227,14 +227,14 @@ def formsemestre_status_menubar(context, sem, REQUEST):
             "title": "Cloner ce semestre",
             "endpoint": "notes.formsemestre_clone",
             "args": {"formsemestre_id": formsemestre_id},
-            "enabled": authuser.has_permission(Permission.ScoImplement, context),
+            "enabled": authuser.has_permission(Permission.ScoImplement),
             "helpmsg": "",
         },
         {
             "title": "Associer à une nouvelle version du programme",
             "endpoint": "notes.formsemestre_associate_new_version",
             "args": {"formsemestre_id": formsemestre_id},
-            "enabled": authuser.has_permission(Permission.ScoChangeFormation, context)
+            "enabled": authuser.has_permission(Permission.ScoChangeFormation)
             and (sem["etat"] == "1"),
             "helpmsg": "",
         },
@@ -242,7 +242,7 @@ def formsemestre_status_menubar(context, sem, REQUEST):
             "title": "Supprimer ce semestre",
             "endpoint": "notes.formsemestre_delete",
             "args": {"formsemestre_id": formsemestre_id},
-            "enabled": authuser.has_permission(Permission.ScoImplement, context),
+            "enabled": authuser.has_permission(Permission.ScoImplement),
             "helpmsg": "",
         },
     ]
@@ -269,14 +269,14 @@ def formsemestre_status_menubar(context, sem, REQUEST):
             "title": "Passage des étudiants depuis d'autres semestres",
             "endpoint": "notes.formsemestre_inscr_passage",
             "args": {"formsemestre_id": formsemestre_id},
-            "enabled": authuser.has_permission(Permission.ScoEtudInscrit, context)
+            "enabled": authuser.has_permission(Permission.ScoEtudInscrit)
             and (sem["etat"] == "1"),
         },
         {
             "title": "Synchroniser avec étape Apogée",
             "endpoint": "notes.formsemestre_synchro_etuds",
             "args": {"formsemestre_id": formsemestre_id},
-            "enabled": authuser.has_permission(Permission.ScoView, context)
+            "enabled": authuser.has_permission(Permission.ScoView)
             and sco_preferences.get_preference(context, "portal_url")
             and (sem["etat"] == "1"),
         },
@@ -284,27 +284,27 @@ def formsemestre_status_menubar(context, sem, REQUEST):
             "title": "Inscrire un étudiant",
             "endpoint": "notes.formsemestre_inscription_with_modules_etud",
             "args": {"formsemestre_id": formsemestre_id},
-            "enabled": authuser.has_permission(Permission.ScoEtudInscrit, context)
+            "enabled": authuser.has_permission(Permission.ScoEtudInscrit)
             and (sem["etat"] == "1"),
         },
         {
             "title": "Importer des étudiants dans ce semestre (table Excel)",
             "endpoint": "notes.form_students_import_excel",
             "args": {"formsemestre_id": formsemestre_id},
-            "enabled": authuser.has_permission(Permission.ScoEtudInscrit, context)
+            "enabled": authuser.has_permission(Permission.ScoEtudInscrit)
             and (sem["etat"] == "1"),
         },
         {
             "title": "Import/export des données admission",
             "endpoint": "notes.form_students_import_infos_admissions",
             "args": {"formsemestre_id": formsemestre_id},
-            "enabled": authuser.has_permission(Permission.ScoView, context),
+            "enabled": authuser.has_permission(Permission.ScoView),
         },
         {
             "title": "Resynchroniser données identité",
             "endpoint": "notes.formsemestre_import_etud_admission",
             "args": {"formsemestre_id": formsemestre_id},
-            "enabled": authuser.has_permission(Permission.ScoEtudChangeAdr, context)
+            "enabled": authuser.has_permission(Permission.ScoEtudChangeAdr)
             and sco_preferences.get_preference(context, "portal_url"),
         },
         {
@@ -772,7 +772,7 @@ def _make_listes_sem(context, sem, REQUEST=None, with_absences=True):
     #
     H = []
     # pas de menu absences si pas autorise:
-    if with_absences and not authuser.has_permission(Permission.ScoAbsChange, context):
+    if with_absences and not authuser.has_permission(Permission.ScoAbsChange):
         with_absences = False
 
     #
diff --git a/app/scodoc/sco_groups.py b/app/scodoc/sco_groups.py
index 04d1379e..7bc3ac17 100644
--- a/app/scodoc/sco_groups.py
+++ b/app/scodoc/sco_groups.py
@@ -62,7 +62,7 @@ def can_change_groups(context, REQUEST, formsemestre_id):
     if sem["etat"] != "1":
         return False  # semestre verrouillé
     authuser = REQUEST.AUTHENTICATED_USER
-    if authuser.has_permission(Permission.ScoEtudChangeGroups, context):
+    if authuser.has_permission(Permission.ScoEtudChangeGroups):
         return True  # admin, chef dept
     uid = str(authuser)
     if uid in sem["responsables"]:
diff --git a/app/scodoc/sco_groups_view.py b/app/scodoc/sco_groups_view.py
index 20386e8c..9af18a48 100644
--- a/app/scodoc/sco_groups_view.py
+++ b/app/scodoc/sco_groups_view.py
@@ -855,13 +855,13 @@ def tab_absences_html(context, groups_infos, etat=None, REQUEST=None):
     # Lien pour verif codes INE/NIP
     # (pour tous les etudiants du semestre)
     group_id = sco_groups.get_default_group(context, groups_infos.formsemestre_id)
-    if authuser.has_permission(Permission.ScoEtudInscrit, context):
+    if authuser.has_permission(Permission.ScoEtudInscrit):
         H.append(
             '<li><a class="stdlink" href="check_group_apogee?group_id=%s&etat=%s">Vérifier codes Apogée</a> (de tous les groupes)</li>'
             % (group_id, etat or "")
         )
     # Lien pour ajout fichiers étudiants
-    if authuser.has_permission(Permission.ScoEtudAddAnnotations, context):
+    if authuser.has_permission(Permission.ScoEtudAddAnnotations):
         H.append(
             """<li><a class="stdlink" href="etudarchive_import_files_form?group_id=%s">Télécharger des fichiers associés aux étudiants (e.g. dossiers d'admission)</a></li>"""
             % (group_id)
@@ -884,7 +884,7 @@ def form_choix_jour_saisie_hebdo(
 ):
     """Formulaire choix jour semaine pour saisie."""
     authuser = REQUEST.AUTHENTICATED_USER
-    if not authuser.has_permission(Permission.ScoAbsChange, context):
+    if not authuser.has_permission(Permission.ScoAbsChange):
         return ""
     sem = groups_infos.formsemestre
     first_monday = sco_abs.ddmmyyyy(sem["date_debut"]).prev_monday()
@@ -925,7 +925,7 @@ def form_choix_jour_saisie_hebdo(
 # Formulaire saisie absences semaine
 def form_choix_saisie_semaine(context, groups_infos, REQUEST=None):
     authuser = REQUEST.AUTHENTICATED_USER
-    if not authuser.has_permission(Permission.ScoAbsChange, context):
+    if not authuser.has_permission(Permission.ScoAbsChange):
         return ""
     # construit l'URL "destination"
     # (a laquelle on revient apres saisie absences)
diff --git a/app/scodoc/sco_moduleimpl.py b/app/scodoc/sco_moduleimpl.py
index 8000988f..31bb0e88 100644
--- a/app/scodoc/sco_moduleimpl.py
+++ b/app/scodoc/sco_moduleimpl.py
@@ -311,7 +311,7 @@ def can_change_module_resp(context, REQUEST, moduleimpl_id):
     authuser = REQUEST.AUTHENTICATED_USER
     uid = str(authuser)
     # admin ou resp. semestre avec flag resp_can_change_resp
-    if not authuser.has_permission(Permission.ScoImplement, context) and (
+    if not authuser.has_permission(Permission.ScoImplement) and (
         (uid not in sem["responsables"]) or (not sem["resp_can_change_ens"])
     ):
         raise AccessDenied("Modification impossible pour %s" % uid)
@@ -334,7 +334,7 @@ def can_change_ens(context, REQUEST, moduleimpl_id, raise_exc=True):
     # admin, resp. module ou resp. semestre
     if (
         uid != M["responsable_id"]
-        and not authuser.has_permission(Permission.ScoImplement, context)
+        and not authuser.has_permission(Permission.ScoImplement)
         and (uid not in sem["responsables"])
     ):
         if raise_exc:
diff --git a/app/scodoc/sco_moduleimpl_inscriptions.py b/app/scodoc/sco_moduleimpl_inscriptions.py
index d8614405..d3d768e7 100644
--- a/app/scodoc/sco_moduleimpl_inscriptions.py
+++ b/app/scodoc/sco_moduleimpl_inscriptions.py
@@ -247,8 +247,7 @@ def moduleimpl_inscriptions_stats(context, formsemestre_id, REQUEST=None):
     )
 
     can_change = (
-        authuser.has_permission(Permission.ScoEtudInscrit, context)
-        and sem["etat"] == "1"
+        authuser.has_permission(Permission.ScoEtudInscrit) and sem["etat"] == "1"
     )
 
     # Liste des modules
diff --git a/app/scodoc/sco_moduleimpl_status.py b/app/scodoc/sco_moduleimpl_status.py
index 03c8db3e..43ed95a9 100644
--- a/app/scodoc/sco_moduleimpl_status.py
+++ b/app/scodoc/sco_moduleimpl_status.py
@@ -241,7 +241,7 @@ def moduleimpl_status(context, moduleimpl_id=None, partition_id=None, REQUEST=No
         """<tr><td class="fichetitre2">Inscrits: </td><td> %d étudiants"""
         % len(ModInscrits)
     )
-    if authuser.has_permission(Permission.ScoEtudInscrit, context):
+    if authuser.has_permission(Permission.ScoEtudInscrit):
         H.append(
             """<a class="stdlink" style="margin-left:2em;" href="moduleimpl_inscriptions_edit?moduleimpl_id=%s">modifier</a>"""
             % M["moduleimpl_id"]
diff --git a/app/scodoc/sco_page_etud.py b/app/scodoc/sco_page_etud.py
index 0b4f3998..7272f051 100644
--- a/app/scodoc/sco_page_etud.py
+++ b/app/scodoc/sco_page_etud.py
@@ -68,7 +68,7 @@ def _menuScolarite(context, authuser, sem, etudid):
         return lockicon  # no menu
     if not authuser.has_permission(
         ScoEtudInscrit, context
-    ) and not authuser.has_permission(Permission.ScoEtudChangeGroups, context):
+    ) and not authuser.has_permission(Permission.ScoEtudChangeGroups):
         return ""  # no menu
     ins = sem["ins"]
     args = {"etudid": etudid, "formsemestre_id": ins["formsemestre_id"]}
@@ -89,7 +89,7 @@ def _menuScolarite(context, authuser, sem, etudid):
         def_url = "doCancelDef"
     def_enabled = (
         (ins["etat"] != "D")
-        and authuser.has_permission(Permission.ScoEtudInscrit, context)
+        and authuser.has_permission(Permission.ScoEtudInscrit)
         and not locked
     )
     items = [
@@ -97,14 +97,14 @@ def _menuScolarite(context, authuser, sem, etudid):
             "title": dem_title,
             "endpoint": dem_url,
             "args": args,
-            "enabled": authuser.has_permission(Permission.ScoEtudInscrit, context)
+            "enabled": authuser.has_permission(Permission.ScoEtudInscrit)
             and not locked,
         },
         {
             "title": "Validation du semestre (jury)",
             "endpoint": "notes.formsemestre_validation_etud_form",
             "args": args,
-            "enabled": authuser.has_permission(Permission.ScoEtudInscrit, context)
+            "enabled": authuser.has_permission(Permission.ScoEtudInscrit)
             and not locked,
         },
         {"title": def_title, "endpoint": def_url, "enabled": def_enabled},
@@ -112,25 +112,25 @@ def _menuScolarite(context, authuser, sem, etudid):
             "title": "Inscrire à un module optionnel (ou au sport)",
             "endpoint": "notes.formsemestre_inscription_option",
             "args": args,
-            "enabled": authuser.has_permission(Permission.ScoEtudInscrit, context)
+            "enabled": authuser.has_permission(Permission.ScoEtudInscrit)
             and not locked,
         },
         {
             "title": "Désinscrire (en cas d'erreur)",
             "endpoint": "notes.formsemestre_desinscription",
-            "enabled": authuser.has_permission(Permission.ScoEtudInscrit, context)
+            "enabled": authuser.has_permission(Permission.ScoEtudInscrit)
             and not locked,
         },
         {
             "title": "Inscrire à un autre semestre",
             "endpoint": "notes.formsemestre_inscription_with_modules_form",
             "args": {"etudid": etudid},
-            "enabled": authuser.has_permission(Permission.ScoEtudInscrit, context),
+            "enabled": authuser.has_permission(Permission.ScoEtudInscrit),
         },
         {
             "title": "Enregistrer un semestre effectué ailleurs",
             "endpoint": "notes.formsemestre_ext_create_form",
-            "enabled": authuser.has_permission(Permission.ScoImplement, context),
+            "enabled": authuser.has_permission(Permission.ScoImplement),
         },
     ]
 
@@ -196,7 +196,7 @@ def ficheEtud(context, etudid=None, REQUEST=None):
     else:
         info["emaillink"] = "<em>(pas d'adresse e-mail)</em>"
     # champs dependant des permissions
-    if authuser.has_permission(Permission.ScoEtudChangeAdr, context):
+    if authuser.has_permission(Permission.ScoEtudChangeAdr):
         info["modifadresse"] = (
             '<a class="stdlink" href="formChangeCoordonnees?etudid=%s">modifier adresse</a>'
             % etudid
@@ -262,7 +262,7 @@ def ficheEtud(context, etudid=None, REQUEST=None):
     else:
         # non inscrit
         l = ["<p><b>Etudiant%s non inscrit%s" % (info["ne"], info["ne"])]
-        if authuser.has_permission(Permission.ScoEtudInscrit, context):
+        if authuser.has_permission(Permission.ScoEtudInscrit):
             l.append(
                 '<a href="%s/Notes/formsemestre_inscription_with_modules_form?etudid=%s">inscrire</a></li>'
                 % (scu.ScoURL(), etudid)
@@ -510,19 +510,19 @@ def menus_etud(context, REQUEST=None):
             "title": "Changer la photo",
             "endpoint": "scolar.formChangePhoto",
             "args": {"etudid": etud["etudid"]},
-            "enabled": authuser.has_permission(Permission.ScoEtudChangeAdr, context),
+            "enabled": authuser.has_permission(Permission.ScoEtudChangeAdr),
         },
         {
             "title": "Changer les données identité/admission",
             "endpoint": "scolar.etudident_edit_form",
             "args": {"etudid": etud["etudid"]},
-            "enabled": authuser.has_permission(Permission.ScoEtudInscrit, context),
+            "enabled": authuser.has_permission(Permission.ScoEtudInscrit),
         },
         {
             "title": "Supprimer cet étudiant...",
             "endpoint": "scolar.etudident_delete",
             "args": {"etudid": etud["etudid"]},
-            "enabled": authuser.has_permission(Permission.ScoEtudInscrit, context),
+            "enabled": authuser.has_permission(Permission.ScoEtudInscrit),
         },
         {
             "title": "Voir le journal...",
diff --git a/app/scodoc/sco_permissions.py b/app/scodoc/sco_permissions.py
index 4bdd29a3..5787dc14 100644
--- a/app/scodoc/sco_permissions.py
+++ b/app/scodoc/sco_permissions.py
@@ -5,10 +5,6 @@
     used by auth
 """
 
-import notesdb as ndb
-import scolars
-import sco_formsemestre
-
 # Définition des permissions: ne pas changer les numéros ou l'ordre des lignes !
 _SCO_PERMISSIONS = (
     # permission bit, symbol, description
@@ -63,6 +59,11 @@ class Permission:
 Permission.init_permissions()
 
 
+import notesdb as ndb
+import scolars
+import sco_formsemestre
+
+
 def can_suppress_annotation(context, annotation_id, REQUEST):
     """True if current user can suppress this annotation
     Seuls l'auteur de l'annotation et le chef de dept peuvent supprimer
@@ -78,15 +79,15 @@ def can_suppress_annotation(context, annotation_id, REQUEST):
     # c'est pourquoi on teste aussi ScoEtudInscrit (normalement détenue par le chef)
     return (
         (str(authuser) == anno["zope_authenticated_user"])
-        or authuser.has_permission(Permission.ScoEtudSupprAnnotations, context)
-        or authuser.has_permission(Permission.ScoEtudInscrit, context)
+        or authuser.has_permission(Permission.ScoEtudSupprAnnotations)
+        or authuser.has_permission(Permission.ScoEtudInscrit)
     )
 
 
 def can_edit_suivi(context, REQUEST=None):
     """Vrai si l'utilisateur peut modifier les informations de suivi sur la page etud" """
     authuser = REQUEST.AUTHENTICATED_USER
-    return authuser.has_permission(Permission.ScoEtudChangeAdr, context)
+    return authuser.has_permission(Permission.ScoEtudChangeAdr)
 
 
 def can_validate_sem(context, REQUEST, formsemestre_id):
@@ -107,13 +108,13 @@ def can_edit_pv(context, REQUEST, formsemestre_id):
     # Autorise les secrétariats, repérés via la permission ScoEtudChangeAdr
     # (ceci nous évite d'ajouter une permission Zope aux installations existantes)
     authuser = REQUEST.AUTHENTICATED_USER
-    return authuser.has_permission(Permission.ScoEtudChangeAdr, context)
+    return authuser.has_permission(Permission.ScoEtudChangeAdr)
 
 
 def is_chef_or_diretud(context, REQUEST, sem):
     "Vrai si utilisateur est admin, chef dept ou responsable du semestre"
     authuser = REQUEST.AUTHENTICATED_USER
-    if authuser.has_permission(Permission.ScoImplement, context):
+    if authuser.has_permission(Permission.ScoImplement):
         return True  # admin, chef dept
     uid = str(authuser)
     if uid in sem["responsables"]:
diff --git a/app/scodoc/sco_saisie_notes.py b/app/scodoc/sco_saisie_notes.py
index 1329d11a..732952ca 100644
--- a/app/scodoc/sco_saisie_notes.py
+++ b/app/scodoc/sco_saisie_notes.py
@@ -76,12 +76,12 @@ def can_edit_notes(context, authuser, moduleimpl_id, allow_ens=True):
     if sco_parcours_dut.formsemestre_has_decisions(context, sem["formsemestre_id"]):
         # il y a des décisions de jury dans ce semestre !
         return (
-            authuser.has_permission(Permission.ScoEditAllNotes, context)
+            authuser.has_permission(Permission.ScoEditAllNotes)
             or uid in sem["responsables"]
         )
     else:
         if (
-            (not authuser.has_permission(Permission.ScoEditAllNotes, context))
+            (not authuser.has_permission(Permission.ScoEditAllNotes))
             and uid != M["responsable_id"]
             and uid not in sem["responsables"]
         ):
diff --git a/app/scodoc/sco_synchro_etuds.py b/app/scodoc/sco_synchro_etuds.py
index 68ceb2c8..71bd12a3 100644
--- a/app/scodoc/sco_synchro_etuds.py
+++ b/app/scodoc/sco_synchro_etuds.py
@@ -91,7 +91,7 @@ def formsemestre_synchro_etuds(
     sem["etape_apo_str"] = sco_formsemestre.formsemestre_etape_apo_str(sem)
     # Write access ?
     authuser = REQUEST.AUTHENTICATED_USER
-    if not authuser.has_permission(Permission.ScoEtudInscrit, context):
+    if not authuser.has_permission(Permission.ScoEtudInscrit):
         read_only = True
     if read_only:
         submitted = False
diff --git a/app/scodoc/sco_tag_module.py b/app/scodoc/sco_tag_module.py
index a8c1a8c4..074a85ad 100644
--- a/app/scodoc/sco_tag_module.py
+++ b/app/scodoc/sco_tag_module.py
@@ -237,7 +237,7 @@ def module_tag_set(context, module_id="", taglist=[], REQUEST=None):
         authuser = REQUEST.AUTHENTICATED_USER
         tag_editable = authuser.has_permission(
             ScoEditFormationTags, context
-        ) or authuser.has_permission(Permission.ScoChangeFormation, context)
+        ) or authuser.has_permission(Permission.ScoChangeFormation)
         if not tag_editable:
             raise AccessDenied("Modification des tags impossible pour %s" % authuser)
     #
diff --git a/app/scodoc/sco_ue_external.py b/app/scodoc/sco_ue_external.py
index 51855dd6..faf8d066 100644
--- a/app/scodoc/sco_ue_external.py
+++ b/app/scodoc/sco_ue_external.py
@@ -81,7 +81,7 @@ def external_ue_create(
     sem = sco_formsemestre.get_formsemestre(context, formsemestre_id)
     # Contrôle d'accès:
     authuser = REQUEST.AUTHENTICATED_USER
-    if not authuser.has_permission(Permission.ScoImplement, context):
+    if not authuser.has_permission(Permission.ScoImplement):
         if not sem["resp_can_edit"] or str(authuser) not in sem["responsables"]:
             raise AccessDenied("vous n'avez pas le droit d'effectuer cette opération")
     #
@@ -210,7 +210,7 @@ def external_ue_create_form(context, formsemestre_id, etudid, REQUEST=None):
     sem = sco_formsemestre.get_formsemestre(context, formsemestre_id)
     # Contrôle d'accès:
     authuser = REQUEST.AUTHENTICATED_USER
-    if not authuser.has_permission(Permission.ScoImplement, context):
+    if not authuser.has_permission(Permission.ScoImplement):
         if not sem["resp_can_edit"] or str(authuser) not in sem["responsables"]:
             raise AccessDenied("vous n'avez pas le droit d'effectuer cette opération")
 
diff --git a/app/scodoc/sco_utils.py b/app/scodoc/sco_utils.py
index 43b87929..aec571c4 100644
--- a/app/scodoc/sco_utils.py
+++ b/app/scodoc/sco_utils.py
@@ -330,7 +330,7 @@ def get_dept_id():
 
 
 def get_db_cnx_string():
-    return "SCO" + g.scodoc_dept
+    return "dbname=SCO" + g.scodoc_dept
 
 
 def ScoURL():