Modification authentification ScoDoc7 API POST

app/decorators.py

@@ -52,7 +52,10 @@ def scodoc(func):
     def scodoc_function(*args, **kwargs):
         # interdit les POST si pas loggué
         if request.method == "POST" and not current_user.is_authenticated:
-            current_app.logger.info("POST by non authenticated user")
+            current_app.logger.info(
+                "POST by non authenticated user (request.form=%s)",
+                str(request.form)[:2048],
+            )
             return redirect(
                 url_for(
                     "auth.login",

app/views/absences.py

@@ -1047,8 +1047,8 @@ def EtatAbsencesDate(group_ids=[], date=None):  # list of groups to display
 
 # ----- Gestion des "billets d'absence": signalement par les etudiants eux mêmes (à travers le portail)
 @bp.route("/AddBilletAbsence", methods=["GET", "POST"])  # API ScoDoc 7 compat
-@scodoc
 @permission_required_compat_scodoc7(Permission.ScoAbsAddBillet)
+@scodoc
 @scodoc7func
 def AddBilletAbsence(
     begin,
@@ -1105,7 +1105,7 @@ def AddBilletAbsence(
         return billet_id
 
 
-@bp.route("/AddBilletAbsenceForm")
+@bp.route("/AddBilletAbsenceForm", methods=["GET", "POST"])
 @scodoc
 @permission_required(Permission.ScoAbsAddBillet)
 @scodoc7func
@@ -1238,8 +1238,8 @@ def listeBilletsEtud(etudid=False, format="html"):
 @bp.route(
     "/XMLgetBilletsEtud", methods=["GET", "POST"]
 )  # pour compat anciens clients PHP
-@scodoc
 @permission_required_compat_scodoc7(Permission.ScoView)
+@scodoc
 @scodoc7func
 def XMLgetBilletsEtud(etudid=False):
     """Liste billets pour un etudiant"""
@@ -1464,8 +1464,8 @@ def ProcessBilletAbsenceForm(billet_id):
 
 
 # @bp.route("/essai_api7")
-# @scodoc
 # @permission_required_compat_scodoc7(Permission.ScoView)
+# @scodoc
 # @scodoc7func
 # def essai_api7(x="xxx"):
 #     "un essai"
@@ -1474,8 +1474,8 @@ def ProcessBilletAbsenceForm(billet_id):
 
 
 @bp.route("/XMLgetAbsEtud", methods=["GET", "POST"])  # pour compat anciens clients PHP
-@scodoc
 @permission_required_compat_scodoc7(Permission.ScoView)
+@scodoc
 @scodoc7func
 def XMLgetAbsEtud(beg_date="", end_date=""):
     """returns list of absences in date interval"""

app/views/notes.py

@@ -266,8 +266,8 @@ sco_publish(
 @bp.route(
     "formsemestre_bulletinetud", methods=["GET", "POST"]
 )  # POST pour compat anciens clients PHP (deprecated)
-@scodoc
 @permission_required_compat_scodoc7(Permission.ScoView)
+@scodoc
 @scodoc7func
 def formsemestre_bulletinetud(
     etudid=None,
@@ -642,8 +642,8 @@ sco_publish("/ue_move", sco_edit_formation.ue_move, Permission.ScoChangeFormatio
 @bp.route(
     "/formsemestre_list", methods=["GET", "POST"]
 )  # pour compat anciens clients PHP
-@scodoc
 @permission_required_compat_scodoc7(Permission.ScoView)
+@scodoc
 @scodoc7func
 def formsemestre_list(
     format="json",
@@ -669,8 +669,8 @@ def formsemestre_list(
 @bp.route(
     "/XMLgetFormsemestres", methods=["GET", "POST"]
 )  # pour compat anciens clients PHP
-@scodoc
 @permission_required_compat_scodoc7(Permission.ScoView)
+@scodoc
 @scodoc7func
 def XMLgetFormsemestres(etape_apo=None, formsemestre_id=None):
     """List all formsemestres matching etape, XML format

app/views/scolar.py

@@ -358,8 +358,8 @@ def search_etud_by_name():
 @bp.route(
     "/Notes/XMLgetEtudInfos", methods=["GET", "POST"]
 )  # pour compat anciens clients PHP
-@scodoc
 @permission_required_compat_scodoc7(Permission.ScoView)
+@scodoc
 @scodoc7func
 def etud_info(etudid=None, format="xml"):
     "Donne les informations sur un etudiant"