1
0
forked from ScoDoc/ScoDoc

WIP changed has_permission

This commit is contained in:
Emmanuel Viennet 2021-06-15 15:38:38 +02:00
parent f4611af10e
commit e16b974761
28 changed files with 94 additions and 97 deletions

View File

@ -10,7 +10,7 @@ import json
import os import os
from time import time from time import time
from flask import current_app, url_for from flask import current_app, url_for, g
from flask_login import UserMixin, AnonymousUserMixin from flask_login import UserMixin, AnonymousUserMixin
from werkzeug.security import generate_password_hash, check_password_hash from werkzeug.security import generate_password_hash, check_password_hash
@ -127,7 +127,7 @@ class User(UserMixin, db.Model):
return user return user
# Permissions management: # Permissions management:
def has_permission(self, perm, dept): def has_permission(self, perm, dept=False):
"""Check if user has permission `perm` in given `dept`. """Check if user has permission `perm` in given `dept`.
Emulate Zope `has_permission`` Emulate Zope `has_permission``
@ -135,6 +135,8 @@ class User(UserMixin, db.Model):
perm: integer, one of the value defined in Permission class. perm: integer, one of the value defined in Permission class.
context: context:
""" """
if dept is False:
dept = g.scodoc_dept
# les role liés à ce département, et les roles avec dept=None (super-admin) # les role liés à ce département, et les roles avec dept=None (super-admin)
roles_in_dept = ( roles_in_dept = (
UserRole.query.filter_by(user_id=self.id) UserRole.query.filter_by(user_id=self.id)

View File

@ -37,11 +37,13 @@ class ZRequest(object):
"Emulating Zope 2 REQUEST" "Emulating Zope 2 REQUEST"
def __init__(self): def __init__(self):
self.URL = request.base_url self.URL = request.base_url.encode(
"utf-8"
) # necessaire pour ScoDoc 8 en Python 2
self.URL0 = self.URL self.URL0 = self.URL
self.BASE0 = request.url_root self.BASE0 = request.url_root.encode("utf-8")
self.QUERY_STRING = request.query_string self.QUERY_STRING = request.query_string.encode("utf-8")
self.REQUEST_METHOD = request.method self.REQUEST_METHOD = request.method.encode("utf-8")
self.AUTHENTICATED_USER = current_user self.AUTHENTICATED_USER = current_user
if request.method == "POST": if request.method == "POST":
self.form = request.form self.form = request.form

View File

@ -49,15 +49,7 @@ from gen_tables import GenTable
import scolars import scolars
import sco_cache import sco_cache
import sco_users import sco_users
from sco_permissions import (
ScoEditAllEvals,
ScoEditAllNotes,
ScoImplement,
ScoSuperAdmin,
ScoUsersAdmin,
ScoUsersView,
ScoView,
)
from sco_exceptions import ( from sco_exceptions import (
AccessDenied, AccessDenied,
ScoException, ScoException,

View File

@ -86,7 +86,7 @@ class FakeUser:
def __str__(self): def __str__(self):
return self.name return self.name
def has_permission(self, op, context): def has_permission(self, op, dept):
return True return True
def has_role(self, role): def has_role(self, role):

View File

@ -28,6 +28,7 @@
import cgi import cgi
import sco_utils as scu import sco_utils as scu
from notes_log import log
import html_sidebar import html_sidebar
import VERSION import VERSION
@ -312,7 +313,9 @@ def sco_header(
# Avertissement si mot de passe à changer # Avertissement si mot de passe à changer
if user_check: if user_check:
authuser = REQUEST.AUTHENTICATED_USER authuser = REQUEST.AUTHENTICATED_USER
passwd_temp = context.Users.user_info(user_name=str(authuser))["passwd_temp"] # passwd_temp = context.Users.user_info(user_name=str(authuser))["passwd_temp"]
log("XXX TODO: Users.user_info")
passwd_temp = False # XXX TODO
if passwd_temp: if passwd_temp:
H.append( H.append(
"""<div class="passwd_warn"> """<div class="passwd_warn">

View File

@ -28,12 +28,8 @@
import sco_utils as scu import sco_utils as scu
import sco_preferences import sco_preferences
from sco_abs import getAbsSemEtud from sco_abs import getAbsSemEtud
from sco_permissions import ( from app.scodoc.sco_permissions import Permission
ScoUsersAdmin,
ScoUsersView,
ScoChangePreferences,
ScoAbsChange,
)
""" """
Génération de la "sidebar" (marge gauche des pages HTML) Génération de la "sidebar" (marge gauche des pages HTML)
@ -63,14 +59,14 @@ def sidebar_common(context, REQUEST=None):
% params, % params,
] ]
if authuser.has_permission( if authuser.has_permission(Permission.ScoUsersAdmin) or authuser.has_permission(
Permission.ScoUsersAdmin, context Permission.ScoUsersView
) or authuser.has_permission(ScoUsersView, context): ):
H.append( H.append(
"""<a href="%(UsersURL)s" class="sidebar">Utilisateurs</a> <br/>""" % params """<a href="%(UsersURL)s" class="sidebar">Utilisateurs</a> <br/>""" % params
) )
if authuser.has_permission(Permission.ScoChangePreferences, context): if authuser.has_permission(Permission.ScoChangePreferences):
H.append( H.append(
"""<a href="%(ScoURL)s/edit_preferences" class="sidebar">Paramétrage</a> <br/>""" """<a href="%(ScoURL)s/edit_preferences" class="sidebar">Paramétrage</a> <br/>"""
% params % params
@ -121,7 +117,7 @@ def sidebar(context, REQUEST=None):
) )
H.append("<ul>") H.append("<ul>")
if REQUEST.AUTHENTICATED_USER.has_permission(Permission.ScoAbsChange, context): if REQUEST.AUTHENTICATED_USER.has_permission(Permission.ScoAbsChange):
H.append( H.append(
""" """
<li> <a href="%(ScoURL)s/Absences/SignaleAbsenceEtud?etudid=%(etudid)s">Ajouter</a></li> <li> <a href="%(ScoURL)s/Absences/SignaleAbsenceEtud?etudid=%(etudid)s">Ajouter</a></li>

View File

@ -7,6 +7,8 @@ import psycopg2
import psycopg2.pool import psycopg2.pool
import psycopg2.extras import psycopg2.extras
import thread import thread
import sco_utils as scu
from notes_log import log from notes_log import log
from sco_exceptions import ScoException, ScoValueError, NoteProcessError from sco_exceptions import ScoException, ScoValueError, NoteProcessError
from types import StringType from types import StringType

View File

@ -875,7 +875,7 @@ def index_html(context, REQUEST=None):
"""<p>Pour signaler, annuler ou justifier une absence, choisissez d'abord l'étudiant concerné:</p>""" """<p>Pour signaler, annuler ou justifier une absence, choisissez d'abord l'étudiant concerné:</p>"""
) )
H.append(sco_find_etud.form_search_etud(context, REQUEST)) H.append(sco_find_etud.form_search_etud(context, REQUEST))
if authuser.has_permission(Permission.ScoAbsChange, context): if authuser.has_permission(Permission.ScoAbsChange):
H.extend( H.extend(
( (
"""<hr/> """<hr/>

View File

@ -53,7 +53,7 @@ EtudsArchive = EtudsArchiver()
def can_edit_etud_archive(context, authuser): def can_edit_etud_archive(context, authuser):
"""True si l'utilisateur peut modifier les archives etudiantes""" """True si l'utilisateur peut modifier les archives etudiantes"""
return authuser.has_permission(Permission.ScoEtudAddAnnotations, context) return authuser.has_permission(Permission.ScoEtudAddAnnotations)
def etud_list_archives_html(context, REQUEST, etudid): def etud_list_archives_html(context, REQUEST, etudid):

View File

@ -853,7 +853,7 @@ def can_send_bulletin_by_mail(context, formsemestre_id, REQUEST):
sco_preferences.get_preference( sco_preferences.get_preference(
context, "bul_mail_allowed_for_all", formsemestre_id context, "bul_mail_allowed_for_all", formsemestre_id
) )
or authuser.has_permission(Permission.ScoImplement, context) or authuser.has_permission(Permission.ScoImplement)
or str(authuser) in sem["responsables"] or str(authuser) in sem["responsables"]
) )
@ -1099,7 +1099,7 @@ def _formsemestre_bulletinetud_header_html(
"endpoint": "notes.formsemestre_edit_options", "endpoint": "notes.formsemestre_edit_options",
"args": {"formsemestre_id": formsemestre_id, "target_url": qurl}, "args": {"formsemestre_id": formsemestre_id, "target_url": qurl},
"enabled": (uid in sem["responsables"]) "enabled": (uid in sem["responsables"])
or authuser.has_permission(Permission.ScoImplement, context), or authuser.has_permission(Permission.ScoImplement),
}, },
{ {
"title": 'Version papier (pdf, format "%s")' "title": 'Version papier (pdf, format "%s")'
@ -1162,7 +1162,7 @@ def _formsemestre_bulletinetud_header_html(
}, },
"enabled": ( "enabled": (
(authuser in sem["responsables"]) (authuser in sem["responsables"])
or (authuser.has_permission(Permission.ScoEtudInscrit, context)) or (authuser.has_permission(Permission.ScoEtudInscrit))
), ),
}, },
{ {
@ -1172,7 +1172,7 @@ def _formsemestre_bulletinetud_header_html(
"formsemestre_id": formsemestre_id, "formsemestre_id": formsemestre_id,
"etudid": etudid, "etudid": etudid,
}, },
"enabled": authuser.has_permission(Permission.ScoImplement, context), "enabled": authuser.has_permission(Permission.ScoImplement),
}, },
{ {
"title": "Enregistrer une validation d'UE antérieure", "title": "Enregistrer une validation d'UE antérieure",

View File

@ -32,7 +32,7 @@ from types import StringType
import safehtml import safehtml
import sco_utils as scu import sco_utils as scu
import ndb as ndb import notesdb as ndb
from notes_log import log from notes_log import log
import VERSION import VERSION
from sco_exceptions import AccessDenied from sco_exceptions import AccessDenied

View File

@ -138,7 +138,7 @@ Chercher étape courante: <input name="etape_apo" type="text" size="8" spellchec
) )
# #
authuser = REQUEST.AUTHENTICATED_USER authuser = REQUEST.AUTHENTICATED_USER
if authuser.has_permission(Permission.ScoEtudInscrit, context): if authuser.has_permission(Permission.ScoEtudInscrit):
H.append( H.append(
"""<hr> """<hr>
<h3>Gestion des étudiants</h3> <h3>Gestion des étudiants</h3>
@ -151,7 +151,7 @@ Chercher étape courante: <input name="etape_apo" type="text" size="8" spellchec
""" """
) )
# #
if authuser.has_permission(Permission.ScoEditApo, context): if authuser.has_permission(Permission.ScoEditApo):
H.append( H.append(
"""<hr> """<hr>
<h3>Exports Apogée</h3> <h3>Exports Apogée</h3>

View File

@ -302,7 +302,7 @@ def ue_list(context, formation_id=None, msg="", REQUEST=None):
ue_list.sort(key=lambda u: (u["semestre_id"], u["numero"])) ue_list.sort(key=lambda u: (u["semestre_id"], u["numero"]))
has_duplicate_ue_codes = len(set([ue["ue_code"] for ue in ue_list])) != len(ue_list) has_duplicate_ue_codes = len(set([ue["ue_code"] for ue in ue_list])) != len(ue_list)
perm_change = authuser.has_permission(Permission.ScoChangeFormation, context) perm_change = authuser.has_permission(Permission.ScoChangeFormation)
# editable = (not locked) and perm_change # editable = (not locked) and perm_change
# On autorise maintanant la modification des formations qui ont des semestres verrouillés, # On autorise maintanant la modification des formations qui ont des semestres verrouillés,
# sauf si cela affect les notes passées (verrouillées): # sauf si cela affect les notes passées (verrouillées):
@ -310,7 +310,7 @@ def ue_list(context, formation_id=None, msg="", REQUEST=None):
# - pas de changement des codes d'UE utilisés dans des semestres verrouillés # - pas de changement des codes d'UE utilisés dans des semestres verrouillés
editable = perm_change editable = perm_change
tag_editable = ( tag_editable = (
authuser.has_permission(Permission.ScoEditFormationTags, context) or perm_change authuser.has_permission(Permission.ScoEditFormationTags) or perm_change
) )
if locked: if locked:
lockicon = scu.icontag("lock32_img", title="verrouillé") lockicon = scu.icontag("lock32_img", title="verrouillé")
@ -660,7 +660,7 @@ Si vous souhaitez modifier cette formation (par exemple pour y ajouter un module
H.append("</li>") H.append("</li>")
H.append("</ul>") H.append("</ul>")
if authuser.has_permission(Permission.ScoImplement, context): if authuser.has_permission(Permission.ScoImplement):
H.append( H.append(
"""<ul> """<ul>
<li><a class="stdlink" href="formsemestre_createwithmodules?formation_id=%(formation_id)s&semestre_id=1">Mettre en place un nouveau semestre de formation %(acronyme)s</a> <li><a class="stdlink" href="formsemestre_createwithmodules?formation_id=%(formation_id)s&semestre_id=1">Mettre en place un nouveau semestre de formation %(acronyme)s</a>

View File

@ -273,7 +273,7 @@ def form_search_etud_in_accessible_depts(context, REQUEST):
def can_view_dept(context, REQUEST): def can_view_dept(context, REQUEST):
"""True if auth user can access (View) this context""" """True if auth user can access (View) this context"""
authuser = REQUEST.AUTHENTICATED_USER authuser = REQUEST.AUTHENTICATED_USER
return authuser.has_permission(Permission.ScoView, context) return authuser.has_permission(Permission.ScoView)
def search_etud_in_accessible_depts(context, expnom=None, code_nip=None, REQUEST=None): def search_etud_in_accessible_depts(context, expnom=None, code_nip=None, REQUEST=None):

View File

@ -108,7 +108,7 @@ def can_edit_sem(context, REQUEST, formsemestre_id="", sem=None):
"""Return sem if user can edit it, False otherwise""" """Return sem if user can edit it, False otherwise"""
sem = sem or sco_formsemestre.get_formsemestre(context, formsemestre_id) sem = sem or sco_formsemestre.get_formsemestre(context, formsemestre_id)
authuser = REQUEST.AUTHENTICATED_USER authuser = REQUEST.AUTHENTICATED_USER
if not authuser.has_permission(Permission.ScoImplement, context): # pas chef if not authuser.has_permission(Permission.ScoImplement): # pas chef
if not sem["resp_can_edit"] or str(authuser) not in sem["responsables"]: if not sem["resp_can_edit"] or str(authuser) not in sem["responsables"]:
return False return False
return sem return sem
@ -121,7 +121,7 @@ def do_formsemestre_createwithmodules(context, REQUEST=None, edit=False):
formsemestre_id = REQUEST.form["formsemestre_id"] formsemestre_id = REQUEST.form["formsemestre_id"]
sem = sco_formsemestre.get_formsemestre(context, formsemestre_id) sem = sco_formsemestre.get_formsemestre(context, formsemestre_id)
authuser = REQUEST.AUTHENTICATED_USER authuser = REQUEST.AUTHENTICATED_USER
if not authuser.has_permission(Permission.ScoImplement, context): if not authuser.has_permission(Permission.ScoImplement):
if not edit: if not edit:
# il faut ScoImplement pour creer un semestre # il faut ScoImplement pour creer un semestre
raise AccessDenied("vous n'avez pas le droit d'effectuer cette opération") raise AccessDenied("vous n'avez pas le droit d'effectuer cette opération")
@ -437,7 +437,7 @@ def do_formsemestre_createwithmodules(context, REQUEST=None, edit=False):
}, },
), ),
] ]
if authuser.has_permission(Permission.ScoImplement, context): if authuser.has_permission(Permission.ScoImplement):
modform += [ modform += [
( (
"resp_can_edit", "resp_can_edit",

View File

@ -163,7 +163,7 @@ def formsemestre_status_menubar(context, sem, REQUEST):
% sem, % sem,
"args": {"formsemestre_id": formsemestre_id}, "args": {"formsemestre_id": formsemestre_id},
"enabled": ( "enabled": (
authuser.has_permission(Permission.ScoImplement, context) authuser.has_permission(Permission.ScoImplement)
or ( or (
str(REQUEST.AUTHENTICATED_USER) in sem["responsables"] str(REQUEST.AUTHENTICATED_USER) in sem["responsables"]
and sem["resp_can_edit"] and sem["resp_can_edit"]
@ -177,7 +177,7 @@ def formsemestre_status_menubar(context, sem, REQUEST):
"endpoint": "notes.formsemestre_edit_preferences", "endpoint": "notes.formsemestre_edit_preferences",
"args": {"formsemestre_id": formsemestre_id}, "args": {"formsemestre_id": formsemestre_id},
"enabled": ( "enabled": (
authuser.has_permission(Permission.ScoImplement, context) authuser.has_permission(Permission.ScoImplement)
or ( or (
str(REQUEST.AUTHENTICATED_USER) in sem["responsables"] str(REQUEST.AUTHENTICATED_USER) in sem["responsables"]
and sem["resp_can_edit"] and sem["resp_can_edit"]
@ -191,7 +191,7 @@ def formsemestre_status_menubar(context, sem, REQUEST):
"endpoint": "notes.formsemestre_edit_options", "endpoint": "notes.formsemestre_edit_options",
"args": {"formsemestre_id": formsemestre_id}, "args": {"formsemestre_id": formsemestre_id},
"enabled": (uid in sem["responsables"]) "enabled": (uid in sem["responsables"])
or authuser.has_permission(Permission.ScoImplement, context), or authuser.has_permission(Permission.ScoImplement),
"helpmsg": "Change les options", "helpmsg": "Change les options",
}, },
{ {
@ -199,7 +199,7 @@ def formsemestre_status_menubar(context, sem, REQUEST):
"endpoint": "notes.formsemestre_change_lock", "endpoint": "notes.formsemestre_change_lock",
"args": {"formsemestre_id": formsemestre_id}, "args": {"formsemestre_id": formsemestre_id},
"enabled": (uid in sem["responsables"]) "enabled": (uid in sem["responsables"])
or authuser.has_permission(Permission.ScoImplement, context), or authuser.has_permission(Permission.ScoImplement),
"helpmsg": "", "helpmsg": "",
}, },
{ {
@ -227,14 +227,14 @@ def formsemestre_status_menubar(context, sem, REQUEST):
"title": "Cloner ce semestre", "title": "Cloner ce semestre",
"endpoint": "notes.formsemestre_clone", "endpoint": "notes.formsemestre_clone",
"args": {"formsemestre_id": formsemestre_id}, "args": {"formsemestre_id": formsemestre_id},
"enabled": authuser.has_permission(Permission.ScoImplement, context), "enabled": authuser.has_permission(Permission.ScoImplement),
"helpmsg": "", "helpmsg": "",
}, },
{ {
"title": "Associer à une nouvelle version du programme", "title": "Associer à une nouvelle version du programme",
"endpoint": "notes.formsemestre_associate_new_version", "endpoint": "notes.formsemestre_associate_new_version",
"args": {"formsemestre_id": formsemestre_id}, "args": {"formsemestre_id": formsemestre_id},
"enabled": authuser.has_permission(Permission.ScoChangeFormation, context) "enabled": authuser.has_permission(Permission.ScoChangeFormation)
and (sem["etat"] == "1"), and (sem["etat"] == "1"),
"helpmsg": "", "helpmsg": "",
}, },
@ -242,7 +242,7 @@ def formsemestre_status_menubar(context, sem, REQUEST):
"title": "Supprimer ce semestre", "title": "Supprimer ce semestre",
"endpoint": "notes.formsemestre_delete", "endpoint": "notes.formsemestre_delete",
"args": {"formsemestre_id": formsemestre_id}, "args": {"formsemestre_id": formsemestre_id},
"enabled": authuser.has_permission(Permission.ScoImplement, context), "enabled": authuser.has_permission(Permission.ScoImplement),
"helpmsg": "", "helpmsg": "",
}, },
] ]
@ -269,14 +269,14 @@ def formsemestre_status_menubar(context, sem, REQUEST):
"title": "Passage des étudiants depuis d'autres semestres", "title": "Passage des étudiants depuis d'autres semestres",
"endpoint": "notes.formsemestre_inscr_passage", "endpoint": "notes.formsemestre_inscr_passage",
"args": {"formsemestre_id": formsemestre_id}, "args": {"formsemestre_id": formsemestre_id},
"enabled": authuser.has_permission(Permission.ScoEtudInscrit, context) "enabled": authuser.has_permission(Permission.ScoEtudInscrit)
and (sem["etat"] == "1"), and (sem["etat"] == "1"),
}, },
{ {
"title": "Synchroniser avec étape Apogée", "title": "Synchroniser avec étape Apogée",
"endpoint": "notes.formsemestre_synchro_etuds", "endpoint": "notes.formsemestre_synchro_etuds",
"args": {"formsemestre_id": formsemestre_id}, "args": {"formsemestre_id": formsemestre_id},
"enabled": authuser.has_permission(Permission.ScoView, context) "enabled": authuser.has_permission(Permission.ScoView)
and sco_preferences.get_preference(context, "portal_url") and sco_preferences.get_preference(context, "portal_url")
and (sem["etat"] == "1"), and (sem["etat"] == "1"),
}, },
@ -284,27 +284,27 @@ def formsemestre_status_menubar(context, sem, REQUEST):
"title": "Inscrire un étudiant", "title": "Inscrire un étudiant",
"endpoint": "notes.formsemestre_inscription_with_modules_etud", "endpoint": "notes.formsemestre_inscription_with_modules_etud",
"args": {"formsemestre_id": formsemestre_id}, "args": {"formsemestre_id": formsemestre_id},
"enabled": authuser.has_permission(Permission.ScoEtudInscrit, context) "enabled": authuser.has_permission(Permission.ScoEtudInscrit)
and (sem["etat"] == "1"), and (sem["etat"] == "1"),
}, },
{ {
"title": "Importer des étudiants dans ce semestre (table Excel)", "title": "Importer des étudiants dans ce semestre (table Excel)",
"endpoint": "notes.form_students_import_excel", "endpoint": "notes.form_students_import_excel",
"args": {"formsemestre_id": formsemestre_id}, "args": {"formsemestre_id": formsemestre_id},
"enabled": authuser.has_permission(Permission.ScoEtudInscrit, context) "enabled": authuser.has_permission(Permission.ScoEtudInscrit)
and (sem["etat"] == "1"), and (sem["etat"] == "1"),
}, },
{ {
"title": "Import/export des données admission", "title": "Import/export des données admission",
"endpoint": "notes.form_students_import_infos_admissions", "endpoint": "notes.form_students_import_infos_admissions",
"args": {"formsemestre_id": formsemestre_id}, "args": {"formsemestre_id": formsemestre_id},
"enabled": authuser.has_permission(Permission.ScoView, context), "enabled": authuser.has_permission(Permission.ScoView),
}, },
{ {
"title": "Resynchroniser données identité", "title": "Resynchroniser données identité",
"endpoint": "notes.formsemestre_import_etud_admission", "endpoint": "notes.formsemestre_import_etud_admission",
"args": {"formsemestre_id": formsemestre_id}, "args": {"formsemestre_id": formsemestre_id},
"enabled": authuser.has_permission(Permission.ScoEtudChangeAdr, context) "enabled": authuser.has_permission(Permission.ScoEtudChangeAdr)
and sco_preferences.get_preference(context, "portal_url"), and sco_preferences.get_preference(context, "portal_url"),
}, },
{ {
@ -772,7 +772,7 @@ def _make_listes_sem(context, sem, REQUEST=None, with_absences=True):
# #
H = [] H = []
# pas de menu absences si pas autorise: # pas de menu absences si pas autorise:
if with_absences and not authuser.has_permission(Permission.ScoAbsChange, context): if with_absences and not authuser.has_permission(Permission.ScoAbsChange):
with_absences = False with_absences = False
# #

View File

@ -62,7 +62,7 @@ def can_change_groups(context, REQUEST, formsemestre_id):
if sem["etat"] != "1": if sem["etat"] != "1":
return False # semestre verrouillé return False # semestre verrouillé
authuser = REQUEST.AUTHENTICATED_USER authuser = REQUEST.AUTHENTICATED_USER
if authuser.has_permission(Permission.ScoEtudChangeGroups, context): if authuser.has_permission(Permission.ScoEtudChangeGroups):
return True # admin, chef dept return True # admin, chef dept
uid = str(authuser) uid = str(authuser)
if uid in sem["responsables"]: if uid in sem["responsables"]:

View File

@ -855,13 +855,13 @@ def tab_absences_html(context, groups_infos, etat=None, REQUEST=None):
# Lien pour verif codes INE/NIP # Lien pour verif codes INE/NIP
# (pour tous les etudiants du semestre) # (pour tous les etudiants du semestre)
group_id = sco_groups.get_default_group(context, groups_infos.formsemestre_id) group_id = sco_groups.get_default_group(context, groups_infos.formsemestre_id)
if authuser.has_permission(Permission.ScoEtudInscrit, context): if authuser.has_permission(Permission.ScoEtudInscrit):
H.append( H.append(
'<li><a class="stdlink" href="check_group_apogee?group_id=%s&etat=%s">Vérifier codes Apogée</a> (de tous les groupes)</li>' '<li><a class="stdlink" href="check_group_apogee?group_id=%s&etat=%s">Vérifier codes Apogée</a> (de tous les groupes)</li>'
% (group_id, etat or "") % (group_id, etat or "")
) )
# Lien pour ajout fichiers étudiants # Lien pour ajout fichiers étudiants
if authuser.has_permission(Permission.ScoEtudAddAnnotations, context): if authuser.has_permission(Permission.ScoEtudAddAnnotations):
H.append( H.append(
"""<li><a class="stdlink" href="etudarchive_import_files_form?group_id=%s">Télécharger des fichiers associés aux étudiants (e.g. dossiers d'admission)</a></li>""" """<li><a class="stdlink" href="etudarchive_import_files_form?group_id=%s">Télécharger des fichiers associés aux étudiants (e.g. dossiers d'admission)</a></li>"""
% (group_id) % (group_id)
@ -884,7 +884,7 @@ def form_choix_jour_saisie_hebdo(
): ):
"""Formulaire choix jour semaine pour saisie.""" """Formulaire choix jour semaine pour saisie."""
authuser = REQUEST.AUTHENTICATED_USER authuser = REQUEST.AUTHENTICATED_USER
if not authuser.has_permission(Permission.ScoAbsChange, context): if not authuser.has_permission(Permission.ScoAbsChange):
return "" return ""
sem = groups_infos.formsemestre sem = groups_infos.formsemestre
first_monday = sco_abs.ddmmyyyy(sem["date_debut"]).prev_monday() first_monday = sco_abs.ddmmyyyy(sem["date_debut"]).prev_monday()
@ -925,7 +925,7 @@ def form_choix_jour_saisie_hebdo(
# Formulaire saisie absences semaine # Formulaire saisie absences semaine
def form_choix_saisie_semaine(context, groups_infos, REQUEST=None): def form_choix_saisie_semaine(context, groups_infos, REQUEST=None):
authuser = REQUEST.AUTHENTICATED_USER authuser = REQUEST.AUTHENTICATED_USER
if not authuser.has_permission(Permission.ScoAbsChange, context): if not authuser.has_permission(Permission.ScoAbsChange):
return "" return ""
# construit l'URL "destination" # construit l'URL "destination"
# (a laquelle on revient apres saisie absences) # (a laquelle on revient apres saisie absences)

View File

@ -311,7 +311,7 @@ def can_change_module_resp(context, REQUEST, moduleimpl_id):
authuser = REQUEST.AUTHENTICATED_USER authuser = REQUEST.AUTHENTICATED_USER
uid = str(authuser) uid = str(authuser)
# admin ou resp. semestre avec flag resp_can_change_resp # admin ou resp. semestre avec flag resp_can_change_resp
if not authuser.has_permission(Permission.ScoImplement, context) and ( if not authuser.has_permission(Permission.ScoImplement) and (
(uid not in sem["responsables"]) or (not sem["resp_can_change_ens"]) (uid not in sem["responsables"]) or (not sem["resp_can_change_ens"])
): ):
raise AccessDenied("Modification impossible pour %s" % uid) raise AccessDenied("Modification impossible pour %s" % uid)
@ -334,7 +334,7 @@ def can_change_ens(context, REQUEST, moduleimpl_id, raise_exc=True):
# admin, resp. module ou resp. semestre # admin, resp. module ou resp. semestre
if ( if (
uid != M["responsable_id"] uid != M["responsable_id"]
and not authuser.has_permission(Permission.ScoImplement, context) and not authuser.has_permission(Permission.ScoImplement)
and (uid not in sem["responsables"]) and (uid not in sem["responsables"])
): ):
if raise_exc: if raise_exc:

View File

@ -247,8 +247,7 @@ def moduleimpl_inscriptions_stats(context, formsemestre_id, REQUEST=None):
) )
can_change = ( can_change = (
authuser.has_permission(Permission.ScoEtudInscrit, context) authuser.has_permission(Permission.ScoEtudInscrit) and sem["etat"] == "1"
and sem["etat"] == "1"
) )
# Liste des modules # Liste des modules

View File

@ -241,7 +241,7 @@ def moduleimpl_status(context, moduleimpl_id=None, partition_id=None, REQUEST=No
"""<tr><td class="fichetitre2">Inscrits: </td><td> %d étudiants""" """<tr><td class="fichetitre2">Inscrits: </td><td> %d étudiants"""
% len(ModInscrits) % len(ModInscrits)
) )
if authuser.has_permission(Permission.ScoEtudInscrit, context): if authuser.has_permission(Permission.ScoEtudInscrit):
H.append( H.append(
"""<a class="stdlink" style="margin-left:2em;" href="moduleimpl_inscriptions_edit?moduleimpl_id=%s">modifier</a>""" """<a class="stdlink" style="margin-left:2em;" href="moduleimpl_inscriptions_edit?moduleimpl_id=%s">modifier</a>"""
% M["moduleimpl_id"] % M["moduleimpl_id"]

View File

@ -68,7 +68,7 @@ def _menuScolarite(context, authuser, sem, etudid):
return lockicon # no menu return lockicon # no menu
if not authuser.has_permission( if not authuser.has_permission(
ScoEtudInscrit, context ScoEtudInscrit, context
) and not authuser.has_permission(Permission.ScoEtudChangeGroups, context): ) and not authuser.has_permission(Permission.ScoEtudChangeGroups):
return "" # no menu return "" # no menu
ins = sem["ins"] ins = sem["ins"]
args = {"etudid": etudid, "formsemestre_id": ins["formsemestre_id"]} args = {"etudid": etudid, "formsemestre_id": ins["formsemestre_id"]}
@ -89,7 +89,7 @@ def _menuScolarite(context, authuser, sem, etudid):
def_url = "doCancelDef" def_url = "doCancelDef"
def_enabled = ( def_enabled = (
(ins["etat"] != "D") (ins["etat"] != "D")
and authuser.has_permission(Permission.ScoEtudInscrit, context) and authuser.has_permission(Permission.ScoEtudInscrit)
and not locked and not locked
) )
items = [ items = [
@ -97,14 +97,14 @@ def _menuScolarite(context, authuser, sem, etudid):
"title": dem_title, "title": dem_title,
"endpoint": dem_url, "endpoint": dem_url,
"args": args, "args": args,
"enabled": authuser.has_permission(Permission.ScoEtudInscrit, context) "enabled": authuser.has_permission(Permission.ScoEtudInscrit)
and not locked, and not locked,
}, },
{ {
"title": "Validation du semestre (jury)", "title": "Validation du semestre (jury)",
"endpoint": "notes.formsemestre_validation_etud_form", "endpoint": "notes.formsemestre_validation_etud_form",
"args": args, "args": args,
"enabled": authuser.has_permission(Permission.ScoEtudInscrit, context) "enabled": authuser.has_permission(Permission.ScoEtudInscrit)
and not locked, and not locked,
}, },
{"title": def_title, "endpoint": def_url, "enabled": def_enabled}, {"title": def_title, "endpoint": def_url, "enabled": def_enabled},
@ -112,25 +112,25 @@ def _menuScolarite(context, authuser, sem, etudid):
"title": "Inscrire à un module optionnel (ou au sport)", "title": "Inscrire à un module optionnel (ou au sport)",
"endpoint": "notes.formsemestre_inscription_option", "endpoint": "notes.formsemestre_inscription_option",
"args": args, "args": args,
"enabled": authuser.has_permission(Permission.ScoEtudInscrit, context) "enabled": authuser.has_permission(Permission.ScoEtudInscrit)
and not locked, and not locked,
}, },
{ {
"title": "Désinscrire (en cas d'erreur)", "title": "Désinscrire (en cas d'erreur)",
"endpoint": "notes.formsemestre_desinscription", "endpoint": "notes.formsemestre_desinscription",
"enabled": authuser.has_permission(Permission.ScoEtudInscrit, context) "enabled": authuser.has_permission(Permission.ScoEtudInscrit)
and not locked, and not locked,
}, },
{ {
"title": "Inscrire à un autre semestre", "title": "Inscrire à un autre semestre",
"endpoint": "notes.formsemestre_inscription_with_modules_form", "endpoint": "notes.formsemestre_inscription_with_modules_form",
"args": {"etudid": etudid}, "args": {"etudid": etudid},
"enabled": authuser.has_permission(Permission.ScoEtudInscrit, context), "enabled": authuser.has_permission(Permission.ScoEtudInscrit),
}, },
{ {
"title": "Enregistrer un semestre effectué ailleurs", "title": "Enregistrer un semestre effectué ailleurs",
"endpoint": "notes.formsemestre_ext_create_form", "endpoint": "notes.formsemestre_ext_create_form",
"enabled": authuser.has_permission(Permission.ScoImplement, context), "enabled": authuser.has_permission(Permission.ScoImplement),
}, },
] ]
@ -196,7 +196,7 @@ def ficheEtud(context, etudid=None, REQUEST=None):
else: else:
info["emaillink"] = "<em>(pas d'adresse e-mail)</em>" info["emaillink"] = "<em>(pas d'adresse e-mail)</em>"
# champs dependant des permissions # champs dependant des permissions
if authuser.has_permission(Permission.ScoEtudChangeAdr, context): if authuser.has_permission(Permission.ScoEtudChangeAdr):
info["modifadresse"] = ( info["modifadresse"] = (
'<a class="stdlink" href="formChangeCoordonnees?etudid=%s">modifier adresse</a>' '<a class="stdlink" href="formChangeCoordonnees?etudid=%s">modifier adresse</a>'
% etudid % etudid
@ -262,7 +262,7 @@ def ficheEtud(context, etudid=None, REQUEST=None):
else: else:
# non inscrit # non inscrit
l = ["<p><b>Etudiant%s non inscrit%s" % (info["ne"], info["ne"])] l = ["<p><b>Etudiant%s non inscrit%s" % (info["ne"], info["ne"])]
if authuser.has_permission(Permission.ScoEtudInscrit, context): if authuser.has_permission(Permission.ScoEtudInscrit):
l.append( l.append(
'<a href="%s/Notes/formsemestre_inscription_with_modules_form?etudid=%s">inscrire</a></li>' '<a href="%s/Notes/formsemestre_inscription_with_modules_form?etudid=%s">inscrire</a></li>'
% (scu.ScoURL(), etudid) % (scu.ScoURL(), etudid)
@ -510,19 +510,19 @@ def menus_etud(context, REQUEST=None):
"title": "Changer la photo", "title": "Changer la photo",
"endpoint": "scolar.formChangePhoto", "endpoint": "scolar.formChangePhoto",
"args": {"etudid": etud["etudid"]}, "args": {"etudid": etud["etudid"]},
"enabled": authuser.has_permission(Permission.ScoEtudChangeAdr, context), "enabled": authuser.has_permission(Permission.ScoEtudChangeAdr),
}, },
{ {
"title": "Changer les données identité/admission", "title": "Changer les données identité/admission",
"endpoint": "scolar.etudident_edit_form", "endpoint": "scolar.etudident_edit_form",
"args": {"etudid": etud["etudid"]}, "args": {"etudid": etud["etudid"]},
"enabled": authuser.has_permission(Permission.ScoEtudInscrit, context), "enabled": authuser.has_permission(Permission.ScoEtudInscrit),
}, },
{ {
"title": "Supprimer cet étudiant...", "title": "Supprimer cet étudiant...",
"endpoint": "scolar.etudident_delete", "endpoint": "scolar.etudident_delete",
"args": {"etudid": etud["etudid"]}, "args": {"etudid": etud["etudid"]},
"enabled": authuser.has_permission(Permission.ScoEtudInscrit, context), "enabled": authuser.has_permission(Permission.ScoEtudInscrit),
}, },
{ {
"title": "Voir le journal...", "title": "Voir le journal...",

View File

@ -5,10 +5,6 @@
used by auth used by auth
""" """
import notesdb as ndb
import scolars
import sco_formsemestre
# Définition des permissions: ne pas changer les numéros ou l'ordre des lignes ! # Définition des permissions: ne pas changer les numéros ou l'ordre des lignes !
_SCO_PERMISSIONS = ( _SCO_PERMISSIONS = (
# permission bit, symbol, description # permission bit, symbol, description
@ -63,6 +59,11 @@ class Permission:
Permission.init_permissions() Permission.init_permissions()
import notesdb as ndb
import scolars
import sco_formsemestre
def can_suppress_annotation(context, annotation_id, REQUEST): def can_suppress_annotation(context, annotation_id, REQUEST):
"""True if current user can suppress this annotation """True if current user can suppress this annotation
Seuls l'auteur de l'annotation et le chef de dept peuvent supprimer Seuls l'auteur de l'annotation et le chef de dept peuvent supprimer
@ -78,15 +79,15 @@ def can_suppress_annotation(context, annotation_id, REQUEST):
# c'est pourquoi on teste aussi ScoEtudInscrit (normalement détenue par le chef) # c'est pourquoi on teste aussi ScoEtudInscrit (normalement détenue par le chef)
return ( return (
(str(authuser) == anno["zope_authenticated_user"]) (str(authuser) == anno["zope_authenticated_user"])
or authuser.has_permission(Permission.ScoEtudSupprAnnotations, context) or authuser.has_permission(Permission.ScoEtudSupprAnnotations)
or authuser.has_permission(Permission.ScoEtudInscrit, context) or authuser.has_permission(Permission.ScoEtudInscrit)
) )
def can_edit_suivi(context, REQUEST=None): def can_edit_suivi(context, REQUEST=None):
"""Vrai si l'utilisateur peut modifier les informations de suivi sur la page etud" """ """Vrai si l'utilisateur peut modifier les informations de suivi sur la page etud" """
authuser = REQUEST.AUTHENTICATED_USER authuser = REQUEST.AUTHENTICATED_USER
return authuser.has_permission(Permission.ScoEtudChangeAdr, context) return authuser.has_permission(Permission.ScoEtudChangeAdr)
def can_validate_sem(context, REQUEST, formsemestre_id): def can_validate_sem(context, REQUEST, formsemestre_id):
@ -107,13 +108,13 @@ def can_edit_pv(context, REQUEST, formsemestre_id):
# Autorise les secrétariats, repérés via la permission ScoEtudChangeAdr # Autorise les secrétariats, repérés via la permission ScoEtudChangeAdr
# (ceci nous évite d'ajouter une permission Zope aux installations existantes) # (ceci nous évite d'ajouter une permission Zope aux installations existantes)
authuser = REQUEST.AUTHENTICATED_USER authuser = REQUEST.AUTHENTICATED_USER
return authuser.has_permission(Permission.ScoEtudChangeAdr, context) return authuser.has_permission(Permission.ScoEtudChangeAdr)
def is_chef_or_diretud(context, REQUEST, sem): def is_chef_or_diretud(context, REQUEST, sem):
"Vrai si utilisateur est admin, chef dept ou responsable du semestre" "Vrai si utilisateur est admin, chef dept ou responsable du semestre"
authuser = REQUEST.AUTHENTICATED_USER authuser = REQUEST.AUTHENTICATED_USER
if authuser.has_permission(Permission.ScoImplement, context): if authuser.has_permission(Permission.ScoImplement):
return True # admin, chef dept return True # admin, chef dept
uid = str(authuser) uid = str(authuser)
if uid in sem["responsables"]: if uid in sem["responsables"]:

View File

@ -76,12 +76,12 @@ def can_edit_notes(context, authuser, moduleimpl_id, allow_ens=True):
if sco_parcours_dut.formsemestre_has_decisions(context, sem["formsemestre_id"]): if sco_parcours_dut.formsemestre_has_decisions(context, sem["formsemestre_id"]):
# il y a des décisions de jury dans ce semestre ! # il y a des décisions de jury dans ce semestre !
return ( return (
authuser.has_permission(Permission.ScoEditAllNotes, context) authuser.has_permission(Permission.ScoEditAllNotes)
or uid in sem["responsables"] or uid in sem["responsables"]
) )
else: else:
if ( if (
(not authuser.has_permission(Permission.ScoEditAllNotes, context)) (not authuser.has_permission(Permission.ScoEditAllNotes))
and uid != M["responsable_id"] and uid != M["responsable_id"]
and uid not in sem["responsables"] and uid not in sem["responsables"]
): ):

View File

@ -91,7 +91,7 @@ def formsemestre_synchro_etuds(
sem["etape_apo_str"] = sco_formsemestre.formsemestre_etape_apo_str(sem) sem["etape_apo_str"] = sco_formsemestre.formsemestre_etape_apo_str(sem)
# Write access ? # Write access ?
authuser = REQUEST.AUTHENTICATED_USER authuser = REQUEST.AUTHENTICATED_USER
if not authuser.has_permission(Permission.ScoEtudInscrit, context): if not authuser.has_permission(Permission.ScoEtudInscrit):
read_only = True read_only = True
if read_only: if read_only:
submitted = False submitted = False

View File

@ -237,7 +237,7 @@ def module_tag_set(context, module_id="", taglist=[], REQUEST=None):
authuser = REQUEST.AUTHENTICATED_USER authuser = REQUEST.AUTHENTICATED_USER
tag_editable = authuser.has_permission( tag_editable = authuser.has_permission(
ScoEditFormationTags, context ScoEditFormationTags, context
) or authuser.has_permission(Permission.ScoChangeFormation, context) ) or authuser.has_permission(Permission.ScoChangeFormation)
if not tag_editable: if not tag_editable:
raise AccessDenied("Modification des tags impossible pour %s" % authuser) raise AccessDenied("Modification des tags impossible pour %s" % authuser)
# #

View File

@ -81,7 +81,7 @@ def external_ue_create(
sem = sco_formsemestre.get_formsemestre(context, formsemestre_id) sem = sco_formsemestre.get_formsemestre(context, formsemestre_id)
# Contrôle d'accès: # Contrôle d'accès:
authuser = REQUEST.AUTHENTICATED_USER authuser = REQUEST.AUTHENTICATED_USER
if not authuser.has_permission(Permission.ScoImplement, context): if not authuser.has_permission(Permission.ScoImplement):
if not sem["resp_can_edit"] or str(authuser) not in sem["responsables"]: if not sem["resp_can_edit"] or str(authuser) not in sem["responsables"]:
raise AccessDenied("vous n'avez pas le droit d'effectuer cette opération") raise AccessDenied("vous n'avez pas le droit d'effectuer cette opération")
# #
@ -210,7 +210,7 @@ def external_ue_create_form(context, formsemestre_id, etudid, REQUEST=None):
sem = sco_formsemestre.get_formsemestre(context, formsemestre_id) sem = sco_formsemestre.get_formsemestre(context, formsemestre_id)
# Contrôle d'accès: # Contrôle d'accès:
authuser = REQUEST.AUTHENTICATED_USER authuser = REQUEST.AUTHENTICATED_USER
if not authuser.has_permission(Permission.ScoImplement, context): if not authuser.has_permission(Permission.ScoImplement):
if not sem["resp_can_edit"] or str(authuser) not in sem["responsables"]: if not sem["resp_can_edit"] or str(authuser) not in sem["responsables"]:
raise AccessDenied("vous n'avez pas le droit d'effectuer cette opération") raise AccessDenied("vous n'avez pas le droit d'effectuer cette opération")

View File

@ -330,7 +330,7 @@ def get_dept_id():
def get_db_cnx_string(): def get_db_cnx_string():
return "SCO" + g.scodoc_dept return "dbname=SCO" + g.scodoc_dept
def ScoURL(): def ScoURL():