From 1c59cfdd935e97f01d929a6bcb53a58375319bdf Mon Sep 17 00:00:00 2001
From: Emmanuel Viennet <emmanuel.viennet@gmail.com>
Date: Fri, 8 Dec 2023 13:37:43 +0100
Subject: [PATCH] API etudiants: qq routes departementales manquantes

---
 app/api/etudiants.py | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/app/api/etudiants.py b/app/api/etudiants.py
index 05ebb045..b709218e 100755
--- a/app/api/etudiants.py
+++ b/app/api/etudiants.py
@@ -25,7 +25,6 @@ from app.but import bulletin_but_court
 from app.decorators import scodoc, permission_required
 from app.models import (
     Admission,
-    Adresse,
     Departement,
     FormSemestreInscription,
     FormSemestre,
@@ -422,9 +421,9 @@ def bulletin(
     )
 
 
-@bp.route(
-    "/etudiant/etudid/<int:etudid>/formsemestre/<int:formsemestre_id>/groups",
-    methods=["GET"],
+@bp.route("/etudiant/etudid/<int:etudid>/formsemestre/<int:formsemestre_id>/groups")
+@api_web_bp.route(
+    "/etudiant/etudid/<int:etudid>/formsemestre/<int:formsemestre_id>/groups"
 )
 @scodoc
 @permission_required(Permission.ScoView)
@@ -462,7 +461,6 @@ def etudiant_groups(formsemestre_id: int, etudid: int = None):
     }
     ]
     """
-
     query = FormSemestre.query.filter_by(id=formsemestre_id)
     if g.scodoc_dept:
         query = query.filter_by(dept_id=g.scodoc_dept_id)
@@ -483,6 +481,8 @@ def etudiant_groups(formsemestre_id: int, etudid: int = None):
 
 @bp.route("/etudiant/create", methods=["POST"], defaults={"force": False})
 @bp.route("/etudiant/create/force", methods=["POST"], defaults={"force": True})
+@api_web_bp.route("/etudiant/create", methods=["POST"], defaults={"force": False})
+@api_web_bp.route("/etudiant/create/force", methods=["POST"], defaults={"force": True})
 @scodoc
 @permission_required(Permission.EtudInscrit)
 @as_json
@@ -499,7 +499,10 @@ def etudiant_create(force=False):
     dept_o = Departement.query.filter_by(acronym=dept).first()
     if not dept_o:
         return scu.json_error(400, "dept invalide")
-    app.set_sco_dept(dept)
+    if g.scodoc_dept and g.scodoc_dept_id != dept_o.id:
+        return scu.json_error(400, "dept invalide (route departementale)")
+    else:
+        app.set_sco_dept(dept)
     args["dept_id"] = dept_o.id
     # vérifie que le département de création est bien autorisé
     if not current_user.has_permission(Permission.EtudInscrit, dept):
@@ -545,6 +548,7 @@ def etudiant_create(force=False):
 
 
 @bp.route("/etudiant/<string:code_type>/<string:code>/edit", methods=["POST"])
+@api_web_bp.route("/etudiant/<string:code_type>/<string:code>/edit", methods=["POST"])
 @scodoc
 @permission_required(Permission.EtudInscrit)
 def etudiant_edit(