fixes: lien params seulement pour admin, type passage étudiants, log sources ips

2021-09-15 15:19:08 +02:00 · 2021-09-15 15:19:08 +02:00 · 8a16216d4b
parent 96f457260f
commit 8a16216d4b
5 changed files with 20 additions and 13 deletions
--- a/app/init.py
+++ b/app/init.py
@ -2,6 +2,7 @@
 # pylint: disable=invalid-name

 import os
+import re
 import socket
 import sys
 import time
@ -103,7 +104,9 @@ class LogExceptionFormatter(logging.Formatter):
    def format(self, record):
        if has_request_context():
            record.url = request.url
-            record.remote_addr = request.remote_addr
+            record.remote_addr = request.environ.get(
+                "HTTP_X_FORWARDED_FOR", request.remote_addr
+            )
            record.http_referrer = request.referrer
            record.http_method = request.method
            if request.method == "GET":
--- a/app/scodoc/sco_inscr_passage.py
+++ b/app/scodoc/sco_inscr_passage.py
@ -149,7 +149,7 @@ def list_inscrits_date(sem):
        """SELECT ins.etudid
        FROM
            notes_formsemestre_inscription ins,
-            notes_formsemestre S,
+            notes_formsemestre S
        WHERE ins.formsemestre_id = S.id
        AND S.id != %(formsemestre_id)s
        AND S.date_debut <= %(date_debut_iso)s
--- a/app/scodoc/sco_preferences.py
+++ b/app/scodoc/sco_preferences.py
@ -112,6 +112,7 @@ get_base_preferences(formsemestre_id)
 """
 import flask
 from flask import g, url_for
+from flask_login import current_user

 from app.models import Departement
 from app.scodoc import sco_cache
@ -2022,7 +2023,9 @@ class BasePreferences(object):
            html_sco_header.sco_header(page_title="Préférences"),
            "<h2>Préférences globales pour %s</h2>" % scu.ScoURL(),
            f"""<p><a href="{url_for("scolar.config_logos", scodoc_dept=g.scodoc_dept)
-            }">modification des logos du département (pour documents pdf)</a></p>""",
+            }">modification des logos du département (pour documents pdf)</a></p>"""
+            if current_user.is_administrator()
+            else "",
            """<p class="help">Ces paramètres s'appliquent par défaut à tous les semestres, sauf si ceux-ci définissent des valeurs spécifiques.</p>
              <p class="msg">Attention: cliquez sur "Enregistrer les modifications" en bas de page pour appliquer vos changements !</p>
              """,
@ -2253,7 +2256,7 @@ function set_global_pref(el, pref_name) {

 #
 def doc_preferences():
-    """ Liste les preferences en MarkDown, pour la documentation"""
+    """Liste les preferences en MarkDown, pour la documentation"""
    L = []
    for cat, cat_descr in PREF_CATEGORIES:
        L.append([""])
--- a/app/scodoc/sco_saisie_notes.py
+++ b/app/scodoc/sco_saisie_notes.py
@ -494,9 +494,10 @@ def _notes_add(user, evaluation_id: int, notes: list, comment=None, do_it=True):
                        }
                        ndb.quote_dict(aa)
                        cursor.execute(
-                            """INSERT INTO notes_notes 
-                            (etudid,evaluation_id,value,comment,date,uid) 
-                            VALUES (%(etudid)s,%(evaluation_id)s,%(value)s,%(comment)s,%(date)s,%(uid)s)""",
+                            """INSERT INTO notes_notes
+                            (etudid, evaluation_id, value, comment, date, uid)
+                            VALUES (%(etudid)s,%(evaluation_id)s,%(value)s,%(comment)s,%(date)s,%(uid)s)
+                            """,
                            aa,
                        )
                    changed = True
@ -515,10 +516,10 @@ def _notes_add(user, evaluation_id: int, notes: list, comment=None, do_it=True):
                    # recopie l'ancienne note dans notes_notes_log, puis update
                    if do_it:
                        cursor.execute(
-                            """INSERT INTO notes_notes_log 
+                            """INSERT INTO notes_notes_log
                                (etudid,evaluation_id,value,comment,date,uid) 
                            SELECT etudid, evaluation_id, value, comment, date, uid
-                            FROM notes_notes 
+                            FROM notes_notes
                            WHERE etudid=%(etudid)s 
                            and evaluation_id=%(evaluation_id)s
                            """,
@ -536,8 +537,8 @@ def _notes_add(user, evaluation_id: int, notes: list, comment=None, do_it=True):
                    if value != scu.NOTES_SUPPRESS:
                        if do_it:
                            cursor.execute(
-                                """UPDATE notes_notes 
-                                SET value=%(value)s, comment=%(comment)s, date=%(date)s, uid=%(uid)s 
+                                """UPDATE notes_notes
+                                SET value=%(value)s, comment=%(comment)s, date=%(date)s, uid=%(uid)s
                                WHERE etudid = %(etudid)s 
                                and evaluation_id = %(evaluation_id)s
                                """,
@ -550,7 +551,7 @@ def _notes_add(user, evaluation_id: int, notes: list, comment=None, do_it=True):
                                % (evaluation_id, etudid, oldval)
                            )
                            cursor.execute(
-                                """DELETE FROM notes_notes 
+                                """DELETE FROM notes_notes
                                WHERE etudid = %(etudid)s 
                                AND evaluation_id = %(evaluation_id)s
                                """,
--- a/sco_version.py
+++ b/sco_version.py
@ -1,7 +1,7 @@
 # -*- mode: python -*-
 # -*- coding: utf-8 -*-

-SCOVERSION = "9.0.24"
+SCOVERSION = "9.0.25"

 SCONAME = "ScoDoc"