forked from ScoDoc/ScoDoc
Restreint l'accès aux annotations via l'API à la permission ViewEtudData
This commit is contained in:
parent
6ae2b0eb5f
commit
e989a4ffa8
@ -519,7 +519,7 @@ class Identite(models.ScoDocModel):
|
|||||||
e.pop("departement", None)
|
e.pop("departement", None)
|
||||||
e["sort_key"] = self.sort_key
|
e["sort_key"] = self.sort_key
|
||||||
e["annotations"] = [
|
e["annotations"] = [
|
||||||
annot.to_dict()
|
annot.to_dict(restrict=restrict)
|
||||||
for annot in EtudAnnotation.query.filter_by(etudid=self.id).order_by(
|
for annot in EtudAnnotation.query.filter_by(etudid=self.id).order_by(
|
||||||
desc(EtudAnnotation.date)
|
desc(EtudAnnotation.date)
|
||||||
)
|
)
|
||||||
@ -1082,10 +1082,14 @@ class EtudAnnotation(db.Model):
|
|||||||
author = db.Column(db.Text) # le pseudo (user_name), was zope_authenticated_user
|
author = db.Column(db.Text) # le pseudo (user_name), was zope_authenticated_user
|
||||||
comment = db.Column(db.Text)
|
comment = db.Column(db.Text)
|
||||||
|
|
||||||
def to_dict(self):
|
protected_attrs = {"comment"}
|
||||||
"""Représentation dictionnaire."""
|
|
||||||
|
def to_dict(self, restrict=False):
|
||||||
|
"""Représentation dictionnaire. Si restrict, filtre les champs protégés (RGPD)."""
|
||||||
e = dict(self.__dict__)
|
e = dict(self.__dict__)
|
||||||
e.pop("_sa_instance_state", None)
|
e.pop("_sa_instance_state", None)
|
||||||
|
if restrict:
|
||||||
|
e = {k: v for (k, v) in e.items() if k not in self.protected_attrs}
|
||||||
return e
|
return e
|
||||||
|
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user