1
0
forked from ScoDoc/ScoDoc

fixes: lien params seulement pour admin, type passage étudiants, log sources ips

This commit is contained in:
Emmanuel Viennet 2021-09-15 15:19:08 +02:00
parent 96f457260f
commit 8a16216d4b
5 changed files with 20 additions and 13 deletions

View File

@ -2,6 +2,7 @@
# pylint: disable=invalid-name # pylint: disable=invalid-name
import os import os
import re
import socket import socket
import sys import sys
import time import time
@ -103,7 +104,9 @@ class LogExceptionFormatter(logging.Formatter):
def format(self, record): def format(self, record):
if has_request_context(): if has_request_context():
record.url = request.url record.url = request.url
record.remote_addr = request.remote_addr record.remote_addr = request.environ.get(
"HTTP_X_FORWARDED_FOR", request.remote_addr
)
record.http_referrer = request.referrer record.http_referrer = request.referrer
record.http_method = request.method record.http_method = request.method
if request.method == "GET": if request.method == "GET":

View File

@ -149,7 +149,7 @@ def list_inscrits_date(sem):
"""SELECT ins.etudid """SELECT ins.etudid
FROM FROM
notes_formsemestre_inscription ins, notes_formsemestre_inscription ins,
notes_formsemestre S, notes_formsemestre S
WHERE ins.formsemestre_id = S.id WHERE ins.formsemestre_id = S.id
AND S.id != %(formsemestre_id)s AND S.id != %(formsemestre_id)s
AND S.date_debut <= %(date_debut_iso)s AND S.date_debut <= %(date_debut_iso)s

View File

@ -112,6 +112,7 @@ get_base_preferences(formsemestre_id)
""" """
import flask import flask
from flask import g, url_for from flask import g, url_for
from flask_login import current_user
from app.models import Departement from app.models import Departement
from app.scodoc import sco_cache from app.scodoc import sco_cache
@ -2022,7 +2023,9 @@ class BasePreferences(object):
html_sco_header.sco_header(page_title="Préférences"), html_sco_header.sco_header(page_title="Préférences"),
"<h2>Préférences globales pour %s</h2>" % scu.ScoURL(), "<h2>Préférences globales pour %s</h2>" % scu.ScoURL(),
f"""<p><a href="{url_for("scolar.config_logos", scodoc_dept=g.scodoc_dept) f"""<p><a href="{url_for("scolar.config_logos", scodoc_dept=g.scodoc_dept)
}">modification des logos du département (pour documents pdf)</a></p>""", }">modification des logos du département (pour documents pdf)</a></p>"""
if current_user.is_administrator()
else "",
"""<p class="help">Ces paramètres s'appliquent par défaut à tous les semestres, sauf si ceux-ci définissent des valeurs spécifiques.</p> """<p class="help">Ces paramètres s'appliquent par défaut à tous les semestres, sauf si ceux-ci définissent des valeurs spécifiques.</p>
<p class="msg">Attention: cliquez sur "Enregistrer les modifications" en bas de page pour appliquer vos changements !</p> <p class="msg">Attention: cliquez sur "Enregistrer les modifications" en bas de page pour appliquer vos changements !</p>
""", """,
@ -2253,7 +2256,7 @@ function set_global_pref(el, pref_name) {
# #
def doc_preferences(): def doc_preferences():
""" Liste les preferences en MarkDown, pour la documentation""" """Liste les preferences en MarkDown, pour la documentation"""
L = [] L = []
for cat, cat_descr in PREF_CATEGORIES: for cat, cat_descr in PREF_CATEGORIES:
L.append([""]) L.append([""])

View File

@ -494,9 +494,10 @@ def _notes_add(user, evaluation_id: int, notes: list, comment=None, do_it=True):
} }
ndb.quote_dict(aa) ndb.quote_dict(aa)
cursor.execute( cursor.execute(
"""INSERT INTO notes_notes """INSERT INTO notes_notes
(etudid,evaluation_id,value,comment,date,uid) (etudid, evaluation_id, value, comment, date, uid)
VALUES (%(etudid)s,%(evaluation_id)s,%(value)s,%(comment)s,%(date)s,%(uid)s)""", VALUES (%(etudid)s,%(evaluation_id)s,%(value)s,%(comment)s,%(date)s,%(uid)s)
""",
aa, aa,
) )
changed = True changed = True
@ -515,10 +516,10 @@ def _notes_add(user, evaluation_id: int, notes: list, comment=None, do_it=True):
# recopie l'ancienne note dans notes_notes_log, puis update # recopie l'ancienne note dans notes_notes_log, puis update
if do_it: if do_it:
cursor.execute( cursor.execute(
"""INSERT INTO notes_notes_log """INSERT INTO notes_notes_log
(etudid,evaluation_id,value,comment,date,uid) (etudid,evaluation_id,value,comment,date,uid)
SELECT etudid, evaluation_id, value, comment, date, uid SELECT etudid, evaluation_id, value, comment, date, uid
FROM notes_notes FROM notes_notes
WHERE etudid=%(etudid)s WHERE etudid=%(etudid)s
and evaluation_id=%(evaluation_id)s and evaluation_id=%(evaluation_id)s
""", """,
@ -536,8 +537,8 @@ def _notes_add(user, evaluation_id: int, notes: list, comment=None, do_it=True):
if value != scu.NOTES_SUPPRESS: if value != scu.NOTES_SUPPRESS:
if do_it: if do_it:
cursor.execute( cursor.execute(
"""UPDATE notes_notes """UPDATE notes_notes
SET value=%(value)s, comment=%(comment)s, date=%(date)s, uid=%(uid)s SET value=%(value)s, comment=%(comment)s, date=%(date)s, uid=%(uid)s
WHERE etudid = %(etudid)s WHERE etudid = %(etudid)s
and evaluation_id = %(evaluation_id)s and evaluation_id = %(evaluation_id)s
""", """,
@ -550,7 +551,7 @@ def _notes_add(user, evaluation_id: int, notes: list, comment=None, do_it=True):
% (evaluation_id, etudid, oldval) % (evaluation_id, etudid, oldval)
) )
cursor.execute( cursor.execute(
"""DELETE FROM notes_notes """DELETE FROM notes_notes
WHERE etudid = %(etudid)s WHERE etudid = %(etudid)s
AND evaluation_id = %(evaluation_id)s AND evaluation_id = %(evaluation_id)s
""", """,

View File

@ -1,7 +1,7 @@
# -*- mode: python -*- # -*- mode: python -*-
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
SCOVERSION = "9.0.24" SCOVERSION = "9.0.25"
SCONAME = "ScoDoc" SCONAME = "ScoDoc"