WIP changed has_permission
This commit is contained in:
parent
f4611af10e
commit
e16b974761
@ -10,7 +10,7 @@ import json
|
||||
import os
|
||||
from time import time
|
||||
|
||||
from flask import current_app, url_for
|
||||
from flask import current_app, url_for, g
|
||||
from flask_login import UserMixin, AnonymousUserMixin
|
||||
from werkzeug.security import generate_password_hash, check_password_hash
|
||||
|
||||
@ -127,7 +127,7 @@ class User(UserMixin, db.Model):
|
||||
return user
|
||||
|
||||
# Permissions management:
|
||||
def has_permission(self, perm, dept):
|
||||
def has_permission(self, perm, dept=False):
|
||||
"""Check if user has permission `perm` in given `dept`.
|
||||
Emulate Zope `has_permission``
|
||||
|
||||
@ -135,6 +135,8 @@ class User(UserMixin, db.Model):
|
||||
perm: integer, one of the value defined in Permission class.
|
||||
context:
|
||||
"""
|
||||
if dept is False:
|
||||
dept = g.scodoc_dept
|
||||
# les role liés à ce département, et les roles avec dept=None (super-admin)
|
||||
roles_in_dept = (
|
||||
UserRole.query.filter_by(user_id=self.id)
|
||||
|
@ -37,11 +37,13 @@ class ZRequest(object):
|
||||
"Emulating Zope 2 REQUEST"
|
||||
|
||||
def __init__(self):
|
||||
self.URL = request.base_url
|
||||
self.URL = request.base_url.encode(
|
||||
"utf-8"
|
||||
) # necessaire pour ScoDoc 8 en Python 2
|
||||
self.URL0 = self.URL
|
||||
self.BASE0 = request.url_root
|
||||
self.QUERY_STRING = request.query_string
|
||||
self.REQUEST_METHOD = request.method
|
||||
self.BASE0 = request.url_root.encode("utf-8")
|
||||
self.QUERY_STRING = request.query_string.encode("utf-8")
|
||||
self.REQUEST_METHOD = request.method.encode("utf-8")
|
||||
self.AUTHENTICATED_USER = current_user
|
||||
if request.method == "POST":
|
||||
self.form = request.form
|
||||
|
@ -49,15 +49,7 @@ from gen_tables import GenTable
|
||||
import scolars
|
||||
import sco_cache
|
||||
import sco_users
|
||||
from sco_permissions import (
|
||||
ScoEditAllEvals,
|
||||
ScoEditAllNotes,
|
||||
ScoImplement,
|
||||
ScoSuperAdmin,
|
||||
ScoUsersAdmin,
|
||||
ScoUsersView,
|
||||
ScoView,
|
||||
)
|
||||
|
||||
from sco_exceptions import (
|
||||
AccessDenied,
|
||||
ScoException,
|
||||
|
@ -86,7 +86,7 @@ class FakeUser:
|
||||
def __str__(self):
|
||||
return self.name
|
||||
|
||||
def has_permission(self, op, context):
|
||||
def has_permission(self, op, dept):
|
||||
return True
|
||||
|
||||
def has_role(self, role):
|
||||
|
@ -28,6 +28,7 @@
|
||||
import cgi
|
||||
|
||||
import sco_utils as scu
|
||||
from notes_log import log
|
||||
import html_sidebar
|
||||
import VERSION
|
||||
|
||||
@ -312,7 +313,9 @@ def sco_header(
|
||||
# Avertissement si mot de passe à changer
|
||||
if user_check:
|
||||
authuser = REQUEST.AUTHENTICATED_USER
|
||||
passwd_temp = context.Users.user_info(user_name=str(authuser))["passwd_temp"]
|
||||
# passwd_temp = context.Users.user_info(user_name=str(authuser))["passwd_temp"]
|
||||
log("XXX TODO: Users.user_info")
|
||||
passwd_temp = False # XXX TODO
|
||||
if passwd_temp:
|
||||
H.append(
|
||||
"""<div class="passwd_warn">
|
||||
|
@ -28,12 +28,8 @@
|
||||
import sco_utils as scu
|
||||
import sco_preferences
|
||||
from sco_abs import getAbsSemEtud
|
||||
from sco_permissions import (
|
||||
ScoUsersAdmin,
|
||||
ScoUsersView,
|
||||
ScoChangePreferences,
|
||||
ScoAbsChange,
|
||||
)
|
||||
from app.scodoc.sco_permissions import Permission
|
||||
|
||||
|
||||
"""
|
||||
Génération de la "sidebar" (marge gauche des pages HTML)
|
||||
@ -63,14 +59,14 @@ def sidebar_common(context, REQUEST=None):
|
||||
% params,
|
||||
]
|
||||
|
||||
if authuser.has_permission(
|
||||
Permission.ScoUsersAdmin, context
|
||||
) or authuser.has_permission(ScoUsersView, context):
|
||||
if authuser.has_permission(Permission.ScoUsersAdmin) or authuser.has_permission(
|
||||
Permission.ScoUsersView
|
||||
):
|
||||
H.append(
|
||||
"""<a href="%(UsersURL)s" class="sidebar">Utilisateurs</a> <br/>""" % params
|
||||
)
|
||||
|
||||
if authuser.has_permission(Permission.ScoChangePreferences, context):
|
||||
if authuser.has_permission(Permission.ScoChangePreferences):
|
||||
H.append(
|
||||
"""<a href="%(ScoURL)s/edit_preferences" class="sidebar">Paramétrage</a> <br/>"""
|
||||
% params
|
||||
@ -121,7 +117,7 @@ def sidebar(context, REQUEST=None):
|
||||
)
|
||||
|
||||
H.append("<ul>")
|
||||
if REQUEST.AUTHENTICATED_USER.has_permission(Permission.ScoAbsChange, context):
|
||||
if REQUEST.AUTHENTICATED_USER.has_permission(Permission.ScoAbsChange):
|
||||
H.append(
|
||||
"""
|
||||
<li> <a href="%(ScoURL)s/Absences/SignaleAbsenceEtud?etudid=%(etudid)s">Ajouter</a></li>
|
||||
|
@ -7,6 +7,8 @@ import psycopg2
|
||||
import psycopg2.pool
|
||||
import psycopg2.extras
|
||||
import thread
|
||||
|
||||
import sco_utils as scu
|
||||
from notes_log import log
|
||||
from sco_exceptions import ScoException, ScoValueError, NoteProcessError
|
||||
from types import StringType
|
||||
|
@ -875,7 +875,7 @@ def index_html(context, REQUEST=None):
|
||||
"""<p>Pour signaler, annuler ou justifier une absence, choisissez d'abord l'étudiant concerné:</p>"""
|
||||
)
|
||||
H.append(sco_find_etud.form_search_etud(context, REQUEST))
|
||||
if authuser.has_permission(Permission.ScoAbsChange, context):
|
||||
if authuser.has_permission(Permission.ScoAbsChange):
|
||||
H.extend(
|
||||
(
|
||||
"""<hr/>
|
||||
|
@ -53,7 +53,7 @@ EtudsArchive = EtudsArchiver()
|
||||
|
||||
def can_edit_etud_archive(context, authuser):
|
||||
"""True si l'utilisateur peut modifier les archives etudiantes"""
|
||||
return authuser.has_permission(Permission.ScoEtudAddAnnotations, context)
|
||||
return authuser.has_permission(Permission.ScoEtudAddAnnotations)
|
||||
|
||||
|
||||
def etud_list_archives_html(context, REQUEST, etudid):
|
||||
|
@ -853,7 +853,7 @@ def can_send_bulletin_by_mail(context, formsemestre_id, REQUEST):
|
||||
sco_preferences.get_preference(
|
||||
context, "bul_mail_allowed_for_all", formsemestre_id
|
||||
)
|
||||
or authuser.has_permission(Permission.ScoImplement, context)
|
||||
or authuser.has_permission(Permission.ScoImplement)
|
||||
or str(authuser) in sem["responsables"]
|
||||
)
|
||||
|
||||
@ -1099,7 +1099,7 @@ def _formsemestre_bulletinetud_header_html(
|
||||
"endpoint": "notes.formsemestre_edit_options",
|
||||
"args": {"formsemestre_id": formsemestre_id, "target_url": qurl},
|
||||
"enabled": (uid in sem["responsables"])
|
||||
or authuser.has_permission(Permission.ScoImplement, context),
|
||||
or authuser.has_permission(Permission.ScoImplement),
|
||||
},
|
||||
{
|
||||
"title": 'Version papier (pdf, format "%s")'
|
||||
@ -1162,7 +1162,7 @@ def _formsemestre_bulletinetud_header_html(
|
||||
},
|
||||
"enabled": (
|
||||
(authuser in sem["responsables"])
|
||||
or (authuser.has_permission(Permission.ScoEtudInscrit, context))
|
||||
or (authuser.has_permission(Permission.ScoEtudInscrit))
|
||||
),
|
||||
},
|
||||
{
|
||||
@ -1172,7 +1172,7 @@ def _formsemestre_bulletinetud_header_html(
|
||||
"formsemestre_id": formsemestre_id,
|
||||
"etudid": etudid,
|
||||
},
|
||||
"enabled": authuser.has_permission(Permission.ScoImplement, context),
|
||||
"enabled": authuser.has_permission(Permission.ScoImplement),
|
||||
},
|
||||
{
|
||||
"title": "Enregistrer une validation d'UE antérieure",
|
||||
|
@ -32,7 +32,7 @@ from types import StringType
|
||||
import safehtml
|
||||
|
||||
import sco_utils as scu
|
||||
import ndb as ndb
|
||||
import notesdb as ndb
|
||||
from notes_log import log
|
||||
import VERSION
|
||||
from sco_exceptions import AccessDenied
|
||||
|
@ -138,7 +138,7 @@ Chercher étape courante: <input name="etape_apo" type="text" size="8" spellchec
|
||||
)
|
||||
#
|
||||
authuser = REQUEST.AUTHENTICATED_USER
|
||||
if authuser.has_permission(Permission.ScoEtudInscrit, context):
|
||||
if authuser.has_permission(Permission.ScoEtudInscrit):
|
||||
H.append(
|
||||
"""<hr>
|
||||
<h3>Gestion des étudiants</h3>
|
||||
@ -151,7 +151,7 @@ Chercher étape courante: <input name="etape_apo" type="text" size="8" spellchec
|
||||
"""
|
||||
)
|
||||
#
|
||||
if authuser.has_permission(Permission.ScoEditApo, context):
|
||||
if authuser.has_permission(Permission.ScoEditApo):
|
||||
H.append(
|
||||
"""<hr>
|
||||
<h3>Exports Apogée</h3>
|
||||
|
@ -302,7 +302,7 @@ def ue_list(context, formation_id=None, msg="", REQUEST=None):
|
||||
ue_list.sort(key=lambda u: (u["semestre_id"], u["numero"]))
|
||||
has_duplicate_ue_codes = len(set([ue["ue_code"] for ue in ue_list])) != len(ue_list)
|
||||
|
||||
perm_change = authuser.has_permission(Permission.ScoChangeFormation, context)
|
||||
perm_change = authuser.has_permission(Permission.ScoChangeFormation)
|
||||
# editable = (not locked) and perm_change
|
||||
# On autorise maintanant la modification des formations qui ont des semestres verrouillés,
|
||||
# sauf si cela affect les notes passées (verrouillées):
|
||||
@ -310,7 +310,7 @@ def ue_list(context, formation_id=None, msg="", REQUEST=None):
|
||||
# - pas de changement des codes d'UE utilisés dans des semestres verrouillés
|
||||
editable = perm_change
|
||||
tag_editable = (
|
||||
authuser.has_permission(Permission.ScoEditFormationTags, context) or perm_change
|
||||
authuser.has_permission(Permission.ScoEditFormationTags) or perm_change
|
||||
)
|
||||
if locked:
|
||||
lockicon = scu.icontag("lock32_img", title="verrouillé")
|
||||
@ -660,7 +660,7 @@ Si vous souhaitez modifier cette formation (par exemple pour y ajouter un module
|
||||
H.append("</li>")
|
||||
H.append("</ul>")
|
||||
|
||||
if authuser.has_permission(Permission.ScoImplement, context):
|
||||
if authuser.has_permission(Permission.ScoImplement):
|
||||
H.append(
|
||||
"""<ul>
|
||||
<li><a class="stdlink" href="formsemestre_createwithmodules?formation_id=%(formation_id)s&semestre_id=1">Mettre en place un nouveau semestre de formation %(acronyme)s</a>
|
||||
|
@ -273,7 +273,7 @@ def form_search_etud_in_accessible_depts(context, REQUEST):
|
||||
def can_view_dept(context, REQUEST):
|
||||
"""True if auth user can access (View) this context"""
|
||||
authuser = REQUEST.AUTHENTICATED_USER
|
||||
return authuser.has_permission(Permission.ScoView, context)
|
||||
return authuser.has_permission(Permission.ScoView)
|
||||
|
||||
|
||||
def search_etud_in_accessible_depts(context, expnom=None, code_nip=None, REQUEST=None):
|
||||
|
@ -108,7 +108,7 @@ def can_edit_sem(context, REQUEST, formsemestre_id="", sem=None):
|
||||
"""Return sem if user can edit it, False otherwise"""
|
||||
sem = sem or sco_formsemestre.get_formsemestre(context, formsemestre_id)
|
||||
authuser = REQUEST.AUTHENTICATED_USER
|
||||
if not authuser.has_permission(Permission.ScoImplement, context): # pas chef
|
||||
if not authuser.has_permission(Permission.ScoImplement): # pas chef
|
||||
if not sem["resp_can_edit"] or str(authuser) not in sem["responsables"]:
|
||||
return False
|
||||
return sem
|
||||
@ -121,7 +121,7 @@ def do_formsemestre_createwithmodules(context, REQUEST=None, edit=False):
|
||||
formsemestre_id = REQUEST.form["formsemestre_id"]
|
||||
sem = sco_formsemestre.get_formsemestre(context, formsemestre_id)
|
||||
authuser = REQUEST.AUTHENTICATED_USER
|
||||
if not authuser.has_permission(Permission.ScoImplement, context):
|
||||
if not authuser.has_permission(Permission.ScoImplement):
|
||||
if not edit:
|
||||
# il faut ScoImplement pour creer un semestre
|
||||
raise AccessDenied("vous n'avez pas le droit d'effectuer cette opération")
|
||||
@ -437,7 +437,7 @@ def do_formsemestre_createwithmodules(context, REQUEST=None, edit=False):
|
||||
},
|
||||
),
|
||||
]
|
||||
if authuser.has_permission(Permission.ScoImplement, context):
|
||||
if authuser.has_permission(Permission.ScoImplement):
|
||||
modform += [
|
||||
(
|
||||
"resp_can_edit",
|
||||
|
@ -163,7 +163,7 @@ def formsemestre_status_menubar(context, sem, REQUEST):
|
||||
% sem,
|
||||
"args": {"formsemestre_id": formsemestre_id},
|
||||
"enabled": (
|
||||
authuser.has_permission(Permission.ScoImplement, context)
|
||||
authuser.has_permission(Permission.ScoImplement)
|
||||
or (
|
||||
str(REQUEST.AUTHENTICATED_USER) in sem["responsables"]
|
||||
and sem["resp_can_edit"]
|
||||
@ -177,7 +177,7 @@ def formsemestre_status_menubar(context, sem, REQUEST):
|
||||
"endpoint": "notes.formsemestre_edit_preferences",
|
||||
"args": {"formsemestre_id": formsemestre_id},
|
||||
"enabled": (
|
||||
authuser.has_permission(Permission.ScoImplement, context)
|
||||
authuser.has_permission(Permission.ScoImplement)
|
||||
or (
|
||||
str(REQUEST.AUTHENTICATED_USER) in sem["responsables"]
|
||||
and sem["resp_can_edit"]
|
||||
@ -191,7 +191,7 @@ def formsemestre_status_menubar(context, sem, REQUEST):
|
||||
"endpoint": "notes.formsemestre_edit_options",
|
||||
"args": {"formsemestre_id": formsemestre_id},
|
||||
"enabled": (uid in sem["responsables"])
|
||||
or authuser.has_permission(Permission.ScoImplement, context),
|
||||
or authuser.has_permission(Permission.ScoImplement),
|
||||
"helpmsg": "Change les options",
|
||||
},
|
||||
{
|
||||
@ -199,7 +199,7 @@ def formsemestre_status_menubar(context, sem, REQUEST):
|
||||
"endpoint": "notes.formsemestre_change_lock",
|
||||
"args": {"formsemestre_id": formsemestre_id},
|
||||
"enabled": (uid in sem["responsables"])
|
||||
or authuser.has_permission(Permission.ScoImplement, context),
|
||||
or authuser.has_permission(Permission.ScoImplement),
|
||||
"helpmsg": "",
|
||||
},
|
||||
{
|
||||
@ -227,14 +227,14 @@ def formsemestre_status_menubar(context, sem, REQUEST):
|
||||
"title": "Cloner ce semestre",
|
||||
"endpoint": "notes.formsemestre_clone",
|
||||
"args": {"formsemestre_id": formsemestre_id},
|
||||
"enabled": authuser.has_permission(Permission.ScoImplement, context),
|
||||
"enabled": authuser.has_permission(Permission.ScoImplement),
|
||||
"helpmsg": "",
|
||||
},
|
||||
{
|
||||
"title": "Associer à une nouvelle version du programme",
|
||||
"endpoint": "notes.formsemestre_associate_new_version",
|
||||
"args": {"formsemestre_id": formsemestre_id},
|
||||
"enabled": authuser.has_permission(Permission.ScoChangeFormation, context)
|
||||
"enabled": authuser.has_permission(Permission.ScoChangeFormation)
|
||||
and (sem["etat"] == "1"),
|
||||
"helpmsg": "",
|
||||
},
|
||||
@ -242,7 +242,7 @@ def formsemestre_status_menubar(context, sem, REQUEST):
|
||||
"title": "Supprimer ce semestre",
|
||||
"endpoint": "notes.formsemestre_delete",
|
||||
"args": {"formsemestre_id": formsemestre_id},
|
||||
"enabled": authuser.has_permission(Permission.ScoImplement, context),
|
||||
"enabled": authuser.has_permission(Permission.ScoImplement),
|
||||
"helpmsg": "",
|
||||
},
|
||||
]
|
||||
@ -269,14 +269,14 @@ def formsemestre_status_menubar(context, sem, REQUEST):
|
||||
"title": "Passage des étudiants depuis d'autres semestres",
|
||||
"endpoint": "notes.formsemestre_inscr_passage",
|
||||
"args": {"formsemestre_id": formsemestre_id},
|
||||
"enabled": authuser.has_permission(Permission.ScoEtudInscrit, context)
|
||||
"enabled": authuser.has_permission(Permission.ScoEtudInscrit)
|
||||
and (sem["etat"] == "1"),
|
||||
},
|
||||
{
|
||||
"title": "Synchroniser avec étape Apogée",
|
||||
"endpoint": "notes.formsemestre_synchro_etuds",
|
||||
"args": {"formsemestre_id": formsemestre_id},
|
||||
"enabled": authuser.has_permission(Permission.ScoView, context)
|
||||
"enabled": authuser.has_permission(Permission.ScoView)
|
||||
and sco_preferences.get_preference(context, "portal_url")
|
||||
and (sem["etat"] == "1"),
|
||||
},
|
||||
@ -284,27 +284,27 @@ def formsemestre_status_menubar(context, sem, REQUEST):
|
||||
"title": "Inscrire un étudiant",
|
||||
"endpoint": "notes.formsemestre_inscription_with_modules_etud",
|
||||
"args": {"formsemestre_id": formsemestre_id},
|
||||
"enabled": authuser.has_permission(Permission.ScoEtudInscrit, context)
|
||||
"enabled": authuser.has_permission(Permission.ScoEtudInscrit)
|
||||
and (sem["etat"] == "1"),
|
||||
},
|
||||
{
|
||||
"title": "Importer des étudiants dans ce semestre (table Excel)",
|
||||
"endpoint": "notes.form_students_import_excel",
|
||||
"args": {"formsemestre_id": formsemestre_id},
|
||||
"enabled": authuser.has_permission(Permission.ScoEtudInscrit, context)
|
||||
"enabled": authuser.has_permission(Permission.ScoEtudInscrit)
|
||||
and (sem["etat"] == "1"),
|
||||
},
|
||||
{
|
||||
"title": "Import/export des données admission",
|
||||
"endpoint": "notes.form_students_import_infos_admissions",
|
||||
"args": {"formsemestre_id": formsemestre_id},
|
||||
"enabled": authuser.has_permission(Permission.ScoView, context),
|
||||
"enabled": authuser.has_permission(Permission.ScoView),
|
||||
},
|
||||
{
|
||||
"title": "Resynchroniser données identité",
|
||||
"endpoint": "notes.formsemestre_import_etud_admission",
|
||||
"args": {"formsemestre_id": formsemestre_id},
|
||||
"enabled": authuser.has_permission(Permission.ScoEtudChangeAdr, context)
|
||||
"enabled": authuser.has_permission(Permission.ScoEtudChangeAdr)
|
||||
and sco_preferences.get_preference(context, "portal_url"),
|
||||
},
|
||||
{
|
||||
@ -772,7 +772,7 @@ def _make_listes_sem(context, sem, REQUEST=None, with_absences=True):
|
||||
#
|
||||
H = []
|
||||
# pas de menu absences si pas autorise:
|
||||
if with_absences and not authuser.has_permission(Permission.ScoAbsChange, context):
|
||||
if with_absences and not authuser.has_permission(Permission.ScoAbsChange):
|
||||
with_absences = False
|
||||
|
||||
#
|
||||
|
@ -62,7 +62,7 @@ def can_change_groups(context, REQUEST, formsemestre_id):
|
||||
if sem["etat"] != "1":
|
||||
return False # semestre verrouillé
|
||||
authuser = REQUEST.AUTHENTICATED_USER
|
||||
if authuser.has_permission(Permission.ScoEtudChangeGroups, context):
|
||||
if authuser.has_permission(Permission.ScoEtudChangeGroups):
|
||||
return True # admin, chef dept
|
||||
uid = str(authuser)
|
||||
if uid in sem["responsables"]:
|
||||
|
@ -855,13 +855,13 @@ def tab_absences_html(context, groups_infos, etat=None, REQUEST=None):
|
||||
# Lien pour verif codes INE/NIP
|
||||
# (pour tous les etudiants du semestre)
|
||||
group_id = sco_groups.get_default_group(context, groups_infos.formsemestre_id)
|
||||
if authuser.has_permission(Permission.ScoEtudInscrit, context):
|
||||
if authuser.has_permission(Permission.ScoEtudInscrit):
|
||||
H.append(
|
||||
'<li><a class="stdlink" href="check_group_apogee?group_id=%s&etat=%s">Vérifier codes Apogée</a> (de tous les groupes)</li>'
|
||||
% (group_id, etat or "")
|
||||
)
|
||||
# Lien pour ajout fichiers étudiants
|
||||
if authuser.has_permission(Permission.ScoEtudAddAnnotations, context):
|
||||
if authuser.has_permission(Permission.ScoEtudAddAnnotations):
|
||||
H.append(
|
||||
"""<li><a class="stdlink" href="etudarchive_import_files_form?group_id=%s">Télécharger des fichiers associés aux étudiants (e.g. dossiers d'admission)</a></li>"""
|
||||
% (group_id)
|
||||
@ -884,7 +884,7 @@ def form_choix_jour_saisie_hebdo(
|
||||
):
|
||||
"""Formulaire choix jour semaine pour saisie."""
|
||||
authuser = REQUEST.AUTHENTICATED_USER
|
||||
if not authuser.has_permission(Permission.ScoAbsChange, context):
|
||||
if not authuser.has_permission(Permission.ScoAbsChange):
|
||||
return ""
|
||||
sem = groups_infos.formsemestre
|
||||
first_monday = sco_abs.ddmmyyyy(sem["date_debut"]).prev_monday()
|
||||
@ -925,7 +925,7 @@ def form_choix_jour_saisie_hebdo(
|
||||
# Formulaire saisie absences semaine
|
||||
def form_choix_saisie_semaine(context, groups_infos, REQUEST=None):
|
||||
authuser = REQUEST.AUTHENTICATED_USER
|
||||
if not authuser.has_permission(Permission.ScoAbsChange, context):
|
||||
if not authuser.has_permission(Permission.ScoAbsChange):
|
||||
return ""
|
||||
# construit l'URL "destination"
|
||||
# (a laquelle on revient apres saisie absences)
|
||||
|
@ -311,7 +311,7 @@ def can_change_module_resp(context, REQUEST, moduleimpl_id):
|
||||
authuser = REQUEST.AUTHENTICATED_USER
|
||||
uid = str(authuser)
|
||||
# admin ou resp. semestre avec flag resp_can_change_resp
|
||||
if not authuser.has_permission(Permission.ScoImplement, context) and (
|
||||
if not authuser.has_permission(Permission.ScoImplement) and (
|
||||
(uid not in sem["responsables"]) or (not sem["resp_can_change_ens"])
|
||||
):
|
||||
raise AccessDenied("Modification impossible pour %s" % uid)
|
||||
@ -334,7 +334,7 @@ def can_change_ens(context, REQUEST, moduleimpl_id, raise_exc=True):
|
||||
# admin, resp. module ou resp. semestre
|
||||
if (
|
||||
uid != M["responsable_id"]
|
||||
and not authuser.has_permission(Permission.ScoImplement, context)
|
||||
and not authuser.has_permission(Permission.ScoImplement)
|
||||
and (uid not in sem["responsables"])
|
||||
):
|
||||
if raise_exc:
|
||||
|
@ -247,8 +247,7 @@ def moduleimpl_inscriptions_stats(context, formsemestre_id, REQUEST=None):
|
||||
)
|
||||
|
||||
can_change = (
|
||||
authuser.has_permission(Permission.ScoEtudInscrit, context)
|
||||
and sem["etat"] == "1"
|
||||
authuser.has_permission(Permission.ScoEtudInscrit) and sem["etat"] == "1"
|
||||
)
|
||||
|
||||
# Liste des modules
|
||||
|
@ -241,7 +241,7 @@ def moduleimpl_status(context, moduleimpl_id=None, partition_id=None, REQUEST=No
|
||||
"""<tr><td class="fichetitre2">Inscrits: </td><td> %d étudiants"""
|
||||
% len(ModInscrits)
|
||||
)
|
||||
if authuser.has_permission(Permission.ScoEtudInscrit, context):
|
||||
if authuser.has_permission(Permission.ScoEtudInscrit):
|
||||
H.append(
|
||||
"""<a class="stdlink" style="margin-left:2em;" href="moduleimpl_inscriptions_edit?moduleimpl_id=%s">modifier</a>"""
|
||||
% M["moduleimpl_id"]
|
||||
|
@ -68,7 +68,7 @@ def _menuScolarite(context, authuser, sem, etudid):
|
||||
return lockicon # no menu
|
||||
if not authuser.has_permission(
|
||||
ScoEtudInscrit, context
|
||||
) and not authuser.has_permission(Permission.ScoEtudChangeGroups, context):
|
||||
) and not authuser.has_permission(Permission.ScoEtudChangeGroups):
|
||||
return "" # no menu
|
||||
ins = sem["ins"]
|
||||
args = {"etudid": etudid, "formsemestre_id": ins["formsemestre_id"]}
|
||||
@ -89,7 +89,7 @@ def _menuScolarite(context, authuser, sem, etudid):
|
||||
def_url = "doCancelDef"
|
||||
def_enabled = (
|
||||
(ins["etat"] != "D")
|
||||
and authuser.has_permission(Permission.ScoEtudInscrit, context)
|
||||
and authuser.has_permission(Permission.ScoEtudInscrit)
|
||||
and not locked
|
||||
)
|
||||
items = [
|
||||
@ -97,14 +97,14 @@ def _menuScolarite(context, authuser, sem, etudid):
|
||||
"title": dem_title,
|
||||
"endpoint": dem_url,
|
||||
"args": args,
|
||||
"enabled": authuser.has_permission(Permission.ScoEtudInscrit, context)
|
||||
"enabled": authuser.has_permission(Permission.ScoEtudInscrit)
|
||||
and not locked,
|
||||
},
|
||||
{
|
||||
"title": "Validation du semestre (jury)",
|
||||
"endpoint": "notes.formsemestre_validation_etud_form",
|
||||
"args": args,
|
||||
"enabled": authuser.has_permission(Permission.ScoEtudInscrit, context)
|
||||
"enabled": authuser.has_permission(Permission.ScoEtudInscrit)
|
||||
and not locked,
|
||||
},
|
||||
{"title": def_title, "endpoint": def_url, "enabled": def_enabled},
|
||||
@ -112,25 +112,25 @@ def _menuScolarite(context, authuser, sem, etudid):
|
||||
"title": "Inscrire à un module optionnel (ou au sport)",
|
||||
"endpoint": "notes.formsemestre_inscription_option",
|
||||
"args": args,
|
||||
"enabled": authuser.has_permission(Permission.ScoEtudInscrit, context)
|
||||
"enabled": authuser.has_permission(Permission.ScoEtudInscrit)
|
||||
and not locked,
|
||||
},
|
||||
{
|
||||
"title": "Désinscrire (en cas d'erreur)",
|
||||
"endpoint": "notes.formsemestre_desinscription",
|
||||
"enabled": authuser.has_permission(Permission.ScoEtudInscrit, context)
|
||||
"enabled": authuser.has_permission(Permission.ScoEtudInscrit)
|
||||
and not locked,
|
||||
},
|
||||
{
|
||||
"title": "Inscrire à un autre semestre",
|
||||
"endpoint": "notes.formsemestre_inscription_with_modules_form",
|
||||
"args": {"etudid": etudid},
|
||||
"enabled": authuser.has_permission(Permission.ScoEtudInscrit, context),
|
||||
"enabled": authuser.has_permission(Permission.ScoEtudInscrit),
|
||||
},
|
||||
{
|
||||
"title": "Enregistrer un semestre effectué ailleurs",
|
||||
"endpoint": "notes.formsemestre_ext_create_form",
|
||||
"enabled": authuser.has_permission(Permission.ScoImplement, context),
|
||||
"enabled": authuser.has_permission(Permission.ScoImplement),
|
||||
},
|
||||
]
|
||||
|
||||
@ -196,7 +196,7 @@ def ficheEtud(context, etudid=None, REQUEST=None):
|
||||
else:
|
||||
info["emaillink"] = "<em>(pas d'adresse e-mail)</em>"
|
||||
# champs dependant des permissions
|
||||
if authuser.has_permission(Permission.ScoEtudChangeAdr, context):
|
||||
if authuser.has_permission(Permission.ScoEtudChangeAdr):
|
||||
info["modifadresse"] = (
|
||||
'<a class="stdlink" href="formChangeCoordonnees?etudid=%s">modifier adresse</a>'
|
||||
% etudid
|
||||
@ -262,7 +262,7 @@ def ficheEtud(context, etudid=None, REQUEST=None):
|
||||
else:
|
||||
# non inscrit
|
||||
l = ["<p><b>Etudiant%s non inscrit%s" % (info["ne"], info["ne"])]
|
||||
if authuser.has_permission(Permission.ScoEtudInscrit, context):
|
||||
if authuser.has_permission(Permission.ScoEtudInscrit):
|
||||
l.append(
|
||||
'<a href="%s/Notes/formsemestre_inscription_with_modules_form?etudid=%s">inscrire</a></li>'
|
||||
% (scu.ScoURL(), etudid)
|
||||
@ -510,19 +510,19 @@ def menus_etud(context, REQUEST=None):
|
||||
"title": "Changer la photo",
|
||||
"endpoint": "scolar.formChangePhoto",
|
||||
"args": {"etudid": etud["etudid"]},
|
||||
"enabled": authuser.has_permission(Permission.ScoEtudChangeAdr, context),
|
||||
"enabled": authuser.has_permission(Permission.ScoEtudChangeAdr),
|
||||
},
|
||||
{
|
||||
"title": "Changer les données identité/admission",
|
||||
"endpoint": "scolar.etudident_edit_form",
|
||||
"args": {"etudid": etud["etudid"]},
|
||||
"enabled": authuser.has_permission(Permission.ScoEtudInscrit, context),
|
||||
"enabled": authuser.has_permission(Permission.ScoEtudInscrit),
|
||||
},
|
||||
{
|
||||
"title": "Supprimer cet étudiant...",
|
||||
"endpoint": "scolar.etudident_delete",
|
||||
"args": {"etudid": etud["etudid"]},
|
||||
"enabled": authuser.has_permission(Permission.ScoEtudInscrit, context),
|
||||
"enabled": authuser.has_permission(Permission.ScoEtudInscrit),
|
||||
},
|
||||
{
|
||||
"title": "Voir le journal...",
|
||||
|
@ -5,10 +5,6 @@
|
||||
used by auth
|
||||
"""
|
||||
|
||||
import notesdb as ndb
|
||||
import scolars
|
||||
import sco_formsemestre
|
||||
|
||||
# Définition des permissions: ne pas changer les numéros ou l'ordre des lignes !
|
||||
_SCO_PERMISSIONS = (
|
||||
# permission bit, symbol, description
|
||||
@ -63,6 +59,11 @@ class Permission:
|
||||
Permission.init_permissions()
|
||||
|
||||
|
||||
import notesdb as ndb
|
||||
import scolars
|
||||
import sco_formsemestre
|
||||
|
||||
|
||||
def can_suppress_annotation(context, annotation_id, REQUEST):
|
||||
"""True if current user can suppress this annotation
|
||||
Seuls l'auteur de l'annotation et le chef de dept peuvent supprimer
|
||||
@ -78,15 +79,15 @@ def can_suppress_annotation(context, annotation_id, REQUEST):
|
||||
# c'est pourquoi on teste aussi ScoEtudInscrit (normalement détenue par le chef)
|
||||
return (
|
||||
(str(authuser) == anno["zope_authenticated_user"])
|
||||
or authuser.has_permission(Permission.ScoEtudSupprAnnotations, context)
|
||||
or authuser.has_permission(Permission.ScoEtudInscrit, context)
|
||||
or authuser.has_permission(Permission.ScoEtudSupprAnnotations)
|
||||
or authuser.has_permission(Permission.ScoEtudInscrit)
|
||||
)
|
||||
|
||||
|
||||
def can_edit_suivi(context, REQUEST=None):
|
||||
"""Vrai si l'utilisateur peut modifier les informations de suivi sur la page etud" """
|
||||
authuser = REQUEST.AUTHENTICATED_USER
|
||||
return authuser.has_permission(Permission.ScoEtudChangeAdr, context)
|
||||
return authuser.has_permission(Permission.ScoEtudChangeAdr)
|
||||
|
||||
|
||||
def can_validate_sem(context, REQUEST, formsemestre_id):
|
||||
@ -107,13 +108,13 @@ def can_edit_pv(context, REQUEST, formsemestre_id):
|
||||
# Autorise les secrétariats, repérés via la permission ScoEtudChangeAdr
|
||||
# (ceci nous évite d'ajouter une permission Zope aux installations existantes)
|
||||
authuser = REQUEST.AUTHENTICATED_USER
|
||||
return authuser.has_permission(Permission.ScoEtudChangeAdr, context)
|
||||
return authuser.has_permission(Permission.ScoEtudChangeAdr)
|
||||
|
||||
|
||||
def is_chef_or_diretud(context, REQUEST, sem):
|
||||
"Vrai si utilisateur est admin, chef dept ou responsable du semestre"
|
||||
authuser = REQUEST.AUTHENTICATED_USER
|
||||
if authuser.has_permission(Permission.ScoImplement, context):
|
||||
if authuser.has_permission(Permission.ScoImplement):
|
||||
return True # admin, chef dept
|
||||
uid = str(authuser)
|
||||
if uid in sem["responsables"]:
|
||||
|
@ -76,12 +76,12 @@ def can_edit_notes(context, authuser, moduleimpl_id, allow_ens=True):
|
||||
if sco_parcours_dut.formsemestre_has_decisions(context, sem["formsemestre_id"]):
|
||||
# il y a des décisions de jury dans ce semestre !
|
||||
return (
|
||||
authuser.has_permission(Permission.ScoEditAllNotes, context)
|
||||
authuser.has_permission(Permission.ScoEditAllNotes)
|
||||
or uid in sem["responsables"]
|
||||
)
|
||||
else:
|
||||
if (
|
||||
(not authuser.has_permission(Permission.ScoEditAllNotes, context))
|
||||
(not authuser.has_permission(Permission.ScoEditAllNotes))
|
||||
and uid != M["responsable_id"]
|
||||
and uid not in sem["responsables"]
|
||||
):
|
||||
|
@ -91,7 +91,7 @@ def formsemestre_synchro_etuds(
|
||||
sem["etape_apo_str"] = sco_formsemestre.formsemestre_etape_apo_str(sem)
|
||||
# Write access ?
|
||||
authuser = REQUEST.AUTHENTICATED_USER
|
||||
if not authuser.has_permission(Permission.ScoEtudInscrit, context):
|
||||
if not authuser.has_permission(Permission.ScoEtudInscrit):
|
||||
read_only = True
|
||||
if read_only:
|
||||
submitted = False
|
||||
|
@ -237,7 +237,7 @@ def module_tag_set(context, module_id="", taglist=[], REQUEST=None):
|
||||
authuser = REQUEST.AUTHENTICATED_USER
|
||||
tag_editable = authuser.has_permission(
|
||||
ScoEditFormationTags, context
|
||||
) or authuser.has_permission(Permission.ScoChangeFormation, context)
|
||||
) or authuser.has_permission(Permission.ScoChangeFormation)
|
||||
if not tag_editable:
|
||||
raise AccessDenied("Modification des tags impossible pour %s" % authuser)
|
||||
#
|
||||
|
@ -81,7 +81,7 @@ def external_ue_create(
|
||||
sem = sco_formsemestre.get_formsemestre(context, formsemestre_id)
|
||||
# Contrôle d'accès:
|
||||
authuser = REQUEST.AUTHENTICATED_USER
|
||||
if not authuser.has_permission(Permission.ScoImplement, context):
|
||||
if not authuser.has_permission(Permission.ScoImplement):
|
||||
if not sem["resp_can_edit"] or str(authuser) not in sem["responsables"]:
|
||||
raise AccessDenied("vous n'avez pas le droit d'effectuer cette opération")
|
||||
#
|
||||
@ -210,7 +210,7 @@ def external_ue_create_form(context, formsemestre_id, etudid, REQUEST=None):
|
||||
sem = sco_formsemestre.get_formsemestre(context, formsemestre_id)
|
||||
# Contrôle d'accès:
|
||||
authuser = REQUEST.AUTHENTICATED_USER
|
||||
if not authuser.has_permission(Permission.ScoImplement, context):
|
||||
if not authuser.has_permission(Permission.ScoImplement):
|
||||
if not sem["resp_can_edit"] or str(authuser) not in sem["responsables"]:
|
||||
raise AccessDenied("vous n'avez pas le droit d'effectuer cette opération")
|
||||
|
||||
|
@ -330,7 +330,7 @@ def get_dept_id():
|
||||
|
||||
|
||||
def get_db_cnx_string():
|
||||
return "SCO" + g.scodoc_dept
|
||||
return "dbname=SCO" + g.scodoc_dept
|
||||
|
||||
|
||||
def ScoURL():
|
||||
|
Loading…
Reference in New Issue
Block a user